+2.72.alpha - January 6, 2022
+============================
+
+ - OpenSSL: fix unsafe error handling (!187, Patrick Griffis)
+ - Correctly load libsoup DLL on Windows (!190, Chun-wei Fan)
+ - OpenSSL: use system trust on Windows (!192, Francesco Conti)
+ - GnuTLS: fix TLS 1.3 ciphersuite names, should use underscores (!194)
+ - OpenSSL: fail when appropriate if Must-Staple extension is set (!197)
+ - Improve failure of tls-unique channel binding requests (!198, Ruslan Marchenko)
+ - Do not fill SNI extension with IP address (!200, Matteo Biggio)
+
+2.70.1 - December 6, 2021
+=========================
+
+ - Fix crashes when handshake is cancelled (#97, #176)
+ - OpenSSL: fix spurious certificate expired verification errors (#179)
+ - GnuTLS: Fix tests on 32-bit systems (!188, Simon McVittie)
+ - GnuTLS: Fix crash when invalid priority string is forced (!189)
+
+2.70.0 - September 16, 2021
+===========================
+
+ - Updated translations
+
+2.70.rc - September 3, 2021
+===========================
+
+ - gnutls: revert AuthorityInformationAccess implementation for now (#160)
+ - gnutls: fix use of non-default GTlsDatabases, Geary crash on startup (#169)
+ - openssl: remove openssl-util (!181)
+ - gnutls: fix leak in g_tls_certificate_gnutls_copy (!182, Patrick Griffis)
+ - gnutls: Unbreak GTLS_GNUTLS_CHECK_VERSION (!185)
+
+2.70.beta - August 12, 2021
+===========================
+
+ - gnutls: Ensure that PKCS #11 pins are NUL terminated (!178, Patrick Griffis)
+ - openssl: Restore OCSP support (!179, !180, Patrick Griffis)
+
+2.70.alpha - July 2, 2021
+=========================
+
+- Fix TLS channel bindings tests (#164)
+- Require OpenSSL 1.0.2 (#166)
+- Fix threadsafety issue in certificate verification (!148)
+- dlopen libsoup for performing HTTP requests (!149, Patrick Griffis)
+- Implement new get_negotiated_protocol vfunc (!150)
+- Implement new protocol version and ciphersuite name accessors (!151)
+- OpenSSL: use system keychain on macOS (!154)
+- OpenSSL: add DTLS support, plus many related improvements (!155, Ole André Vadla Ravnås)
+- Implement new GTlsCertificate details APIs (!156, !165, Ross Wollman)
+- GnuTLS: improve error handling for PIN failures (!158, Patrick Griffis)
+- GnuTLS: expose PIN type on PIN requests (!159, Patrick Griffis)
+- GnuTLS: check cancellable in pull timeout callback (!160)
+- Add support for Android (!162, Ole André Vadla Ravnås)
+- Improve automation of test certificate creation (!167, !168, !169, Patrick Griffis)
+- GnuTLS: use GnuTLS to implement all channel bindings (!172)
+- GnuTLS: rework certificate verification to use TLS session (!173)
+- GnuTLS: improve peer identity verification (!176)
+- Bring back automatic downloading of missing intermediate certificates (not fixed, may go away again)
+
+2.68.1 - April 22, 2021
+=======================
+
+ - Fix threadsafety issue in certificate verification (!148)
+ - Temporarily remove support for downloading missing intermediate certificates with GnuTLS 3.7 (#160)
+
+2.68.0 - March 19, 2021
+=======================
+
+ - Fix double free in GnuTLS client certificate request code (!147)
+
+2.68.rc - March 12, 2021
+========================
+
+ - Improve heuristic for returning G_TLS_ERROR_CERTIFICATE_REQUIRED
+ - Fix check for certain handshake failure conditions
+
+2.68.alpha - January 7, 2021
+============================
+
+ - Download and validate missing intermediate certificates (requires GnuTLS 3.7) (#96)
+ - OpenSSL backend now uses system crypto policy (#106)
+ - Remove use of g_assert in testsuite (#137)
+ - Restore support for old versions of OpenSSL (#156)
+ - Implement TLS channel bindings API (!139, Ruslan Marchenko)
+ - Implement PKCS#11 API (!140, Patrick Griffis)
+ - Update testsuite for Fedora 33 crypto policy (!141)
+ - Fix NULL dereference in g_tls_connection_base_read_message (!144, Vladimir D. Seleznev)
+ - Fix a couple code issues found by Coverity
+
+2.66.0 - September 11, 2020
+===========================
+
+- Updated translations
+
+2.65.90 - August 6, 2020
+========================
+
+ - Many fixes to OpenSSL backend (!128, Ruslan Marchenko)
+
+2.65.1 - July 2, 2020
+=====================
+
+ - Fix peer-certificate[-errors] props set too soon (#127)
+ - Implement ALPN for OpenSSL backend (!126, Ruslan Marchenko)
+ - Fix Windows build (!127, Cun-wei Fan)
+
+2.64.3 - May 28, 2020
+=====================
+
+- Revert warning when server-identity property is unset (#130)
+- Fix CVE-2020-13645, fail connections when server identity is unset (#135)
+
+2.64.2 - April 14, 2020
+=======================
+
+- Reenable TLS 1.0/1.1 protocols due to COVID-19.
