Please be informed that GNU cpio version 2.14 is available for
download.  See end of this message for the list of noteworthy
changes in this release.

Here are the compressed sources:
  https://ftp.gnu.org/gnu/cpio/cpio-2.14.tar.gz    (2.1MB)
  https://ftp.gnu.org/gnu/cpio/cpio-2.14.tar.bz2   (1.5MB)

Here are the GPG detached signatures[*]:

Use a mirror for higher download bandwidth:

Here are the SHA1 and SHA256 checksums:

f304fe18df5af642c87f240dd5631bfcee9ba8ed  cpio-2.14.tar.gz
FFo0D9nVXwuEd5pEoS1fedd8mWY5Z/jPoWjXkFylJFQ  cpio-2.14.tar.gz
cbac50a61079b6f3bdcf9ffe42171d9257cfe877  cpio-2.14.tar.bz2
/NwV1g9yZ6b8fvzWudt7bIlmxPL7u5ZMJNQTNv0/LBI  cpio-2.14.tar.bz2

Verify the base64 SHA256 checksum with cksum -a sha256 --check
from coreutils-9.2 or OpenBSD's cksum since 2007.

[*] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify cpio-2.14.tar.gz.sig

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to update
or refresh it, and then rerun the 'gpg --verify' command.

  gpg --recv-keys 3602B07F55D0C732

Noteworthy changes in this release:

* New option --ignore-dirnlink

Valid in copy-out mode, it instructs cpio to ignore the actual number
of links reported for each directory member and always store 2

* Changes in --reproducible option

The --reproducible option implies --ignore-dirlink.  In other words,
it is equivalent to --ignore-devno --ignore-dirnlink --renumber-inodes.

* Use GNU ls algorithm for deciding timestamp format in -tv mode

* Bugfixes

** Fix cpio header verification.

** Fix handling of device numbers on copy out.

** Fix calculation of CRC in copy-out mode.

** Rewrite the fix for CVE-2015-1197.

** Fix combination of --create --append --directory.

** Fix appending to archives bigger than 2G.


Reply via email to