From a41085d1a63cc629cfb9b4fb1fc30ec43d8e56a7 Mon Sep 17 00:00:00 2001 From: haiqing Date: Fri, 27 Mar 2020 10:38:05 +0800 Subject: glib-2.0: fix CVE-2020-6750 GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. (From OE-Core rev: 29ed9fc7341cc3db716115aef1a6910fdb893145) Signed-off-by: Haiqing Bai Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie --- meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb | 1 + 1 file changed, 1 insertion(+) (limited to 'meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb') diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb index 5aefa6ad8b..5be81a8f31 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.60.7.bb @@ -16,6 +16,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://0001-Do-not-write-bindir-into-pkg-config-files.patch \ file://0001-meson.build-do-not-hardcode-linux-as-the-host-system.patch \ file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \ + file://CVE-2020-6750.patch \ " SRC_URI_append_class-native = " file://relocate-modules.patch" -- cgit v1.2.3-54-g00ecf