1. 27 Aug, 2021 2 commits
    • Emmanuele Bassi's avatar
      Deprecate boxed GTypes for GRegex types · 62bbcea5
      Emmanuele Bassi authored
      62bbcea5
    • Emmanuele Bassi's avatar
      Deprecate GRegex · de32e102
      Emmanuele Bassi authored
      GRegex is based off of PCRE1, and cannot be moved to PCRE2 without
      breaking its API contract. PCRE1 is in maintenance mode, and will not
      see any new feature.
      
      GRegex made sense back in the day when we embedded a copy of PCRE, but:
      
       - the maintenance burden required to update the copy of PCRE to keep up
         with upstream, coupled with the lack of synchronisation between GLib
         and PCRE releases, has become too high
       - downstream distributors try very hard to not rely on vendored
         dependencies, which meant that GLib depended on a system copy of PCRE
         anyway, except on certain platforms, which made for interesting bugs
       - regular expressions are a niche use case, and PCRE is already
         portable to all the platforms GLib cares about
      
      Thus, we recommend users to migrate their code from GRegex to PCRE2.
      
      Fixes: #1085
      de32e102
  2. 25 Aug, 2021 1 commit
  3. 21 Aug, 2021 1 commit
  4. 19 Aug, 2021 11 commits
  5. 17 Aug, 2021 3 commits
  6. 16 Aug, 2021 4 commits
  7. 14 Aug, 2021 2 commits
  8. 13 Aug, 2021 1 commit
  9. 12 Aug, 2021 4 commits
  10. 09 Aug, 2021 2 commits
  11. 07 Aug, 2021 2 commits
  12. 05 Aug, 2021 4 commits
  13. 04 Aug, 2021 3 commits
    • Michael Catanzaro's avatar
      gtlscertificate: improve documentation · b11d3fc2
      Michael Catanzaro authored
      Let's explain the advantages of relying on GTlsConnection to perform
      certificate verification.
      
      Also, document that the issuer property is a little tricky, because the
      issuer certificate might not be the certificate that actually gets used
      in final certification path building. This is very unexpected to anybody
      who is not an expert.
      b11d3fc2
    • Michael Catanzaro's avatar
      gtlsdatabase: improve documentation · 235401b0
      Michael Catanzaro authored
      Because TLS certificate verification is extremely complex, the lookup
      issuer function may be tempting to misuse even by experienced
      developers. There is a notion that the issuer certificate will always be
      used in the final certification path, but it's just not always true.
      Trying to make security decisions based on the results of this function is
      a trap, so let's document that.
      
      It turns out that old versions of glib-networking actually reordered the
      certificate chain to match the final verification path. This no longer
      happens since a long time ago, because it was a buggy mess. Instead, we
      rely on the TLS library to build the final verification path. Their path
      building is not very good, but at least it's consistent. The point of
      these doc updates is to clarify that only the TLS library can make
      security decisions.
      
      Document that HTTP requests may be performed to look up missing
      certificates.
      
      Finally, let's document that certificate verification using GTlsDatabase
      cannot be as smart as certificate verification performed directly by
      GTlsConnection.
      235401b0
    • Jonathan Boeing's avatar
      gwin32packageparser: Fix read past end of buffer · 032eceb9
      Jonathan Boeing authored
      g_win32_package_parser_enum_packages() reads beyond the end of a buffer
      when doing a memcpy.  With app verifier enabled on Windows, it causes
      the application to crash on startup.
      
      This change limits the memcpy to the size of the source string.
      
      Fixes: #2454
      032eceb9