Patch List for 202002 stable tag

Patch List for 202002 stable tag

[Liming Gao]

[-- Attachment #1: Type: text/plain, Size: 1898 bytes --]

Hi Stewards and all:
  I collect current patch lists in devel mail list. Those patch contributors request to add them for 201902 stable tag. Because we have enter into Soft Feature Freeze, I want to collect your feedback for them. If any patches are missing, please reply this mail to add them.

Feature List (under review):
https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_pcd_to/69401948 [PATCH v3 0/1] Add PCD to disable safe string constraint assertions (solution under discussion)
https://edk2.groups.io/g/devel/message/54122 [PATCH 1/1] ShellPkg: Add support for input with separately reported modifiers (under review, is this a feature or bug in the disucssion)

Bug List (reviewed):
https://edk2.groups.io/g/devel/message/54416 [PATCH v2 00/10] Fix false negative issue in DxeImageVerificationHandler(CVE-2019-14575)
https://edk2.groups.io/g/devel/message/54523 [PATCH v1][edk2-stable202002] MdeModulePkg/SdMmcPciHcDxe: Fix double PciIo Unmap in TRB creation (CVE-2019-14587)
https://edk2.groups.io/g/devel/message/54510 [PATCH v6 0/2] Enhancement and Fixes to BaseHashApiLib
https://edk2.groups.io/g/devel/message/53703 [PATCH V2] UefiCpuPkg RegisterCpuFeaturesLib: Match data type and format specifier
https://edk2.groups.io/g/devel/message/53577 [PATCH v1 1/1] ShellPkg: acpiview: Remove duplicate ACPI structure size definitions
https://edk2.groups.io/g/devel/message/54192 [PATCH v2 1/1] ShellPkg: acpiview: Validate ACPI table 'Length' field

Bug List (under review)
https://edk2.groups.io/g/devel/message/54361 [PATCH 1/1] NetworkPkg/ArpDxe: Recycle invalid ARP packets(CVE-2019-14559)
https://edk2.groups.io/g/devel/message/54569 [PATCH v3] NetworkPkg/Ip4Dxe: Check the received package length (CVE-2019-14559)
https://edk2.groups.io/g/devel/message/54448 [PATCH v1 1/1] ShellPkg: acpiview: Prevent infinite loop if structure length is 0

Thanks
Liming


[-- Attachment #2: Type: text/html, Size: 10675 bytes --]

Re: Patch List for 202002 stable tag

[Laszlo Ersek]

On 02/18/20 15:08, Gao, Liming wrote:
> Hi Stewards and all:
>   I collect current patch lists in devel mail list. Those patch
>   contributors request to add them for 201902 stable tag. Because we
>   have enter into Soft Feature Freeze, I want to collect your feedback
>   for them. If any patches are missing, please reply this mail to add
>   them.
>
> Feature List (under review):

According to
<https://github.com/tianocore/tianocore.github.io/wiki/SoftFeatureFreeze>,
features can be merged during the SFF if their review completed before
the SFF.

The SFF date is 2020-02-14 00:00:00 UTC-8, per
<https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-Planning>.
For me (in CET = UTC+1), that makes the deadline 2020-02-14 09:00:00
CET.

> https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_pcd_to/69401948
> [PATCH v3 0/1] Add PCD to disable safe string constraint assertions
> (solution under discussion)

Posted on 2020-01-03. Review doesn't appear complete. Technically
speaking, it has missed edk2-stable202002.

There were two large gaps in the review process, namely between these
messages:

- https://edk2.groups.io/g/devel/message/53026 [2020-01-08]
- https://edk2.groups.io/g/devel/message/53485 [2020-01-27]
- https://edk2.groups.io/g/devel/message/54133 [2020-02-10]

If review seems stuck, it's advisable to ping once per week, or a bit
more frequently. Two weeks ore more between pings is way too long.

> https://edk2.groups.io/g/devel/message/54122 [PATCH 1/1] ShellPkg: Add
> support for input with separately reported modifiers (under review, is
> this a feature or bug in the disucssion)

The subject starts with "Add support for...", so it's a new feature, or
at least a feature-enablement.

Posted on 2020-02-10. Has not been reviewed yet, AFAICT. Same situation
as above. (Missed edk2-stable202002, technically speaking.)

Note: I don't have a personal preference either way. I'm just pointing
out what the SFF definition formally dictates, in my interpretation.

If we want to extend the freeze dates, I won't object.

> Bug List (reviewed):
> https://edk2.groups.io/g/devel/message/54416 [PATCH v2 00/10] Fix
> false negative issue in DxeImageVerificationHandler(CVE-2019-14575)

Clearly a bug fix; it could go in even during the HFF
<https://github.com/tianocore/tianocore.github.io/wiki/HardFeatureFreeze>.

> https://edk2.groups.io/g/devel/message/54523 [PATCH
> v1][edk2-stable202002] MdeModulePkg/SdMmcPciHcDxe: Fix double PciIo
> Unmap in TRB creation (CVE-2019-14587)

Ditto.

> https://edk2.groups.io/g/devel/message/54510 [PATCH v6 0/2]
> Enhancement and Fixes to BaseHashApiLib

Hm. I feel like I need some convincing that patch#1 --
"CryptoPkg/BaseHashApiLib: Align BaseHashApiLib with TPM 2.0
Implementation" -- is *also* a bugfix (like patch#2).

That question matters because the reviews:

- https://edk2.groups.io/g/devel/message/54513
- https://edk2.groups.io/g/devel/message/54567

were not posted before the SFF.

... I guess it's OK.

> https://edk2.groups.io/g/devel/message/53703 [PATCH V2] UefiCpuPkg
> RegisterCpuFeaturesLib: Match data type and format specifier

Even if this were a feature, it could go in; the review was posted in
time:
- https://edk2.groups.io/g/devel/message/53803

In fact I don't understand why it hasn't been merged for more than a
week now!

> https://edk2.groups.io/g/devel/message/53577 [PATCH v1 1/1] ShellPkg:
> acpiview: Remove duplicate ACPI structure size definitions

Approved in time, regardless of bugfix vs. feature. Should go in.

> https://edk2.groups.io/g/devel/message/54192 [PATCH v2 1/1] ShellPkg:
> acpiview: Validate ACPI table 'Length' field

The review was posted past the SFF, but I agree this looks like a
bugfix, so should be OK. (Supplying missing input sanitization is
arguably a fix.)

>
> Bug List (under review)
> https://edk2.groups.io/g/devel/message/54361 [PATCH 1/1]
> NetworkPkg/ArpDxe: Recycle invalid ARP packets(CVE-2019-14559)
> https://edk2.groups.io/g/devel/message/54569 [PATCH v3]
> NetworkPkg/Ip4Dxe: Check the received package length (CVE-2019-14559)

CVE fixes can clearly go in during the HFF too.

> https://edk2.groups.io/g/devel/message/54448 [PATCH v1 1/1] ShellPkg:
> acpiview: Prevent infinite loop if structure length is 0

Similar to "ShellPkg: acpiview: Validate ACPI table 'Length' field";
should be OK.


Just my opinion, of course.

Thanks
Laszlo

Re: Patch List for 202002 stable tag

[Michael D Kinney]

Hi Laszlo,

I agree with your assessments.  

One comment below.  

Mike

> -----Original Message-----
> From: Laszlo Ersek <lersek@redhat.com>
> Sent: Tuesday, February 18, 2020 12:04 PM
> To: Gao, Liming <liming.gao@intel.com>; Guptha, Soumya
> K <soumya.k.guptha@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; leif@nuviainc.com;
> afish@apple.com
> Cc: devel@edk2.groups.io
> Subject: Re: Patch List for 202002 stable tag
> 
> On 02/18/20 15:08, Gao, Liming wrote:
> > Hi Stewards and all:
> >   I collect current patch lists in devel mail list.
> Those patch
> >   contributors request to add them for 201902 stable
> tag. Because we
> >   have enter into Soft Feature Freeze, I want to
> collect your feedback
> >   for them. If any patches are missing, please reply
> this mail to add
> >   them.
> >
> > Feature List (under review):
> 
> According to
> <https://github.com/tianocore/tianocore.github.io/wiki/
> SoftFeatureFreeze>,
> features can be merged during the SFF if their review
> completed before
> the SFF.
> 
> The SFF date is 2020-02-14 00:00:00 UTC-8, per
> <https://github.com/tianocore/tianocore.github.io/wiki/
> EDK-II-Release-Planning>.
> For me (in CET = UTC+1), that makes the deadline 2020-
> 02-14 09:00:00
> CET.
> 
> >
> https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_p
> cd_to/69401948
> > [PATCH v3 0/1] Add PCD to disable safe string
> constraint assertions
> > (solution under discussion)
> 
> Posted on 2020-01-03. Review doesn't appear complete.
> Technically
> speaking, it has missed edk2-stable202002.
> 
> There were two large gaps in the review process, namely
> between these
> messages:
> 
> - https://edk2.groups.io/g/devel/message/53026 [2020-
> 01-08]
> - https://edk2.groups.io/g/devel/message/53485 [2020-
> 01-27]
> - https://edk2.groups.io/g/devel/message/54133 [2020-
> 02-10]
> 
> If review seems stuck, it's advisable to ping once per
> week, or a bit
> more frequently. Two weeks ore more between pings is
> way too long.
> 
> > https://edk2.groups.io/g/devel/message/54122 [PATCH
> 1/1] ShellPkg: Add
> > support for input with separately reported modifiers
> (under review, is
> > this a feature or bug in the disucssion)
> 
> The subject starts with "Add support for...", so it's a
> new feature, or
> at least a feature-enablement.
> 
> Posted on 2020-02-10. Has not been reviewed yet,
> AFAICT. Same situation
> as above. (Missed edk2-stable202002, technically
> speaking.)
> 
> Note: I don't have a personal preference either way.
> I'm just pointing
> out what the SFF definition formally dictates, in my
> interpretation.
> 
> If we want to extend the freeze dates, I won't object.
> 
> > Bug List (reviewed):
> > https://edk2.groups.io/g/devel/message/54416 [PATCH
> v2 00/10] Fix
> > false negative issue in
> DxeImageVerificationHandler(CVE-2019-14575)
> 
> Clearly a bug fix; it could go in even during the HFF
> <https://github.com/tianocore/tianocore.github.io/wiki/
> HardFeatureFreeze>.
> 
> > https://edk2.groups.io/g/devel/message/54523 [PATCH
> > v1][edk2-stable202002] MdeModulePkg/SdMmcPciHcDxe:
> Fix double PciIo
> > Unmap in TRB creation (CVE-2019-14587)
> 
> Ditto.
> 
> > https://edk2.groups.io/g/devel/message/54510 [PATCH
> v6 0/2]
> > Enhancement and Fixes to BaseHashApiLib
> 
> Hm. I feel like I need some convincing that patch#1 --
> "CryptoPkg/BaseHashApiLib: Align BaseHashApiLib with
> TPM 2.0
> Implementation" -- is *also* a bugfix (like patch#2).
> 
> That question matters because the reviews:
> 
> - https://edk2.groups.io/g/devel/message/54513
> - https://edk2.groups.io/g/devel/message/54567
> 
> were not posted before the SFF.
> 
> ... I guess it's OK.

The description of the bug does not emphasis that
this really is a bug fix.  There were additional
review comments from the CryptoPkg reviewers after
the initial review/commit of this feature.  These
changes address that feedback.  The alignment with
TPM 2.0 is to use an existing set of defines for
the hash algorithms instead of define yet another
set of defines.  Details in this thread:

https://edk2.groups.io/g/devel/topic/70960524#53733


> 
> > https://edk2.groups.io/g/devel/message/53703 [PATCH
> V2] UefiCpuPkg
> > RegisterCpuFeaturesLib: Match data type and format
> specifier
> 
> Even if this were a feature, it could go in; the review
> was posted in
> time:
> - https://edk2.groups.io/g/devel/message/53803
> 
> In fact I don't understand why it hasn't been merged
> for more than a
> week now!
> 
> > https://edk2.groups.io/g/devel/message/53577 [PATCH
> v1 1/1] ShellPkg:
> > acpiview: Remove duplicate ACPI structure size
> definitions
> 
> Approved in time, regardless of bugfix vs. feature.
> Should go in.
> 
> > https://edk2.groups.io/g/devel/message/54192 [PATCH
> v2 1/1] ShellPkg:
> > acpiview: Validate ACPI table 'Length' field
> 
> The review was posted past the SFF, but I agree this
> looks like a
> bugfix, so should be OK. (Supplying missing input
> sanitization is
> arguably a fix.)
> 
> >
> > Bug List (under review)
> > https://edk2.groups.io/g/devel/message/54361 [PATCH
> 1/1]
> > NetworkPkg/ArpDxe: Recycle invalid ARP packets(CVE-
> 2019-14559)
> > https://edk2.groups.io/g/devel/message/54569 [PATCH
> v3]
> > NetworkPkg/Ip4Dxe: Check the received package length
> (CVE-2019-14559)
> 
> CVE fixes can clearly go in during the HFF too.
> 
> > https://edk2.groups.io/g/devel/message/54448 [PATCH
> v1 1/1] ShellPkg:
> > acpiview: Prevent infinite loop if structure length
> is 0
> 
> Similar to "ShellPkg: acpiview: Validate ACPI table
> 'Length' field";
> should be OK.
> 
> 
> Just my opinion, of course.
> 
> Thanks
> Laszlo

Re: Patch List for 202002 stable tag

[Laszlo Ersek]

On 02/18/20 21:42, Kinney, Michael D wrote:
> Hi Laszlo,
>
> I agree with your assessments.
>
> One comment below.
>
> Mike
>
>> -----Original Message-----
>> From: Laszlo Ersek <lersek@redhat.com>
>> Sent: Tuesday, February 18, 2020 12:04 PM
>> To: Gao, Liming <liming.gao@intel.com>; Guptha, Soumya K
>> <soumya.k.guptha@intel.com>; Kinney, Michael D
>> <michael.d.kinney@intel.com>; leif@nuviainc.com; afish@apple.com
>> Cc: devel@edk2.groups.io
>> Subject: Re: Patch List for 202002 stable tag

>>> https://edk2.groups.io/g/devel/message/54510 [PATCH v6 0/2]
>>> Enhancement and Fixes to BaseHashApiLib
>>
>> Hm. I feel like I need some convincing that patch#1 --
>> "CryptoPkg/BaseHashApiLib: Align BaseHashApiLib with TPM 2.0
>> Implementation" -- is *also* a bugfix (like patch#2).
>>
>> That question matters because the reviews:
>>
>> - https://edk2.groups.io/g/devel/message/54513
>> - https://edk2.groups.io/g/devel/message/54567
>>
>> were not posted before the SFF.
>>
>> ... I guess it's OK.
>
> The description of the bug does not emphasis that this really is a bug
> fix.  There were additional review comments from the CryptoPkg
> reviewers after the initial review/commit of this feature.  These
> changes address that feedback.  The alignment with TPM 2.0 is to use
> an existing set of defines for the hash algorithms instead of define
> yet another set of defines.  Details in this thread:
>
> https://edk2.groups.io/g/devel/topic/70960524#53733

Thanks!
Laszlo

Re: Patch List for 202002 stable tag

[Liming Gao]

Mike and Laszlo:
  Thanks for your comments. 

Vitaly:
  You request below two patches to catch 202002 stable tag. I agree with Mike and Laszlo comments. They are not ready to catch this stable tag. The first one is under discussion. The second one is like the enhancement or feature instead of the bug fix. It is submitted after Feb 7th Feature Planning Freeze. So, I suggest to defer them to next stable tag 202005. 

https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_pcd_to/69401948 [PATCH v3 0/1] Add PCD to disable safe string constraint assertions (solution under discussion)
https://edk2.groups.io/g/devel/message/54122 [PATCH 1/1] ShellPkg: Add support for input with separately reported modifiers (under review, is this a feature or bug in the discussion)  