+- Fix build warning on Windows.
+
+2.64.1 - March 27, 2020
+=======================
+
+- Warn when server-identity property is missing (#130)
+- Fix crashes in debug logs (#131)
+- Fix write loop in OpenSSL backend (!117)
+
+2.64.0 - March 6, 2020
+======================
+
+- Fix OpenSSL backend on RHEL 6 (!116)
+
+2.63.92 - February 27, 2020
+===========================
+
+- Revert fix for #127, which broke libsoup (#129)
+
+2.63.91 - February 14, 2020
+===========================
+
+- Fix peer-certificate properties changing too soon (#127)
+- GnuTLS backend: reduce session resumption cache lifetime (!113)
+- GnuTLS backend: restore TLS 1.2 support for copy session state (!114)
+
+2.63.90 - February 1, 2020
+==========================
+
+- Remove PKCS#11 support, deferred until next cycle (#104)
+- Remove OpenSSL backend's OCSP support (#124)
+
+2.63.3 - January 3, 2019
+========================
+
+- Fix OpenSSL backend regressions and reenable OpenSSL testsuite (#54)
+- Temporarily disable cancellation of sync handshakes (#97)
+- Disable flaky test (#104) and resolve testsuite flakiness (#105)
+- Fix leak of base iostream (or base datagram socket), 2.62 regression
+- Fix duplicate notifies of peer-certificate and peer-certificate-errors
+- Fix regression where GnuTLS connection init could theoretically fail without error
+- Fix obscure corner case where SNI might not work
+- Fix various build warnings on Windows
+- Fix multiple build failures on Windows (Chun-wei Fan)
+- Fix installed tests (Iain Lane)
+
+2.63.2 - November 22, 2019
+==========================
+
+- Fix crash when handshake context is reset too late (#97)
+- Require GnuTLS 3.6.5 (#100)
+- Build mock PKCS #11 module only for GnuTLS backend (#101)
+- Rework session resumption support for TLS 1.3 (!69)
+- Run GnuTLS tests under TLS 1.2 in addition to TLS 1.3 (!69)
+- Support OpenSSL 1.0.1 (!81)
+- Drop rehandshake mode and protocol version fallback support (!83)
+- Add logging functions (!89, MARTINSONS Frederic)
+- Fix PKCS #11 tests with TLS 1.2 (!91, Patrick Griffis)
+- Add more debug logging for PKCS #11 (!92, Patrick Griffis)
+- Fix leak in GTlsCertificateGnutls finalizer (!93, Patrick Griffis)
+
+2.63.1 - October 11, 2019
+=========================
+
+- Add support for new PKCS#11 APIs to facilitate use with smartcards (Patrick Griffis)
+- Disable TLS 1.0 and TLS 1.1 when using GnuTLS
+- Fix threadsafety issue (#95)
+
+2.62.1 - October 4, 2019
+========================
+
+- Fix two memory leaks (!71, !72, Claudio Saavedra)
+
+2.62.0 - September 7, 2019
+==========================
+
+- Revert broken queued data fix for #15
+
+2.61.92 - September 2, 2019
+===========================
+
+- Discard queued data after interrupted writes (#15)
+- Verify socket timeouts are respected (#18)
+- Fix a couple broken error messages
+
+2.61.90 - August 5, 2019
+========================
+
+- Fix translations of certain error messages
+
+2.61.2 - July 22, 2019
+======================
+
+- Improve certain handshake error messages (#13)
+- Fix regressions introduced in 2.61.1 (#91, #92)
+
+2.61.1 - June 9, 2019
+=====================
+
+This release contains a major refactoring of the TLS codebase. The GnuTLS
+backend now shares the same base classes as the OpenSSL backend, to avoid
+duplicating as much code as possible. The base classes, previously used only by
+the OpenSSL backend and originally forked from glib-networking several years
+ago, have been enhanced to achieve feature-parity with the current state of the
+GnuTLS backend.
+
+Please note that the OpenSSL backend remains experimental. Further planned work
+is required before this backend will be production-ready.
