From: "Leif Lindholm" <leif.lindholm@linaro.org>
To: "Gao, Liming" <liming.gao@intel.com>
Cc: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"Wang, Jian J" <jian.j.wang@intel.com>,
"Wu, Hao A" <hao.a.wu@intel.com>,
Cinnamon Shia <cinnamon.shia@hpe.com>,
"afish@apple.com" <afish@apple.com>,
"Laszlo Ersek (lersek@redhat.com)" <lersek@redhat.com>,
"Kinney, Michael D" <michael.d.kinney@intel.com>,
"Cetola, Stephano" <stephano.cetola@intel.com>
Subject: Re: [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Update Oniguruma from v6.9.0 to v6.9.3
Date: Thu, 8 Aug 2019 15:51:47 +0100 [thread overview]
Message-ID: <20190808145147.GB25813@bivouac.eciton.net> (raw)
In-Reply-To: <4A89E2EF3DFEDB4C8BFDE51014F606A14E4CCE86@SHSMSX104.ccr.corp.intel.com>
On Thu, Aug 08, 2019 at 01:52:36PM +0000, Gao, Liming wrote:
> Hi, all
> This patch is big. I upload it into https://github.com/lgao4/edk2/tree/Oniguruma6.9.3 for your review.
>
> Hi, Stewards:
> Oniguruma version v6.9.3 is released for security fix. So, I plan to include this update for 201908 stable tag. If you have any comments, please let me know.
This version was only released 3 days ago, so I am OK with it being
included. (If this had been posted as an update to 6.9.2, I would have
questioned why it was being brought in so late in the cycle.)
Do we have confidence that we can achieve substantial testing before
the stable tag?
Is it feasible to convert this to a git submodule for future updates?
Best Regards,
Leif
> Thanks
> Liming
> >-----Original Message-----
> >From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> >Liming Gao
> >Sent: Thursday, August 08, 2019 9:31 PM
> >To: devel@edk2.groups.io
> >Cc: Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>;
> >Cinnamon Shia <cinnamon.shia@hpe.com>
> >Subject: [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Update
> >Oniguruma from v6.9.0 to v6.9.3
> >
> >BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2066
> >Update Oniguruma to the latest version v6.9.3.
> >Oniguruma https://github.com/kkos/oniguruma
> >This release is the security fix release. It includes the changes:
> >Fixed CVE-2019-13224
> >Fixed CVE-2019-13225
> >Fixed many problems (found by libfuzzer programs)
> >
> >Verify VS2015, GCC5 build.
> >Verify RegularExpressionProtocol GetInfo() and Match() function.
> >
> >Cc: Jian J Wang <jian.j.wang@intel.com>
> >Cc: Hao A Wu <hao.a.wu@intel.com>
> >Cc: Cinnamon Shia <cinnamon.shia@hpe.com>
> >Signed-off-by: Liming Gao <liming.gao@intel.com>
> >---
> > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/ascii.c
> >| 2 +-
> > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regcomp.c
> >| 2433 +++++++++++--------
> > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.c
> >| 82 +-
> > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c
> >| 63 +-
> > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regexec.c
> >| 2672 +++++++++++----------
> > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/reggnu.c
> >| 22 +-
> > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.c
> >| 702 +++---
> > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c
> >| 12 +-
> > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposix.c
> >| 16 +-
> > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regsyntax.c
> >| 12 +-
> > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode.c
> >| 289 ++-
> >
> >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_egcb
> >_data.c | 31 +-
> >
> >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold1
> >_key.c | 2689 ++++++++++-----------
> >
> >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold2
> >_key.c | 4 +-
> >
> >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold3
> >_key.c | 4 +-
> >
> >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold_
> >data.c | 2256 +++++++++---------
> >
> >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_prop
> >erty_data.c | 8545 +++++++++++++++++++++++++++++++++++------------
> >--------------------
> >
> >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_prop
> >erty_data_posix.c | 410 ++--
> >
> >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_unfol
> >d_key.c | 3253 +++++++++++++-------------
> >
> >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_wb_d
> >ata.c | 1023 ++++++++
> > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/utf16_le.c
> >| 36 +-
> > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/oniguruma.h
> >| 21 +-
> > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.h
> >| 23 +-
> > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regint.h
> >| 438 ++--
> > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.h
> >| 313 ++-
> > 25 files changed, 14055 insertions(+), 11296 deletions(-)
> >
>
>
next prev parent reply other threads:[~2019-08-08 14:51 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <15B8F5E6C2C74026.10163@groups.io>
2019-08-08 13:52 ` [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Update Oniguruma from v6.9.0 to v6.9.3 Liming Gao
2019-08-08 14:51 ` Leif Lindholm [this message]
2019-08-09 13:51 ` Liming Gao
2019-08-08 20:34 ` Laszlo Ersek
2019-08-12 5:07 ` Wu, Hao A
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190808145147.GB25813@bivouac.eciton.net \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox