On Fri 20/11/2020 06:56, Bjorn Ketelaars wrote: > I would like to backport the recent rclone update to 6.8. > > Why? It fixes CVE-2020-28924: Some passwords generated with rclone > config may be insecure. In particular if you used the 'g' generate > option with rclone v1.49 - v1.53.2 then your password will based on the > second it was generated in. This means that there are fixed number of > passwords in that period. > > Diff below includes a cve entry for quirks. > > OK?
Oops...previous diff contained an omission in the quirks entry. New diff: Index: sysutils/rclone/Makefile =================================================================== RCS file: /cvs/ports/sysutils/rclone/Makefile,v retrieving revision 1.17 diff -u -p -r1.17 Makefile --- sysutils/rclone/Makefile 8 Aug 2020 16:41:13 -0000 1.17 +++ sysutils/rclone/Makefile 20 Nov 2020 06:01:17 -0000 @@ -2,7 +2,7 @@ COMMENT = rsync for cloud storage -V = 1.52.3 +V = 1.53.3 DISTNAME = rclone-v${V} PKGNAME = rclone-${V} @@ -18,15 +18,21 @@ PERMIT_PACKAGE = Yes WANTLIB += c pthread MASTER_SITES = https://downloads.rclone.org/v${V}/ +DISTFILES = ${DISTNAME}${EXTRACT_SUFX} \ + ${DISTNAME}-vendor${EXTRACT_SUFX} MODULES = lang/go MODGO_TYPE = bin ALL_TARGET = github.com/rclone/rclone +post-extract: + mv ${WRKDIR}/vendor ${WRKDIST} + post-build: .for s in bash zsh - cd ${MODGO_WORKSPACE}/bin && ./rclone genautocomplete $s rclone.$s + cd ${MODGO_WORKSPACE}/bin && \ + HOME=${WRKSRC} ./rclone genautocomplete $s rclone.$s .endfor do-install: Index: sysutils/rclone/distinfo =================================================================== RCS file: /cvs/ports/sysutils/rclone/distinfo,v retrieving revision 1.14 diff -u -p -r1.14 distinfo --- sysutils/rclone/distinfo 8 Aug 2020 16:41:13 -0000 1.14 +++ sysutils/rclone/distinfo 20 Nov 2020 06:01:17 -0000 @@ -1,2 +1,4 @@ -SHA256 (rclone-v1.52.3.tar.gz) = 9IOeAVPu5UYV26N2qFvpQ60EBTAMPupdXgKywn7XsN0= -SIZE (rclone-v1.52.3.tar.gz) = 19431808 +SHA256 (rclone-v1.53.3-vendor.tar.gz) = 21jG7eFRsD3xrEPZhJsy9afrf5rKp7MBfY4A7ZrgBJY= +SHA256 (rclone-v1.53.3.tar.gz) = 8eITvG+3xG+aTMhgSuCFZxhDS9r+B/o85EmumlEKV2M= +SIZE (rclone-v1.53.3-vendor.tar.gz) = 5723994 +SIZE (rclone-v1.53.3.tar.gz) = 14683066 Index: devel/quirks/Makefile =================================================================== RCS file: /cvs/ports/devel/quirks/Makefile,v retrieving revision 1.1047 diff -u -p -r1.1047 Makefile --- devel/quirks/Makefile 25 Sep 2020 21:40:55 -0000 1.1047 +++ devel/quirks/Makefile 20 Nov 2020 06:01:17 -0000 @@ -5,7 +5,7 @@ CATEGORIES = devel databases DISTFILES = # API.rev -PKGNAME = quirks-3.439 +PKGNAME = quirks-3.440 PKG_ARCH = * MAINTAINER = Marc Espie <es...@openbsd.org> Index: devel/quirks/files/Quirks.pm =================================================================== RCS file: /cvs/ports/devel/quirks/files/Quirks.pm,v retrieving revision 1.1065 diff -u -p -r1.1065 Quirks.pm --- devel/quirks/files/Quirks.pm 25 Sep 2020 21:40:55 -0000 1.1065 +++ devel/quirks/files/Quirks.pm 20 Nov 2020 06:01:17 -0000 @@ -2047,6 +2047,7 @@ my $cve = { 'shells/bash' => 'bash-<4.3.27', 'sysutils/ansible,-main' => 'ansible-<2.7.1', 'sysutils/mcollective' => 'mcollective-<2.5.3', + 'sysutils/rclone' => 'rclone-<1.53.3', 'sysutils/salt' => 'salt-<2018.3.3p2', 'telephony/asterisk,-main' => 'asterisk-<13.23.1', 'telephony/coturn' => 'turnserver-<4.5.1.2',