- update to 261 (bsc#1220157, CVE-2024-25711):

* Don't crash if we encounter an .rdb file without an
    equivalent .rdx file.
  * Actually test 7z support in the test_7z set of tests, not the
    lz4 functionality.
  * In addition, correctly check for the 7z binary being
    available (and not lz4) when testing 7z.
  * Prevent a traceback when comparing a contentful .pyc file
    with an empty one. (Re: Debian:#1064973)
  * Don't error-out with a traceback if we encounter
    "struct.unpack"-related errors when parsing .pyc files.
  * Fix compatibility with PyTest 8.0.
  * Don't try and compare rdb_expected_diff on non-GNU systems as
    %p formatting can vary.
  * Use the 7zip package (over p7zip-full) after package
    transition.
  * Parse the header and hunksize of diffs strictly before
    parsing the context below.
  * Reformat code to comply with the latest version of Black
    (24.1.1).
  * Expand the previous changelog entry to include the CVE number
    that was subsequently assigned.
  * Bump the miniumum Black requirement to run the "Black clean"
    test and make test_zip.py Black clean.
  * CVE-2024-25711: Use a determistic name when extracting
    content from GPG artifacts instead of trusting the value of
    gpg's --use- embedded-filenames.
  * Temporarily fix support for Python 3.11.8 re. a potential
    regression with the handling of ZIP files.
  * Add/fix compatibility for Python progressbar 2.5 & 3.0 etc.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/diffoscope?expand=0&rev=92

diffoscope-251.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ee8005c732cb11db3d488d7817cf104618ab6ffde98d786619a5b4496520a6fe
-size 3095764

diffoscope-251.tar.bz2.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmUo+OIACgkQHpU+J9Qx
-HlghnA/9HzS4msedatmezOWDxIA7RTjY+cdzQ7DQL143S/KJ7C8Zuh6m5liYe8DV
-RwoQtklN4vKAY1lRatLQbgdTzEOX/DfTCu4Ot/Q08prmJECOwYV9yCmzSoWcbq/3
-pUxKIbIN9FDctybHx2wzdHbco+spaiNL9QohJv2g3rHw18+KELfbFw2HIK6n+s3o
-xzPD1qvHGDmmuOYkrJx5YUYnvwnhkgNN3Mtzpfwzzw7veJ8JKTPT1Sw+T8jScj9c
-KZqX1ohdwRLU4cs1EhdtErVMUe8KBdXcvyvGNmJVeMT9cl39efMblxyev3SVdZCN
-/Xk/WTmHsT0dYLpzggku7oS5Oh7laGKHIl1xoC1FOEteW+IE5ytZmes4PfC8sA+t
-Bvim7ekevfk2Qv7izGLwQPchXC5x0JaTqp65fmo7crmfnNZHK2K/FaQPn3TddAxC
-Fp27kvDWs/pXykbfnT2AMkHvkNi5lARCeZf1+xv9euS8p2TnViosqPYATwAY3Ljv
-p6+7bVD4wvEXqyer4Ru+0D6spq85vUTVwVQ6Gvki5NTOXHQ+rlu5SYpwI3bGxOgE
-KhmJqbzdaPB3i3Fwq74D7yuSEEyKzenfQelVX7OeZnDAS68GcKG5wiZ4EYNe6LGo
-1KvifnKekB7Cf5SKrsEUQC5PJ/NXjtz2FrHqQiccs/lnoEH6hCM=
-=wwtm
------END PGP SIGNATURE-----

diffoscope-261.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:05bc58e70d94a7921a0c9c998309d40e6ebcdc6f152066959e152f68c4591ea5
+size 3116751

diffoscope-261.tar.bz2.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmX9UoAACgkQHpU+J9Qx
+HlinXg//eKgnP/iE8fKg2vdo2XWff5QkvBHCtHIGTwOQPlrXGsCtESXqA47jEx6G
+U1IUYJCo7qBXendULvTJamJoXfbYK/MDbsXq0DrlV6A6PY2NN0U2nPyQead1hNoL
+dy5sh14fdXkbjIcUE4sFeBsMHu6n60XCe4yJm7IoQquCnctxYBn+Rbay1KboRLO6
+lBhY5qUeiRyqEzAAG4I5Dz375b3Ey3DVNzmaS17ZW209tmjfq/Fj/TxmG9mQDZPo
+UfmuFAfBvZxD8RHb8j82dog1dN158yZOBKrpcZGD+CgX3vDHnGE6h5PIdHyXUl82
+j6Z2WMbCMFrATxozFlb02gVYlA+8GgAl6XOEO9vNJN8wnuunY1yEK6cdZdlU1Yqd
+sg9CZJz7iRspC6L96KIt6pomsVtUzLWQ4tlVl7IGE64+ukrlxNrwMHBO98IZUXQ3
+bpw78DYfh/dWJexNgNSgGN9C3jm3JJtsaWMP/7xesVC8VjC+4S5EMAUccM82o3SP
+IB815UG4CjwITOUIdoU63mTCWKlV+62tbRD+rQx++2a0cegxWqleyLc/HJHqvF7Q
+lZ9YMWQStoOCEU9efceJi14RQFkBn0Zcqt4JH1fOf9fQGUwI5081KsxE5wUOT1ih
+TB1hc65AYob1WWo1XocWhknLzQwoDUZoEq0GCKyphliekZOYxcQ=
+=/pxC
+-----END PGP SIGNATURE-----

