diff --git a/backport-allow-tls-unique-channel-binding-test-to-fail.patch b/backport-allow-tls-unique-channel-binding-test-to-fail.patch
new file mode 100644
index 0000000..ee689b0
--- /dev/null
+++ b/backport-allow-tls-unique-channel-binding-test-to-fail.patch
@@ -0,0 +1,105 @@
+From 5b1dfa43c3dbc97e04d2fd0ce60f897d95a587ca Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Tue, 22 Jun 2021 20:15:32 -0500
+Subject: [PATCH] Allow tls-unique channel binding test to fail
+
+The tls-unique channel binding type is not supported under TLS 1.3.
+Since GnuTLS 3.7.2, this now fails differently than before. Previously,
+the call to g_tls_connection_get_channel_binding_data() would succeed
+but return no data. That was a bug. Now it fails, as expected.
+
+Since our tests are not supposed to have different behavior depending on
+TLS backend or TLS version, let's just rewrite this test to allow
+tls-unique to fail.
+
+Fixes #164
+---
+ tls/tests/connection.c | 63 ++++++++++++++++++++++++++------------------------
+ 1 file changed, 33 insertions(+), 30 deletions(-)
+
+diff --git a/tls/tests/connection.c b/tls/tests/connection.c
+index 475285d..b0dd9d8 100644
+--- a/tls/tests/connection.c
++++ b/tls/tests/connection.c
+@@ -2562,6 +2562,8 @@ test_connection_binding_match_tls_unique (TestConnection *test,
+   GIOStream *connection;
+   GByteArray *client_cb, *server_cb;
+   gchar *client_b64, *server_b64;
++  gboolean client_supports_tls_unique;
++  gboolean server_supports_tls_unique;
+   GError *error = NULL;
+ 
+   test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error);
+@@ -2590,38 +2592,39 @@ test_connection_binding_match_tls_unique (TestConnection *test,
+   read_test_data_async (test);
+   g_main_loop_run (test->loop);
+ 
+-  /* Smoke test: ensure both sides support tls-unique */
+-  g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection),
+-                                                  G_TLS_CHANNEL_BINDING_TLS_UNIQUE, NULL, NULL));
+-  g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection),
+-                                                  G_TLS_CHANNEL_BINDING_TLS_UNIQUE, NULL, NULL));
++  /* tls-unique is supported by the OpenSSL backend always. It's supported by
++   * the GnuTLS backend only with TLS 1.2 or older. Since the test needs to be
++   * independent of backend and TLS version, this is allowed to fail....
++   */
++  client_supports_tls_unique = g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection),
++                                                                          G_TLS_CHANNEL_BINDING_TLS_UNIQUE, NULL, NULL);
++  server_supports_tls_unique = g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection),
++                                                                          G_TLS_CHANNEL_BINDING_TLS_UNIQUE, NULL, NULL);
++  g_assert_cmpint (client_supports_tls_unique, ==, server_supports_tls_unique);
+ 
+   /* Real test: retrieve bindings and compare */
+-  client_cb = g_byte_array_new ();
+-  server_cb = g_byte_array_new ();
+-  g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection),
+-                                                  G_TLS_CHANNEL_BINDING_TLS_UNIQUE, client_cb, NULL));
+-  g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection),
+-                                                  G_TLS_CHANNEL_BINDING_TLS_UNIQUE, server_cb, NULL));
+-
+-#ifdef BACKEND_IS_OPENSSL
+-  g_assert_cmpint (client_cb->len, >, 0);
+-  g_assert_cmpint (server_cb->len, >, 0);
+-#else
+-  /* GnuTLS returns empty binding for TLS1.3, let's pretend it didn't happen
+-   * see https://gitlab.com/gnutls/gnutls/-/issues/1041 */
+-  if (client_cb->len == 0 && server_cb->len == 0)
+-    g_test_skip ("GnuTLS missing support for tls-unique over TLS1.3");
+-#endif
+-
+-  client_b64 = g_base64_encode (client_cb->data, client_cb->len);
+-  server_b64 = g_base64_encode (server_cb->data, server_cb->len);
+-  g_assert_cmpstr (client_b64, ==, server_b64);
+-
+-  g_free (client_b64);
+-  g_free (server_b64);
+-  g_byte_array_unref (client_cb);
+-  g_byte_array_unref (server_cb);
++  if (client_supports_tls_unique)
++    {
++      client_cb = g_byte_array_new ();
++      server_cb = g_byte_array_new ();
++      g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection),
++                                                                G_TLS_CHANNEL_BINDING_TLS_UNIQUE, client_cb, NULL));
++      g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection),
++                                                                G_TLS_CHANNEL_BINDING_TLS_UNIQUE, server_cb, NULL));
++      g_assert_cmpint (client_cb->len, >, 0);
++      g_assert_cmpint (server_cb->len, >, 0);
++
++      client_b64 = g_base64_encode (client_cb->data, client_cb->len);
++      server_b64 = g_base64_encode (server_cb->data, server_cb->len);
++      g_assert_cmpstr (client_b64, ==, server_b64);
++
++      g_free (client_b64);
++      g_free (server_b64);
++      g_byte_array_unref (client_cb);
++      g_byte_array_unref (server_cb);
++    }
++  else
++    g_test_skip ("tls-unique is not supported");
+ 
+   /* drop the mic */
+   close_server_connection (test);
+-- 
+1.8.3.1
+
diff --git a/glib-networking-2.66.0.tar.xz b/glib-networking-2.66.0.tar.xz
deleted file mode 100644
index f87a94f..0000000
Binary files a/glib-networking-2.66.0.tar.xz and /dev/null differ
diff --git a/glib-networking-2.68.1.tar.xz b/glib-networking-2.68.1.tar.xz
new file mode 100644
index 0000000..dff0ea1
Binary files /dev/null and b/glib-networking-2.68.1.tar.xz differ
diff --git a/glib-networking.spec b/glib-networking.spec
index 36afafe..908d2c0 100644
--- a/glib-networking.spec
+++ b/glib-networking.spec
@@ -1,17 +1,19 @@
 Name:           glib-networking
-Version:        2.66.0
-Release:        2
+Version:        2.68.1
+Release:        1
 Summary:        Network-related modules for glib
 License:        LGPLv2+
 URL:            http://www.gnome.org
 Source0:        http://download.gnome.org/sources/glib-networking/2.66/%{name}-%{version}.tar.xz
 
