On Dec 17, 2025, at 5:46AM, Anthony J. Bentley <bentley@openbsd.org> wrote:
> 
> Hi,
> 
> Vineflower is a modern general purpose Java & JVM language decompiler
> focused on providing the best quality, speed, and usability.
> 
> Vineflower's features include:
> 
> - Java 21+ support, including records, sealed classes, switch expressions,
>  pattern matching, and more
> - Clean code generation and output, with automatic output formatting
> - Multithreaded decompilation
> 
> Vineflower can be used from the command line or as a library.
> 
> 
> ok?

I'm not sure a decompiler should be in the security category.
Some in tree have security others dont. devel seems right.

I'd suggest the following changes. For the script you want
to quote the "$@" to pass them along as received and you might
as well exec java.

ok kurt@ with those adjustments.

--- Makefile.orig	Mon Dec 22 16:54:33 2025
+++ Makefile	Mon Dec 22 17:13:32 2025
@@ -3,7 +3,7 @@
 V =		1.11.2
 DISTNAME =	vineflower-$V
 
-CATEGORIES =	devel security
+CATEGORIES =	devel
 
 HOMEPAGE =	https://vineflower.org/
 
@@ -12,8 +12,7 @@
 
 SITES =		https://github.com/Vineflower/vineflower/releases/download/$V/
 
-DISTFILES =	${DISTNAME}.jar
-
+EXTRACT_SUFX =	.jar
 EXTRACT_ONLY =
 
 MODULES =	java
--- files/vineflower.orig	Mon Dec 22 17:03:23 2025
+++ files/vineflower	Mon Dec 22 17:04:03 2025
@@ -1,2 +1,3 @@
 #!/bin/sh
-`javaPathHelper -c vineflower` -jar ${TRUEPREFIX}/share/vineflower/vineflower.jar $@
+JAVACMD=$(javaPathHelper -c vineflower)
+exec ${JAVACMD} -jar ${TRUEPREFIX}/share/vineflower/vineflower.jar "$@"