-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 26 Aug 2024 11:43:37 +0100
Source: diffoscope
Binary: diffoscope diffoscope-minimal
Architecture: all
Version: 240+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: all Build Daemon (x86-csail-02) <buildd_all-x86-csail-02@buildd.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 diffoscope - in-depth visual diff tool for files, archives and directories
 diffoscope-minimal - in-depth visual diff tool for files, archives and directories (mi
Closes: 1078883
Changes:
 diffoscope (240+deb12u1) stable; urgency=medium
 .
   [ Chris Lamb ]
   * Backport a patch by FC (Fay) Stegerman to fix a FTBFS caused by a
     .zip-related security fix that was included in Debian's own upload of
     python3.11 3.11.2-6+deb12u2 (see #1070133). Diffoscope's testsuite
     deliberately excercises a Mozilla-style ZIP file that has its Central
     Directory secton at the beginning of the file, rather than at the end. This
     breaks the new overlap check in Python's built-in zipfile.py library as
     that checks that every entry ends before the Central Directory begins. Many
     thanks to Fay for both the patch and related guidance. (Closes: #1078883)
   * Do not call marshal.loads() on precompiled Python bytecode as it is
     inherently unsafe. The loads() method can easily cause the CPython process
     running diffoscope to irretrievably crash (e.g. when presented with a newer
     .pyc format), and potentially permit of arbitrary code execution. Replace,
     for now, with a brief textual summary of the code section of .pyc files
     instead. For more information, see:
     <https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/371>
Checksums-Sha1:
 0afd4aa57667e79face687a6d96407fdbfe09492 146216 diffoscope-minimal_240+deb12u1_all.deb
 41b27849042cef015ce08be853ede439564a88df 32481 diffoscope_240+deb12u1_all-buildd.buildinfo
 6203dc2aa8965537335131048eb57706035da36a 35960 diffoscope_240+deb12u1_all.deb
Checksums-Sha256:
 0007c9e93ffb0ee1c840412a939590efde93124e0977daeaa45367e3608d733e 146216 diffoscope-minimal_240+deb12u1_all.deb
 6464c66ab49acfba158f9f50f52459c49dc6b44145d84d5da81ec0dca655ac26 32481 diffoscope_240+deb12u1_all-buildd.buildinfo
 f83e74842999e2741a6dbb5dd259e22bfa04649d7e963924fbf26b34e8d68aaf 35960 diffoscope_240+deb12u1_all.deb
Files:
 0c4bfcf22dee55b8eb62f59d9754e031 146216 devel optional diffoscope-minimal_240+deb12u1_all.deb
 488b7d57547c3f9296bca6b0a83380a3 32481 devel optional diffoscope_240+deb12u1_all-buildd.buildinfo
 ba9b358adf5530b240ccaad1370c657c 35960 devel optional diffoscope_240+deb12u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEzcbx6nIE/ydHa1FFigL77i1GSVkFAmbXQpEACgkQigL77i1G
SVkETg/8Coucu1P0nBDOZP90RED6ugmnpVCUhoxORNhkIMy/QpDXHomyuI2u15Ih
lOUvh/uThpQS5ujTfHq/w1NWcnxhIFBw/tc375W+As988yXUwEDvzFzPx6/rgkoj
qO8uWwNXNR+HhdCsnaEnZUgKfeud/uPLi+/gYbzMS8qV4SxKjoY7vyYBQgnffH5I
C0l7kQ72Emj8Dgmu1AUh1xgEwN8r/OO9ZEH1CCEDXsBJWn0th4jO0BdNNlk/GtJg
xlfKJz1tvtwIimLXAKWsOmSsAV5lTKodP6Bw81XuhgJwF4MazvAEyU05jAPxhETv
gdQnX3tfK0mQwrAWa8oPEH+IGzgZIopXZBifzotkAxY4XK69lyin18qHmkxHKqiO
Hr+djeKkSkRw6omxssaWsBpoF3iZ/ft9Mc88KCMqars2PfpOM4r4hg6yNQaPxDts
uVjQyOVAQRhWiKjZck9qEHYhMGE7z/vlXcoQI79+zKafwK3t5Yv3rnzyPuba6S6E
JNxfImr3C+6w4/gBcIEwLAG7ElQjxRA/pWPlloCR6GMubvogSpv0Q0MLh+kAe14L
Yw7ApsOvHSW+rdIgFSd9PYa9qO6BjqJHXbrYuVnOiH+jU0y70Ik31MclXAmi4Vs2
AwgUqiwdNYJrtZrBiayoP2qB7WInMuHYpvepkzGKEruSwPW9zqc=
=4z2K
-----END PGP SIGNATURE-----