* New upstream release
* Team upload
* New upstream stable release
* Upload to unstable
- In particular, this removes a test that asserts we are able to
work around servers' protocol intolerance by falling back to older
TLS versions. That feature enables downgrade attacks, and was
removed in GLib 2.63.2 and glib-networking 2.63.2, causing the
test to fail in older glib-networking versions. (Closes: #953766)
* Switch packaging branch back to debian/master for unstable
* d/watch: Only look for stable releases again
* Standards-Version: 4.5.0 (no changes required)
* d/copyright: Remove PKCS11 stuff.
Its addition was reverted in 2.63.90.
* New upstream release
- Revert "Fix peer-certificate properties changing too soon" from
2.63.91-1. It broke libsoup2.4's tests.
* New upstream release
- Fix peer-certificate properties changing too soon
- GnuTLS backend: reduce session resumption cache lifetime
- GnuTLS backend: restore TLS 1.2 support for copy session state
* control: Bump GLib BD to 2.63.0 per upstream
* New upstream release
[ Simon McVittie ]
* New upstream release
- d/p/Disable-PKCS-11-client-authentication-test.patch,
d/p/tls-tests-Fix-to-work-as-installed-tests.patch:
Drop, applied upstream
* Merge packaging changes from unstable
* d/copyright: Further updates
* Team upload
[ Iain Lane ]
* debian/gbp.conf: Use upstream branch upstream/2.62.x to track stable
[ Simon McVittie ]
* d/watch: Only watch for stable versions
* New upstream release
* d/tests/installed-tests: Fail on reference to unset variables
* d/tests/installed-tests: Remove support for old autopkgtest
versions. AUTOPKGTEST_TMP is now required to be set, and we do not use
the deprecated ADTTMP.
* d/copyright: Update
[ Automatic changes via lintian-brush ]
* Set field Upstream-Name in debian/copyright.
* Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
Repository-Browse.
* Update standards version to 4.4.1, no changes needed.
* New upstream release
- Add support for new PKCS#11 APIs to facilitate use with smartcards
- Build mock PKCS #11 module only for GnuTLS backend
- Disable TLS 1.0 and TLS 1.1 when using GnuTLS
- Drop rehandshake mode and protocol version fallback support
- Fix crash when handshake context is reset too late
- Fix leak in GTlsCertificateGnutls finalizer
- Fix PKCS #11 tests with TLS 1.2
- Require GnuTLS 3.6.5
- Rework session resumption support for TLS 1.3
- Run GnuTLS tests under TLS 1.2 in addition to TLS 1.3
- Support OpenSSL 1.0.1
* control: Bump gnutls BD to 3.6.5 per meson.build
* d/p/Disable-PKCS-11-client-authentication-test.patch: Cherry pick. Follow
upstream in disabling a flaky test
* d/p/tls-tests-Fix-to-work-as-installed-tests.patch: Fix installed tests. A
required module wasn't being installed, and the tests weren't written to
find the files in the correct locations when run installed..
* New upstream release
* Drop obsolete dh_strip dbgsym migration rule
* Team upload.
* Upload to unstable.
* New upstream release
- Verify socket timeouts are respected
- Fix a couple broken error messages
* Standards-Version → 4.4.0 (no changes required)
* New upstream release
- Fix translations of certain error messages
- Improve certain handshake error messages
- Fix regressions introduced in 2.61.1 (LP: #1839826)
* New upstream release
* control: Bump BD on glib2.0 to 2.60.0, per meson.build
* New upstream release (LP: #1832458)
- Fix clobbering of the thread-default main context after certificate
verification failure during async handshakes since 2.60.1
- Fix GTlsDatabase initialization failures in OpenSSL backend due to
uninitialized memory use
- Fix minor leak of ALPN protocols
- OpenSSL backend now defaults to system trust store
- Fix client auth failure error with GnuTLS 3.6.7
* gnutls-Handle-new-GNUTLS_E_CERTIFICATE_REQUIRED.patch: Drop. It's in this
upstream release.
* New upstream release
- Improve reliability of client auth failure tests
- Fix excessive CPU usage after sync handshake
* Cherry-pick patch from upstream to fix tests with gnutls 3.6.7. This now
returns GNUTLS_E_CERTIFICATE_REQUIRED, which we should convert to
G_TLS_ERROR_CERTIFICATE_REQUIRED.