+
+2.60.3 - June 9, 2019
+=====================
+
+- Fix clobbering of the thread-default main context after certificate
+ verification failure during async handshakes since 2.60.1 (#85)
+- Fix GTlsDatabase initialization failures in OpenSSL backend due to
+ uninitialized memory use
+- Fix minor leak of ALPN protocols
+
+2.60.2 - May 2, 2019
+====================
+
+- OpenSSL backend now defaults to system trust store (#62)
+- Fix client auth failure error with GnuTLS 3.6.7 (#70)
+
+2.60.1 - April 1, 2019
+======================
+
+- Improve reliability of client auth failure tests (#66)
+- Fix excessive CPU usage after sync handshake (#69)
+
+2.60.0.1 - March 12, 2019
+=========================
+
+- Fix build with OpenSSL pkg-config unavailable (Nirbheek Chauhan)
+
+2.60.0 - March 11, 2019
+=======================
+
+This is the first stable release featuring the new OpenSSL backend. Please be
+advised that this new backend is still experimental and known to not work on
+some systems, including Debian. Linux distributions are encouraged to stick to
+the default build options, where OpenSSL is not yet enabled.
+
+- Fix build with GnuTLS disabled (Nirbheek Chauhan)
+- Fix build on Windows (Chun-Wei Fan)
+
+2.59.92 - March 4, 2019
+=======================
+
+- Many OpenSSL backend fixes for Windows (Nirbheek Chauhan)
+- GnuTLS: reject sync operations during handshake to avoid deadlocks (#46)
+- Temporarily disable DTLS and OpenSSL tests due to #49 and #54
+
+2.59.91 - February 18, 2019
+===========================
+
+- Update OpenSSL SSL struct when certificate is changed (#55, Fredrik Ternerot)
+- Fix tests build when GnuTLS is disabled (#59)
+- Remove Fedora-specific PROFILE=SYSTEM default cipher list (#61)
+- Fix some problems with the connection tests (Fredrik Ternerot)
+
+2.59.90 - February 4, 2019
+==========================
+
+This release adds an OpenSSL backend, obsoleting the glib-openssl project.
+Credit to all the contributors to the glib-openssl project, especially
+Ignacio Casal Quinteiro. Also thanks to Xavier Claessens for helping with the
+transition.
+
+The OpenSSL backend seems to be mature, though it is less well-tested for
+desktop usage than the GnuTLS backend. It will remain disabled by default at
+build time due to the GPL-incompatible nature of the OpenSSL license -- and the
+GPLv2-incompatible nature of the Apache license that will be used by future
+versions of OpenSSL -- and because the GnuTLS backend is sufficient for Linux
+distros.
+
+Use the OpenSSL backend if you are building an embedded system where
+(GPLv2+ or LGPLv3+) dependencies are unacceptable (e.g. nettle or GMP, both
+dependencies of GnuTLS) and you are OK with the GPL-incompatible OpenSSL
+license. If the OpenSSL backend is enabled at build time, you should probably
+disable build of the GnuTLS backend, or it will take precedence over the OpenSSL
+backend at runtime. For example, you could configure with:
+
+$ mkdir build && cd build
+$ meson -Dgnutls=disabled -Dopenssl=enabled ..
+
+2.59.2 - January 7, 2019
+========================
+
+ - Add support for application layer protocol negotiation (#47, Scott Hutton)
+
+2.59.1 - November 11, 2018
+==========================
+
+This release removes the gnutls-pkcs11 backend, which was disabled in 2.57.2,
+due to lack of any feedback whatsoever regarding its disablement. If you think
+it is still useful to you, given that the normal gnutls backend now supports
+PKCS#11, speak up now.
+
+This release also includes several changes to properly support TLS 1.3.
+
+Other changes:
+
+ - Perform certificate verification during, not after, TLS handshake
+ - Dramatically improve the reliability of the non-DTLS tests. (DTLS is still having problems.)
+ - Regenerate test certificates to prepare for OpenSSL support
+ - Several meson build system improvements to prepare for OpenSSL support
+
+2.58.0 - September 2, 2018
+==========================
+
+ - Updated translations
+
+2.57.92 - August 27, 2018
+=========================
+
+ - Revert fixes for #4 and #6 due to regression (#43)
+ - Fix installed tests (Sébastien Bacher, !7)
+
+2.57.90 - August 12, 2018
+=========================
+
+ - Properly check for server errors in connection tests (#4)
+ - Perform certificate verification during, not after, TLS handshake (#6)
+ - Avoid trailing dots in SNI hostnames (#11)
+ - Send fallback SCSV with fallback connection attempts
+ - Fail unsafe rehandshake attempts initiated by API request
+
+2.57.3 - July 16, 2018
+======================
+
+- Fix memory leaks when calling g_tls_connection_gnutls_get_certificate()
+- Use .so for modules on macOS instead of dylib (Nirbheek Chauhan)
+- Fix build with MSVCC (Nirbheek Chauhan)
+
+2.57.2 - May 21, 2018
+=====================
+
+This release disables build of the gnutls-pkcs11 backend by default. Please
+direct any complaints to https://gitlab.gnome.org/GNOME/glib-networking/issues/7
+
+- Several meson build system improvements
+ (#794978, #795043, and #795982, Xavier Claessens and Nirbheek Chauhan)
+
+2.57.1 - April 16, 2018
+=======================
+
+- Use GnuTLS system trust and remove build option to specify cert bundle (#753260)
+- Fix criticals when child streams outlast the parent GTlsConnection (#792219)
+- Fix crash when setting client cert without private key (#793712)
+- Update tests for compatibility with GnuTLS 3.6.2 (#794286)
+- Never install GIO modules outside build prefix (#794358)
+- Don't install test files if installed tests are disabled (#794372)
+- Fix build with -Dpkcs11=false (#794292, Tom Schoonjans)
+- Allow building as meson subproject (#794709, Mathieu Duponchelle)
+
+- g_tls_certificate_verify() no longer manually verifies certificate
+ activation/expiration time, matching the current behavior of
+ g_tls_database_verify_chain().