Thanks
Liming
> -----Original Message-----
> From: Kinney, Michael D <michael.d.kinney@intel.com>
> Sent: Wednesday, February 19, 2020 4:43 AM
> To: Laszlo Ersek <lersek@redhat.com>; Gao, Liming <liming.gao@intel.com>; Guptha, Soumya K <soumya.k.guptha@intel.com>;
> leif@nuviainc.com; afish@apple.com; Kinney, Michael D <michael.d.kinney@intel.com>
> Cc: devel@edk2.groups.io
> Subject: RE: Patch List for 202002 stable tag
> 
> Hi Laszlo,
> 
> I agree with your assessments.
> 
> One comment below.
> 
> Mike
> 
> > -----Original Message-----
> > From: Laszlo Ersek <lersek@redhat.com>
> > Sent: Tuesday, February 18, 2020 12:04 PM
> > To: Gao, Liming <liming.gao@intel.com>; Guptha, Soumya
> > K <soumya.k.guptha@intel.com>; Kinney, Michael D
> > <michael.d.kinney@intel.com>; leif@nuviainc.com;
> > afish@apple.com
> > Cc: devel@edk2.groups.io
> > Subject: Re: Patch List for 202002 stable tag
> >
> > On 02/18/20 15:08, Gao, Liming wrote:
> > > Hi Stewards and all:
> > >   I collect current patch lists in devel mail list.
> > Those patch
> > >   contributors request to add them for 201902 stable
> > tag. Because we
> > >   have enter into Soft Feature Freeze, I want to
> > collect your feedback
> > >   for them. If any patches are missing, please reply
> > this mail to add
> > >   them.
> > >
> > > Feature List (under review):
> >
> > According to
> > <https://github.com/tianocore/tianocore.github.io/wiki/
> > SoftFeatureFreeze>,
> > features can be merged during the SFF if their review
> > completed before
> > the SFF.
> >
> > The SFF date is 2020-02-14 00:00:00 UTC-8, per
> > <https://github.com/tianocore/tianocore.github.io/wiki/
> > EDK-II-Release-Planning>.
> > For me (in CET = UTC+1), that makes the deadline 2020-
> > 02-14 09:00:00
> > CET.
> >
> > >
> > https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_p
> > cd_to/69401948
> > > [PATCH v3 0/1] Add PCD to disable safe string
> > constraint assertions
> > > (solution under discussion)
> >
> > Posted on 2020-01-03. Review doesn't appear complete.
> > Technically
> > speaking, it has missed edk2-stable202002.
> >
> > There were two large gaps in the review process, namely
> > between these
> > messages:
> >
> > - https://edk2.groups.io/g/devel/message/53026 [2020-
> > 01-08]
> > - https://edk2.groups.io/g/devel/message/53485 [2020-
> > 01-27]
> > - https://edk2.groups.io/g/devel/message/54133 [2020-
> > 02-10]
> >
> > If review seems stuck, it's advisable to ping once per
> > week, or a bit
> > more frequently. Two weeks ore more between pings is
> > way too long.
> >
> > > https://edk2.groups.io/g/devel/message/54122 [PATCH
> > 1/1] ShellPkg: Add
> > > support for input with separately reported modifiers
> > (under review, is
> > > this a feature or bug in the disucssion)
> >
> > The subject starts with "Add support for...", so it's a
> > new feature, or
> > at least a feature-enablement.
> >
> > Posted on 2020-02-10. Has not been reviewed yet,
> > AFAICT. Same situation
> > as above. (Missed edk2-stable202002, technically
> > speaking.)
> >
> > Note: I don't have a personal preference either way.
> > I'm just pointing
> > out what the SFF definition formally dictates, in my
> > interpretation.
> >
> > If we want to extend the freeze dates, I won't object.
> >
> > > Bug List (reviewed):
> > > https://edk2.groups.io/g/devel/message/54416 [PATCH
> > v2 00/10] Fix
> > > false negative issue in
> > DxeImageVerificationHandler(CVE-2019-14575)
> >
> > Clearly a bug fix; it could go in even during the HFF
> > <https://github.com/tianocore/tianocore.github.io/wiki/
> > HardFeatureFreeze>.
> >
> > > https://edk2.groups.io/g/devel/message/54523 [PATCH
> > > v1][edk2-stable202002] MdeModulePkg/SdMmcPciHcDxe:
> > Fix double PciIo
> > > Unmap in TRB creation (CVE-2019-14587)
> >
> > Ditto.
> >
> > > https://edk2.groups.io/g/devel/message/54510 [PATCH
> > v6 0/2]
> > > Enhancement and Fixes to BaseHashApiLib
> >
> > Hm. I feel like I need some convincing that patch#1 --
> > "CryptoPkg/BaseHashApiLib: Align BaseHashApiLib with
> > TPM 2.0
> > Implementation" -- is *also* a bugfix (like patch#2).
> >
> > That question matters because the reviews:
> >
> > - https://edk2.groups.io/g/devel/message/54513
> > - https://edk2.groups.io/g/devel/message/54567
> >
> > were not posted before the SFF.
> >
> > ... I guess it's OK.
> 
> The description of the bug does not emphasis that
> this really is a bug fix.  There were additional
> review comments from the CryptoPkg reviewers after
> the initial review/commit of this feature.  These
> changes address that feedback.  The alignment with
> TPM 2.0 is to use an existing set of defines for
> the hash algorithms instead of define yet another
> set of defines.  Details in this thread:
> 
> https://edk2.groups.io/g/devel/topic/70960524#53733
> 
> 
> >
> > > https://edk2.groups.io/g/devel/message/53703 [PATCH
> > V2] UefiCpuPkg
> > > RegisterCpuFeaturesLib: Match data type and format
> > specifier
> >
> > Even if this were a feature, it could go in; the review
> > was posted in
> > time:
> > - https://edk2.groups.io/g/devel/message/53803
> >
> > In fact I don't understand why it hasn't been merged
> > for more than a
> > week now!
> >
> > > https://edk2.groups.io/g/devel/message/53577 [PATCH
> > v1 1/1] ShellPkg:
> > > acpiview: Remove duplicate ACPI structure size
> > definitions
> >
> > Approved in time, regardless of bugfix vs. feature.
> > Should go in.
> >
> > > https://edk2.groups.io/g/devel/message/54192 [PATCH
> > v2 1/1] ShellPkg:
> > > acpiview: Validate ACPI table 'Length' field
> >
> > The review was posted past the SFF, but I agree this
> > looks like a
> > bugfix, so should be OK. (Supplying missing input
> > sanitization is
> > arguably a fix.)
> >
> > >
> > > Bug List (under review)
> > > https://edk2.groups.io/g/devel/message/54361 [PATCH
> > 1/1]
> > > NetworkPkg/ArpDxe: Recycle invalid ARP packets(CVE-
> > 2019-14559)
> > > https://edk2.groups.io/g/devel/message/54569 [PATCH
> > v3]
> > > NetworkPkg/Ip4Dxe: Check the received package length
> > (CVE-2019-14559)
> >
> > CVE fixes can clearly go in during the HFF too.
> >
> > > https://edk2.groups.io/g/devel/message/54448 [PATCH
> > v1 1/1] ShellPkg:
> > > acpiview: Prevent infinite loop if structure length
> > is 0
> >
> > Similar to "ShellPkg: acpiview: Validate ACPI table
> > 'Length' field";
> > should be OK.
> >
> >
> > Just my opinion, of course.
> >
> > Thanks
> > Laszlo

Re: Patch List for 202002 stable tag

[Vitaly Cheptsov]

[-- Attachment #1.1: Type: text/plain, Size: 9341 bytes --]

Liming,

Thanks for pinging me about this!

With the PCD[1][2] I fully agree. The fact that it did not manage to land is mainly due to a sudden discussion that arose after complete silence for almost half a year, which was sort of unexpected. I will use this message as a suggestion to include this change as one of the primary goals for 202005 and kindly ask others to help to agree on the actual implementation. This bug strongly concerns us and we believe the fact that it does not (yet) cause issues to everyone is mainly coincidence.

With the Shell patch, the fact that I cannot enter upper case letters or use hotkeys in the editor sounds like a bug to me. The way the actual commit message is written reflects the change of the internal logic in the codebase (it adds support of specific behaviour handling on the target). In my opinion, it should not necessarily include the word «Fix» to be qualified as a bugfix, this is what bugzilla is for.

I am personally ok with deferring it to a next stable tag, but if the reasoning for this is «Feature planning freeze» dates, they do not strictly apply due to the reasons I stated above. So far the patch received only one review comment, which in fact was due to a minor misinterpretation. We also did some fairly extensive testing on our side before the submission (that’s why it actually took us a few more days). Unless the team has a lot of important work for the release, we can postpone the merge, otherwise I think it should be safe to merge this.

Best wishes,
Vitaly

[1] https://bugzilla.tianocore.org/show_bug.cgi?id=2054 <https://bugzilla.tianocore.org/show_bug.cgi?id=2054>
[2] https://edk2.groups.io/g/devel/topic/69401948 <https://edk2.groups.io/g/devel/topic/69401948>


> 19 февр. 2020 г., в 18:39, Gao, Liming <liming.gao@intel.com> написал(а):
> 
> 
> Mike and Laszlo:
>  Thanks for your comments.
> 
> Vitaly:
>  You request below two patches to catch 202002 stable tag. I agree with Mike and Laszlo comments. They are not ready to catch this stable tag. The first one is under discussion. The second one is like the enhancement or feature instead of the bug fix. It is submitted after Feb 7th Feature Planning Freeze. So, I suggest to defer them to next stable tag 202005.
> 
> https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_pcd_to/69401948 [PATCH v3 0/1] Add PCD to disable safe string constraint assertions (solution under discussion)
> https://edk2.groups.io/g/devel/message/54122 [PATCH 1/1] ShellPkg: Add support for input with separately reported modifiers (under review, is this a feature or bug in the discussion)
> 
> Thanks
> Liming
>> -----Original Message-----
>> From: Kinney, Michael D <michael.d.kinney@intel.com>
>> Sent: Wednesday, February 19, 2020 4:43 AM
>> To: Laszlo Ersek <lersek@redhat.com>; Gao, Liming <liming.gao@intel.com>; Guptha, Soumya K <soumya.k.guptha@intel.com>;
>> leif@nuviainc.com; afish@apple.com; Kinney, Michael D <michael.d.kinney@intel.com>
>> Cc: devel@edk2.groups.io
>> Subject: RE: Patch List for 202002 stable tag
>> 
>> Hi Laszlo,
>> 
>> I agree with your assessments.
>> 
>> One comment below.
>> 
>> Mike
>> 
>>> -----Original Message-----
>>> From: Laszlo Ersek <lersek@redhat.com>
>>> Sent: Tuesday, February 18, 2020 12:04 PM
>>> To: Gao, Liming <liming.gao@intel.com>; Guptha, Soumya
>>> K <soumya.k.guptha@intel.com>; Kinney, Michael D
>>> <michael.d.kinney@intel.com>; leif@nuviainc.com;
>>> afish@apple.com
>>> Cc: devel@edk2.groups.io
>>> Subject: Re: Patch List for 202002 stable tag
>>> 
>>> On 02/18/20 15:08, Gao, Liming wrote:
>>>> Hi Stewards and all:
>>>>  I collect current patch lists in devel mail list.
>>> Those patch
>>>>  contributors request to add them for 201902 stable
>>> tag. Because we
>>>>  have enter into Soft Feature Freeze, I want to
>>> collect your feedback
>>>>  for them. If any patches are missing, please reply
>>> this mail to add
>>>>  them.
>>>> 
>>>> Feature List (under review):
>>> 
>>> According to
>>> <https://github.com/tianocore/tianocore.github.io/wiki/
>>> SoftFeatureFreeze>,
>>> features can be merged during the SFF if their review
>>> completed before
>>> the SFF.
>>> 
>>> The SFF date is 2020-02-14 00:00:00 UTC-8, per
>>> <https://github.com/tianocore/tianocore.github.io/wiki/
>>> EDK-II-Release-Planning>.
>>> For me (in CET = UTC+1), that makes the deadline 2020-
>>> 02-14 09:00:00
>>> CET.
>>> 
>>>> 
>>> https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_p
>>> cd_to/69401948
>>>> [PATCH v3 0/1] Add PCD to disable safe string
>>> constraint assertions
>>>> (solution under discussion)
>>> 
>>> Posted on 2020-01-03. Review doesn't appear complete.
>>> Technically
>>> speaking, it has missed edk2-stable202002.
>>> 
>>> There were two large gaps in the review process, namely
>>> between these
>>> messages:
>>> 
>>> - https://edk2.groups.io/g/devel/message/53026 [2020-
>>> 01-08]
>>> - https://edk2.groups.io/g/devel/message/53485 [2020-
>>> 01-27]
>>> - https://edk2.groups.io/g/devel/message/54133 [2020-
>>> 02-10]
>>> 
>>> If review seems stuck, it's advisable to ping once per
>>> week, or a bit
>>> more frequently. Two weeks ore more between pings is
>>> way too long.
>>> 
>>>> https://edk2.groups.io/g/devel/message/54122 [PATCH
>>> 1/1] ShellPkg: Add
>>>> support for input with separately reported modifiers
>>> (under review, is
>>>> this a feature or bug in the disucssion)
>>> 
>>> The subject starts with "Add support for...", so it's a
>>> new feature, or
>>> at least a feature-enablement.
>>> 
>>> Posted on 2020-02-10. Has not been reviewed yet,
>>> AFAICT. Same situation
>>> as above. (Missed edk2-stable202002, technically
>>> speaking.)
>>> 
>>> Note: I don't have a personal preference either way.
>>> I'm just pointing
>>> out what the SFF definition formally dictates, in my
>>> interpretation.
>>> 
>>> If we want to extend the freeze dates, I won't object.
>>> 
>>>> Bug List (reviewed):
>>>> https://edk2.groups.io/g/devel/message/54416 [PATCH
>>> v2 00/10] Fix
>>>> false negative issue in
>>> DxeImageVerificationHandler(CVE-2019-14575)
>>> 
>>> Clearly a bug fix; it could go in even during the HFF
>>> <https://github.com/tianocore/tianocore.github.io/wiki/
>>> HardFeatureFreeze>.
>>> 
>>>> https://edk2.groups.io/g/devel/message/54523 [PATCH
>>>> v1][edk2-stable202002] MdeModulePkg/SdMmcPciHcDxe:
>>> Fix double PciIo
>>>> Unmap in TRB creation (CVE-2019-14587)
>>> 
>>> Ditto.
>>> 
>>>> https://edk2.groups.io/g/devel/message/54510 [PATCH
>>> v6 0/2]
>>>> Enhancement and Fixes to BaseHashApiLib
>>> 
>>> Hm. I feel like I need some convincing that patch#1 --
>>> "CryptoPkg/BaseHashApiLib: Align BaseHashApiLib with
>>> TPM 2.0
>>> Implementation" -- is *also* a bugfix (like patch#2).
>>> 
>>> That question matters because the reviews:
>>> 
>>> - https://edk2.groups.io/g/devel/message/54513
>>> - https://edk2.groups.io/g/devel/message/54567
>>> 
>>> were not posted before the SFF.
>>> 
>>> ... I guess it's OK.
>> 
>> The description of the bug does not emphasis that
>> this really is a bug fix.  There were additional
>> review comments from the CryptoPkg reviewers after
>> the initial review/commit of this feature.  These
>> changes address that feedback.  The alignment with
>> TPM 2.0 is to use an existing set of defines for
>> the hash algorithms instead of define yet another
>> set of defines.  Details in this thread:
>> 
>> https://edk2.groups.io/g/devel/topic/70960524#53733
>> 
>> 
>>> 
>>>> https://edk2.groups.io/g/devel/message/53703 [PATCH
>>> V2] UefiCpuPkg
>>>> RegisterCpuFeaturesLib: Match data type and format
>>> specifier
>>> 
>>> Even if this were a feature, it could go in; the review
>>> was posted in
>>> time:
>>> - https://edk2.groups.io/g/devel/message/53803
>>> 
>>> In fact I don't understand why it hasn't been merged
>>> for more than a
>>> week now!
>>> 
>>>> https://edk2.groups.io/g/devel/message/53577 [PATCH
>>> v1 1/1] ShellPkg:
>>>> acpiview: Remove duplicate ACPI structure size
>>> definitions
>>> 
>>> Approved in time, regardless of bugfix vs. feature.
>>> Should go in.
>>> 
>>>> https://edk2.groups.io/g/devel/message/54192 [PATCH
>>> v2 1/1] ShellPkg:
>>>> acpiview: Validate ACPI table 'Length' field
>>> 
>>> The review was posted past the SFF, but I agree this
>>> looks like a
>>> bugfix, so should be OK. (Supplying missing input
>>> sanitization is
>>> arguably a fix.)
>>> 
>>>> 
>>>> Bug List (under review)
>>>> https://edk2.groups.io/g/devel/message/54361 [PATCH
>>> 1/1]
>>>> NetworkPkg/ArpDxe: Recycle invalid ARP packets(CVE-
>>> 2019-14559)
>>>> https://edk2.groups.io/g/devel/message/54569 [PATCH
>>> v3]
>>>> NetworkPkg/Ip4Dxe: Check the received package length
>>> (CVE-2019-14559)
>>> 
>>> CVE fixes can clearly go in during the HFF too.
>>> 
>>>> https://edk2.groups.io/g/devel/message/54448 [PATCH
>>> v1 1/1] ShellPkg:
>>>> acpiview: Prevent infinite loop if structure length
>>> is 0
>>> 
>>> Similar to "ShellPkg: acpiview: Validate ACPI table
>>> 'Length' field";
>>> should be OK.
>>> 
>>> 
>>> Just my opinion, of course.
>>> 
>>> Thanks
>>> Laszlo
> 


[-- Attachment #1.2: Type: text/html, Size: 14309 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 489 bytes --]

Re: Patch List for 202002 stable tag

[Liming Gao]

[-- Attachment #1: Type: text/plain, Size: 10079 bytes --]

Vitaly:
  I add my comments.

Zhichao and Ray:
   Can you give your opinion for BZ https://bugzilla.tianocore.org/show_bug.cgi?id=2510? Is it a bug fix or feature enhancement?

Thanks
Liming
From: vit9696 <vit9696@protonmail.com>
Sent: Thursday, February 20, 2020 2:09 AM
To: Gao, Liming <liming.gao@intel.com>
Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek <lersek@redhat.com>; Guptha, Soumya K <soumya.k.guptha@intel.com>; leif@nuviainc.com; afish@apple.com; devel@edk2.groups.io; Marvin Häuser <marvin.haeuser@outlook.com>
Subject: Re: Patch List for 202002 stable tag

Liming,

Thanks for pinging me about this!

With the PCD[1][2] I fully agree. The fact that it did not manage to land is mainly due to a sudden discussion that arose after complete silence for almost half a year, which was sort of unexpected. I will use this message as a suggestion to include this change as one of the primary goals for 202005 and kindly ask others to help to agree on the actual implementation. This bug strongly concerns us and we believe the fact that it does not (yet) cause issues to everyone is mainly coincidence.

[Liming] You can also present the topic in Tiano Design meeting to collect the feedback. Ni, Ray is the meeting host. You can send the topic to him.

With the Shell patch, the fact that I cannot enter upper case letters or use hotkeys in the editor sounds like a bug to me. The way the actual commit message is written reflects the change of the internal logic in the codebase (it adds support of specific behaviour handling on the target). In my opinion, it should not necessarily include the word «Fix» to be qualified as a bugfix, this is what bugzilla is for.

[Liming] If this fix is the bug, I agree it follows the process to catch this stable tag. I include ShellPkg maintainers (Ray Ni and Zhichao Gao) to give the opinion for the bug or not.

I am personally ok with deferring it to a next stable tag, but if the reasoning for this is «Feature planning freeze» dates, they do not strictly apply due to the reasons I stated above. So far the patch received only one review comment, which in fact was due to a minor misinterpretation. We also did some fairly extensive testing on our side before the submission (that’s why it actually took us a few more days). Unless the team has a lot of important work for the release, we can postpone the merge, otherwise I think it should be safe to merge this.

Best wishes,
Vitaly

[1] https://bugzilla.tianocore.org/show_bug.cgi?id=2054
[2] https://edk2.groups.io/g/devel/topic/69401948



19 февр. 2020 г., в 18:39, Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>> написал(а):


Mike and Laszlo:
 Thanks for your comments.

Vitaly:
 You request below two patches to catch 202002 stable tag. I agree with Mike and Laszlo comments. They are not ready to catch this stable tag. The first one is under discussion. The second one is like the enhancement or feature instead of the bug fix. It is submitted after Feb 7th Feature Planning Freeze. So, I suggest to defer them to next stable tag 202005.

https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_pcd_to/69401948 [PATCH v3 0/1] Add PCD to disable safe string constraint assertions (solution under discussion)
https://edk2.groups.io/g/devel/message/54122 [PATCH 1/1] ShellPkg: Add support for input with separately reported modifiers (under review, is this a feature or bug in the discussion)

Thanks
Liming

-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
Sent: Wednesday, February 19, 2020 4:43 AM
To: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>;
leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
Cc: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Subject: RE: Patch List for 202002 stable tag

Hi Laszlo,

I agree with your assessments.

One comment below.

Mike


-----Original Message-----
From: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>
Sent: Tuesday, February 18, 2020 12:04 PM
To: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>; Guptha, Soumya
K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; Kinney, Michael D
<michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>;
afish@apple.com<mailto:afish@apple.com>
Cc: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Subject: Re: Patch List for 202002 stable tag

On 02/18/20 15:08, Gao, Liming wrote:

Hi Stewards and all:
 I collect current patch lists in devel mail list.
Those patch

 contributors request to add them for 201902 stable
tag. Because we

 have enter into Soft Feature Freeze, I want to
collect your feedback

 for them. If any patches are missing, please reply
this mail to add

 them.

Feature List (under review):

According to
<https://github.com/tianocore/tianocore.github.io/wiki/
SoftFeatureFreeze<https://github.com/tianocore/tianocore.github.io/wiki/%0bSoftFeatureFreeze>>,
features can be merged during the SFF if their review
completed before
the SFF.

The SFF date is 2020-02-14 00:00:00 UTC-8, per
<https://github.com/tianocore/tianocore.github.io/wiki/
EDK-II-Release-Planning<https://github.com/tianocore/tianocore.github.io/wiki/%0bEDK-II-Release-Planning>>.
For me (in CET = UTC+1), that makes the deadline 2020-
02-14 09:00:00
CET.



https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_p
cd_to/69401948

[PATCH v3 0/1] Add PCD to disable safe string
constraint assertions

(solution under discussion)

Posted on 2020-01-03. Review doesn't appear complete.
Technically
speaking, it has missed edk2-stable202002.

