1 2.72.alpha - January 6, 2022
2 ============================
4 - OpenSSL: fix unsafe error handling (!187, Patrick Griffis)
5 - Correctly load libsoup DLL on Windows (!190, Chun-wei Fan)
6 - OpenSSL: use system trust on Windows (!192, Francesco Conti)
7 - GnuTLS: fix TLS 1.3 ciphersuite names, should use underscores (!194)
8 - OpenSSL: fail when appropriate if Must-Staple extension is set (!197)
9 - Improve failure of tls-unique channel binding requests (!198, Ruslan Marchenko)
10 - Do not fill SNI extension with IP address (!200, Matteo Biggio)
12 2.70.1 - December 6, 2021
13 =========================
15 - Fix crashes when handshake is cancelled (#97, #176)
16 - OpenSSL: fix spurious certificate expired verification errors (#179)
17 - GnuTLS: Fix tests on 32-bit systems (!188, Simon McVittie)
18 - GnuTLS: Fix crash when invalid priority string is forced (!189)
20 2.70.0 - September 16, 2021
21 ===========================
23 - Updated translations
25 2.70.rc - September 3, 2021
26 ===========================
28 - gnutls: revert AuthorityInformationAccess implementation for now (#160)
29 - gnutls: fix use of non-default GTlsDatabases, Geary crash on startup (#169)
30 - openssl: remove openssl-util (!181)
31 - gnutls: fix leak in g_tls_certificate_gnutls_copy (!182, Patrick Griffis)
32 - gnutls: Unbreak GTLS_GNUTLS_CHECK_VERSION (!185)
34 2.70.beta - August 12, 2021
35 ===========================
37 - gnutls: Ensure that PKCS #11 pins are NUL terminated (!178, Patrick Griffis)
38 - openssl: Restore OCSP support (!179, !180, Patrick Griffis)
40 2.70.alpha - July 2, 2021
41 =========================
43 - Fix TLS channel bindings tests (#164)
44 - Require OpenSSL 1.0.2 (#166)
45 - Fix threadsafety issue in certificate verification (!148)
46 - dlopen libsoup for performing HTTP requests (!149, Patrick Griffis)
47 - Implement new get_negotiated_protocol vfunc (!150)
48 - Implement new protocol version and ciphersuite name accessors (!151)
49 - OpenSSL: use system keychain on macOS (!154)
50 - OpenSSL: add DTLS support, plus many related improvements (!155, Ole André Vadla Ravnås)
51 - Implement new GTlsCertificate details APIs (!156, !165, Ross Wollman)
52 - GnuTLS: improve error handling for PIN failures (!158, Patrick Griffis)
53 - GnuTLS: expose PIN type on PIN requests (!159, Patrick Griffis)
54 - GnuTLS: check cancellable in pull timeout callback (!160)
55 - Add support for Android (!162, Ole André Vadla Ravnås)
56 - Improve automation of test certificate creation (!167, !168, !169, Patrick Griffis)
57 - GnuTLS: use GnuTLS to implement all channel bindings (!172)
58 - GnuTLS: rework certificate verification to use TLS session (!173)
59 - GnuTLS: improve peer identity verification (!176)
60 - Bring back automatic downloading of missing intermediate certificates (not fixed, may go away again)
62 2.68.1 - April 22, 2021
63 =======================
65 - Fix threadsafety issue in certificate verification (!148)
66 - Temporarily remove support for downloading missing intermediate certificates with GnuTLS 3.7 (#160)
68 2.68.0 - March 19, 2021
69 =======================
71 - Fix double free in GnuTLS client certificate request code (!147)
73 2.68.rc - March 12, 2021
74 ========================
76 - Improve heuristic for returning G_TLS_ERROR_CERTIFICATE_REQUIRED
77 - Fix check for certain handshake failure conditions
79 2.68.alpha - January 7, 2021
80 ============================
82 - Download and validate missing intermediate certificates (requires GnuTLS 3.7) (#96)
83 - OpenSSL backend now uses system crypto policy (#106)
84 - Remove use of g_assert in testsuite (#137)
85 - Restore support for old versions of OpenSSL (#156)
86 - Implement TLS channel bindings API (!139, Ruslan Marchenko)
87 - Implement PKCS#11 API (!140, Patrick Griffis)
88 - Update testsuite for Fedora 33 crypto policy (!141)
89 - Fix NULL dereference in g_tls_connection_base_read_message (!144, Vladimir D. Seleznev)
90 - Fix a couple code issues found by Coverity
92 2.66.0 - September 11, 2020
93 ===========================
95 - Updated translations
97 2.65.90 - August 6, 2020
98 ========================
100 - Many fixes to OpenSSL backend (!128, Ruslan Marchenko)
102 2.65.1 - July 2, 2020
103 =====================
105 - Fix peer-certificate[-errors] props set too soon (#127)
106 - Implement ALPN for OpenSSL backend (!126, Ruslan Marchenko)
107 - Fix Windows build (!127, Cun-wei Fan)
109 2.64.3 - May 28, 2020
110 =====================
112 - Revert warning when server-identity property is unset (#130)
113 - Fix CVE-2020-13645, fail connections when server identity is unset (#135)
115 2.64.2 - April 14, 2020
116 =======================
118 - Reenable TLS 1.0/1.1 protocols due to COVID-19.
