diff options
| author | Peter Marko <peter.marko@siemens.com> | 2024-05-08 13:46:36 +0200 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2024-05-23 08:55:01 -0700 |
| commit | ea63f4e0ed8eaf3f1478072029bee3a6a4189664 (patch) | |
| tree | 9352f381f086de0f46ff8ca9732ce2610ef3386c /scripts/lib/scriptutils.py | |
| parent | 22357a9a0410562dbc873b72bfbca51d8ac23a15 (diff) | |
| download | poky-ea63f4e0ed8eaf3f1478072029bee3a6a4189664.tar.gz | |
glib-2.0: Upgrade 2.78.4 -> 2.78.5
Handle CVE-2024-34397
Remove backported patch included in this release.
News (https://gitlab.gnome.org/GNOME/glib/-/commit/d18807b5ffc6dedc2db5225b044063f65720bf56):
Overview of changes in GLib 2.78.5, 2024-05-07
==============================================
* Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are
vulnerable to unicast spoofing (#3268, work by Simon McVittie, reported by
Alicia Boya García)
* Bugs fixed:
- #3168 gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree()
due to filename with bad encoding (Ondrej Holy)
- #3268 CVE-2024-34397: GDBus signal subscriptions for well-known names are
vulnerable to unicast spoofing (Simon McVittie)
- !3825 glib-2-78: ci: Drop FreeBSD 12 CI runner as it’s EOL
- !3960 gcontenttype: Make filename valid utf-8 string before processing
- !4040 Backport !4038 “gdbusconnection: Don't deliver signals if the sender
doesn't match” to glib-2-78
- !4043 CI: Ignore MSYS2 CI failures for this older stable-branch
* Translation updates:
- English (United Kingdom) (Andi Chandler)
- Georgian (Ekaterine Papava)
- Portuguese (Brazil) (Juliano de Souza Camargo)
(From OE-Core rev: 14de0c10f6b65eac758220d95e6d31066649a214)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'scripts/lib/scriptutils.py')
0 files changed, 0 insertions, 0 deletions