From: Bjorn Ketelaars <bket@openbsd.org>
Subject: -stable UPDATE sysutils/rclone
To: ports@openbsd.org, tj@openbsd.org
Date: Fri, 8 Aug 2025 11:40:16 +0200

rclone-1.69.1, which we have in stable, has a couple of vulnerabilities:
CVE-2025-22869, CVE-2025-22870, CVE-2025-30204 and GHSA-vrw8-fxc6-2r93.

Prodded by tj@

Run tested on amd64 stable.

OK to commit this to -stable?


Index: Makefile
===================================================================
RCS file: /cvs/ports/sysutils/rclone/Makefile,v
diff -u -p -r1.57 Makefile
--- Makefile	15 Feb 2025 09:52:42 -0000	1.57
+++ Makefile	8 Aug 2025 09:25:51 -0000
@@ -1,6 +1,6 @@
 COMMENT =	rsync for cloud storage
 
-V =		1.69.1
+V =		1.70.3
 DISTNAME =	rclone-v${V}
 PKGNAME =	rclone-${V}
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/sysutils/rclone/distinfo,v
diff -u -p -r1.48 distinfo
--- distinfo	15 Feb 2025 09:52:42 -0000	1.48
+++ distinfo	8 Aug 2025 09:25:51 -0000
@@ -1,4 +1,4 @@
-SHA256 (rclone-v1.69.1-vendor.tar.gz) = EJ/F2aem2cXrVcBdlTvfrKRuzfm0z0nJ+i3ynEv1SDo=
-SHA256 (rclone-v1.69.1.tar.gz) = AuoPp1wIlbFBU6f697GhJzIkxHgube62CjZqSHhuByI=
-SIZE (rclone-v1.69.1-vendor.tar.gz) = 13831747
-SIZE (rclone-v1.69.1.tar.gz) = 16906745
+SHA256 (rclone-v1.70.3-vendor.tar.gz) = Wy6FOl7o4IOiO2nFvEAoESGPSoPkiU4mhytkW/0Jegs=
+SHA256 (rclone-v1.70.3.tar.gz) = 6TmfDpQLP3REoDIvNSRcLgIbnprwcJupKOguWPNcANg=
+SIZE (rclone-v1.70.3-vendor.tar.gz) = 14425038
+SIZE (rclone-v1.70.3.tar.gz) = 17167294