119 - Fix build warning on Windows.
121 2.64.1 - March 27, 2020
122 =======================
124 - Warn when server-identity property is missing (#130)
125 - Fix crashes in debug logs (#131)
126 - Fix write loop in OpenSSL backend (!117)
128 2.64.0 - March 6, 2020
129 ======================
131 - Fix OpenSSL backend on RHEL 6 (!116)
133 2.63.92 - February 27, 2020
134 ===========================
136 - Revert fix for #127, which broke libsoup (#129)
138 2.63.91 - February 14, 2020
139 ===========================
141 - Fix peer-certificate properties changing too soon (#127)
142 - GnuTLS backend: reduce session resumption cache lifetime (!113)
143 - GnuTLS backend: restore TLS 1.2 support for copy session state (!114)
145 2.63.90 - February 1, 2020
146 ==========================
148 - Remove PKCS#11 support, deferred until next cycle (#104)
149 - Remove OpenSSL backend's OCSP support (#124)
151 2.63.3 - January 3, 2019
152 ========================
154 - Fix OpenSSL backend regressions and reenable OpenSSL testsuite (#54)
155 - Temporarily disable cancellation of sync handshakes (#97)
156 - Disable flaky test (#104) and resolve testsuite flakiness (#105)
157 - Fix leak of base iostream (or base datagram socket), 2.62 regression
158 - Fix duplicate notifies of peer-certificate and peer-certificate-errors
159 - Fix regression where GnuTLS connection init could theoretically fail without error
160 - Fix obscure corner case where SNI might not work
161 - Fix various build warnings on Windows
162 - Fix multiple build failures on Windows (Chun-wei Fan)
163 - Fix installed tests (Iain Lane)
165 2.63.2 - November 22, 2019
166 ==========================
168 - Fix crash when handshake context is reset too late (#97)
169 - Require GnuTLS 3.6.5 (#100)
170 - Build mock PKCS #11 module only for GnuTLS backend (#101)
171 - Rework session resumption support for TLS 1.3 (!69)
172 - Run GnuTLS tests under TLS 1.2 in addition to TLS 1.3 (!69)
173 - Support OpenSSL 1.0.1 (!81)
174 - Drop rehandshake mode and protocol version fallback support (!83)
175 - Add logging functions (!89, MARTINSONS Frederic)
176 - Fix PKCS #11 tests with TLS 1.2 (!91, Patrick Griffis)
177 - Add more debug logging for PKCS #11 (!92, Patrick Griffis)
178 - Fix leak in GTlsCertificateGnutls finalizer (!93, Patrick Griffis)
180 2.63.1 - October 11, 2019
181 =========================
183 - Add support for new PKCS#11 APIs to facilitate use with smartcards (Patrick Griffis)
184 - Disable TLS 1.0 and TLS 1.1 when using GnuTLS
185 - Fix threadsafety issue (#95)
187 2.62.1 - October 4, 2019
188 ========================
190 - Fix two memory leaks (!71, !72, Claudio Saavedra)
192 2.62.0 - September 7, 2019
193 ==========================
195 - Revert broken queued data fix for #15
197 2.61.92 - September 2, 2019
198 ===========================
200 - Discard queued data after interrupted writes (#15)
201 - Verify socket timeouts are respected (#18)
202 - Fix a couple broken error messages
204 2.61.90 - August 5, 2019
205 ========================
207 - Fix translations of certain error messages
209 2.61.2 - July 22, 2019
210 ======================
212 - Improve certain handshake error messages (#13)
213 - Fix regressions introduced in 2.61.1 (#91, #92)
215 2.61.1 - June 9, 2019
216 =====================
218 This release contains a major refactoring of the TLS codebase. The GnuTLS
219 backend now shares the same base classes as the OpenSSL backend, to avoid
220 duplicating as much code as possible. The base classes, previously used only by
221 the OpenSSL backend and originally forked from glib-networking several years
222 ago, have been enhanced to achieve feature-parity with the current state of the
225 Please note that the OpenSSL backend remains experimental. Further planned work
226 is required before this backend will be production-ready.
