5 * Updated translations: British English, Polish
9 * Ported to use upstream gettext rather than intltool/glib-gettext
10 [#768708, Javier Jardón]
12 * Updated po files for future gettext versions [Piotr Drąg]
14 * Fixed translation lookup on Windows [#765466, Chun-wei Fan]
16 * Updated translations: Occitan
20 * gnutls: Fixed an infinite loop if a server sent two identical
21 copies of its CA certificate [#765317, Carlos Garcia Campos]
23 * New/updated translations: Occitan, Scottish Gaelic
27 * Fixed translations in non-UTF-8 domains [#765466, Ting-Wei Lan]
29 * Fixed bash-ism in configure [#765396, Patrick Welche]
31 * Updated translations: Friulian
35 * New stable release. (No changes since 2.47.90)
39 * gnutls: The non-PKCS#11 TLS plugin now uses gnutls's certificate
40 validation code directly, rather than attempting to build a
41 certificate chain itself first. [#753260 and others, Dan Winship]
43 * gnutls: Fixed a leak when closing a connection during an implicit
44 handshake [#736809, Philip Withnall]
46 * gnutls: Fixed "make check" without PKCS#11 support [#728977,
47 Gilles Dartiguelongue]
49 * gnutls: Various changes in preparation for DTLS support (but not
50 the actual DTLS support itself) [#697908, #735754, Philip
51 Withnall, Olivier Crête]
53 * Updated translations: Occitan
57 * Fixed a certificate chain validation problem that affected
58 Facebook in Epiphany. [#750457, Carlos Garcia Campos]
60 * Added a systemd service file for glib-pacrunner [#755740, Simon
65 * Various minor cleanups and small memory leak fixes
67 * Added a new test case for client certificate chain handling
68 [#754129, Michael Catanzaro]
70 * New/updated translations:
71 Japanese, Occitan, Portuguese
75 * tls/gnutls: Implement g_tls_client_connection_copy_session_state(),
76 to allow implementing FTP-over-TLS in gvfs. (#745255, Ross
81 * New stable release. (No changes since 2.43.92)
85 * Fix TLS session caching when using session tickets (#745099, Ross
88 * Updated translations:
93 * tls/gnutls: Removed a workaround for connecting to servers with
94 weak DH parameters, which was apparently only needed because
95 gnutls was prioritizing DHE over RSA. (Michael Catanzaro)
96 (https://bugzilla.redhat.com/show_bug.cgi?id=1177964#c8)
98 * tls/gnutls: We now require gnutls 3.x again. (In fact, 2.42.1
99 and 2.43.1 accidentally used a 3.x-only function, so we already
100 required it, we were just failing to declare that fact.)
