Bug 276515 - net/rclone: update to 1.65.1
Summary: net/rclone: update to 1.65.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Fernando Apesteguía
URL: https://rclone.org/changelog/#v1-65-1...
Keywords: security
Depends on:
Blocks:
 
Reported: 2024-01-22 09:08 UTC by Ralf van der Enden
Modified: 2024-01-26 17:19 UTC (History)
2 users (show)

See Also:
fernape: merge-quarterly+

Attachments
Update rclone to 1.65.1 (1.57 KB, patch)
2024-01-22 09:16 UTC, Ralf van der Enden 		tremere: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ralf van der Enden 2024-01-22 09:08:43 UTC 

    


    


      



        
          Comment 1
        

        
          Ralf van der Enden

        

        
        

        
          2024-01-22 09:16:00 UTC
        

      






Created attachment 247836 [details]
Update rclone to 1.65.1


Q&A:
poudriere: builds ok (14.0-RELEASE; amd64)
Makefile processed by portclippy/fmt

    


    


      



        
          Comment 2
        

        
          Fernando Apesteguía

        

        
            freebsd_committer
            freebsd_triage
        

        
          2024-01-23 08:03:58 UTC
        

      






Fixes CVE-2023-48795 and CVE-2023-45286.

Note to self: add VuXML entries.

    


    


      



        
          Comment 3
        

        
          commit-hook

        

        
            freebsd_committer
            freebsd_triage
        

        
          2024-01-26 13:54:42 UTC
        

      






A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0401fcc4c430bef1acbcb79e25508e068394c32b

commit 0401fcc4c430bef1acbcb79e25508e068394c32b
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2024-01-26 13:50:37 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-01-26 13:53:08 +0000

    security/vuxml: document rclone vulnerabilities

    CVE-2023-48795: Base Score:  5.9 MEDIUM
                    Vector:  CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

    CVE-2023-45286: Base Score:  5.9 MEDIUM
                    Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

    PR:     276515

 security/vuxml/vuln/2024.xml | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

    


    


      



        
          Comment 4
        

        
          commit-hook

        

        
            freebsd_committer
            freebsd_triage
        

        
          2024-01-26 17:16:05 UTC
        

      






A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=026c0699e6eddb09426601dd9cd453162593c4e3

commit 026c0699e6eddb09426601dd9cd453162593c4e3
Author:     Ralf van der Enden <tremere@cainites.net>
AuthorDate: 2024-01-23 08:10:42 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-01-26 17:14:43 +0000

    net/rclone: update to 1.65.1

    ChangeLog: https://rclone.org/changelog/#v1-65-1-2024-01-08

    Fixes two security issues.

    CVE-2023-48795: Base Score:  5.9 MEDIUM
                    Vector:  CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

    CVE-2023-45286: Base Score:  5.9 MEDIUM
                    Vector:  CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

    PR:             276515
    Reported by:    tremere@cainites.net (maintainer)
    MFH:            2024Q1 (security fixes)
    Security:       CVE-2023-48795 CVE-2023-45286

 net/rclone/Makefile |  3 +--
 net/rclone/distinfo | 10 +++++-----
 2 files changed, 6 insertions(+), 7 deletions(-)

    


    


      



        
          Comment 5
        

        
          Fernando Apesteguía

        

        
            freebsd_committer
            freebsd_triage
        

        
          2024-01-26 17:18:55 UTC
        

      






Committed and merged to 2024Q1,

Thanks!

    


    


      



        
          Comment 6
        

        
          commit-hook

        

        
            freebsd_committer
            freebsd_triage
        

        
          2024-01-26 17:19:07 UTC
        

      






A commit in branch 2024Q1 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=8c2ce6213f7a672531376d7ad25ad301f885378e

commit 8c2ce6213f7a672531376d7ad25ad301f885378e
Author:     Ralf van der Enden <tremere@cainites.net>
AuthorDate: 2024-01-23 08:10:42 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-01-26 17:17:42 +0000

    net/rclone: update to 1.65.1

    ChangeLog: https://rclone.org/changelog/#v1-65-1-2024-01-08

    Fixes two security issues.

    CVE-2023-48795: Base Score:  5.9 MEDIUM
                    Vector:  CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

    CVE-2023-45286: Base Score:  5.9 MEDIUM
                    Vector:  CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

    PR:             276515
    Reported by:    tremere@cainites.net (maintainer)
    MFH:            2024Q1 (security fixes)
    Security:       CVE-2023-48795 CVE-2023-45286

    (cherry picked from commit 026c0699e6eddb09426601dd9cd453162593c4e3)

 net/rclone/Makefile |  3 +--
 net/rclone/distinfo | 10 +++++-----
 2 files changed, 6 insertions(+), 7 deletions(-)