228 2.60.3 - June 9, 2019
229 =====================
231 - Fix clobbering of the thread-default main context after certificate
232 verification failure during async handshakes since 2.60.1 (#85)
233 - Fix GTlsDatabase initialization failures in OpenSSL backend due to
234 uninitialized memory use
235 - Fix minor leak of ALPN protocols
240 - OpenSSL backend now defaults to system trust store (#62)
241 - Fix client auth failure error with GnuTLS 3.6.7 (#70)
243 2.60.1 - April 1, 2019
244 ======================
246 - Improve reliability of client auth failure tests (#66)
247 - Fix excessive CPU usage after sync handshake (#69)
249 2.60.0.1 - March 12, 2019
250 =========================
252 - Fix build with OpenSSL pkg-config unavailable (Nirbheek Chauhan)
254 2.60.0 - March 11, 2019
255 =======================
257 This is the first stable release featuring the new OpenSSL backend. Please be
258 advised that this new backend is still experimental and known to not work on
259 some systems, including Debian. Linux distributions are encouraged to stick to
260 the default build options, where OpenSSL is not yet enabled.
262 - Fix build with GnuTLS disabled (Nirbheek Chauhan)
263 - Fix build on Windows (Chun-Wei Fan)
265 2.59.92 - March 4, 2019
266 =======================
268 - Many OpenSSL backend fixes for Windows (Nirbheek Chauhan)
269 - GnuTLS: reject sync operations during handshake to avoid deadlocks (#46)
270 - Temporarily disable DTLS and OpenSSL tests due to #49 and #54
272 2.59.91 - February 18, 2019
273 ===========================
275 - Update OpenSSL SSL struct when certificate is changed (#55, Fredrik Ternerot)
276 - Fix tests build when GnuTLS is disabled (#59)
277 - Remove Fedora-specific PROFILE=SYSTEM default cipher list (#61)
278 - Fix some problems with the connection tests (Fredrik Ternerot)
280 2.59.90 - February 4, 2019
281 ==========================
283 This release adds an OpenSSL backend, obsoleting the glib-openssl project.
284 Credit to all the contributors to the glib-openssl project, especially
285 Ignacio Casal Quinteiro. Also thanks to Xavier Claessens for helping with the
288 The OpenSSL backend seems to be mature, though it is less well-tested for
289 desktop usage than the GnuTLS backend. It will remain disabled by default at
290 build time due to the GPL-incompatible nature of the OpenSSL license -- and the
291 GPLv2-incompatible nature of the Apache license that will be used by future
292 versions of OpenSSL -- and because the GnuTLS backend is sufficient for Linux
295 Use the OpenSSL backend if you are building an embedded system where
296 (GPLv2+ or LGPLv3+) dependencies are unacceptable (e.g. nettle or GMP, both
297 dependencies of GnuTLS) and you are OK with the GPL-incompatible OpenSSL
298 license. If the OpenSSL backend is enabled at build time, you should probably
299 disable build of the GnuTLS backend, or it will take precedence over the OpenSSL
300 backend at runtime. For example, you could configure with:
302 $ mkdir build && cd build
303 $ meson -Dgnutls=disabled -Dopenssl=enabled ..
305 2.59.2 - January 7, 2019
306 ========================
308 - Add support for application layer protocol negotiation (#47, Scott Hutton)
310 2.59.1 - November 11, 2018
311 ==========================
313 This release removes the gnutls-pkcs11 backend, which was disabled in 2.57.2,
314 due to lack of any feedback whatsoever regarding its disablement. If you think
315 it is still useful to you, given that the normal gnutls backend now supports
316 PKCS#11, speak up now.
318 This release also includes several changes to properly support TLS 1.3.
322 - Perform certificate verification during, not after, TLS handshake
323 - Dramatically improve the reliability of the non-DTLS tests. (DTLS is still having problems.)
