On Fri, 27 Nov 2020 16:00:54 +0100
Bjorn Ketelaars <b...@openbsd.org>:
> On Fri 20/11/2020 07:02, Bjorn Ketelaars wrote:
> > On Fri 20/11/2020 06:56, Bjorn Ketelaars wrote:
> > > I would like to backport the recent rclone update to 6.8.
> > >
> > > Why? It fixes CVE-2020-28924: Some passwords generated with rclone
> > > config may be insecure. In particular if you used the 'g' generate
> > > option with rclone v1.49 - v1.53.2 then your password will based on the
> > > second it was generated in. This means that there are fixed number of
> > > passwords in that period.
> > >
> > > Diff below includes a cve entry for quirks.
> > >
> > > OK?
> >
> > Oops...previous diff contained an omission in the quirks entry. New
> > diff:
>
> Ping...
>
> Diff enclosed again.
>
>
it fails to build on arm64 on 6.8-stable
cd /build/tmp/pobj//rclone-1.53.3/go/bin &&
HOME=/build/tmp/pobj//rclone-1.53.3/go/src/github.com/rclone/rclone ./rclone
genautocomplete bash rclone.bash
SIGILL: illegal instruction
PC=0xca0700 m=0 sigcode=1
instruction bytes: 0x0 0x6 0x38 0xd5 0xe0 0x7 0x0 0xf9 0xc0 0x3 0x5f 0xd6 0x0
0x0 0x0 0x0
goroutine 1 [running, locked to thread]:
github.com/rclone/rclone/vendor/golang.org/x/sys/cpu.getisar0(0x20a7180)
/build/tmp/pobj/rclone-1.53.3/go/src/github.com/rclone/rclone/vendor/golang.org/x/sys/cpu/cpu_arm64.s:13
fp=0x40003dfd40 sp=0x40003dfd40 pc=0xca0700
github.com/rclone/rclone/vendor/golang.org/x/sys/cpu.readARM64Registers()
/build/tmp/pobj/rclone-1.53.3/go/src/github.com/rclone/rclone/vendor/golang.org/x/sys/cpu/cpu_arm64.go:36
+0x28 fp=0x40003dfd60 sp=0x40003dfd40 pc=0xca0448
github.com/rclone/rclone/vendor/golang.org/x/sys/cpu.init.0()
/build/tmp/pobj/rclone-1.53.3/go/src/github.com/rclone/rclone/vendor/golang.org/x/sys/cpu/cpu_arm64.go:28
+0x18 fp=0x40003dfd70 sp=0x40003dfd60 pc=0xca0408
runtime.doInit(0x1fd45e0)
/usr/local/go/src/runtime/proc.go:5625 +0x94 fp=0x40003dfdb0
sp=0x40003dfd70 pc=0x51e24
runtime.doInit(0x1fdc160)
/usr/local/go/src/runtime/proc.go:5620 +0x50 fp=0x40003dfdf0
sp=0x40003dfdb0 pc=0x51de0
runtime.doInit(0x1fe5dc0)
/usr/local/go/src/runtime/proc.go:5620 +0x50 fp=0x40003dfe30
sp=0x40003dfdf0 pc=0x51de0
runtime.doInit(0x1fe3320)
/usr/local/go/src/runtime/proc.go:5620 +0x50 fp=0x40003dfe70
sp=0x40003dfe30 pc=0x51de0
runtime.doInit(0x1fe9f80)
/usr/local/go/src/runtime/proc.go:5620 +0x50 fp=0x40003dfeb0
sp=0x40003dfe70 pc=0x51de0
runtime.doInit(0x1fe2de0)
/usr/local/go/src/runtime/proc.go:5620 +0x50 fp=0x40003dfef0
sp=0x40003dfeb0 pc=0x51de0
runtime.doInit(0x1feb7e0)
/usr/local/go/src/runtime/proc.go:5620 +0x50 fp=0x40003dff30
sp=0x40003dfef0 pc=0x51de0
runtime.doInit(0x1fd5ee0)
/usr/local/go/src/runtime/proc.go:5620 +0x50 fp=0x40003dff70
sp=0x40003dff30 pc=0x51de0
runtime.main()
/usr/local/go/src/runtime/proc.go:191 +0x1b0 fp=0x40003dffd0
sp=0x40003dff70 pc=0x45300
runtime.goexit()
/usr/local/go/src/runtime/asm_arm64.s:1136 +0x4 fp=0x40003dffd0
sp=0x40003dffd0 pc=0x748a4
goroutine 9 [select]:
github.com/rclone/rclone/vendor/go.opencensus.io/stats/view.(*worker).start(0x40000ef100)
/build/tmp/pobj/rclone-1.53.3/go/src/github.com/rclone/rclone/vendor/go.opencensus.io/stats/view/worker.go:276
+0x9c
created by github.com/rclone/rclone/vendor/go.opencensus.io/stats/view.init.0
/build/tmp/pobj/rclone-1.53.3/go/src/github.com/rclone/rclone/vendor/go.opencensus.io/stats/view/worker.go:34
+0x68
r0 0x1
r1 0x40003603a0
r2 0x40003dfd60
r3 0x100000000
r4 0xffa0c0
r5 0x0
r6 0x1292f91
r7 0x32
r8 0xf
r9 0x1
r10 0x0
r11 0xd
r12 0x1
r13 0x0
r14 0xff
r15 0x0
r16 0x0
r17 0x16
r18 0x4a9270658
r19 0x8
r20 0x400025bdf0
r21 0x400025be50
r22 0x1f
r23 0x0
r24 0x0
r25 0x0
r26 0x1fd4600
r27 0x20a66f4
r28 0x4000000180
r29 0x0
lr 0xca0448
sp 0x40003dfd40
pc 0xca0700
fault 0xca0700
*** Error 2 in . (Makefile:34 'post-build')
*** Error 2 in . (/home/ports//infrastructure/mk/bsd.port.mk:2929
'/build/tmp/pobj//rclone-1.53.3/build-aarch64/.build_done': @cd /home/port...)
*** Error 2 in /home/ports/sysutils/rclone
(/home/ports//infrastructure/mk/bsd.port.mk:2584 'all': @lock=rclone-1.53.3;
export _LOCKS_HELD=...)
