1 2.74.0 - September 15, 2022
2 ===========================
6 2.74.rc - September 1, 2022
7 ===========================
9 - Support PKCS #12 encrypted certificates (!184, Patrick Griffis)
10 - Various improvements to Meson build system (!214, Xavier Claessens)
11 - Multiple fixes for proxy tests (!222)
13 2.74.beta - August 5, 2022
14 ==========================
16 - Drop environment proxy resolver to lowest priority (#190)
17 - Expose implementation of G_TLS_CHANNEL_BINDING_EXPORTER (#191)
18 - Add build option for environment proxy resolver (!217)
20 2.74.alpha - July 7, 2022
21 =========================
23 - Add build option for toggling debug logging (#188)
24 - Move gettext() usage out of hot paths (#188)
25 - Fix tests build when using openssl (!211, Nirbheek Chauhan)
26 - Properly free libproxy lookup results and require libproxy 0.4.16 (!212)
27 - Add additional validation for proxy lookup results (!212)
28 - Allow using static libraries via meson subprojects (!213, Olivier Crête)
29 - Updated translations
31 2.72.1 - June 29, 2022
32 ======================
34 - Discard empty proxy environment variables (#189)
36 2.72.0 - March 22, 2022
37 =======================
39 - Fix proxy tests (#186)
40 - GnuTLS: use IANA-style ciphersuite names with GnuTLS 3.7.4 (!202)
41 - Windows build fixes (!206, !207, Chun-wei Fan)
42 - meson devenv (!208, Xavier Claessens)
43 - Updated translations
45 2.72.beta - February 11, 2022
46 =============================
48 - Add environment variable proxy resolver (#162)
49 - OpenSSL: fix uninitialized memory use (!201, Daniel Kolesa)
51 2.72.alpha - January 6, 2022
52 ============================
54 - OpenSSL: fix unsafe error handling (!187, Patrick Griffis)
55 - Correctly load libsoup DLL on Windows (!190, Chun-wei Fan)
56 - OpenSSL: use system trust on Windows (!192, Francesco Conti)
57 - GnuTLS: fix TLS 1.3 ciphersuite names, should use underscores (!194)
58 - OpenSSL: fail when appropriate if Must-Staple extension is set (!197)
59 - Improve failure of tls-unique channel binding requests (!198, Ruslan Marchenko)
60 - Do not fill SNI extension with IP address (!200, Matteo Biggio)
62 2.70.1 - December 6, 2021
63 =========================
65 - Fix crashes when handshake is cancelled (#97, #176)
66 - OpenSSL: fix spurious certificate expired verification errors (#179)
67 - GnuTLS: Fix tests on 32-bit systems (!188, Simon McVittie)
68 - GnuTLS: Fix crash when invalid priority string is forced (!189)
70 2.70.0 - September 16, 2021
71 ===========================
73 - Updated translations
75 2.70.rc - September 3, 2021
76 ===========================
78 - gnutls: revert AuthorityInformationAccess implementation for now (#160)
79 - gnutls: fix use of non-default GTlsDatabases, Geary crash on startup (#169)
80 - openssl: remove openssl-util (!181)
81 - gnutls: fix leak in g_tls_certificate_gnutls_copy (!182, Patrick Griffis)
82 - gnutls: Unbreak GTLS_GNUTLS_CHECK_VERSION (!185)
84 2.70.beta - August 12, 2021
85 ===========================
87 - gnutls: Ensure that PKCS #11 pins are NUL terminated (!178, Patrick Griffis)
88 - openssl: Restore OCSP support (!179, !180, Patrick Griffis)
90 2.70.alpha - July 2, 2021
91 =========================
93 - Fix TLS channel bindings tests (#164)
94 - Require OpenSSL 1.0.2 (#166)
95 - Fix threadsafety issue in certificate verification (!148)
96 - dlopen libsoup for performing HTTP requests (!149, Patrick Griffis)
97 - Implement new get_negotiated_protocol vfunc (!150)
98 - Implement new protocol version and ciphersuite name accessors (!151)
99 - OpenSSL: use system keychain on macOS (!154)
100 - OpenSSL: add DTLS support, plus many related improvements (!155, Ole André Vadla Ravnås)
101 - Implement new GTlsCertificate details APIs (!156, !165, Ross Wollman)
102 - GnuTLS: improve error handling for PIN failures (!158, Patrick Griffis)
103 - GnuTLS: expose PIN type on PIN requests (!159, Patrick Griffis)
104 - GnuTLS: check cancellable in pull timeout callback (!160)
105 - Add support for Android (!162, Ole André Vadla Ravnås)
106 - Improve automation of test certificate creation (!167, !168, !169, Patrick Griffis)
107 - GnuTLS: use GnuTLS to implement all channel bindings (!172)
108 - GnuTLS: rework certificate verification to use TLS session (!173)
109 - GnuTLS: improve peer identity verification (!176)
110 - Bring back automatic downloading of missing intermediate certificates (not fixed, may go away again)
112 2.68.1 - April 22, 2021
113 =======================
115 - Fix threadsafety issue in certificate verification (!148)
116 - Temporarily remove support for downloading missing intermediate certificates with GnuTLS 3.7 (#160)
118 2.68.0 - March 19, 2021
119 =======================
121 - Fix double free in GnuTLS client certificate request code (!147)
123 2.68.rc - March 12, 2021
124 ========================
126 - Improve heuristic for returning G_TLS_ERROR_CERTIFICATE_REQUIRED
127 - Fix check for certain handshake failure conditions
129 2.68.alpha - January 7, 2021
130 ============================
132 - Download and validate missing intermediate certificates (requires GnuTLS 3.7) (#96)