There were two large gaps in the review process, namely
between these
messages:

- https://edk2.groups.io/g/devel/message/53026 [2020-
01-08]
- https://edk2.groups.io/g/devel/message/53485 [2020-
01-27]
- https://edk2.groups.io/g/devel/message/54133 [2020-
02-10]

If review seems stuck, it's advisable to ping once per
week, or a bit
more frequently. Two weeks ore more between pings is
way too long.


https://edk2.groups.io/g/devel/message/54122 [PATCH
1/1] ShellPkg: Add

support for input with separately reported modifiers
(under review, is

this a feature or bug in the disucssion)

The subject starts with "Add support for...", so it's a
new feature, or
at least a feature-enablement.

Posted on 2020-02-10. Has not been reviewed yet,
AFAICT. Same situation
as above. (Missed edk2-stable202002, technically
speaking.)

Note: I don't have a personal preference either way.
I'm just pointing
out what the SFF definition formally dictates, in my
interpretation.

If we want to extend the freeze dates, I won't object.


Bug List (reviewed):
https://edk2.groups.io/g/devel/message/54416 [PATCH
v2 00/10] Fix

false negative issue in
DxeImageVerificationHandler(CVE-2019-14575)

Clearly a bug fix; it could go in even during the HFF
<https://github.com/tianocore/tianocore.github.io/wiki/
HardFeatureFreeze<https://github.com/tianocore/tianocore.github.io/wiki/%0bHardFeatureFreeze>>.


https://edk2.groups.io/g/devel/message/54523 [PATCH
v1][edk2-stable202002] MdeModulePkg/SdMmcPciHcDxe:
Fix double PciIo

Unmap in TRB creation (CVE-2019-14587)

Ditto.


https://edk2.groups.io/g/devel/message/54510 [PATCH
v6 0/2]

Enhancement and Fixes to BaseHashApiLib

Hm. I feel like I need some convincing that patch#1 --
"CryptoPkg/BaseHashApiLib: Align BaseHashApiLib with
TPM 2.0
Implementation" -- is *also* a bugfix (like patch#2).

That question matters because the reviews:

- https://edk2.groups.io/g/devel/message/54513
- https://edk2.groups.io/g/devel/message/54567

were not posted before the SFF.

... I guess it's OK.

The description of the bug does not emphasis that
this really is a bug fix.  There were additional
review comments from the CryptoPkg reviewers after
the initial review/commit of this feature.  These
changes address that feedback.  The alignment with
TPM 2.0 is to use an existing set of defines for
the hash algorithms instead of define yet another
set of defines.  Details in this thread:

https://edk2.groups.io/g/devel/topic/70960524#53733





https://edk2.groups.io/g/devel/message/53703 [PATCH
V2] UefiCpuPkg

RegisterCpuFeaturesLib: Match data type and format
specifier

Even if this were a feature, it could go in; the review
was posted in
time:
- https://edk2.groups.io/g/devel/message/53803

In fact I don't understand why it hasn't been merged
for more than a
week now!


https://edk2.groups.io/g/devel/message/53577 [PATCH
v1 1/1] ShellPkg:

acpiview: Remove duplicate ACPI structure size
definitions

Approved in time, regardless of bugfix vs. feature.
Should go in.


https://edk2.groups.io/g/devel/message/54192 [PATCH
v2 1/1] ShellPkg:

acpiview: Validate ACPI table 'Length' field

The review was posted past the SFF, but I agree this
looks like a
bugfix, so should be OK. (Supplying missing input
sanitization is
arguably a fix.)



Bug List (under review)
https://edk2.groups.io/g/devel/message/54361 [PATCH
1/1]

NetworkPkg/ArpDxe: Recycle invalid ARP packets(CVE-
2019-14559)

https://edk2.groups.io/g/devel/message/54569 [PATCH
v3]

NetworkPkg/Ip4Dxe: Check the received package length
(CVE-2019-14559)

CVE fixes can clearly go in during the HFF too.


https://edk2.groups.io/g/devel/message/54448 [PATCH
v1 1/1] ShellPkg:

acpiview: Prevent infinite loop if structure length
is 0

Similar to "ShellPkg: acpiview: Validate ACPI table
'Length' field";
should be OK.


Just my opinion, of course.

Thanks
Laszlo



[-- Attachment #2: Type: text/html, Size: 21525 bytes --]

Re: Patch List for 202002 stable tag

[Gao, Zhichao]

[-- Attachment #1: Type: text/plain, Size: 10843 bytes --]

Already add my comments in the BZ link. I agree it is a bug fix.

Thanks,
Zhichao

From: Gao, Liming <liming.gao@intel.com>
Sent: Thursday, February 20, 2020 9:17 AM
To: vit9696 <vit9696@protonmail.com>
Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek <lersek@redhat.com>; Guptha, Soumya K <soumya.k.guptha@intel.com>; leif@nuviainc.com; afish@apple.com; devel@edk2.groups.io; Marvin Häuser <marvin.haeuser@outlook.com>; Ni, Ray <ray.ni@intel.com>; Gao, Zhichao <zhichao.gao@intel.com>
Subject: RE: Patch List for 202002 stable tag

Vitaly:
  I add my comments.

Zhichao and Ray:
   Can you give your opinion for BZ https://bugzilla.tianocore.org/show_bug.cgi?id=2510? Is it a bug fix or feature enhancement?

Thanks
Liming
From: vit9696 <vit9696@protonmail.com<mailto:vit9696@protonmail.com>>
Sent: Thursday, February 20, 2020 2:09 AM
To: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>
Cc: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Marvin Häuser <marvin.haeuser@outlook.com<mailto:marvin.haeuser@outlook.com>>
Subject: Re: Patch List for 202002 stable tag

Liming,

Thanks for pinging me about this!

With the PCD[1][2] I fully agree. The fact that it did not manage to land is mainly due to a sudden discussion that arose after complete silence for almost half a year, which was sort of unexpected. I will use this message as a suggestion to include this change as one of the primary goals for 202005 and kindly ask others to help to agree on the actual implementation. This bug strongly concerns us and we believe the fact that it does not (yet) cause issues to everyone is mainly coincidence.

[Liming] You can also present the topic in Tiano Design meeting to collect the feedback. Ni, Ray is the meeting host. You can send the topic to him.

With the Shell patch, the fact that I cannot enter upper case letters or use hotkeys in the editor sounds like a bug to me. The way the actual commit message is written reflects the change of the internal logic in the codebase (it adds support of specific behaviour handling on the target). In my opinion, it should not necessarily include the word «Fix» to be qualified as a bugfix, this is what bugzilla is for.

[Liming] If this fix is the bug, I agree it follows the process to catch this stable tag. I include ShellPkg maintainers (Ray Ni and Zhichao Gao) to give the opinion for the bug or not.

I am personally ok with deferring it to a next stable tag, but if the reasoning for this is «Feature planning freeze» dates, they do not strictly apply due to the reasons I stated above. So far the patch received only one review comment, which in fact was due to a minor misinterpretation. We also did some fairly extensive testing on our side before the submission (that’s why it actually took us a few more days). Unless the team has a lot of important work for the release, we can postpone the merge, otherwise I think it should be safe to merge this.

Best wishes,
Vitaly

[1] https://bugzilla.tianocore.org/show_bug.cgi?id=2054
[2] https://edk2.groups.io/g/devel/topic/69401948


19 февр. 2020 г., в 18:39, Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>> написал(а):


Mike and Laszlo:
 Thanks for your comments.

Vitaly:
 You request below two patches to catch 202002 stable tag. I agree with Mike and Laszlo comments. They are not ready to catch this stable tag. The first one is under discussion. The second one is like the enhancement or feature instead of the bug fix. It is submitted after Feb 7th Feature Planning Freeze. So, I suggest to defer them to next stable tag 202005.

https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_pcd_to/69401948 [PATCH v3 0/1] Add PCD to disable safe string constraint assertions (solution under discussion)
https://edk2.groups.io/g/devel/message/54122 [PATCH 1/1] ShellPkg: Add support for input with separately reported modifiers (under review, is this a feature or bug in the discussion)

Thanks
Liming
-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
Sent: Wednesday, February 19, 2020 4:43 AM
To: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>;
leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
Cc: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Subject: RE: Patch List for 202002 stable tag

Hi Laszlo,

I agree with your assessments.

One comment below.

Mike

-----Original Message-----
From: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>
Sent: Tuesday, February 18, 2020 12:04 PM
To: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>; Guptha, Soumya
K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; Kinney, Michael D
<michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>;
afish@apple.com<mailto:afish@apple.com>
Cc: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Subject: Re: Patch List for 202002 stable tag

On 02/18/20 15:08, Gao, Liming wrote:
Hi Stewards and all:
 I collect current patch lists in devel mail list.
Those patch
 contributors request to add them for 201902 stable
tag. Because we
 have enter into Soft Feature Freeze, I want to
collect your feedback
 for them. If any patches are missing, please reply
this mail to add
 them.

Feature List (under review):

According to
<https://github.com/tianocore/tianocore.github.io/wiki/
SoftFeatureFreeze<https://github.com/tianocore/tianocore.github.io/wiki/%0bSoftFeatureFreeze>>,
features can be merged during the SFF if their review
completed before
the SFF.

The SFF date is 2020-02-14 00:00:00 UTC-8, per
<https://github.com/tianocore/tianocore.github.io/wiki/
EDK-II-Release-Planning<https://github.com/tianocore/tianocore.github.io/wiki/%0bEDK-II-Release-Planning>>.
For me (in CET = UTC+1), that makes the deadline 2020-
02-14 09:00:00
CET.


https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_p
cd_to/69401948
[PATCH v3 0/1] Add PCD to disable safe string
constraint assertions
(solution under discussion)

Posted on 2020-01-03. Review doesn't appear complete.
Technically
speaking, it has missed edk2-stable202002.

There were two large gaps in the review process, namely
between these
messages:

- https://edk2.groups.io/g/devel/message/53026 [2020-
01-08]
- https://edk2.groups.io/g/devel/message/53485 [2020-
01-27]
- https://edk2.groups.io/g/devel/message/54133 [2020-
02-10]

If review seems stuck, it's advisable to ping once per
week, or a bit
more frequently. Two weeks ore more between pings is
way too long.

https://edk2.groups.io/g/devel/message/54122 [PATCH
1/1] ShellPkg: Add
support for input with separately reported modifiers
(under review, is
this a feature or bug in the disucssion)

The subject starts with "Add support for...", so it's a
new feature, or
at least a feature-enablement.

Posted on 2020-02-10. Has not been reviewed yet,
AFAICT. Same situation
as above. (Missed edk2-stable202002, technically
speaking.)

Note: I don't have a personal preference either way.
I'm just pointing
out what the SFF definition formally dictates, in my
interpretation.

If we want to extend the freeze dates, I won't object.

Bug List (reviewed):
https://edk2.groups.io/g/devel/message/54416 [PATCH
v2 00/10] Fix
false negative issue in
DxeImageVerificationHandler(CVE-2019-14575)

Clearly a bug fix; it could go in even during the HFF
<https://github.com/tianocore/tianocore.github.io/wiki/
HardFeatureFreeze<https://github.com/tianocore/tianocore.github.io/wiki/%0bHardFeatureFreeze>>.

https://edk2.groups.io/g/devel/message/54523 [PATCH
v1][edk2-stable202002] MdeModulePkg/SdMmcPciHcDxe:
Fix double PciIo
Unmap in TRB creation (CVE-2019-14587)

Ditto.

https://edk2.groups.io/g/devel/message/54510 [PATCH
v6 0/2]
Enhancement and Fixes to BaseHashApiLib

Hm. I feel like I need some convincing that patch#1 --
"CryptoPkg/BaseHashApiLib: Align BaseHashApiLib with
TPM 2.0
Implementation" -- is *also* a bugfix (like patch#2).

That question matters because the reviews:

- https://edk2.groups.io/g/devel/message/54513
- https://edk2.groups.io/g/devel/message/54567

were not posted before the SFF.

... I guess it's OK.

The description of the bug does not emphasis that
this really is a bug fix.  There were additional
review comments from the CryptoPkg reviewers after
the initial review/commit of this feature.  These
changes address that feedback.  The alignment with
TPM 2.0 is to use an existing set of defines for
the hash algorithms instead of define yet another
set of defines.  Details in this thread:

https://edk2.groups.io/g/devel/topic/70960524#53733



https://edk2.groups.io/g/devel/message/53703 [PATCH
V2] UefiCpuPkg
RegisterCpuFeaturesLib: Match data type and format
specifier

Even if this were a feature, it could go in; the review
was posted in
time:
- https://edk2.groups.io/g/devel/message/53803

In fact I don't understand why it hasn't been merged
for more than a
week now!

https://edk2.groups.io/g/devel/message/53577 [PATCH
v1 1/1] ShellPkg:
acpiview: Remove duplicate ACPI structure size
definitions

Approved in time, regardless of bugfix vs. feature.
Should go in.

https://edk2.groups.io/g/devel/message/54192 [PATCH
v2 1/1] ShellPkg:
acpiview: Validate ACPI table 'Length' field

The review was posted past the SFF, but I agree this
looks like a
bugfix, so should be OK. (Supplying missing input
sanitization is
arguably a fix.)


Bug List (under review)
https://edk2.groups.io/g/devel/message/54361 [PATCH
1/1]
NetworkPkg/ArpDxe: Recycle invalid ARP packets(CVE-
2019-14559)
https://edk2.groups.io/g/devel/message/54569 [PATCH
v3]
NetworkPkg/Ip4Dxe: Check the received package length
(CVE-2019-14559)

CVE fixes can clearly go in during the HFF too.

https://edk2.groups.io/g/devel/message/54448 [PATCH
v1 1/1] ShellPkg:
acpiview: Prevent infinite loop if structure length
is 0

Similar to "ShellPkg: acpiview: Validate ACPI table
'Length' field";
should be OK.


Just my opinion, of course.

Thanks
Laszlo



[-- Attachment #2: Type: text/html, Size: 23821 bytes --]

Re: Patch List for 202002 stable tag

[Ni, Ray]

[-- Attachment #1: Type: text/plain, Size: 10801 bytes --]

Liming,
I provided my comments in the BZ.

From: Gao, Liming <liming.gao@intel.com>
Sent: Thursday, February 20, 2020 9:17 AM
To: vit9696 <vit9696@protonmail.com>
Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek <lersek@redhat.com>; Guptha, Soumya K <soumya.k.guptha@intel.com>; leif@nuviainc.com; afish@apple.com; devel@edk2.groups.io; Marvin Häuser <marvin.haeuser@outlook.com>; Ni, Ray <ray.ni@intel.com>; Gao, Zhichao <zhichao.gao@intel.com>
Subject: RE: Patch List for 202002 stable tag

Vitaly:
  I add my comments.

Zhichao and Ray:
   Can you give your opinion for BZ https://bugzilla.tianocore.org/show_bug.cgi?id=2510? Is it a bug fix or feature enhancement?

Thanks
Liming
From: vit9696 <vit9696@protonmail.com<mailto:vit9696@protonmail.com>>
Sent: Thursday, February 20, 2020 2:09 AM
To: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>
Cc: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Marvin Häuser <marvin.haeuser@outlook.com<mailto:marvin.haeuser@outlook.com>>
Subject: Re: Patch List for 202002 stable tag

Liming,

Thanks for pinging me about this!

With the PCD[1][2] I fully agree. The fact that it did not manage to land is mainly due to a sudden discussion that arose after complete silence for almost half a year, which was sort of unexpected. I will use this message as a suggestion to include this change as one of the primary goals for 202005 and kindly ask others to help to agree on the actual implementation. This bug strongly concerns us and we believe the fact that it does not (yet) cause issues to everyone is mainly coincidence.

[Liming] You can also present the topic in Tiano Design meeting to collect the feedback. Ni, Ray is the meeting host. You can send the topic to him.

With the Shell patch, the fact that I cannot enter upper case letters or use hotkeys in the editor sounds like a bug to me. The way the actual commit message is written reflects the change of the internal logic in the codebase (it adds support of specific behaviour handling on the target). In my opinion, it should not necessarily include the word «Fix» to be qualified as a bugfix, this is what bugzilla is for.

[Liming] If this fix is the bug, I agree it follows the process to catch this stable tag. I include ShellPkg maintainers (Ray Ni and Zhichao Gao) to give the opinion for the bug or not.

I am personally ok with deferring it to a next stable tag, but if the reasoning for this is «Feature planning freeze» dates, they do not strictly apply due to the reasons I stated above. So far the patch received only one review comment, which in fact was due to a minor misinterpretation. We also did some fairly extensive testing on our side before the submission (that’s why it actually took us a few more days). Unless the team has a lot of important work for the release, we can postpone the merge, otherwise I think it should be safe to merge this.

Best wishes,
Vitaly

[1] https://bugzilla.tianocore.org/show_bug.cgi?id=2054
[2] https://edk2.groups.io/g/devel/topic/69401948


19 февр. 2020 г., в 18:39, Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>> написал(а):


Mike and Laszlo:
 Thanks for your comments.

Vitaly:
 You request below two patches to catch 202002 stable tag. I agree with Mike and Laszlo comments. They are not ready to catch this stable tag. The first one is under discussion. The second one is like the enhancement or feature instead of the bug fix. It is submitted after Feb 7th Feature Planning Freeze. So, I suggest to defer them to next stable tag 202005.

https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_pcd_to/69401948 [PATCH v3 0/1] Add PCD to disable safe string constraint assertions (solution under discussion)
https://edk2.groups.io/g/devel/message/54122 [PATCH 1/1] ShellPkg: Add support for input with separately reported modifiers (under review, is this a feature or bug in the discussion)

Thanks
Liming
-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
Sent: Wednesday, February 19, 2020 4:43 AM
To: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>;
leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
Cc: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Subject: RE: Patch List for 202002 stable tag

Hi Laszlo,

I agree with your assessments.

One comment below.

Mike

-----Original Message-----
From: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>
Sent: Tuesday, February 18, 2020 12:04 PM
To: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>; Guptha, Soumya
K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; Kinney, Michael D
<michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>;
afish@apple.com<mailto:afish@apple.com>
Cc: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Subject: Re: Patch List for 202002 stable tag

On 02/18/20 15:08, Gao, Liming wrote:
Hi Stewards and all:
 I collect current patch lists in devel mail list.
Those patch
 contributors request to add them for 201902 stable
tag. Because we
 have enter into Soft Feature Freeze, I want to
collect your feedback
 for them. If any patches are missing, please reply
this mail to add
 them.

Feature List (under review):

According to
<https://github.com/tianocore/tianocore.github.io/wiki/
SoftFeatureFreeze<https://github.com/tianocore/tianocore.github.io/wiki/%0bSoftFeatureFreeze>>,
features can be merged during the SFF if their review
completed before
the SFF.

The SFF date is 2020-02-14 00:00:00 UTC-8, per
<https://github.com/tianocore/tianocore.github.io/wiki/
EDK-II-Release-Planning<https://github.com/tianocore/tianocore.github.io/wiki/%0bEDK-II-Release-Planning>>.
For me (in CET = UTC+1), that makes the deadline 2020-
02-14 09:00:00
CET.


https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_p
cd_to/69401948
[PATCH v3 0/1] Add PCD to disable safe string
constraint assertions
(solution under discussion)

Posted on 2020-01-03. Review doesn't appear complete.
Technically
speaking, it has missed edk2-stable202002.