102 * tls/tests: Skip certain tests when running against old gnutls or
103 GLib releases. (glib-networking 2.43.91 itself does not require
104 GLib 2.43, but one of the test cases does.)
106 * Updated translations:
112 * The GTlsClientConnection "use-ssl3" property now falls back to TLS
113 1.0 if SSL 3.0 has been disabled, rather than just failing. Also,
114 we now use the gnutls %LATEST_RECORD_VERSION option by default (to
115 allow connecting to certain servers that were incorrectly patched
116 for the POODLE attack), but also make sure to remove that option
117 in the fallback ("use-ssl3") mode (to allow connecting to other
118 servers that are differently broken). (#738633, #740087, Dan
121 * tls/gnutls: Miscellaneous warning, debugging, and leak fixes
122 (#736757, #736809, #737106, Philip Withnall)
124 * New/updated translations:
129 * New stable release. (No changes since 2.41.92)
133 * tls/gnutls: Incorrectly-ordered certificate chains are now
134 accepted (#683266, Michael Catanzaro)
136 * tls/gnutls: Closing an already-closed GTlsConnection now correctly
137 returns TRUE rather than G_IO_ERROR_CLOSED (#735754, Olivier
142 * tls/gnutls: certificates with IP address subject altnames are now
143 supported (#726596, Aleix Conchillo Flaqué)
145 * tls/tests: added a script to re-generate the certificates, and
146 regenerated them (since the key for the existing CA certificate
147 had been lost, so it wasn't possible to add new test certificates,
148 eg, for IP SAN). (#733365, Aleix Conchillo Flaqué)
150 * Updated translations:
155 * tls/gnutls: g_tls_backend_get_default_database() should never
156 return %NULL; if glib-networking was built without a
157 ca-certificates file, then the default GTlsDatabase should just be
158 empty. (#727282, Olivier Crête)
160 * tls/gnutls: If a server's certificate includes an issuer chain, we
161 now send the entire chain to the client. (#724708, Aleix Conchillo
164 * Updated translations:
169 * New stable release. (No changes since 2.39.90)
173 * tls/gnutls: Avoid trying to update a destroyed GSource (#723774,
176 * tls/tests: Fix another flaky test (#722336)
178 * tests: use the TAP driver
180 * Updated translations:
185 * tls/tests: Fix one sporadic bug in the connection test (#720081)
186 and make it properly fail rather than hanging forever when another
187 sporadic bug happens (which I don't actually know the cause of)
190 * tls/gnutls: Fix for -Werror=format-nonliteral (#720081, Ryan
195 * tls/gnutls: Use g_tls_interaction_invoke_request_certificate()
196 when processing a certificate request. (#637257, Stef Walter)
198 * tls/gnutls: Handle G_IO_ERROR_TIMED_OUT on a GTlsConnection
199 correctly rather than reporting "The specified session has
200 been invalidated for some reason". (#710700, Aleix Concillo
203 * tls/tests: Fix to previous installed-tests fix, which resulted
204 in some files getting installed even when installed tests weren't
207 * tls/tests: add a test for a fix made in glib (#710691, Aleix
212 * glibpacrunner: Don't crash if there is an internal libproxy error.
215 * tls/tests: Fix installed tests to not accidentally depend on
216 having the source tree still exist. (#709628)
218 * Updated translations:
223 * New stable release. (No changes since 2.37.5)
227 * gnutls: minimum version is now 2.12.8 (with 3.x preferred...)
229 * glib-networking now supports the --enable-installed-tests flag, to
230 install its test programs to run at other times (ie, after
235 * proxy/gnome: further improve GNOME session detection (#701377)
237 * gnutls: don't crash if $G_TLS_GNUTS_PRIORITY is invalid (#701693)
241 * proxy/gnome: Improve session-type detection to include
242 gnome-classic and anything else starting with "gnome" (#700607,
245 * proxy/libproxy: make SOCKS work when using the async API (#699359,
248 * proxy/tests: make the libproxy test program use the just-built
249 plugin rather than the installed one. Oops (#700286, Iain Lane)
251 * proxy/tests: fix to not error out if neither proxy module is built
254 * tls/tests: fix a sporadic crash (Dan)
258 * gnutls: Fixed a bug that could cause hangs and/or bursts of CPU
259 usage in some cases. (#696881, Olivier Crête)
261 * gnutls: Fixed CFLAGS when building with gnutls in a different
262 prefix. (#696519, Emmanuel Pacaud)
264 * gnutls: Fixed a hang while rehandshaking with gnutls 3.x (#695062,
267 * gnutls: Fixed a handshaking crash in multithreaded use (#697754,
270 * proxy/gnome: Fix "automatic" mode, which was mistakenly being
271 treated as "none" (Dan)
273 * proxy/gnome: Use this in Unity sessions as well as GNOME ones.