133 - OpenSSL backend now uses system crypto policy (#106)
134 - Remove use of g_assert in testsuite (#137)
135 - Restore support for old versions of OpenSSL (#156)
136 - Implement TLS channel bindings API (!139, Ruslan Marchenko)
137 - Implement PKCS#11 API (!140, Patrick Griffis)
138 - Update testsuite for Fedora 33 crypto policy (!141)
139 - Fix NULL dereference in g_tls_connection_base_read_message (!144, Vladimir D. Seleznev)
140 - Fix a couple code issues found by Coverity
142 2.66.0 - September 11, 2020
143 ===========================
145 - Updated translations
147 2.65.90 - August 6, 2020
148 ========================
150 - Many fixes to OpenSSL backend (!128, Ruslan Marchenko)
152 2.65.1 - July 2, 2020
153 =====================
155 - Fix peer-certificate[-errors] props set too soon (#127)
156 - Implement ALPN for OpenSSL backend (!126, Ruslan Marchenko)
157 - Fix Windows build (!127, Cun-wei Fan)
159 2.64.3 - May 28, 2020
160 =====================
162 - Revert warning when server-identity property is unset (#130)
163 - Fix CVE-2020-13645, fail connections when server identity is unset (#135)
165 2.64.2 - April 14, 2020
166 =======================
168 - Reenable TLS 1.0/1.1 protocols due to COVID-19.
169 - Fix build warning on Windows.
171 2.64.1 - March 27, 2020
172 =======================
174 - Warn when server-identity property is missing (#130)
175 - Fix crashes in debug logs (#131)
176 - Fix write loop in OpenSSL backend (!117)
178 2.64.0 - March 6, 2020
179 ======================
181 - Fix OpenSSL backend on RHEL 6 (!116)
183 2.63.92 - February 27, 2020
184 ===========================
186 - Revert fix for #127, which broke libsoup (#129)
188 2.63.91 - February 14, 2020
189 ===========================
191 - Fix peer-certificate properties changing too soon (#127)
192 - GnuTLS backend: reduce session resumption cache lifetime (!113)
193 - GnuTLS backend: restore TLS 1.2 support for copy session state (!114)
195 2.63.90 - February 1, 2020
196 ==========================
198 - Remove PKCS#11 support, deferred until next cycle (#104)
199 - Remove OpenSSL backend's OCSP support (#124)
201 2.63.3 - January 3, 2019
202 ========================
204 - Fix OpenSSL backend regressions and reenable OpenSSL testsuite (#54)
205 - Temporarily disable cancellation of sync handshakes (#97)
206 - Disable flaky test (#104) and resolve testsuite flakiness (#105)
207 - Fix leak of base iostream (or base datagram socket), 2.62 regression
208 - Fix duplicate notifies of peer-certificate and peer-certificate-errors
209 - Fix regression where GnuTLS connection init could theoretically fail without error
210 - Fix obscure corner case where SNI might not work
211 - Fix various build warnings on Windows
212 - Fix multiple build failures on Windows (Chun-wei Fan)
213 - Fix installed tests (Iain Lane)
215 2.63.2 - November 22, 2019
216 ==========================
218 - Fix crash when handshake context is reset too late (#97)
219 - Require GnuTLS 3.6.5 (#100)
220 - Build mock PKCS #11 module only for GnuTLS backend (#101)
221 - Rework session resumption support for TLS 1.3 (!69)
222 - Run GnuTLS tests under TLS 1.2 in addition to TLS 1.3 (!69)
223 - Support OpenSSL 1.0.1 (!81)
224 - Drop rehandshake mode and protocol version fallback support (!83)
225 - Add logging functions (!89, MARTINSONS Frederic)
226 - Fix PKCS #11 tests with TLS 1.2 (!91, Patrick Griffis)
227 - Add more debug logging for PKCS #11 (!92, Patrick Griffis)
228 - Fix leak in GTlsCertificateGnutls finalizer (!93, Patrick Griffis)
230 2.63.1 - October 11, 2019
231 =========================
233 - Add support for new PKCS#11 APIs to facilitate use with smartcards (Patrick Griffis)
234 - Disable TLS 1.0 and TLS 1.1 when using GnuTLS
235 - Fix threadsafety issue (#95)
237 2.62.1 - October 4, 2019
238 ========================
240 - Fix two memory leaks (!71, !72, Claudio Saavedra)
242 2.62.0 - September 7, 2019
243 ==========================
245 - Revert broken queued data fix for #15
247 2.61.92 - September 2, 2019
248 ===========================
250 - Discard queued data after interrupted writes (#15)
251 - Verify socket timeouts are respected (#18)
252 - Fix a couple broken error messages
254 2.61.90 - August 5, 2019
255 ========================
257 - Fix translations of certain error messages
259 2.61.2 - July 22, 2019
260 ======================
262 - Improve certain handshake error messages (#13)
263 - Fix regressions introduced in 2.61.1 (#91, #92)
265 2.61.1 - June 9, 2019
266 =====================
268 This release contains a major refactoring of the TLS codebase. The GnuTLS
269 backend now shares the same base classes as the OpenSSL backend, to avoid
270 duplicating as much code as possible. The base classes, previously used only by
271 the OpenSSL backend and originally forked from glib-networking several years
272 ago, have been enhanced to achieve feature-parity with the current state of the
275 Please note that the OpenSSL backend remains experimental. Further planned work
276 is required before this backend will be production-ready.
