backport sysutils/rclone update

Bjorn Ketelaars Thu, 19 Nov 2020 21:56:45 -0800

I would like to backport the recent rclone update to 6.8.

Why? It fixes CVE-2020-28924: Some passwords generated with rclone
config may be insecure. In particular if you used the 'g' generate
option with rclone v1.49 - v1.53.2 then your password will based on the
second it was generated in. This means that there are fixed number of
passwords in that period.


Diff below includes a cve entry for quirks.

OK?


Index: sysutils/rclone/Makefile
===================================================================
RCS file: /cvs/ports/sysutils/rclone/Makefile,v
retrieving revision 1.17
diff -u -p -r1.17 Makefile
--- sysutils/rclone/Makefile    8 Aug 2020 16:41:13 -0000       1.17
+++ sysutils/rclone/Makefile    20 Nov 2020 05:55:08 -0000
@@ -2,7 +2,7 @@
 
 COMMENT =      rsync for cloud storage
 
-V =            1.52.3
+V =            1.53.3
 DISTNAME =     rclone-v${V}
 PKGNAME =      rclone-${V}
 
@@ -18,15 +18,21 @@ PERMIT_PACKAGE = Yes
 WANTLIB += c pthread
 
 MASTER_SITES =  https://downloads.rclone.org/v${V}/
+DISTFILES =    ${DISTNAME}${EXTRACT_SUFX} \
+               ${DISTNAME}-vendor${EXTRACT_SUFX}
 
 MODULES =      lang/go
 MODGO_TYPE =   bin
 
 ALL_TARGET =   github.com/rclone/rclone
 
+post-extract:
+       mv ${WRKDIR}/vendor ${WRKDIST}
+
 post-build:
 .for s in bash zsh
-       cd ${MODGO_WORKSPACE}/bin && ./rclone genautocomplete $s rclone.$s
+       cd ${MODGO_WORKSPACE}/bin && \
+               HOME=${WRKSRC} ./rclone genautocomplete $s rclone.$s
 .endfor
 
 do-install:
Index: sysutils/rclone/distinfo
===================================================================
RCS file: /cvs/ports/sysutils/rclone/distinfo,v
retrieving revision 1.14
diff -u -p -r1.14 distinfo
--- sysutils/rclone/distinfo    8 Aug 2020 16:41:13 -0000       1.14
+++ sysutils/rclone/distinfo    20 Nov 2020 05:55:08 -0000
@@ -1,2 +1,4 @@
-SHA256 (rclone-v1.52.3.tar.gz) = 9IOeAVPu5UYV26N2qFvpQ60EBTAMPupdXgKywn7XsN0=
-SIZE (rclone-v1.52.3.tar.gz) = 19431808
+SHA256 (rclone-v1.53.3-vendor.tar.gz) = 
21jG7eFRsD3xrEPZhJsy9afrf5rKp7MBfY4A7ZrgBJY=
+SHA256 (rclone-v1.53.3.tar.gz) = 8eITvG+3xG+aTMhgSuCFZxhDS9r+B/o85EmumlEKV2M=
+SIZE (rclone-v1.53.3-vendor.tar.gz) = 5723994
+SIZE (rclone-v1.53.3.tar.gz) = 14683066
Index: devel/quirks/Makefile
===================================================================
RCS file: /cvs/ports/devel/quirks/Makefile,v
retrieving revision 1.1047
diff -u -p -r1.1047 Makefile
--- devel/quirks/Makefile       25 Sep 2020 21:40:55 -0000      1.1047
+++ devel/quirks/Makefile       20 Nov 2020 05:55:08 -0000
@@ -5,7 +5,7 @@ CATEGORIES =    devel databases
 DISTFILES =
 
 # API.rev
-PKGNAME =      quirks-3.439
+PKGNAME =      quirks-3.440
 PKG_ARCH =     *
 MAINTAINER =   Marc Espie <[email protected]>
 
Index: devel/quirks/files/Quirks.pm
===================================================================
RCS file: /cvs/ports/devel/quirks/files/Quirks.pm,v
retrieving revision 1.1065
diff -u -p -r1.1065 Quirks.pm
--- devel/quirks/files/Quirks.pm        25 Sep 2020 21:40:55 -0000      1.1065
+++ devel/quirks/files/Quirks.pm        20 Nov 2020 05:55:09 -0000
@@ -2047,6 +2047,7 @@ my $cve = {
        'shells/bash' => 'bash-<4.3.27',
        'sysutils/ansible,-main' => 'ansible-<2.7.1',
        'sysutils/mcollective' => 'mcollective-<2.5.3',
+       'sysutils/rclone' => 'rclone-1.53.3',
        'sysutils/salt' => 'salt-<2018.3.3p2',
        'telephony/asterisk,-main' => 'asterisk-<13.23.1',
        'telephony/coturn' => 'turnserver-<4.5.1.2',

backport sysutils/rclone update

Reply via email to