+2.60.1 - April 1, 2019
+======================
+
+- Improve reliability of client auth failure tests (#66)
+- Fix excessive CPU usage after sync handshake (#69)
+
+2.60.0.1 - March 12, 2019
+=========================
+
+- Fix build with OpenSSL pkg-config unavailable (Nirbheek Chauhan)
+
+2.60.0 - March 11, 2019
+=======================
+
+This is the first stable release featuring the new OpenSSL backend. Please be
+advised that this new backend is still experimental and known to not work on
+some systems, including Debian. Linux distributions are encouraged to stick to
+the default build options, where OpenSSL is not yet enabled.
+
+- Fix build with GnuTLS disabled (Nirbheek Chauhan)
+- Fix build on Windows (Chun-Wei Fan)
+
+2.59.92 - March 4, 2019
+=======================
+
+- Many OpenSSL backend fixes for Windows (Nirbheek Chauhan)
+- GnuTLS: reject sync operations during handshake to avoid deadlocks (#46)
+- Temporarily disable DTLS and OpenSSL tests due to #49 and #54
+
+2.59.91 - February 18, 2019
+===========================
+
+- Update OpenSSL SSL struct when certificate is changed (#55, Fredrik Ternerot)
+- Fix tests build when GnuTLS is disabled (#59)
+- Remove Fedora-specific PROFILE=SYSTEM default cipher list (#61)
+- Fix some problems with the connection tests (Fredrik Ternerot)
+
+2.59.90 - February 4, 2019
+==========================
+
+This release adds an OpenSSL backend, obsoleting the glib-openssl project.
+Credit to all the contributors to the glib-openssl project, especially
+Ignacio Casal Quinteiro. Also thanks to Xavier Claessens for helping with the
+transition.
+
+The OpenSSL backend seems to be mature, though it is less well-tested for
+desktop usage than the GnuTLS backend. It will remain disabled by default at
+build time due to the GPL-incompatible nature of the OpenSSL license -- and the
+GPLv2-incompatible nature of the Apache license that will be used by future
+versions of OpenSSL -- and because the GnuTLS backend is sufficient for Linux
+distros.
+
+Use the OpenSSL backend if you are building an embedded system where
+(GPLv2+ or LGPLv3+) dependencies are unacceptable (e.g. nettle or GMP, both
+dependencies of GnuTLS) and you are OK with the GPL-incompatible OpenSSL
+license. If the OpenSSL backend is enabled at build time, you should probably
+disable build of the GnuTLS backend, or it will take precedence over the OpenSSL
+backend at runtime. For example, you could configure with:
+
+$ mkdir build && cd build
+$ meson -Dgnutls=disabled -Dopenssl=enabled ..
+
+2.59.2 - January 7, 2019
+========================
+
+ - Add support for application layer protocol negotiation (#47, Scott Hutton)
+
+2.59.1 - November 11, 2018
+==========================
+
+This release removes the gnutls-pkcs11 backend, which was disabled in 2.57.2,
+due to lack of any feedback whatsoever regarding its disablement. If you think
+it is still useful to you, given that the normal gnutls backend now supports
+PKCS#11, speak up now.
+
+This release also includes several changes to properly support TLS 1.3.
+
+Other changes:
+
+ - Perform certificate verification during, not after, TLS handshake
+ - Dramatically improve the reliability of the non-DTLS tests. (DTLS is still having problems.)
+ - Regenerate test certificates to prepare for OpenSSL support
+ - Several meson build system improvements to prepare for OpenSSL support
+
+2.58.0 - September 2, 2018
+==========================
+
+ - Updated translations
+
+2.57.92 - August 27, 2018
+=========================
+
+ - Revert fixes for #4 and #6 due to regression (#43)
+ - Fix installed tests (Sébastien Bacher, !7)
+
+2.57.90 - August 12, 2018
+=========================
+
+ - Properly check for server errors in connection tests (#4)
+ - Perform certificate verification during, not after, TLS handshake (#6)
+ - Avoid trailing dots in SNI hostnames (#11)
+ - Send fallback SCSV with fallback connection attempts
+ - Fail unsafe rehandshake attempts initiated by API request
+
+2.57.3 - July 16, 2018
+======================
+
+- Fix memory leaks when calling g_tls_connection_gnutls_get_certificate()
+- Use .so for modules on macOS instead of dylib (Nirbheek Chauhan)
+- Fix build with MSVCC (Nirbheek Chauhan)
+
+2.57.2 - May 21, 2018
+=====================
+
+This release disables build of the gnutls-pkcs11 backend by default. Please
+direct any complaints to https://gitlab.gnome.org/GNOME/glib-networking/issues/7
+
+- Several meson build system improvements
+ (#794978, #795043, and #795982, Xavier Claessens and Nirbheek Chauhan)
+
+2.57.1 - April 16, 2018
+=======================
+
+- Use GnuTLS system trust and remove build option to specify cert bundle (#753260)
+- Fix criticals when child streams outlast the parent GTlsConnection (#792219)
+- Fix crash when setting client cert without private key (#793712)
+- Update tests for compatibility with GnuTLS 3.6.2 (#794286)
+- Never install GIO modules outside build prefix (#794358)
+- Don't install test files if installed tests are disabled (#794372)
+- Fix build with -Dpkcs11=false (#794292, Tom Schoonjans)
+- Allow building as meson subproject (#794709, Mathieu Duponchelle)
+
+- g_tls_certificate_verify() no longer manually verifies certificate
+ activation/expiration time, matching the current behavior of
+ g_tls_database_verify_chain().
