libidn2-2.3.7 released [stable]

[Simon Josefsson via Announcements and Requests for Help from the GNU project and the Free Software Foundation]

This is to announce libidn2-2.3.7, a stable release.

Libidn2 is a free software implementation of IDNA2008, Punycode and
Unicode TR46.  Its purpose is to encode and decode internationalized
domain names.

Btw, we also publish version 2.3.5 and 2.3.6 today but there were minor
problems with those tarballs.  These release notes cover 2.3.5 and 2.3.6
too, hoping 2.3.7 will work; see NEWS below.

There have been 58 commits by 5 people in the 66 weeks since 2.3.4.

See the NEWS below for a brief summary.

Thanks to everyone who has contributed!
The following people contributed changes to this release:

  Fangrui Song (1)
  Simon Josefsson (46)
  Tim Rühsen (9)
  alittle (1)
  zhuofeng (1)

Happy hacking,
Simon
==================================================================

Here is the libidn2 home page:
    https://www.gnu.org/software/libidn/#libidn2

Manual:
  https://www.gnu.org/software/libidn/libidn2/manual
  https://www.gnu.org/software/libidn/libidn2/manual/libidn2.html
  https://www.gnu.org/software/libidn/libidn2/manual/libidn2.pdf

API Reference manual:
  https://www.gnu.org/software/libidn/libidn2/reference/libidn2-idn2.h.html
  https://www.gnu.org/software/libidn/libidn2/reference/libidn2.pdf

For a summary of changes and contributors, see:
  https://gitlab.com/libidn/libidn2/-/compare/v2.3.4...v2.3.7
or run this command from a git-cloned libidn2 directory:
  git shortlog v2.3.4..v2.3.7

Here are the compressed sources and a GPG detached signature:
  https://ftpmirror.gnu.org/libidn2/libidn2-2.3.7.tar.gz
  https://ftpmirror.gnu.org/libidn2/libidn2-2.3.7.tar.gz.sig

Use a mirror for higher download bandwidth:
  https://www.gnu.org/order/ftp.html

Here are the SHA1 and SHA256 checksums:

  3ecefc0a280c673bfecdd5a564935c21fc02b786  libidn2-2.3.5.tar.gz
  DBlgmzunRQqciwU2rMyo0JHN2f5qJDB6844js73eyAM=  libidn2-2.3.5.tar.gz
  026290a0978e6c89a96521ec868dc8001b6859c9  libidn2-2.3.6.tar.gz
  EGi7s333k8mVgIZXTjvi/e6m6Cwj4SYbF6QQ68Afz8s=  libidn2-2.3.6.tar.gz
  359acd390cb123b491076a49af98b6555ce72133  libidn2-2.3.7.tar.gz
  TCGnkbYQuVGbnQ4SuAl78vNZsS+N2SZHYRqSnmv9fWQ=  libidn2-2.3.7.tar.gz

Verify the base64 SHA256 checksum with cksum -a sha256 --check
from coreutils-9.2 or OpenBSD's cksum since 2007.

Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify libidn2-2.3.7.tar.gz.sig

The signature should match the fingerprint of the following key:

  pub   ed25519 2019-03-20 [SC]
        B1D2 BD13 75BE CB78 4CF4  F8C4 D73C F638 C53C 06BE
  uid   Simon Josefsson <si...@josefsson.org>

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.

  gpg --locate-external-key si...@josefsson.org

  gpg --recv-keys 51722B08FE4745A2

  wget -q -O- 
'https://savannah.gnu.org/project/release-gpgkeys.php?group=libidn2&download=1' 
| gpg --import -

As a last resort to find the key, you can try the official GNU
keyring:

  wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg
  gpg --keyring gnu-keyring.gpg --verify libidn2-2.3.7.tar.gz.sig

This release was bootstrapped with the following tools:
  Gnulib v0.1-7030-g582c5de0b8
  Autoconf 2.72
  Automake 1.16.5
  Libtoolize 2.4.6
  Make 4.3
  Makeinfo 6.8
  Help2man 1.49.1
  Gperf 3.1
  Gengetopt 2.23
  Gtkdocize 1.33.1
  Tar 1.34
  Gzip 1.10