324 - Regenerate test certificates to prepare for OpenSSL support
325 - Several meson build system improvements to prepare for OpenSSL support
327 2.58.0 - September 2, 2018
328 ==========================
330 - Updated translations
332 2.57.92 - August 27, 2018
333 =========================
335 - Revert fixes for #4 and #6 due to regression (#43)
336 - Fix installed tests (Sébastien Bacher, !7)
338 2.57.90 - August 12, 2018
339 =========================
341 - Properly check for server errors in connection tests (#4)
342 - Perform certificate verification during, not after, TLS handshake (#6)
343 - Avoid trailing dots in SNI hostnames (#11)
344 - Send fallback SCSV with fallback connection attempts
345 - Fail unsafe rehandshake attempts initiated by API request
347 2.57.3 - July 16, 2018
348 ======================
350 - Fix memory leaks when calling g_tls_connection_gnutls_get_certificate()
351 - Use .so for modules on macOS instead of dylib (Nirbheek Chauhan)
352 - Fix build with MSVCC (Nirbheek Chauhan)
354 2.57.2 - May 21, 2018
355 =====================
357 This release disables build of the gnutls-pkcs11 backend by default. Please
358 direct any complaints to https://gitlab.gnome.org/GNOME/glib-networking/issues/7
360 - Several meson build system improvements
361 (#794978, #795043, and #795982, Xavier Claessens and Nirbheek Chauhan)
363 2.57.1 - April 16, 2018
364 =======================
366 - Use GnuTLS system trust and remove build option to specify cert bundle (#753260)
367 - Fix criticals when child streams outlast the parent GTlsConnection (#792219)
368 - Fix crash when setting client cert without private key (#793712)
369 - Update tests for compatibility with GnuTLS 3.6.2 (#794286)
370 - Never install GIO modules outside build prefix (#794358)
371 - Don't install test files if installed tests are disabled (#794372)
372 - Fix build with -Dpkcs11=false (#794292, Tom Schoonjans)
373 - Allow building as meson subproject (#794709, Mathieu Duponchelle)
375 - g_tls_certificate_verify() no longer manually verifies certificate
376 activation/expiration time, matching the current behavior of
377 g_tls_database_verify_chain().
379 2.56.0 - March 20, 2018
380 =======================
382 - Updated translations
384 2.55.90 - February 12, 2018
385 ===========================
387 - Fix unit tests when SSLv3 is unavailable (#782853)
388 - Allow static linking (#791100, Xavier Claessens)
389 - Fix issues found by coverity (#792402, Philip Withnall)
390 - Remove TLS build option; it is now mandatory
391 - Try to ensure that GnuTLS is only initialized if TLS is actually used
392 - Update use of GObject to follow current best practices
393 - Use XDG_CURRENT_DESKTOP to determine which proxy module to load
395 2.55.2 - December 13, 2017
396 ==========================
398 * Fix glib-pacrunner.service installation directory
399 [#790367, Michael Catanzaro]
401 * Updated translations: Hebrew, Indonesian, Spanish
403 2.55.1 - November 13, 2017
404 ==========================
406 * Implement DTLS support [#697908, Philip Withnall and Olivier Crête]
408 * Fix using different client certs for different connections
409 [#781578, Martin Pitt]
411 * Port to Meson build system [#786639, Iñigo Martínez]
413 * Updated translations: Catalan (Valencian), Croatian, Czech, German,
414 Greek, Norwegian bokmål, Persian, Slovenian
418 * New/updated translations: Basque, Belarusian, Brazilian
419 Portuguese, Bulgarian, Catalan, Chinese (Taiwan), Danish, Danish,
420 Dutch, French, Galician, Hungarian, Italian, Korean, Latvian,
421 Lithuanian, Malayalam, Nepali, Polish, Serbian, Slovak, Swedish,
426 * gnutls: Stop using %LATEST_RECORD_VERSION in priority string,
427 since that gives better compatibility with current gnutls /
428 current real world. [#782218, Michael Catanzaro]
430 * gnutls: Provide a better error message when a TLS alert is
431 received. [#782218, Michael Catanzaro]
433 * New/updated translations: Croatian, Czech, Esperanto, Friulian,
434 German, Indonesian, Italian, Kazakh, Slovenian, Spanish
438 * New stable release.
