From 77c1e5ce8b11d62a1a14b611918557ec2b6d904e Mon Sep 17 00:00:00 2001
From: David Jardin <d.jardin@djumla.de>
Date: Fri, 22 Aug 2025 10:48:08 +0200
Subject: [PATCH 1/2] prevent usage of TUF targets that are older than the
 current version

---
 libraries/src/Updater/Update.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libraries/src/Updater/Update.php b/libraries/src/Updater/Update.php
index cb85e00131192..fc09663e665a6 100644
--- a/libraries/src/Updater/Update.php
+++ b/libraries/src/Updater/Update.php
@@ -562,6 +562,11 @@ public function loadFromTuf(TufMetadata $metadataTable, string $url, $minimumSta
         $constraintChecker = new ConstraintChecker();
 
         foreach ($data['signed']['targets'] as $target) {
+            // Check if this target is older than the currently installed version
+            if (version_compare($target['custom']['version'], JVERSION, '<')) {
+                continue;
+            }
+
             // Check if this target is newer than the current version
             if (isset($this->latest) && version_compare($target['custom']['version'], $this->latest->version, '<')) {
                 continue;

From f88b78ef699d05e859b972f7bdb6a2065e35d5ad Mon Sep 17 00:00:00 2001
From: David Jardin <d.jardin@djumla.de>
Date: Sat, 23 Aug 2025 14:02:37 +0200
Subject: [PATCH 2/2] =?UTF-8?q?Add=20missing=20updatemeta=20data=20from=20?=
 =?UTF-8?q?=E2=80=9Elatest=E2=80=9C=20to=20=E2=80=9Ebase=E2=80=9C=20update?=
 =?UTF-8?q?=20object=20in=20tuf?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 libraries/src/Updater/Update.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libraries/src/Updater/Update.php b/libraries/src/Updater/Update.php
index fc09663e665a6..42342c5a2e9f3 100644
--- a/libraries/src/Updater/Update.php
+++ b/libraries/src/Updater/Update.php
@@ -612,6 +612,10 @@ public function loadFromTuf(TufMetadata $metadataTable, string $url, $minimumSta
 
         // If the latest item is set then we transfer it to where we want to
         if (isset($this->latest)) {
+            foreach (get_object_vars($this->latest) as $key => $val) {
+                $this->$key = (object) ['_data' => $val];
+            }
+
             foreach ($this->downloadSources as $source) {
                 $this->downloadurl = (object) [
                     '_data'  => $source->url,