- Fix CVE-2020-13645: In GNOME glib-networking through 2.64.2, the
implementation of GTlsClientConnection skips hostname verification of
the server's TLS certificate if the application fails to specify the
expected server identity. This is in contrast to its intended
documented behavior, to fail the certificate verification.
Applications that fail to provide the server identity, including Balsa
before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the
certificate is valid for any host.
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: bump to 2.62.4 rather than 2.64.3]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-# From http://ftp.gnome.org/pub/gnome/sources/glib-networking/2.61/glib-networking-2.61.1.sha256sum
-sha256 a3acbe8953ba80e408bdc4a3e8c240fd9447181c7e800a175c3105604c38bad5 glib-networking-2.61.1.tar.xz
-sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING
+# From http://ftp.gnome.org/pub/gnome/sources/glib-networking/2.62/glib-networking-2.62.4.sha256sum
+sha256 c18f289eec480fdce12044c0a06f77521edf9f460d16ad4213de61f2a3b294cf glib-networking-2.62.4.tar.xz
+sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING
#
################################################################################
-GLIB_NETWORKING_VERSION_MAJOR = 2.61
-GLIB_NETWORKING_VERSION = $(GLIB_NETWORKING_VERSION_MAJOR).1
+GLIB_NETWORKING_VERSION_MAJOR = 2.62
+GLIB_NETWORKING_VERSION = $(GLIB_NETWORKING_VERSION_MAJOR).4
GLIB_NETWORKING_SITE = http://ftp.gnome.org/pub/gnome/sources/glib-networking/$(GLIB_NETWORKING_VERSION_MAJOR)
GLIB_NETWORKING_SOURCE = glib-networking-$(GLIB_NETWORKING_VERSION).tar.xz
GLIB_NETWORKING_INSTALL_STAGING = YES
projects / buildroot.git / commitdiff