diffoscope.changes

@@ -1,3 +1,49 @@
+-------------------------------------------------------------------
+Sun Mar 24 17:59:20 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 261 (bsc#1220157, CVE-2024-25711):
+  * Don't crash if we encounter an .rdb file without an
+    equivalent .rdx file.
+  * Actually test 7z support in the test_7z set of tests, not the
+    lz4 functionality.
+  * In addition, correctly check for the 7z binary being
+    available (and not lz4) when testing 7z.
+  * Prevent a traceback when comparing a contentful .pyc file
+    with an empty one. (Re: Debian:#1064973)
+  * Don't error-out with a traceback if we encounter
+    "struct.unpack"-related errors when parsing .pyc files.
+  * Fix compatibility with PyTest 8.0.
+  * Don't try and compare rdb_expected_diff on non-GNU systems as
+    %p formatting can vary.
+  * Use the 7zip package (over p7zip-full) after package
+    transition.
+  * Parse the header and hunksize of diffs strictly before
+    parsing the context below.
+  * Reformat code to comply with the latest version of Black
+    (24.1.1).
+  * Expand the previous changelog entry to include the CVE number
+    that was subsequently assigned.
+  * Bump the miniumum Black requirement to run the "Black clean"
+    test and make test_zip.py Black clean.
+  * CVE-2024-25711: Use a determistic name when extracting
+    content from GPG artifacts instead of trusting the value of
+    gpg's --use- embedded-filenames.
+  * Temporarily fix support for Python 3.11.8 re. a potential
+    regression with the handling of ZIP files.
+  * Add/fix compatibility for Python progressbar 2.5 & 3.0 etc.
+  * Add external tool on GNU Guix for 7z.
+  * Improve DOS/MBR extraction by adding support for 7z.
+  * Process objdump symbol comment filter inputs as the Python
+    "bytes" type (and not str). (Closes: reproducible-
+    builds/diffoscope#358)
+  * Add a missing RequiredToolNotFound import.
+  * Update copyright years.
+  * As UI/UX improvement, try and avoid printing an extended
+    traceback if diffoscope runs out of memory. This may not
+    always be possible to detect.
+  * Mark diffoscope as stable in setup.py (for PyPI.org).
+    Whatever diffoscope is, at least, not "alpha" anymore.
+
 -------------------------------------------------------------------
 Wed Nov  1 17:44:17 UTC 2023 - Andrea Manzini <andrea.manzini@suse.com>
 
@@ -6,16 +52,16 @@ Wed Nov  1 17:44:17 UTC 2023 - Andrea Manzini <andrea.manzini@suse.com>
 - Update to version 251:
   * If the equivalent of `file -i` returns text/plain, fallback to comparing
     this file as a text file. This especially helps when file(1) miscategorises
-    text files as some esoteric type. 
+    text files as some esoteric type.
 
 - Update to version 250:
-  * Fix compatibility with file 5.45. 
+  * Fix compatibility with file 5.45.
   * Add external tool references for GNU Guix (for html2text and ttx).
 
 - Update to version 249:
   * Add specialize_as() method, and use it to speed up .smali comparison in APKs.
   * Add documentation for the new specialize_as, and expand the documentation
-    of `specialize` too. 
+    of `specialize` too.
   * Correct typos in diffoscope/presenters/utils.py.
 
 - Update to version 246:
@@ -313,7 +359,7 @@ Mon Feb 21 11:21:46 UTC 2022 - Dirk Müller <dmueller@suse.com>
     penalising anyone outside of the Anglosphere.
     (Closes: reproducible-builds/diffoscope#291)
   * Don't print a warning to the console regarding NT_GNU_BUILD_ID changes in
-    ELF binaries. 
+    ELF binaries.
 
 -------------------------------------------------------------------
 Fri Feb 11 19:14:39 UTC 2022 - Sebastian Wagner <sebix+novell.com@sebix.at>

diffoscope.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package diffoscope
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           diffoscope
-Version:        251
+Version:        261
 Release:        0
 Summary:        In-depth comparison of files, archives, and directories
 License:        GPL-3.0-or-later
@@ -39,7 +39,7 @@ Requires:       python3-libarchive-c
 Requires:       python3-python-magic
 Requires:       python3-setuptools
 Requires(post): update-alternatives
-Requires(postun):update-alternatives
+Requires(postun): update-alternatives
 # Tools required for proper function of this program
 # in extras_require
 Recommends:     python3-distro