---
- branch: MAIN
  date: Fri Apr 12 19:28:40 UTC 2024
  files:
  - new: '1.25'
    old: '1.24'
    path: pkgsrc/sysutils/py-diffoscope/Makefile
    pathrev: pkgsrc/sysutils/py-diffoscope/Makefile@1.25
    type: modified
  - new: '1.12'
    old: '1.11'
    path: pkgsrc/sysutils/py-diffoscope/PLIST
    pathrev: pkgsrc/sysutils/py-diffoscope/PLIST@1.12
    type: modified
  - new: '1.19'
    old: '1.18'
    path: pkgsrc/sysutils/py-diffoscope/distinfo
    pathrev: pkgsrc/sysutils/py-diffoscope/distinfo@1.19
    type: modified
  id: 20240412T192840Z.42e011c0b424c4d0b9d054c67432f192930b59cd
  log: "py-diffoscope: update to version 264\n\nChangelog (from https://salsa.debian.org/reproducible-builds/diffoscope/-/blob/master/debian/changelog?ref_type=heads):\n\ndiffoscope
    (264) unstable; urgency=medium\n  [ Chris Lamb ]\n  * Don't crash on invalid zipfiles,
    even if we encounter 'badness'\n    halfway through the file. (Re: #1068705)\n
    \ [ FC (Fay) Stegerman ]\n  * Fix a crash when there are (invalid) duplicate entries
    in .zip files.\n    (Closes: #1068705)\n  * Add note when there are duplicate
    entries in ZIP files.\n    (Closes: reproducible-builds/diffoscope!140)\n  [ Vagrant
    Cascadian ]\n  * Add an external tool reference for GNU Guix for zipdetails.\n
    -- Chris Lamb <lamby@debian.org>  Fri, 12 Apr 2024 09:38:55 +0100\ndiffoscope
    (263) unstable; urgency=medium\n  [ Chris Lamb ]\n  * Add support for the zipdetails(1)
    tool included in the Perl distribution.\n    Thanks to Larry Doolittle et al.
    for the pointer to this tool.\n  * Don't use parenthesis within test \"skippingâ\x80¦\"
    messages; PyTest adds its own\n    parenthesis, so we were ending up with double
    nested parens.\n  * Fix the .epub tests after supporting zipdetails(1).\n  * Update
    copyright years and debian/tests/control.\n  [ FC (Fay) Stegerman ]\n  * Fix MozillaZipContainer's
    monkeypatch after Python's zipfile module changed\n    to detect potentially insecure
    overlapping entries within .zip files.\n    (Closes: reproducible-builds/diffoscope#362)\n
    -- Chris Lamb <lamby@debian.org>  Fri, 05 Apr 2024 12:21:10 +0100\ndiffoscope
    (262) unstable; urgency=medium\n  [ Chris Lamb ]\n  * Factor out Python version
    checking in test_zip.py. (Re: #362)\n  * Also skip some zip tests under 3.10.14
    as well; a potential regression may\n    have been backported to the 3.10.x series.
    The underlying cause is still to\n    be investigated. (Re: #362)\n -- Chris Lamb
    <lamby@debian.org>  Fri, 29 Mar 2024 09:43:00 +0000\ndiffoscope (261) unstable;
    urgency=medium\n  [ Chris Lamb ]\n  * Don't crash if we encounter an .rdb file
    without an equivalent .rdx file.\n    (Closes: #1066991)\n  * In addition, don't
    identify Redis database dumps (etc.) as GNU R database\n    files based simply
    on their filename. (Re: #1066991)\n  * Update copyright years.\n -- Chris Lamb
    <lamby@debian.org>  Fri, 22 Mar 2024 09:42:15 +0000\ndiffoscope (260) unstable;
    urgency=medium\n  [ Chris Lamb ]\n  * Actually test 7z support in the test_7z
    set of tests, not the lz4\n    functionality. (Closes: reproducible-builds/diffoscope#359)\n
    \ * In addition, correctly check for the 7z binary being available\n    (and not
    lz4) when testing 7z.\n  * Prevent a traceback when comparing a contentful .pyc
    file with an\n    empty one. (Re: Debian:#1064973)\n\n -- Chris Lamb <lamby@debian.org>
    \ Fri, 08 Mar 2024 11:07:49 +0000\ndiffoscope (259) unstable; urgency=medium\n
    \ [ Chris Lamb ]\n  * Don't error-out with a traceback if we encounter \"struct.unpack\"-related\n
    \   errors when parsing .pyc files. (Closes: #1064973)\n  * Fix compatibility
    with PyTest 8.0. (Closes: reproducible-builds/diffoscope#365)\n  * Don't try and
    compare rdb_expected_diff on non-GNU systems as %p formatting\n    can vary. (Re:
    reproducible-builds/diffoscope#364)\n -- Chris Lamb <lamby@debian.org>  Fri, 01
    Mar 2024 09:34:23 +0000\ndiffoscope (258) unstable; urgency=medium\n  [ Chris
    Lamb ]\n  * Use the 7zip package (over p7zip-full) after package transition.\n
    \   (Closes: #1063559)\n  * Update debian/tests/control.\n  [ Vagrant Cascadian
    ]\n  * Fix a typo in the package name field (!) within debian/changelog.\n --
    Chris Lamb <lamby@debian.org>  Fri, 23 Feb 2024 11:31:52 +0000\ndiffoscope (257)
    unstable; urgency=medium\n  [ James Addison ]\n  * Parse the header and hunksize
    of diffs strictly before parsing the context\n    below. (Closes: reproducible-builds/diffoscope#363)\n
    \ * Reformat code to comply with the latest version of Black (24.1.1).\n  [ Chris
    Lamb ]\n  * Expand the previous changelog entry to include the CVE number that
    was\n    subsequently assigned.\n  * Bump the miniumum Black requirement to run
    the \"Black clean\" test and make\n    test_zip.py Black clean.\n -- Chris Lamb
    <lamby@debian.org>  Mon, 12 Feb 2024 10:08:35 -0800\ndiffoscope (256) unstable;
    urgency=high\n  * CVE-2024-25711: Use a determistic name when extracting content
    from GPG\n    artifacts instead of trusting the value of gpg's --use-embedded-filenames.\n
    \   This prevents a potential information disclosure vulnerability that could\n
    \   have been exploited by providing a specially-crafted GPG file with an\n    embedded
    filename of, say, \"../../.ssh/id_rsa\".\n    Many thanks to Daniel Kahn Gillmor
    <dkg@debian.org> for reporting this\n    issue and providing feedback.\n    (Closes:
    reproducible-builds/diffoscope#361)\n  * Temporarily fix support for Python 3.11.8
    re. a potential regression\n    with the handling of ZIP files. (See reproducible-builds/diffoscope#362)\n
    -- Chris Lamb <lamby@debian.org>  Fri, 09 Feb 2024 12:22:37 -0800\n"
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/sysutils/py-diffoscope'
  unixtime: '1712950120'
  user: nikita