There were two large gaps in the review process, namely
between these
messages:

- https://edk2.groups.io/g/devel/message/53026 [2020-
01-08]
- https://edk2.groups.io/g/devel/message/53485 [2020-
01-27]
- https://edk2.groups.io/g/devel/message/54133 [2020-
02-10]

If review seems stuck, it's advisable to ping once per
week, or a bit
more frequently. Two weeks ore more between pings is
way too long.

https://edk2.groups.io/g/devel/message/54122 [PATCH
1/1] ShellPkg: Add
support for input with separately reported modifiers
(under review, is
this a feature or bug in the disucssion)

The subject starts with "Add support for...", so it's a
new feature, or
at least a feature-enablement.

Posted on 2020-02-10. Has not been reviewed yet,
AFAICT. Same situation
as above. (Missed edk2-stable202002, technically
speaking.)

Note: I don't have a personal preference either way.
I'm just pointing
out what the SFF definition formally dictates, in my
interpretation.

If we want to extend the freeze dates, I won't object.

Bug List (reviewed):
https://edk2.groups.io/g/devel/message/54416 [PATCH
v2 00/10] Fix
false negative issue in
DxeImageVerificationHandler(CVE-2019-14575)

Clearly a bug fix; it could go in even during the HFF
<https://github.com/tianocore/tianocore.github.io/wiki/
HardFeatureFreeze<https://github.com/tianocore/tianocore.github.io/wiki/%0bHardFeatureFreeze>>.

https://edk2.groups.io/g/devel/message/54523 [PATCH
v1][edk2-stable202002] MdeModulePkg/SdMmcPciHcDxe:
Fix double PciIo
Unmap in TRB creation (CVE-2019-14587)

Ditto.

https://edk2.groups.io/g/devel/message/54510 [PATCH
v6 0/2]
Enhancement and Fixes to BaseHashApiLib

Hm. I feel like I need some convincing that patch#1 --
"CryptoPkg/BaseHashApiLib: Align BaseHashApiLib with
TPM 2.0
Implementation" -- is *also* a bugfix (like patch#2).

That question matters because the reviews:

- https://edk2.groups.io/g/devel/message/54513
- https://edk2.groups.io/g/devel/message/54567

were not posted before the SFF.

... I guess it's OK.

The description of the bug does not emphasis that
this really is a bug fix.  There were additional
review comments from the CryptoPkg reviewers after
the initial review/commit of this feature.  These
changes address that feedback.  The alignment with
TPM 2.0 is to use an existing set of defines for
the hash algorithms instead of define yet another
set of defines.  Details in this thread:

https://edk2.groups.io/g/devel/topic/70960524#53733



https://edk2.groups.io/g/devel/message/53703 [PATCH
V2] UefiCpuPkg
RegisterCpuFeaturesLib: Match data type and format
specifier

Even if this were a feature, it could go in; the review
was posted in
time:
- https://edk2.groups.io/g/devel/message/53803

In fact I don't understand why it hasn't been merged
for more than a
week now!

https://edk2.groups.io/g/devel/message/53577 [PATCH
v1 1/1] ShellPkg:
acpiview: Remove duplicate ACPI structure size
definitions

Approved in time, regardless of bugfix vs. feature.
Should go in.

https://edk2.groups.io/g/devel/message/54192 [PATCH
v2 1/1] ShellPkg:
acpiview: Validate ACPI table 'Length' field

The review was posted past the SFF, but I agree this
looks like a
bugfix, so should be OK. (Supplying missing input
sanitization is
arguably a fix.)


Bug List (under review)
https://edk2.groups.io/g/devel/message/54361 [PATCH
1/1]
NetworkPkg/ArpDxe: Recycle invalid ARP packets(CVE-
2019-14559)
https://edk2.groups.io/g/devel/message/54569 [PATCH
v3]
NetworkPkg/Ip4Dxe: Check the received package length
(CVE-2019-14559)

CVE fixes can clearly go in during the HFF too.

https://edk2.groups.io/g/devel/message/54448 [PATCH
v1 1/1] ShellPkg:
acpiview: Prevent infinite loop if structure length
is 0

Similar to "ShellPkg: acpiview: Validate ACPI table
'Length' field";
should be OK.


Just my opinion, of course.

Thanks
Laszlo



[-- Attachment #2: Type: text/html, Size: 23772 bytes --]

Re: Patch List for 202002 stable tag

[Liming Gao]

[-- Attachment #1: Type: text/plain, Size: 11771 bytes --]

Ray, Zhichao and Vitaly:
  Thanks. BZ is the good place to catch all discussion. Because we are close to edk2 stable tag 202002, can you make the agreement soon for BZ 2510?

Thanks
Liming
From: Ni, Ray <ray.ni@intel.com>
Sent: Thursday, February 20, 2020 11:13 AM
To: Gao, Liming <liming.gao@intel.com>; vit9696 <vit9696@protonmail.com>
Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek <lersek@redhat.com>; Guptha, Soumya K <soumya.k.guptha@intel.com>; leif@nuviainc.com; afish@apple.com; devel@edk2.groups.io; Marvin Häuser <marvin.haeuser@outlook.com>; Gao, Zhichao <zhichao.gao@intel.com>
Subject: RE: Patch List for 202002 stable tag

Liming,
I provided my comments in the BZ.

From: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>
Sent: Thursday, February 20, 2020 9:17 AM
To: vit9696 <vit9696@protonmail.com<mailto:vit9696@protonmail.com>>
Cc: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Marvin Häuser <marvin.haeuser@outlook.com<mailto:marvin.haeuser@outlook.com>>; Ni, Ray <ray.ni@intel.com<mailto:ray.ni@intel.com>>; Gao, Zhichao <zhichao.gao@intel.com<mailto:zhichao.gao@intel.com>>
Subject: RE: Patch List for 202002 stable tag

Vitaly:
  I add my comments.

Zhichao and Ray:
   Can you give your opinion for BZ https://bugzilla.tianocore.org/show_bug.cgi?id=2510? Is it a bug fix or feature enhancement?

Thanks
Liming
From: vit9696 <vit9696@protonmail.com<mailto:vit9696@protonmail.com>>
Sent: Thursday, February 20, 2020 2:09 AM
To: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>
Cc: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Marvin Häuser <marvin.haeuser@outlook.com<mailto:marvin.haeuser@outlook.com>>
Subject: Re: Patch List for 202002 stable tag

Liming,

Thanks for pinging me about this!

With the PCD[1][2] I fully agree. The fact that it did not manage to land is mainly due to a sudden discussion that arose after complete silence for almost half a year, which was sort of unexpected. I will use this message as a suggestion to include this change as one of the primary goals for 202005 and kindly ask others to help to agree on the actual implementation. This bug strongly concerns us and we believe the fact that it does not (yet) cause issues to everyone is mainly coincidence.

[Liming] You can also present the topic in Tiano Design meeting to collect the feedback. Ni, Ray is the meeting host. You can send the topic to him.

With the Shell patch, the fact that I cannot enter upper case letters or use hotkeys in the editor sounds like a bug to me. The way the actual commit message is written reflects the change of the internal logic in the codebase (it adds support of specific behaviour handling on the target). In my opinion, it should not necessarily include the word «Fix» to be qualified as a bugfix, this is what bugzilla is for.

[Liming] If this fix is the bug, I agree it follows the process to catch this stable tag. I include ShellPkg maintainers (Ray Ni and Zhichao Gao) to give the opinion for the bug or not.

I am personally ok with deferring it to a next stable tag, but if the reasoning for this is «Feature planning freeze» dates, they do not strictly apply due to the reasons I stated above. So far the patch received only one review comment, which in fact was due to a minor misinterpretation. We also did some fairly extensive testing on our side before the submission (that’s why it actually took us a few more days). Unless the team has a lot of important work for the release, we can postpone the merge, otherwise I think it should be safe to merge this.

Best wishes,
Vitaly

[1] https://bugzilla.tianocore.org/show_bug.cgi?id=2054
[2] https://edk2.groups.io/g/devel/topic/69401948


19 февр. 2020 г., в 18:39, Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>> написал(а):


Mike and Laszlo:
 Thanks for your comments.

Vitaly:
 You request below two patches to catch 202002 stable tag. I agree with Mike and Laszlo comments. They are not ready to catch this stable tag. The first one is under discussion. The second one is like the enhancement or feature instead of the bug fix. It is submitted after Feb 7th Feature Planning Freeze. So, I suggest to defer them to next stable tag 202005.

https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_pcd_to/69401948 [PATCH v3 0/1] Add PCD to disable safe string constraint assertions (solution under discussion)
https://edk2.groups.io/g/devel/message/54122 [PATCH 1/1] ShellPkg: Add support for input with separately reported modifiers (under review, is this a feature or bug in the discussion)

Thanks
Liming
-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
Sent: Wednesday, February 19, 2020 4:43 AM
To: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>;
leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
Cc: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Subject: RE: Patch List for 202002 stable tag

Hi Laszlo,

I agree with your assessments.

One comment below.

Mike
-----Original Message-----
From: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>
Sent: Tuesday, February 18, 2020 12:04 PM
To: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>; Guptha, Soumya
K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; Kinney, Michael D
<michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>;
afish@apple.com<mailto:afish@apple.com>
Cc: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Subject: Re: Patch List for 202002 stable tag

On 02/18/20 15:08, Gao, Liming wrote:
Hi Stewards and all:
 I collect current patch lists in devel mail list.
Those patch
 contributors request to add them for 201902 stable
tag. Because we
 have enter into Soft Feature Freeze, I want to
collect your feedback
 for them. If any patches are missing, please reply
this mail to add
 them.

Feature List (under review):

According to
<https://github.com/tianocore/tianocore.github.io/wiki/
SoftFeatureFreeze<https://github.com/tianocore/tianocore.github.io/wiki/%0bSoftFeatureFreeze>>,
features can be merged during the SFF if their review
completed before
the SFF.

The SFF date is 2020-02-14 00:00:00 UTC-8, per
<https://github.com/tianocore/tianocore.github.io/wiki/
EDK-II-Release-Planning<https://github.com/tianocore/tianocore.github.io/wiki/%0bEDK-II-Release-Planning>>.
For me (in CET = UTC+1), that makes the deadline 2020-
02-14 09:00:00
CET.

https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_p
cd_to/69401948
[PATCH v3 0/1] Add PCD to disable safe string
constraint assertions
(solution under discussion)

Posted on 2020-01-03. Review doesn't appear complete.
Technically
speaking, it has missed edk2-stable202002.

There were two large gaps in the review process, namely
between these
messages:

- https://edk2.groups.io/g/devel/message/53026 [2020-
01-08]
- https://edk2.groups.io/g/devel/message/53485 [2020-
01-27]
- https://edk2.groups.io/g/devel/message/54133 [2020-
02-10]

If review seems stuck, it's advisable to ping once per
week, or a bit
more frequently. Two weeks ore more between pings is
way too long.
https://edk2.groups.io/g/devel/message/54122 [PATCH
1/1] ShellPkg: Add
support for input with separately reported modifiers
(under review, is
this a feature or bug in the disucssion)

The subject starts with "Add support for...", so it's a
new feature, or
at least a feature-enablement.

Posted on 2020-02-10. Has not been reviewed yet,
AFAICT. Same situation
as above. (Missed edk2-stable202002, technically
speaking.)

Note: I don't have a personal preference either way.
I'm just pointing
out what the SFF definition formally dictates, in my
interpretation.

If we want to extend the freeze dates, I won't object.
Bug List (reviewed):
https://edk2.groups.io/g/devel/message/54416 [PATCH
v2 00/10] Fix
false negative issue in
DxeImageVerificationHandler(CVE-2019-14575)

Clearly a bug fix; it could go in even during the HFF
<https://github.com/tianocore/tianocore.github.io/wiki/
HardFeatureFreeze<https://github.com/tianocore/tianocore.github.io/wiki/%0bHardFeatureFreeze>>.
https://edk2.groups.io/g/devel/message/54523 [PATCH
v1][edk2-stable202002] MdeModulePkg/SdMmcPciHcDxe:
Fix double PciIo
Unmap in TRB creation (CVE-2019-14587)

Ditto.
https://edk2.groups.io/g/devel/message/54510 [PATCH
v6 0/2]
Enhancement and Fixes to BaseHashApiLib

Hm. I feel like I need some convincing that patch#1 --
"CryptoPkg/BaseHashApiLib: Align BaseHashApiLib with
TPM 2.0
Implementation" -- is *also* a bugfix (like patch#2).

That question matters because the reviews:

- https://edk2.groups.io/g/devel/message/54513
- https://edk2.groups.io/g/devel/message/54567

were not posted before the SFF.

... I guess it's OK.

The description of the bug does not emphasis that
this really is a bug fix.  There were additional
review comments from the CryptoPkg reviewers after
the initial review/commit of this feature.  These
changes address that feedback.  The alignment with
TPM 2.0 is to use an existing set of defines for
the hash algorithms instead of define yet another
set of defines.  Details in this thread:

https://edk2.groups.io/g/devel/topic/70960524#53733


https://edk2.groups.io/g/devel/message/53703 [PATCH
V2] UefiCpuPkg
RegisterCpuFeaturesLib: Match data type and format
specifier

Even if this were a feature, it could go in; the review
was posted in
time:
- https://edk2.groups.io/g/devel/message/53803

In fact I don't understand why it hasn't been merged
for more than a
week now!
https://edk2.groups.io/g/devel/message/53577 [PATCH
v1 1/1] ShellPkg:
acpiview: Remove duplicate ACPI structure size
definitions

Approved in time, regardless of bugfix vs. feature.
Should go in.
https://edk2.groups.io/g/devel/message/54192 [PATCH
v2 1/1] ShellPkg:
acpiview: Validate ACPI table 'Length' field

The review was posted past the SFF, but I agree this
looks like a
bugfix, so should be OK. (Supplying missing input
sanitization is
arguably a fix.)

Bug List (under review)
https://edk2.groups.io/g/devel/message/54361 [PATCH
1/1]
NetworkPkg/ArpDxe: Recycle invalid ARP packets(CVE-
2019-14559)
https://edk2.groups.io/g/devel/message/54569 [PATCH
v3]
NetworkPkg/Ip4Dxe: Check the received package length
(CVE-2019-14559)

CVE fixes can clearly go in during the HFF too.
https://edk2.groups.io/g/devel/message/54448 [PATCH
v1 1/1] ShellPkg:
acpiview: Prevent infinite loop if structure length
is 0

Similar to "ShellPkg: acpiview: Validate ACPI table
'Length' field";
should be OK.


Just my opinion, of course.

Thanks
Laszlo



[-- Attachment #2: Type: text/html, Size: 25453 bytes --]

Re: Patch List for 202002 stable tag

[Vitaly Cheptsov]

[-- Attachment #1: Type: text/plain, Size: 12281 bytes --]

Liming, no problem from our side. The patch is now reviewed and I believe I provided all the necessarily material regarding its status.

In case Ray would rather postpone it, I give no objection to this without prior notice. There is no problem from our side if EDK II team wants to prioritise other issues, we can always merge it right after the stable tag lands.

Best wishes,
Vitaly

В чт, февр. 20, 2020 в 09:58, Gao, Liming <liming.gao@intel.com> пишет:

> Ray, Zhichao and Vitaly:
>
>   Thanks. BZ is the good place to catch all discussion. Because we are close to edk2 stable tag 202002, can you make the agreement soon for BZ 2510?
>
> Thanks
>
> Liming
>
> From: Ni, Ray <ray.ni@intel.com>
> Sent: Thursday, February 20, 2020 11:13 AM
> To: Gao, Liming <liming.gao@intel.com>; vit9696 <vit9696@protonmail.com>
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek <lersek@redhat.com>; Guptha, Soumya K <soumya.k.guptha@intel.com>; leif@nuviainc.com; afish@apple.com; devel@edk2.groups.io; Marvin Häuser <marvin.haeuser@outlook.com>; Gao, Zhichao <zhichao.gao@intel.com>
> Subject: RE: Patch List for 202002 stable tag
>
> Liming,
>
> I provided my comments in the BZ.
>
> From: Gao, Liming <liming.gao@intel.com>
> Sent: Thursday, February 20, 2020 9:17 AM
> To: vit9696 <vit9696@protonmail.com>
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek <lersek@redhat.com>; Guptha, Soumya K <soumya.k.guptha@intel.com>; leif@nuviainc.com; afish@apple.com; devel@edk2.groups.io; Marvin Häuser <marvin.haeuser@outlook.com>; Ni, Ray <ray.ni@intel.com>; Gao, Zhichao <zhichao.gao@intel.com>
> Subject: RE: Patch List for 202002 stable tag
>
> Vitaly:
>
>   I add my comments.
>
> Zhichao and Ray:
>
>    Can you give your opinion for BZ https://bugzilla.tianocore.org/show_bug.cgi?id=2510? Is it a bug fix or feature enhancement?
>
> Thanks
>
> Liming
>
> From: vit9696 <vit9696@protonmail.com>
> Sent: Thursday, February 20, 2020 2:09 AM
> To: Gao, Liming <liming.gao@intel.com>
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek <lersek@redhat.com>; Guptha, Soumya K <soumya.k.guptha@intel.com>; leif@nuviainc.com; afish@apple.com; devel@edk2.groups.io; Marvin Häuser <marvin.haeuser@outlook.com>
> Subject: Re: Patch List for 202002 stable tag
>
> Liming,
>
> Thanks for pinging me about this!
>
> With the PCD[1][2] I fully agree. The fact that it did not manage to land is mainly due to a sudden discussion that arose after complete silence for almost half a year, which was sort of unexpected. I will use this message as a suggestion to include this change as one of the primary goals for 202005 and kindly ask others to help to agree on the actual implementation. This bug strongly concerns us and we believe the fact that it does not (yet) cause issues to everyone is mainly coincidence.
>
> [Liming] You can also present the topic in Tiano Design meeting to collect the feedback. Ni, Ray is the meeting host. You can send the topic to him.
>
> With the Shell patch, the fact that I cannot enter upper case letters or use hotkeys in the editor sounds like a bug to me. The way the actual commit message is written reflects the change of the internal logic in the codebase (it adds support of specific behaviour handling on the target). In my opinion, it should not necessarily include the word «Fix» to be qualified as a bugfix, this is what bugzilla is for.
>
> [Liming] If this fix is the bug, I agree it follows the process to catch this stable tag. I include ShellPkg maintainers (Ray Ni and Zhichao Gao) to give the opinion for the bug or not.
>
> I am personally ok with deferring it to a next stable tag, but if the reasoning for this is «Feature planning freeze» dates, they do not strictly apply due to the reasons I stated above. So far the patch received only one review comment, which in fact was due to a minor misinterpretation. We also did some fairly extensive testing on our side before the submission (that’s why it actually took us a few more days). Unless the team has a lot of important work for the release, we can postpone the merge, otherwise I think it should be safe to merge this.
>
> Best wishes,
>
> Vitaly
>
> [1] https://bugzilla.tianocore.org/show_bug.cgi?id=2054
>
> [2] https://edk2.groups.io/g/devel/topic/69401948
>
>> 19 февр. 2020 г., в 18:39, Gao, Liming <liming.gao@intel.com> написал(а):
>>
>> Mike and Laszlo:
>>  Thanks for your comments.
>>
>> Vitaly:
>>  You request below two patches to catch 202002 stable tag. I agree with Mike and Laszlo comments. They are not ready to catch this stable tag. The first one is under discussion. The second one is like the enhancement or feature instead of the bug fix. It is submitted after Feb 7th Feature Planning Freeze. So, I suggest to defer them to next stable tag 202005.
>>
>> https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_pcd_to/69401948 [PATCH v3 0/1] Add PCD to disable safe string constraint assertions (solution under discussion)
>> https://edk2.groups.io/g/devel/message/54122 [PATCH 1/1] ShellPkg: Add support for input with separately reported modifiers (under review, is this a feature or bug in the discussion)
>>
>> Thanks
>> Liming
>>
>>> -----Original Message-----
>>> From: Kinney, Michael D <michael.d.kinney@intel.com>
>>> Sent: Wednesday, February 19, 2020 4:43 AM
>>> To: Laszlo Ersek <lersek@redhat.com>; Gao, Liming <liming.gao@intel.com>; Guptha, Soumya K <soumya.k.guptha@intel.com>;
>>> leif@nuviainc.com; afish@apple.com; Kinney, Michael D <michael.d.kinney@intel.com>
>>> Cc: devel@edk2.groups.io
>>> Subject: RE: Patch List for 202002 stable tag
>>>
>>> Hi Laszlo,
>>>
>>> I agree with your assessments.
>>>
>>> One comment below.
>>>
>>> Mike
>>>
>>>> -----Original Message-----
>>>> From: Laszlo Ersek <lersek@redhat.com>
>>>> Sent: Tuesday, February 18, 2020 12:04 PM
>>>> To: Gao, Liming <liming.gao@intel.com>; Guptha, Soumya
>>>> K <soumya.k.guptha@intel.com>; Kinney, Michael D
>>>> <michael.d.kinney@intel.com>; leif@nuviainc.com;
>>>> afish@apple.com
>>>> Cc: devel@edk2.groups.io
>>>> Subject: Re: Patch List for 202002 stable tag
>>>>
>>>> On 02/18/20 15:08, Gao, Liming wrote:
>>>>
>>>>> Hi Stewards and all:
>>>>>  I collect current patch lists in devel mail list.
>>>>
>>>> Those patch
>>>>
>>>>>  contributors request to add them for 201902 stable
>>>>
>>>> tag. Because we
>>>>
>>>>>  have enter into Soft Feature Freeze, I want to
>>>>
>>>> collect your feedback
>>>>
>>>>>  for them. If any patches are missing, please reply
>>>>
>>>> this mail to add
>>>>
>>>>>  them.
>>>>>
>>>>> Feature List (under review):
>>>>
>>>> According to
>>>> <[https://github.com/tianocore/tianocore.github.io/wiki/
>>>> SoftFeatureFreeze](https://github.com/tianocore/tianocore.github.io/wiki/%0bSoftFeatureFreeze)>,
>>>> features can be merged during the SFF if their review
>>>> completed before
>>>> the SFF.
>>>>
>>>> The SFF date is 2020-02-14 00:00:00 UTC-8, per
>>>> <[https://github.com/tianocore/tianocore.github.io/wiki/
>>>> EDK-II-Release-Planning](https://github.com/tianocore/tianocore.github.io/wiki/%0bEDK-II-Release-Planning)>.
>>>> For me (in CET = UTC+1), that makes the deadline 2020-
>>>> 02-14 09:00:00
>>>> CET.
>>>>
>>>>>
>>>>
>>>> https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_p
>>>> cd_to/69401948
>>>>
>>>>> [PATCH v3 0/1] Add PCD to disable safe string
>>>>
>>>> constraint assertions
>>>>
>>>>> (solution under discussion)
>>>>
>>>> Posted on 2020-01-03. Review doesn't appear complete.
>>>> Technically
>>>> speaking, it has missed edk2-stable202002.
>>>>
>>>> There were two large gaps in the review process, namely
>>>> between these
>>>> messages:
>>>>
>>>> - https://edk2.groups.io/g/devel/message/53026 [2020-
>>>> 01-08]
>>>> - https://edk2.groups.io/g/devel/message/53485 [2020-
>>>> 01-27]
>>>> - https://edk2.groups.io/g/devel/message/54133 [2020-
>>>> 02-10]
>>>>
>>>> If review seems stuck, it's advisable to ping once per
>>>> week, or a bit
>>>> more frequently. Two weeks ore more between pings is
>>>> way too long.
>>>>
>>>>> https://edk2.groups.io/g/devel/message/54122 [PATCH
>>>>
>>>> 1/1] ShellPkg: Add
>>>>
>>>>> support for input with separately reported modifiers
>>>>
>>>> (under review, is
>>>>
>>>>> this a feature or bug in the disucssion)
>>>>
>>>> The subject starts with "Add support for...", so it's a
>>>> new feature, or
>>>> at least a feature-enablement.
>>>>
>>>> Posted on 2020-02-10. Has not been reviewed yet,
>>>> AFAICT. Same situation
>>>> as above. (Missed edk2-stable202002, technically
>>>> speaking.)
>>>>
>>>> Note: I don't have a personal preference either way.
>>>> I'm just pointing
>>>> out what the SFF definition formally dictates, in my
>>>> interpretation.
>>>>
>>>> If we want to extend the freeze dates, I won't object.
>>>>
>>>>> Bug List (reviewed):
>>>>> https://edk2.groups.io/g/devel/message/54416 [PATCH
>>>>
>>>> v2 00/10] Fix
>>>>
>>>>> false negative issue in
>>>>
>>>> DxeImageVerificationHandler(CVE-2019-14575)
>>>>
>>>> Clearly a bug fix; it could go in even during the HFF
>>>> <[https://github.com/tianocore/tianocore.github.io/wiki/
>>>> HardFeatureFreeze](https://github.com/tianocore/tianocore.github.io/wiki/%0bHardFeatureFreeze)>.
>>>>
>>>>> https://edk2.groups.io/g/devel/message/54523 [PATCH
>>>>> v1][edk2-stable202002] MdeModulePkg/SdMmcPciHcDxe:
>>>>
>>>> Fix double PciIo
>>>>
>>>>> Unmap in TRB creation (CVE-2019-14587)
>>>>
>>>> Ditto.
>>>>
>>>>> https://edk2.groups.io/g/devel/message/54510 [PATCH
>>>>
>>>> v6 0/2]
>>>>
>>>>> Enhancement and Fixes to BaseHashApiLib
>>>>
>>>> Hm. I feel like I need some convincing that patch#1 --
>>>> "CryptoPkg/BaseHashApiLib: Align BaseHashApiLib with
>>>> TPM 2.0
>>>> Implementation" -- is *also* a bugfix (like patch#2).
>>>>
>>>> That question matters because the reviews:
>>>>
>>>> - https://edk2.groups.io/g/devel/message/54513
>>>> - https://edk2.groups.io/g/devel/message/54567
>>>>
>>>> were not posted before the SFF.
>>>>
>>>> ... I guess it's OK.
>>>
>>> The description of the bug does not emphasis that
>>> this really is a bug fix.  There were additional
>>> review comments from the CryptoPkg reviewers after
>>> the initial review/commit of this feature.  These
>>> changes address that feedback.  The alignment with
>>> TPM 2.0 is to use an existing set of defines for
>>> the hash algorithms instead of define yet another
>>> set of defines.  Details in this thread:
>>>
>>> https://edk2.groups.io/g/devel/topic/70960524#53733
>>>
>>>>
>>>>
>>>>> https://edk2.groups.io/g/devel/message/53703 [PATCH
>>>>
>>>> V2] UefiCpuPkg
>>>>
>>>>> RegisterCpuFeaturesLib: Match data type and format
>>>>
>>>> specifier
>>>>
>>>> Even if this were a feature, it could go in; the review
>>>> was posted in
>>>> time:
>>>> - https://edk2.groups.io/g/devel/message/53803
>>>>
>>>> In fact I don't understand why it hasn't been merged
>>>> for more than a
>>>> week now!
>>>>
>>>>> https://edk2.groups.io/g/devel/message/53577 [PATCH
>>>>
>>>> v1 1/1] ShellPkg:
>>>>
>>>>> acpiview: Remove duplicate ACPI structure size
>>>>
>>>> definitions
>>>>
>>>> Approved in time, regardless of bugfix vs. feature.
>>>> Should go in.
>>>>
>>>>> https://edk2.groups.io/g/devel/message/54192 [PATCH
>>>>
>>>> v2 1/1] ShellPkg:
>>>>
>>>>> acpiview: Validate ACPI table 'Length' field
>>>>
>>>> The review was posted past the SFF, but I agree this
>>>> looks like a
>>>> bugfix, so should be OK. (Supplying missing input
>>>> sanitization is
>>>> arguably a fix.)
>>>>
>>>>> Bug List (under review)
>>>>> https://edk2.groups.io/g/devel/message/54361 [PATCH
>>>>
>>>> 1/1]
>>>>
>>>>> NetworkPkg/ArpDxe: Recycle invalid ARP packets(CVE-
>>>>
>>>> 2019-14559)
>>>>
>>>>> https://edk2.groups.io/g/devel/message/54569 [PATCH
>>>>
>>>> v3]
>>>>
>>>>> NetworkPkg/Ip4Dxe: Check the received package length
>>>>
>>>> (CVE-2019-14559)
>>>>
>>>> CVE fixes can clearly go in during the HFF too.
>>>>
>>>>> https://edk2.groups.io/g/devel/message/54448 [PATCH
>>>>
>>>> v1 1/1] ShellPkg:
>>>>
>>>>> acpiview: Prevent infinite loop if structure length
>>>>
>>>> is 0
>>>>
>>>> Similar to "ShellPkg: acpiview: Validate ACPI table
>>>> 'Length' field";
>>>> should be OK.
>>>>
>>>> Just my opinion, of course.
>>>>
>>>> Thanks
>>>> Laszlo

[-- Attachment #2: Type: text/html, Size: 22718 bytes --]

Re: [edk2-devel] Patch List for 202002 stable tag

[Liming Gao]

[-- Attachment #1: Type: text/plain, Size: 13731 bytes --]

Hi, all
  Today, we enter into hard feature freeze for 202002 stable tag. Only critical bug fix approved by Stewards is allowed to be submit. There are left three patches to be requested for this stable tag. I summary current status for them. If you have the different opinion or comments, please reply this mail.

https://edk2.groups.io/g/devel/message/54665 [edk2-devel] [PATCH v2 1/1] EmbeddedPkg: Fixed Asserts in SCT Runtime Services test.
[Liming] This patch is under review. If no comments to show this is a critical issue, it will not catch this stable tag.
https://edk2.groups.io/g/devel/message/54693 [edk2-stable202002][edk2-devel] [PATCH v2 1/1] MdeModulePkg/Pci: Fixed Asserts in SCT PCIIO Protocol Test.
[Liming] Package maintainer thinks this is an enhancement. So, it will not catch this stable tag.
https://edk2.groups.io/g/devel/message/54122 [PATCH 1/1] ShellPkg: Add support for input with separately reported modifiers
[Liming] There is no agreement now. The discussion is in BZ https://bugzilla.tianocore.org/show_bug.cgi?id=2510. So, it may not catch this table tag.

Thanks
Liming
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Liming Gao
Sent: Thursday, February 20, 2020 2:59 PM
To: Ni, Ray <ray.ni@intel.com>; vit9696 <vit9696@protonmail.com>
Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek <lersek@redhat.com>; Guptha, Soumya K <soumya.k.guptha@intel.com>; leif@nuviainc.com; afish@apple.com; devel@edk2.groups.io; Marvin Häuser <marvin.haeuser@outlook.com>; Gao, Zhichao <zhichao.gao@intel.com>
Subject: Re: [edk2-devel] Patch List for 202002 stable tag

Ray, Zhichao and Vitaly:
  Thanks. BZ is the good place to catch all discussion. Because we are close to edk2 stable tag 202002, can you make the agreement soon for BZ 2510?

Thanks
Liming
From: Ni, Ray <ray.ni@intel.com<mailto:ray.ni@intel.com>>
Sent: Thursday, February 20, 2020 11:13 AM
To: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>; vit9696 <vit9696@protonmail.com<mailto:vit9696@protonmail.com>>
Cc: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Marvin Häuser <marvin.haeuser@outlook.com<mailto:marvin.haeuser@outlook.com>>; Gao, Zhichao <zhichao.gao@intel.com<mailto:zhichao.gao@intel.com>>
Subject: RE: Patch List for 202002 stable tag

Liming,
I provided my comments in the BZ.

From: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>
Sent: Thursday, February 20, 2020 9:17 AM
To: vit9696 <vit9696@protonmail.com<mailto:vit9696@protonmail.com>>
Cc: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Marvin Häuser <marvin.haeuser@outlook.com<mailto:marvin.haeuser@outlook.com>>; Ni, Ray <ray.ni@intel.com<mailto:ray.ni@intel.com>>; Gao, Zhichao <zhichao.gao@intel.com<mailto:zhichao.gao@intel.com>>
Subject: RE: Patch List for 202002 stable tag

Vitaly:
  I add my comments.

Zhichao and Ray:
   Can you give your opinion for BZ https://bugzilla.tianocore.org/show_bug.cgi?id=2510? Is it a bug fix or feature enhancement?

Thanks
Liming
From: vit9696 <vit9696@protonmail.com<mailto:vit9696@protonmail.com>>
Sent: Thursday, February 20, 2020 2:09 AM
To: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>
Cc: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Marvin Häuser <marvin.haeuser@outlook.com<mailto:marvin.haeuser@outlook.com>>
Subject: Re: Patch List for 202002 stable tag

Liming,

Thanks for pinging me about this!

With the PCD[1][2] I fully agree. The fact that it did not manage to land is mainly due to a sudden discussion that arose after complete silence for almost half a year, which was sort of unexpected. I will use this message as a suggestion to include this change as one of the primary goals for 202005 and kindly ask others to help to agree on the actual implementation. This bug strongly concerns us and we believe the fact that it does not (yet) cause issues to everyone is mainly coincidence.

[Liming] You can also present the topic in Tiano Design meeting to collect the feedback. Ni, Ray is the meeting host. You can send the topic to him.

With the Shell patch, the fact that I cannot enter upper case letters or use hotkeys in the editor sounds like a bug to me. The way the actual commit message is written reflects the change of the internal logic in the codebase (it adds support of specific behaviour handling on the target). In my opinion, it should not necessarily include the word «Fix» to be qualified as a bugfix, this is what bugzilla is for.

[Liming] If this fix is the bug, I agree it follows the process to catch this stable tag. I include ShellPkg maintainers (Ray Ni and Zhichao Gao) to give the opinion for the bug or not.

I am personally ok with deferring it to a next stable tag, but if the reasoning for this is «Feature planning freeze» dates, they do not strictly apply due to the reasons I stated above. So far the patch received only one review comment, which in fact was due to a minor misinterpretation. We also did some fairly extensive testing on our side before the submission (that’s why it actually took us a few more days). Unless the team has a lot of important work for the release, we can postpone the merge, otherwise I think it should be safe to merge this.

Best wishes,
Vitaly

[1] https://bugzilla.tianocore.org/show_bug.cgi?id=2054
[2] https://edk2.groups.io/g/devel/topic/69401948


19 февр. 2020 г., в 18:39, Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>> написал(а):


Mike and Laszlo:
 Thanks for your comments.

Vitaly:
 You request below two patches to catch 202002 stable tag. I agree with Mike and Laszlo comments. They are not ready to catch this stable tag. The first one is under discussion. The second one is like the enhancement or feature instead of the bug fix. It is submitted after Feb 7th Feature Planning Freeze. So, I suggest to defer them to next stable tag 202005.

https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_pcd_to/69401948 [PATCH v3 0/1] Add PCD to disable safe string constraint assertions (solution under discussion)
https://edk2.groups.io/g/devel/message/54122 [PATCH 1/1] ShellPkg: Add support for input with separately reported modifiers (under review, is this a feature or bug in the discussion)

Thanks
Liming
-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
Sent: Wednesday, February 19, 2020 4:43 AM
To: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>;
leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
Cc: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Subject: RE: Patch List for 202002 stable tag

Hi Laszlo,

I agree with your assessments.

One comment below.

Mike
-----Original Message-----
From: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>
Sent: Tuesday, February 18, 2020 12:04 PM
To: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>; Guptha, Soumya
K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; Kinney, Michael D
<michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>;
afish@apple.com<mailto:afish@apple.com>
Cc: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Subject: Re: Patch List for 202002 stable tag

On 02/18/20 15:08, Gao, Liming wrote:
Hi Stewards and all:
 I collect current patch lists in devel mail list.
Those patch
 contributors request to add them for 201902 stable
tag. Because we
 have enter into Soft Feature Freeze, I want to
collect your feedback
 for them. If any patches are missing, please reply
this mail to add
 them.

Feature List (under review):

According to
<https://github.com/tianocore/tianocore.github.io/wiki/
SoftFeatureFreeze<https://github.com/tianocore/tianocore.github.io/wiki/%0bSoftFeatureFreeze>>,
features can be merged during the SFF if their review
completed before
the SFF.

The SFF date is 2020-02-14 00:00:00 UTC-8, per
<https://github.com/tianocore/tianocore.github.io/wiki/
EDK-II-Release-Planning<https://github.com/tianocore/tianocore.github.io/wiki/%0bEDK-II-Release-Planning>>.
For me (in CET = UTC+1), that makes the deadline 2020-
02-14 09:00:00
CET.

https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_p
cd_to/69401948
[PATCH v3 0/1] Add PCD to disable safe string
constraint assertions
(solution under discussion)

Posted on 2020-01-03. Review doesn't appear complete.
Technically
speaking, it has missed edk2-stable202002.

There were two large gaps in the review process, namely
between these
messages:

- https://edk2.groups.io/g/devel/message/53026 [2020-
01-08]
- https://edk2.groups.io/g/devel/message/53485 [2020-
01-27]
- https://edk2.groups.io/g/devel/message/54133 [2020-
02-10]

If review seems stuck, it's advisable to ping once per
week, or a bit
more frequently. Two weeks ore more between pings is
way too long.
https://edk2.groups.io/g/devel/message/54122 [PATCH
1/1] ShellPkg: Add
support for input with separately reported modifiers
(under review, is
this a feature or bug in the disucssion)

The subject starts with "Add support for...", so it's a
new feature, or
at least a feature-enablement.

Posted on 2020-02-10. Has not been reviewed yet,
AFAICT. Same situation
as above. (Missed edk2-stable202002, technically
speaking.)

Note: I don't have a personal preference either way.
I'm just pointing
out what the SFF definition formally dictates, in my
interpretation.

If we want to extend the freeze dates, I won't object.
Bug List (reviewed):
https://edk2.groups.io/g/devel/message/54416 [PATCH
v2 00/10] Fix
false negative issue in
DxeImageVerificationHandler(CVE-2019-14575)

Clearly a bug fix; it could go in even during the HFF
<https://github.com/tianocore/tianocore.github.io/wiki/
HardFeatureFreeze<https://github.com/tianocore/tianocore.github.io/wiki/%0bHardFeatureFreeze>>.
https://edk2.groups.io/g/devel/message/54523 [PATCH
v1][edk2-stable202002] MdeModulePkg/SdMmcPciHcDxe:
Fix double PciIo
Unmap in TRB creation (CVE-2019-14587)

Ditto.
https://edk2.groups.io/g/devel/message/54510 [PATCH
v6 0/2]
Enhancement and Fixes to BaseHashApiLib

Hm. I feel like I need some convincing that patch#1 --
"CryptoPkg/BaseHashApiLib: Align BaseHashApiLib with
TPM 2.0
Implementation" -- is *also* a bugfix (like patch#2).

That question matters because the reviews:

- https://edk2.groups.io/g/devel/message/54513
- https://edk2.groups.io/g/devel/message/54567

were not posted before the SFF.

