X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=NEWS;h=a5cb751f20044a8bc0fbe4ab4d6420520d1744f0;hb=refs%2Fheads%2Ftizen;hp=74b15535a352246253612e7011dcd75a94547d09;hpb=42e71d004e58f6a034568c8cd3bc61b91bdeaddf;p=platform%2Fupstream%2Fglib-networking.git diff --git a/NEWS b/NEWS index 74b1553..a5cb751 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,878 @@ +2.72.alpha - January 6, 2022 +============================ + + - OpenSSL: fix unsafe error handling (!187, Patrick Griffis) + - Correctly load libsoup DLL on Windows (!190, Chun-wei Fan) + - OpenSSL: use system trust on Windows (!192, Francesco Conti) + - GnuTLS: fix TLS 1.3 ciphersuite names, should use underscores (!194) + - OpenSSL: fail when appropriate if Must-Staple extension is set (!197) + - Improve failure of tls-unique channel binding requests (!198, Ruslan Marchenko) + - Do not fill SNI extension with IP address (!200, Matteo Biggio) + +2.70.1 - December 6, 2021 +========================= + + - Fix crashes when handshake is cancelled (#97, #176) + - OpenSSL: fix spurious certificate expired verification errors (#179) + - GnuTLS: Fix tests on 32-bit systems (!188, Simon McVittie) + - GnuTLS: Fix crash when invalid priority string is forced (!189) + +2.70.0 - September 16, 2021 +=========================== + + - Updated translations + +2.70.rc - September 3, 2021 +=========================== + + - gnutls: revert AuthorityInformationAccess implementation for now (#160) + - gnutls: fix use of non-default GTlsDatabases, Geary crash on startup (#169) + - openssl: remove openssl-util (!181) + - gnutls: fix leak in g_tls_certificate_gnutls_copy (!182, Patrick Griffis) + - gnutls: Unbreak GTLS_GNUTLS_CHECK_VERSION (!185) + +2.70.beta - August 12, 2021 +=========================== + + - gnutls: Ensure that PKCS #11 pins are NUL terminated (!178, Patrick Griffis) + - openssl: Restore OCSP support (!179, !180, Patrick Griffis) + +2.70.alpha - July 2, 2021 +========================= + +- Fix TLS channel bindings tests (#164) +- Require OpenSSL 1.0.2 (#166) +- Fix threadsafety issue in certificate verification (!148) +- dlopen libsoup for performing HTTP requests (!149, Patrick Griffis) +- Implement new get_negotiated_protocol vfunc (!150) +- Implement new protocol version and ciphersuite name accessors (!151) +- OpenSSL: use system keychain on macOS (!154) +- OpenSSL: add DTLS support, plus many related improvements (!155, Ole André Vadla Ravnås) +- Implement new GTlsCertificate details APIs (!156, !165, Ross Wollman) +- GnuTLS: improve error handling for PIN failures (!158, Patrick Griffis) +- GnuTLS: expose PIN type on PIN requests (!159, Patrick Griffis) +- GnuTLS: check cancellable in pull timeout callback (!160) +- Add support for Android (!162, Ole André Vadla Ravnås) +- Improve automation of test certificate creation (!167, !168, !169, Patrick Griffis) +- GnuTLS: use GnuTLS to implement all channel bindings (!172) +- GnuTLS: rework certificate verification to use TLS session (!173) +- GnuTLS: improve peer identity verification (!176) +- Bring back automatic downloading of missing intermediate certificates (not fixed, may go away again) + +2.68.1 - April 22, 2021 +======================= + + - Fix threadsafety issue in certificate verification (!148) + - Temporarily remove support for downloading missing intermediate certificates with GnuTLS 3.7 (#160) + +2.68.0 - March 19, 2021 +======================= + + - Fix double free in GnuTLS client certificate request code (!147) + +2.68.rc - March 12, 2021 +======================== + + - Improve heuristic for returning G_TLS_ERROR_CERTIFICATE_REQUIRED + - Fix check for certain handshake failure conditions + +2.68.alpha - January 7, 2021 +============================ + + - Download and validate missing intermediate certificates (requires GnuTLS 3.7) (#96) + - OpenSSL backend now uses system crypto policy (#106) + - Remove use of g_assert in testsuite (#137) + - Restore support for old versions of OpenSSL (#156) + - Implement TLS channel bindings API (!139, Ruslan Marchenko) + - Implement PKCS#11 API (!140, Patrick Griffis) + - Update testsuite for Fedora 33 crypto policy (!141) + - Fix NULL dereference in