[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-tar] tar-1.31 released [stable]

From: Sergey Poznyakoff
Subject: [Bug-tar] tar-1.31 released [stable]
Date: Wed, 02 Jan 2019 21:12:22 +0200


This is to announce the release of GNU tar version 1.31. This is a stable
release. Please see the end of this mail for a list of noteworthy changes.

Here are the compressed sources:
  http://ftp.gnu.org/gnu/tar/tar-1.31.tar.gz   (4.1MB)
  http://ftp.gnu.org/gnu/tar/tar-1.31.tar.bz2  (2.9MB)
  http://ftp.gnu.org/gnu/tar/tar-1.31.tar.xz   (2.1MB)

Here are the GPG detached signatures[*]:

Use a mirror for higher download bandwidth:

Here are the MD5 and SHA1 checksums:

f2d3b2c7130390f2fd204527c4c22aa5  tar-1.31.tar.gz
77afa35b696c8d760331fa0e12c2fac9  tar-1.31.tar.bz2
bc9a89da1185ceb2210de12552c43ce2  tar-1.31.tar.xz
5822902d1bc1e9159aa2ad4bfef8802f940610bf  tar-1.31.tar.gz
2a0a6f04b9b51136836f1344b555076ab15ed03e  tar-1.31.tar.bz2
ad53ec4fa815177ab8dbcaa27a42557295142f94  tar-1.31.tar.xz

[*] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify tar-1.31.tar.gz.sig

If that command fails because you don't have the required public key,
then run this command to import it:

  gpg --keyserver keys.gnupg.net --recv-keys 3602B07F55D0C732

and rerun the 'gpg --verify' command.

This release was bootstrapped with the following tools:
  Autoconf 2.69
  Automake 1.15
  Makeinfo 5.9.93
  Gnulib v0.1-2313-g4652c7b

List of changes in this release:

* Fix heap-buffer-overrun with --one-top-level.

Bug introduced with the addition of that option in 1.28.

* Support for zstd compression

New option '--zstd' instructs tar to use zstd as compression program.
When listing, extractng and comparing, zstd compressed archives are
recognized automatically.
When '-a' option is in effect, zstd compression is selected if the
destination archive name ends in '.zst' or '.tzst'.

* The -K option interacts properly with member names given in the command line

Names of members to extract can be specified along with the "-K NAME"
option. In this case, tar will extract NAME and those of named members
that appear in the archive after it, which is consistent with the
semantics of the option.

* Fix CVE-2018-20482

When creating archives with the --sparse option, previous versions of
tar would loop endlessly if a sparse file had been truncated while
being archived.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]