Fri Apr 12 19:28:40 2024 UTC (44d)
py-diffoscope: update to version 264

Changelog (from https://salsa.debian.org/reproducible-builds/diffoscope/-/blob/master/debian/changelog?ref_type=heads):

diffoscope (264) unstable; urgency=medium
  [ Chris Lamb ]
  * Don't crash on invalid zipfiles, even if we encounter 'badness'
    halfway through the file. (Re: #1068705)
  [ FC (Fay) Stegerman ]
  * Fix a crash when there are (invalid) duplicate entries in .zip files.
    (Closes: #1068705)
  * Add note when there are duplicate entries in ZIP files.
    (Closes: reproducible-builds/diffoscope!140)
  [ Vagrant Cascadian ]
  * Add an external tool reference for GNU Guix for zipdetails.
 -- Chris Lamb <lamby@debian.org>  Fri, 12 Apr 2024 09:38:55 +0100
diffoscope (263) unstable; urgency=medium
  [ Chris Lamb ]
  * Add support for the zipdetails(1) tool included in the Perl distribution.
    Thanks to Larry Doolittle et al. for the pointer to this tool.
  * Don't use parenthesis within test "skipping…" messages; PyTest adds its own
    parenthesis, so we were ending up with double nested parens.
  * Fix the .epub tests after supporting zipdetails(1).
  * Update copyright years and debian/tests/control.
  [ FC (Fay) Stegerman ]
  * Fix MozillaZipContainer's monkeypatch after Python's zipfile module changed
    to detect potentially insecure overlapping entries within .zip files.
    (Closes: reproducible-builds/diffoscope#362)
 -- Chris Lamb <lamby@debian.org>  Fri, 05 Apr 2024 12:21:10 +0100
diffoscope (262) unstable; urgency=medium
  [ Chris Lamb ]
  * Factor out Python version checking in test_zip.py. (Re: #362)
  * Also skip some zip tests under 3.10.14 as well; a potential regression may
    have been backported to the 3.10.x series. The underlying cause is still to
    be investigated. (Re: #362)
 -- Chris Lamb <lamby@debian.org>  Fri, 29 Mar 2024 09:43:00 +0000
diffoscope (261) unstable; urgency=medium
  [ Chris Lamb ]
  * Don't crash if we encounter an .rdb file without an equivalent .rdx file.
    (Closes: #1066991)
  * In addition, don't identify Redis database dumps (etc.) as GNU R database
    files based simply on their filename. (Re: #1066991)
  * Update copyright years.
 -- Chris Lamb <lamby@debian.org>  Fri, 22 Mar 2024 09:42:15 +0000
diffoscope (260) unstable; urgency=medium
  [ Chris Lamb ]
  * Actually test 7z support in the test_7z set of tests, not the lz4
    functionality. (Closes: reproducible-builds/diffoscope#359)
  * In addition, correctly check for the 7z binary being available
    (and not lz4) when testing 7z.
  * Prevent a traceback when comparing a contentful .pyc file with an
    empty one. (Re: Debian:#1064973)

 -- Chris Lamb <lamby@debian.org>  Fri, 08 Mar 2024 11:07:49 +0000
diffoscope (259) unstable; urgency=medium
  [ Chris Lamb ]
  * Don't error-out with a traceback if we encounter "struct.unpack"-related
    errors when parsing .pyc files. (Closes: #1064973)
  * Fix compatibility with PyTest 8.0. (Closes: reproducible-builds/diffoscope#365)
  * Don't try and compare rdb_expected_diff on non-GNU systems as %p formatting
    can vary. (Re: reproducible-builds/diffoscope#364)
 -- Chris Lamb <lamby@debian.org>  Fri, 01 Mar 2024 09:34:23 +0000
diffoscope (258) unstable; urgency=medium
  [ Chris Lamb ]
  * Use the 7zip package (over p7zip-full) after package transition.
    (Closes: #1063559)
  * Update debian/tests/control.
  [ Vagrant Cascadian ]
  * Fix a typo in the package name field (!) within debian/changelog.
 -- Chris Lamb <lamby@debian.org>  Fri, 23 Feb 2024 11:31:52 +0000
diffoscope (257) unstable; urgency=medium
  [ James Addison ]
  * Parse the header and hunksize of diffs strictly before parsing the context
    below. (Closes: reproducible-builds/diffoscope#363)
  * Reformat code to comply with the latest version of Black (24.1.1).
  [ Chris Lamb ]
  * Expand the previous changelog entry to include the CVE number that was
    subsequently assigned.
  * Bump the miniumum Black requirement to run the "Black clean" test and make
    test_zip.py Black clean.
 -- Chris Lamb <lamby@debian.org>  Mon, 12 Feb 2024 10:08:35 -0800
diffoscope (256) unstable; urgency=high
  * CVE-2024-25711: Use a determistic name when extracting content from GPG
    artifacts instead of trusting the value of gpg's --use-embedded-filenames.
    This prevents a potential information disclosure vulnerability that could
    have been exploited by providing a specially-crafted GPG file with an
    embedded filename of, say, "../../.ssh/id_rsa".
    Many thanks to Daniel Kahn Gillmor <dkg@debian.org> for reporting this
    issue and providing feedback.
    (Closes: reproducible-builds/diffoscope#361)
  * Temporarily fix support for Python 3.11.8 re. a potential regression
    with the handling of ZIP files. (See reproducible-builds/diffoscope#362)
 -- Chris Lamb <lamby@debian.org>  Fri, 09 Feb 2024 12:22:37 -0800