... I guess it's OK.

The description of the bug does not emphasis that
this really is a bug fix.  There were additional
review comments from the CryptoPkg reviewers after
the initial review/commit of this feature.  These
changes address that feedback.  The alignment with
TPM 2.0 is to use an existing set of defines for
the hash algorithms instead of define yet another
set of defines.  Details in this thread:

https://edk2.groups.io/g/devel/topic/70960524#53733

https://edk2.groups.io/g/devel/message/53703 [PATCH
V2] UefiCpuPkg
RegisterCpuFeaturesLib: Match data type and format
specifier

Even if this were a feature, it could go in; the review
was posted in
time:
- https://edk2.groups.io/g/devel/message/53803

In fact I don't understand why it hasn't been merged
for more than a
week now!
https://edk2.groups.io/g/devel/message/53577 [PATCH
v1 1/1] ShellPkg:
acpiview: Remove duplicate ACPI structure size
definitions

Approved in time, regardless of bugfix vs. feature.
Should go in.
https://edk2.groups.io/g/devel/message/54192 [PATCH
v2 1/1] ShellPkg:
acpiview: Validate ACPI table 'Length' field

The review was posted past the SFF, but I agree this
looks like a
bugfix, so should be OK. (Supplying missing input
sanitization is
arguably a fix.)

Bug List (under review)
https://edk2.groups.io/g/devel/message/54361 [PATCH
1/1]
NetworkPkg/ArpDxe: Recycle invalid ARP packets(CVE-
2019-14559)
https://edk2.groups.io/g/devel/message/54569 [PATCH
v3]
NetworkPkg/Ip4Dxe: Check the received package length
(CVE-2019-14559)

CVE fixes can clearly go in during the HFF too.
https://edk2.groups.io/g/devel/message/54448 [PATCH
v1 1/1] ShellPkg:
acpiview: Prevent infinite loop if structure length
is 0

Similar to "ShellPkg: acpiview: Validate ACPI table
'Length' field";
should be OK.


Just my opinion, of course.

Thanks
Laszlo




[-- Attachment #2: Type: text/html, Size: 29038 bytes --]

Re: [edk2-devel] Patch List for 202002 stable tag

[Liming Gao]

[-- Attachment #1: Type: text/plain, Size: 16804 bytes --]

Stewards:
  I update the patch lists and status. Based on current information, only one patch (item 5) needs catch this stable tag. Its fix is clear, and risk is low. So, I think we can still keep current planning to create stable tag edk2-stable202002 on 2020 Feb 28th (UTC – 8). If you think the stable tag needs to be delay for few days, please reply the mail before Feb 28th (00:00:00 UTC-8).


  1.  https://edk2.groups.io/g/devel/message/54665 [edk2-devel] [PATCH v2 1/1] EmbeddedPkg: Fixed Asserts in SCT Runtime Services test.
[Liming] This patch is still under review. So, it will not catch this stable tag.

  1.  https://edk2.groups.io/g/devel/message/54693 [edk2-stable202002][edk2-devel] [PATCH v2 1/1] MdeModulePkg/Pci: Fixed Asserts in SCT PCIIO Protocol Test.
[Liming] The patch has passed review. Package maintainer thinks this is an enhancement. It will be added after stable tag.

  1.  https://edk2.groups.io/g/devel/message/54122 [PATCH 1/1] ShellPkg: Add support for input with separately reported modifiers
[Liming] The discussion shows this change needs UEFI spec clarification. So, it may not be resolved in short team. It will not catch this stable tag. The discussion is in BZ 2510.

  1.  https://edk2.groups.io/g/devel/message/54797 [PATCH 0/2] UefiCpuPkg/Library: Fix bug in MpInitLib
[Liming] The solution is under discussion (BZ 2556). The submitter requests this issue to be fixed happen reasonably soon. So, it may not catch this stable tag.

  1.  https://edk2.groups.io/g/devel/message/54992 [Patch 1/1][edk2-stable202002]BaseTools: Fixed a regression issue in Makefile for incremental build
[Liming] This patch has passed review. This regression causes the basic incremental build not work with VS nmake tool. The fix is clear. So, it need to catch this stable tag.

  1.  https://edk2.groups.io/g/devel/message/54995 [PATCH v1] ShellPkg: Fix 'ping' command Ip4 receive flow.
[Liming] This is the issue in ShellPkg. It may not be critical issue, and defer after this stable tag.

Thanks
Liming
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Liming Gao
Sent: Friday, February 21, 2020 4:23 PM
To: devel@edk2.groups.io; Gao, Liming <liming.gao@intel.com>; Ni, Ray <ray.ni@intel.com>; vit9696 <vit9696@protonmail.com>; gaurav.jain@nxp.com
Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek <lersek@redhat.com>; Guptha, Soumya K <soumya.k.guptha@intel.com>; leif@nuviainc.com; afish@apple.com; Marvin Häuser <marvin.haeuser@outlook.com>; Gao, Zhichao <zhichao.gao@intel.com>; 'ard.biesheuvel@linaro.org' <ard.biesheuvel@linaro.org>; Wu, Hao A <hao.a.wu@intel.com>
Subject: Re: [edk2-devel] Patch List for 202002 stable tag

Hi, all
  Today, we enter into hard feature freeze for 202002 stable tag. Only critical bug fix approved by Stewards is allowed to be submit. There are left three patches to be requested for this stable tag. I summary current status for them. If you have the different opinion or comments, please reply this mail.

https://edk2.groups.io/g/devel/message/54665 [edk2-devel] [PATCH v2 1/1] EmbeddedPkg: Fixed Asserts in SCT Runtime Services test.
[Liming] This patch is under review. If no comments to show this is a critical issue, it will not catch this stable tag.
https://edk2.groups.io/g/devel/message/54693 [edk2-stable202002][edk2-devel] [PATCH v2 1/1] MdeModulePkg/Pci: Fixed Asserts in SCT PCIIO Protocol Test.
[Liming] Package maintainer thinks this is an enhancement. So, it will not catch this stable tag.
https://edk2.groups.io/g/devel/message/54122 [PATCH 1/1] ShellPkg: Add support for input with separately reported modifiers
[Liming] There is no agreement now. The discussion is in BZ https://bugzilla.tianocore.org/show_bug.cgi?id=2510. So, it may not catch this table tag.

Thanks
Liming
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Liming Gao
Sent: Thursday, February 20, 2020 2:59 PM
To: Ni, Ray <ray.ni@intel.com<mailto:ray.ni@intel.com>>; vit9696 <vit9696@protonmail.com<mailto:vit9696@protonmail.com>>
Cc: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Marvin Häuser <marvin.haeuser@outlook.com<mailto:marvin.haeuser@outlook.com>>; Gao, Zhichao <zhichao.gao@intel.com<mailto:zhichao.gao@intel.com>>
Subject: Re: [edk2-devel] Patch List for 202002 stable tag

Ray, Zhichao and Vitaly:
  Thanks. BZ is the good place to catch all discussion. Because we are close to edk2 stable tag 202002, can you make the agreement soon for BZ 2510?

Thanks
Liming
From: Ni, Ray <ray.ni@intel.com<mailto:ray.ni@intel.com>>
Sent: Thursday, February 20, 2020 11:13 AM
To: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>; vit9696 <vit9696@protonmail.com<mailto:vit9696@protonmail.com>>
Cc: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Marvin Häuser <marvin.haeuser@outlook.com<mailto:marvin.haeuser@outlook.com>>; Gao, Zhichao <zhichao.gao@intel.com<mailto:zhichao.gao@intel.com>>
Subject: RE: Patch List for 202002 stable tag

Liming,
I provided my comments in the BZ.

From: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>
Sent: Thursday, February 20, 2020 9:17 AM
To: vit9696 <vit9696@protonmail.com<mailto:vit9696@protonmail.com>>
Cc: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Marvin Häuser <marvin.haeuser@outlook.com<mailto:marvin.haeuser@outlook.com>>; Ni, Ray <ray.ni@intel.com<mailto:ray.ni@intel.com>>; Gao, Zhichao <zhichao.gao@intel.com<mailto:zhichao.gao@intel.com>>
Subject: RE: Patch List for 202002 stable tag

Vitaly:
  I add my comments.

Zhichao and Ray:
   Can you give your opinion for BZ https://bugzilla.tianocore.org/show_bug.cgi?id=2510? Is it a bug fix or feature enhancement?

Thanks
Liming
From: vit9696 <vit9696@protonmail.com<mailto:vit9696@protonmail.com>>
Sent: Thursday, February 20, 2020 2:09 AM
To: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>
Cc: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Marvin Häuser <marvin.haeuser@outlook.com<mailto:marvin.haeuser@outlook.com>>
Subject: Re: Patch List for 202002 stable tag

Liming,

Thanks for pinging me about this!

With the PCD[1][2] I fully agree. The fact that it did not manage to land is mainly due to a sudden discussion that arose after complete silence for almost half a year, which was sort of unexpected. I will use this message as a suggestion to include this change as one of the primary goals for 202005 and kindly ask others to help to agree on the actual implementation. This bug strongly concerns us and we believe the fact that it does not (yet) cause issues to everyone is mainly coincidence.

[Liming] You can also present the topic in Tiano Design meeting to collect the feedback. Ni, Ray is the meeting host. You can send the topic to him.

With the Shell patch, the fact that I cannot enter upper case letters or use hotkeys in the editor sounds like a bug to me. The way the actual commit message is written reflects the change of the internal logic in the codebase (it adds support of specific behaviour handling on the target). In my opinion, it should not necessarily include the word «Fix» to be qualified as a bugfix, this is what bugzilla is for.

[Liming] If this fix is the bug, I agree it follows the process to catch this stable tag. I include ShellPkg maintainers (Ray Ni and Zhichao Gao) to give the opinion for the bug or not.

I am personally ok with deferring it to a next stable tag, but if the reasoning for this is «Feature planning freeze» dates, they do not strictly apply due to the reasons I stated above. So far the patch received only one review comment, which in fact was due to a minor misinterpretation. We also did some fairly extensive testing on our side before the submission (that’s why it actually took us a few more days). Unless the team has a lot of important work for the release, we can postpone the merge, otherwise I think it should be safe to merge this.

Best wishes,
Vitaly

[1] https://bugzilla.tianocore.org/show_bug.cgi?id=2054
[2] https://edk2.groups.io/g/devel/topic/69401948


19 февр. 2020 г., в 18:39, Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>> написал(а):


Mike and Laszlo:
 Thanks for your comments.

Vitaly:
 You request below two patches to catch 202002 stable tag. I agree with Mike and Laszlo comments. They are not ready to catch this stable tag. The first one is under discussion. The second one is like the enhancement or feature instead of the bug fix. It is submitted after Feb 7th Feature Planning Freeze. So, I suggest to defer them to next stable tag 202005.

https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_pcd_to/69401948 [PATCH v3 0/1] Add PCD to disable safe string constraint assertions (solution under discussion)
https://edk2.groups.io/g/devel/message/54122 [PATCH 1/1] ShellPkg: Add support for input with separately reported modifiers (under review, is this a feature or bug in the discussion)

Thanks
Liming
-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
Sent: Wednesday, February 19, 2020 4:43 AM
To: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>;
leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
Cc: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Subject: RE: Patch List for 202002 stable tag

Hi Laszlo,

I agree with your assessments.

One comment below.

Mike
-----Original Message-----
From: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>
Sent: Tuesday, February 18, 2020 12:04 PM
To: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>; Guptha, Soumya
K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; Kinney, Michael D
<michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>;
afish@apple.com<mailto:afish@apple.com>
Cc: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Subject: Re: Patch List for 202002 stable tag

On 02/18/20 15:08, Gao, Liming wrote:
Hi Stewards and all:
 I collect current patch lists in devel mail list.
Those patch
 contributors request to add them for 201902 stable
tag. Because we
 have enter into Soft Feature Freeze, I want to
collect your feedback
 for them. If any patches are missing, please reply
this mail to add
 them.

Feature List (under review):

According to
<https://github.com/tianocore/tianocore.github.io/wiki/
SoftFeatureFreeze<https://github.com/tianocore/tianocore.github.io/wiki/%0bSoftFeatureFreeze>>,
features can be merged during the SFF if their review
completed before
the SFF.

The SFF date is 2020-02-14 00:00:00 UTC-8, per
<https://github.com/tianocore/tianocore.github.io/wiki/
EDK-II-Release-Planning<https://github.com/tianocore/tianocore.github.io/wiki/%0bEDK-II-Release-Planning>>.
For me (in CET = UTC+1), that makes the deadline 2020-
02-14 09:00:00
CET.

https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_p
cd_to/69401948
[PATCH v3 0/1] Add PCD to disable safe string
constraint assertions
(solution under discussion)

Posted on 2020-01-03. Review doesn't appear complete.
Technically
speaking, it has missed edk2-stable202002.

There were two large gaps in the review process, namely
between these
messages:

- https://edk2.groups.io/g/devel/message/53026 [2020-
01-08]
- https://edk2.groups.io/g/devel/message/53485 [2020-
01-27]
- https://edk2.groups.io/g/devel/message/54133 [2020-
02-10]

If review seems stuck, it's advisable to ping once per
week, or a bit
more frequently. Two weeks ore more between pings is
way too long.
https://edk2.groups.io/g/devel/message/54122 [PATCH
1/1] ShellPkg: Add
support for input with separately reported modifiers
(under review, is
this a feature or bug in the disucssion)

The subject starts with "Add support for...", so it's a
new feature, or
at least a feature-enablement.

Posted on 2020-02-10. Has not been reviewed yet,
AFAICT. Same situation
as above. (Missed edk2-stable202002, technically
speaking.)

Note: I don't have a personal preference either way.
I'm just pointing
out what the SFF definition formally dictates, in my
interpretation.

If we want to extend the freeze dates, I won't object.
Bug List (reviewed):
https://edk2.groups.io/g/devel/message/54416 [PATCH
v2 00/10] Fix
false negative issue in
DxeImageVerificationHandler(CVE-2019-14575)

Clearly a bug fix; it could go in even during the HFF
<https://github.com/tianocore/tianocore.github.io/wiki/
HardFeatureFreeze<https://github.com/tianocore/tianocore.github.io/wiki/%0bHardFeatureFreeze>>.
https://edk2.groups.io/g/devel/message/54523 [PATCH
v1][edk2-stable202002] MdeModulePkg/SdMmcPciHcDxe:
Fix double PciIo
Unmap in TRB creation (CVE-2019-14587)

Ditto.
https://edk2.groups.io/g/devel/message/54510 [PATCH
v6 0/2]
Enhancement and Fixes to BaseHashApiLib

Hm. I feel like I need some convincing that patch#1 --
"CryptoPkg/BaseHashApiLib: Align BaseHashApiLib with
TPM 2.0
Implementation" -- is *also* a bugfix (like patch#2).

That question matters because the reviews:

- https://edk2.groups.io/g/devel/message/54513
- https://edk2.groups.io/g/devel/message/54567

were not posted before the SFF.

... I guess it's OK.

The description of the bug does not emphasis that
this really is a bug fix.  There were additional
review comments from the CryptoPkg reviewers after
the initial review/commit of this feature.  These
changes address that feedback.  The alignment with
TPM 2.0 is to use an existing set of defines for
the hash algorithms instead of define yet another
set of defines.  Details in this thread:

https://edk2.groups.io/g/devel/topic/70960524#53733

https://edk2.groups.io/g/devel/message/53703 [PATCH
V2] UefiCpuPkg
RegisterCpuFeaturesLib: Match data type and format
specifier

Even if this were a feature, it could go in; the review
was posted in
time:
- https://edk2.groups.io/g/devel/message/53803

In fact I don't understand why it hasn't been merged
for more than a
week now!
https://edk2.groups.io/g/devel/message/53577 [PATCH
v1 1/1] ShellPkg:
acpiview: Remove duplicate ACPI structure size
definitions

Approved in time, regardless of bugfix vs. feature.
Should go in.
https://edk2.groups.io/g/devel/message/54192 [PATCH
v2 1/1] ShellPkg:
acpiview: Validate ACPI table 'Length' field

The review was posted past the SFF, but I agree this
looks like a
bugfix, so should be OK. (Supplying missing input
sanitization is
arguably a fix.)

Bug List (under review)
https://edk2.groups.io/g/devel/message/54361 [PATCH
1/1]
NetworkPkg/ArpDxe: Recycle invalid ARP packets(CVE-
2019-14559)
https://edk2.groups.io/g/devel/message/54569 [PATCH
v3]
NetworkPkg/Ip4Dxe: Check the received package length
(CVE-2019-14559)

CVE fixes can clearly go in during the HFF too.
https://edk2.groups.io/g/devel/message/54448 [PATCH
v1 1/1] ShellPkg:
acpiview: Prevent infinite loop if structure length
is 0

Similar to "ShellPkg: acpiview: Validate ACPI table
'Length' field";
should be OK.


Just my opinion, of course.

Thanks
Laszlo




[-- Attachment #2: Type: text/html, Size: 36033 bytes --]

Re: [edk2-devel] Patch List for 202002 stable tag

[Leif Lindholm]

Hi Liming,

On Thu, Feb 27, 2020 at 16:06:22 +0000, Liming Gao wrote:
> Stewards:
>   I update the patch lists and status. Based on current information,
>   only one patch (item 5) needs catch this stable tag. Its fix is
>   clear, and risk is low. So, I think we can still keep current
>   planning to create stable tag edk2-stable202002 on 2020 Feb 28th
>   (UTC – 8). If you think the stable tag needs to be delay for few
>   days, please reply the mail before Feb 28th (00:00:00 UTC-8).
>
>   1.  https://edk2.groups.io/g/devel/message/54665 [edk2-devel] [PATCH v2 1/1] EmbeddedPkg: Fixed Asserts in SCT Runtime Services test.
> [Liming] This patch is still under review. So, it will not catch this stable tag.
> 
>   1.  https://edk2.groups.io/g/devel/message/54693 [edk2-stable202002][edk2-devel] [PATCH v2 1/1] MdeModulePkg/Pci: Fixed Asserts in SCT PCIIO Protocol Test.

Unrelated to the release process, only the formatting:
It looks like you are doing ordered lists using markdown syntax
(1.). This renders in plain text email simply as all items being 1.

> [Liming] The patch has passed review. Package maintainer thinks this is an enhancement. It will be added after stable tag.
> 
>   1.  https://edk2.groups.io/g/devel/message/54122 [PATCH 1/1] ShellPkg: Add support for input with separately reported modifiers
> [Liming] The discussion shows this change needs UEFI spec clarification. So, it may not be resolved in short team. It will not catch this stable tag. The discussion is in BZ 2510.
> 
>   1.  https://edk2.groups.io/g/devel/message/54797 [PATCH 0/2] UefiCpuPkg/Library: Fix bug in MpInitLib
> [Liming] The solution is under discussion (BZ 2556). The submitter requests this issue to be fixed happen reasonably soon. So, it may not catch this stable tag.
> 
>   1.  https://edk2.groups.io/g/devel/message/54992 [Patch 1/1][edk2-stable202002]BaseTools: Fixed a regression issue in Makefile for incremental build
> [Liming] This patch has passed review. This regression causes the basic incremental build not work with VS nmake tool. The fix is clear. So, it need to catch this stable tag.

I agree it needs to catch the stable tag. If it affects only VS builds
then I am not going to insist on extending the hard freeze, but I
(technically on holiday today/tomorrow) don't have time to dig much
deeper into it.

However, I think the process is pretty clear that this *should* extend
the hard freeze.

I will note that from the trail (commitdate of 818283de3f6d until
BZ2563 was raised) it appears that detecting this bug itself, which
went in two days before the soft freeze, took 15 days.

/
    Leif

>   1.  https://edk2.groups.io/g/devel/message/54995 [PATCH v1] ShellPkg: Fix 'ping' command Ip4 receive flow.
> [Liming] This is the issue in ShellPkg. It may not be critical issue, and defer after this stable tag.
> 
> Thanks
> Liming
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Liming Gao
> Sent: Friday, February 21, 2020 4:23 PM
> To: devel@edk2.groups.io; Gao, Liming <liming.gao@intel.com>; Ni, Ray <ray.ni@intel.com>; vit9696 <vit9696@protonmail.com>; gaurav.jain@nxp.com
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek <lersek@redhat.com>; Guptha, Soumya K <soumya.k.guptha@intel.com>; leif@nuviainc.com; afish@apple.com; Marvin Häuser <marvin.haeuser@outlook.com>; Gao, Zhichao <zhichao.gao@intel.com>; 'ard.biesheuvel@linaro.org' <ard.biesheuvel@linaro.org>; Wu, Hao A <hao.a.wu@intel.com>
> Subject: Re: [edk2-devel] Patch List for 202002 stable tag
> 
> Hi, all
>   Today, we enter into hard feature freeze for 202002 stable tag. Only critical bug fix approved by Stewards is allowed to be submit. There are left three patches to be requested for this stable tag. I summary current status for them. If you have the different opinion or comments, please reply this mail.
> 
> https://edk2.groups.io/g/devel/message/54665 [edk2-devel] [PATCH v2 1/1] EmbeddedPkg: Fixed Asserts in SCT Runtime Services test.
> [Liming] This patch is under review. If no comments to show this is a critical issue, it will not catch this stable tag.
> https://edk2.groups.io/g/devel/message/54693 [edk2-stable202002][edk2-devel] [PATCH v2 1/1] MdeModulePkg/Pci: Fixed Asserts in SCT PCIIO Protocol Test.
> [Liming] Package maintainer thinks this is an enhancement. So, it will not catch this stable tag.
> https://edk2.groups.io/g/devel/message/54122 [PATCH 1/1] ShellPkg: Add support for input with separately reported modifiers
> [Liming] There is no agreement now. The discussion is in BZ https://bugzilla.tianocore.org/show_bug.cgi?id=2510. So, it may not catch this table tag.
> 
> Thanks
> Liming
> From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Liming Gao
> Sent: Thursday, February 20, 2020 2:59 PM
> To: Ni, Ray <ray.ni@intel.com<mailto:ray.ni@intel.com>>; vit9696 <vit9696@protonmail.com<mailto:vit9696@protonmail.com>>
> Cc: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Marvin Häuser <marvin.haeuser@outlook.com<mailto:marvin.haeuser@outlook.com>>; Gao, Zhichao <zhichao.gao@intel.com<mailto:zhichao.gao@intel.com>>
> Subject: Re: [edk2-devel] Patch List for 202002 stable tag
> 
> Ray, Zhichao and Vitaly:
>   Thanks. BZ is the good place to catch all discussion. Because we are close to edk2 stable tag 202002, can you make the agreement soon for BZ 2510?
> 
> Thanks
> Liming
> From: Ni, Ray <ray.ni@intel.com<mailto:ray.ni@intel.com>>
> Sent: Thursday, February 20, 2020 11:13 AM
> To: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>; vit9696 <vit9696@protonmail.com<mailto:vit9696@protonmail.com>>
> Cc: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Marvin Häuser <marvin.haeuser@outlook.com<mailto:marvin.haeuser@outlook.com>>; Gao, Zhichao <zhichao.gao@intel.com<mailto:zhichao.gao@intel.com>>
> Subject: RE: Patch List for 202002 stable tag
> 
> Liming,
> I provided my comments in the BZ.
> 
> From: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>
> Sent: Thursday, February 20, 2020 9:17 AM
> To: vit9696 <vit9696@protonmail.com<mailto:vit9696@protonmail.com>>
> Cc: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Marvin Häuser <marvin.haeuser@outlook.com<mailto:marvin.haeuser@outlook.com>>; Ni, Ray <ray.ni@intel.com<mailto:ray.ni@intel.com>>; Gao, Zhichao <zhichao.gao@intel.com<mailto:zhichao.gao@intel.com>>
> Subject: RE: Patch List for 202002 stable tag
> 
> Vitaly:
>   I add my comments.
> 
> Zhichao and Ray:
>    Can you give your opinion for BZ https://bugzilla.tianocore.org/show_bug.cgi?id=2510? Is it a bug fix or feature enhancement?
> 
> Thanks
> Liming
> From: vit9696 <vit9696@protonmail.com<mailto:vit9696@protonmail.com>>
> Sent: Thursday, February 20, 2020 2:09 AM
> To: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>
> Cc: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Marvin Häuser <marvin.haeuser@outlook.com<mailto:marvin.haeuser@outlook.com>>
> Subject: Re: Patch List for 202002 stable tag
> 
> Liming,
> 
> Thanks for pinging me about this!
> 
> With the PCD[1][2] I fully agree. The fact that it did not manage to land is mainly due to a sudden discussion that arose after complete silence for almost half a year, which was sort of unexpected. I will use this message as a suggestion to include this change as one of the primary goals for 202005 and kindly ask others to help to agree on the actual implementation. This bug strongly concerns us and we believe the fact that it does not (yet) cause issues to everyone is mainly coincidence.
> 
> [Liming] You can also present the topic in Tiano Design meeting to collect the feedback. Ni, Ray is the meeting host. You can send the topic to him.
> 
> With the Shell patch, the fact that I cannot enter upper case letters or use hotkeys in the editor sounds like a bug to me. The way the actual commit message is written reflects the change of the internal logic in the codebase (it adds support of specific behaviour handling on the target). In my opinion, it should not necessarily include the word «Fix» to be qualified as a bugfix, this is what bugzilla is for.
> 
> [Liming] If this fix is the bug, I agree it follows the process to catch this stable tag. I include ShellPkg maintainers (Ray Ni and Zhichao Gao) to give the opinion for the bug or not.
> 
> I am personally ok with deferring it to a next stable tag, but if the reasoning for this is «Feature planning freeze» dates, they do not strictly apply due to the reasons I stated above. So far the patch received only one review comment, which in fact was due to a minor misinterpretation. We also did some fairly extensive testing on our side before the submission (that’s why it actually took us a few more days). Unless the team has a lot of important work for the release, we can postpone the merge, otherwise I think it should be safe to merge this.
> 
> Best wishes,
> Vitaly
> 
> [1] https://bugzilla.tianocore.org/show_bug.cgi?id=2054
> [2] https://edk2.groups.io/g/devel/topic/69401948
> 
> 
> 19 февр. 2020 г., в 18:39, Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>> написал(а):
> 
> 
> Mike and Laszlo:
>  Thanks for your comments.
> 
> Vitaly:
>  You request below two patches to catch 202002 stable tag. I agree with Mike and Laszlo comments. They are not ready to catch this stable tag. The first one is under discussion. The second one is like the enhancement or feature instead of the bug fix. It is submitted after Feb 7th Feature Planning Freeze. So, I suggest to defer them to next stable tag 202005.
> 
> https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_pcd_to/69401948 [PATCH v3 0/1] Add PCD to disable safe string constraint assertions (solution under discussion)
> https://edk2.groups.io/g/devel/message/54122 [PATCH 1/1] ShellPkg: Add support for input with separately reported modifiers (under review, is this a feature or bug in the discussion)
> 
> Thanks
> Liming
> -----Original Message-----
> From: Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
> Sent: Wednesday, February 19, 2020 4:43 AM
> To: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>; Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>; Guptha, Soumya K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>;
> leif@nuviainc.com<mailto:leif@nuviainc.com>; afish@apple.com<mailto:afish@apple.com>; Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
> Cc: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> Subject: RE: Patch List for 202002 stable tag
> 
> Hi Laszlo,
> 
> I agree with your assessments.
> 
> One comment below.
> 
> Mike
> -----Original Message-----
> From: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>
> Sent: Tuesday, February 18, 2020 12:04 PM
> To: Gao, Liming <liming.gao@intel.com<mailto:liming.gao@intel.com>>; Guptha, Soumya
> K <soumya.k.guptha@intel.com<mailto:soumya.k.guptha@intel.com>>; Kinney, Michael D
> <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>; leif@nuviainc.com<mailto:leif@nuviainc.com>;
> afish@apple.com<mailto:afish@apple.com>
> Cc: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> Subject: Re: Patch List for 202002 stable tag
> 
> On 02/18/20 15:08, Gao, Liming wrote:
> Hi Stewards and all:
>  I collect current patch lists in devel mail list.
> Those patch
>  contributors request to add them for 201902 stable
> tag. Because we
>  have enter into Soft Feature Freeze, I want to
> collect your feedback
>  for them. If any patches are missing, please reply
> this mail to add
>  them.
> 
> Feature List (under review):
> 
> According to
> <https://github.com/tianocore/tianocore.github.io/wiki/
> SoftFeatureFreeze<https://github.com/tianocore/tianocore.github.io/wiki/%0bSoftFeatureFreeze>>,
> features can be merged during the SFF if their review
> completed before
> the SFF.
> 
> The SFF date is 2020-02-14 00:00:00 UTC-8, per
> <https://github.com/tianocore/tianocore.github.io/wiki/
> EDK-II-Release-Planning<https://github.com/tianocore/tianocore.github.io/wiki/%0bEDK-II-Release-Planning>>.
> For me (in CET = UTC+1), that makes the deadline 2020-
> 02-14 09:00:00
> CET.
> 
> https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_p
> cd_to/69401948
> [PATCH v3 0/1] Add PCD to disable safe string
> constraint assertions
> (solution under discussion)
> 
> Posted on 2020-01-03. Review doesn't appear complete.
> Technically
> speaking, it has missed edk2-stable202002.
> 
> There were two large gaps in the review process, namely
> between these
> messages:
> 
> - https://edk2.groups.io/g/devel/message/53026 [2020-
> 01-08]
> - https://edk2.groups.io/g/devel/message/53485 [2020-
> 01-27]
> - https://edk2.groups.io/g/devel/message/54133 [2020-
> 02-10]
> 
> If review seems stuck, it's advisable to ping once per
> week, or a bit
> more frequently. Two weeks ore more between pings is
> way too long.
> https://edk2.groups.io/g/devel/message/54122 [PATCH
> 1/1] ShellPkg: Add
> support for input with separately reported modifiers
> (under review, is
> this a feature or bug in the disucssion)
> 
> The subject starts with "Add support for...", so it's a
> new feature, or
> at least a feature-enablement.
> 
> Posted on 2020-02-10. Has not been reviewed yet,
> AFAICT. Same situation
> as above. (Missed edk2-stable202002, technically
> speaking.)
> 
> Note: I don't have a personal preference either way.
> I'm just pointing
> out what the SFF definition formally dictates, in my
> interpretation.
> 
> If we want to extend the freeze dates, I won't object.
> Bug List (reviewed):
> https://edk2.groups.io/g/devel/message/54416 [PATCH
> v2 00/10] Fix
> false negative issue in
> DxeImageVerificationHandler(CVE-2019-14575)
> 
> Clearly a bug fix; it could go in even during the HFF
> <https://github.com/tianocore/tianocore.github.io/wiki/
> HardFeatureFreeze<https://github.com/tianocore/tianocore.github.io/wiki/%0bHardFeatureFreeze>>.
> https://edk2.groups.io/g/devel/message/54523 [PATCH
> v1][edk2-stable202002] MdeModulePkg/SdMmcPciHcDxe:
> Fix double PciIo
> Unmap in TRB creation (CVE-2019-14587)
> 
> Ditto.
> https://edk2.groups.io/g/devel/message/54510 [PATCH
> v6 0/2]
> Enhancement and Fixes to BaseHashApiLib
> 
> Hm. I feel like I need some convincing that patch#1 --
> "CryptoPkg/BaseHashApiLib: Align BaseHashApiLib with
> TPM 2.0
> Implementation" -- is *also* a bugfix (like patch#2).
> 
> That question matters because the reviews:
> 
> - https://edk2.groups.io/g/devel/message/54513
> - https://edk2.groups.io/g/devel/message/54567
> 
> were not posted before the SFF.
> 
> ... I guess it's OK.
> 
> The description of the bug does not emphasis that
> this really is a bug fix.  There were additional
> review comments from the CryptoPkg reviewers after
> the initial review/commit of this feature.  These
> changes address that feedback.  The alignment with
> TPM 2.0 is to use an existing set of defines for
> the hash algorithms instead of define yet another
> set of defines.  Details in this thread:
> 
> https://edk2.groups.io/g/devel/topic/70960524#53733
> 
> https://edk2.groups.io/g/devel/message/53703 [PATCH
> V2] UefiCpuPkg
> RegisterCpuFeaturesLib: Match data type and format
> specifier
> 
> Even if this were a feature, it could go in; the review
> was posted in
> time:
> - https://edk2.groups.io/g/devel/message/53803
> 
> In fact I don't understand why it hasn't been merged
> for more than a
> week now!
> https://edk2.groups.io/g/devel/message/53577 [PATCH
> v1 1/1] ShellPkg:
> acpiview: Remove duplicate ACPI structure size
> definitions
> 
> Approved in time, regardless of bugfix vs. feature.
> Should go in.
> https://edk2.groups.io/g/devel/message/54192 [PATCH
> v2 1/1] ShellPkg:
> acpiview: Validate ACPI table 'Length' field
> 
> The review was posted past the SFF, but I agree this
> looks like a
> bugfix, so should be OK. (Supplying missing input
> sanitization is
> arguably a fix.)
> 
> Bug List (under review)
> https://edk2.groups.io/g/devel/message/54361 [PATCH
> 1/1]
> NetworkPkg/ArpDxe: Recycle invalid ARP packets(CVE-
> 2019-14559)
> https://edk2.groups.io/g/devel/message/54569 [PATCH
> v3]
> NetworkPkg/Ip4Dxe: Check the received package length
> (CVE-2019-14559)
> 
> CVE fixes can clearly go in during the HFF too.
> https://edk2.groups.io/g/devel/message/54448 [PATCH
> v1 1/1] ShellPkg:
> acpiview: Prevent infinite loop if structure length
> is 0
> 
> Similar to "ShellPkg: acpiview: Validate ACPI table
> 'Length' field";
> should be OK.
> 
> 
> Just my opinion, of course.
> 
> Thanks
> Laszlo
> 
> 
> 
> 
> 
> 

Re: [edk2-devel] Patch List for 202002 stable tag

[Laszlo Ersek]

On 02/27/20 17:23, Leif Lindholm wrote:
> Hi Liming,
> 
> On Thu, Feb 27, 2020 at 16:06:22 +0000, Liming Gao wrote:
>> Stewards:
>>   I update the patch lists and status. Based on current information,
>>   only one patch (item 5) needs catch this stable tag. Its fix is
>>   clear, and risk is low. So, I think we can still keep current
>>   planning to create stable tag edk2-stable202002 on 2020 Feb 28th
>>   (UTC – 8). If you think the stable tag needs to be delay for few
>>   days, please reply the mail before Feb 28th (00:00:00 UTC-8).
>>
>>   1.  https://edk2.groups.io/g/devel/message/54665 [edk2-devel] [PATCH v2 1/1] EmbeddedPkg: Fixed Asserts in SCT Runtime Services test.
>> [Liming] This patch is still under review. So, it will not catch this stable tag.
>>
>>   1.  https://edk2.groups.io/g/devel/message/54693 [edk2-stable202002][edk2-devel] [PATCH v2 1/1] MdeModulePkg/Pci: Fixed Asserts in SCT PCIIO Protocol Test.
> 
> Unrelated to the release process, only the formatting:
> It looks like you are doing ordered lists using markdown syntax
> (1.). This renders in plain text email simply as all items being 1.
> 
>> [Liming] The patch has passed review. Package maintainer thinks this is an enhancement. It will be added after stable tag.
>>
>>   1.  https://edk2.groups.io/g/devel/message/54122 [PATCH 1/1] ShellPkg: Add support for input with separately reported modifiers
>> [Liming] The discussion shows this change needs UEFI spec clarification. So, it may not be resolved in short team. It will not catch this stable tag. The discussion is in BZ 2510.
>>
>>   1.  https://edk2.groups.io/g/devel/message/54797 [PATCH 0/2] UefiCpuPkg/Library: Fix bug in MpInitLib
>> [Liming] The solution is under discussion (BZ 2556). The submitter requests this issue to be fixed happen reasonably soon. So, it may not catch this stable tag.
>>
>>   1.  https://edk2.groups.io/g/devel/message/54992 [Patch 1/1][edk2-stable202002]BaseTools: Fixed a regression issue in Makefile for incremental build
>> [Liming] This patch has passed review. This regression causes the basic incremental build not work with VS nmake tool. The fix is clear. So, it need to catch this stable tag.
> 
> I agree it needs to catch the stable tag. If it affects only VS builds
> then I am not going to insist on extending the hard freeze, but I
> (technically on holiday today/tomorrow) don't have time to dig much
> deeper into it.
> 
> However, I think the process is pretty clear that this *should* extend
> the hard freeze.
> 
> I will note that from the trail (commitdate of 818283de3f6d until
> BZ2563 was raised) it appears that detecting this bug itself, which
> went in two days before the soft freeze, took 15 days.

I agree with Liming's analysis on the patches (i.e., what goes in and
what gets postponed), and I agree with Leif that we should extend the
hard freeze by at least a couple of days.

This is not unusual. Originally I thought that edk2 freeze and release
dates were set in stone, but then Mike explained to me that that had
never been the intent. And other open source projects do several
pre-releases (rc0, rc1, .... pre-releases with "release critical" (rc)
bug fixes), before a final release. For example, QEMU regularly plans
rc0..rc2 or even rc3, and then *optionally* adds an rc4 if even rc3
receives significant bugfixes. The idea is that the final release / tag
should be preceded by a silent / calm period, where we've waited a few
days and become reasonably convinced that "OK, there's nothing else we
should obviously fix right now".

I wouldn't immediately suggest a full week extension, but maybe until
March 4th (middle of next week)?

Thanks
Laszlo

Re: [edk2-devel] Patch List for 202002 stable tag

[Liming Gao]

Lefi and Laszlo:
  I add my comments. 