276 * New/Updated translations:
277 Friulian, Indonesian, Turkish
281 * New/Updated translations:
282 Assamese, Basque, Belarusian, Catalan (Valencian), Catalan,
283 Danish, Finnish, Hindi, Korean, Latvian, Persian, Portuguese,
284 Russian, Slovak, Tadjik, Thai
288 * Fixed one kind of handshake failure to return the correct error
289 code under gnutls 3.x (allowing libsoup to recognize the error and
290 do fallback to SSL 3.0). (#694812)
292 * Updated translations:
293 Chinese (traditional), French, German, Punjabi, Uyghur,
298 * proxy/gnome: ported to new GSimpleProxyResolver, and added more
301 * gnutls: Fixed a small per-connection leak (#693718)
303 * tls/tests: Fixed several race conditions that caused spurious
306 * Updated translations:
311 * proxy/gnome: Fixed several bugs:
313 * Multithreaded usage could result in crashes
315 * In "automatic" mode, synchronous lookups would obey
316 ignore-hosts, but asynchronous lookups would not. (Now they
319 * lookup_async() would never notice if the proxy settings
320 switched from "automatic" to "manual" or "none" (and would
321 make a synchronous D-Bus call when switching in the other
324 * If given an invalid URI, lookup_async() would return a
325 successful result (and leak the GError that it was supposed
326 to have returned), and lookup() would return both the error
327 and the proxy (leaking one or the other, depending on how
330 * Updated translations:
331 Italian, Malayalam, Norwegian bokmål, Serbian, Uyghur
335 * proxy/gnome: The tests should now work correctly even if
336 run from a non-GNOME environment. (Robert Ancell)
338 * Updated translations:
339 Brazilian Portuguese, Bulgarian, Estonian, Galician, Greek,
344 * build: The TLS tests are now not built if you are building without
345 gnutls support. (Saleem Abdulrasool)
347 * gnutls: Several handshaking fixes:
349 * Fix a hang when doing a synchronous close() immediately
350 after cancelling an asynchronous handshake() (which would
351 happen in libsoup if you cancelled a message at the right
352 time). (#688751, Dan)
354 * Avoid an assertion when an implicit handshake fails
357 * Fixed GTlsServerConnection:authentication-mode to work
358 again, and added a regression test for this. (#689259, Stef)
360 * Return the appropriate error
361 (G_TLS_ERROR_CERTIFICATE_REQUIRED) when a handshake fails
362 because the server required a certificate but none was
363 provided, and added a test for this. (#689260, Stef)
365 * Make g_io_stream_close() finish successfully after a failed
366 handshake (#689260, Stef)
368 * Make g_io_stream_close() finish successfully before a
369 handshake (#689271, Stef)
371 * gnutls: Updated to be aware of G_IO_ERROR_BROKEN_PIPE in glib
372 2.35.3, which needs to be converted to G_TLS_ERROR_NOT_TLS in some
373 cases. (Previously this error showed up as just G_IO_ERROR_FAILED.)
376 * proxy/gnome: This is now only used in GNOME login sessions (as,
377 essentially, a more efficient version of the libproxy GNOME
378 backend); in non-GNOME sessions, gio will now fall back to the
379 libproxy plugin, allowing environment variables or other libproxy
380 settings backends to be used.
382 * New/Updated translations:
383 Czech, Hebrew, Lithuanian, Polish, Slovak, Spanish
387 * Update for glib 2.35.1; remove g_type_init() calls and port to
390 * Updated translations:
395 * Updated translations:
396 Arabic, Bulgarian, Catalan (Valencian), Catalan, Chinese
397 (Simplified), Hindi, Japanese, Thai
401 * Updated translations:
402 Brazilian Portuguese, British English, Czech, Danish, Finnish,
403 French, German, Korean, Punjabi
407 * gnutls: Revert the addition of the certificate-bytes and
408 private-key-bytes properties to GTlsCertificateGnutls, since they
409 were reverted in glib. (#682081, Stef)
411 * Updated translations:
412 Belarusian, Hungarian, Indonesian, Italian, Latvian, Polish,
417 * gnutls: Improved the certificate verifying code to deal with the
418 case of a CA being reissued with the same key but a different
419 signature algorithm. (#681299, Stef)
421 * gnutls: Fixed an uninitialized variable in
422 g_tls_connection_gnutls_close(). (#681636)
424 * Updated translations:
425 Assamese, Portuguese, Telugu
429 * gnutls: If a GTlsConnection gets an error when handshaking, it
430 will now continue to return that error message on future I/O
431 attempts, rather than behaving in an undefined manner.
433 * gnutls: You can now read from a GTlsConnection's input stream and
434 write to its output stream at the same time (either in different
435 threads, or asynchronously in a single thread). (#660252)
437 * Updated translations:
438 Chinese (traditional), Galician, Greek, Hebrew, Lithuanian,
439 Norwegian bokmål, Russian, Serbian, Slovenian, Spanish
443 * Updated autogen.sh (in particular to support automake 1.12)
446 * gnutls: fix the use-system-certdb property on GTlsConnectionGnutls
447 (previously, setting it to FALSE was a no-op).
449 * Updated translations:
450 Dutch, Greek, Indonesian
454 * gnutls: simplify using new glib pollable stream methods
456 * proxy/gnome: fix a bug that made it impossible to use SOCKS
457 without also having a separate http proxy.
461 * gnutls: added /etc/ssl/ca-bundle.pem to the list of files to check
462 for to use as the default CA list. (This is what openSUSE uses.)
463 (#673944, Federico Mena Quintero)
465 * Updated translations:
466 Catalan (Valencian), Marathi, Odia, Persian
470 * New/updated translations:
471 Hindi, Japanese, Khmer, Latvian, Malayalam
475 * Updated translations:
476 British English, Catalan, Finnish, Lithuanian, Portuguese,
481 * gnutls: Fixed a linking problem on some platforms when PKCS#11 is
482 enabled. (#670956, Kalev Lember)
484 * Updated translations:
485 Assamese, Basque, Belarusian, Brazilian Portuguese, Danish,
486 Estonian, French, German, Hungarian, Italian, Korean, Polish,
491 * gnutls: Fixed a TLS handshaking bug that in particular caused lots
492 of crashes in epiphany. (#658771)
494 * tls/tests: Fixed a bug in the pkcs11-pin test that could cause it
497 * Updated translations:
498 Bulgarian, Chinese (traditional), Czech, Japanese,
499 Norwegian bokmål, Turkish, Vietnamese
504 * Support gnutls built against nettle instead of gcrypt
507 * Implement TLS session caching for GTlsServerConnection
510 * tls/tests: Explicitly request the memory GSettings backend, to
511 avoid warnings in partial jhbuild environments
513 * proxy/gnome: Update to use GInetAddressMask
515 * Updated translations:
516 Chinese (simplified), Hebrew, Norwegian bokmål, Slovenian,
522 * Added gnutls-pkcs11 backend, which uses gnutls 2.12.8 and
523 p11-kit (a new optional dependency) to provide access to
524 PKCS#11 tokens. At the moment, this is only enabled if you
525 set GIO_USE_TLS=gnutls-pkcs11 in the environment. (Stef,
528 * GTlsCertificateGnutls can now read unencrypted PKCS#8 keys
529 (which show "BEGIN PRIVATE KEY" in PEM form) in addition to
530 the previously-supported PKCS#1 keys ("BEGIN RSA PRIVATE
533 * Updated translations:
534 Galician, German, Lithuanian, Norwegian bokmål, Spanish,
540 * Bumped required GNUTLS version to 2.11.0 and updated
541 code for that (Stef, #656903)
543 * Fixed a crash when passing a NULL GCancellable to
544 g_tls_connection_close_async() (Dan, #659786) or a NULL
545 GError to g_tls_file_database_new().
547 * Fixed handling of self-signed CA certificates in
548 GTlsDatabaseGnutls (Dan, #660508)
550 * Added another G_TLS_ERROR_NOT_TLS (aka "dumb server, try
551 falling back from TLS to SSLv3") case, when the handshake
552 completes but then packets after that don't decrypt
553 correctly. (Dan, #662104)
555 * Made sure that GTlsConnection:peer-certificate and
556 :peer-certificate-errors get set even when the peer
557 certificate is rejected. (Dan)
560 * Fixed ignore_hosts handling (Dan, #655581)
562 * Fixed configure check so that "--without-gnome-proxy" works.
