This is to announce inetutils-2.6, a stable release. GNU Networking Utilities (inetutils) contain traditional networking utilities, clients and servers, including ftp, telnet, inetd, rsh/rlogin, tftp, talk, syslogd, ping, traceroute, whois, hostname, dnsdomainname, ifconfig, and logger.
There have been 74 commits by 7 people in the 60 weeks since 2.5. See the NEWS below for a brief summary. Thanks to everyone who has contributed! The following people contributed changes to this release: Bruno Haible (1) Collin Funk (22) Dario Niedermann (1) Erik Auerswald (6) Flavio Cruz (1) Jeffrey Cliff (1) Simon Josefsson (42) Simon [on behalf of the inetutils maintainers] ================================================================== Here is the GNU inetutils home page: https://www.gnu.org/software/inetutils/ Here are the compressed sources: https://ftp.gnu.org/gnu/inetutils/inetutils-2.6.tar.gz (2.9MB) https://ftp.gnu.org/gnu/inetutils/inetutils-2.6.tar.xz (1.7MB) Here are the GPG detached signatures: https://ftp.gnu.org/gnu/inetutils/inetutils-2.6.tar.gz.sig https://ftp.gnu.org/gnu/inetutils/inetutils-2.6.tar.xz.sig Here is minimal source-only "git archive" sources: https://ftp.gnu.org/gnu/inetutils/inetutils-v2.6-src.tar.gz https://ftp.gnu.org/gnu/inetutils/inetutils-v2.6-src.tar.gz.sig Here are Sigsum Proofs: https://ftp.gnu.org/gnu/inetutils/inetutils-2.6.tar.gz.proof https://ftp.gnu.org/gnu/inetutils/inetutils-2.6.tar.xz.proof https://ftp.gnu.org/gnu/inetutils/inetutils-v2.6-src.tar.gz.proof Use a mirror for higher download bandwidth: https://www.gnu.org/order/ftp.html Here are the SHA1 and SHA256 checksums: 74e120430c5697a6e6c15157415c68c4aa8ff005 inetutils-2.6.tar.gz zKolbg1kbffyhf8VijKR83zR/IOC83dNIvclQSdjXac= inetutils-2.6.tar.gz af51b509faa1fe386e98c0e12371d7021885e798 inetutils-2.6.tar.xz aL7b/q9z99hr4qfZm8+9QJPYKfUncIk5Ga4XTAsjV8o= inetutils-2.6.tar.xz 52c7df8403f58a5d686fc5bb50b81546fda82b9a inetutils-v2.6-src.tar.gz 7ktFPPO7NULP70qK2EvKx5pBH3Dpv9k+10Hq7oRzGqA= inetutils-v2.6-src.tar.gz Verify the base64 SHA256 checksum with cksum -a sha256 --check from coreutils-9.2 or OpenBSD's cksum since 2007. Use a .sig file to verify that the corresponding file (without the .sig suffix) is intact. First, be sure to download both the .sig file and the corresponding tarball. Then, run a command like this: gpg --verify inetutils-2.6.tar.gz.sig The signature should match the fingerprint of the following key: pub ed25519 2019-03-20 [SC] B1D2 BD13 75BE CB78 4CF4 F8C4 D73C F638 C53C 06BE uid Simon Josefsson <si...@josefsson.org> If that command fails because you don't have the required public key, or that public key has expired, try the following commands to retrieve or refresh it, and then rerun the 'gpg --verify' command. gpg --locate-external-key si...@josefsson.org gpg --recv-keys 51722B08FE4745A2 wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=inetutils&download=1' | gpg --import - As a last resort to find the key, you can try the official GNU keyring: wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg gpg --keyring gnu-keyring.gpg --verify inetutils-2.6.tar.gz.sig Use the .proof files to verify the Sigsum proof. These files are like signatures but with extra transparency: you can cryptographically verify that every signature is logged in a public append-only log, so you can say with confidence what signatures exists. This makes hidden releases no longer deniable for the same public key. Releases are Sigsum-signed with the following public key: cat <<EOF > inetutils-sigsum-key.pub ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILzCFcHHrKzVSPDDarZPYqn89H5TPaxwcORgRg+4DagE EOF Run a command like this to verify