(nikita)
diff -r1.24 -r1.25 pkgsrc/sysutils/py-diffoscope/Makefile
diff -r1.11 -r1.12 pkgsrc/sysutils/py-diffoscope/PLIST
diff -r1.18 -r1.19 pkgsrc/sysutils/py-diffoscope/distinfo
cvs diff -r1.24 -r1.25 pkgsrc/sysutils/py-diffoscope/Makefile (expand / switch to unified diff)

--- pkgsrc/sysutils/py-diffoscope/Makefile 2024/01/28 21:04:45 1.24
+++ pkgsrc/sysutils/py-diffoscope/Makefile 2024/04/12 19:28:40 1.25
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1# $NetBSD: Makefile,v 1.24 2024/01/28 21:04:45 adam Exp $ 1# $NetBSD: Makefile,v 1.25 2024/04/12 19:28:40 nikita Exp $
2 2
3DISTNAME= diffoscope-255 3DISTNAME= diffoscope-264
4PKGNAME= ${PYPKGPREFIX}-${DISTNAME} 4PKGNAME= ${PYPKGPREFIX}-${DISTNAME}
5CATEGORIES= sysutils python 5CATEGORIES= sysutils python
6MASTER_SITES= ${MASTER_SITE_PYPI:=d/diffoscope/} 6MASTER_SITES= ${MASTER_SITE_PYPI:=d/diffoscope/}
7 7
8MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= pkgsrc-users@NetBSD.org
9HOMEPAGE= https://diffoscope.org/ 9HOMEPAGE= https://diffoscope.org/
10COMMENT= In-depth comparison of files, archives, and directories 10COMMENT= In-depth comparison of files, archives, and directories
11LICENSE= gnu-gpl-v3 11LICENSE= gnu-gpl-v3
12 12
13TOOL_DEPENDS+= ${PYPKGPREFIX}-setuptools-[0-9]*:../../devel/py-setuptools 13TOOL_DEPENDS+= ${PYPKGPREFIX}-setuptools-[0-9]*:../../devel/py-setuptools
14TOOL_DEPENDS+= ${PYPKGPREFIX}-wheel-[0-9]*:../../devel/py-wheel 14TOOL_DEPENDS+= ${PYPKGPREFIX}-wheel-[0-9]*:../../devel/py-wheel
15DEPENDS+= ${PYPKGPREFIX}-libarchive-c-[0-9]*:../../archivers/py-libarchive-c 15DEPENDS+= ${PYPKGPREFIX}-libarchive-c-[0-9]*:../../archivers/py-libarchive-c
16DEPENDS+= ${PYPKGPREFIX}-magic-[0-9]*:../../sysutils/py-magic 16DEPENDS+= ${PYPKGPREFIX}-magic-[0-9]*:../../sysutils/py-magic
cvs diff -r1.11 -r1.12 pkgsrc/sysutils/py-diffoscope/PLIST (expand / switch to unified diff)