+
+2.56.0 - March 20, 2018
+=======================
+
+- Updated translations
+
+2.55.90 - February 12, 2018
+===========================
+
+- Fix unit tests when SSLv3 is unavailable (#782853)
+- Allow static linking (#791100, Xavier Claessens)
+- Fix issues found by coverity (#792402, Philip Withnall)
+- Remove TLS build option; it is now mandatory
+- Try to ensure that GnuTLS is only initialized if TLS is actually used
+- Update use of GObject to follow current best practices
+- Use XDG_CURRENT_DESKTOP to determine which proxy module to load
+
+2.55.2 - December 13, 2017
+==========================
+
+ * Fix glib-pacrunner.service installation directory
+ [#790367, Michael Catanzaro]
+
+ * Updated translations: Hebrew, Indonesian, Spanish
+
+2.55.1 - November 13, 2017
+==========================
+
+ * Implement DTLS support [#697908, Philip Withnall and Olivier Crête]
+
+ * Fix using different client certs for different connections
+ [#781578, Martin Pitt]
+
+ * Port to Meson build system [#786639, Iñigo Martínez]
+
+ * Updated translations: Catalan (Valencian), Croatian, Czech, German,
+ Greek, Norwegian bokmål, Persian, Slovenian
+
+2.54.0
+======
+ * New/updated translations: Basque, Belarusian, Brazilian
+ Portuguese, Bulgarian, Catalan, Chinese (Taiwan), Danish, Danish,
+ Dutch, French, Galician, Hungarian, Italian, Korean, Latvian,
+ Lithuanian, Malayalam, Nepali, Polish, Serbian, Slovak, Swedish,
+ Turkish
+
+2.53.90
+=======
+ * gnutls: Stop using %LATEST_RECORD_VERSION in priority string,
+ since that gives better compatibility with current gnutls /
+ current real world. [#782218, Michael Catanzaro]
+
+ * gnutls: Provide a better error message when a TLS alert is
+ received. [#782218, Michael Catanzaro]
+
+ * New/updated translations: Croatian, Czech, Esperanto, Friulian,
+ German, Indonesian, Italian, Kazakh, Slovenian, Spanish
+
+2.50.0
+======
+ * New stable release.
+
+ * Updated translations: British English, Polish
+
+2.49.90
+=======
+ * Ported to use upstream gettext rather than intltool/glib-gettext
+ [#768708, Javier Jardón]
+
+ * Updated po files for future gettext versions [Piotr Drąg]
+
+ * Fixed translation lookup on Windows [#765466, Chun-wei Fan]
+
+ * Updated translations: Occitan
+
+2.48.2
+======
+ * gnutls: Fixed an infinite loop if a server sent two identical
+ copies of its CA certificate [#765317, Carlos Garcia Campos]
+
+ * New/updated translations: Occitan, Scottish Gaelic
+
+2.48.1
+======
+ * Fixed translations in non-UTF-8 domains [#765466, Ting-Wei Lan]
+
+ * Fixed bash-ism in configure [#765396, Patrick Welche]
+
+ * Updated translations: Friulian
+
+2.48.0
+======
+ * New stable release. (No changes since 2.47.90)
+
+2.47.90
+=======
+ * gnutls: The non-PKCS#11 TLS plugin now uses gnutls's certificate
+ validation code directly, rather than attempting to build a
+ certificate chain itself first. [#753260 and others, Dan Winship]
+
+ * gnutls: Fixed a leak when closing a connection during an implicit
+ handshake [#736809, Philip Withnall]
+
+ * gnutls: Fixed "make check" without PKCS#11 support [#728977,
+ Gilles Dartiguelongue]
+
+ * gnutls: Various changes in preparation for DTLS support (but not
+ the actual DTLS support itself) [#697908, #735754, Philip
+ Withnall, Olivier Crête]
+
+ * Updated translations: Occitan
+
+2.47.1
+======
+ * Fixed a certificate chain validation problem that affected
+ Facebook in Epiphany. [#750457, Carlos Garcia Campos]
+
+ * Added a systemd service file for glib-pacrunner [#755740, Simon
+ McVittie]
+
+2.46.0
+======
+ * Various minor cleanups and small memory leak fixes
+
+ * Added a new test case for client certificate chain handling
+ [#754129, Michael Catanzaro]
+
+ * New/updated translations:
+ Japanese, Occitan, Portuguese
+
+2.45.1
+======
+ * tls/gnutls: Implement g_tls_client_connection_copy_session_state(),
+ to allow implementing FTP-over-TLS in gvfs. (#745255, Ross
+ Lagerwall)
+
+2.44.0
+======
+ * New stable release. (No changes since 2.43.92)
+
+2.43.92
+=======
+ * Fix TLS session caching when using session tickets (#745099, Ross
+ Lagerwall)
+
+ * Updated translations:
+ Bosnian
+
+2.43.91
+=======
+ * tls/gnutls: Removed a workaround for connecting to servers with
+ weak DH parameters, which was apparently only needed because
+ gnutls was prioritizing DHE over RSA. (Michael Catanzaro)
+ (https://bugzilla.redhat.com/show_bug.cgi?id=1177964#c8)
+
+ * tls/gnutls: We now require gnutls 3.x again. (In fact, 2.42.1
+ and 2.43.1 accidentally used a 3.x-only function, so we already
+ required it, we were just failing to declare that fact.)