* New upstream release
* New upstream release
* New upstream release
- GnuTLS: reject sync operations during handshake to avoid deadlocks
- Temporarily disable DTLS and OpenSSL tests due to upstream bugs #49 and
#54
+ This was already Debian patches, FWIW.
* debian/patches: Drop. The tests are skipped upstream now.
* New upstream development release
* New upstream development release
* Bump minimum meson to 0.47.0
* Build-Depend on debhelper-compat 12 and drop debian/compat
* Build-Depend on dh-sequence-gnome
* debian/rules: Use -Dauto_features=enabled
* Stop overriding libexecdir
* Add -Wl,-O1 to our LDFLAGS
* Bump Standards-Version to 4.3.0
* New upstream translation release
* debian/control{,.in}: Bump Standards-Version to 4.2.1, no changes needed
* New upstream release
* Release to unstable
* debian/*: Update for experimental / 2.57
* New upstream release 2.57.90 (LP: #1786809)
- Properly check for server errors in connection tests
- Perform certificate verification during, not after, TLS handshake
- Avoid trailing dots in SNI hostnames
- Send fallback SCSV with fallback connection attempts
- Fail unsafe rehandshake attempts initiated by API request
- Fix memory leaks when calling g_tls_connection_gnutls_get_certificate()
- Use GnuTLS system trust and remove build option to specify cert bundle
- Fix criticals when child streams outlast the parent GTlsConnection
- Fix crash when setting client cert without private key
- Never install GIO modules outside build prefix
- Don't install test files if installed tests are disabled
- Fix build with -Dpkcs11=false
- g_tls_certificate_verify() no longer manually verifies certificate
activation/expiration time, matching the current behavior of
g_tls_database_verify_chain().
* debian/control*:
- Remove libp11-kit BD - upstream has disabled this by default now.
- Standards-Version → 4.2.0, no changes required.
* Team upload
* New upstream stable release
* Standards-Version: 4.1.5 (no changes required)
[ Simon McVittie ]
* New upstream stable release
* Set Rules-Requires-Root to no
* Standards-Version: 4.1.3 (no changes required)
[ Jeremy Bicha ]
* Release to unstable
[ Jeremy Bicha ]
* Update Vcs fields for migration to https://salsa.debian.org/
[ Iain Lane ]
* Branch to experimental, update debian/{watch,gbp.conf,control{,.in}}
accordingly.
* New upstream release 2.55.90
- Allow static linking
- Fix issues found by coverity
- Fix unit tests when SSLv3 is unavailable
- Fix using different client certs for different connections
- Implement DTLS support
- Port to Meson build system
+ debian/rules: Update accordingly.
- Try to ensure that GnuTLS is only initialized if TLS is actually used
- Update use of GObject to follow current best practices
- Use XDG_CURRENT_DESKTOP to determine which proxy module to load
* debian/patches/01_connection_test.patch: Update for meson, mark as written
by Emilio (ascertained by changelog mining).
* debian/control{,.in}: BD on glib 2.55, as required by this version.
* Update Vcs fields for conversion to git
* Add debian/gbp.conf
* Bump Standards-Version to 4.1.2
* New upstream release
* Switch from dh_install --fail-missing to dh_missing --fail-missing
* Remove no longer needed Breaks/Replaces
* Bump Standards-Version to 4.1.1
* New upstream translations release
* New upstream release
* Bump Standards-Version to 4.1.0
* New upstream release.
* Bump dh compat to 10 (automatic dh-autoreconf).
* debian/rules: remove '*.la' and use --fail-missing.
* New upstream beta release.
* Update build-dependencies according to configure.ac changes:
- drop intltool
* Convert from cdbs -> dh
* Add debian/docs to ship NEWS
* New upstream release.
* Install systemd user service for the glib-pacrunner D-Bus session service.
* New upstream release.
* Drop glib-networking-dbg package now that we have automatic dbgsym
packages.
* Ensure proper upgrade from glib-networking-dbg to new dbgsym packages by
using dh_strip --dbgsym-migration. Bump Build-Depends on debhelper
accordingly.
* Bump debhelper compatibility level to 9.
* Bump Standards-Version to 3.9.8.
* New upstream release.
* Refresh debian/patches/01_connection_test.patch to apply without fuzz.
* New upstream release.
* Refresh patches.
* Drop the Build-Conflicts against glib-networking, the test-suite passes
now with that package installed.
* New upstream release 2.46.0
+ Various minor cleanups and small memory leak fixes
+ Added a new test case for client certificate chain handling
* Bump glib BD to ≥ 2.46, as per configure.ac.
