Re: pkg/59417: Multiple Security Issues in Screen

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost,rbranco%suse.de@localhost
Subject: Re: pkg/59417: Multiple Security Issues in Screen
From: "Taylor R Campbell via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Fri, 16 May 2025 15:35:01 +0000 (UTC)

The following reply was made to PR pkg/59417; it has been noted by GNATS.

From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
To: Jonathan Perkin <jperkin%pkgsrc.org@localhost>
Cc: Ricardo Branco <rbranco%suse.de@localhost>, gnats-bugs%NetBSD.org@localhost, pkgsrc-bugs%NetBSD.org@localhost
Subject: Re: pkg/59417: Multiple Security Issues in Screen
Date: Fri, 16 May 2025 15:31:14 +0000

 > Date: Fri, 16 May 2025 16:24:18 +0100
 > From: Jonathan Perkin <jperkin%pkgsrc.org@localhost>
 > 
 > * On 2025-05-16 at 16:05 BST, Taylor R Campbell wrote:
 > 
 > >I suggest we delete misc/screen altogether (add misc/screen5 if anyone
 > >really wants it, which I doubt), and have misc/screen4 install a
 > >package named screen4 with
 > >
 > >SUPERSEDES+=	screen-[0-9]*
 > >
 > >so that users who had gotten screen-5.* under the misapprehension it
 > >is a normal update over screen-4.* will have a chance to restore
 > >sanity (except for the part where pkgin SUPERSEDES processing is
 > >broken, sigh, but once it is fixed...).
 > 
 > I'd rather misc/screen was restored to 4.x, 5.x moved to misc/screen5, 
 > and then perhaps in the future when 5.x is actually an improvement over 
 > 4.x it can just be updated normally.  All this PKGPATH messing around 
 > just breaks binary package upgrades.
 
 OK, how about:
 
 misc/screen has PKGNAME screen4-..., SUPERSEDES+= screen-[0-9]*
 misc/screen5 (if anyone wants it) has PKGNAME screen5-...
 
 This way:
 
 1. Anyone who installs path `misc/screen' (e.g., with pkg_chk or
    whatever) gets screen 4.x.
 
 2. Anyone who had `screen' installed as a binary package in 2024Q4 or
    earlier gets it updated to screen 4.x on transition to 2025Q1.
 
 3. Anyone who had `screen' installed as a binary package in 2024Q4 or
    earlier _and already updated to 2025Q1_, so they inadvertently had
    screen 5.x inflicted on them, will _also_ get `updated' back to
    screen 4.x.
 
 4. Those who want screen 5 can install PKGPATH misc/screen5 or PKGNAME
    screen5-*.
 
 > That said, I have some incoming fixes for pkgin SUPERSEDES support that 
 > are able to handle the php renames, and would likely handle this too.
 
 Great!

Prev by Date: Re: pkg/59417: Multiple Security Issues in Screen
Next by Date: Re: pkg/59417: Multiple Security Issues in Screen
Previous by Thread: Re: pkg/59417: Multiple Security Issues in Screen
Next by Thread: Re: pkg/59417: Multiple Security Issues in Screen
Indexes:

Home | Main Index | Thread Index | Old Index