+
+ * tls/tests: Skip certain tests when running against old gnutls or
+ GLib releases. (glib-networking 2.43.91 itself does not require
+ GLib 2.43, but one of the test cases does.)
+
+ * Updated translations:
+ Friulian
+
+2.43.1
+======
+
+ * The GTlsClientConnection "use-ssl3" property now falls back to TLS
+ 1.0 if SSL 3.0 has been disabled, rather than just failing. Also,
+ we now use the gnutls %LATEST_RECORD_VERSION option by default (to
+ allow connecting to certain servers that were incorrectly patched
+ for the POODLE attack), but also make sure to remove that option
+ in the fallback ("use-ssl3") mode (to allow connecting to other
+ servers that are differently broken). (#738633, #740087, Dan
+ Winship)
+
+ * tls/gnutls: Miscellaneous warning, debugging, and leak fixes
+ (#736757, #736809, #737106, Philip Withnall)
+
+ * New/updated translations:
+ Kazakh
+
+2.42.0
+======
+ * New stable release. (No changes since 2.41.92)
+
+2.41.92
+=======
+ * tls/gnutls: Incorrectly-ordered certificate chains are now
+ accepted (#683266, Michael Catanzaro)
+
+ * tls/gnutls: Closing an already-closed GTlsConnection now correctly
+ returns TRUE rather than G_IO_ERROR_CLOSED (#735754, Olivier
+ Crête)
+
+2.41.4
+======
+ * tls/gnutls: certificates with IP address subject altnames are now
+ supported (#726596, Aleix Conchillo Flaqué)
+
+ * tls/tests: added a script to re-generate the certificates, and
+ regenerated them (since the key for the existing CA certificate
+ had been lost, so it wasn't possible to add new test certificates,
+ eg, for IP SAN). (#733365, Aleix Conchillo Flaqué)
+
+ * Updated translations:
+ Greek
+
+2.41.3
+======
+ * tls/gnutls: g_tls_backend_get_default_database() should never
+ return %NULL; if glib-networking was built without a
+ ca-certificates file, then the default GTlsDatabase should just be
+ empty. (#727282, Olivier Crête)
+
+ * tls/gnutls: If a server's certificate includes an issuer chain, we
+ now send the entire chain to the client. (#724708, Aleix Conchillo
+ Flaqué)
+
+ * Updated translations:
+ Swedish
+
+2.40.0
+======
+ * New stable release. (No changes since 2.39.90)
+
+2.39.90
+=======
+ * tls/gnutls: Avoid trying to update a destroyed GSource (#723774,
+ Philip Withnall)
+
+ * tls/tests: Fix another flaky test (#722336)
+
+ * tests: use the TAP driver
+
+ * Updated translations:
+ Chinese, Czech
+
+2.39.3
+======
+ * tls/tests: Fix one sporadic bug in the connection test (#720081)
+ and make it properly fail rather than hanging forever when another
+ sporadic bug happens (which I don't actually know the cause of)
+ (#719727)
+
+ * tls/gnutls: Fix for -Werror=format-nonliteral (#720081, Ryan
+ Lortie)
+
+2.39.1
+======
+ * tls/gnutls: Use g_tls_interaction_invoke_request_certificate()
+ when processing a certificate request. (#637257, Stef Walter)
+
+ * tls/gnutls: Handle G_IO_ERROR_TIMED_OUT on a GTlsConnection
+ correctly rather than reporting "The specified session has
+ been invalidated for some reason". (#710700, Aleix Concillo
+ Flaque)
+
+ * tls/tests: Fix to previous installed-tests fix, which resulted
+ in some files getting installed even when installed tests weren't
+ enabled. (#710197)
+
+ * tls/tests: add a test for a fix made in glib (#710691, Aleix
+ Conchillo Flaque).
+
+2.38.1
+======
+ * glibpacrunner: Don't crash if there is an internal libproxy error.
+ (rhbz #866927)
+
+ * tls/tests: Fix installed tests to not accidentally depend on
+ having the source tree still exist. (#709628)
+
+ * Updated translations:
+ Tajik
+
2.38.0
======
* New stable release. (No changes since 2.37.5)