diffoscope - Debian Package Tracker

general

source: diffoscope (main)
version: 295
maintainer: Reproducible builds folks (archive) (DMD)
uploaders: Chris Lamb [DMD] – Mattia Rizzolo [DMD] – Holger Levsen [DMD]
arch: all
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 113
oldstable: 177
old-bpo: 238~bpo11+1
stable: 240+deb12u1
testing: 294
unstable: 295

versioned links

113: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
177: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
238~bpo11+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
240+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
294: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
295: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

diffoscope (28 bugs: 0, 12, 16, 0)
diffoscope-minimal

action needed

Depends on packages which need a new maintainer normal

The packages that diffoscope depends on which need a new maintainer are:

tlsh (#1087262)
- Recommends: python3-tlsh python3-tlsh
- Build-Depends: python3-tlsh
db-defaults (#1055344)
- Recommends: db-util db-util
- Build-Depends: db-util

Created: 2019-11-22 Last update: 2025-05-16 13:31

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 296, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit b1b0d849f205a217b846f9e4a81064fe2e5f42b6
Author: Chris Lamb <lamby@debian.org>
Date:   Tue May 13 15:22:50 2025 -0700

    Don't rely on zipdetails' --walk being available, and only add that argument on newer versions. (Closes: reproducible-builds/diffoscope#408)

commit 4759117832063314983ce1f1d02cdd4f7388bed9
Author: Chris Lamb <lamby@debian.org>
Date:   Tue May 13 15:13:09 2025 -0700

    Revert "Allow stable-bpo to fail for now."
    
    Was added to allow contributor to merge MR.
    
    This reverts commit 8425d51cc516a4ab15bc4acad4d53f8930d1dba0.

commit 09abd4cddbebdf0f2310c47dc562826e44f18088
Author: Omair Majid <omajid@redhat.com>
Date:   Mon Apr 14 18:44:16 2025 -0400

    Add NuGet package support
    
    NuGet packages (commonly with file extension .nupkg) are used by .NET to
    transport libraries, similar to jar files. NuGet packages are
    essentially zip files with some expected contents. A mininial library
    looks like this:
    
            $ unzip -l ClassLibrary.0.0.1.nupkg
            Archive:  ClassLibrary.0.0.1.nupkg
              Length      Date    Time    Name
            ---------  ---------- -----   ----
                  502  04-14-2025 18:14   _rels/.rels
                  407  04-14-2025 18:14   ClassLibrary.nuspec
                 3584  04-14-2025 22:14   lib/net8.0/ClassLibrary.dll
                  459  04-14-2025 18:14   [Content_Types].xml
                  625  04-14-2025 18:14   package/services/metadata/core-properties/b44ebb537bbf4983b9527f9e3820fda6.psmdcp
            ---------                     -------
    
    Some of these content are similar to the contents of a Microsoft OOXML
    file, and `file` utility doesn't recognize this correctly. Eee
    https://bugs.astron.com/view.php?id=644
    
    Support NuGet packages in diffoscope will make it easier to verify the
    .NET SDK and .NET libraries. It will also contribute towards making the
    .NET SDK itself reproducible (see
    https://github.com/dotnet/source-build/issues/4963).

commit 8425d51cc516a4ab15bc4acad4d53f8930d1dba0
Author: Chris Lamb <lamby@debian.org>
Date:   Mon May 12 15:47:05 2025 -0700

    Allow stable-bpo to fail for now.

commit 676ac9194e1bb7ea351b8eaf2439645ec019bbb7
Author: Chris Lamb <lamby@debian.org>
Date:   Fri May 9 09:22:02 2025 -0700

    Open new changelog entry for version 296.
    
    Gbp-Dch: ignore

Created: 2019-05-22 Last update: 2025-05-13 23:59

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2025-04-12 Last update: 2025-04-12 06:31

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2024-25711: (needs triaging) diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.

You can find information about how to handle this issue in the security team's documentation.

Created: 2024-02-10 Last update: 2025-05-10 00:30

testing migrations

excuses:
- Migration status for diffoscope (294 to 295): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Too young, only 6 of 10 days old
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/d/diffoscope.html
- ∙ ∙ autopkgtest for diffoscope/295: amd64: Pass, arm64: Pass, armel: Pass, armhf: Pass, i386: Pass, ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ Waiting for reproducibility test results on armhf - info ♻
- ∙ ∙ Reproducible on i386 - info ♻
- Not considered

news

[rss feed]

[2025-05-09] Accepted diffoscope 295 (source) into unstable (Chris Lamb)
[2025-04-14] diffoscope 294 MIGRATED to testing (Debian testing watch)
[2025-04-11] Accepted diffoscope 294 (source) into unstable (Chris Lamb)
[2025-04-02] diffoscope 293 MIGRATED to testing (Debian testing watch)
[2025-03-29] Accepted diffoscope 293 (source) into unstable (Chris Lamb)
[2025-03-29] Accepted diffoscope 292 (source) into unstable (Chris Lamb)
[2025-03-24] diffoscope 291 MIGRATED to testing (Debian testing watch)
[2025-03-21] Accepted diffoscope 291 (source) into unstable (Chris Lamb)
[2025-03-21] Accepted diffoscope 290 (source) into unstable (Chris Lamb)
[2025-02-26] diffoscope 289 MIGRATED to testing (Debian testing watch)
[2025-02-21] Accepted diffoscope 289 (source) into unstable (Chris Lamb)
[2025-02-10] diffoscope 288 MIGRATED to testing (Debian testing watch)
[2025-02-07] Accepted diffoscope 288 (source) into unstable (Chris Lamb)
[2025-01-31] Accepted diffoscope 287 (source) into unstable (Chris Lamb)
[2025-01-28] diffoscope 286 MIGRATED to testing (Debian testing watch)
[2025-01-24] Accepted diffoscope 286 (source) into unstable (Chris Lamb)
[2025-01-19] diffoscope 285 MIGRATED to testing (Debian testing watch)
[2025-01-17] Accepted diffoscope 285 (source) into unstable (Chris Lamb)
[2024-12-08] diffoscope 284 MIGRATED to testing (Debian testing watch)
[2024-12-06] Accepted diffoscope 284 (source) into unstable (Chris Lamb)
[2024-11-14] diffoscope 283 MIGRATED to testing (Debian testing watch)
[2024-11-08] Accepted diffoscope 283 (source) into unstable (Chris Lamb)
[2024-11-01] diffoscope 282 MIGRATED to testing (Debian testing watch)
[2024-10-25] Accepted diffoscope 282 (source) into unstable (Chris Lamb)
[2024-10-24] diffoscope 281 MIGRATED to testing (Debian testing watch)
[2024-10-18] Accepted diffoscope 281 (source) into unstable (Chris Lamb)
[2024-10-17] diffoscope 280 MIGRATED to testing (Debian testing watch)
[2024-10-11] Accepted diffoscope 280 (source) into unstable (Chris Lamb)
[2024-10-07] Accepted diffoscope 279 (source) into unstable (Chris Lamb)
[2024-10-03] diffoscope 278 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 30 31
RC: 0
I&N: 12
M&W: 18 19
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 295
3 bugs