Hello community, here is the log from the commit of package glib-networking for openSUSE:Factory checked in at 2014-12-21 12:00:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/glib-networking (Old) and /work/SRC/openSUSE:Factory/.glib-networking.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "glib-networking" Changes: -------- --- /work/SRC/openSUSE:Factory/glib-networking/glib-networking.changes 2014-09-30 19:40:40.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.glib-networking.new/glib-networking.changes 2014-12-21 12:00:49.000000000 +0100 @@ -1,0 +2,16 @@ +Wed Dec 17 17:31:56 UTC 2014 - [email protected] + +- Update to version 2.42.1: + + The GTlsClientConnection "use-ssl3" property now falls back to + TLS 1.0 if SSL 3.0 has been disabled, rather than just failing. + Also, we now use the gnutls %LATEST_RECORD_VERSION option by + default (to allow connecting to certain servers that were + incorrectly patched for the POODLE attack), but also make sure + to remove that option in the fallback ("use-ssl3") mode (to + allow connecting to other servers that are differently broken). + (bgo#738633, bgo#740087). + + tls/gnutls: Miscellaneous warning, debugging, and leak fixes + (bgo#736757, bgo#736809, bgo#737106). + + Updated translations. + +------------------------------------------------------------------- Old: ---- glib-networking-2.42.0.tar.xz New: ---- glib-networking-2.42.1.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ glib-networking.spec ++++++ --- /var/tmp/diff_new_pack.S7Q82L/_old 2014-12-21 12:00:50.000000000 +0100 +++ /var/tmp/diff_new_pack.S7Q82L/_new 2014-12-21 12:00:50.000000000 +0100 @@ -17,7 +17,7 @@ Name: glib-networking -Version: 2.42.0 +Version: 2.42.1 Release: 0 Summary: Network-related GIO modules for glib License: LGPL-2.1+ ++++++ glib-networking-2.42.0.tar.xz -> glib-networking-2.42.1.tar.xz ++++++ ++++ 5661 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/glib-networking-2.42.0/NEWS new/glib-networking-2.42.1/NEWS --- old/glib-networking-2.42.0/NEWS 2014-09-23 00:02:15.000000000 +0200 +++ new/glib-networking-2.42.1/NEWS 2014-12-07 10:55:19.000000000 +0100 @@ -1,3 +1,21 @@ +2.42.1 +====== + + * The GTlsClientConnection "use-ssl3" property now falls back to TLS + 1.0 if SSL 3.0 has been disabled, rather than just failing. Also, + we now use the gnutls %LATEST_RECORD_VERSION option by default (to + allow connecting to certain servers that were incorrectly patched + for the POODLE attack), but also make sure to remove that option + in the fallback ("use-ssl3") mode (to allow connecting to other + servers that are differently broken). (#738633, #740087, Dan + Winship) + + * tls/gnutls: Miscellaneous warning, debugging, and leak fixes + (#736757, #736809, #737106, Philip Withnall) + + * New/updated translations: + Kazakh + 2.42.0 ====== * New stable release. (No changes since 2.41.92) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/glib-networking-2.42.0/configure.ac new/glib-networking-2.42.1/configure.ac --- old/glib-networking-2.42.0/configure.ac 2014-09-23 00:02:02.000000000 +0200 +++ new/glib-networking-2.42.1/configure.ac 2014-12-07 10:55:26.000000000 +0100 @@ -1,7 +1,7 @@ AC_PREREQ(2.65) AC_CONFIG_MACRO_DIR([m4]) -AC_INIT([glib-networking],[2.42.0],[http://bugzilla.gnome.org/enter_bug.cgi?product=glib&component=network]) +AC_INIT([glib-networking],[2.42.1],[http://bugzilla.gnome.org/enter_bug.cgi?product=glib&component=network]) AC_CONFIG_SRCDIR([proxy/libproxy/glibproxyresolver.h]) AC_CONFIG_HEADERS([config.h]) @@ -33,8 +33,8 @@ dnl ***************************** dnl *** Check GLib GIO *** dnl ***************************** -AM_PATH_GLIB_2_0(2.39.1,,AC_MSG_ERROR(GLIB not found),gio) -GLIB_CFLAGS="$GLIB_CFLAGS -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_40" +AM_PATH_GLIB_2_0(2.42.0,,AC_MSG_ERROR(GLIB not found),gio) +GLIB_CFLAGS="$GLIB_CFLAGS -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_42" GIO_MODULE_DIR=$($PKG_CONFIG --variable giomoduledir gio-2.0) AS_IF([test "$GIO_MODULE_DIR" = ""], diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/glib-networking-2.42.0/m4/intltool.m4 new/glib-networking-2.42.1/m4/intltool.m4 --- old/glib-networking-2.42.0/m4/intltool.m4 2014-09-23 00:02:48.000000000 +0200 +++ new/glib-networking-2.42.1/m4/intltool.m4 2014-12-07 10:55:48.000000000 +0100 @@ -155,6 +155,31 @@ # Substitute ALL_LINGUAS so we can use it in po/Makefile AC_SUBST(ALL_LINGUAS) +# Set DATADIRNAME correctly if it is not set yet +# (copied from glib-gettext.m4) +if test -z "$DATADIRNAME"; then + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[]], + [[extern int _nl_msg_cat_cntr; + return _nl_msg_cat_cntr]])], + [DATADIRNAME=share], + [case $host in + *-*-solaris*) + dnl On Solaris, if bind_textdomain_codeset is in libc, + dnl GNU format message catalog is always supported, + dnl since both are added to the libc all together. + dnl Hence, we'd like to go with DATADIRNAME=share + dnl in this case. + AC_CHECK_FUNC(bind_textdomain_codeset, + [DATADIRNAME=share], [DATADIRNAME=lib]) + ;; + *) + [DATADIRNAME=lib] + ;; + esac]) +fi +AC_SUBST(DATADIRNAME) + IT_PO_SUBDIR([po]) ]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/glib-networking-2.42.0/po/LINGUAS new/glib-networking-2.42.1/po/LINGUAS --- old/glib-networking-2.42.0/po/LINGUAS 2014-02-01 15:46:53.000000000 +0100 +++ new/glib-networking-2.42.1/po/LINGUAS 2014-11-21 21:26:00.000000000 +0100 @@ -28,6 +28,7 @@ id it ja +kk km kn ko diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/glib-networking-2.42.0/po/Makefile.in.in new/glib-networking-2.42.1/po/Makefile.in.in --- old/glib-networking-2.42.0/po/Makefile.in.in 2014-09-23 00:02:48.000000000 +0200 +++ new/glib-networking-2.42.1/po/Makefile.in.in 2014-12-07 10:55:48.000000000 +0100 @@ -33,7 +33,8 @@ datadir = @datadir@ datarootdir = @datarootdir@ libdir = @libdir@ -localedir = @localedir@ +DATADIRNAME = @DATADIRNAME@ +itlocaledir = $(prefix)/$(DATADIRNAME)/locale subdir = po install_sh = @install_sh@ # Automake >= 1.8 provides @mkdir_p@. @@ -79,7 +80,7 @@ .po.pox: $(MAKE) $(GETTEXT_PACKAGE).pot - $(MSGMERGE) $* $(GETTEXT_PACKAGE).pot -o $*.pox + $(MSGMERGE) $< $(GETTEXT_PACKAGE).pot -o $*.pox .po.mo: $(INTLTOOL_V_MSGFMT)$(MSGFMT) -o $@ $< @@ -107,7 +108,7 @@ install-data-yes: all linguas="$(USE_LINGUAS)"; \ for lang in $$linguas; do \ - dir=$(DESTDIR)$(localedir)/$$lang/LC_MESSAGES; \ + dir=$(DESTDIR)$(itlocaledir)/$$lang/LC_MESSAGES; \ $(mkdir_p) $$dir; \ if test -r $$lang.gmo; then \ $(INSTALL_DATA) $$lang.gmo $$dir/$(GETTEXT_PACKAGE).mo; \ @@ -141,8 +142,8 @@ uninstall: linguas="$(USE_LINGUAS)"; \ for lang in $$linguas; do \ - rm -f $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(GETTEXT_PACKAGE).mo; \ - rm -f $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(GETTEXT_PACKAGE).mo.m; \ + rm -f $(DESTDIR)$(itlocaledir)/$$lang/LC_MESSAGES/$(GETTEXT_PACKAGE).mo; \ + rm -f $(DESTDIR)$(itlocaledir)/$$lang/LC_MESSAGES/$(GETTEXT_PACKAGE).mo.m; \ done check: all $(GETTEXT_PACKAGE).pot diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/glib-networking-2.42.0/po/kk.po new/glib-networking-2.42.1/po/kk.po --- old/glib-networking-2.42.0/po/kk.po 1970-01-01 01:00:00.000000000 +0100 +++ new/glib-networking-2.42.1/po/kk.po 2014-11-21 21:26:00.000000000 +0100 @@ -0,0 +1,149 @@ +# Kazakh translation for glib-networking. +# Copyright (C) 2014 glib-networking's COPYRIGHT HOLDER +# This file is distributed under the same license as the glib-networking package. +# Baurzhan Muftakhidinov <[email protected]>, 2014. +# +msgid "" +msgstr "" +"Project-Id-Version: glib-networking master\n" +"Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"; +"product=glib&keywords=I18N+L10N&component=network\n" +"POT-Creation-Date: 2014-11-06 18:42+0000\n" +"PO-Revision-Date: 2014-11-07 09:12+0600\n" +"Last-Translator: Baurzhan Muftakhidinov <[email protected]>\n" +"Language-Team: Kazakh <[email protected]>\n" +"Language: kk\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 1.6.9\n" + +#: ../proxy/libproxy/glibproxyresolver.c:157 +msgid "Proxy resolver internal error." +msgstr "Прокси шешушісінің ішкі қатесі." + +#: ../tls/gnutls/gtlscertificate-gnutls.c:173 +#, c-format +msgid "Could not parse DER certificate: %s" +msgstr "DER сертификатын талдау қатесі: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:194 +#, c-format +msgid "Could not parse PEM certificate: %s" +msgstr "PEM сертификатын талдау қатесі: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:225 +#, c-format +msgid "Could not parse DER private key: %s" +msgstr "DER жеке кілтін талдау қатесі: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:256 +#, c-format +msgid "Could not parse PEM private key: %s" +msgstr "PEM жеке кілтін талдау қатесі: %s" + +#: ../tls/gnutls/gtlscertificate-gnutls.c:296 +msgid "No certificate data provided" +msgstr "Сертификат ұсынылмады" + +#: ../tls/gnutls/gtlsclientconnection-gnutls.c:324 +msgid "Server required TLS certificate" +msgstr "Сервер TLS сертификатын талап етеді" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:267 +#, c-format +msgid "Could not create TLS connection: %s" +msgstr "Жаңа TLS байланысын жасау мүмкін емес: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:539 +msgid "Connection is closed" +msgstr "Байланыс жабылды" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:602 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1471 +msgid "Operation would block" +msgstr "Әрекет блоктайды" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:741 +#: ../tls/gnutls/gtlsconnection-gnutls.c:780 +msgid "Peer failed to perform TLS handshake" +msgstr "Торап TLS байланысты орнату сәлемдемесін орындай алмады" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:759 +msgid "Peer requested illegal TLS rehandshake" +msgstr "Торап жарамсы TLS қайта байланысты орнату сәлемдемесін сұрады" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:786 +msgid "TLS connection closed unexpectedly" +msgstr "TLS байланысты күтпегенде жабылды" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:796 +msgid "TLS connection peer did not send a certificate" +msgstr "TLS байланысының торабы сертификатты жібермеген" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1179 +#: ../tls/gnutls/gtlsconnection-gnutls.c:1212 +#, c-format +msgid "Error performing TLS handshake: %s" +msgstr "TLS байланысты орнату сәлемдемесін орындау қатесі: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1222 +msgid "Server did not return a valid TLS certificate" +msgstr "Сервер жарамды TLS сертификатын қайтармады" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1297 +msgid "Unacceptable TLS certificate" +msgstr "Жарамсыз TLS сертификаты" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1505 +#, c-format +msgid "Error reading data from TLS socket: %s" +msgstr "TLS сокетінен деректерді оқу қатесі: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1534 +#, c-format +msgid "Error writing data to TLS socket: %s" +msgstr "TLS сокетіне деректерді жазу қатесі: %s" + +#: ../tls/gnutls/gtlsconnection-gnutls.c:1586 +#, c-format +msgid "Error performing TLS close: %s" +msgstr "TLS жабу әрекетін орындау қатесі: %s" + +#: ../tls/gnutls/gtlsserverconnection-gnutls.c:103 +msgid "Certificate has no private key" +msgstr "Сертификатта жеке кілт жоқ" + +#: ../tls/pkcs11/gpkcs11pin.c:108 +msgid "" +"This is the last chance to enter the PIN correctly before the token is " +"locked." +msgstr "Токен блокталуға дейінгі PIN кодын енгізудің соңғы мүмкіндігі қалды." + +#: ../tls/pkcs11/gpkcs11pin.c:110 +msgid "" +"Several PIN attempts have been incorrect, and the token will be locked after " +"further failures." +msgstr "" +"Бірнеше PIN енгізу талаптары сәтсіз болды, токен келесі сәтсіз енгізілерде " +"блокталатын болады." + +#: ../tls/pkcs11/gpkcs11pin.c:112 +msgid "The PIN entered is incorrect." +msgstr "Енгізілген PIN коды дұрыс емес." + +#: ../tls/pkcs11/gpkcs11slot.c:446 +msgid "Module" +msgstr "Модуль" + +#: ../tls/pkcs11/gpkcs11slot.c:447 +msgid "PKCS#11 Module Pointer" +msgstr "PKCS#11 модулі көрсеткіші" + +#: ../tls/pkcs11/gpkcs11slot.c:454 +msgid "Slot ID" +msgstr "Слот ID-і" + +#: ../tls/pkcs11/gpkcs11slot.c:455 +msgid "PKCS#11 Slot Identifier" +msgstr "PKCS#11 слот идентификаторы" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/glib-networking-2.42.0/proxy/gnome/gproxyresolvergnome.c new/glib-networking-2.42.1/proxy/gnome/gproxyresolvergnome.c --- old/glib-networking-2.42.0/proxy/gnome/gproxyresolvergnome.c 2014-02-01 15:46:53.000000000 +0100 +++ new/glib-networking-2.42.1/proxy/gnome/gproxyresolvergnome.c 2014-11-21 15:28:41.000000000 +0100 @@ -472,6 +472,7 @@ GError *error = NULL; task = g_task_new (resolver, cancellable, callback, user_data); + g_task_set_source_tag (task, g_proxy_resolver_gnome_lookup_async); if (!g_proxy_resolver_gnome_lookup_internal (resolver, uri, &proxies, &pacrunner, &autoconfig_url, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/glib-networking-2.42.0/proxy/libproxy/glibproxyresolver.c new/glib-networking-2.42.1/proxy/libproxy/glibproxyresolver.c --- old/glib-networking-2.42.0/proxy/libproxy/glibproxyresolver.c 2014-02-01 15:46:53.000000000 +0100 +++ new/glib-networking-2.42.1/proxy/libproxy/glibproxyresolver.c 2014-11-21 15:28:41.000000000 +0100 @@ -170,6 +170,7 @@ gchar **proxies; task = g_task_new (resolver, cancellable, NULL, NULL); + g_task_set_source_tag (task, g_libproxy_resolver_lookup); g_task_set_task_data (task, g_strdup (uri), g_free); g_task_set_return_on_cancel (task, TRUE); @@ -190,6 +191,7 @@ GTask *task; task = g_task_new (resolver, cancellable, callback, user_data); + g_task_set_source_tag (task, g_libproxy_resolver_lookup_async); g_task_set_task_data (task, g_strdup (uri), g_free); g_task_set_return_on_cancel (task, TRUE); g_task_run_in_thread (task, get_libproxy_proxies); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/glib-networking-2.42.0/tls/gnutls/gtlsconnection-gnutls.c new/glib-networking-2.42.1/tls/gnutls/gtlsconnection-gnutls.c --- old/glib-networking-2.42.0/tls/gnutls/gtlsconnection-gnutls.c 2014-09-15 14:52:59.000000000 +0200 +++ new/glib-networking-2.42.1/tls/gnutls/gtlsconnection-gnutls.c 