+
+2.56.0 - March 20, 2018
+=======================
+
+- Updated translations
+
+2.55.90 - February 12, 2018
+===========================
+
+- Fix unit tests when SSLv3 is unavailable (#782853)
+- Allow static linking (#791100, Xavier Claessens)
+- Fix issues found by coverity (#792402, Philip Withnall)
+- Remove TLS build option; it is now mandatory
+- Try to ensure that GnuTLS is only initialized if TLS is actually used
+- Update use of GObject to follow current best practices
+- Use XDG_CURRENT_DESKTOP to determine which proxy module to load
+
+2.55.2 - December 13, 2017
+==========================
+
+ * Fix glib-pacrunner.service installation directory
+ [#790367, Michael Catanzaro]
+
+ * Updated translations: Hebrew, Indonesian, Spanish
+
+2.55.1 - November 13, 2017
+==========================
+
+ * Implement DTLS support [#697908, Philip Withnall and Olivier Crête]
+
+ * Fix using different client certs for different connections
+ [#781578, Martin Pitt]
+
+ * Port to Meson build system [#786639, Iñigo Martínez]
+
+ * Updated translations: Catalan (Valencian), Croatian, Czech, German,
+ Greek, Norwegian bokmål, Persian, Slovenian
+
+2.54.0
+======
+ * New/updated translations: Basque, Belarusian, Brazilian
+ Portuguese, Bulgarian, Catalan, Chinese (Taiwan), Danish, Danish,
+ Dutch, French, Galician, Hungarian, Italian, Korean, Latvian,
+ Lithuanian, Malayalam, Nepali, Polish, Serbian, Slovak, Swedish,
+ Turkish
+
+2.53.90
+=======
+ * gnutls: Stop using %LATEST_RECORD_VERSION in priority string,
+ since that gives better compatibility with current gnutls /
+ current real world. [#782218, Michael Catanzaro]
+
+ * gnutls: Provide a better error message when a TLS alert is
+ received. [#782218, Michael Catanzaro]
+
+ * New/updated translations: Croatian, Czech, Esperanto, Friulian,
+ German, Indonesian, Italian, Kazakh, Slovenian, Spanish
+
+2.50.0
+======
+ * New stable release.
+
+ * Updated translations: British English, Polish
+
+2.49.90
+=======
+ * Ported to use upstream gettext rather than intltool/glib-gettext
+ [#768708, Javier Jardón]
+
+ * Updated po files for future gettext versions [Piotr Drąg]
+
+ * Fixed translation lookup on Windows [#765466, Chun-wei Fan]
+
+ * Updated translations: Occitan
+
+2.48.2
+======
+ * gnutls: Fixed an infinite loop if a server sent two identical
+ copies of its CA certificate [#765317, Carlos Garcia Campos]
+
+ * New/updated translations: Occitan, Scottish Gaelic
+
+2.48.1
+======
+ * Fixed translations in non-UTF-8 domains [#765466, Ting-Wei Lan]
+
+ * Fixed bash-ism in configure [#765396, Patrick Welche]
+
+ * Updated translations: Friulian
+
+2.48.0
+======
+ * New stable release. (No changes since 2.47.90)
+
+2.47.90
+=======
+ * gnutls: The non-PKCS#11 TLS plugin now uses gnutls's certificate
+ validation code directly, rather than attempting to build a
+ certificate chain itself first. [#753260 and others, Dan Winship]
+
+ * gnutls: Fixed a leak when closing a connection during an implicit
+ handshake [#736809, Philip Withnall]
+
+ * gnutls: Fixed "make check" without PKCS#11 support [#728977,
+ Gilles Dartiguelongue]
+
+ * gnutls: Various changes in preparation for DTLS support (but not
+ the actual DTLS support itself) [#697908, #735754, Philip
+ Withnall, Olivier Crête]
+
+ * Updated translations: Occitan
+
+2.47.1
+======
+ * Fixed a certificate chain validation problem that affected
+ Facebook in Epiphany. [#750457, Carlos Garcia Campos]
+
+ * Added a systemd service file for glib-pacrunner [#755740, Simon
+ McVittie]
+
+2.46.0
+======
+ * Various minor cleanups and small memory leak fixes
+
+ * Added a new test case for client certificate chain handling
+ [#754129, Michael Catanzaro]
+
+ * New/updated translations:
+ Japanese, Occitan, Portuguese
+
+2.45.1
+======
+ * tls/gnutls: Implement g_tls_client_connection_copy_session_state(),
+ to allow implementing FTP-over-TLS in gvfs. (#745255, Ross
+ Lagerwall)
+
+2.44.0