--- pkgsrc/sysutils/py-diffoscope/PLIST 2024/01/24 23:53:04 1.11
+++ pkgsrc/sysutils/py-diffoscope/PLIST 2024/04/12 19:28:40 1.12
@@ -1,30 +1,30 @@ @@ -1,30 +1,30 @@
1@comment $NetBSD: PLIST,v 1.11 2024/01/24 23:53:04 adam Exp $ 1@comment $NetBSD: PLIST,v 1.12 2024/04/12 19:28:40 nikita Exp $
2bin/diffoscope-${PYVERSSUFFIX} 2bin/diffoscope-${PYVERSSUFFIX}
3${PYSITELIB}/${WHEEL_INFODIR}/COPYING 3${PYSITELIB}/${WHEEL_INFODIR}/COPYING
4${PYSITELIB}/${WHEEL_INFODIR}/METADATA 4${PYSITELIB}/${WHEEL_INFODIR}/METADATA
5${PYSITELIB}/${WHEEL_INFODIR}/RECORD 5${PYSITELIB}/${WHEEL_INFODIR}/RECORD
6${PYSITELIB}/${WHEEL_INFODIR}/WHEEL 6${PYSITELIB}/${WHEEL_INFODIR}/WHEEL
7${PYSITELIB}/${WHEEL_INFODIR}/entry_points.txt 7${PYSITELIB}/${WHEEL_INFODIR}/entry_points.txt
8${PYSITELIB}/${WHEEL_INFODIR}/top_level.txt 8${PYSITELIB}/${WHEEL_INFODIR}/top_level.txt
9${PYSITELIB}/diffoscope/__init__.py 9${PYSITELIB}/diffoscope/__init__.py
10${PYSITELIB}/diffoscope/__init__.pyc 10${PYSITELIB}/diffoscope/__init__.pyc
11${PYSITELIB}/diffoscope/__init__.pyo 11${PYSITELIB}/diffoscope/__init__.pyo
12${PYSITELIB}/diffoscope/changes.py 12${PYSITELIB}/diffoscope/changes.py
13${PYSITELIB}/diffoscope/changes.pyc 13${PYSITELIB}/diffoscope/changes.pyc
14${PYSITELIB}/diffoscope/changes.pyo 14${PYSITELIB}/diffoscope/changes.pyo
15${PYSITELIB}/diffoscope/comparators/7z.py 15${PYSITELIB}/diffoscope/comparators/sevenz.py
16${PYSITELIB}/diffoscope/comparators/7z.pyc 16${PYSITELIB}/diffoscope/comparators/sevenz.pyc
17${PYSITELIB}/diffoscope/comparators/7z.pyo 17${PYSITELIB}/diffoscope/comparators/sevenz.pyo
18${PYSITELIB}/diffoscope/comparators/__init__.py 18${PYSITELIB}/diffoscope/comparators/__init__.py
19${PYSITELIB}/diffoscope/comparators/__init__.pyc 19${PYSITELIB}/diffoscope/comparators/__init__.pyc
20${PYSITELIB}/diffoscope/comparators/__init__.pyo 20${PYSITELIB}/diffoscope/comparators/__init__.pyo
21${PYSITELIB}/diffoscope/comparators/android.py 21${PYSITELIB}/diffoscope/comparators/android.py
22${PYSITELIB}/diffoscope/comparators/android.pyc 22${PYSITELIB}/diffoscope/comparators/android.pyc
23${PYSITELIB}/diffoscope/comparators/android.pyo 23${PYSITELIB}/diffoscope/comparators/android.pyo
24${PYSITELIB}/diffoscope/comparators/apk.py 24${PYSITELIB}/diffoscope/comparators/apk.py
25${PYSITELIB}/diffoscope/comparators/apk.pyc 25${PYSITELIB}/diffoscope/comparators/apk.pyc
26${PYSITELIB}/diffoscope/comparators/apk.pyo 26${PYSITELIB}/diffoscope/comparators/apk.pyo
27${PYSITELIB}/diffoscope/comparators/ar.py 27${PYSITELIB}/diffoscope/comparators/ar.py
28${PYSITELIB}/diffoscope/comparators/ar.pyc 28${PYSITELIB}/diffoscope/comparators/ar.pyc
29${PYSITELIB}/diffoscope/comparators/ar.pyo 29${PYSITELIB}/diffoscope/comparators/ar.pyo
30${PYSITELIB}/diffoscope/comparators/arsc.py 30${PYSITELIB}/diffoscope/comparators/arsc.py
cvs diff -r1.18 -r1.19 pkgsrc/sysutils/py-diffoscope/distinfo (expand / switch to unified diff)

--- pkgsrc/sysutils/py-diffoscope/distinfo 2024/01/28 21:04:45 1.18
+++ pkgsrc/sysutils/py-diffoscope/distinfo 2024/04/12 19:28:40 1.19
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
1$NetBSD: distinfo,v 1.18 2024/01/28 21:04:45 adam Exp $ 1$NetBSD: distinfo,v 1.19 2024/04/12 19:28:40 nikita Exp $
2 2
3BLAKE2s (diffoscope-255.tar.gz) = 040064a0e7f0f6829a75d2d4b62e9733686986aa6a7ce4a5f75365838bfd929b 3BLAKE2s (diffoscope-264.tar.gz) = c50deec25fbe9cc13c767529515fd275bd719ae17b81b811c0bb6bca64112841
4SHA512 (diffoscope-255.tar.gz) = ec1e04734fea3dd8504f857b68704c4f0aa4007507c404f0c557c56bd1902da703907b7bfda2c465bc2ccb36a3d496404058adf7ec123bc22c210b7bdef68d64 4SHA512 (diffoscope-264.tar.gz) = 8ec98d3c117ff7555398c4d2e8035a8a4c721d4f0274b6e478cbd3bdf3d8d5be19bfe344aa874dc60da2272695d5fc1cb7913bb488dd80fa4d8e14c1e276b31e
5Size (diffoscope-255.tar.gz) = 3170546 bytes 5Size (diffoscope-264.tar.gz) = 3284441 bytes