440 * Updated translations: British English, Polish
444 * Ported to use upstream gettext rather than intltool/glib-gettext
445 [#768708, Javier Jardón]
447 * Updated po files for future gettext versions [Piotr Drąg]
449 * Fixed translation lookup on Windows [#765466, Chun-wei Fan]
451 * Updated translations: Occitan
455 * gnutls: Fixed an infinite loop if a server sent two identical
456 copies of its CA certificate [#765317, Carlos Garcia Campos]
458 * New/updated translations: Occitan, Scottish Gaelic
462 * Fixed translations in non-UTF-8 domains [#765466, Ting-Wei Lan]
464 * Fixed bash-ism in configure [#765396, Patrick Welche]
466 * Updated translations: Friulian
470 * New stable release. (No changes since 2.47.90)
474 * gnutls: The non-PKCS#11 TLS plugin now uses gnutls's certificate
475 validation code directly, rather than attempting to build a
476 certificate chain itself first. [#753260 and others, Dan Winship]
478 * gnutls: Fixed a leak when closing a connection during an implicit
479 handshake [#736809, Philip Withnall]
481 * gnutls: Fixed "make check" without PKCS#11 support [#728977,
482 Gilles Dartiguelongue]
484 * gnutls: Various changes in preparation for DTLS support (but not
485 the actual DTLS support itself) [#697908, #735754, Philip
486 Withnall, Olivier Crête]
488 * Updated translations: Occitan
492 * Fixed a certificate chain validation problem that affected
493 Facebook in Epiphany. [#750457, Carlos Garcia Campos]
495 * Added a systemd service file for glib-pacrunner [#755740, Simon
500 * Various minor cleanups and small memory leak fixes
502 * Added a new test case for client certificate chain handling
503 [#754129, Michael Catanzaro]
505 * New/updated translations:
506 Japanese, Occitan, Portuguese
510 * tls/gnutls: Implement g_tls_client_connection_copy_session_state(),
511 to allow implementing FTP-over-TLS in gvfs. (#745255, Ross
516 * New stable release. (No changes since 2.43.92)
520 * Fix TLS session caching when using session tickets (#745099, Ross
523 * Updated translations:
528 * tls/gnutls: Removed a workaround for connecting to servers with
529 weak DH parameters, which was apparently only needed because
530 gnutls was prioritizing DHE over RSA. (Michael Catanzaro)
531 (https://bugzilla.redhat.com/show_bug.cgi?id=1177964#c8)
533 * tls/gnutls: We now require gnutls 3.x again. (In fact, 2.42.1
534 and 2.43.1 accidentally used a 3.x-only function, so we already
535 required it, we were just failing to declare that fact.)
537 * tls/tests: Skip certain tests when running against old gnutls or
538 GLib releases. (glib-networking 2.43.91 itself does not require
539 GLib 2.43, but one of the test cases does.)
541 * Updated translations:
547 * The GTlsClientConnection "use-ssl3" property now falls back to TLS
548 1.0 if SSL 3.0 has been disabled, rather than just failing. Also,
549 we now use the gnutls %LATEST_RECORD_VERSION option by default (to
550 allow connecting to certain servers that were incorrectly patched
551 for the POODLE attack), but also make sure to remove that option
552 in the fallback ("use-ssl3") mode (to allow connecting to other
553 servers that are differently broken). (#738633, #740087, Dan
556 * tls/gnutls: Miscellaneous warning, debugging, and leak fixes
557 (#736757, #736809, #737106, Philip Withnall)
559 * New/updated translations:
564 * New stable release. (No changes since 2.41.92)
568 * tls/gnutls: Incorrectly-ordered certificate chains are now
569 accepted (#683266, Michael Catanzaro)
571 * tls/gnutls: Closing an already-closed GTlsConnection now correctly
572 returns TRUE rather than G_IO_ERROR_CLOSED (#735754, Olivier
577 * tls/gnutls: certificates with IP address subject altnames are now
578 supported (#726596, Aleix Conchillo Flaqué)
580 * tls/tests: added a script to re-generate the certificates, and
581 regenerated them (since the key for the existing CA certificate
582 had been lost, so it wasn't possible to add new test certificates,
583 eg, for IP SAN). (#733365, Aleix Conchillo Flaqué)
585 * Updated translations:
590 * tls/gnutls: g_tls_backend_get_default_database() should never
591 return %NULL; if glib-networking was built without a
592 ca-certificates file, then the default GTlsDatabase should just be
593 empty. (#727282, Olivier Crête)
595 * tls/gnutls: If a server's certificate includes an issuer chain, we
596 now send the entire chain to the client. (#724708, Aleix Conchillo
599 * Updated translations:
604 * New stable release. (No changes since 2.39.90)
608 * tls/gnutls: Avoid trying to update a destroyed GSource (#723774,
611 * tls/tests: Fix another flaky test (#722336)
613 * tests: use the TAP driver
615 * Updated translations:
620 * tls/tests: Fix one sporadic bug in the connection test (#720081)
621 and make it properly fail rather than hanging forever when another
622 sporadic bug happens (which I don't actually know the cause of)
625 * tls/gnutls: Fix for -Werror=format-nonliteral (#720081, Ryan
630 * tls/gnutls: Use g_tls_interaction_invoke_request_certificate()
631 when processing a certificate request. (#637257, Stef Walter)
633 * tls/gnutls: Handle G_IO_ERROR_TIMED_OUT on a GTlsConnection
634 correctly rather than reporting "The specified session has
635 been invalidated for some reason". (#710700, Aleix Concillo
638 * tls/tests: Fix to previous installed-tests fix, which resulted
639 in some files getting installed even when installed tests weren't
642 * tls/tests: add a test for a fix made in glib (#710691, Aleix
647 * glibpacrunner: Don't crash if there is an internal libproxy error.
650 * tls/tests: Fix installed tests to not accidentally depend on
651 having the source tree still exist. (#709628)
653 * Updated translations:
658 * New stable release. (No changes since 2.37.5)
662 * gnutls: minimum version is now 2.12.8 (with 3.x preferred...)
