Log Message:
py-diffoscope: update to version 264

Changelog (from \ 
https://salsa.debian.org/reproducible-builds/diffoscope/-/blob/master/debian/changelog?ref_type=heads):

diffoscope (264) unstable; urgency=medium
  [ Chris Lamb ]
  * Don't crash on invalid zipfiles, even if we encounter 'badness'
    halfway through the file. (Re: #1068705)
  [ FC (Fay) Stegerman ]
  * Fix a crash when there are (invalid) duplicate entries in .zip files.
    (Closes: #1068705)
  * Add note when there are duplicate entries in ZIP files.
    (Closes: reproducible-builds/diffoscope!140)
  [ Vagrant Cascadian ]
  * Add an external tool reference for GNU Guix for zipdetails.
 -- Chris Lamb <lamby@debian.org>  Fri, 12 Apr 2024 09:38:55 +0100
diffoscope (263) unstable; urgency=medium
  [ Chris Lamb ]
  * Add support for the zipdetails(1) tool included in the Perl distribution.
    Thanks to Larry Doolittle et al. for the pointer to this tool.
  * Don't use parenthesis within test "skipping…" messages; PyTest \ 
adds its own
    parenthesis, so we were ending up with double nested parens.
  * Fix the .epub tests after supporting zipdetails(1).
  * Update copyright years and debian/tests/control.
  [ FC (Fay) Stegerman ]
  * Fix MozillaZipContainer's monkeypatch after Python's zipfile module changed
    to detect potentially insecure overlapping entries within .zip files.
    (Closes: reproducible-builds/diffoscope#362)
 -- Chris Lamb <lamby@debian.org>  Fri, 05 Apr 2024 12:21:10 +0100
diffoscope (262) unstable; urgency=medium
  [ Chris Lamb ]
  * Factor out Python version checking in test_zip.py. (Re: #362)
  * Also skip some zip tests under 3.10.14 as well; a potential regression may
    have been backported to the 3.10.x series. The underlying cause is still to
    be investigated. (Re: #362)
 -- Chris Lamb <lamby@debian.org>  Fri, 29 Mar 2024 09:43:00 +0000
diffoscope (261) unstable; urgency=medium
  [ Chris Lamb ]
  * Don't crash if we encounter an .rdb file without an equivalent .rdx file.
    (Closes: #1066991)
  * In addition, don't identify Redis database dumps (etc.) as GNU R database
    files based simply on their filename. (Re: #1066991)
  * Update copyright years.
 -- Chris Lamb <lamby@debian.org>  Fri, 22 Mar 2024 09:42:15 +0000
diffoscope (260) unstable; urgency=medium
  [ Chris Lamb ]
  * Actually test 7z support in the test_7z set of tests, not the lz4
    functionality. (Closes: reproducible-builds/diffoscope#359)
  * In addition, correctly check for the 7z binary being available
    (and not lz4) when testing 7z.
  * Prevent a traceback when comparing a contentful .pyc file with an
    empty one. (Re: Debian:#1064973)

 -- Chris Lamb <lamby@debian.org>  Fri, 08 Mar 2024 11:07:49 +0000
diffoscope (259) unstable; urgency=medium
  [ Chris Lamb ]
  * Don't error-out with a traceback if we encounter \ 
"struct.unpack"-related
    errors when parsing .pyc files. (Closes: #1064973)
  * Fix compatibility with PyTest 8.0. (Closes: reproducible-builds/diffoscope#365)
  * Don't try and compare rdb_expected_diff on non-GNU systems as %p formatting
    can vary. (Re: reproducible-builds/diffoscope#364)
 -- Chris Lamb <lamby@debian.org>  Fri, 01 Mar 2024 09:34:23 +0000
diffoscope (258) unstable; urgency=medium
  [ Chris Lamb ]
  * Use the 7zip package (over p7zip-full) after package transition.
    (Closes: #1063559)
  * Update debian/tests/control.
  [ Vagrant Cascadian ]
  * Fix a typo in the package name field (!) within debian/changelog.
 -- Chris Lamb <lamby@debian.org>  Fri, 23 Feb 2024 11:31:52 +0000
diffoscope (257) unstable; urgency=medium
  [ James Addison ]
  * Parse the header and hunksize of diffs strictly before parsing the context
    below. (Closes: reproducible-builds/diffoscope#363)
  * Reformat code to comply with the latest version of Black (24.1.1).
  [ Chris Lamb ]
  * Expand the previous changelog entry to include the CVE number that was
    subsequently assigned.
  * Bump the miniumum Black requirement to run the "Black clean" test \ 
and make
    test_zip.py Black clean.
 -- Chris Lamb <lamby@debian.org>  Mon, 12 Feb 2024 10:08:35 -0800
diffoscope (256) unstable; urgency=high
  * CVE-2024-25711: Use a determistic name when extracting content from GPG
    artifacts instead of trusting the value of gpg's --use-embedded-filenames.
    This prevents a potential information disclosure vulnerability that could
    have been exploited by providing a specially-crafted GPG file with an
    embedded filename of, say, "../../.ssh/id_rsa".
    Many thanks to Daniel Kahn Gillmor <dkg@debian.org> for reporting this
    issue and providing feedback.
    (Closes: reproducible-builds/diffoscope#361)
  * Temporarily fix support for Python 3.11.8 re. a potential regression
    with the handling of ZIP files. (See reproducible-builds/diffoscope#362)
 -- Chris Lamb <lamby@debian.org>  Fri, 09 Feb 2024 12:22:37 -0800