278 2.60.3 - June 9, 2019
279 =====================
281 - Fix clobbering of the thread-default main context after certificate
282 verification failure during async handshakes since 2.60.1 (#85)
283 - Fix GTlsDatabase initialization failures in OpenSSL backend due to
284 uninitialized memory use
285 - Fix minor leak of ALPN protocols
290 - OpenSSL backend now defaults to system trust store (#62)
291 - Fix client auth failure error with GnuTLS 3.6.7 (#70)
293 2.60.1 - April 1, 2019
294 ======================
296 - Improve reliability of client auth failure tests (#66)
297 - Fix excessive CPU usage after sync handshake (#69)
299 2.60.0.1 - March 12, 2019
300 =========================
302 - Fix build with OpenSSL pkg-config unavailable (Nirbheek Chauhan)
304 2.60.0 - March 11, 2019
305 =======================
307 This is the first stable release featuring the new OpenSSL backend. Please be
308 advised that this new backend is still experimental and known to not work on
309 some systems, including Debian. Linux distributions are encouraged to stick to
310 the default build options, where OpenSSL is not yet enabled.
312 - Fix build with GnuTLS disabled (Nirbheek Chauhan)
313 - Fix build on Windows (Chun-Wei Fan)
315 2.59.92 - March 4, 2019
316 =======================
318 - Many OpenSSL backend fixes for Windows (Nirbheek Chauhan)
319 - GnuTLS: reject sync operations during handshake to avoid deadlocks (#46)
320 - Temporarily disable DTLS and OpenSSL tests due to #49 and #54
322 2.59.91 - February 18, 2019
323 ===========================
325 - Update OpenSSL SSL struct when certificate is changed (#55, Fredrik Ternerot)
326 - Fix tests build when GnuTLS is disabled (#59)
327 - Remove Fedora-specific PROFILE=SYSTEM default cipher list (#61)
328 - Fix some problems with the connection tests (Fredrik Ternerot)
330 2.59.90 - February 4, 2019
331 ==========================
333 This release adds an OpenSSL backend, obsoleting the glib-openssl project.
334 Credit to all the contributors to the glib-openssl project, especially
335 Ignacio Casal Quinteiro. Also thanks to Xavier Claessens for helping with the
338 The OpenSSL backend seems to be mature, though it is less well-tested for
339 desktop usage than the GnuTLS backend. It will remain disabled by default at
340 build time due to the GPL-incompatible nature of the OpenSSL license -- and the
341 GPLv2-incompatible nature of the Apache license that will be used by future
342 versions of OpenSSL -- and because the GnuTLS backend is sufficient for Linux
345 Use the OpenSSL backend if you are building an embedded system where
346 (GPLv2+ or LGPLv3+) dependencies are unacceptable (e.g. nettle or GMP, both
347 dependencies of GnuTLS) and you are OK with the GPL-incompatible OpenSSL
348 license. If the OpenSSL backend is enabled at build time, you should probably
349 disable build of the GnuTLS backend, or it will take precedence over the OpenSSL
350 backend at runtime. For example, you could configure with:
352 $ mkdir build && cd build
353 $ meson -Dgnutls=disabled -Dopenssl=enabled ..
355 2.59.2 - January 7, 2019
356 ========================
358 - Add support for application layer protocol negotiation (#47, Scott Hutton)
360 2.59.1 - November 11, 2018
361 ==========================
363 This release removes the gnutls-pkcs11 backend, which was disabled in 2.57.2,
364 due to lack of any feedback whatsoever regarding its disablement. If you think
365 it is still useful to you, given that the normal gnutls backend now supports
366 PKCS#11, speak up now.
368 This release also includes several changes to properly support TLS 1.3.
372 - Perform certificate verification during, not after, TLS handshake
373 - Dramatically improve the reliability of the non-DTLS tests. (DTLS is still having problems.)
