[Buildroot] [git commit branch/2023.02.x] package/enlightenment: security bump to version 0.25.4
Peter Korsgaard
peter at korsgaard.com
Fri Oct 13 14:59:20 UTC 2023
commit: https://git.buildroot.net/buildroot/commit/?id=20542acda60788162fef0c3043df8ccb2d9ef610
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2023.02.x
This is a bugfix release which fixes a CVE.
See:
https://www.enlightenment.org/news/2022-09-15-enlightenment-0.25.4
CVE-2022-37706 "enlightenment_sys in Enlightenment before 0.25.4 allows
local users to gain privileges because it is setuid root, and the system
library function mishandles pathnames that begin with a /dev/..
substring."
Hashes were never part of the online news page, therefore mark them as
locally computed.
Signed-off-by: Daniel Lang <dalang at gmx.at>
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
(cherry picked from commit 83ffe153faa97b08acbfd0d15d4ca7f77604c17a)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
package/enlightenment/enlightenment.hash | 5 +++--
package/enlightenment/enlightenment.mk | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/package/enlightenment/enlightenment.hash b/package/enlightenment/enlightenment.hash
index 2d977b86f7..ed5d6b24ef 100644
--- a/package/enlightenment/enlightenment.hash
+++ b/package/enlightenment/enlightenment.hash
@@ -1,4 +1,5 @@
-# From https://www.enlightenment.org/news/2022-01-03-enlightenment-0.25.1
-sha256 2cf05fe3d96ef35e823619dbc0ac513ecabcae2186800ecd804924a637112444 enlightenment-0.25.1.tar.xz
+# From https://www.enlightenment.org/news/2022-09-15-enlightenment-0.25.4
+sha256 56db5d206b821b9a8831d26e713e410ac70b2255a6f43fcdf7c01eefde23b7a2 enlightenment-0.25.4.tar.xz
+# Locally computed
sha256 8d2fbc393e967cd6f5b8559d1744881a6a1ceb3ec6e1c2368c3916809ffccb8d COPYING
sha256 cdc77ee1732455b203610f923fe4196046b3f7509038c48dc0b0c7e3492c23f3 src/modules/wl_weekeyboard/themes/default/fonts/LICENSE.txt
diff --git a/package/enlightenment/enlightenment.mk b/package/enlightenment/enlightenment.mk
index 95670e800d..836c6e581d 100644
--- a/package/enlightenment/enlightenment.mk
+++ b/package/enlightenment/enlightenment.mk
@@ -4,7 +4,7 @@
#
################################################################################
-ENLIGHTENMENT_VERSION = 0.25.1
+ENLIGHTENMENT_VERSION = 0.25.4
ENLIGHTENMENT_SOURCE = enlightenment-$(ENLIGHTENMENT_VERSION).tar.xz
ENLIGHTENMENT_SITE = https://download.enlightenment.org/rel/apps/enlightenment
ENLIGHTENMENT_LICENSE = BSD-2-Clause, OFL-1.1 (font)
More information about the buildroot
mailing list