664 * glib-networking now supports the --enable-installed-tests flag, to
665 install its test programs to run at other times (ie, after
670 * proxy/gnome: further improve GNOME session detection (#701377)
672 * gnutls: don't crash if $G_TLS_GNUTS_PRIORITY is invalid (#701693)
676 * proxy/gnome: Improve session-type detection to include
677 gnome-classic and anything else starting with "gnome" (#700607,
680 * proxy/libproxy: make SOCKS work when using the async API (#699359,
683 * proxy/tests: make the libproxy test program use the just-built
684 plugin rather than the installed one. Oops (#700286, Iain Lane)
686 * proxy/tests: fix to not error out if neither proxy module is built
689 * tls/tests: fix a sporadic crash (Dan)
693 * gnutls: Fixed a bug that could cause hangs and/or bursts of CPU
694 usage in some cases. (#696881, Olivier Crête)
696 * gnutls: Fixed CFLAGS when building with gnutls in a different
697 prefix. (#696519, Emmanuel Pacaud)
699 * gnutls: Fixed a hang while rehandshaking with gnutls 3.x (#695062,
702 * gnutls: Fixed a handshaking crash in multithreaded use (#697754,
705 * proxy/gnome: Fix "automatic" mode, which was mistakenly being
706 treated as "none" (Dan)
708 * proxy/gnome: Use this in Unity sessions as well as GNOME ones.
711 * New/Updated translations:
712 Friulian, Indonesian, Turkish
716 * New/Updated translations:
717 Assamese, Basque, Belarusian, Catalan (Valencian), Catalan,
718 Danish, Finnish, Hindi, Korean, Latvian, Persian, Portuguese,
719 Russian, Slovak, Tadjik, Thai
723 * Fixed one kind of handshake failure to return the correct error
724 code under gnutls 3.x (allowing libsoup to recognize the error and
725 do fallback to SSL 3.0). (#694812)
727 * Updated translations:
728 Chinese (traditional), French, German, Punjabi, Uyghur,
733 * proxy/gnome: ported to new GSimpleProxyResolver, and added more
736 * gnutls: Fixed a small per-connection leak (#693718)
738 * tls/tests: Fixed several race conditions that caused spurious
741 * Updated translations:
746 * proxy/gnome: Fixed several bugs:
748 * Multithreaded usage could result in crashes
750 * In "automatic" mode, synchronous lookups would obey
751 ignore-hosts, but asynchronous lookups would not. (Now they
754 * lookup_async() would never notice if the proxy settings
755 switched from "automatic" to "manual" or "none" (and would
756 make a synchronous D-Bus call when switching in the other
759 * If given an invalid URI, lookup_async() would return a
760 successful result (and leak the GError that it was supposed
761 to have returned), and lookup() would return both the error
762 and the proxy (leaking one or the other, depending on how
765 * Updated translations:
766 Italian, Malayalam, Norwegian bokmål, Serbian, Uyghur
770 * proxy/gnome: The tests should now work correctly even if
771 run from a non-GNOME environment. (Robert Ancell)
773 * Updated translations:
774 Brazilian Portuguese, Bulgarian, Estonian, Galician, Greek,
779 * build: The TLS tests are now not built if you are building without
780 gnutls support. (Saleem Abdulrasool)
782 * gnutls: Several handshaking fixes:
784 * Fix a hang when doing a synchronous close() immediately
785 after cancelling an asynchronous handshake() (which would
786 happen in libsoup if you cancelled a message at the right
787 time). (#688751, Dan)
789 * Avoid an assertion when an implicit handshake fails
792 * Fixed GTlsServerConnection:authentication-mode to work
793 again, and added a regression test for this. (#689259, Stef)
795 * Return the appropriate error
796 (G_TLS_ERROR_CERTIFICATE_REQUIRED) when a handshake fails
797 because the server required a certificate but none was
798 provided, and added a test for this. (#689260, Stef)
800 * Make g_io_stream_close() finish successfully after a failed
801 handshake (#689260, Stef)
803 * Make g_io_stream_close() finish successfully before a
804 handshake (#689271, Stef)
806 * gnutls: Updated to be aware of G_IO_ERROR_BROKEN_PIPE in glib
807 2.35.3, which needs to be converted to G_TLS_ERROR_NOT_TLS in some
808 cases. (Previously this error showed up as just G_IO_ERROR_FAILED.)
811 * proxy/gnome: This is now only used in GNOME login sessions (as,
812 essentially, a more efficient version of the libproxy GNOME
813 backend); in non-GNOME sessions, gio will now fall back to the
814 libproxy plugin, allowing environment variables or other libproxy
815 settings backends to be used.
