Re: pkg/59417: Multiple Security Issues in Screen

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost,rbranco%suse.de@localhost
Subject: Re: pkg/59417: Multiple Security Issues in Screen
From: "Jonathan Perkin via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Fri, 16 May 2025 15:45:02 +0000 (UTC)

The following reply was made to PR pkg/59417; it has been noted by GNATS.

From: Jonathan Perkin <jperkin%pkgsrc.org@localhost>
To: Taylor R Campbell <riastradh%NetBSD.org@localhost>
Cc: Ricardo Branco <rbranco%suse.de@localhost>, gnats-bugs%NetBSD.org@localhost,
	pkgsrc-bugs%NetBSD.org@localhost
Subject: Re: pkg/59417: Multiple Security Issues in Screen
Date: Fri, 16 May 2025 16:42:25 +0100

 * On 2025-05-16 at 16:31 BST, Taylor R Campbell wrote:
 
 >> Date: Fri, 16 May 2025 16:24:18 +0100
 >> From: Jonathan Perkin <jperkin%pkgsrc.org@localhost>
 >>
 >> * On 2025-05-16 at 16:05 BST, Taylor R Campbell wrote:
 >>
 >> >I suggest we delete misc/screen altogether (add misc/screen5 if anyone
 >> >really wants it, which I doubt), and have misc/screen4 install a
 >> >package named screen4 with
 >> >
 >> >SUPERSEDES+=	screen-[0-9]*
 >> >
 >> >so that users who had gotten screen-5.* under the misapprehension it
 >> >is a normal update over screen-4.* will have a chance to restore
 >> >sanity (except for the part where pkgin SUPERSEDES processing is
 >> >broken, sigh, but once it is fixed...).
 >>
 >> I'd rather misc/screen was restored to 4.x, 5.x moved to misc/screen5,
 >> and then perhaps in the future when 5.x is actually an improvement over
 >> 4.x it can just be updated normally.  All this PKGPATH messing around
 >> just breaks binary package upgrades.
 >
 >OK, how about:
 >
 >misc/screen has PKGNAME screen4-..., SUPERSEDES+= screen-[0-9]*
 
 To achieve 1-4 below there's no need to do this, just revert misc/screen 
 back to 4.x.  Saves confusion and avoids the wart of it being called 
 screenN-* forever.
 
 >misc/screen5 (if anyone wants it) has PKGNAME screen5-...
 >
 >This way:
 >
 >1. Anyone who installs path `misc/screen' (e.g., with pkg_chk or
 >   whatever) gets screen 4.x.
 >
 >2. Anyone who had `screen' installed as a binary package in 2024Q4 or
 >   earlier gets it updated to screen 4.x on transition to 2025Q1.
 >
 >3. Anyone who had `screen' installed as a binary package in 2024Q4 or
 >   earlier _and already updated to 2025Q1_, so they inadvertently had
 >   screen 5.x inflicted on them, will _also_ get `updated' back to
 >   screen 4.x.
 >
 >4. Those who want screen 5 can install PKGPATH misc/screen5 or PKGNAME
 >   screen5-*.
 >
 >> That said, I have some incoming fixes for pkgin SUPERSEDES support that
 >> are able to handle the php renames, and would likely handle this too.
 >
 >Great!
 
 If you want to test this at all I've just pushed it to GitHub, though 
 will not cut a release for it until it has been thoroughly verified.
 
 -- 
 Jonathan Perkin                    pkgsrc.smartos.org
 Open Source Complete Cloud   www.tritondatacenter.com

Prev by Date: Re: pkg/59417: Multiple Security Issues in Screen
Next by Date: Re: pkg/59417: Multiple Security Issues in Screen
Previous by Thread: Re: pkg/59417: Multiple Security Issues in Screen
Next by Thread: Re: pkg/59417: Multiple Security Issues in Screen
Indexes:

Home | Main Index | Thread Index | Old Index