On Sat, 9 Sep 2023 08:20:34 +0200, Bjorn Ketelaars <b...@openbsd.org> wrote:
> On Fri 08/09/2023 22:30, Daniel Jakots wrote: > > On Fri, 8 Sep 2023 16:04:19 +0200, Bjorn Ketelaars > > <b...@openbsd.org> wrote: > > > > > It probably makes sense to remove the 1.1 branch of borgbackup as > > > upstream considers it EOL [0]. As a result, a recent security fix > > > (CVE-2023-36811) has not been made available for 1.1.x. > > > The 1.2 branch, which we have in ports, is actively maintained, > > > and upgrading from 1.1.x to 1.2.x is possible [1]. > > > > Thanks for raising this issue! > > > > > Diff below removes the 1.1 branch and adds @pkgpath markers to the > > > PLIST of 1.2. With this I'm able to 'pkg_add -u' cleanly from > > > borgbackup-1.1.18 to borgbackup-1.2.6. > > > > Is that the right thing to do though? Checking the upgrade notes, > > there's a couple of commands to run, and things to check. > > > > I'm afraid if we provide an update path to borgbackup-1.2, people > > will not notice the silent upgrade, and their backups may > > consequently be broken. > > Not a big issue since I'm sure everyone does monthly 'restore > > attempt' to ensure the backup validity, right (: > > > > Either way, adding a current.html entry with the upgrade notes > > would be quite useful I think. (At least, I appreciated having them > > in your email!) > > An addition to current.html makes sense. Do you think the bit below > suffices? sure, ok danj@ > Index: current.html > =================================================================== > RCS file: /cvs/www/faq/current.html,v > retrieving revision 1.1108 > diff -u -p -r1.1108 current.html > --- current.html 9 Sep 2023 05:47:12 -0000 1.1108 > +++ current.html 9 Sep 2023 06:18:08 -0000 > @@ -175,6 +175,20 @@ please do the following BEFORE starting > </pre></blockquote> > > > +<h3 id="r20230909">2023/09/09 - [packages] sysutils/borgbackup/1.1 > removal</h3> + > +<p> > +The 1.1 branch of <tt>borgbackup</tt> is end-of-life, and has been > removed from +ports. Upgrading packages using <tt>pkg_add -u</tt> > will result in +<tt>borgbackup-1.1.8</tt> to be replaced by a release > from the 1.2 branch, which +at this time is <tt>borgbackup-1.2.6</tt>. > + > +<p> > +Before upgrading it is recommended to follow the <a > +href="https://github.com/borgbackup/borg/blob/1.2.6/docs/changes.rst#upgrade-notes";>upgrade > +notes</a>. > + > + > <!-- > Two blank lines before new sections. > New sentences start on new lines.