g_tls_connection_base_read_message (!144, Vladimir D. Seleznev) + - Fix a couple code issues found by Coverity + +2.66.0 - September 11, 2020 +=========================== + +- Updated translations + +2.65.90 - August 6, 2020 +======================== + + - Many fixes to OpenSSL backend (!128, Ruslan Marchenko) + +2.65.1 - July 2, 2020 +===================== + + - Fix peer-certificate[-errors] props set too soon (#127) + - Implement ALPN for OpenSSL backend (!126, Ruslan Marchenko) + - Fix Windows build (!127, Cun-wei Fan) + +2.64.3 - May 28, 2020 +===================== + +- Revert warning when server-identity property is unset (#130) +- Fix CVE-2020-13645, fail connections when server identity is unset (#135) + +2.64.2 - April 14, 2020 +======================= + +- Reenable TLS 1.0/1.1 protocols due to COVID-19. +- Fix build warning on Windows. + +2.64.1 - March 27, 2020 +======================= + +- Warn when server-identity property is missing (#130) +- Fix crashes in debug logs (#131) +- Fix write loop in OpenSSL backend (!117) + +2.64.0 - March 6, 2020 +====================== + +- Fix OpenSSL backend on RHEL 6 (!116) + +2.63.92 - February 27, 2020 +=========================== + +- Revert fix for #127, which broke libsoup (#129) + +2.63.91 - February 14, 2020 +=========================== + +- Fix peer-certificate properties changing too soon (#127) +- GnuTLS backend: reduce session resumption cache lifetime (!113) +- GnuTLS backend: restore TLS 1.2 support for copy session state (!114) + +2.63.90 - February 1, 2020 +========================== + +- Remove PKCS#11 support, deferred until next cycle (#104) +- Remove OpenSSL backend's OCSP support (#124) + +2.63.3 - January 3, 2019 +======================== + +- Fix OpenSSL backend regressions and reenable OpenSSL testsuite (#54) +- Temporarily disable cancellation of sync handshakes (#97) +- Disable flaky test (#104) and resolve testsuite flakiness (#105) +- Fix leak of base iostream (or base datagram socket), 2.62 regression +- Fix duplicate notifies of peer-certificate and peer-certificate-errors +- Fix regression where GnuTLS connection init could theoretically fail without error +- Fix obscure corner case where SNI might not work +- Fix various build warnings on Windows +- Fix multiple build failures on Windows (Chun-wei Fan) +- Fix installed tests (Iain Lane) + +2.63.2 - November 22, 2019 +========================== + +- Fix crash when handshake context is reset too late (#97) +- Require GnuTLS 3.6.5 (#100) +- Build mock PKCS #11 module only for GnuTLS backend (#101) +- Rework session resumption support for TLS 1.3 (!69) +- Run GnuTLS tests under TLS 1.2 in addition to TLS 1.3 (!69) +- Support OpenSSL 1.0.1 (!81) +- Drop rehandshake mode and protocol version fallback support (!83) +- Add logging functions (!89, MARTINSONS Frederic) +- Fix PKCS #11 tests with TLS 1.2 (!91, Patrick Griffis) +- Add more debug logging for PKCS #11 (!92, Patrick Griffis) +- Fix leak in GTlsCertificateGnutls finalizer (!93, Patrick Griffis) + +2.63.1 - October 11, 2019 +========================= + +- Add support for new PKCS#11 APIs to facilitate use with smartcards (Patrick Griffis) +- Disable TLS 1.0 and TLS 1.1 when using GnuTLS +- Fix threadsafety issue (#95) + +2.62.1 - October 4, 2019 +======================== + +- Fix two memory leaks (!71, !72, Claudio Saavedra) + +2.62.0 - September 7, 2019 +========================== + +- Revert broken queued data fix for #15 + +2.61.92 - September 2, 2019 +=========================== + +- Discard queued data after interrupted writes (#15) +- Verify socket timeouts are respected (#18) +- Fix a couple broken error messages + +2.61.90 - August 5, 2019 +======================== + +- Fix translations of certain error messages + +2.61.2 - July 22, 2019 +====================== + +- Improve certain handshake error messages (#13) +- Fix regressions introduced in 2.61.1 (#91, #92) + +2.61.1 - June 9, 2019 +===================== + +This release contains a major refactoring of the TLS codebase. The GnuTLS +backend now shares the same base classes as the OpenSSL backend, to avoid +duplicating as much code as possible. The base classes, previously used only by +the