+======
+ * New stable release. (No changes since 2.43.92)
+
+2.43.92
+=======
+ * Fix TLS session caching when using session tickets (#745099, Ross
+ Lagerwall)
+
+ * Updated translations:
+ Bosnian
+
+2.43.91
+=======
+ * tls/gnutls: Removed a workaround for connecting to servers with
+ weak DH parameters, which was apparently only needed because
+ gnutls was prioritizing DHE over RSA. (Michael Catanzaro)
+ (https://bugzilla.redhat.com/show_bug.cgi?id=1177964#c8)
+
+ * tls/gnutls: We now require gnutls 3.x again. (In fact, 2.42.1
+ and 2.43.1 accidentally used a 3.x-only function, so we already
+ required it, we were just failing to declare that fact.)
+
+ * tls/tests: Skip certain tests when running against old gnutls or
+ GLib releases. (glib-networking 2.43.91 itself does not require
+ GLib 2.43, but one of the test cases does.)
+
+ * Updated translations:
+ Friulian
+
+2.43.1
+======
+
+ * The GTlsClientConnection "use-ssl3" property now falls back to TLS
+ 1.0 if SSL 3.0 has been disabled, rather than just failing. Also,
+ we now use the gnutls %LATEST_RECORD_VERSION option by default (to
+ allow connecting to certain servers that were incorrectly patched
+ for the POODLE attack), but also make sure to remove that option
+ in the fallback ("use-ssl3") mode (to allow connecting to other
+ servers that are differently broken). (#738633, #740087, Dan
+ Winship)
+
+ * tls/gnutls: Miscellaneous warning, debugging, and leak fixes
+ (#736757, #736809, #737106, Philip Withnall)
+
+ * New/updated translations:
+ Kazakh
+
+2.42.0
+======
+ * New stable release. (No changes since 2.41.92)
+
+2.41.92
+=======
+ * tls/gnutls: Incorrectly-ordered certificate chains are now
+ accepted (#683266, Michael Catanzaro)
+
+ * tls/gnutls: Closing an already-closed GTlsConnection now correctly
+ returns TRUE rather than G_IO_ERROR_CLOSED (#735754, Olivier
+ Crête)
+
+2.41.4
+======
+ * tls/gnutls: certificates with IP address subject altnames are now
+ supported (#726596, Aleix Conchillo Flaqué)
+
+ * tls/tests: added a script to re-generate the certificates, and
+ regenerated them (since the key for the existing CA certificate
+ had been lost, so it wasn't possible to add new test certificates,
+ eg, for IP SAN). (#733365, Aleix Conchillo Flaqué)
+
+ * Updated translations:
+ Greek
+
+2.41.3
+======
+ * tls/gnutls: g_tls_backend_get_default_database() should never
+ return %NULL; if glib-networking was built without a
+ ca-certificates file, then the default GTlsDatabase should just be
+ empty. (#727282, Olivier Crête)
+
+ * tls/gnutls: If a server's certificate includes an issuer chain, we
+ now send the entire chain to the client. (#724708, Aleix Conchillo
+ Flaqué)
+
+ * Updated translations:
+ Swedish
+
+2.40.0
+======
+ * New stable release. (No changes since 2.39.90)
+
+2.39.90
+=======
+ * tls/gnutls: Avoid trying to update a destroyed GSource (#723774,
+ Philip Withnall)
+
+ * tls/tests: Fix another flaky test (#722336)
+
+ * tests: use the TAP driver
+
+ * Updated translations:
+ Chinese, Czech
+
+2.39.3
+======
+ * tls/tests: Fix one sporadic bug in the connection test (#720081)
+ and make it properly fail rather than hanging forever when another
+ sporadic bug happens (which I don't actually know the cause of)
+ (#719727)
+
+ * tls/gnutls: Fix for -Werror=format-nonliteral (#720081, Ryan
+ Lortie)
+
+2.39.1
+======
+ * tls/gnutls: Use g_tls_interaction_invoke_request_certificate()
+ when processing a certificate request. (#637257, Stef Walter)
+
+ * tls/gnutls: Handle G_IO_ERROR_TIMED_OUT on a GTlsConnection
+ correctly rather than reporting "The specified session has
+ been invalidated for some reason". (#710700, Aleix Concillo
+ Flaque)
+
+ * tls/tests: Fix to previous installed-tests fix, which resulted
+ in some files getting installed even when installed tests weren't
+ enabled. (#710197)
+
+ * tls/tests: add a test for a fix made in glib (#710691, Aleix
+ Conchillo Flaque).
