On Fri 08/09/2023 22:30, Daniel Jakots wrote: > On Fri, 8 Sep 2023 16:04:19 +0200, Bjorn Ketelaars <[email protected]> > wrote: > > > It probably makes sense to remove the 1.1 branch of borgbackup as > > upstream considers it EOL [0]. As a result, a recent security fix > > (CVE-2023-36811) has not been made available for 1.1.x. > > The 1.2 branch, which we have in ports, is actively maintained, and > > upgrading from 1.1.x to 1.2.x is possible [1]. > > Thanks for raising this issue! > > > Diff below removes the 1.1 branch and adds @pkgpath markers to the > > PLIST of 1.2. With this I'm able to 'pkg_add -u' cleanly from > > borgbackup-1.1.18 to borgbackup-1.2.6. > > Is that the right thing to do though? Checking the upgrade notes, > there's a couple of commands to run, and things to check. > > I'm afraid if we provide an update path to borgbackup-1.2, people will > not notice the silent upgrade, and their backups may consequently be > broken. > Not a big issue since I'm sure everyone does monthly 'restore attempt' > to ensure the backup validity, right (: > > Either way, adding a current.html entry with the upgrade notes would be > quite useful I think. (At least, I appreciated having them in your > email!)
An addition to current.html makes sense. Do you think the bit below suffices? Index: current.html =================================================================== RCS file: /cvs/www/faq/current.html,v retrieving revision 1.1108 diff -u -p -r1.1108 current.html --- current.html 9 Sep 2023 05:47:12 -0000 1.1108 +++ current.html 9 Sep 2023 06:18:08 -0000 @@ -175,6 +175,20 @@ please do the following BEFORE starting </pre></blockquote> +<h3 id="r20230909">2023/09/09 - [packages] sysutils/borgbackup/1.1 removal</h3> + +<p> +The 1.1 branch of <tt>borgbackup</tt> is end-of-life, and has been removed from +ports. Upgrading packages using <tt>pkg_add -u</tt> will result in +<tt>borgbackup-1.1.8</tt> to be replaced by a release from the 1.2 branch, which +at this time is <tt>borgbackup-1.2.6</tt>. + +<p> +Before upgrading it is recommended to follow the <a +href="https://github.com/borgbackup/borg/blob/1.2.6/docs/changes.rst#upgrade-notes";>upgrade +notes</a>. + + <!-- Two blank lines before new sections. New sentences start on new lines.
