From d8bf581531b8d8b3ab5d122319cc647e7f8550b1 Mon Sep 17 00:00:00 2001
From: Daniel Lang <dalang@gmx.at>
Date: Sun, 1 Oct 2023 20:11:42 +0200
Subject: [PATCH] package/enlightenment: security bump to version 0.25.4

This is a bugfix release which fixes a CVE.

See:
https://www.enlightenment.org/news/2022-09-15-enlightenment-0.25.4

CVE-2022-37706 "enlightenment_sys in Enlightenment before 0.25.4 allows
local users to gain privileges because it is setuid root, and the system
library function mishandles pathnames that begin with a /dev/..
substring."

Hashes were never part of the online news page, therefore mark them as
locally computed.

Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 83ffe153faa97b08acbfd0d15d4ca7f77604c17a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/enlightenment/enlightenment.hash | 5 +++--
 package/enlightenment/enlightenment.mk   | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/package/enlightenment/enlightenment.hash b/package/enlightenment/enlightenment.hash
index 2d977b86f7..ed5d6b24ef 100644
--- a/package/enlightenment/enlightenment.hash
+++ b/package/enlightenment/enlightenment.hash
@@ -1,4 +1,5 @@
-# From https://www.enlightenment.org/news/2022-01-03-enlightenment-0.25.1
-sha256  2cf05fe3d96ef35e823619dbc0ac513ecabcae2186800ecd804924a637112444  enlightenment-0.25.1.tar.xz
+# From https://www.enlightenment.org/news/2022-09-15-enlightenment-0.25.4
+sha256  56db5d206b821b9a8831d26e713e410ac70b2255a6f43fcdf7c01eefde23b7a2  enlightenment-0.25.4.tar.xz
+# Locally computed
 sha256  8d2fbc393e967cd6f5b8559d1744881a6a1ceb3ec6e1c2368c3916809ffccb8d  COPYING
 sha256  cdc77ee1732455b203610f923fe4196046b3f7509038c48dc0b0c7e3492c23f3  src/modules/wl_weekeyboard/themes/default/fonts/LICENSE.txt
diff --git a/package/enlightenment/enlightenment.mk b/package/enlightenment/enlightenment.mk
index 95670e800d..836c6e581d 100644
--- a/package/enlightenment/enlightenment.mk
+++ b/package/enlightenment/enlightenment.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-ENLIGHTENMENT_VERSION = 0.25.1
+ENLIGHTENMENT_VERSION = 0.25.4
 ENLIGHTENMENT_SOURCE = enlightenment-$(ENLIGHTENMENT_VERSION).tar.xz
 ENLIGHTENMENT_SITE = https://download.enlightenment.org/rel/apps/enlightenment
 ENLIGHTENMENT_LICENSE = BSD-2-Clause, OFL-1.1 (font)