From owner-freebsd-ports@freebsd.org Thu Jul 13 10:53:01 2017 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A055ED9EBF1 for ; Thu, 13 Jul 2017 10:53:01 +0000 (UTC) (envelope-from lists@opsec.eu) Received: from home.opsec.eu (home.opsec.eu [IPv6:2001:14f8:200::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 666A373212 for ; Thu, 13 Jul 2017 10:53:01 +0000 (UTC) (envelope-from lists@opsec.eu) Received: from pi by home.opsec.eu with local (Exim 4.89 (FreeBSD)) (envelope-from ) id 1dVbjx-000HjX-Gm; Thu, 13 Jul 2017 12:53:01 +0200 Date: Thu, 13 Jul 2017 12:53:01 +0200 From: Kurt Jaeger To: Xavi Garcia Cc: freebsd-ports@freebsd.org Subject: Re: textproc/jq and oniguruma5 Message-ID: <20170713105301.GN65214@home.opsec.eu> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Jul 2017 10:53:01 -0000 Hi! > jq depends on oniguruma5 but this library has quite a few vulnerabilities > and it doesn't seem to be maintained. > > https://vuxml.freebsd.org/freebsd/b396cf6c-62e6-11e7-9def-b499baebfeaf.html > > > Would it be possible to change the dependencies in textproc/jq > from devel/oniguruma5 to devel/oniguruma6? > > There's already a bug report but no action has been taken yet. > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220586 Done. -- pi@opsec.eu +49 171 3101372 3 years to go !