On Fri, 27 Nov 2020 16:00:54 +0100 Bjorn Ketelaars <b...@openbsd.org>:
> On Fri 20/11/2020 07:02, Bjorn Ketelaars wrote: > > On Fri 20/11/2020 06:56, Bjorn Ketelaars wrote: > > > I would like to backport the recent rclone update to 6.8. > > > > > > Why? It fixes CVE-2020-28924: Some passwords generated with rclone > > > config may be insecure. In particular if you used the 'g' generate > > > option with rclone v1.49 - v1.53.2 then your password will based on the > > > second it was generated in. This means that there are fixed number of > > > passwords in that period. > > > > > > Diff below includes a cve entry for quirks. > > > > > > OK? > > > > Oops...previous diff contained an omission in the quirks entry. New > > diff: > > Ping... > > Diff enclosed again. > > it fails to build on arm64 on 6.8-stable cd /build/tmp/pobj//rclone-1.53.3/go/bin && HOME=/build/tmp/pobj//rclone-1.53.3/go/src/github.com/rclone/rclone ./rclone genautocomplete bash rclone.bash SIGILL: illegal instruction PC=0xca0700 m=0 sigcode=1 instruction bytes: 0x0 0x6 0x38 0xd5 0xe0 0x7 0x0 0xf9 0xc0 0x3 0x5f 0xd6 0x0 0x0 0x0 0x0 goroutine 1 [running, locked to thread]: github.com/rclone/rclone/vendor/golang.org/x/sys/cpu.getisar0(0x20a7180) /build/tmp/pobj/rclone-1.53.3/go/src/github.com/rclone/rclone/vendor/golang.org/x/sys/cpu/cpu_arm64.s:13 fp=0x40003dfd40 sp=0x40003dfd40 pc=0xca0700 github.com/rclone/rclone/vendor/golang.org/x/sys/cpu.readARM64Registers() /build/tmp/pobj/rclone-1.53.3/go/src/github.com/rclone/rclone/vendor/golang.org/x/sys/cpu/cpu_arm64.go:36 +0x28 fp=0x40003dfd60 sp=0x40003dfd40 pc=0xca0448 github.com/rclone/rclone/vendor/golang.org/x/sys/cpu.init.0() /build/tmp/pobj/rclone-1.53.3/go/src/github.com/rclone/rclone/vendor/golang.org/x/sys/cpu/cpu_arm64.go:28 +0x18 fp=0x40003dfd70 sp=0x40003dfd60 pc=0xca0408 runtime.doInit(0x1fd45e0) /usr/local/go/src/runtime/proc.go:5625 +0x94 fp=0x40003dfdb0 sp=0x40003dfd70 pc=0x51e24 runtime.doInit(0x1fdc160) /usr/local/go/src/runtime/proc.go:5620 +0x50 fp=0x40003dfdf0 sp=0x40003dfdb0 pc=0x51de0 runtime.doInit(0x1fe5dc0) /usr/local/go/src/runtime/proc.go:5620 +0x50 fp=0x40003dfe30 sp=0x40003dfdf0 pc=0x51de0 runtime.doInit(0x1fe3320) /usr/local/go/src/runtime/proc.go:5620 +0x50 fp=0x40003dfe70 sp=0x40003dfe30 pc=0x51de0 runtime.doInit(0x1fe9f80) /usr/local/go/src/runtime/proc.go:5620 +0x50 fp=0x40003dfeb0 sp=0x40003dfe70 pc=0x51de0 runtime.doInit(0x1fe2de0) /usr/local/go/src/runtime/proc.go:5620 +0x50 fp=0x40003dfef0 sp=0x40003dfeb0 pc=0x51de0 runtime.doInit(0x1feb7e0) /usr/local/go/src/runtime/proc.go:5620 +0x50 fp=0x40003dff30 sp=0x40003dfef0 pc=0x51de0 runtime.doInit(0x1fd5ee0) /usr/local/go/src/runtime/proc.go:5620 +0x50 fp=0x40003dff70 sp=0x40003dff30 pc=0x51de0 runtime.main() /usr/local/go/src/runtime/proc.go:191 +0x1b0 fp=0x40003dffd0 sp=0x40003dff70 pc=0x45300 runtime.goexit() /usr/local/go/src/runtime/asm_arm64.s:1136 +0x4 fp=0x40003dffd0 sp=0x40003dffd0 pc=0x748a4 goroutine 9 [select]: github.com/rclone/rclone/vendor/go.opencensus.io/stats/view.(*worker).start(0x40000ef100) /build/tmp/pobj/rclone-1.53.3/go/src/github.com/rclone/rclone/vendor/go.opencensus.io/stats/view/worker.go:276 +0x9c created by github.com/rclone/rclone/vendor/go.opencensus.io/stats/view.init.0 /build/tmp/pobj/rclone-1.53.3/go/src/github.com/rclone/rclone/vendor/go.opencensus.io/stats/view/worker.go:34 +0x68 r0 0x1 r1 0x40003603a0 r2 0x40003dfd60 r3 0x100000000 r4 0xffa0c0 r5 0x0 r6 0x1292f91 r7 0x32 r8 0xf r9 0x1 r10 0x0 r11 0xd r12 0x1 r13 0x0 r14 0xff r15 0x0 r16 0x0 r17 0x16 r18 0x4a9270658 r19 0x8 r20 0x400025bdf0 r21 0x400025be50 r22 0x1f r23 0x0 r24 0x0 r25 0x0 r26 0x1fd4600 r27 0x20a66f4 r28 0x4000000180 r29 0x0 lr 0xca0448 sp 0x40003dfd40 pc 0xca0700 fault 0xca0700 *** Error 2 in . (Makefile:34 'post-build') *** Error 2 in . (/home/ports//infrastructure/mk/bsd.port.mk:2929 '/build/tmp/pobj//rclone-1.53.3/build-aarch64/.build_done': @cd /home/port...) *** Error 2 in /home/ports/sysutils/rclone (/home/ports//infrastructure/mk/bsd.port.mk:2584 'all': @lock=rclone-1.53.3; export _LOCKS_HELD=...)