git: 60683a7bd522 - main - UPDATING: Chase sysutils/screen-4.9.0_3

From: Cy Schubert <cy_at_FreeBSD.org>
Date: Tue, 29 Mar 2022 15:43:17 UTC 
The branch main has been updated by cy:

URL: https://cgit.FreeBSD.org/ports/commit/?id=60683a7bd52258b3f5e7e6681fac62dd7c88763b

commit 60683a7bd52258b3f5e7e6681fac62dd7c88763b
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-03-29 15:35:38 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-03-29 15:41:57 +0000

    UPDATING: Chase sysutils/screen-4.9.0_3
    
    Describe user impact as a result of sysutils/screen-4.9.0_3 which removes
    setuid root by default, disabling multiuser feature. The option is
    appropriately called MULTUSER. Users may enable the multiuser feature
    in three ways, as discsussed by the update to UPDATING.
    
    PR:             262903
    Reported by:    david@isnic.is
---
 UPDATING | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/UPDATING b/UPDATING
index a082d4b0447f..96f53b6a6761 100644
--- a/UPDATING
+++ b/UPDATING
@@ -5,6 +5,25 @@ they are unavoidable.
 You should get into the habit of checking this file for changes each time
 you update your ports collection, before attempting any port upgrades.
 
+20220329:
+  AFFECTS: users of sysutils/screen
+  AUTHOR: cy@FreeBSD.org
+
+  As of sysutils/screen-4.9.0_3, the multiuser feature is not supported
+  by default. The multiuser feature requires setuid root to function.
+  This creates a security risk. Some Linux distributions have had
+  non-setuuid root screen for a dozen or more years. FreeBSD is following
+  suit. A new MULTIUSER option has been added to enable users to install
+  setuid root screen. The MULTIUSER option default is OFF.
+
+  Users who wish to use the multiuser feature may,
+
+  - Build screen using the MULTIUSER option, or
+  - Poudriere users can use poudriere-options to enable the MULTIUSER
+    option, or
+  - Users can chmod the setuid bit for ${LOCALBASE}/bin/screen-4.9.0,
+    making screen setuid root to enable the multiuser feature.
+  
 20220326:
   AFFECTS: users of misc/freebsd-doc-*
   AUTHOR: blackend@FreeBSD.org