> -----Original Message-----
> From: Laszlo Ersek <lersek@redhat.com>
> Sent: Friday, February 28, 2020 1:25 AM
> To: Leif Lindholm <leif@nuviainc.com>; devel@edk2.groups.io; Gao, Liming <liming.gao@intel.com>
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; afish@apple.com; Guptha, Soumya K <soumya.k.guptha@intel.com>; Marvin
> Häuser <marvin.haeuser@outlook.com>; Gao, Zhichao <zhichao.gao@intel.com>; 'ard.biesheuvel@linaro.org'
> <ard.biesheuvel@linaro.org>; Wu, Hao A <hao.a.wu@intel.com>; vit9696 <vit9696@protonmail.com>; gaurav.jain@nxp.com; Ni, Ray
> <ray.ni@intel.com>; Feng, Bob C <bob.c.feng@intel.com>; maciej.rabeda@linux.intel.com; leo.duran@amd.com
> Subject: Re: [edk2-devel] Patch List for 202002 stable tag
> 
> On 02/27/20 17:23, Leif Lindholm wrote:
> > Hi Liming,
> >
> > On Thu, Feb 27, 2020 at 16:06:22 +0000, Liming Gao wrote:
> >> Stewards:
> >>   I update the patch lists and status. Based on current information,
> >>   only one patch (item 5) needs catch this stable tag. Its fix is
> >>   clear, and risk is low. So, I think we can still keep current
> >>   planning to create stable tag edk2-stable202002 on 2020 Feb 28th
> >>   (UTC – 8). If you think the stable tag needs to be delay for few
> >>   days, please reply the mail before Feb 28th (00:00:00 UTC-8).
> >>
> >>   1.  https://edk2.groups.io/g/devel/message/54665 [edk2-devel] [PATCH v2 1/1] EmbeddedPkg: Fixed Asserts in SCT Runtime Services
> test.
> >> [Liming] This patch is still under review. So, it will not catch this stable tag.
> >>
> >>   1.  https://edk2.groups.io/g/devel/message/54693 [edk2-stable202002][edk2-devel] [PATCH v2 1/1] MdeModulePkg/Pci: Fixed
> Asserts in SCT PCIIO Protocol Test.
> >
> > Unrelated to the release process, only the formatting:
> > It looks like you are doing ordered lists using markdown syntax
> > (1.). This renders in plain text email simply as all items being 1.
> >
[Liming] Thanks for you suggestion.  

> >> [Liming] The patch has passed review. Package maintainer thinks this is an enhancement. It will be added after stable tag.
> >>
> >>   1.  https://edk2.groups.io/g/devel/message/54122 [PATCH 1/1] ShellPkg: Add support for input with separately reported modifiers
> >> [Liming] The discussion shows this change needs UEFI spec clarification. So, it may not be resolved in short team. It will not catch this
> stable tag. The discussion is in BZ 2510.
> >>
> >>   1.  https://edk2.groups.io/g/devel/message/54797 [PATCH 0/2] UefiCpuPkg/Library: Fix bug in MpInitLib
> >> [Liming] The solution is under discussion (BZ 2556). The submitter requests this issue to be fixed happen reasonably soon. So, it may
> not catch this stable tag.
> >>
> >>   1.  https://edk2.groups.io/g/devel/message/54992 [Patch 1/1][edk2-stable202002]BaseTools: Fixed a regression issue in Makefile for
> incremental build
> >> [Liming] This patch has passed review. This regression causes the basic incremental build not work with VS nmake tool. The fix is clear.
> So, it need to catch this stable tag.
> >
> > I agree it needs to catch the stable tag. If it affects only VS builds
> > then I am not going to insist on extending the hard freeze, but I
> > (technically on holiday today/tomorrow) don't have time to dig much
> > deeper into it.
> >
[Liming] This fix is to restore the original behavior before the commit 818283de3f6d 
for !INCLUDE style in Makefile generation. It does update GNUmakefile and VS makefile 
generation. Because it just restores original behavior, its quality risk is low. So, I suggest 
to catch it in this stable tag on current release planning. 

> > However, I think the process is pretty clear that this *should* extend
> > the hard freeze.
> >
[Liming] I am not aware of the process to extend the hard freeze. But, you think more time is 
required for the review and test on the critical bug fix. I am OK.

> > I will note that from the trail (commitdate of 818283de3f6d until
> > BZ2563 was raised) it appears that detecting this bug itself, which
> > went in two days before the soft freeze, took 15 days.
> 
[Liming] Yes. It takes 15 days to expose this issue. 

> I agree with Liming's analysis on the patches (i.e., what goes in and
> what gets postponed), and I agree with Leif that we should extend the
> hard freeze by at least a couple of days.
[Liming] If you both agree to extend the hard freeze, I have no objection. 
I request to extend few days instead of few weeks if no other critical issues are reported. 
Then, the impact of the community can be reduced. 

> 
> This is not unusual. Originally I thought that edk2 freeze and release
> dates were set in stone, but then Mike explained to me that that had
> never been the intent. And other open source projects do several
> pre-releases (rc0, rc1, .... pre-releases with "release critical" (rc)
> bug fixes), before a final release. For example, QEMU regularly plans
> rc0..rc2 or even rc3, and then *optionally* adds an rc4 if even rc3
> receives significant bugfixes. The idea is that the final release / tag
> should be preceded by a silent / calm period, where we've waited a few
> days and become reasonably convinced that "OK, there's nothing else we
> should obviously fix right now".
> 
> I wouldn't immediately suggest a full week extension, but maybe until
> March 4th (middle of next week)?
[Liming] March 4th is one good choice to reserve few days for the different time zone people.
If no more feedback, I will send announcement to delay this stable tag on Feb 28th (00:00:00 UTC-8).

Thanks
Liming
> 
> Thanks
> Laszlo

Re: [edk2-devel] Patch List for 202002 stable tag

[Leif Lindholm]

On Fri, Feb 28, 2020 at 04:13:09 +0000, Gao, Liming wrote:
> > > I agree it needs to catch the stable tag. If it affects only VS builds
> > > then I am not going to insist on extending the hard freeze, but I
> > > (technically on holiday today/tomorrow) don't have time to dig much
> > > deeper into it.
> > >
> [Liming] This fix is to restore the original behavior before the commit 818283de3f6d 
> for !INCLUDE style in Makefile generation. It does update GNUmakefile and VS makefile 
> generation. Because it just restores original behavior, its quality risk is low. So, I suggest 
> to catch it in this stable tag on current release planning. 

If it is *just* a revert, then the risk is often low enough to not
slip the date. But I think, as you say, this is something that
restores original behaviour - but leaving the code different from
the original.

> > > However, I think the process is pretty clear that this *should* extend
> > > the hard freeze.
>
> [Liming] I am not aware of the process to extend the hard freeze. But, you think more time is 
> required for the review and test on the critical bug fix. I am OK.
> 
> > > I will note that from the trail (commitdate of 818283de3f6d until
> > > BZ2563 was raised) it appears that detecting this bug itself, which
> > > went in two days before the soft freeze, took 15 days.
> 
> [Liming] Yes. It takes 15 days to expose this issue. 
> 
> > I agree with Liming's analysis on the patches (i.e., what goes in and
> > what gets postponed), and I agree with Leif that we should extend the
> > hard freeze by at least a couple of days.
>
> [Liming] If you both agree to extend the hard freeze, I have no objection. 
> I request to extend few days instead of few weeks if no other critical issues are reported. 
> Then, the impact of the community can be reduced. 
> 
> > This is not unusual. Originally I thought that edk2 freeze and release
> > dates were set in stone, but then Mike explained to me that that had
> > never been the intent. And other open source projects do several
> > pre-releases (rc0, rc1, .... pre-releases with "release critical" (rc)
> > bug fixes), before a final release. For example, QEMU regularly plans
> > rc0..rc2 or even rc3, and then *optionally* adds an rc4 if even rc3
> > receives significant bugfixes. The idea is that the final release / tag
> > should be preceded by a silent / calm period, where we've waited a few
> > days and become reasonably convinced that "OK, there's nothing else we
> > should obviously fix right now".
> > 
> > I wouldn't immediately suggest a full week extension, but maybe until
> > March 4th (middle of next week)?
> [Liming] March 4th is one good choice to reserve few days for the different time zone people.
> If no more feedback, I will send announcement to delay this stable tag on Feb 28th (00:00:00 UTC-8).

I am OK with March 4th.

Thanks!

/
    Leif

Re: [edk2-devel] Patch List for 202002 stable tag

[Liming Gao]

Hi, Stewards and all:
  Below three patches status are updated. If you have no other comments, I will create edk2-stable202002 tomorrow and send the announcement. 

https://edk2.groups.io/g/devel/message/55105 [PATCH 0/2] UefiCpuPkg/Library: Fix bug in MpInitLib (BZ: 2556) 
[Liming 2020-02-28] The solution is under discussion. The submitter requests this issue to be fixed happen reasonably soon. So, it may not catch this stable tag.
[Liming 2020-03-03] The solution is finalized. The patch passed reviewed. Now, it can catch this stable tag stable202002. The package maintainer submitted it in edk2 master 4c0f6e349d32cf27a7104ddd3e729d6ebc88ea70. PR: https://github.com/tianocore/edk2/pull/410

https://edk2.groups.io/g/devel/message/54992 [Patch 1/1][edk2-stable202002]BaseTools: Fixed a regression issue in Makefile for incremental build (BZ: 2563)
[Liming 2020-02-28] This patch has passed review. This regression causes the basic incremental build not work with VS nmake tool. The fix is clear. So, it need to catch this stable tag.
[Liming 2020-03-03] It is regarded as the critical fix. It was submitted in edk2 master at 2be4828af1c92a848af90429a9a0b44544c80553. PR: https://github.com/tianocore/edk2/pull/409

https://edk2.groups.io/g/devel/message/54995 [PATCH v1] ShellPkg: Fix 'ping' command Ip4 receive flow. (BZ: 2032)
[Liming 2020-02-28] This is the issue in ShellPkg. It may not be critical issue, and defer after this stable tag.
[Liming 2020-03-03] The submitted advised moving this issue out of CVE scope (and from stable-202002). So, it will defer after this stable tag.

Thanks
Liming
-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Leif Lindholm
Sent: 2020年2月28日 20:48
To: Gao, Liming <liming.gao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>; devel@edk2.groups.io; Kinney, Michael D <michael.d.kinney@intel.com>; afish@apple.com; Guptha, Soumya K <soumya.k.guptha@intel.com>; Marvin Häuser <marvin.haeuser@outlook.com>; Gao, Zhichao <zhichao.gao@intel.com>; 'ard.biesheuvel@linaro.org' <ard.biesheuvel@linaro.org>; Wu, Hao A <hao.a.wu@intel.com>; vit9696 <vit9696@protonmail.com>; gaurav.jain@nxp.com; Ni, Ray <ray.ni@intel.com>; Feng, Bob C <bob.c.feng@intel.com>; maciej.rabeda@linux.intel.com; leo.duran@amd.com
Subject: Re: [edk2-devel] Patch List for 202002 stable tag

On Fri, Feb 28, 2020 at 04:13:09 +0000, Gao, Liming wrote:
> > > I agree it needs to catch the stable tag. If it affects only VS 
> > > builds then I am not going to insist on extending the hard freeze, 
> > > but I (technically on holiday today/tomorrow) don't have time to 
> > > dig much deeper into it.
> > >
> [Liming] This fix is to restore the original behavior before the 
> commit 818283de3f6d for !INCLUDE style in Makefile generation. It does 
> update GNUmakefile and VS makefile generation. Because it just 
> restores original behavior, its quality risk is low. So, I suggest to catch it in this stable tag on current release planning.

If it is *just* a revert, then the risk is often low enough to not slip the date. But I think, as you say, this is something that restores original behaviour - but leaving the code different from the original.

> > > However, I think the process is pretty clear that this *should* 
> > > extend the hard freeze.
>
> [Liming] I am not aware of the process to extend the hard freeze. But, 
> you think more time is required for the review and test on the critical bug fix. I am OK.
> 
> > > I will note that from the trail (commitdate of 818283de3f6d until
> > > BZ2563 was raised) it appears that detecting this bug itself, 
> > > which went in two days before the soft freeze, took 15 days.
> 
> [Liming] Yes. It takes 15 days to expose this issue. 
> 
> > I agree with Liming's analysis on the patches (i.e., what goes in 
> > and what gets postponed), and I agree with Leif that we should 
> > extend the hard freeze by at least a couple of days.
>
> [Liming] If you both agree to extend the hard freeze, I have no objection. 
> I request to extend few days instead of few weeks if no other critical issues are reported. 
> Then, the impact of the community can be reduced. 
> 
> > This is not unusual. Originally I thought that edk2 freeze and 
> > release dates were set in stone, but then Mike explained to me that 
> > that had never been the intent. And other open source projects do 
> > several pre-releases (rc0, rc1, .... pre-releases with "release 
> > critical" (rc) bug fixes), before a final release. For example, QEMU 
> > regularly plans
> > rc0..rc2 or even rc3, and then *optionally* adds an rc4 if even rc3 
> > receives significant bugfixes. The idea is that the final release / 
> > tag should be preceded by a silent / calm period, where we've waited 
> > a few days and become reasonably convinced that "OK, there's nothing 
> > else we should obviously fix right now".
> > 
> > I wouldn't immediately suggest a full week extension, but maybe 
> > until March 4th (middle of next week)?
> [Liming] March 4th is one good choice to reserve few days for the different time zone people.
> If no more feedback, I will send announcement to delay this stable tag on Feb 28th (00:00:00 UTC-8).

I am OK with March 4th.

Thanks!

/
    Leif

Re: [edk2-devel] Patch List for 202002 stable tag

[Laszlo Ersek]

On 03/03/20 09:29, Gao, Liming wrote:
> Hi, Stewards and all:
>   Below three patches status are updated. If you have no other comments, I will create edk2-stable202002 tomorrow and send the announcement. 
> 
> https://edk2.groups.io/g/devel/message/55105 [PATCH 0/2] UefiCpuPkg/Library: Fix bug in MpInitLib (BZ: 2556) 
> [Liming 2020-02-28] The solution is under discussion. The submitter requests this issue to be fixed happen reasonably soon. So, it may not catch this stable tag.
> [Liming 2020-03-03] The solution is finalized. The patch passed reviewed. Now, it can catch this stable tag stable202002. The package maintainer submitted it in edk2 master 4c0f6e349d32cf27a7104ddd3e729d6ebc88ea70. PR: https://github.com/tianocore/edk2/pull/410

(1) Side request: please don't mix up the term "submit" with "push" or
"merge". Submit means submitting for review. "Push" or "merge" means the
patch is part of the git history.

I don't know where this mis-use of the term "submit" comes from. I've
noticed it only recently, on the list, and maybe in a few BZ comments.
It's very confusing.

(2) Actual request: TianoCore#2556 is still in UNCONFIRMED state. Just
about every aspect of that ticket is wrong:

- wrong status (should be resolved|fixed)
- wrong assignee (should be Leo, not Mike)
- the posted patch has not been referenced in a comment (into the list
archive)
- the commit hash of the resultant commit has not been noted in the BZ
(in a comment).
- the underlying issue seems like a regression on AMD platforms, from
the patch that introduced the PlatformId check. The Keywords field
should have "regression" selected, and a comment should explain what
commit exactly introduced the regression (the PlatformId check).

Leo: please fix up those problems in the BZ ticket urgently.

> 
> https://edk2.groups.io/g/devel/message/54992 [Patch 1/1][edk2-stable202002]BaseTools: Fixed a regression issue in Makefile for incremental build (BZ: 2563)
> [Liming 2020-02-28] This patch has passed review. This regression causes the basic incremental build not work with VS nmake tool. The fix is clear. So, it need to catch this stable tag.
> [Liming 2020-03-03] It is regarded as the critical fix. It was submitted in edk2 master at 2be4828af1c92a848af90429a9a0b44544c80553. PR: https://github.com/tianocore/edk2/pull/409

Not submitted, merged.

Otherwise, OK.

> 
> https://edk2.groups.io/g/devel/message/54995 [PATCH v1] ShellPkg: Fix 'ping' command Ip4 receive flow. (BZ: 2032)
> [Liming 2020-02-28] This is the issue in ShellPkg. It may not be critical issue, and defer after this stable tag.
> [Liming 2020-03-03] The submitted advised moving this issue out of CVE scope (and from stable-202002). So, it will defer after this stable tag.

OK.

Maciej: if you really think this BZ (#2032) should not be in the scope
of CVE-2019-14559, then please go to
<https://bugzilla.tianocore.org/show_bug.cgi?id=2032>, and remove "2550"
from the "Blocks" field, after clicking "edit".

Thanks
Laszlo

> 
> Thanks
> Liming
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Leif Lindholm
> Sent: 2020年2月28日 20:48
> To: Gao, Liming <liming.gao@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>; devel@edk2.groups.io; Kinney, Michael D <michael.d.kinney@intel.com>; afish@apple.com; Guptha, Soumya K <soumya.k.guptha@intel.com>; Marvin Häuser <marvin.haeuser@outlook.com>; Gao, Zhichao <zhichao.gao@intel.com>; 'ard.biesheuvel@linaro.org' <ard.biesheuvel@linaro.org>; Wu, Hao A <hao.a.wu@intel.com>; vit9696 <vit9696@protonmail.com>; gaurav.jain@nxp.com; Ni, Ray <ray.ni@intel.com>; Feng, Bob C <bob.c.feng@intel.com>; maciej.rabeda@linux.intel.com; leo.duran@amd.com
> Subject: Re: [edk2-devel] Patch List for 202002 stable tag
> 
> On Fri, Feb 28, 2020 at 04:13:09 +0000, Gao, Liming wrote:
>>>> I agree it needs to catch the stable tag. If it affects only VS 
>>>> builds then I am not going to insist on extending the hard freeze, 
>>>> but I (technically on holiday today/tomorrow) don't have time to 
>>>> dig much deeper into it.
>>>>
>> [Liming] This fix is to restore the original behavior before the 
>> commit 818283de3f6d for !INCLUDE style in Makefile generation. It does 
>> update GNUmakefile and VS makefile generation. Because it just 
>> restores original behavior, its quality risk is low. So, I suggest to catch it in this stable tag on current release planning.
> 
> If it is *just* a revert, then the risk is often low enough to not slip the date. But I think, as you say, this is something that restores original behaviour - but leaving the code different from the original.
> 
>>>> However, I think the process is pretty clear that this *should* 
>>>> extend the hard freeze.
>>
>> [Liming] I am not aware of the process to extend the hard freeze. But, 
>> you think more time is required for the review and test on the critical bug fix. I am OK.
>>
>>>> I will note that from the trail (commitdate of 818283de3f6d until
>>>> BZ2563 was raised) it appears that detecting this bug itself, 
>>>> which went in two days before the soft freeze, took 15 days.
>>
>> [Liming] Yes. It takes 15 days to expose this issue. 
>>
>>> I agree with Liming's analysis on the patches (i.e., what goes in 
>>> and what gets postponed), and I agree with Leif that we should 
>>> extend the hard freeze by at least a couple of days.
>>
>> [Liming] If you both agree to extend the hard freeze, I have no objection. 
>> I request to extend few days instead of few weeks if no other critical issues are reported. 
>> Then, the impact of the community can be reduced. 
>>
>>> This is not unusual. Originally I thought that edk2 freeze and 
>>> release dates were set in stone, but then Mike explained to me that 
>>> that had never been the intent. And other open source projects do 
>>> several pre-releases (rc0, rc1, .... pre-releases with "release 
>>> critical" (rc) bug fixes), before a final release. For example, QEMU 
>>> regularly plans
>>> rc0..rc2 or even rc3, and then *optionally* adds an rc4 if even rc3 
>>> receives significant bugfixes. The idea is that the final release / 
>>> tag should be preceded by a silent / calm period, where we've waited 
>>> a few days and become reasonably convinced that "OK, there's nothing 
>>> else we should obviously fix right now".
>>>
>>> I wouldn't immediately suggest a full week extension, but maybe 
>>> until March 4th (middle of next week)?
>> [Liming] March 4th is one good choice to reserve few days for the different time zone people.
>> If no more feedback, I will send announcement to delay this stable tag on Feb 28th (00:00:00 UTC-8).
> 
> I am OK with March 4th.
> 
> Thanks!
> 
> /
>     Leif
> 
> 
>