+
+2.38.1
+======
+ * glibpacrunner: Don't crash if there is an internal libproxy error.
+ (rhbz #866927)
+
+ * tls/tests: Fix installed tests to not accidentally depend on
+ having the source tree still exist. (#709628)
+
+ * Updated translations:
+ Tajik
+
+2.38.0
+======
+ * New stable release. (No changes since 2.37.5)
+
+2.37.5
+======
+ * gnutls: minimum version is now 2.12.8 (with 3.x preferred...)
+
+ * glib-networking now supports the --enable-installed-tests flag, to
+ install its test programs to run at other times (ie, after
+ updating glib)
+
+2.37.4
+======
+ * proxy/gnome: further improve GNOME session detection (#701377)
+
+ * gnutls: don't crash if $G_TLS_GNUTS_PRIORITY is invalid (#701693)
+
+2.37.2
+======
+ * proxy/gnome: Improve session-type detection to include
+ gnome-classic and anything else starting with "gnome" (#700607,
+ Giovanni Campagna)
+
+ * proxy/libproxy: make SOCKS work when using the async API (#699359,
+ Dan)
+
+ * proxy/tests: make the libproxy test program use the just-built
+ plugin rather than the installed one. Oops (#700286, Iain Lane)
+
+ * proxy/tests: fix to not error out if neither proxy module is built
+ (#700628, Dan)
+
+ * tls/tests: fix a sporadic crash (Dan)
+
+2.37.1
+======
+ * gnutls: Fixed a bug that could cause hangs and/or bursts of CPU
+ usage in some cases. (#696881, Olivier Crête)
+
+ * gnutls: Fixed CFLAGS when building with gnutls in a different
+ prefix. (#696519, Emmanuel Pacaud)
+
+ * gnutls: Fixed a hang while rehandshaking with gnutls 3.x (#695062,
+ Dan)
+
+ * gnutls: Fixed a handshaking crash in multithreaded use (#697754,
+ Olivier Crête)
+
+ * proxy/gnome: Fix "automatic" mode, which was mistakenly being
+ treated as "none" (Dan)
+
+ * proxy/gnome: Use this in Unity sessions as well as GNOME ones.
+ (#698936, Iain Lane)
+
+ * New/Updated translations:
+ Friulian, Indonesian, Turkish
+
+2.36.0
+=======
+ * New/Updated translations:
+ Assamese, Basque, Belarusian, Catalan (Valencian), Catalan,
+ Danish, Finnish, Hindi, Korean, Latvian, Persian, Portuguese,
+ Russian, Slovak, Tadjik, Thai
+
+2.35.9
+======
+ * Fixed one kind of handshake failure to return the correct error
+ code under gnutls 3.x (allowing libsoup to recognize the error and
+ do fallback to SSL 3.0). (#694812)
+
+ * Updated translations:
+ Chinese (traditional), French, German, Punjabi, Uyghur,
+ Vietnamese
+
+2.35.8
+======
+ * proxy/gnome: ported to new GSimpleProxyResolver, and added more
+ tests
+
+ * gnutls: Fixed a small per-connection leak (#693718)
+
+ * tls/tests: Fixed several race conditions that caused spurious
+ failures. (#693720)
+
+ * Updated translations:
+ Malayalam
+
+2.35.6
+======
+ * proxy/gnome: Fixed several bugs:
+
+ * Multithreaded usage could result in crashes
+
+ * In "automatic" mode, synchronous lookups would obey
+ ignore-hosts, but asynchronous lookups would not. (Now they
+ both do.)
+
+ * lookup_async() would never notice if the proxy settings
+ switched from "automatic" to "manual" or "none" (and would
+ make a synchronous D-Bus call when switching in the other
+ direction).
+
+ * If given an invalid URI, lookup_async() would return a
+ successful result (and leak the GError that it was supposed
+ to have returned), and lookup() would return both the error
+ and the proxy (leaking one or the other, depending on how
+ the caller behaved).