* Update Vcs-* for experimental.
* New upstream release 2.45.1
+ tls/gnutls: Implement g_tls_client_connection_copy_session_state(), to
allow implementing FTP-over-TLS in gvfs.
* Bump glib BD to ≥ 2.45.1, as per configure.ac.
* Upload to unstable.
* debian/watch: Update to consider stable releases only.
* New upstream release 2.44.0
* New upstream release 2.43.92
+ Fix TLS session caching when using session tickets
* New upstream release 2.43.91
- tls/gnutls: Removed a workaround for connecting to servers with weak DH
parameters, which was apparently only needed because gnutls was
prioritizing DHE over RSA.
- tls/gnutls: We now require gnutls 3.x again. (In fact, 2.42.1 and 2.43.1
accidentally used a 3.x-only function, so we already required it, we
were just failing to declare that fact.)
- tls/tests: Skip certain tests when running against old gnutls or GLib
releases. (glib-networking 2.43.91 itself does not require GLib 2.43,
but one of the test cases does.)
* Drop glib BD back to 2.42 as per configure.ac; the problematic test is
automatically skipped upstream if necessary now.
* Increase libgnutls28-dev BD to 3.0, as per configure.ac
* debian/watch: Watch unstable version too, for experimental.
* New upstream release 2.43.1, including changes:
+ The GTlsClientConnection "use-ssl3" property now falls back to TLS 1.0
if SSL 3.0 has been disabled, rather than just failing. Also, we now use
the gnutls %LATEST_RECORD_VERSION option by default (to allow connecting
to certain servers that were incorrectly patched for the POODLE attack),
but also make sure to remove that option in the fallback ("use-ssl3")
mode (to allow connecting to other servers that are differently broken).
+ tls/gnutls: Miscellaneous warning, debugging, and leak fixes.
* Bump glib BD to 2.43 (greater than configure.ac; one test requires this
version).
* Standards-Version → 3.9.6, no changes required.
* debian/patches/01_connection_test.patch:
+ Disable tls/connection tests. They are racy and so unreliable.
Closes: #762588.
* debian/rules:
+ Set VERBOSE so we get more information when a test fails.
* New upstream release.
* Target unstable
* debian/tests/installed-tests: Use dbus-run-session instead of dbus-launch.
* New upstream release 2.41.92
- tls/gnutls: Incorrectly-ordered certificate chains are now accepted
- tls/gnutls: Closing an already-closed GTlsConnection now correctly
returns TRUE rather than G_IO_ERROR_CLOSED
[ Martin Pitt ]
* Unset $http_proxy during autopkgtest; the test suite doesn't get along
with it, and doesn't need internet access.
[ Andreas Henriksson ]
* New upstream development release.
* Bump glib build-dependency to >= 2.41.3 (current experimental version)
since testsuite fails if we use 2.40.0 (current testing/unstable version).
* Team upload.
[ Dimitri John Ledkov ]
* Switch to gnutls28. (Closes: #747451)
[ Iain Lane ]
* Fix Vcs-Browser URL
[ Emilio Pozuelo Monfort ]
* New upstream bugfix release.
* Upload to unstable.
[ Martin Pitt ]
* Add xauth test depends, it is only a recommends of xvfb.
[ Andreas Henriksson ]
* New upstream release.
* New upstream release.
* New upstream development release.
* debian/control.in:
+ Bump glib build dependency.
+ Standards-Version is 3.9.5, no changes needed.
[ Vincent Cheng ]
* Add missing entries in debian/copyright. (Closes: #725998)
[ Iain Lane ]
* Use dh-autoreconf to update libtool.m4 for new ports.
[ Emilio Pozuelo Monfort ]
* New upstream release.
* Upload to unstable.
* debian/control{,.in}: Add XS-Testsuite header
* New upstream release
+ glibpacrunner: Don't crash if there is an internal libproxy error.
+ tls/tests: Fix installed tests to not accidentally depend on having the
source tree still exist.
* debian/control: Have the tests depend on ca-certificates.
* New upstream release
* debian/control: Build-Depend on GLib >= 2.38 and libproxy >= 0.4 (test
failures with 0.3)
* Build & package installed tests
* Add autopkgtest to run the installed tests
* Merge experimental branch, upload to unstable.
* Bump Standards-Version to 3.9.4, no changes necessary.
* New upstream release.
* New upstream release.
* New upstream release.
* New upstream release.
+ debian/control.in:
- Update build dependencies.
* New upstream release.