OpenSSL backend and originally forked from glib-networking several years +ago, have been enhanced to achieve feature-parity with the current state of the +GnuTLS backend. + +Please note that the OpenSSL backend remains experimental. Further planned work +is required before this backend will be production-ready. + +2.60.3 - June 9, 2019 +===================== + +- Fix clobbering of the thread-default main context after certificate + verification failure during async handshakes since 2.60.1 (#85) +- Fix GTlsDatabase initialization failures in OpenSSL backend due to + uninitialized memory use +- Fix minor leak of ALPN protocols + +2.60.2 - May 2, 2019 +==================== + +- OpenSSL backend now defaults to system trust store (#62) +- Fix client auth failure error with GnuTLS 3.6.7 (#70) + +2.60.1 - April 1, 2019 +====================== + +- Improve reliability of client auth failure tests (#66) +- Fix excessive CPU usage after sync handshake (#69) + +2.60.0.1 - March 12, 2019 +========================= + +- Fix build with OpenSSL pkg-config unavailable (Nirbheek Chauhan) + +2.60.0 - March 11, 2019 +======================= + +This is the first stable release featuring the new OpenSSL backend. Please be +advised that this new backend is still experimental and known to not work on +some systems, including Debian. Linux distributions are encouraged to stick to +the default build options, where OpenSSL is not yet enabled. + +- Fix build with GnuTLS disabled (Nirbheek Chauhan) +- Fix build on Windows (Chun-Wei Fan) + +2.59.92 - March 4, 2019 +======================= + +- Many OpenSSL backend fixes for Windows (Nirbheek Chauhan) +- GnuTLS: reject sync operations during handshake to avoid deadlocks (#46) +- Temporarily disable DTLS and OpenSSL tests due to #49 and #54 + +2.59.91 - February 18, 2019 +=========================== + +- Update OpenSSL SSL struct when certificate is changed (#55, Fredrik Ternerot) +- Fix tests build when GnuTLS is disabled (#59) +- Remove Fedora-specific PROFILE=SYSTEM default cipher list (#61) +- Fix some problems with the connection tests (Fredrik Ternerot) + +2.59.90 - February 4, 2019 +========================== + +This release adds an OpenSSL backend, obsoleting the glib-openssl project. +Credit to all the contributors to the glib-openssl project, especially +Ignacio Casal Quinteiro. Also thanks to Xavier Claessens for helping with the +transition. + +The OpenSSL backend seems to be mature, though it is less well-tested for +desktop usage than the GnuTLS backend. It will remain disabled by default at +build time due to the GPL-incompatible nature of the OpenSSL license -- and the +GPLv2-incompatible nature of the Apache license that will be used by future +versions of OpenSSL -- and because the GnuTLS backend is sufficient for Linux +distros. + +Use the OpenSSL backend if you are building an embedded system where +(GPLv2+ or LGPLv3+) dependencies are unacceptable (e.g. nettle or GMP, both +dependencies of GnuTLS) and you are OK with the GPL-incompatible OpenSSL +license. If the OpenSSL backend is enabled at build time, you should probably +disable build of the GnuTLS backend, or it will take precedence over the OpenSSL +backend at runtime. For example, you could configure with: + +$ mkdir build && cd build +$ meson -Dgnutls=disabled -Dopenssl=enabled .. + +2.59.2 - January 7, 2019 +======================== + + - Add support for application layer protocol negotiation (#47, Scott Hutton) + +2.59.1 - November 11, 2018 +========================== + +This release removes the gnutls-pkcs11 backend, which was disabled in 2.57.2, +due to lack of any feedback whatsoever regarding its disablement. If you think +it is still useful to you, given that the normal gnutls backend now supports +PKCS#11, speak up now. + +This release also includes several changes to properly support TLS 1.3. + +Other changes: + + - Perform certificate verification during, not after, TLS handshake + - Dramatically improve the reliability of the non-DTLS tests. (DTLS is still having problems.) + - Regenerate test certificates to prepare for OpenSSL support + - Several meson build system improvements to prepare for OpenSSL support + +2.58.0 - September 2, 2018 +========================== + + - Updated translations + +2.57.92 - August 27, 2018 +========================= + + - Revert fixes for #4 and #6 due to regression (#43) + - Fix installed tests (Sébastien Bacher, !7) + +2.57.90 - August 12, 2018 +========================= + + - Properly check for server errors in connection tests (#4) + - Perform certificate verification during, not after, TLS handshake (#6) + - Avoid trailing dots in SNI hostnames (#11) + - Send fallback SCSV with fallback connection attempts + - Fail unsafe rehandshake attempts initiated by API request + +2.57.3 - July 16, 2018 +====================== + +- Fix memory leaks when calling g_tls_connection_gnutls_get_certificate() +- Use .so for modules on macOS instead of dylib (Nirbheek Chauhan) +- Fix build with MSVCC (Nirbheek Chauhan) + +2.57.2 - May 21, 2018 +===================== + +This release disables build of the gnutls-pkcs11 backend by default. Please +direct any complaints to https://gitlab.gnome.org/GNOME/glib-networking/issues/7 + +- Several meson build system improvements + (#794978, #795043, and #795982, Xavier Claessens and Nirbheek Chauhan) + +2.57.1 - April 16, 2018 +======================= + +- Use GnuTLS system trust and remove build option to specify cert bundle (#753260) +- Fix criticals when child streams outlast the parent GTlsConnection (#792219) +- Fix crash when setting client cert without private key (#793712) +- Update tests for compatibility with GnuTLS 3.6.2 (#794286) +- Never install GIO modules outside build prefix (#794358) +- Don't install test files if installed tests are disabled (#794372) +- Fix build with -Dpkcs11=false (#794292, Tom Schoonjans) +- Allow building as meson subproject (#794709, Mathieu Duponchelle) + +- g_tls_certificate_verify() no longer manually verifies certificate + activation/expiration time, matching the current behavior of + g_tls_database_verify_chain(). + +2.56.0 - March 20, 2018 +======================= + +- Updated translations + +2.55.90 - February 12, 2018 +=========================== + +- Fix unit tests when SSLv3 is unavailable (#782853) +- Allow static linking (#791100, Xavier Claessens) +- Fix issues found by coverity (#792402, Philip Withnall) +- Remove TLS build option; it is now mandatory +- Try to ensure that GnuTLS is only initialized if TLS is actually used +- Update use of GObject to follow current best practices +- Use XDG_CURRENT_DESKTOP to determine which proxy module to load + +2.55.2 - December 13, 2017 +========================== + + * Fix glib-pacrunner.service installation directory + [#790367, Michael Catanzaro] + + * Updated translations: Hebrew, Indonesian, Spanish + +2.55.1 - November 13, 2017 +========================== + + * Implement DTLS support [#697908, Philip Withnall and Olivier Crête] + + * Fix using different client certs for different connections + [#781578, Martin Pitt] + + * Port to Meson build system [#786639, Iñigo Martínez] + + * Updated translations: Catalan (Valencian), Croatian, Czech, German, + Greek, Norwegian bokmål, Persian, Slovenian + +2.54.0 +====== + * New/updated translations: Basque, Belarusian, Brazilian + Portuguese, Bulgarian, Catalan, Chinese (Taiwan), Danish, Danish, + Dutch, French, Galician, Hungarian, Italian, Korean, Latvian, + Lithuanian, Malayalam, Nepali, Polish, Serbian, Slovak, Swedish, + Turkish + +2.53.90 +======= + * gnutls: Stop using %LATEST_RECORD_VERSION in priority string, + since that gives better compatibility with current gnutls / + current real world. [#782218, Michael Catanzaro] + + * gnutls: Provide a better error message when a TLS alert is + received. [#782218, Michael Catanzaro] + + * New/updated translations: Croatian, Czech, Esperanto, Friulian, + German, Indonesian, Italian, Kazakh, Slovenian, Spanish + +2.50.0 +====== + * New stable release. + + * Updated translations: British English, Polish + +2.49.90 +======= + * Ported to use upstream gettext rather than intltool/glib-gettext + [#768708, Javier Jardón] + + * Updated po files for future gettext versions [Piotr Drąg] + + * Fixed translation lookup on Windows [#765466, Chun-wei Fan] + + * Updated translations: Occitan + +2.48.2 +====== + * gnutls: Fixed an infinite loop if a server sent two identical + copies of its CA certificate [#765317, Carlos Garcia Campos] + + * New/updated translations: Occitan, Scottish Gaelic + +2.48.1 +====== + * Fixed translations in non-UTF-8 domains [#765466, Ting-Wei Lan] + + * Fixed bash-ism in configure [#765396, Patrick Welche] + + * Updated translations: Friulian + +2.48.0 +====== + * New stable release. (No changes since 2.47.90) + +2.47.90 +======= + * gnutls: The non-PKCS#11 TLS plugin now uses gnutls's certificate + validation code directly, rather than attempting to build a + certificate chain itself first. [#753260 and others, Dan Winship] + + * gnutls: Fixed a leak when closing a connection during an implicit + handshake [#736809, Philip Withnall] + + * gnutls: Fixed "make check" without PKCS#11 support [#728977, + Gilles Dartiguelongue] + + * gnutls: Various changes in preparation for DTLS support (but not + the actual DTLS support itself) [#697908, #735754, Philip + Withnall, Olivier Crête] + + * Updated translations: Occitan + +2.47.1 +====== + * Fixed a certificate chain validation problem that affected + Facebook in Epiphany. [#750457, Carlos Garcia Campos] + + * Added a systemd service file for glib-pacrunner [#755740, Simon + McVittie] + +2.46.0 +====== + * Various minor cleanups and small memory leak fixes + + * Added a new test case for client certificate chain handling + [#754129, Michael Catanzaro] + + * New/updated translations: + Japanese, Occitan, Portuguese + +2.45.1 +====== + * tls/gnutls: Implement g_tls_client_connection_copy_session_state(), + to allow implementing FTP-over-TLS in gvfs. (#745255, Ross + Lagerwall) + +2.44.0 +====== + * New stable release. (No changes since 2.43.92) + +2.43.92 +======= + * Fix TLS session caching when using session tickets (#745099, Ross + Lagerwall) + + * Updated translations: + Bosnian + +2.43.91 +======= + * tls/gnutls: Removed a workaround for connecting to servers with + weak DH parameters, which was apparently only needed because + gnutls was prioritizing DHE over RSA. (Michael Catanzaro) + (https://bugzilla.redhat.com/show_bug.cgi?id=1177964#c8) + + * tls/gnutls: We now require gnutls 3.x again. (In fact, 2.42.1 + and 2.43.1 accidentally used a 3.x-only function, so we already + required it, we were just failing to declare that fact.) + + * tls/tests: Skip certain tests when running against old gnutls or + GLib releases. (glib-networking 2.43.91 itself does not require + GLib 2.43, but one of the test cases does.) + + * Updated translations: + Friulian + +2.43.1 +====== + + * The GTlsClientConnection "use-ssl3" property now falls back to TLS + 1.0 if SSL 3.0 has been disabled, rather than just failing. Also, + we now use the gnutls %LATEST_RECORD_VERSION option by default (to + allow connecting to certain servers that were incorrectly patched + for the POODLE attack), but also make sure to remove that option + in the fallback ("use-ssl3") mode (to allow connecting to other + servers that are differently broken). (#738633, #740087, Dan + Winship) + + * tls/gnutls: Miscellaneous warning, debugging, and leak fixes + (#736757, #736809, #737106, Philip Withnall) + + * New/updated translations: + Kazakh + +2.42.0 +====== + * New stable release. (No changes since 2.41.92) + +2.41.92 +======= + * tls/gnutls: Incorrectly-ordered certificate chains are now + accepted (#683266, Michael Catanzaro) + + * tls/gnutls: Closing an already-closed GTlsConnection now correctly + returns TRUE rather than G_IO_ERROR_CLOSED (#735754, Olivier + Crête) + +2.41.4 +====== + * tls/gnutls: certificates with IP address subject altnames are now + supported (#726596, Aleix Conchillo Flaqué) + + * tls/tests: added a script to re-generate the certificates, and + regenerated them (since the key for the existing CA certificate + had been lost, so it wasn't possible to add new test certificates, + eg, for IP SAN). (#733365, Aleix Conchillo Flaqué) + + * Updated translations: + Greek + +2.41.3 +====== + * tls/gnutls: g_tls_backend_get_default_database() should never + return %NULL; if glib-networking was built without a + ca-certificates file, then the default GTlsDatabase