+
+ * Updated translations:
+ Italian, Malayalam, Norwegian bokmål, Serbian, Uyghur
+
+2.35.4
+======
+ * proxy/gnome: The tests should now work correctly even if
+ run from a non-GNOME environment. (Robert Ancell)
+
+ * Updated translations:
+ Brazilian Portuguese, Bulgarian, Estonian, Galician, Greek,
+ Hungarian, Slovenian
+
+2.35.3
+======
+ * build: The TLS tests are now not built if you are building without
+ gnutls support. (Saleem Abdulrasool)
+
+ * gnutls: Several handshaking fixes:
+
+ * Fix a hang when doing a synchronous close() immediately
+ after cancelling an asynchronous handshake() (which would
+ happen in libsoup if you cancelled a message at the right
+ time). (#688751, Dan)
+
+ * Avoid an assertion when an implicit handshake fails
+ (#689274, Stef)
+
+ * Fixed GTlsServerConnection:authentication-mode to work
+ again, and added a regression test for this. (#689259, Stef)
+
+ * Return the appropriate error
+ (G_TLS_ERROR_CERTIFICATE_REQUIRED) when a handshake fails
+ because the server required a certificate but none was
+ provided, and added a test for this. (#689260, Stef)
+
+ * Make g_io_stream_close() finish successfully after a failed
+ handshake (#689260, Stef)
+
+ * Make g_io_stream_close() finish successfully before a
+ handshake (#689271, Stef)
+
+ * gnutls: Updated to be aware of G_IO_ERROR_BROKEN_PIPE in glib
+ 2.35.3, which needs to be converted to G_TLS_ERROR_NOT_TLS in some
+ cases. (Previously this error showed up as just G_IO_ERROR_FAILED.)
+ (Dan)
+
+ * proxy/gnome: This is now only used in GNOME login sessions (as,
+ essentially, a more efficient version of the libproxy GNOME
+ backend); in non-GNOME sessions, gio will now fall back to the
+ libproxy plugin, allowing environment variables or other libproxy
+ settings backends to be used.
+
+ * New/Updated translations:
+ Czech, Hebrew, Lithuanian, Polish, Slovak, Spanish
+
+2.35.1
+======
+ * Update for glib 2.35.1; remove g_type_init() calls and port to
+ GTask.
+
+ * Updated translations:
+ Estonian
+
+2.34.0
+======
+ * Updated translations:
+ Arabic, Bulgarian, Catalan (Valencian), Catalan, Chinese
+ (Simplified), Hindi, Japanese, Thai
+
+2.33.14
+=======
+ * Updated translations:
+ Brazilian Portuguese, British English, Czech, Danish, Finnish,
+ French, German, Korean, Punjabi
+
+2.33.12
+=======
+ * gnutls: Revert the addition of the certificate-bytes and
+ private-key-bytes properties to GTlsCertificateGnutls, since they
+ were reverted in glib. (#682081, Stef)
+
+ * Updated translations:
+ Belarusian, Hungarian, Indonesian, Italian, Latvian, Polish,
+ Polish, Vietnamese
+
+2.33.10
+=======
+ * gnutls: Improved the certificate verifying code to deal with the
+ case of a CA being reissued with the same key but a different
+ signature algorithm. (#681299, Stef)
+
+ * gnutls: Fixed an uninitialized variable in
+ g_tls_connection_gnutls_close(). (#681636)
+
+ * Updated translations:
+ Assamese, Portuguese, Telugu
+
+2.33.8
+======
+ * gnutls: If a GTlsConnection gets an error when handshaking, it
+ will now continue to return that error message on future I/O
+ attempts, rather than behaving in an undefined manner.
+
+ * gnutls: You can now read from a GTlsConnection's input stream and
+ write to its output stream at the same time (either in different
+ threads, or asynchronously in a single thread). (#660252)
+
+ * Updated translations:
+ Chinese (traditional), Galician, Greek, Hebrew, Lithuanian,
+ Norwegian bokmål, Russian, Serbian, Slovenian, Spanish
+
+2.33.3
+======
+ * Updated autogen.sh (in particular to support automake 1.12)
+ (#675261)
+
+ * gnutls: fix the use-system-certdb property on GTlsConnectionGnutls
+ (previously, setting it to FALSE was a no-op).
+
+ * Updated translations:
+ Dutch, Greek, Indonesian
+
+2.33.2
+======
+ * gnutls: simplify using new glib pollable stream methods
+
+ * proxy/gnome: fix a bug that made it impossible to use SOCKS
+ without also having a separate http proxy.
+
+2.32.1
+======
+ * gnutls: added /etc/ssl/ca-bundle.pem to the list of files to check
+ for to use as the default CA list. (This is what openSUSE uses.)
