libidn-1.43 released [stable]
2025-03-30
Thread
Simon Josefsson via Announcements and Requests for Help from the GNU project and the Free Software Foundation
This is to announce libidn-1.43, a stable release. GNU Libidn is a fully documented implementation of the Stringprep, Punycode and IDNA2003 specifications. Libidn's purpose is to encode and decode internationalized domain name strings. There are native C, C# and Java libraries. Be aware that IDNA2003 and libidn are primarily for historic or compatibility use, and libidn2 is the successor with IDNA2008 and Unicode TR46 implementation and also provides a compatibility layer for GNU libidn. There have been 67 commits by 1 people in the 62 weeks since 1.42. See the NEWS below for a brief summary. Thanks to everyone who has contributed! The following people contributed changes to this release: Simon Josefsson (67) Happy hacking, Simon == Here is the GNU libidn home page: https://www.gnu.org/software/libidn/ Manual: https://www.gnu.org/software/libidn/manual/ https://www.gnu.org/software/libidn/manual/libidn.html - HTML format https://www.gnu.org/software/libidn/manual/libidn.pdf - PDF format API Reference manual: https://www.gnu.org/software/libidn/reference/intro.html - GTK-DOC HTML Doxygen documentation: https://www.gnu.org/software/libidn/doxygen/index.html - HTML format https://www.gnu.org/software/libidn/doxygen/libidn.pdf - PDF format JavaDoc output for the Java API: https://www.gnu.org/software/libidn/javadoc/ Here are the compressed sources and a GPG detached signature: https://ftp.gnu.org/gnu/libidn/libidn-1.43.tar.gz https://ftp.gnu.org/gnu/libidn/libidn-1.43.tar.gz.sig Here is minimal source-only "git archive" sources: https://ftp.gnu.org/gnu/libidn/libidn-v1.43-src.tar.gz https://ftp.gnu.org/gnu/libidn/libidn-v1.43-src.tar.gz.sig Here are Sigsum Proofs: https://ftp.gnu.org/gnu/libidn/libidn-1.43.tar.gz.proof https://ftp.gnu.org/gnu/libidn/libidn-v1.43-src.tar.gz.proof Use a mirror for higher download bandwidth: https://www.gnu.org/order/ftp.html Here are the SHA1 and SHA256 checksums: 80e9f28762544bf7da490ab4b1a92e725da6ce61 libidn-1.43.tar.gz vcZiwS0EGyU50OY486bnQRMM2zOmRO80lpY6RDSC0WQ= libidn-1.43.tar.gz 8a577ee259ee9e7d88782ff75f10cc5a225442b3 libidn-v1.43-src.tar.gz j487LWvTwE6pZyAxs17sY0IMZeDFmqjbhyRHXR3IZdI= libidn-v1.43-src.tar.gz Verify the base64 SHA256 checksum with cksum -a sha256 --check from coreutils-9.2 or OpenBSD's cksum since 2007. Use a .sig file to verify that the corresponding file (without the .sig suffix) is intact. First, be sure to download both the .sig file and the corresponding tarball. Then, run a command like this: gpg --verify libidn-1.43.tar.gz.sig The signature should match the fingerprint of the following key: pub ed25519 2019-03-20 [SC] B1D2 BD13 75BE CB78 4CF4 F8C4 D73C F638 C53C 06BE uid Simon Josefsson If that command fails because you don't have the required public key, or that public key has expired, try the following commands to retrieve or refresh it, and then rerun the 'gpg --verify' command. gpg --locate-external-key si...@josefsson.org gpg --recv-keys 51722B08FE4745A2 wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=libidn&download=1' | gpg --import - As a last resort to find the key, you can try the official GNU keyring: wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg gpg --keyring gnu-keyring.gpg --verify libidn-1.43.tar.gz.sig Use the .proof files to verify the Sigsum proof. These files are like signatures but with extra transparency: you can cryptographically verify that every signature is logged in a public append-only log, so you can say with confidence what signatures exists. This makes hidden releases no longer deniable for the same public key. Releases are Sigsum-signed with the following public key: cat < jas-sigsum-key.pub ssh-ed25519 C3NzaC1lZDI1NTE5ILzCFcHHrKzVSPDDarZPYqn89H5TPaxwcORgRg+4DagE EOF Run a command like this to verify downloaded artifacts: wget -q -Otrust.txt https://gnu.org/s/libidn/sigsum-policy-20250309.txt sigsum-verify -k jas-sigsum-key.pub -p trust.txt \ libidn-1.43.tar.gz.proof < libidn-1.43.tar.gz You may learn more about Sigsum concepts and find instructions how to download the tools here: https://www.sigsum.org/getting-started/ This release is based on the libidn git repository, available as git clone https://git.savannah.gnu.org/git/libidn.git with commit e0e97997e1424cf2070c1cee01c66bee65d17b60 tagged as v1.43. For a summary of changes and contributors, see: https://git.sv.gnu.org/gitweb/?p=libidn.git;a=shortlog;h=v1.43 or run this command from a git-cloned libidn directory: git shortlog v1.42..v1.43 This release was bootstrapped with the following tools: Git 2.48.1 Gnulib 2025-02-01 c89cd2fbd3b9f3d7c5a146247256599714c91ec7 Autoconf 2.71 Automake 1.16.5 Libtoolize 2.4.7 Make 4.3 Makeinfo 7.1.1 Help2man 1.49.2 Gperf 3.1 Gengetopt 2.23 Gtkdocize 1.34.0 Tar 1.34
