On Fri 27/11/2020 21:56, Solene Rapenne wrote: > On Fri, 27 Nov 2020 16:00:54 +0100 > Bjorn Ketelaars <b...@openbsd.org>: > > > On Fri 20/11/2020 07:02, Bjorn Ketelaars wrote: > > > On Fri 20/11/2020 06:56, Bjorn Ketelaars wrote: > > > > I would like to backport the recent rclone update to 6.8. > > > > > > > > Why? It fixes CVE-2020-28924: Some passwords generated with rclone > > > > config may be insecure. In particular if you used the 'g' generate > > > > option with rclone v1.49 - v1.53.2 then your password will based on the > > > > second it was generated in. This means that there are fixed number of > > > > passwords in that period. > > > > > > > > Diff below includes a cve entry for quirks. > > > > > > > > OK? > > > > > > Oops...previous diff contained an omission in the quirks entry. New > > > diff: > > > > Ping... > > > > Diff enclosed again. > > > > > > it fails to build on arm64 on 6.8-stable
After a bit of investigating: Actually, it fails to run on both arm and arm64. From phessler@'s bulk reports I learned that rclone fails in the post-build phase for both arches, and it has done so for some time. In the post-build phase rclone tries to generate completions for bash and zsh, which fails with a SIGILL for arm64 and a SIGBUS for arm. For now I have marked rclone BROKEN for both arches in current. For arm64 the issue seems to have arisen when I updated rclone to 1.52.0 (Makefile r1.14, 2020/05/28). arm started failing when I updated rclone to 1.51.0 (Makefile r1.13, 2020/02/03). As a result there is no rclone package in 6.7- and 6.8-stable for arm, and no rclone package in 6.8-stable for arm64. The backport did not cause breakage as rclone was already broken. I will try to resolve the underlying issue so that we have a working rclone on current. However, this will take a bit of time as I have currently no access arm and arm64.
