-
glib-networking (2.62.1-1ubuntu0.1) eoan-security; urgency=medium
* SECURITY UPDATE: Failure to validate TLS certificate hostname in
certain conditions, contrary to documented behaviour
- debian/patches/CVE-2020-13645.patch: Fail certificate verification
when the server identity is missing. Based on upstream patch.
- CVE-2020-13645
-- Alex Murray <email address hidden> Tue, 23 Jun 2020 16:23:06 +0930
-
glib-networking (2.62.1-1) unstable; urgency=medium
* New upstream release
* Drop obsolete dh_strip dbgsym migration rule
-- Jeremy Bicha <email address hidden> Sat, 05 Oct 2019 20:35:56 -0400
-
glib-networking (2.62.0-1) experimental; urgency=medium
* New upstream release
- Verify socket timeouts are respected
- Fix a couple broken error messages
* Standards-Version → 4.4.0 (no changes required)
-- Iain Lane <email address hidden> Thu, 12 Sep 2019 13:34:40 +0100
-
glib-networking (2.61.90-1) experimental; urgency=medium
* New upstream release
- Fix translations of certain error messages
- Improve certain handshake error messages
- Fix regressions introduced in 2.61.1 (LP: #1839826)
-- Iain Lane <email address hidden> Mon, 12 Aug 2019 12:37:52 +0100
-
glib-networking (2.61.1-1) experimental; urgency=medium
* New upstream release
* control:
+ Bump BD on glib2.0 to 2.60.0, per meson.build
+ Bump BD on meson to 0.50.0 per meson.build
-- Iain Lane <email address hidden> Fri, 05 Jul 2019 18:02:04 +0100
-
glib-networking (2.60.3-1) experimental; urgency=medium
* New upstream release (LP: #1832458)
- Fix clobbering of the thread-default main context after certificate
verification failure during async handshakes since 2.60.1
- Fix GTlsDatabase initialization failures in OpenSSL backend due to
uninitialized memory use
- Fix minor leak of ALPN protocols
- OpenSSL backend now defaults to system trust store
- Fix client auth failure error with GnuTLS 3.6.7
* gnutls-Handle-new-GNUTLS_E_CERTIFICATE_REQUIRED.patch: Drop. It's in this
upstream release.
-- Iain Lane <email address hidden> Wed, 12 Jun 2019 09:21:12 +0100
-
glib-networking (2.60.1-1build1) eoan; urgency=medium
* No-change rebuild to build against gnutls28 3.6.7, which has
GNUTLS_E_CERTIFICATE_REQUIRED defined. There's an "#ifdef
GNUTLS_E_CERTIFICATE_REQUIRED" which we need to take to check for this
code being returned.
-- Iain Lane <email address hidden> Fri, 26 Apr 2019 10:43:15 +0100
-
glib-networking (2.60.1-1) experimental; urgency=medium
* New upstream release
- Improve reliability of client auth failure tests
- Fix excessive CPU usage after sync handshake
* Cherry-pick patch from upstream to fix tests with gnutls 3.6.7. This now
returns GNUTLS_E_CERTIFICATE_REQUIRED, which we should convert to
G_TLS_ERROR_CERTIFICATE_REQUIRED.
-- Iain Lane <email address hidden> Thu, 04 Apr 2019 11:16:58 +0100