From owner-freebsd-ports@freebsd.org Thu Jul 13 10:47:39 2017 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1C48CD9E8A8 for ; Thu, 13 Jul 2017 10:47:39 +0000 (UTC) (envelope-from xavi.garcia@gmail.com) Received: from mail-oi0-x234.google.com (mail-oi0-x234.google.com [IPv6:2607:f8b0:4003:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D770E72C51 for ; Thu, 13 Jul 2017 10:47:38 +0000 (UTC) (envelope-from xavi.garcia@gmail.com) Received: by mail-oi0-x234.google.com with SMTP id p188so42520854oia.0 for ; Thu, 13 Jul 2017 03:47:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=EGsHUNNntcZKsAr3g0chUd3fgu3OlYZlf00+RABCnxY=; b=aIyxDkuJH11cAcRXpyjgxVHBzyA9e8oYS0BYfwTRLXp4yP4NW0CK9KIZpz0iMNzaJj BPWj8hriRve22GVvsDT7fXRAQMX486Knl7p3UFgQVUfe2SWsLZWOuKzlDLygT8DXZjJ3 8Dv8tzleNeukAcQLXG6t/+upEmcRHHq2mXpjndekjPCYaKeZWmLYAYnWDR2+cmo/h0Fp eUJtR/4YRUPr8+aJeOZrqXsfdn/BDVnpBCNE+jC/bXeKWZw1Y9RXKJehsT/tJz03SYG5 IiBVih8AXzBXToKM6N68smNS8kFV2xDE1YLWbPxaBo33o5XcMl5fY3987R1Lm2sqclNo 253w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=EGsHUNNntcZKsAr3g0chUd3fgu3OlYZlf00+RABCnxY=; b=sg3OWJBL+QWpGnzc7SS9FaWOKiOD3GwNzSsKHBoknez9b03/dAwChlGvBBo6vKZWbN J+rITkwa4rwiYuBoQUmrXn1IXJiyOPrqXckWUQwllwTEPRaoMZp9OTmQ9kHw8Afu3RIf rF9hlSfuW6TyG648F1J70XPHbn1D5gRLVDlDu9VN9jh4qjEteVoh22482GASF/IXw73E c1RGSm9p3X7SZkedU1whrIlkqufV8z567KZQwwOpFWczsd+9bOuN44zDOzpAGiSeV5Qo ngGhJ7WM/dwpd+kxyQkBNodi6bgIezXKWhPBHq6totKMnVbvBKVX56HM76YqPKW5QEkr IkAA== X-Gm-Message-State: AIVw110Yc1ybEHqjGSbkkmIL6TWeggGg92Ep5nwVACuBnofMjSpEFaPJ RDb+WnZYm3Gd+WKY92GwfuwJq1dHrg5Si80= X-Received: by 10.202.62.6 with SMTP id l6mr1689893oia.118.1499942857809; Thu, 13 Jul 2017 03:47:37 -0700 (PDT) MIME-Version: 1.0 Received: by 10.74.171.68 with HTTP; Thu, 13 Jul 2017 03:47:37 -0700 (PDT) From: Xavi Garcia Date: Thu, 13 Jul 2017 12:47:37 +0200 Message-ID: Subject: textproc/jq and oniguruma5 To: freebsd-ports@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Jul 2017 10:47:39 -0000 Dear all, jq depends on oniguruma5 but this library has quite a few vulnerabilities and it doesn't seem to be maintained. https://vuxml.freebsd.org/freebsd/b396cf6c-62e6-11e7-9def-b499baebfeaf.html Would it be possible to change the dependencies in textproc/jq from devel/oniguruma5 to devel/oniguruma6? There's already a bug report but no action has been taken yet. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220586 Kind regards, Xavier Garcia