374 - Regenerate test certificates to prepare for OpenSSL support
375 - Several meson build system improvements to prepare for OpenSSL support
377 2.58.0 - September 2, 2018
378 ==========================
380 - Updated translations
382 2.57.92 - August 27, 2018
383 =========================
385 - Revert fixes for #4 and #6 due to regression (#43)
386 - Fix installed tests (Sébastien Bacher, !7)
388 2.57.90 - August 12, 2018
389 =========================
391 - Properly check for server errors in connection tests (#4)
392 - Perform certificate verification during, not after, TLS handshake (#6)
393 - Avoid trailing dots in SNI hostnames (#11)
394 - Send fallback SCSV with fallback connection attempts
395 - Fail unsafe rehandshake attempts initiated by API request
397 2.57.3 - July 16, 2018
398 ======================
400 - Fix memory leaks when calling g_tls_connection_gnutls_get_certificate()
401 - Use .so for modules on macOS instead of dylib (Nirbheek Chauhan)
402 - Fix build with MSVCC (Nirbheek Chauhan)
404 2.57.2 - May 21, 2018
405 =====================
407 This release disables build of the gnutls-pkcs11 backend by default. Please
408 direct any complaints to https://gitlab.gnome.org/GNOME/glib-networking/issues/7
410 - Several meson build system improvements
411 (#794978, #795043, and #795982, Xavier Claessens and Nirbheek Chauhan)
413 2.57.1 - April 16, 2018
414 =======================
416 - Use GnuTLS system trust and remove build option to specify cert bundle (#753260)
417 - Fix criticals when child streams outlast the parent GTlsConnection (#792219)
418 - Fix crash when setting client cert without private key (#793712)
419 - Update tests for compatibility with GnuTLS 3.6.2 (#794286)
420 - Never install GIO modules outside build prefix (#794358)
421 - Don't install test files if installed tests are disabled (#794372)
422 - Fix build with -Dpkcs11=false (#794292, Tom Schoonjans)
423 - Allow building as meson subproject (#794709, Mathieu Duponchelle)
425 - g_tls_certificate_verify() no longer manually verifies certificate
426 activation/expiration time, matching the current behavior of
427 g_tls_database_verify_chain().
429 2.56.0 - March 20, 2018
430 =======================
432 - Updated translations
434 2.55.90 - February 12, 2018
435 ===========================
437 - Fix unit tests when SSLv3 is unavailable (#782853)
438 - Allow static linking (#791100, Xavier Claessens)
439 - Fix issues found by coverity (#792402, Philip Withnall)
440 - Remove TLS build option; it is now mandatory
441 - Try to ensure that GnuTLS is only initialized if TLS is actually used
442 - Update use of GObject to follow current best practices
443 - Use XDG_CURRENT_DESKTOP to determine which proxy module to load
445 2.55.2 - December 13, 2017
446 ==========================
448 * Fix glib-pacrunner.service installation directory
449 [#790367, Michael Catanzaro]
451 * Updated translations: Hebrew, Indonesian, Spanish
453 2.55.1 - November 13, 2017
454 ==========================
456 * Implement DTLS support [#697908, Philip Withnall and Olivier Crête]
458 * Fix using different client certs for different connections
459 [#781578, Martin Pitt]
461 * Port to Meson build system [#786639, Iñigo Martínez]
463 * Updated translations: Catalan (Valencian), Croatian, Czech, German,
464 Greek, Norwegian bokmål, Persian, Slovenian
468 * New/updated translations: Basque, Belarusian, Brazilian
469 Portuguese, Bulgarian, Catalan, Chinese (Taiwan), Danish, Danish,
470 Dutch, French, Galician, Hungarian, Italian, Korean, Latvian,
471 Lithuanian, Malayalam, Nepali, Polish, Serbian, Slovak, Swedish,
476 * gnutls: Stop using %LATEST_RECORD_VERSION in priority string,
477 since that gives better compatibility with current gnutls /
478 current real world. [#782218, Michael Catanzaro]
480 * gnutls: Provide a better error message when a TLS alert is
481 received. [#782218, Michael Catanzaro]
483 * New/updated translations: Croatian, Czech, Esperanto, Friulian,
484 German, Indonesian, Italian, Kazakh, Slovenian, Spanish
488 * New stable release.