NEWS

* Noteworthy changes in release 2.3.7 (2024-01-27) [stable]

** Really include tests/standalone.sh in tarball.

* Noteworthy changes in release 2.3.6 (2024-01-27) [stable]

** Bump libtool version numbers to reflect API/ABI addition.

** Include tests/standalone.sh in tarball.

* Noteworthy changes in release 2.3.5 (2024-01-27) [stable]

** Declaration of future API/ABI backwards compatibility stability.
GNU libc dlopen libidn2 and use the name libidn2.so.0 for this.  We
believe that it will be too challenging to ever do hard ABI break that
for normal libraries is justified to remove deprecated APIs.  Thus we
decided that we will support the current ABI for a long time.  Of
course, if really convincing arguments for doing a ABI break appears
in the future we may re-consider, but take this as a declaration of
intent of will and that future ABI breaks should be discussed and
co-ordinated with the glibc team first.

** Add public APIs for raw Punycode encoding/decoding.
Normal applications rarely need this, but it cleans up the code and
allow for external testing of the APIs, and resolve
<https://gitlab.com/libidn/libidn2/-/issues/80> due to earlier use of
weak symbols for internal symbols _idn2_punycode_encode and
_idn2_punycode_decode.  We will support these internal symbols for
backwards compatibility.  This allows a clean migration path for code
that is still using the internal names.

** Bump required gettext version to 0.19.8 for musl-libc.
Reported by Helmut Grohne in
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999510>.

** Un-deprecate idn2_to_ascii_4i and make it NUL terminate output.
The API idn2_to_ascii_4i was deprecated in version 2.1.1 released in
2019-02-08.  In that release, the API was also modified to not
NUL-terminate the output.  That is contrary to the old libidn2
behaviour, the behaviour of libidn's API idna_to_ascii_4i, and the API
documentation for the function.  Since we are not likely to ever break
backwards API/ABI compatibility in libidn2, and the deprecated gaurds
leads to some trouble (see report in
<https://gitlab.com/libidn/libidn2/-/merge_requests/93>) we decided to
un-deprecate this function, as supporting it is not costly and the
majority of code that cares about conformance has likely been
modified.  This will fix the error code and NUL termination report by
Yegor Bychin in <https://gitlab.com/libidn/libidn2/-/issues/100>.  We
still encourage you to use the replacement API/ABI idn2_to_ascii_4i2
instead, when appropriate.

** Compiler warning improvements.
As before, compiler warnings are enabled by default.  You may disable
them using ./configure --disable-gcc-warnings or turn them into fatal
errors using ./configure --enable-gcc-warnings=error to add -Werror
and sensible -Wno-error='s.  Based on gnulib's manywarnings, see
<https://www.gnu.org/software/gnulib//manual/html_node/manywarnings.html>.

** tests: Added script tests/standalone.sh suitable for integrators.
The main purpose is to test a system-installed libidn2 library and
idn2 tool, suitable for distributor checking (a'la Debian's
autopkgtest/debci).  It may also be used to test a newly built libidn2
outside the usual 'make check' infrastructure.  To check that your
system libidn2 library and idn2 tool is working, invoke the script
with `srcdir` as an environment variable indicating where it can be
find the source code for libidn2's tests/ directory (it will use the
directory name where the script is by default):

tests/standalone.sh

If your system libidn2 is too old to pass certain tests, disable them
using STANDALONE_DISABLE like this:

STANDALONE_DISABLE='*punycode*' tests/standalone.sh

See the script for more parameters.  If the libidn2 under testing is
too old and has known bugs, that should cause tests to fail, which is
intentional.

** Various minor build fixes and translation updates.

** API and ABI is backwards compatible with the previous version.
idn2_punycode_decode: ADD.
idn2_punycode_encode: ADD.

signature.asc
Description: PGP signature