+Patch0:		backport-allow-tls-unique-channel-binding-test-to-fail.patch
+
 BuildRequires:  meson gcc ca-certificates gettext systemd
-BuildRequires:  pkgconfig(glib-2.0) >= 2.63.0 pkgconfig(gnutls)
+BuildRequires:  pkgconfig(glib-2.0) >= 2.67.0 pkgconfig(gnutls)
 BuildRequires:  pkgconfig(gio-2.0) pkgconfig(gsettings-desktop-schemas)
 BuildRequires:  pkgconfig(libproxy-1.0) pkgconfig(p11-kit-1)
 
-Requires:       ca-certificates gsettings-desktop-schemas glib2 >= 2.63.0
+Requires:       ca-certificates gsettings-desktop-schemas glib2 >= 2.67.0
 
 %description
 glib-networking contains the implementations of certain GLib networking features
@@ -54,6 +56,12 @@ verify the Usability of the glib-networking package.
 %{_datadir}/installed-tests
 
 %changelog
+* Mon Mar 21 2022 yanglu <yanglu2@h-partners.com> - 2.68.1-1
+- Type:requirement
+- ID:NA
+- SUG:NA
+- DESC:update glib-networking to 2.68.1
+
 * Mon Jul 19 2021 lijingyuan <lijingyuan3@huawei.com> - 2.62.4-2
 - Type:requirement
 - ID:NA