Hello, This is to announce the release of GNU tar version 1.31. This is a stable release. Please see the end of this mail for a list of noteworthy changes.
Here are the compressed sources: http://ftp.gnu.org/gnu/tar/tar-1.31.tar.gz (4.1MB) http://ftp.gnu.org/gnu/tar/tar-1.31.tar.bz2 (2.9MB) http://ftp.gnu.org/gnu/tar/tar-1.31.tar.xz (2.1MB) Here are the GPG detached signatures[*]: http://ftp.gnu.org/gnu/tar/tar-1.31.tar.gz.sig http://ftp.gnu.org/gnu/tar/tar-1.31.tar.bz2.sig http://ftp.gnu.org/gnu/tar/tar-1.31.tar.xz.sig Use a mirror for higher download bandwidth: https://www.gnu.org/order/ftp.html Here are the MD5 and SHA1 checksums: f2d3b2c7130390f2fd204527c4c22aa5 tar-1.31.tar.gz 77afa35b696c8d760331fa0e12c2fac9 tar-1.31.tar.bz2 bc9a89da1185ceb2210de12552c43ce2 tar-1.31.tar.xz 5822902d1bc1e9159aa2ad4bfef8802f940610bf tar-1.31.tar.gz 2a0a6f04b9b51136836f1344b555076ab15ed03e tar-1.31.tar.bz2 ad53ec4fa815177ab8dbcaa27a42557295142f94 tar-1.31.tar.xz [*] Use a .sig file to verify that the corresponding file (without the .sig suffix) is intact. First, be sure to download both the .sig file and the corresponding tarball. Then, run a command like this: gpg --verify tar-1.31.tar.gz.sig If that command fails because you don't have the required public key, then run this command to import it: gpg --keyserver keys.gnupg.net --recv-keys 3602B07F55D0C732 and rerun the 'gpg --verify' command. This release was bootstrapped with the following tools: Autoconf 2.69 Automake 1.15 Makeinfo 5.9.93 Gnulib v0.1-2313-g4652c7b List of changes in this release: * Fix heap-buffer-overrun with --one-top-level. Bug introduced with the addition of that option in 1.28. * Support for zstd compression New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line Names of members to extract can be specified along with the "-K NAME" option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. * Fix CVE-2018-20482 When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. Regards, Sergey
