aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Peter Korsgaard <peter@korsgaard.com>2020-12-21 12:24:14 +0100
committerGravatar Peter Korsgaard <peter@korsgaard.com>2020-12-22 15:16:22 +0100
commit9e7fc6024ceb3b689401f1f8aa91e016349bcc18 (patch)
tree039cf568e56b9557eda1fae10c6334a2964b9f38
parent1126cdf6390ebc249dc3f850492db93a0df65af0 (diff)
downloadbuildroot-9e7fc6024ceb3b689401f1f8aa91e016349bcc18.tar.gz
buildroot-9e7fc6024ceb3b689401f1f8aa91e016349bcc18.tar.bz2
package/rauc: security bump to version 1.5
Fixes the following security issue: - CVE-2020-25860: Time-of-Check-Time-of-Use Vulnerability in code that checks and installs a firmware bundle. For more details, see the advisory: https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 41bbe8df540e2c630ad04f8db7383a7e7705f368) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--package/rauc/rauc.hash4
-rw-r--r--package/rauc/rauc.mk2
2 files changed, 3 insertions, 3 deletions
diff --git a/package/rauc/rauc.hash b/package/rauc/rauc.hash
index d327122293..73c1add995 100644
--- a/package/rauc/rauc.hash
+++ b/package/rauc/rauc.hash
@@ -1,4 +1,4 @@
# Locally calculated, after verifying against
-# https://github.com/rauc/rauc/releases/download/v1.4/rauc-1.4.tar.xz.asc
-sha256 85aabf214cd93a37f7ad0b3aaad89eb94facf0f3ebf6e2edca945acbca9b0967 rauc-1.4.tar.xz
+# https://github.com/rauc/rauc/releases/download/v1.5/rauc-1.5.tar.xz.asc
+sha256 5dfbc46e808240c5014d318cfe64f0431307c37aa79cb2b013caa12daaf96d9d rauc-1.5.tar.xz
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING
diff --git a/package/rauc/rauc.mk b/package/rauc/rauc.mk
index a6c7c01095..fd39f000a8 100644
--- a/package/rauc/rauc.mk
+++ b/package/rauc/rauc.mk
@@ -4,7 +4,7 @@
#
################################################################################
-RAUC_VERSION = 1.4
+RAUC_VERSION = 1.5
RAUC_SITE = https://github.com/rauc/rauc/releases/download/v$(RAUC_VERSION)
RAUC_SOURCE = rauc-$(RAUC_VERSION).tar.xz
RAUC_LICENSE = LGPL-2.1