should just be + empty. (#727282, Olivier Crête) + + * tls/gnutls: If a server's certificate includes an issuer chain, we + now send the entire chain to the client. (#724708, Aleix Conchillo + Flaqué) + + * Updated translations: + Swedish + +2.40.0 +====== + * New stable release. (No changes since 2.39.90) + +2.39.90 +======= + * tls/gnutls: Avoid trying to update a destroyed GSource (#723774, + Philip Withnall) + + * tls/tests: Fix another flaky test (#722336) + + * tests: use the TAP driver + + * Updated translations: + Chinese, Czech + +2.39.3 +====== + * tls/tests: Fix one sporadic bug in the connection test (#720081) + and make it properly fail rather than hanging forever when another + sporadic bug happens (which I don't actually know the cause of) + (#719727) + + * tls/gnutls: Fix for -Werror=format-nonliteral (#720081, Ryan + Lortie) + +2.39.1 +====== + * tls/gnutls: Use g_tls_interaction_invoke_request_certificate() + when processing a certificate request. (#637257, Stef Walter) + + * tls/gnutls: Handle G_IO_ERROR_TIMED_OUT on a GTlsConnection + correctly rather than reporting "The specified session has + been invalidated for some reason". (#710700, Aleix Concillo + Flaque) + + * tls/tests: Fix to previous installed-tests fix, which resulted + in some files getting installed even when installed tests weren't + enabled. (#710197) + + * tls/tests: add a test for a fix made in glib (#710691, Aleix + Conchillo Flaque). + +2.38.1 +====== + * glibpacrunner: Don't crash if there is an internal libproxy error. + (rhbz #866927) + + * tls/tests: Fix installed tests to not accidentally depend on + having the source tree still exist. (#709628) + + * Updated translations: + Tajik + +2.38.0 +====== + * New stable release. (No changes since 2.37.5) + +2.37.5 +====== + * gnutls: minimum version is now 2.12.8 (with 3.x preferred...) + + * glib-networking now supports the --enable-installed-tests flag, to + install its test programs to run at other times (ie, after + updating glib) + +2.37.4 +====== + * proxy/gnome: further improve GNOME session detection (#701377) + + * gnutls: don't crash if $G_TLS_GNUTS_PRIORITY is invalid (#701693) + +2.37.2 +====== + * proxy/gnome: Improve session-type detection to include + gnome-classic and anything else starting with "gnome" (#700607, + Giovanni Campagna) + + * proxy/libproxy: make SOCKS work when using the async API (#699359, + Dan) + + * proxy/tests: make the libproxy test program use the just-built + plugin rather than the installed one. Oops (#700286, Iain Lane) + + * proxy/tests: fix to not error out if neither proxy module is built + (#700628, Dan) + + * tls/tests: fix a sporadic crash (Dan) + +2.37.1 +====== + * gnutls: Fixed a bug that could cause hangs and/or bursts of CPU + usage in some cases. (#696881, Olivier Crête) + + * gnutls: Fixed CFLAGS when building with gnutls in a different + prefix. (#696519, Emmanuel Pacaud) + + * gnutls: Fixed a hang while rehandshaking with gnutls 3.x (#695062, + Dan) + + * gnutls: Fixed a handshaking crash in multithreaded use (#697754, + Olivier Crête) + + * proxy/gnome: Fix "automatic" mode, which was mistakenly being + treated as "none" (Dan) + + * proxy/gnome: Use this in Unity sessions as well as GNOME ones. + (#698936, Iain Lane) + + * New/Updated translations: + Friulian, Indonesian, Turkish + +2.36.0 +======= + * New/Updated translations: + Assamese, Basque, Belarusian, Catalan (Valencian), Catalan, + Danish, Finnish, Hindi, Korean, Latvian, Persian, Portuguese, + Russian, Slovak, Tadjik, Thai + +2.35.9 +====== + * Fixed one kind of handshake failure to return the correct error + code under gnutls 3.x (allowing libsoup to recognize the error and + do fallback to SSL 3.0). (#694812) + + * Updated translations: + Chinese (traditional), French, German, Punjabi, Uyghur, + Vietnamese + +2.35.8 +====== + * proxy/gnome: ported to new GSimpleProxyResolver, and added more + tests + + * gnutls: Fixed a small per-connection leak (#693718) + + * tls/tests: Fixed several race conditions that caused spurious + failures. (#693720) + + * Updated translations: + Malayalam + +2.35.6 +====== + * proxy/gnome: Fixed several bugs: + + * Multithreaded usage could