Bug 220586 - textproc/jq: Dependency update: devel/oniguruma5 -> devel/oniguruma6
Summary: textproc/jq: Dependency update: devel/oniguruma5 -> devel/oniguruma6
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Kurt Jaeger
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2017-07-09 22:19 UTC by Yuri Victorovich
Modified: 2017-10-08 11:08 UTC (History)
5 users (show)

See Also:
koobs: merge-quarterly?


Attachments
patch (748 bytes, patch)
2017-07-09 22:19 UTC, Yuri Victorovich
no flags Details | Diff
patch (724 bytes, patch)
2017-07-09 22:20 UTC, Yuri Victorovich
yuri: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yuri Victorovich freebsd_committer 2017-07-09 22:19:14 UTC
Created attachment 184207 [details]
patch

devel/oniguruma5 suffered from security problems.
Comment 1 Yuri Victorovich freebsd_committer 2017-07-09 22:20:22 UTC
Created attachment 184208 [details]
patch
Comment 2 Kurt Jaeger freebsd_committer 2017-07-13 10:52:41 UTC
Committed, thanks!
Comment 3 commit-hook freebsd_committer 2017-07-13 10:52:46 UTC
A commit references this bug:

Author: pi
Date: Thu Jul 13 10:52:33 UTC 2017
New revision: 445643
URL: https://svnweb.freebsd.org/changeset/ports/445643

Log:
  textproc/jq: change dependency from oniguruma5 to oniguruma6

  PR:		220586
  Submitted by:	Yuri Victorovich <yuri@rawbw.com> (maintainer)

Changes:
  head/textproc/jq/Makefile
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2017-07-14 09:27:43 UTC
User requested [1] MFH. Given security context, re-opening

[1] https://lists.freebsd.org/pipermail/freebsd-ports/2017-July/109436.html
Comment 5 Michael Gmelin freebsd_committer 2017-08-03 15:27:46 UTC
(In reply to Kubilay Kocak from comment #4)

@pi: Should I MFH?
Comment 6 Kurt Jaeger freebsd_committer 2017-08-13 13:19:11 UTC
Yes, please MFH
Comment 7 Fred Condo 2017-09-13 21:16:35 UTC
Can this be merged into the quarterly ports? This is causing problems, for example, on FreeBSD systems with PHP at Digital Ocean. The cloud init scripts use jq to parse JSON configuration files, and requires oniguruma5. The php56-mbstring package requires oniguruma6. To make a long story short, this can result in the server coming up without any network configuration after a reboot.
Comment 8 Yuri Victorovich freebsd_committer 2017-09-13 23:13:46 UTC
It should be mer(In reply to Fred Condo from comment #7)

Agreed.
Comment 9 Michael Gmelin freebsd_committer 2017-09-13 23:33:01 UTC
Requested MFH from ports-secteam/portmgr (as I don't believe this is covered by any blanket approval).
Comment 10 Kurt Jaeger freebsd_committer 2017-10-08 11:08:39 UTC
A new quarterly has seen the light, so this is done.