490 * Updated translations: British English, Polish
494 * Ported to use upstream gettext rather than intltool/glib-gettext
495 [#768708, Javier Jardón]
497 * Updated po files for future gettext versions [Piotr Drąg]
499 * Fixed translation lookup on Windows [#765466, Chun-wei Fan]
501 * Updated translations: Occitan
505 * gnutls: Fixed an infinite loop if a server sent two identical
506 copies of its CA certificate [#765317, Carlos Garcia Campos]
508 * New/updated translations: Occitan, Scottish Gaelic
512 * Fixed translations in non-UTF-8 domains [#765466, Ting-Wei Lan]
514 * Fixed bash-ism in configure [#765396, Patrick Welche]
516 * Updated translations: Friulian
520 * New stable release. (No changes since 2.47.90)
524 * gnutls: The non-PKCS#11 TLS plugin now uses gnutls's certificate
525 validation code directly, rather than attempting to build a
526 certificate chain itself first. [#753260 and others, Dan Winship]
528 * gnutls: Fixed a leak when closing a connection during an implicit
529 handshake [#736809, Philip Withnall]
531 * gnutls: Fixed "make check" without PKCS#11 support [#728977,
532 Gilles Dartiguelongue]
534 * gnutls: Various changes in preparation for DTLS support (but not
535 the actual DTLS support itself) [#697908, #735754, Philip
536 Withnall, Olivier Crête]
538 * Updated translations: Occitan
542 * Fixed a certificate chain validation problem that affected
543 Facebook in Epiphany. [#750457, Carlos Garcia Campos]
545 * Added a systemd service file for glib-pacrunner [#755740, Simon
550 * Various minor cleanups and small memory leak fixes
552 * Added a new test case for client certificate chain handling
553 [#754129, Michael Catanzaro]
555 * New/updated translations:
556 Japanese, Occitan, Portuguese
560 * tls/gnutls: Implement g_tls_client_connection_copy_session_state(),
561 to allow implementing FTP-over-TLS in gvfs. (#745255, Ross
566 * New stable release. (No changes since 2.43.92)
570 * Fix TLS session caching when using session tickets (#745099, Ross
573 * Updated translations:
578 * tls/gnutls: Removed a workaround for connecting to servers with
579 weak DH parameters, which was apparently only needed because
580 gnutls was prioritizing DHE over RSA. (Michael Catanzaro)
581 (https://bugzilla.redhat.com/show_bug.cgi?id=1177964#c8)
583 * tls/gnutls: We now require gnutls 3.x again. (In fact, 2.42.1
584 and 2.43.1 accidentally used a 3.x-only function, so we already
585 required it, we were just failing to declare that fact.)
587 * tls/tests: Skip certain tests when running against old gnutls or
588 GLib releases. (glib-networking 2.43.91 itself does not require
589 GLib 2.43, but one of the test cases does.)
591 * Updated translations:
597 * The GTlsClientConnection "use-ssl3" property now falls back to TLS
598 1.0 if SSL 3.0 has been disabled, rather than just failing. Also,
599 we now use the gnutls %LATEST_RECORD_VERSION option by default (to
600 allow connecting to certain servers that were incorrectly patched
601 for the POODLE attack), but also make sure to remove that option
602 in the fallback ("use-ssl3") mode (to allow connecting to other
603 servers that are differently broken). (#738633, #740087, Dan
606 * tls/gnutls: Miscellaneous warning, debugging, and leak fixes
607 (#736757, #736809, #737106, Philip Withnall)
609 * New/updated translations:
614 * New stable release. (No changes since 2.41.92)
618 * tls/gnutls: Incorrectly-ordered certificate chains are now
619 accepted (#683266, Michael Catanzaro)
621 * tls/gnutls: Closing an already-closed GTlsConnection now correctly
622 returns TRUE rather than G_IO_ERROR_CLOSED (#735754, Olivier
627 * tls/gnutls: certificates with IP address subject altnames are now
628 supported (#726596, Aleix Conchillo Flaqué)
630 * tls/tests: added a script to re-generate the certificates, and
631 regenerated them (since the key for the existing CA certificate
632 had been lost, so it wasn't possible to add new test certificates,
633 eg, for IP SAN). (#733365, Aleix Conchillo Flaqué)
635 * Updated translations:
640 * tls/gnutls: g_tls_backend_get_default_database() should never
641 return %NULL; if glib-networking was built without a
642 ca-certificates file, then the default GTlsDatabase should just be
643 empty. (#727282, Olivier Crête)
645 * tls/gnutls: If a server's certificate includes an issuer chain, we
646 now send the entire chain to the client. (#724708, Aleix Conchillo
649 * Updated translations:
654 * New stable release. (No changes since 2.39.90)
658 * tls/gnutls: Avoid trying to update a destroyed GSource (#723774,
661 * tls/tests: Fix another flaky test (#722336)
663 * tests: use the TAP driver
665 * Updated translations:
670 * tls/tests: Fix one sporadic bug in the connection test (#720081)
671 and make it properly fail rather than hanging forever when another
672 sporadic bug happens (which I don't actually know the cause of)
675 * tls/gnutls: Fix for -Werror=format-nonliteral (#720081, Ryan
680 * tls/gnutls: Use g_tls_interaction_invoke_request_certificate()
681 when processing a certificate request. (#637257, Stef Walter)
683 * tls/gnutls: Handle G_IO_ERROR_TIMED_OUT on a GTlsConnection
684 correctly rather than reporting "The specified session has
685 been invalidated for some reason". (#710700, Aleix Concillo
688 * tls/tests: Fix to previous installed-tests fix, which resulted
689 in some files getting installed even when installed tests weren't
692 * tls/tests: add a test for a fix made in glib (#710691, Aleix
697 * glibpacrunner: Don't crash if there is an internal libproxy error.