result in crashes + + * In "automatic" mode, synchronous lookups would obey + ignore-hosts, but asynchronous lookups would not. (Now they + both do.) + + * lookup_async() would never notice if the proxy settings + switched from "automatic" to "manual" or "none" (and would + make a synchronous D-Bus call when switching in the other + direction). + + * If given an invalid URI, lookup_async() would return a + successful result (and leak the GError that it was supposed + to have returned), and lookup() would return both the error + and the proxy (leaking one or the other, depending on how + the caller behaved). + + * Updated translations: + Italian, Malayalam, Norwegian bokmål, Serbian, Uyghur + +2.35.4 +====== + * proxy/gnome: The tests should now work correctly even if + run from a non-GNOME environment. (Robert Ancell) + + * Updated translations: + Brazilian Portuguese, Bulgarian, Estonian, Galician, Greek, + Hungarian, Slovenian + +2.35.3 +====== + * build: The TLS tests are now not built if you are building without + gnutls support. (Saleem Abdulrasool) + + * gnutls: Several handshaking fixes: + + * Fix a hang when doing a synchronous close() immediately + after cancelling an asynchronous handshake() (which would + happen in libsoup if you cancelled a message at the right + time). (#688751, Dan) + + * Avoid an assertion when an implicit handshake fails + (#689274, Stef) + + * Fixed GTlsServerConnection:authentication-mode to work + again, and added a regression test for this. (#689259, Stef) + + * Return the appropriate error + (G_TLS_ERROR_CERTIFICATE_REQUIRED) when a handshake fails + because the server required a certificate but none was + provided, and added a test for this. (#689260, Stef) + + * Make g_io_stream_close() finish successfully after a failed + handshake (#689260, Stef) + + * Make g_io_stream_close() finish successfully before a + handshake (#689271, Stef) + + * gnutls: Updated to be aware of G_IO_ERROR_BROKEN_PIPE in glib + 2.35.3, which needs to be converted to G_TLS_ERROR_NOT_TLS in some + cases. (Previously this error showed up as just G_IO_ERROR_FAILED.) + (Dan) + + * proxy/gnome: This is now only used in GNOME login sessions (as, + essentially, a more efficient version of the libproxy GNOME + backend); in non-GNOME sessions, gio will now fall back to the + libproxy plugin, allowing environment variables or other libproxy + settings backends to be used. + + * New/Updated translations: + Czech, Hebrew, Lithuanian, Polish, Slovak, Spanish + +2.35.1 +====== + * Update for glib 2.35.1; remove g_type_init() calls and port to + GTask. + + * Updated translations: + Estonian + +2.34.0 +====== + * Updated translations: + Arabic, Bulgarian, Catalan (Valencian), Catalan, Chinese + (Simplified), Hindi, Japanese, Thai + +2.33.14 +======= + * Updated translations: + Brazilian Portuguese, British English, Czech, Danish, Finnish, + French, German, Korean, Punjabi + +2.33.12 +======= + * gnutls: Revert the addition of the certificate-bytes and + private-key-bytes properties to GTlsCertificateGnutls, since they + were reverted in glib. (#682081, Stef) + + * Updated translations: + Belarusian, Hungarian, Indonesian, Italian, Latvian, Polish, + Polish, Vietnamese + +2.33.10 +======= + * gnutls: Improved the certificate verifying code to deal with the + case of a CA being reissued with the same key but a different + signature algorithm. (#681299, Stef) + + * gnutls: Fixed an uninitialized variable in + g_tls_connection_gnutls_close(). (#681636) + + * Updated translations: + Assamese, Portuguese, Telugu + +2.33.8 +====== + * gnutls: If a GTlsConnection gets an error when handshaking, it + will now continue to return that error message on future I/O + attempts, rather than behaving in an undefined manner. + + * gnutls: You can now read from a GTlsConnection's input stream and + write to its output stream at the same time (either in different + threads, or asynchronously in a single thread). (#660252) + + * Updated translations: + Chinese (traditional), Galician, Greek, Hebrew, Lithuanian, + Norwegian bokmål, Russian, Serbian, Slovenian, Spanish + 2.33.3 ====== * Updated autogen.sh (in particular to support automake 1.12)