2014-11-22 17:04:22.000000000 +0100 @@ -194,52 +194,90 @@ g_mutex_init (&gnutls->priv->op_mutex); } -/* First field is "ssl3 only", second is "allow unsafe rehandshaking" */ +/* First field is "fallback", second is "allow unsafe rehandshaking" */ static gnutls_priority_t priorities[2][2]; +#define DEFAULT_BASE_PRIORITY "NORMAL:%COMPAT:%LATEST_RECORD_VERSION" + static void g_tls_connection_gnutls_init_priorities (void) { const gchar *base_priority; - gchar *ssl3_priority, *unsafe_rehandshake_priority, *ssl3_unsafe_rehandshake_priority; - int ret; + gchar *fallback_priority, *unsafe_rehandshake_priority, *fallback_unsafe_rehandshake_priority; + const guint *protos; + int ret, i, nprotos, fallback_proto; base_priority = g_getenv ("G_TLS_GNUTLS_PRIORITY"); if (!base_priority) - base_priority = "NORMAL:%COMPAT"; + base_priority = DEFAULT_BASE_PRIORITY; ret = gnutls_priority_init (&priorities[FALSE][FALSE], base_priority, NULL); if (ret == GNUTLS_E_INVALID_REQUEST) { g_warning ("G_TLS_GNUTLS_PRIORITY is invalid; ignoring!"); - base_priority = "NORMAL:%COMPAT"; + base_priority = DEFAULT_BASE_PRIORITY; gnutls_priority_init (&priorities[FALSE][FALSE], base_priority, NULL); } - ssl3_priority = g_strdup_printf ("%s:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0", base_priority); unsafe_rehandshake_priority = g_strdup_printf ("%s:%%UNSAFE_RENEGOTIATION", base_priority); - ssl3_unsafe_rehandshake_priority = g_strdup_printf ("%s:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0:%%UNSAFE_RENEGOTIATION", base_priority); + ret = gnutls_priority_init (&priorities[FALSE][TRUE], unsafe_rehandshake_priority, NULL); + g_warn_if_fail (ret == 0); + g_free (unsafe_rehandshake_priority); + + /* Figure out the lowest SSl/TLS version supported by base_priority */ + nprotos = gnutls_priority_protocol_list (priorities[FALSE][FALSE], &protos); + fallback_proto = G_MAXUINT; + for (i = 0; i < nprotos; i++) + { + if (protos[i] < fallback_proto) + fallback_proto = protos[i]; + } + if (fallback_proto == G_MAXUINT) + { + g_warning ("All GNUTLS protocol versions disabled?"); + fallback_priority = g_strdup (base_priority); + } + else + { + gchar *cleaned_base, *p, *rest; - gnutls_priority_init (&priorities[TRUE][FALSE], ssl3_priority, NULL); - gnutls_priority_init (&priorities[FALSE][TRUE], unsafe_rehandshake_priority, NULL); - gnutls_priority_init (&priorities[TRUE][TRUE], ssl3_unsafe_rehandshake_priority, NULL); + /* fallback_priority should be based on base_priority, except + * that we don't want %LATEST_RECORD_VERSION in it. + */ + cleaned_base = g_strdup (base_priority); + p = strstr (cleaned_base, ":%LATEST_RECORD_VERSION"); + if (p) + { + rest = p + strlen (":%LATEST_RECORD_VERSION"); + memmove (p, rest, strlen (rest) + 1); + } - g_free (ssl3_priority); - g_free (unsafe_rehandshake_priority); - g_free (ssl3_unsafe_rehandshake_priority); + fallback_priority = g_strdup_printf ("%s:%%COMPAT:!VERS-TLS-ALL:+VERS-%s", + cleaned_base, + gnutls_protocol_get_name (fallback_proto)); + } + fallback_unsafe_rehandshake_priority = g_strdup_printf ("%s:%%UNSAFE_RENEGOTIATION", + fallback_priority); + + ret = gnutls_priority_init (&priorities[TRUE][FALSE], fallback_priority, NULL); + g_warn_if_fail (ret == 0); + ret = gnutls_priority_init (&priorities[TRUE][TRUE], fallback_unsafe_rehandshake_priority, NULL); + g_warn_if_fail (ret == 0); + g_free (fallback_priority); + g_free (fallback_unsafe_rehandshake_priority); } static void g_tls_connection_gnutls_set_handshake_priority (GTlsConnectionGnutls *gnutls) { - gboolean use_ssl3, unsafe_rehandshake; + gboolean fallback, unsafe_rehandshake; if (G_IS_TLS_CLIENT_CONNECTION (gnutls)) - use_ssl3 = g_tls_client_connection_get_use_ssl3 (G_TLS_CLIENT_CONNECTION (gnutls)); + fallback = g_tls_client_connection_get_use_ssl3 (G_TLS_CLIENT_CONNECTION (gnutls)); else - use_ssl3 = FALSE; + fallback = FALSE; unsafe_rehandshake = (gnutls->priv->rehandshake_mode == G_TLS_REHANDSHAKE_UNSAFELY); gnutls_priority_set (gnutls->priv->session, - priorities[use_ssl3][unsafe_rehandshake]); + priorities[fallback][unsafe_rehandshake]); } static gboolean @@ -319,6 +357,14 @@ g_clear_error (&gnutls->priv->read_error); g_clear_error (&gnutls->priv->write_error); + /* This must always be NULL at this, as it holds a referehce to @gnutls as + * its source object. However, we clear it anyway just in case this changes + * in future. */ + g_clear_object (&gnutls->priv->implicit_handshake); + + g_clear_object (&gnutls->priv->read_cancellable); + g_clear_object (&gnutls->priv->write_cancellable); + g_clear_object (&gnutls->priv->waiting_for_op); g_mutex_clear (&gnutls->priv->op_mutex); @@ -1312,6 +1358,7 @@ GError *my_error = NULL; task = g_task_new (conn, cancellable, NULL, NULL); + g_task_set_source_tag (task, g_tls_connection_gnutls_handshake); begin_handshake (gnutls); g_task_run_in_thread_sync (task, handshake_thread); success = finish_handshake (gnutls, task, &my_error); @@ -1397,12 +1444,14 @@ GTask *thread_task, *caller_task; caller_task = g_task_new (conn, cancellable, callback, user_data); + g_task_set_source_tag (caller_task, g_tls_connection_gnutls_handshake_async); g_task_set_priority (caller_task, io_priority); begin_handshake (G_TLS_CONNECTION_GNUTLS (conn)); thread_task = g_task_new (conn, cancellable, handshake_thread_completed, caller_task); + g_task_set_source_tag (thread_task, g_tls_connection_gnutls_handshake_async); g_task_set_priority (thread_task, io_priority); g_task_run_in_thread (thread_task, async_handshake_thread); g_object_unref (thread_task); @@ -1427,6 +1476,8 @@ /* We have op_mutex */ gnutls->priv->implicit_handshake = g_task_new (gnutls, cancellable, NULL, NULL); + g_task_set_source_tag (gnutls->priv->implicit_handshake, + do_implicit_handshake); begin_handshake (gnutls); @@ -1616,6 +1667,7 @@ GTask *task; task = g_task_new (stream, cancellable, callback, user_data); + g_task_set_source_tag (task, g_tls_connection_gnutls_close_async); g_task_set_priority (task, io_priority); g_task_run_in_thread (task, close_thread); g_object_unref (task); @@ -1670,6 +1722,7 @@ pin = NULL; break; case G_TLS_INTERACTION_UNHANDLED: + default: pin = NULL; break; case G_TLS_INTERACTION_HANDLED: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/glib-networking-2.42.0/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c new/glib-networking-2.42.1/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c --- old/glib-networking-2.42.0/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c 2011-12-30 15:14:01.000000000 +0100 +++ new/glib-networking-2.42.1/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c 2014-11-21 15:28:41.000000000 +0100 @@ -37,11 +37,11 @@ #include "pkcs11/gpkcs11util.h" #include "pkcs11/pkcs11-trust-assertions.h" -const static CK_ATTRIBUTE_TYPE CERTIFICATE_ATTRIBUTE_TYPES[] = { +static const CK_ATTRIBUTE_TYPE CERTIFICATE_ATTRIBUTE_TYPES[] = { CKA_ID, CKA_LABEL, CKA_CLASS, CKA_VALUE }; -const static CK_ATTRIBUTE_TYPE KEY_ATTRIBUTE_TYPES[] = { +static const CK_ATTRIBUTE_TYPE KEY_ATTRIBUTE_TYPES[] = { CKA_ID, CKA_LABEL, CKA_CLASS, CKA_KEY_TYPE }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/glib-networking-2.42.0/tls/gnutls/gtlsdatabase-gnutls.c new/glib-networking-2.42.1/tls/gnutls/gtlsdatabase-gnutls.c --- old/glib-networking-2.42.0/tls/gnutls/gtlsdatabase-gnutls.c 2014-02-01 15:46:53.000000000 +0100 +++ new/glib-networking-2.42.1/tls/gnutls/gtlsdatabase-gnutls.c 2014-11-21 15:28:41.000000000 +0100 @@ -144,6 +144,7 @@ g_tls_certificate_gnutls_set_issuer (previous, G_TLS_CERTIFICATE_GNUTLS (issuer)); certificate = G_TLS_CERTIFICATE_GNUTLS (issuer); certificate_is_from_db = TRUE; + g_object_unref (issuer); continue; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/glib-networking-2.42.0/tls/gnutls/gtlsfiledatabase-gnutls.c new/glib-networking-2.42.1/tls/gnutls/gtlsfiledatabase-gnutls.c --- old/glib-networking-2.42.0/tls/gnutls/gtlsfiledatabase-gnutls.c 2014-06-23 23:06:13.000000000 +0200 +++ new/glib-networking-2.42.1/tls/gnutls/gtlsfiledatabase-gnutls.c 2014-11-21 15:28:41.000000000 +0100 @@ -118,7 +118,7 @@ { GPtrArray *multi; GList *list = NULL; - gint i; + guint i; multi = g_hash_table_lookup (table, key); if (multi == NULL) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/glib-networking-2.42.0/tls/gnutls/gtlsserverconnection-gnutls.c new/glib-networking-2.42.1/tls/gnutls/gtlsserverconnection-gnutls.c --- old/glib-networking-2.42.0/tls/gnutls/gtlsserverconnection-gnutls.c 2014-02-16 16:55:48.000000000 +0100 +++ new/glib-networking-2.42.1/tls/gnutls/gtlsserverconnection-gnutls.c 2014-11-21 15:28:41.000000000 +0100 @@ -178,6 +178,7 @@ case G_TLS_AUTHENTICATION_REQUIRED: req_mode = GNUTLS_CERT_REQUIRE; break; + case G_TLS_AUTHENTICATION_NONE: default: req_mode = GNUTLS_CERT_IGNORE; break; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/glib-networking-2.42.0/tls/tests/Makefile.am new/glib-networking-2.42.1/tls/tests/Makefile.am --- old/glib-networking-2.42.0/tls/tests/Makefile.am 2014-06-23 23:06:13.000000000 +0200 +++ new/glib-networking-2.42.1/tls/tests/Makefile.am 2014-12-07 10:50:01.000000000 +0100 @@ -1,13 +1,15 @@ include $(top_srcdir)/glib-networking.mk AM_CPPFLAGS += \ + $(GNUTLS_CFLAGS) \ -I$(top_srcdir)/tls \ -I$(top_builddir)/tls \ -DSRCDIR=\""$(abs_srcdir)"\" \ -DTOP_BUILDDIR=\""$(top_builddir)"\" LDADD = \ - $(GLIB_LIBS) + $(GLIB_LIBS) \ + $(GNUTLS_LIBS) test_programs = \ certificate \ @@ -24,8 +26,7 @@ pkcs11-slot AM_CPPFLAGS += \ - $(PKCS11_CFLAGS) \ - $(GNUTLS_CFLAGS) + $(PKCS11_CFLAGS) LDADD += $(top_builddir)/tls/pkcs11/libgiopkcs11.la $(PKCS11_LIBS) @@ -43,6 +44,7 @@ files/ca-roots.pem \ files/ca-roots-bad.pem \ files/ca-verisign-sha1.pem \ + files/chain.pem \ files/chain-with-verisign-md2.pem \ files/client-and-key.pem \ files/client-future.pem \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/glib-networking-2.42.0/tls/tests/certificate.c new/glib-networking-2.42.1/tls/tests/certificate.c --- old/glib-networking-2.42.0/tls/tests/certificate.c 2014-07-21 18:27:11.000000000 +0200 +++ new/glib-networking-2.42.1/tls/tests/certificate.c 2014-11-21 15:28:41.000000000 +0100 @@ -221,6 +221,59 @@ } static void +test_create_certificate_chain (void) +{ + GTlsCertificate *cert, *intermediate, *root; + GError *error = NULL; + + cert = g_tls_certificate_new_from_file (tls_test_file_path ("chain.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (cert)); + + intermediate = g_tls_certificate_get_issuer (cert); + g_assert (G_IS_TLS_CERTIFICATE (intermediate)); + + root = g_tls_certificate_get_issuer (intermediate); + g_assert (G_IS_TLS_CERTIFICATE (root)); + + g_assert (g_tls_certificate_get_issuer (root) == NULL); + + g_object_unref (cert); +} + +static void +test_create_certificate_no_chain (void) +{ + GTlsCertificate *cert, *issuer; + GError *error = NULL; + gchar *cert_pem; + gsize cert_pem_length; + + cert = g_tls_certificate_new_from_file (tls_test_file_path ("non-ca.pem"), &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (cert)); + + issuer = g_tls_certificate_get_issuer (cert); + g_assert (issuer == NULL); + g_object_unref (cert); + + /* Truncate a valid chain certificate file. We should only get the + * first certificate. + */ + g_file_get_contents (tls_test_file_path ("chain.pem"), &cert_pem, + &cert_pem_length, &error); + g_assert_no_error (error); + + cert = g_tls_certificate_new_from_pem (cert_pem, cert_pem_length - 100, &error); + g_assert_no_error (error); + g_assert (G_IS_TLS_CERTIFICATE (cert)); + + issuer = g_tls_certificate_get_issuer (cert); + g_assert (issuer == NULL); + g_object_unref (cert); +} + +static void test_create_list (void) { GList *list; @@ -242,6 +295,7 @@ list = g_tls_certificate_list_new_from_file (tls_test_file_path ("ca-roots-bad.pem"), &error); g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE); g_assert_null (list); + g_error_free (error); } /* ----------------------------------------------------------------------------- @@ -494,6 +548,8 @@ setup_certificate, test_create_with_key_der, teardown_certificate); g_test_add ("/tls/certificate/create-with-issuer", TestCertificate, NULL, setup_certificate, test_create_certificate_with_issuer, teardown_certificate); + g_test_add_func ("/tls/certificate/create-chain", test_create_certificate_chain); + g_test_add_func ("/tls/certificate/create-no-chain", test_create_certificate_no_chain); g_test_add_func ("/tls/certificate/create-list", test_create_list); g_test_add_func ("/tls/certificate/create-list-bad", test_create_list_bad); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/glib-networking-2.42.0/tls/tests/connection.c new/glib-networking-2.42.1/tls/tests/connection.c --- old/glib-networking-2.42.0/tls/tests/connection.c 2014-06-23 23:06:13.000000000 +0200 +++ new/glib-networking-2.42.1/tls/tests/connection.c 2014-12-07 10:50:01.000000000 +0100 @@ -24,6 +24,7 @@ #include "mock-interaction.h" #include <gio/gio.h> +#include <gnutls/gnutls.h> #include <sys/types.h> #include <string.h> @@ -163,6 +164,8 @@ NULL, &test->address, &error); g_assert_no_error (error); + g_object_unref (addr); + /* The hostname in test->identity matches the server certificate. */ iaddr = G_INET_SOCKET_ADDRESS (test->address); test->identity = g_network_address_new ("server.example.com", @@ -1046,10 +1049,28 @@ g_assert_cmpstr (test->buf, ==, TEST_DATA); } +static gboolean +check_gnutls_has_rehandshaking_bug (void) +{ + const char *version = gnutls_check_version (NULL); + + return (!strcmp (version, "3.1.27") || + !strcmp (version, "3.1.28") || + !strcmp (version, "3.2.19") || + !strcmp (version, "3.3.8") || + !strcmp (version, "3.3.9")); +} + static void test_simultaneous_async_rehandshake (TestConnection *test, gconstpointer data) { + if (check_gnutls_has_rehandshaking_bug ()) + { + g_test_skip ("test would fail due to gnutls bug 108690"); + return; + } + test->rehandshake = TRUE; test_simultaneous_async (test, data); } @@ -1144,6 +1165,12 @@ test_simultaneous_sync_rehandshake (TestConnection *test, gconstpointer data) { + if (check_gnutls_has_rehandshaking_bug ()) + { + g_test_skip ("test would fail due to gnutls bug 108690"); + return; + } + test->rehandshake = TRUE; test_simultaneous_sync (test, data); } @@ -1315,7 +1342,10 @@ keep_running = (-1 == size); if (keep_running) - g_assert_error (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK); + { + g_assert_error (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK); + g_error_free (error); + } else { g_assert_no_error (error); @@ -1372,11 +1402,90 @@ test->client_connection = NULL; } +static void +quit_on_handshake_complete (GObject *object, + GAsyncResult *result, + gpointer user_data) +{ + TestConnection *test = user_data; + GError *error = NULL; + + g_tls_connection_handshake_finish (G_TLS_CONNECTION (object), result, &error); + g_assert_no_error (error); + + g_main_loop_quit (test->loop); + return; +} + +#define PRIORITY_SSL_FALLBACK "NORMAL:+VERS-SSL3.0" +#define PRIORITY_TLS_FALLBACK "NORMAL:+VERS-TLS-ALL:-VERS-SSL3.0" + +static void +test_fallback (gconstpointer data) +{ + const char *priority_string = (const char *) data; + char *test_name; + + test_name = g_strdup_printf ("/tls/connection/fallback/subprocess/%s", priority_string); + g_test_trap_subprocess (test_name, 0, 0); + g_test_trap_assert_passed (); + g_free (test_name); +} + +static void +test_fallback_subprocess (TestConnection *test, + gconstpointer data) +{ + GIOStream *connection; + GTlsConnection *tlsconn; + GError *error = NULL; + + connection = start_echo_server_and_connect_to_it (test); + test->client_connection = g_tls_client_connection_new (connection, NULL, &error); + g_assert_no_error (error); + tlsconn = G_TLS_CONNECTION (test->client_connection); + g_object_unref (connection); + + g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection), + 0); + g_tls_client_connection_set_use_ssl3 (G_TLS_CLIENT_CONNECTION (test->client_connection), + TRUE); + g_tls_connection_handshake_async (tlsconn, G_PRIORITY_DEFAULT, NULL, + quit_on_handshake_complete, test); + g_main_loop_run (test->loop); + + /* In 2.42 we don't have the API to test that the correct version was negotiated, + * so we merely test that the connection succeeded at all. + */ + + g_io_stream_close (test->client_connection, NULL, &error); + g_assert_no_error (error); +} + int main (int argc, char *argv[]) { int ret; + int i; + + /* Check if this is a subprocess, and set G_TLS_GNUTLS_PRIORITY + * appropriately if so. + */ + for (i = 1; i < argc - 1; i++) + { + if (!strcmp (argv[i], "-p")) + { + const char *priority = argv[i + 1]; + + priority = strrchr (priority, '/'); + if (priority++ && + (g_str_has_prefix (priority, "NORMAL:") || + g_str_has_prefix (priority, "NONE:"))) + g_setenv ("G_TLS_GNUTLS_PRIORITY", priority, TRUE); + break; + } + } g_test_init (&argc, &argv, NULL); g_test_bug_base ("http://bugzilla.gnome.org/";); @@ -1426,6 +1535,15 @@ g_test_add ("/tls/connection/async-implicit-handshake", TestConnection, NULL, setup_connection, test_async_implicit_handshake, teardown_connection); + g_test_add_data_func ("/tls/connection/fallback/SSL", PRIORITY_SSL_FALLBACK, test_fallback); + g_test_add ("/tls/connection/fallback/subprocess/" PRIORITY_SSL_FALLBACK, + TestConnection, NULL, + setup_connection, test_fallback_subprocess, teardown_connection); + g_test_add_data_func ("/tls/connection/fallback/TLS", PRIORITY_TLS_FALLBACK, test_fallback); + g_test_add ("/tls/connection/fallback/subprocess/" PRIORITY_TLS_FALLBACK, + TestConnection, NULL, + setup_connection, test_fallback_subprocess, teardown_connection); + ret = g_test_run(); /* for valgrinding */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/glib-networking-2.42.0/tls/tests/file-database.c new/glib-networking-2.42.1/tls/tests/file-database.c --- old/glib-networking-2.42.0/tls/tests/file-database.c 2014-07-21 18:09:08.000000000 +0200 +++ new/glib-networking-2.42.1/tls/tests/file-database.c 2014-11-21 15:28:41.000000000 +0100 @@ -240,7 +240,7 @@ GError **error) { GList *certificates; - GTlsCertificate *chain = NULL; + GTlsCertificate *chain = NULL, *prev_chain = NULL; GTlsBackend *backend; GByteArray *der; GList *l; @@ -253,12 +253,14 @@ certificates = g_list_reverse (certificates); for (l = certificates; l != NULL; l = g_list_next (l)) { + prev_chain = chain; g_object_get (l->data, "certificate", &der, NULL); chain = g_object_new (g_tls_backend_get_certificate_type (backend), "certificate", der, - "issuer", chain, + "issuer", prev_chain, NULL); g_byte_array_unref (der); + g_clear_object (&prev_chain); } g_list_free_full (certificates, g_object_unref); @@ -501,7 +503,6 @@ g_list_free_full (certificates, g_object_unref); g_object_unref (database); - g_byte_array_unref (issuer_dn); } static void diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/glib-networking-2.42.0/tls/tests/files/chain.pem new/glib-networking-2.42.1/tls/tests/files/chain.pem --- old/glib-networking-2.42.0/tls/tests/files/chain.pem 1970-01-01 01:00:00.000000000 +0100 +++ new/glib-networking-2.42.1/tls/tests/files/chain.pem 2014-11-21 15:28:41.000000000 +0100 @@ -0,0 +1,59 @@ +-----BEGIN CERTIFICATE----- +MIICKjCCAdSgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBrTETMBEGCgmSJomT8ixk +ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxKzApBgNVBAsMIkludGVy +bWVkaWF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJDAiBgNVBAMMG2ludGVybWVk +aWF0ZS1jYS5leGFtcGxlLmNvbTEqMCgGCSqGSIb3DQEJARYbaW50ZXJtZWRpYXRl +LWNhQGV4YW1wbGUuY29tMB4XDTE0MDczMTE4MDQwNVoXDTM5MDcyNTE4MDQwNVow +WDETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUx +KDAmBgNVBAMMH3NlcnZlci1pbnRlcm1lZGlhdGUuZXhhbXBsZS5jb20wXDANBgkq +hkiG9w0BAQEFAANLADBIAkEAtJ7gH4CHiiALnnOqu79ToTGj8I1xd8m62+WDGwib +tMfNrQ+Jjw7SU0gjv2GFk3TX3HY456Sp/OnCPTB2C3lx5wIDAQABozMwMTAJBgNV +HRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEQQIMAaHBMCoARYwDQYJ +KoZIhvcNAQEFBQADQQBPcxVN1ylw3GKWeZMm6ZD+CSTSfgFjlbm/c0oGZCnz8fvs +vCf7OpmCBLaArbkZlxNP6a6dAP23mcx6+WwKP8km +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDrjCCAxegAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBhjETMBEGCgmSJomT8ixk +ARkWA0NPTTEXMBUGCgmSJomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRp +ZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkq +hkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTE0MDczMTE4MDQwNVoXDTM5MDcy +NTE4MDQwNVowga0xEzARBgoJkiaJk/IsZAEZFgNDT00xFzAVBgoJkiaJk/IsZAEZ +FgdFWEFNUExFMSswKQYDVQQLDCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUgQXV0 +aG9yaXR5MSQwIgYDVQQDDBtpbnRlcm1lZGlhdGUtY2EuZXhhbXBsZS5jb20xKjAo +BgkqhkiG9w0BCQEWG2ludGVybWVkaWF0ZS1jYUBleGFtcGxlLmNvbTBcMA0GCSqG +SIb3DQEBAQUAA0sAMEgCQQDZy5UlNwps/3/XguGKO8EmWhzTXJl6LcRmFaDcrlXO +Dg8bak8LftX8e3coQR2/1UBHGrc/vx3iuaPo4zqb6klvAgMBAAGjggFFMIIBQTAd +BgNVHQ4EFgQUY8cTwoNkLNWWDASVAmwmL8Upfk0wgbsGA1UdIwSBszCBsIAUuR3p +wFSjo4H3Mb3UQDjQ4rxKDTehgYykgYkwgYYxEzARBgoJkiaJk/IsZAEZFgNDT00x +FzAVBgoJkiaJk/IsZAEZFgdFWEFNUExFMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBB +dXRob3JpdHkxFzAVBgNVBAMMDmNhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkB +Fg5jYUBleGFtcGxlLmNvbYIJAIKoNLAclgPoMA8GA1UdEwEB/wQFMAMBAf8wDgYD +VR0PAQH/BAQDAgEGMCYGA1UdEQQfMB2BG2ludGVybWVkaWF0ZS1jYUBleGFtcGxl +LmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFtcGxlLmNvbTANBgkqhkiG9w0BAQUFAAOB +gQBVb72AEGUWEbE9ZUZIy/zNJrsywSl3SDWcUIbHwCFihH0V7RfgmR+v22aPWSfq +3r8Y3FIZ82RuFhAc1q0W1ZlbOvdVgVvCC/R97m2t/AzZ5Xo797aJYZ9TY+b6wVJH +H/P3JPD/RrBXIW/OaK+L70n6O/ikhXwWDkpenPIoY4BBsg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDxjCCAy+gAwIBAgIJAIKoNLAclgPoMA0GCSqGSIb3DQEBBQUAMIGGMRMwEQYK +CZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPyLGQBGRYHRVhBTVBMRTEeMBwGA1UE +CwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcwFQYDVQQDDA5jYS5leGFtcGxlLmNv +bTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMDAwNzE3MTYwMDUz +WhcNMzAwNzEwMTYwMDUzWjCBhjETMBEGCgmSJomT8ixkARkWA0NPTTEXMBUGCgmS +JomT8ixkARkWB0VYQU1QTEUxHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0 +eTEXMBUGA1UEAwwOY2EuZXhhbXBsZS5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4 +YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGfSd/mHqbKBQe +5aIe3T/ZgVAxP0IczXrpP1CYeohiDfvcSff9000/6dk46XlVhSM4JPIMbrd23YPf +u8bnlzHqrPD1+HdqwhnmwMhLl3GphB/0PuWoOeEDoFhYSE2XWccCLLc1GtX9nKiS +GOH3Uam4WrQCibQ4IVL3WKs++U77jwIDAQABo4IBODCCATQwHQYDVR0OBBYEFLkd +6cBUo6OB9zG91EA40OK8Sg03MIG7BgNVHSMEgbMwgbCAFLkd6cBUo6OB9zG91EA4 +0OK8Sg03oYGMpIGJMIGGMRMwEQYKCZImiZPyLGQBGRYDQ09NMRcwFQYKCZImiZPy +LGQBGRYHRVhBTVBMRTEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw +FQYDVQQDDA5jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBs +ZS5jb22CCQCCqDSwHJYD6DAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAZBgNVHREEEjAQgQ5jYUBleGFtcGxlLmNvbTAZBgNVHRIEEjAQgQ5jYUBleGFt +cGxlLmNvbTANBgkqhkiG9w0BAQUFAAOBgQAnIzWB2+yQIsyKfD6CpsPy9f/njn2A +KZGI0CSJxOMPr4vxL7JvZHtGc3LLRdMtxlk1QlNQlGTr/SsEzZDQfYIF+gzVPZ+h +bUy8HHWYerWh6Vz1yOe07I7XyGAyvu9xRaIN2DjDUEvXTd4wgZ+6TjzmwX34bvon +JEOrMtYPA+tV4Q== +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/glib-networking-2.42.0/tls/tests/mock-interaction.c new/glib-networking-2.42.1/tls/tests/mock-interaction.c --- old/glib-networking-2.42.0/tls/tests/mock-interaction.c 2014-06-23 23:06:13.000000000 +0200 +++ new/glib-networking-2.42.1/tls/tests/mock-interaction.c 2014-11-21 15:28:41.000000000 +0100 @@ -161,6 +161,8 @@ MockInteraction *self = MOCK_INTERACTION (object); g_free (self->static_password); + g_clear_object (&self->static_certificate); + g_clear_error (&self->static_error); G_OBJECT_CLASS (mock_interaction_parent_class)->finalize (object); } -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