817 * New/Updated translations:
818 Czech, Hebrew, Lithuanian, Polish, Slovak, Spanish
822 * Update for glib 2.35.1; remove g_type_init() calls and port to
825 * Updated translations:
830 * Updated translations:
831 Arabic, Bulgarian, Catalan (Valencian), Catalan, Chinese
832 (Simplified), Hindi, Japanese, Thai
836 * Updated translations:
837 Brazilian Portuguese, British English, Czech, Danish, Finnish,
838 French, German, Korean, Punjabi
842 * gnutls: Revert the addition of the certificate-bytes and
843 private-key-bytes properties to GTlsCertificateGnutls, since they
844 were reverted in glib. (#682081, Stef)
846 * Updated translations:
847 Belarusian, Hungarian, Indonesian, Italian, Latvian, Polish,
852 * gnutls: Improved the certificate verifying code to deal with the
853 case of a CA being reissued with the same key but a different
854 signature algorithm. (#681299, Stef)
856 * gnutls: Fixed an uninitialized variable in
857 g_tls_connection_gnutls_close(). (#681636)
859 * Updated translations:
860 Assamese, Portuguese, Telugu
864 * gnutls: If a GTlsConnection gets an error when handshaking, it
865 will now continue to return that error message on future I/O
866 attempts, rather than behaving in an undefined manner.
868 * gnutls: You can now read from a GTlsConnection's input stream and
869 write to its output stream at the same time (either in different
870 threads, or asynchronously in a single thread). (#660252)
872 * Updated translations:
873 Chinese (traditional), Galician, Greek, Hebrew, Lithuanian,
874 Norwegian bokmål, Russian, Serbian, Slovenian, Spanish
878 * Updated autogen.sh (in particular to support automake 1.12)
881 * gnutls: fix the use-system-certdb property on GTlsConnectionGnutls
882 (previously, setting it to FALSE was a no-op).
884 * Updated translations:
885 Dutch, Greek, Indonesian
889 * gnutls: simplify using new glib pollable stream methods
891 * proxy/gnome: fix a bug that made it impossible to use SOCKS
892 without also having a separate http proxy.
896 * gnutls: added /etc/ssl/ca-bundle.pem to the list of files to check
897 for to use as the default CA list. (This is what openSUSE uses.)
898 (#673944, Federico Mena Quintero)
900 * Updated translations:
901 Catalan (Valencian), Marathi, Odia, Persian
905 * New/updated translations:
906 Hindi, Japanese, Khmer, Latvian, Malayalam
910 * Updated translations:
911 British English, Catalan, Finnish, Lithuanian, Portuguese,
916 * gnutls: Fixed a linking problem on some platforms when PKCS#11 is
917 enabled. (#670956, Kalev Lember)
919 * Updated translations:
920 Assamese, Basque, Belarusian, Brazilian Portuguese, Danish,
921 Estonian, French, German, Hungarian, Italian, Korean, Polish,
926 * gnutls: Fixed a TLS handshaking bug that in particular caused lots
927 of crashes in epiphany. (#658771)
929 * tls/tests: Fixed a bug in the pkcs11-pin test that could cause it
932 * Updated translations:
933 Bulgarian, Chinese (traditional), Czech, Japanese,
934 Norwegian bokmål, Turkish, Vietnamese
939 * Support gnutls built against nettle instead of gcrypt
942 * Implement TLS session caching for GTlsServerConnection
945 * tls/tests: Explicitly request the memory GSettings backend, to
946 avoid warnings in partial jhbuild environments
948 * proxy/gnome: Update to use GInetAddressMask
950 * Updated translations:
951 Chinese (simplified), Hebrew, Norwegian bokmål, Slovenian,
957 * Added gnutls-pkcs11 backend, which uses gnutls 2.12.8 and
958 p11-kit (a new optional dependency) to provide access to
959 PKCS#11 tokens. At the moment, this is only enabled if you
960 set GIO_USE_TLS=gnutls-pkcs11 in the environment. (Stef,
963 * GTlsCertificateGnutls can now read unencrypted PKCS#8 keys
964 (which show "BEGIN PRIVATE KEY" in PEM form) in addition to
965 the previously-supported PKCS#1 keys ("BEGIN RSA PRIVATE
968 * Updated translations:
969 Galician, German, Lithuanian, Norwegian bokmål, Spanish,
975 * Bumped required GNUTLS version to 2.11.0 and updated
976 code for that (Stef, #656903)
978 * Fixed a crash when passing a NULL GCancellable to
979 g_tls_connection_close_async() (Dan, #659786) or a NULL
980 GError to g_tls_file_database_new().
982 * Fixed handling of self-signed CA certificates in
983 GTlsDatabaseGnutls (Dan, #660508)
985 * Added another G_TLS_ERROR_NOT_TLS (aka "dumb server, try
986 falling back from TLS to SSLv3") case, when the handshake
987 completes but then packets after that don't decrypt
988 correctly. (Dan, #662104)
990 * Made sure that GTlsConnection:peer-certificate and
991 :peer-certificate-errors get set even when the peer
992 certificate is rejected. (Dan)
995 * Fixed ignore_hosts handling (Dan, #655581)
997 * Fixed configure check so that "--without-gnome-proxy" works.