downloaded artifacts: wget -q -Otrust.txt https://gnu.org/s/inetutils/sigsum-policy.txt sigsum-verify -k inetutils-sigsum-key.pub -p trust.txt \ inetutils-2.6.tar.gz.proof < inetutils-2.6.tar.gz You may learn more about Sigsum concepts and find instructions how to download the tools here: https://www.sigsum.org/getting-started/ This release is based on the inetutils git repository, available as git clone https://git.savannah.gnu.org/git/inetutils.git with commit 1cb81068ec5f14ed2f4e8ac1397edc544f4ade5f tagged as v2.6. For a summary of changes and contributors, see: https://git.sv.gnu.org/gitweb/?p=inetutils.git;a=shortlog;h=v2.6 or run this command from a git-cloned inetutils directory: git shortlog v2.5..v2.6 This release was bootstrapped with the following tools: Gnulib 2025-02-01 c89cd2fbd3b9f3d7c5a146247256599714c91ec7 Autoconf 2.71 Automake 1.16.5 Bison 3.8.2 M4 1.4.19 Makeinfo 7.1.1 Help2man 1.49.2 Make 4.3 Gzip 1.13 Tar 1.34 Guix d48da2d21610f9cf5f76cd846703b12beedb1fd5 NEWS * Noteworthy changes in release 2.6 (2025-02-21) [stable] ** The release tarball is now reproducible. The following pairs are tested continously: Trisquel 11 and Ubuntu 22.04, PureOS 10 and Debian 11, AlmaLinux 8 and RockyLinux 8, AlmaLinux 9 and RockyLinux 9. ** syslogd: Build fixes for macOS. Thanks to Rui Chen and Caleb Xu, see <https://savannah.gnu.org/bugs/?65093>. ** Fix link errors of syslogd, talkd and tests/readutmp for --with-systemd. Thanks to Collin Funk: https://lists.gnu.org/archive/html/bug-inetutils/2024-03/msg00000.html ** ifconfig: With -A, reject invalid prefix length specifications, and correctly handle a prefix length of 0. ** ifconfig: Fix a 'dynamic-stack-buffer-overflow' detected by AddressSanitizer when using the --format or --short option. More details in <https://lists.gnu.org/archive/html/bug-inetutils/2024-05/msg00020.html>. ** Inetutils can now be built with C23 compilers. Except for when configured to support Kerberos 4. ** telnet: Fix signed integer overflow handling when using any of the commands 'send do', 'send dont', 'send will', or 'send wont' with a numerical argument. On some systems a signed integer overflow using one of these commands could have lead to an out-of-bounds array access usually resulting in a crash. ** tests/libls.sh: Work better in container environments (pipelines). Systems with incomplete /etc/passwd (for uid to username mapping) and builds where srcdir/builddir is not useful as a test directory due to spurious unrelated files. ** The release tarball uses tar --format=ustar. Some other flags are added too, to follow these recommendations: https://www.gnu.org/software/tar/manual/html_node/Reproducibility.html For reference, the GNUMakefile file from gnulib add to TAR_OPTIONS: --owner=0 --group=0 numeric-owner --sort=name The cfg.mk file further add: --mode=go+u,go-w --mtime=$(abs_top_srcdir)/NEWS The modification time of NEWS is always set to last git commit time before release, see mtime-NEWS-to-git-HEAD in Makefile.am. We hope that the tarball produced this way is usable on all host but please let us know if you run into troubles like unpacking the tarball or that some generated file is rebuilt needlessly requiring some maintainer tool that shouldn't normally be needed. ** ChangeLog entries for recent releases are now in ChangeLog.2. The ChangeLog file contains entries since the last release only; earlier entries are found in ChangeLog.0, ChangeLog.1 or ChangeLog.2 depending on age. This allows the ChangeLog file to be dynamically generated even from a shallow git clone that only contain commits since the last release. Happy Hacking, Simon
signature.asc
Description: PGP signature
