1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted diffoscope 240+deb12u1 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Tue Sep 3 18:50:01 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Mon, 26 Aug 2024 11:43:37 +0100
    Source: diffoscope
    Built-For-Profiles: nocheck
    Architecture: source
    Version: 240+deb12u1
    Distribution: stable
    Urgency: medium
    Maintainer: Reproducible builds folks <reproducible-builds@lists.alioth.debian.org>
    Changed-By: Chris Lamb <lamby@debian.org>
    Closes: 1078883
    Changes:
    diffoscope (240+deb12u1) stable; urgency=medium
    .
    [ Chris Lamb ]
    * Backport a patch by FC (Fay) Stegerman to fix a FTBFS caused by a
    .zip-related security fix that was included in Debian's own upload of
    python3.11 3.11.2-6+deb12u2 (see #1070133). Diffoscope's testsuite
    deliberately excercises a Mozilla-style ZIP file that has its Central
    Directory secton at the beginning of the file, rather than at the end. This
    breaks the new overlap check in Python's built-in zipfile.py library as
    that checks that every entry ends before the Central Directory begins. Many
    thanks to Fay for both the patch and related guidance. (Closes: #1078883)
    * Do not call marshal.loads() on precompiled Python bytecode as it is
    inherently unsafe. The loads() method can easily cause the CPython process
    running diffoscope to irretrievably crash (e.g. when presented with a newer
    .pyc format), and potentially permit of arbitrary code execution. Replace,
    for now, with a brief textual summary of the code section of .pyc files
    instead. For more information, see:
    <https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/371> Checksums-Sha1:
    618824e4657b53c86c5403b724286e8336228ad3 5183 diffoscope_240+deb12u1.dsc
    3fc068320bad4c5e4bf98cbd1b8170549cdaa473 2442344 diffoscope_240+deb12u1.tar.xz
    c891561479979bc901a4863d2e38c56730b71ee5 7234 diffoscope_240+deb12u1_amd64.buildinfo
    Checksums-Sha256:
    5107c359ec1637d82e8041160b22054123d21fcf500e9358fdcdac904c8fb1b8 5183 diffoscope_240+deb12u1.dsc
    88c102de0011563bac39f8c8a5b19304e926600fd225aa6d5c108e2b0fc16adc 2442344 diffoscope_240+deb12u1.tar.xz
    38711632fbf6dd0447c7817000d2bad076fbb48df0ebc167ba38cd92674e0715 7234 diffoscope_240+deb12u1_amd64.buildinfo
    Files:
    468c71271c19c5e272b3b46827e9d743 5183 devel optional diffoscope_240+deb12u1.dsc
    05e75e2b148bfa807f36454b2ec06c24 2442344 devel optional diffoscope_240+deb12u1.tar.xz
    cdaf26b8ffe90ba684ae089f881d870e 7234 devel optional diffoscope_240+deb12u1_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmbW1UgACgkQHpU+J9Qx HliUgxAAhfX9w/UYU4VoZzxtSVxTrP5ZG+rsK+vo9z0aAahQD+dGWbXJniJnl8AM ahl5D+lshKpkBIDiYiDTXeLY04UjIIBEbQYZKrgjDcmm2L3Kk1/6/PCtYbR3AhrB jUyH9EKP7PH7w/+aij1BvbvOGmnNXBJzV3MbEQft8w1haE7VvZKRTVaOSoeDE/jr CKlZzKP6tfZOQyk0Iehur7e/nbxKEx5oE0QDqbu/XkPBS6ztMHzvrWMvsov7i8Jy HjIeCtvCCYLCeNQXdnKuxc1VLXuimJMJRwrdR/AI+/XN9vCfMsOiXdE0K0joQg8S 1Pn9hXzWeO2bW5uRCN6E9GtFmHUWek9UWdILX0DPGfoiWc5hvZl92pBuHrbLtYn9 lHdqKSut1Eg8szY7skLI1CD6AIriObvEFwXiVJ1fZ088rUf7pQxWHSKPKm3t7btF sPUPgEVoJ2Y0GygnVxA73/JJIh/9HXVAfEbEWAAo0MzAo62bPTof3zux/6gsRJ22 kD24ilaiRfBL5PssGwl3Qn68sK+95ZvP87pgjnjYsjWEJWFV3xfhlqFEOVtdcp09 eN0oHCXd9CTR996V/qsokvf+5z7uVnpJ6B66vxDu9nzFLEcHbt45yVLGtic2qtkr rG7HHNEeY2A5vwaHk4+Mcn5edLh11qmlipblbJxYafOTQWZmdHc=
    =Ywa4
    -----END PGP SIGNATURE-----


    --==============☻22082357866850438=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZtc9jAAKCRCb9qggYcy5 IV2LAP4nnywy8toDNw/3uDHmcBQhfkmL0oUeU4qvT5xwDUXaIQEA51AlZluDr7x8 IIvUW/wI5tgm4+1sdzxuj1HhoYgSywg=xFBt
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)