On Fri 20/11/2020 06:56, Bjorn Ketelaars wrote:
> I would like to backport the recent rclone update to 6.8.
>
> Why? It fixes CVE-2020-28924: Some passwords generated with rclone
> config may be insecure. In particular if you used the 'g' generate
> option with rclone v1.49 - v1.53.2 then your password will based on the
> second it was generated in. This means that there are fixed number of
> passwords in that period.
>
> Diff below includes a cve entry for quirks.
>
> OK?
Oops...previous diff contained an omission in the quirks entry. New
diff:
Index: sysutils/rclone/Makefile
===================================================================
RCS file: /cvs/ports/sysutils/rclone/Makefile,v
retrieving revision 1.17
diff -u -p -r1.17 Makefile
--- sysutils/rclone/Makefile 8 Aug 2020 16:41:13 -0000 1.17
+++ sysutils/rclone/Makefile 20 Nov 2020 06:01:17 -0000
@@ -2,7 +2,7 @@
COMMENT = rsync for cloud storage
-V = 1.52.3
+V = 1.53.3
DISTNAME = rclone-v${V}
PKGNAME = rclone-${V}
@@ -18,15 +18,21 @@ PERMIT_PACKAGE = Yes
WANTLIB += c pthread
MASTER_SITES = https://downloads.rclone.org/v${V}/
+DISTFILES = ${DISTNAME}${EXTRACT_SUFX} \
+ ${DISTNAME}-vendor${EXTRACT_SUFX}
MODULES = lang/go
MODGO_TYPE = bin
ALL_TARGET = github.com/rclone/rclone
+post-extract:
+ mv ${WRKDIR}/vendor ${WRKDIST}
+
post-build:
.for s in bash zsh
- cd ${MODGO_WORKSPACE}/bin && ./rclone genautocomplete $s rclone.$s
+ cd ${MODGO_WORKSPACE}/bin && \
+ HOME=${WRKSRC} ./rclone genautocomplete $s rclone.$s
.endfor
do-install:
Index: sysutils/rclone/distinfo
===================================================================
RCS file: /cvs/ports/sysutils/rclone/distinfo,v
retrieving revision 1.14
diff -u -p -r1.14 distinfo
--- sysutils/rclone/distinfo 8 Aug 2020 16:41:13 -0000 1.14
+++ sysutils/rclone/distinfo 20 Nov 2020 06:01:17 -0000
@@ -1,2 +1,4 @@
-SHA256 (rclone-v1.52.3.tar.gz) = 9IOeAVPu5UYV26N2qFvpQ60EBTAMPupdXgKywn7XsN0=
-SIZE (rclone-v1.52.3.tar.gz) = 19431808
+SHA256 (rclone-v1.53.3-vendor.tar.gz) =
21jG7eFRsD3xrEPZhJsy9afrf5rKp7MBfY4A7ZrgBJY=
+SHA256 (rclone-v1.53.3.tar.gz) = 8eITvG+3xG+aTMhgSuCFZxhDS9r+B/o85EmumlEKV2M=
+SIZE (rclone-v1.53.3-vendor.tar.gz) = 5723994
+SIZE (rclone-v1.53.3.tar.gz) = 14683066
Index: devel/quirks/Makefile
===================================================================
RCS file: /cvs/ports/devel/quirks/Makefile,v
retrieving revision 1.1047
diff -u -p -r1.1047 Makefile
--- devel/quirks/Makefile 25 Sep 2020 21:40:55 -0000 1.1047
+++ devel/quirks/Makefile 20 Nov 2020 06:01:17 -0000
@@ -5,7 +5,7 @@ CATEGORIES = devel databases
DISTFILES =
# API.rev
-PKGNAME = quirks-3.439
+PKGNAME = quirks-3.440
PKG_ARCH = *
MAINTAINER = Marc Espie <es...@openbsd.org>
Index: devel/quirks/files/Quirks.pm
===================================================================
RCS file: /cvs/ports/devel/quirks/files/Quirks.pm,v
retrieving revision 1.1065
diff -u -p -r1.1065 Quirks.pm
--- devel/quirks/files/Quirks.pm 25 Sep 2020 21:40:55 -0000 1.1065
+++ devel/quirks/files/Quirks.pm 20 Nov 2020 06:01:17 -0000
@@ -2047,6 +2047,7 @@ my $cve = {
'shells/bash' => 'bash-<4.3.27',
'sysutils/ansible,-main' => 'ansible-<2.7.1',
'sysutils/mcollective' => 'mcollective-<2.5.3',
+ 'sysutils/rclone' => 'rclone-<1.53.3',
'sysutils/salt' => 'salt-<2018.3.3p2',
'telephony/asterisk,-main' => 'asterisk-<13.23.1',
'telephony/coturn' => 'turnserver-<4.5.1.2',