700 * tls/tests: Fix installed tests to not accidentally depend on
701 having the source tree still exist. (#709628)
703 * Updated translations:
708 * New stable release. (No changes since 2.37.5)
712 * gnutls: minimum version is now 2.12.8 (with 3.x preferred...)
714 * glib-networking now supports the --enable-installed-tests flag, to
715 install its test programs to run at other times (ie, after
720 * proxy/gnome: further improve GNOME session detection (#701377)
722 * gnutls: don't crash if $G_TLS_GNUTS_PRIORITY is invalid (#701693)
726 * proxy/gnome: Improve session-type detection to include
727 gnome-classic and anything else starting with "gnome" (#700607,
730 * proxy/libproxy: make SOCKS work when using the async API (#699359,
733 * proxy/tests: make the libproxy test program use the just-built
734 plugin rather than the installed one. Oops (#700286, Iain Lane)
736 * proxy/tests: fix to not error out if neither proxy module is built
739 * tls/tests: fix a sporadic crash (Dan)
743 * gnutls: Fixed a bug that could cause hangs and/or bursts of CPU
744 usage in some cases. (#696881, Olivier Crête)
746 * gnutls: Fixed CFLAGS when building with gnutls in a different
747 prefix. (#696519, Emmanuel Pacaud)
749 * gnutls: Fixed a hang while rehandshaking with gnutls 3.x (#695062,
752 * gnutls: Fixed a handshaking crash in multithreaded use (#697754,
755 * proxy/gnome: Fix "automatic" mode, which was mistakenly being
756 treated as "none" (Dan)
758 * proxy/gnome: Use this in Unity sessions as well as GNOME ones.
761 * New/Updated translations:
762 Friulian, Indonesian, Turkish
766 * New/Updated translations:
767 Assamese, Basque, Belarusian, Catalan (Valencian), Catalan,
768 Danish, Finnish, Hindi, Korean, Latvian, Persian, Portuguese,
769 Russian, Slovak, Tadjik, Thai
773 * Fixed one kind of handshake failure to return the correct error
774 code under gnutls 3.x (allowing libsoup to recognize the error and
775 do fallback to SSL 3.0). (#694812)
777 * Updated translations:
778 Chinese (traditional), French, German, Punjabi, Uyghur,
783 * proxy/gnome: ported to new GSimpleProxyResolver, and added more
786 * gnutls: Fixed a small per-connection leak (#693718)
788 * tls/tests: Fixed several race conditions that caused spurious
791 * Updated translations:
796 * proxy/gnome: Fixed several bugs:
798 * Multithreaded usage could result in crashes
800 * In "automatic" mode, synchronous lookups would obey
801 ignore-hosts, but asynchronous lookups would not. (Now they
804 * lookup_async() would never notice if the proxy settings
805 switched from "automatic" to "manual" or "none" (and would
806 make a synchronous D-Bus call when switching in the other
809 * If given an invalid URI, lookup_async() would return a
810 successful result (and leak the GError that it was supposed
811 to have returned), and lookup() would return both the error
812 and the proxy (leaking one or the other, depending on how
815 * Updated translations:
816 Italian, Malayalam, Norwegian bokmål, Serbian, Uyghur
820 * proxy/gnome: The tests should now work correctly even if
821 run from a non-GNOME environment. (Robert Ancell)
823 * Updated translations:
824 Brazilian Portuguese, Bulgarian, Estonian, Galician, Greek,
829 * build: The TLS tests are now not built if you are building without
830 gnutls support. (Saleem Abdulrasool)
832 * gnutls: Several handshaking fixes:
834 * Fix a hang when doing a synchronous close() immediately
835 after cancelling an asynchronous handshake() (which would
836 happen in libsoup if you cancelled a message at the right
837 time). (#688751, Dan)
839 * Avoid an assertion when an implicit handshake fails
842 * Fixed GTlsServerConnection:authentication-mode to work
843 again, and added a regression test for this. (#689259, Stef)
845 * Return the appropriate error
846 (G_TLS_ERROR_CERTIFICATE_REQUIRED) when a handshake fails
847 because the server required a certificate but none was
848 provided, and added a test for this. (#689260, Stef)
850 * Make g_io_stream_close() finish successfully after a failed
851 handshake (#689260, Stef)
853 * Make g_io_stream_close() finish successfully before a
854 handshake (#689271, Stef)
856 * gnutls: Updated to be aware of G_IO_ERROR_BROKEN_PIPE in glib
857 2.35.3, which needs to be converted to G_TLS_ERROR_NOT_TLS in some
858 cases. (Previously this error showed up as just G_IO_ERROR_FAILED.)