+ (#673944, Federico Mena Quintero)
+
+ * Updated translations:
+ Catalan (Valencian), Marathi, Odia, Persian
+
+2.32.0
+======
+ * New/updated translations:
+ Hindi, Japanese, Khmer, Latvian, Malayalam
+
+2.31.22
+=======
+ * Updated translations:
+ British English, Catalan, Finnish, Lithuanian, Portuguese,
+ Telugu
+
+2.31.20
+=======
+ * gnutls: Fixed a linking problem on some platforms when PKCS#11 is
+ enabled. (#670956, Kalev Lember)
+
+ * Updated translations:
+ Assamese, Basque, Belarusian, Brazilian Portuguese, Danish,
+ Estonian, French, German, Hungarian, Italian, Korean, Polish,
+ Russian, Serbian
+
+2.31.16
+=======
+ * gnutls: Fixed a TLS handshaking bug that in particular caused lots
+ of crashes in epiphany. (#658771)
+
+ * tls/tests: Fixed a bug in the pkcs11-pin test that could cause it
+ to spuriously fail
+
+ * Updated translations:
+ Bulgarian, Chinese (traditional), Czech, Japanese,
+ Norwegian bokmål, Turkish, Vietnamese
+
+2.31.6
+======
+ * gnutls
+ * Support gnutls built against nettle instead of gcrypt
+ (#657306)
+
+ * Implement TLS session caching for GTlsServerConnection
+ (#636574)
+
+ * tls/tests: Explicitly request the memory GSettings backend, to
+ avoid warnings in partial jhbuild environments
+
+ * proxy/gnome: Update to use GInetAddressMask
+
+ * Updated translations:
+ Chinese (simplified), Hebrew, Norwegian bokmål, Slovenian,
+ Swedish, Ukranian
+
+2.31.2
+======
+ * gnutls
+ * Added gnutls-pkcs11 backend, which uses gnutls 2.12.8 and
+ p11-kit (a new optional dependency) to provide access to
+ PKCS#11 tokens. At the moment, this is only enabled if you
+ set GIO_USE_TLS=gnutls-pkcs11 in the environment. (Stef,
+ #656361)
+
+ * GTlsCertificateGnutls can now read unencrypted PKCS#8 keys
+ (which show "BEGIN PRIVATE KEY" in PEM form) in addition to
+ the previously-supported PKCS#1 keys ("BEGIN RSA PRIVATE
+ KEY").
+
+ * Updated translations:
+ Galician, German, Lithuanian, Norwegian bokmål, Spanish,
+ Turkish
+
+2.31.0
+======
+ * gnutls
+ * Bumped required GNUTLS version to 2.11.0 and updated
+ code for that (Stef, #656903)
+
+ * Fixed a crash when passing a NULL GCancellable to
+ g_tls_connection_close_async() (Dan, #659786) or a NULL
+ GError to g_tls_file_database_new().
+
+ * Fixed handling of self-signed CA certificates in
+ GTlsDatabaseGnutls (Dan, #660508)
+
+ * Added another G_TLS_ERROR_NOT_TLS (aka "dumb server, try
+ falling back from TLS to SSLv3") case, when the handshake
+ completes but then packets after that don't decrypt
+ correctly. (Dan, #662104)
+
+ * Made sure that GTlsConnection:peer-certificate and
+ :peer-certificate-errors get set even when the peer
+ certificate is rejected. (Dan)
+
+ * proxy/gnome
+ * Fixed ignore_hosts handling (Dan, #655581)
+
+ * Fixed configure check so that "--without-gnome-proxy" works.
+ (Alexandre Rostovtsev, #662203)
+
+ * Fixed tests to only build the gnome proxy test if we're
+ building the gnome proxy. (Kalev Lember, #662085)
+
+ * New translations:
+ Telugu
+
+2.30.0
+======
+ * Updated translation:
+ Thai
+
+2.29.92
+=======
+ * New/updated translations:
+ Belarusian, Tamil, Japanese
+
+ * gnutls: Fixed a problem when linking against GNUTLS 3.0, where
+ connections would sometimes return the error "The TLS connection
+ was non-properly terminated". (Dan Winship, #659233)
+
+ * gnutls: Plugged a few memory leaks (Dan Winship)
+
+2.29.18
+=======
+ * gnutls: fixed two rehandshaking bugs; one in which a client
+ would erroneously report an error after successfully rehandshaking
+ (Igor Makarov, #653645), and one where initiating an asynchronous
+ rehandshake on the server side would send illegal packets and
+ cause the client to disconnect (Dan Winship).
+
+ * gnutls: made GTlsDatabaseGnutls and GTlsFileDatabaseGnutls
+ properly cancellable (Stef Walter)
+
+ * gnutls: fixed the client-side session cache to not share session
+ IDs between different virtual hosts on the same IP address, which
+ caused problems with some servers. (Dan Winship, #581342)
+
+ * tls: Fixed up the tls test program so it can be run from "make
+ check" (Stef Walter)
+
+ * New translations:
+ Persian
+
2.29.15
=======
* gnutls: implement GTlsDatabase (Stef Walter, #636572)
projects / platform / upstream / glib-networking.git / blobdiff