bug-inetutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

inetutils-2.4 released [stable]


From: Simon Josefsson
Subject: inetutils-2.4 released [stable]
Date: Tue, 25 Oct 2022 23:21:07 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)

We are pleased to announce version 2.4 of The GNU Networking Utilities.

GNU Networking Utilities contain traditional networking utilities,
clients and servers, including ftp, telnet, inetd, rsh/rlogin, tftp,
talk, syslogd, ping, traceroute, whois, hostname, dnsdomainname,
ifconfig, and logger.

Happy hacking,
Simon

Here are the compressed sources:
  https://ftpmirror.gnu.org/inetutils/inetutils-2.4.tar.gz   (2.6MB)
  https://ftpmirror.gnu.org/inetutils/inetutils-2.4.tar.xz   (1.5MB)

Here are the GPG detached signatures:
  https://ftpmirror.gnu.org/inetutils/inetutils-2.4.tar.gz.sig
  https://ftpmirror.gnu.org/inetutils/inetutils-2.4.tar.xz.sig

Use a mirror for higher download bandwidth:
  https://www.gnu.org/order/ftp.html

Here are the SHA1 and SHA256 checksums:

52908bfc6e0bb6bbb54de4414e92c29fd13906d7  inetutils-2.4.tar.gz
dq7gwvCVRyhgDVEJVdaXpOwpMkMY54SEjbYG7jwJ42U  inetutils-2.4.tar.gz
df64dd4ea0e752a839dd51dd8a6a001c9c7d1e96  inetutils-2.4.tar.xz
F4nWsbGlff4qere1M+6fXf2cv1tZuxuzwmEu0I0PaLI  inetutils-2.4.tar.xz

The SHA256 checksum is base64 encoded, instead of the
hexadecimal encoding that most checksum tools default to.

Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify inetutils-2.4.tar.gz.sig

The signature should match the fingerprint of the following key:

  pub   ed25519 2019-03-20 [SC]
        B1D2 BD13 75BE CB78 4CF4  F8C4 D73C F638 C53C 06BE
  uid   Simon Josefsson <simon@josefsson.org>

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.

  gpg --locate-external-key simon@josefsson.org

  gpg --recv-keys 51722B08FE4745A2

  wget -q -O- 
'https://savannah.gnu.org/project/release-gpgkeys.php?group=inetutils&download=1'
 | gpg --import -

As a last resort to find the key, you can try the official GNU
keyring:

  wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg
  gpg --keyring gnu-keyring.gpg --verify inetutils-2.4.tar.gz.sig


This release was bootstrapped with the following tools:
  Gnulib 0814a293a4
  Autoconf 2.69
  Automake 1.16.3
  Bison 3.7.5
  M4 1.4.18
  Makeinfo 6.7
  Help2man 1.48.1
  Make 4.3
  Gzip 1.10
  Tar 1.34

NEWS

* Noteworthy changes in release 2.4 (2022-10-25) [stable]

** ifconfig

*** Support specifying prefix netmask lengths in -A.
Patch by Samuel Thibault <samuel.thibault@gnu.org>.

** Hurd: tell pfinet translator interfaces to configure
Patch by Samuel Thibault <samuel.thibault@gnu.org>.

** ftp

*** Avoid crash caused by signed integer overflow resulting in
out-of-bounds buffer access.  Reported by AiDai in
<https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00003.html>.

*** Avoid crash caused by heap buffer overflow.  Reported by ZFeiXQ in
<https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00016.html>.

*** Avoid crash caused by NULL pointer dereference.  Reported by AiDai in
<https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00004.html>.

*** Avoid crash caused by infinite macro recursion.  Reported by AiDai in
<https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00005.html>.

** telnetd

*** Avoid crash on 0xff 0xf7 (IAC EC) or 0xff 0xf8 (IAC EL).  CVE-2022-39028
https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html

** telnet

*** Fix a buffer overflow problem.  CVE-2019-0053
https://cgit.freebsd.org/src/commit/?id=14aab889f4e50072a6b914eb95ebbfa939539dad

** tftp

*** Avoid crashing when given unexpected or invalid commands from tty.
Reported by AiDai in
<https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00018.html>.

** Various bugs fixes, internal improvements and clean ups.
Update of gnulib and build fixes for C23.

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]