Accepted diffoscope 256 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted diffoscope 256 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Fri, 09 Feb 2024 20:56:47 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: diffoscope_256_amd64.changes
- Debian-source: diffoscope
- Debian-suite: unstable
- Debian-version: 256
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=BNU+IfUzzjRc038EygTsj4EQJwWazZmp03puSzXAD1o=; b=O0BDsDFyi3bfRzeGE6gUQDJbX4 WP/BRBWDulZyUvU7wpH5lqMwQ8t4v07BHj4lSTvP2dh7chcXLCxN6EO2dkt4BraasbJaHC1ti4x9O 0MpRBSCcolVRqefQOvZgJm9EGWzXXCmIDOy5KonexZLOrVcUSVAH5tUHMvyeleQ+iseNT0CGzm6yl /tRzCsF6SR8qr5+kBwvL3puk81/FwKxVxYhlaMJZY6dDfktrWNXxuDJvURfGH1jmhxaa7JZcUPZaz Jyd2C1R5TApCdMh8t2bC4whrAPUW+G9NRjetY2q5zX6klbadQ6Xj6WMvT7AgPDRMyOHhbAzON/prV RTmxJ9kw==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1rYXvT-00FA4B-U7@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 09 Feb 2024 12:22:37 -0800
Source: diffoscope
Built-For-Profiles: nocheck
Architecture: source
Version: 256
Distribution: unstable
Urgency: high
Maintainer: Reproducible builds folks <reproducible-builds@lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Changes:
diffoscope (256) unstable; urgency=high
.
* Use a determistic name when extracting content from GPG artifacts instead
of trusting the value of gpg's --use-embedded-filenames. This prevents a
potential information disclosure vulnerability that could have been
exploited by providing a specially-crafted GPG file with an embedded
filename of, say, "../../.ssh/id_rsa". Many thanks to Daniel Kahn Gillmor
<dkg@debian.org> for reporting this issue and providing feedback.
(Closes: reproducible-builds/diffoscope#361)
* Temporarily fix support for Python 3.11.8 re. a potential regression
with the handling of ZIP files. (See reproducible-builds/diffoscope#362)
Checksums-Sha1:
4b1e814d39bb41bca62b1b4a21e2fddff7ae73f6 5179 diffoscope_256.dsc
550f068feeed5b9daaf90f5d205d7a0af314c015 2451936 diffoscope_256.tar.xz
d6c50efd148b08264c6acb8cbd1026c270250555 7502 diffoscope_256_amd64.buildinfo
Checksums-Sha256:
039563f19ebc3b97ecab902555dd424cf135fb8ea50ff087539f6f64c2bf6e96 5179 diffoscope_256.dsc
59d59659979ab62f875e9b7d2ca3fc39540d70238421780310a58b1296bad541 2451936 diffoscope_256.tar.xz
db85072b75f1dc70ce98fcef23396d75bd68dfac87c0b26043117e96bc0c8f08 7502 diffoscope_256_amd64.buildinfo
Files:
02c33595d6b364ff2eab584ced015b73 5179 devel optional diffoscope_256.dsc
b7b94774b1ed5f92621f8087ea29fb7d 2451936 devel optional diffoscope_256.tar.xz
5564240f26c22b5d714bb21cd125f3b0 7502 devel optional diffoscope_256_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmXGikgACgkQHpU+J9Qx
Hliz0A//VeWk1DzrzQoJUAUDe8URnUzg6ciyi5ng6q7yhlI9yXjPnl/svu0TOxQh
qCA9rqBQ+KBD6O6FV8kfXfpx/3S3zg6zDa1oyIUWEnEtn5oN4z9+iL6MMJ8DzCKz
D2GSxdtYsSOK3bmB5PRAIZcPlbgobBMqppVW5ZOAyFxT2F66wyw91p7vpB4oNfSv
qUmYh0bn5BAobHjpVQ0MEjrGytHbgPWrFX3V7cEqV4q4/CT38YG7ColDfF7XdNoS
aZOe9fwdCzlZ+3VS0Ja9NTKBIUB97unlkO7jUk+cNud0ZT9hvxCfD4Ka5yU7NLM8
pRB+f2+ACQmgUXQTo4lKL3Nfcs8KSfSmr9D7P10csX+39xqSEnNyRRFB5JLmVgRa
ab7t4naMUg1Na20Ieq5AvFkrymq+qz2/JZM/bLEDhbZxMls6XzLd0kuo9XRZickP
OoWaR7z1Om2R/gkjJtzcSiYcqJsWBQOtqgCQFvafrpy8k7bmD+g2kSvVLsz2I8Qo
bUAs+npJKICpLFBNAjK0MdSkM+sAzIeDCZLe4uYgg7FgrGZdm6EWEvJwQsvkPnvR
57DuZw6xCci9EP45nhfbuq93nn3AnV9OmIvKVGiSDjPoL4qer8jC7Nn62UetirU0
Q9IVseE0qsNzzsVwlaw8ysTyViLX2kyJk0kfxnr+VhhobckiLPs=
=hGZ8
-----END PGP SIGNATURE-----