+ debian/control.in:
- Update build dependencies.
* New upstream release.
* Bump Build-Depends on libglib2.0-dev to (>= 2.33.14) so we don't pick up
the version from unstable. This will also generate a tight enough
dependency.
* New upstream version, matching glib 2.33.12.
* debian/control.in: Bump glib build dependency to >= 2.33.12.
* debian/control.in: Switch Vcs-* to experimental branch.
* debian/watch: Watch for unstable versions while we are tracking the 2.34
development versions.
* New upstream release.
* New upstream release:
- gnutls: added /etc/ssl/ca-bundle.pem to the list of files to check for
to use as the default CA list. (This is what openSUSE uses; not relevant
for Debian/Ubuntu).
- Translation updates.
* debian/copyright: Rewrite to use copyright 1.0 format.
* debian/control.in: Bump Standards-Version to 3.9.3.
* Upload to unstable.
* New upstream release.
* New upstream development release.
* Bump Build-Depends on cdbs and debhelper for multiarch support.
* New upstream development release.
* debian/control.in: Update Build-Depends.
* debian/rules: Explicitly enable libproxy and gnutls support for more
reliable build results.
* Enable PKCS#11 support.
* New upstream release.
* Instead of removing files via debian/rules, just be a bit more specific
what we want to install in debian/glib-networking-services.install.
* Upload to unstable.
* Break pre-multiarch glib (for modules path transition).
* glib-networking autodetects the path, no change needed.
* Split glib-networking for multiarch support:
- glib-networking contains the gio modules (m-a: same).
- g-n-services contains the D-Bus services (m-a: foreign).
- g-n-common contains the data.
* Add build-conflict about glib-networking itself (fails the test
suite).
* New upstream bug fix release.
* New upstream release.
* debian/control:
- Bump Build-Depends on libglib2.0-dev to (>= 2.29.18).
- Set pkg-gnome-maintainers@lists.alioth.debian.org as Maintainer.
* Remove patches, all merged upstream:
- debian/patches/01_tls_small_keys.patch
- debian/patches/02_gerror_crash.patch
- debian/patches/03_tls_compat.patch
- debian/patches/04_rehandshake.patch
- debian/patches/05_virtualhosts.patch
- debian/patches/06_gnutls3.patch
* debian/copyright:
- Update FSF address.
* debian/watch:
- Track .xz tarballs.
* Include a handful of changes from upstream git to improve TLS
support.
+ 01_tls_small_keys.patch: allow small TLS keys that some embedded
servers use.
+ 02_gerror_crash.patch: fix a crash when passed a NULL GError.
+ 03_tls_compat.patch: use %COMPAT in the protocol lists to handle
some broken servers. Closes: #636911.
+ 04_rehandshake.patch: handle rehandshake requests.
+ 05_virtualhosts.patch: don’t reuse sessions for different virtual
hosts on the same IP, some broken servers don’t like that.
+ 06_gnutls3.patch: support GnuTLS 3.x, in case the transition
starts soon.
* Require an intltool version with working quilt support.
* New upstream release.
* debian/control.in: Fix Vcs-* path for experimental → unstable.
* debian/control.in: Bump Standards-Version to 3.9.2 (no changes necessary).
* debian/watch: Fix syntax to actually recognize the current version.
* debian/watch: Fetch bzip2 tarballs.
* debian/rules: Remove unnecessary *.la files.
* New upstream bugfix release
* debian/patches/Only-set-GTLS-errors-when-errors-have-occurred.patch
- Removed, fixed upstream
* debian/patches/work-around-intltool-issue.patch
- Remove, no longer necessary
* New upstream release
* debian/patches/Only-set-GTLS-errors-when-errors-have-occurred.patch
- Added. Only reports errors when sending if errors occurred
* debian/patches/work-around-intltool-issue.patch
- Added. Work around intltool discovering translations in applied patched
(Debian bug #560704)
[ Rodrigo Moya ]
* debian/rules:
- Remove *.a files in the correct arch-specific dir
[ Sebastian Dröge ]
* debian/control.in:
+ Add debug package.
* New upstream stable release.
+ debian/control.in:
- Build-depend on gsettings-desktop-schemas-dev, depend on
gsettings-desktop-schemas.
* New upstream stable release.
* New upstream release.
+ debian/control.in:
- Bump libglib2.0-dev build requirement.
* New upstream release.
+ debian/control.in:
- Bump libglib2.0-dev build requirement.
* Initial release. Closes: #607409.