gsasl-2.2.2 released [stable]
2025-03-30
Thread
Simon Josefsson via Announcements and Requests for Help from the GNU project and the Free Software Foundation
This is to announce gsasl-2.2.2, a stable release. GNU SASL is a modern C library that implement the network security protocol Simple Authentication and Security Layer (SASL). The framework itself and a couple of common SASL mechanisms are implemented. GNU SASL can be used by network applications for IMAP, SMTP, XMPP and other protocols to provide authentication services. Supported mechanisms include CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, SCRAM-SHA-1(-PLUS), SCRAM-SHA-256(-PLUS), GS2-KRB5, SAML20, OPENID20, LOGIN, and NTLM. There have been 61 commits by 2 people in the 65 weeks since 2.2.1. See the NEWS below for a brief summary. Thanks to everyone who has contributed! The following people contributed changes to this release: Daniel Macks (1) Simon Josefsson (60) Happy Hacking, Simon == The project's web page is available at: https://www.gnu.org/software/gsasl/ Manual: https://www.gnu.org/software/gsasl/manual/ https://www.gnu.org/software/gsasl/manual/gsasl.html - HTML format https://www.gnu.org/software/gsasl/manual/gsasl.pdf - PDF format API Reference manual: https://www.gnu.org/software/gsasl/reference/ - GTK-DOC HTML Doxygen documentation: https://www.gnu.org/software/gsasl/doxygen/ - HTML format https://www.gnu.org/software/gsasl/doxygen/gsasl.pdf - PDF format For development snapshot QA analysis see: https://gsasl.gitlab.io/gsasl/coverage/ https://gsasl.gitlab.io/gsasl/cyclo/ https://gsasl.gitlab.io/gsasl/clang-analyzer/ If you need help to use GNU SASL, or want to help others, you are invited to join our help-gsasl mailing list, see: https://lists.gnu.org/mailman/listinfo/help-gsasl Here are the compressed sources and a GPG detached signature: https://ftp.gnu.org/gnu/gsasl/gsasl-2.2.2.tar.gz https://ftp.gnu.org/gnu/gsasl/gsasl-2.2.2.tar.gz.sig Here is minimal source-only "git archive" sources: https://ftp.gnu.org/gnu/gsasl/gsasl-v2.2.2-src.tar.gz https://ftp.gnu.org/gnu/gsasl/gsasl-v2.2.2-src.tar.gz.sig Here are Sigsum Proofs: https://ftp.gnu.org/gnu/gsasl/gsasl-2.2.2.tar.gz.proof https://ftp.gnu.org/gnu/gsasl/gsasl-v2.2.2-src.tar.gz.proof Use a mirror for higher download bandwidth: https://www.gnu.org/order/ftp.html Here are the SHA1 and SHA256 checksums: 8a845b7ec78e5f27bf69438074ad23867c00d4fe gsasl-2.2.2.tar.gz QejkQmSOzK9kWdmtk9SxhTC5bI6vUOPzQlMu8nXv87o= gsasl-2.2.2.tar.gz 99dc5d5d991e3ab7e2a17fdf70167717a8ae9ee2 gsasl-v2.2.2-src.tar.gz lg8/tscZUEpLMvEGUTpHbuII1IRXEZQsIqZsSFIjbB4= gsasl-v2.2.2-src.tar.gz Verify the base64 SHA256 checksum with cksum -a sha256 --check from coreutils-9.2 or OpenBSD's cksum since 2007. Use a .sig file to verify that the corresponding file (without the .sig suffix) is intact. First, be sure to download both the .sig file and the corresponding tarball. Then, run a command like this: gpg --verify gsasl-2.2.2.tar.gz.sig The signature should match the fingerprint of the following key: pub ed25519 2019-03-20 [SC] B1D2 BD13 75BE CB78 4CF4 F8C4 D73C F638 C53C 06BE uid Simon Josefsson If that command fails because you don't have the required public key, or that public key has expired, try the following commands to retrieve or refresh it, and then rerun the 'gpg --verify' command. gpg --locate-external-key si...@josefsson.org gpg --recv-keys 51722B08FE4745A2 wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=gsasl&download=1' | gpg --import - As a last resort to find the key, you can try the official GNU keyring: wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg gpg --keyring gnu-keyring.gpg --verify gsasl-2.2.2.tar.gz.sig Use the .proof files to verify the Sigsum proof. These files are like signatures but with extra transparency: you can cryptographically verify that every signature is logged in a public append-only log, so you can say with confidence what signatures exists. This makes hidden releases no longer deniable for the same public key. Releases are Sigsum-signed with the following public key: cat < jas-sigsum-key.pub ssh-ed25519 C3NzaC1lZDI1NTE5ILzCFcHHrKzVSPDDarZPYqn89H5TPaxwcORgRg+4DagE EOF Run a command like this to verify downloaded artifacts: wget -q -Otrust.txt https://gnu.org/s/gsasl/sigsum-policy-20250309.txt sigsum-verify -k jas-sigsum-key.pub -p trust.txt \ gsasl-2.2.2.tar.gz.proof < gsasl-2.2.2.tar.gz You may learn more about Sigsum concepts and find instructions how to download the tools here: https://www.sigsum.org/getting-started/ This release is based on the gsasl git repository, available as git clone https://git.savannah.gnu.org/git/gsasl.git with commit 50df5266e709c6e2cc4d3e7d95e6f7444578b7e6 tagged as v2.2.2. For a summary of changes and contributors, see: https://git.sv.gnu.org/gitweb/?p=gsasl.git;a=shortlog;h=v2.2.2 or run this command from a git-cloned gsasl directory: git