563 (Alexandre Rostovtsev, #662203)
565 * Fixed tests to only build the gnome proxy test if we're
566 building the gnome proxy. (Kalev Lember, #662085)
573 * Updated translation:
578 * New/updated translations:
579 Belarusian, Tamil, Japanese
581 * gnutls: Fixed a problem when linking against GNUTLS 3.0, where
582 connections would sometimes return the error "The TLS connection
583 was non-properly terminated". (Dan Winship, #659233)
585 * gnutls: Plugged a few memory leaks (Dan Winship)
589 * gnutls: fixed two rehandshaking bugs; one in which a client
590 would erroneously report an error after successfully rehandshaking
591 (Igor Makarov, #653645), and one where initiating an asynchronous
592 rehandshake on the server side would send illegal packets and
593 cause the client to disconnect (Dan Winship).
595 * gnutls: made GTlsDatabaseGnutls and GTlsFileDatabaseGnutls
596 properly cancellable (Stef Walter)
598 * gnutls: fixed the client-side session cache to not share session
599 IDs between different virtual hosts on the same IP address, which
600 caused problems with some servers. (Dan Winship, #581342)
602 * tls: Fixed up the tls test program so it can be run from "make
610 * gnutls: implement GTlsDatabase (Stef Walter, #636572)
612 * gnutls: override minimum key length, to allow connecting to HTTP
613 servers with very small keys (eg, on some embedded devices). (Dan
616 * gnutls: use %COMPAT mode, which makes GNUTLS behave more like
617 OpenSSL/NSS/Windows in a few ways, making it work with certain
618 broken HTTP servers. (Dan Winship, part of #581342)
620 * gnutls: fixed a crash when passed a NULL GError (Dan Winship)
624 * Optimized GDBus usage in PACRunner (davidz)
626 * Fixed a race condition in GProxyResolverGnome (davidz)
628 * Changed configure to --enable-maintainer-mode by default,
632 Belarusian, Catalan (Valencian), Esperanto, Finnish,
637 * Fixed some leaks in the gnutls backend
644 * New/updated translations:
645 Basque, Brazilian Portuguese, Chinese (Traditional), Danish,
646 Hindi, Kannada, Marathi, Uyghur
650 * Added a new proxy backend, GProxyResolverGnome, that uses
651 GSettings and the network proxy schemas from
652 gsettings-desktop-schemas to provide proxy information (and using
653 a new D-Bus service provided by the libproxy backend to provide
656 If you are building glib-networking in a GNOME 3.0 environment,
657 you should make sure that gsettings-desktop-schemas.pc is
658 available when building, so that this backend gets built.
661 Assamese, Latvian, Oriya, Serbian
665 * Fixed broken libtool check in autogen.sh that failed for libtool
668 * New/updated translations:
669 Bengali (India), Catalan, Chinese (Simplified), Chinese
670 (Traditional), Czech, Dutch, Estonian, Galician, German,
671 Greek, Gujarati, Hebrew, Indonesian, Italian, Korean,
672 Norwegian (Bokmål), Polish, Punjabi, Slovenian, Spanish,
673 Swedish, Uyghur, Ukranian
677 * Fixed configure script to actually error out if installed glib
678 version is too old (Emilio Pozuelo Monfort)
680 * gnutls: updated GTlsClientConnectionGnutls for :accepted-cas type
682 * gnutls: fixed an uninitialized variable (Dan Winship)
686 * gnutls: finish implementing GTlsRehandshakeMode, which was present
687 but non-functional in 2.27.4
688 * gnutls: updates for glib TLS API changes
689 * gnutls: fix some async bugs that caused the main loop to spin
690 * gnutls: implement a client-side session cache, to speed up
693 * Compile with gcc warnings by default
697 * GNUTLS-based implementation of GTlsBackend
702 * No changes, just a version bump
707 * Initial release, with libproxy-based GProxyResolver