861 * proxy/gnome: This is now only used in GNOME login sessions (as,
862 essentially, a more efficient version of the libproxy GNOME
863 backend); in non-GNOME sessions, gio will now fall back to the
864 libproxy plugin, allowing environment variables or other libproxy
865 settings backends to be used.
867 * New/Updated translations:
868 Czech, Hebrew, Lithuanian, Polish, Slovak, Spanish
872 * Update for glib 2.35.1; remove g_type_init() calls and port to
875 * Updated translations:
880 * Updated translations:
881 Arabic, Bulgarian, Catalan (Valencian), Catalan, Chinese
882 (Simplified), Hindi, Japanese, Thai
886 * Updated translations:
887 Brazilian Portuguese, British English, Czech, Danish, Finnish,
888 French, German, Korean, Punjabi
892 * gnutls: Revert the addition of the certificate-bytes and
893 private-key-bytes properties to GTlsCertificateGnutls, since they
894 were reverted in glib. (#682081, Stef)
896 * Updated translations:
897 Belarusian, Hungarian, Indonesian, Italian, Latvian, Polish,
902 * gnutls: Improved the certificate verifying code to deal with the
903 case of a CA being reissued with the same key but a different
904 signature algorithm. (#681299, Stef)
906 * gnutls: Fixed an uninitialized variable in
907 g_tls_connection_gnutls_close(). (#681636)
909 * Updated translations:
910 Assamese, Portuguese, Telugu
914 * gnutls: If a GTlsConnection gets an error when handshaking, it
915 will now continue to return that error message on future I/O
916 attempts, rather than behaving in an undefined manner.
918 * gnutls: You can now read from a GTlsConnection's input stream and
919 write to its output stream at the same time (either in different
920 threads, or asynchronously in a single thread). (#660252)
922 * Updated translations:
923 Chinese (traditional), Galician, Greek, Hebrew, Lithuanian,
924 Norwegian bokmål, Russian, Serbian, Slovenian, Spanish
928 * Updated autogen.sh (in particular to support automake 1.12)
931 * gnutls: fix the use-system-certdb property on GTlsConnectionGnutls
932 (previously, setting it to FALSE was a no-op).
934 * Updated translations:
935 Dutch, Greek, Indonesian
939 * gnutls: simplify using new glib pollable stream methods
941 * proxy/gnome: fix a bug that made it impossible to use SOCKS
942 without also having a separate http proxy.
946 * gnutls: added /etc/ssl/ca-bundle.pem to the list of files to check
947 for to use as the default CA list. (This is what openSUSE uses.)
948 (#673944, Federico Mena Quintero)
950 * Updated translations:
951 Catalan (Valencian), Marathi, Odia, Persian
955 * New/updated translations:
956 Hindi, Japanese, Khmer, Latvian, Malayalam
960 * Updated translations:
961 British English, Catalan, Finnish, Lithuanian, Portuguese,
966 * gnutls: Fixed a linking problem on some platforms when PKCS#11 is
967 enabled. (#670956, Kalev Lember)
969 * Updated translations:
970 Assamese, Basque, Belarusian, Brazilian Portuguese, Danish,
971 Estonian, French, German, Hungarian, Italian, Korean, Polish,
976 * gnutls: Fixed a TLS handshaking bug that in particular caused lots
977 of crashes in epiphany. (#658771)
979 * tls/tests: Fixed a bug in the pkcs11-pin test that could cause it
982 * Updated translations:
983 Bulgarian, Chinese (traditional), Czech, Japanese,
984 Norwegian bokmål, Turkish, Vietnamese
989 * Support gnutls built against nettle instead of gcrypt
992 * Implement TLS session caching for GTlsServerConnection
995 * tls/tests: Explicitly request the memory GSettings backend, to
996 avoid warnings in partial jhbuild environments
998 * proxy/gnome: Update to use GInetAddressMask
1000 * Updated translations:
1001 Chinese (simplified), Hebrew, Norwegian bokmål, Slovenian,
1007 * Added gnutls-pkcs11 backend, which uses gnutls 2.12.8 and
1008 p11-kit (a new optional dependency) to provide access to
1009 PKCS#11 tokens. At the moment, this is only enabled if you
1010 set GIO_USE_TLS=gnutls-pkcs11 in the environment. (Stef,
1013 * GTlsCertificateGnutls can now read unencrypted PKCS#8 keys
1014 (which show "BEGIN PRIVATE KEY" in PEM form) in addition to
1015 the previously-supported PKCS#1 keys ("BEGIN RSA PRIVATE
1018 * Updated translations:
1019 Galician, German, Lithuanian, Norwegian bokmål, Spanish,
1025 * Bumped required GNUTLS version to 2.11.0 and updated
1026 code for that (Stef, #656903)
