Bug#770961: release.debian.org: unblock: hivex/1.3.11-1

To: Ivo De Decker <ivodd@debian.org>
Cc: 770961@bugs.debian.org
Subject: Bug#770961: release.debian.org: unblock: hivex/1.3.11-1
From: Hilko Bengen <bengen@debian.org>
Date: Mon, 01 Dec 2014 00:10:54 +0100
Message-id: <[🔎] 87tx1gi8sh.fsf@msgid.hilluzination.de>
Reply-to: Hilko Bengen <bengen@debian.org>, 770961@bugs.debian.org
In-reply-to: <[🔎] 20141130093338.GB18005@ugent.be> (Ivo De Decker's message of "Sun, 30 Nov 2014 10:33:38 +0100")
References: <[🔎] 87wq6j9wf4.fsf@msgid.hilluzination.de> <[🔎] 20141130093338.GB18005@ugent.be>

* Ivo De Decker:

>> The new version contains fixes for two issues for which CVE entries have
>> been requested[1].
>> 
>> Other issues are fixed in this version, but since the only reverse
>> dependencies are built from libguestfs (same upstream author, also
>> maintained by me), I see little danger of unexpected breakage.
>
> This does not seem to comply with the freeze policy. If you think it does,
> please explain the individual changes. If not, please revert the upstream
> version and do a targeted fix.

Here is the list of changes from upstream git between 1.3.10 and 1.3.11,
along with some explanations.

f1cce9c * perl: Provide alternate definition of newSVpvn_utf8 for older Perl.

This just used for ancient RedHat versions. It is irrelevant for jessie,
but does no harm.

cea8dbf * generator: Fix a spelling mistake in the documentation (RHBZ#1099286).

A cosmetic fix.

2bde2be * Fix garbage return value on error
e3918bd * Fix overly long assertion string

These two fix bugs that I would consider important.

7fb0619 * Silence dead assigmnents/initialization/increments
01fd565 * Avoid calling calloc(0, x)
75855a5 * python: expose package version
284b1e7 * python: move module to separate directory
b46d008 * python: export hive_types constants
b9ac714 * Ignore python/hivex directory.

These are mostly cosmetic fixes.

f70c79e * python: use errors more specific than RuntimeError
73083c0 * python: use PyErr_NoMemory
4c57237 * python: check some types for get_value
3bfb2f1 * python: fix crash by validating key and value
654b7e4 * python: add heavier tests for setvalue

The above five make the Python API more usable. I'd consider that
important.

cc709b7 * generator: Fix mixed tabs/spaces

Cosmetic fixes.

9763f96 * value: Set errno = 0 on non-error path in hivex_value_data_cell_offset (RHBZ#1145056).

Fixes bug on error path. I'd consider that important.

914d9b9 * hivexml: Tidy up error handling and printing.

Low priority.

357f26f * handle: Refuse to open files < 8192 bytes in size.
4bbdf55 * handle: Check that pages do not extend beyond the end of the file.

These two are thought to be CVE-worthy by somebody at Red Hat -> at
least important.

dba4e1e * extra-tests: Add trivial fuzz tester.

Not really needed.

Cheers,
-Hilko

Reply to:

References:
- Bug#770961: release.debian.org: unblock: hivex/1.3.11-1
  - From: Hilko Bengen <bengen@debian.org>
- Bug#770961: release.debian.org: unblock: hivex/1.3.11-1
  - From: Ivo De Decker <ivodd@debian.org>

Prev by Date: Processed: Re: Bug#771495: pu: package spamassassin/3.3.2-5+deb7u2
Next by Date: Bug#771601: unblock: bluedevil/2.0~rc1-44-gb7697a7-3
Previous by thread: Bug#770961: release.debian.org: unblock: hivex/1.3.11-1
Next by thread: Bug#770969: unblock: gnome-tweak-tool/3.14.2-1 (pre-approval)
Index(es):
- Date
- Thread