tech-pkg: Re: Package install problem (via FTP), NetBSD 1.5

Subject: Re: Package install problem (via FTP), NetBSD 1.5
To: Hubert Feyrer <hubert@feyrer.de>
From: Alistair Crooks <AlistairCrooks@excite.com>
List: tech-pkg
Date: 12/21/2000 02:27:04

On Wed, 20 Dec 2000 21:08:52 +0100 (MET), Hubert Feyrer wrote:

>  On Wed, 20 Dec 2000, Alistair Crooks wrote:
>  > Bumping it now would give us support for IPv6 (albeit through Luke's
ftp
>  > client), and include a buffer overflow bug fix, as well as the timeout
fixes
>  > which seem to have been made to the pkg_install package today.
>  > 
>  > I can see no reason to keep the required version down level.
>  
>  I don't think we should force the majority of pkgsrc users to upgrade
>  their tools just because we fixed a feature that a minority of them will
>  use. About the IPv6 and buffer overflow, that's not related AT ALL to
this
>  topic, as it's not part of the pkg_install package.
>  
>  But if you think it's bearable to force all our users to upgrade their
>  tools... sure, go ahead.
>  
>  
>   - Hubert
>  
>  
>  -- 
>  Hubert Feyrer <hubert@feyrer.de>
>  

Thanks, but it's not your call.

It's not really a question of forcing numerous people to upgrade, it's more
an issue about providing the correct tools to do the job.

Let's face it, we update packages within pkgsrc all the time. Some of these
are bug fixes, some introduce new functionality. Just because, in this case,
you don't think there's any new functionality, it doesn't mean to say that
we should prevent people from upgrading their package tools so that teTeX
can be installed correctly, for example.

The buffer overflow has everything to do with this package:

commit log from pkgsrc/pkgtools/Makefile

revision 1.33
date: 2000/07/24 21:20:23;  author: dmcmahill;  state: Exp;  lines: +2 -2
update to 20000724

This includes a buffer overflow bug fix in pkg_add which was causing pkg_add
to segfault on teTeX on pmax.  The bug was present on all ports though.  As
far as I can tell this was a non-exploitable overflow.

Anyway, as 1.5 is now out, we should try to get people to use better tools,
and now is as good a time as any.

Regards,
Alistair

--
Alistair Crooks (agc@pkgsrc.org)

_______________________________________________________
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/