From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=qtLS8MGr; spf=pass (domain: linaro.org, ip: 209.85.221.68, mailfrom: leif.lindholm@linaro.org) Received: from mail-wr1-f68.google.com (mail-wr1-f68.google.com [209.85.221.68]) by groups.io with SMTP; Thu, 08 Aug 2019 07:51:51 -0700 Received: by mail-wr1-f68.google.com with SMTP id p17so95206140wrf.11 for ; Thu, 08 Aug 2019 07:51:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=kYl7Kawzla5VUpwRSd88WTMtRcQR23PLAC9r8qs2oJ4=; b=qtLS8MGrmV2MHLfvjrKpWgQh9mVW7IfJD6hjM1K8YVPiTaZyIxKlqcGrTitk5bBW49 aomP7QhrfzQRazx+KYuPjEYIUl/K3RyEphZudDxyEbKHYnKUJyiklXssijdxGKZNB3nc Ij1vGv7hd/PiYMuP0InzpjBMTqW99Gv/b/W48VtHGsA2omcPY2F4aK/+LAWV7Dt8Rxl3 Mff2v8EPTYp20KbkjuPwjJzWlhSg5V10H9NSXD9kizm76ogkVCBBKbIDypaDZMWVELu7 eJkiWxC1X7szD0KLrFrC+me1kMgfV6uAgLvhQddZ+J7L6XzM+vdb4K/C5V5CbVq6ul75 smfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=kYl7Kawzla5VUpwRSd88WTMtRcQR23PLAC9r8qs2oJ4=; b=lu5iPvXSQ2Sn2p/STDUzt12i53bVOMnXOst/vSFO+2Rv/L4jxczrzCCf4JVXmKkjWB YFqCd7CFBjnI+Kw95OpBB0tTKCxXbJp2eS2BB1tBnq6n5TTcweoFnSeL5DCbjDorJ3z0 5vjUB2/Ndykn6vfR1ZsRaP89/x03EXkrGReqtyPY/bPz0n0CxPLsNI6bsFKReevILG5a 15H446hecMQOM8sytbe2p/v2zdl39oWF3qIKOIByJsQ/RzQ3BHsAOkMI4QcgpXd1aGfB e1wTZRvQeTya2kfgAV1rbLwC3zLkTbr8DAWTci5lOO5yXUUgchIQoVUy0k2V1AhV0w8r Rwbg== X-Gm-Message-State: APjAAAWf4sD5OkD2JQKvfIgPsj9Evi7Oynu9cJ8ws8F2fk6NSI4cZYk6 PwjX22SOPqc4xKK7APVM+5MbqA== X-Google-Smtp-Source: APXvYqwEyw5CaOSMautHpu62klvSe+ZCP8f0CcPXxf2HrUGtWBWqkk8eCSC866PvYBiYjGpa3ZrutQ== X-Received: by 2002:a05:6000:145:: with SMTP id r5mr17398250wrx.208.1565275909489; Thu, 08 Aug 2019 07:51:49 -0700 (PDT) Return-Path: Received: from bivouac.eciton.net (bivouac.eciton.net. [2a00:1098:0:86:1000:23:0:2]) by smtp.gmail.com with ESMTPSA id o20sm241275896wrh.8.2019.08.08.07.51.48 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Thu, 08 Aug 2019 07:51:48 -0700 (PDT) Date: Thu, 8 Aug 2019 15:51:47 +0100 From: "Leif Lindholm" To: "Gao, Liming" Cc: "devel@edk2.groups.io" , "Wang, Jian J" , "Wu, Hao A" , Cinnamon Shia , "afish@apple.com" , "Laszlo Ersek (lersek@redhat.com)" , "Kinney, Michael D" , "Cetola, Stephano" Subject: Re: [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Update Oniguruma from v6.9.0 to v6.9.3 Message-ID: <20190808145147.GB25813@bivouac.eciton.net> References: <15B8F5E6C2C74026.10163@groups.io> <4A89E2EF3DFEDB4C8BFDE51014F606A14E4CCE86@SHSMSX104.ccr.corp.intel.com> MIME-Version: 1.0 In-Reply-To: <4A89E2EF3DFEDB4C8BFDE51014F606A14E4CCE86@SHSMSX104.ccr.corp.intel.com> User-Agent: Mutt/1.10.1 (2018-07-13) Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Aug 08, 2019 at 01:52:36PM +0000, Gao, Liming wrote: > Hi, all > This patch is big. I upload it into https://github.com/lgao4/edk2/tree/Oniguruma6.9.3 for your review. > > Hi, Stewards: > Oniguruma version v6.9.3 is released for security fix. So, I plan to include this update for 201908 stable tag. If you have any comments, please let me know. This version was only released 3 days ago, so I am OK with it being included. (If this had been posted as an update to 6.9.2, I would have questioned why it was being brought in so late in the cycle.) Do we have confidence that we can achieve substantial testing before the stable tag? Is it feasible to convert this to a git submodule for future updates? Best Regards, Leif > Thanks > Liming > >-----Original Message----- > >From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > >Liming Gao > >Sent: Thursday, August 08, 2019 9:31 PM > >To: devel@edk2.groups.io > >Cc: Wang, Jian J ; Wu, Hao A ; > >Cinnamon Shia > >Subject: [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Update > >Oniguruma from v6.9.0 to v6.9.3 > > > >BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2066 > >Update Oniguruma to the latest version v6.9.3. > >Oniguruma https://github.com/kkos/oniguruma > >This release is the security fix release. It includes the changes: > >Fixed CVE-2019-13224 > >Fixed CVE-2019-13225 > >Fixed many problems (found by libfuzzer programs) > > > >Verify VS2015, GCC5 build. > >Verify RegularExpressionProtocol GetInfo() and Match() function. > > > >Cc: Jian J Wang > >Cc: Hao A Wu > >Cc: Cinnamon Shia > >Signed-off-by: Liming Gao > >--- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/ascii.c > >| 2 +- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regcomp.c > >| 2433 +++++++++++-------- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.c > >| 82 +- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c > >| 63 +- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regexec.c > >| 2672 +++++++++++---------- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/reggnu.c > >| 22 +- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.c > >| 702 +++--- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c > >| 12 +- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposix.c > >| 16 +- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regsyntax.c > >| 12 +- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode.c > >| 289 ++- > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_egcb > >_data.c | 31 +- > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold1 > >_key.c | 2689 ++++++++++----------- > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold2 > >_key.c | 4 +- > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold3 > >_key.c | 4 +- > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold_ > >data.c | 2256 +++++++++--------- > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_prop > >erty_data.c | 8545 +++++++++++++++++++++++++++++++++++------------ > >-------------------- > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_prop > >erty_data_posix.c | 410 ++-- > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_unfol > >d_key.c | 3253 +++++++++++++------------- > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_wb_d > >ata.c | 1023 ++++++++ > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/utf16_le.c > >| 36 +- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/oniguruma.h > >| 21 +- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.h > >| 23 +- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regint.h > >| 438 ++-- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.h > >| 313 ++- > > 25 files changed, 14055 insertions(+), 11296 deletions(-) > > > >