Re: pkg/59417: Multiple Security Issues in Screen

[Taylor R Campbell <riastradh%NetBSD.org@localhost>]

> Date: Fri, 16 May 2025 16:24:18 +0100
> From: Jonathan Perkin <jperkin%pkgsrc.org@localhost>
> 
> * On 2025-05-16 at 16:05 BST, Taylor R Campbell wrote:
> 
> >I suggest we delete misc/screen altogether (add misc/screen5 if anyone
> >really wants it, which I doubt), and have misc/screen4 install a
> >package named screen4 with
> >
> >SUPERSEDES+=	screen-[0-9]*
> >
> >so that users who had gotten screen-5.* under the misapprehension it
> >is a normal update over screen-4.* will have a chance to restore
> >sanity (except for the part where pkgin SUPERSEDES processing is
> >broken, sigh, but once it is fixed...).
> 
> I'd rather misc/screen was restored to 4.x, 5.x moved to misc/screen5, 
> and then perhaps in the future when 5.x is actually an improvement over 
> 4.x it can just be updated normally.  All this PKGPATH messing around 
> just breaks binary package upgrades.

OK, how about:

misc/screen has PKGNAME screen4-..., SUPERSEDES+= screen-[0-9]*
misc/screen5 (if anyone wants it) has PKGNAME screen5-...

This way:

1. Anyone who installs path `misc/screen' (e.g., with pkg_chk or
   whatever) gets screen 4.x.

2. Anyone who had `screen' installed as a binary package in 2024Q4 or
   earlier gets it updated to screen 4.x on transition to 2025Q1.

3. Anyone who had `screen' installed as a binary package in 2024Q4 or
   earlier _and already updated to 2025Q1_, so they inadvertently had
   screen 5.x inflicted on them, will _also_ get `updated' back to
   screen 4.x.

4. Those who want screen 5 can install PKGPATH misc/screen5 or PKGNAME
   screen5-*.

> That said, I have some incoming fixes for pkgin SUPERSEDES support that 
> are able to handle the php renames, and would likely handle this too.

Great!