1028 * Fixed a crash when passing a NULL GCancellable to
1029 g_tls_connection_close_async() (Dan, #659786) or a NULL
1030 GError to g_tls_file_database_new().
1032 * Fixed handling of self-signed CA certificates in
1033 GTlsDatabaseGnutls (Dan, #660508)
1035 * Added another G_TLS_ERROR_NOT_TLS (aka "dumb server, try
1036 falling back from TLS to SSLv3") case, when the handshake
1037 completes but then packets after that don't decrypt
1038 correctly. (Dan, #662104)
1040 * Made sure that GTlsConnection:peer-certificate and
1041 :peer-certificate-errors get set even when the peer
1042 certificate is rejected. (Dan)
1045 * Fixed ignore_hosts handling (Dan, #655581)
1047 * Fixed configure check so that "--without-gnome-proxy" works.
1048 (Alexandre Rostovtsev, #662203)
1050 * Fixed tests to only build the gnome proxy test if we're
1051 building the gnome proxy. (Kalev Lember, #662085)
1058 * Updated translation:
1063 * New/updated translations:
1064 Belarusian, Tamil, Japanese
1066 * gnutls: Fixed a problem when linking against GNUTLS 3.0, where
1067 connections would sometimes return the error "The TLS connection
1068 was non-properly terminated". (Dan Winship, #659233)
1070 * gnutls: Plugged a few memory leaks (Dan Winship)
1074 * gnutls: fixed two rehandshaking bugs; one in which a client
1075 would erroneously report an error after successfully rehandshaking
1076 (Igor Makarov, #653645), and one where initiating an asynchronous
1077 rehandshake on the server side would send illegal packets and
1078 cause the client to disconnect (Dan Winship).
1080 * gnutls: made GTlsDatabaseGnutls and GTlsFileDatabaseGnutls
1081 properly cancellable (Stef Walter)
1083 * gnutls: fixed the client-side session cache to not share session
1084 IDs between different virtual hosts on the same IP address, which
1085 caused problems with some servers. (Dan Winship, #581342)
1087 * tls: Fixed up the tls test program so it can be run from "make
1088 check" (Stef Walter)
1095 * gnutls: implement GTlsDatabase (Stef Walter, #636572)
1097 * gnutls: override minimum key length, to allow connecting to HTTP
1098 servers with very small keys (eg, on some embedded devices). (Dan
1101 * gnutls: use %COMPAT mode, which makes GNUTLS behave more like
1102 OpenSSL/NSS/Windows in a few ways, making it work with certain
1103 broken HTTP servers. (Dan Winship, part of #581342)
1105 * gnutls: fixed a crash when passed a NULL GError (Dan Winship)
1109 * Optimized GDBus usage in PACRunner (davidz)
1111 * Fixed a race condition in GProxyResolverGnome (davidz)
1113 * Changed configure to --enable-maintainer-mode by default,
1117 Belarusian, Catalan (Valencian), Esperanto, Finnish,
1122 * Fixed some leaks in the gnutls backend
1129 * New/updated translations:
1130 Basque, Brazilian Portuguese, Chinese (Traditional), Danish,
1131 Hindi, Kannada, Marathi, Uyghur
1135 * Added a new proxy backend, GProxyResolverGnome, that uses
1136 GSettings and the network proxy schemas from
1137 gsettings-desktop-schemas to provide proxy information (and using
1138 a new D-Bus service provided by the libproxy backend to provide
1141 If you are building glib-networking in a GNOME 3.0 environment,
1142 you should make sure that gsettings-desktop-schemas.pc is
1143 available when building, so that this backend gets built.
1146 Assamese, Latvian, Oriya, Serbian
1150 * Fixed broken libtool check in autogen.sh that failed for libtool
1153 * New/updated translations:
1154 Bengali (India), Catalan, Chinese (Simplified), Chinese
1155 (Traditional), Czech, Dutch, Estonian, Galician, German,
1156 Greek, Gujarati, Hebrew, Indonesian, Italian, Korean,
1157 Norwegian (Bokmål), Polish, Punjabi, Slovenian, Spanish,
1158 Swedish, Uyghur, Ukranian
1162 * Fixed configure script to actually error out if installed glib
1163 version is too old (Emilio Pozuelo Monfort)
1165 * gnutls: updated GTlsClientConnectionGnutls for :accepted-cas type
1166 change (Stef Walter)
1167 * gnutls: fixed an uninitialized variable (Dan Winship)
1171 * gnutls: finish implementing GTlsRehandshakeMode, which was present
1172 but non-functional in 2.27.4
1173 * gnutls: updates for glib TLS API changes
1174 * gnutls: fix some async bugs that caused the main loop to spin
1175 * gnutls: implement a client-side session cache, to speed up
1178 * Compile with gcc warnings by default
1182 * GNUTLS-based implementation of GTlsBackend
1187 * No changes, just a version bump
1192 * Initial release, with libproxy-based GProxyResolver