projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3a9261d) | patch
package/glib-networking: security bump to version 2.62.4
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sun, 31 May 2020 08:49:02 +0000 (10:49 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Mon, 1 Jun 2020 20:37:50 +0000 (22:37 +0200)
commit8f3d361f5ccbb43270f9e69bf6ac472698d3722e
tree33d0c51719d76fb82ecff89b9fa79c47dbcc1fa7tree
parent3a9261ddd917007e19b56b4bfe48ccc0861dd716commit | diff
package/glib-networking: security bump to version 2.62.4

- Fix CVE-2020-13645: In GNOME glib-networking through 2.64.2, the
  implementation of GTlsClientConnection skips hostname verification of
  the server's TLS certificate if the application fails to specify the
  expected server identity. This is in contrast to its intended
  documented behavior, to fail the certificate verification.
  Applications that fail to provide the server identity, including Balsa
  before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the
  certificate is valid for any host.
- Update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: bump to 2.62.4 rather than 2.64.3]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/glib-networking/glib-networking.hash diff | blob | history
package/glib-networking/glib-networking.mk diff | blob | history