998 (Alexandre Rostovtsev, #662203)
1000 * Fixed tests to only build the gnome proxy test if we're
1001 building the gnome proxy. (Kalev Lember, #662085)
1008 * Updated translation:
1013 * New/updated translations:
1014 Belarusian, Tamil, Japanese
1016 * gnutls: Fixed a problem when linking against GNUTLS 3.0, where
1017 connections would sometimes return the error "The TLS connection
1018 was non-properly terminated". (Dan Winship, #659233)
1020 * gnutls: Plugged a few memory leaks (Dan Winship)
1024 * gnutls: fixed two rehandshaking bugs; one in which a client
1025 would erroneously report an error after successfully rehandshaking
1026 (Igor Makarov, #653645), and one where initiating an asynchronous
1027 rehandshake on the server side would send illegal packets and
1028 cause the client to disconnect (Dan Winship).
1030 * gnutls: made GTlsDatabaseGnutls and GTlsFileDatabaseGnutls
1031 properly cancellable (Stef Walter)
1033 * gnutls: fixed the client-side session cache to not share session
1034 IDs between different virtual hosts on the same IP address, which
1035 caused problems with some servers. (Dan Winship, #581342)
1037 * tls: Fixed up the tls test program so it can be run from "make
1038 check" (Stef Walter)
1045 * gnutls: implement GTlsDatabase (Stef Walter, #636572)
1047 * gnutls: override minimum key length, to allow connecting to HTTP
1048 servers with very small keys (eg, on some embedded devices). (Dan
1051 * gnutls: use %COMPAT mode, which makes GNUTLS behave more like
1052 OpenSSL/NSS/Windows in a few ways, making it work with certain
1053 broken HTTP servers. (Dan Winship, part of #581342)
1055 * gnutls: fixed a crash when passed a NULL GError (Dan Winship)
1059 * Optimized GDBus usage in PACRunner (davidz)
1061 * Fixed a race condition in GProxyResolverGnome (davidz)
1063 * Changed configure to --enable-maintainer-mode by default,
1067 Belarusian, Catalan (Valencian), Esperanto, Finnish,
1072 * Fixed some leaks in the gnutls backend
1079 * New/updated translations:
1080 Basque, Brazilian Portuguese, Chinese (Traditional), Danish,
1081 Hindi, Kannada, Marathi, Uyghur
1085 * Added a new proxy backend, GProxyResolverGnome, that uses
1086 GSettings and the network proxy schemas from
1087 gsettings-desktop-schemas to provide proxy information (and using
1088 a new D-Bus service provided by the libproxy backend to provide
1091 If you are building glib-networking in a GNOME 3.0 environment,
1092 you should make sure that gsettings-desktop-schemas.pc is
1093 available when building, so that this backend gets built.
1096 Assamese, Latvian, Oriya, Serbian
1100 * Fixed broken libtool check in autogen.sh that failed for libtool
1103 * New/updated translations:
1104 Bengali (India), Catalan, Chinese (Simplified), Chinese
1105 (Traditional), Czech, Dutch, Estonian, Galician, German,
1106 Greek, Gujarati, Hebrew, Indonesian, Italian, Korean,
1107 Norwegian (Bokmål), Polish, Punjabi, Slovenian, Spanish,
1108 Swedish, Uyghur, Ukranian
1112 * Fixed configure script to actually error out if installed glib
1113 version is too old (Emilio Pozuelo Monfort)
1115 * gnutls: updated GTlsClientConnectionGnutls for :accepted-cas type
1116 change (Stef Walter)
1117 * gnutls: fixed an uninitialized variable (Dan Winship)
1121 * gnutls: finish implementing GTlsRehandshakeMode, which was present
1122 but non-functional in 2.27.4
1123 * gnutls: updates for glib TLS API changes
1124 * gnutls: fix some async bugs that caused the main loop to spin
1125 * gnutls: implement a client-side session cache, to speed up
1128 * Compile with gcc warnings by default
1132 * GNUTLS-based implementation of GTlsBackend
1137 * No changes, just a version bump
1142 * Initial release, with libproxy-based GProxyResolver