From: "Liming Gao" <liming.gao@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"Gao, Liming" <liming.gao@intel.com>
Cc: "Wang, Jian J" <jian.j.wang@intel.com>,
"Wu, Hao A" <hao.a.wu@intel.com>,
Cinnamon Shia <cinnamon.shia@hpe.com>,
"leif.lindholm@linaro.org" <leif.lindholm@linaro.org>,
"afish@apple.com" <afish@apple.com>,
"Laszlo Ersek (lersek@redhat.com)" <lersek@redhat.com>,
"Kinney, Michael D" <michael.d.kinney@intel.com>,
"Cetola, Stephano" <stephano.cetola@intel.com>
Subject: Re: [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Update Oniguruma from v6.9.0 to v6.9.3
Date: Thu, 8 Aug 2019 13:52:36 +0000 [thread overview]
Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14E4CCE86@SHSMSX104.ccr.corp.intel.com> (raw)
In-Reply-To: <15B8F5E6C2C74026.10163@groups.io>
Hi, all
This patch is big. I upload it into https://github.com/lgao4/edk2/tree/Oniguruma6.9.3 for your review.
Hi, Stewards:
Oniguruma version v6.9.3 is released for security fix. So, I plan to include this update for 201908 stable tag. If you have any comments, please let me know.
Thanks
Liming
>-----Original Message-----
>From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
>Liming Gao
>Sent: Thursday, August 08, 2019 9:31 PM
>To: devel@edk2.groups.io
>Cc: Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>;
>Cinnamon Shia <cinnamon.shia@hpe.com>
>Subject: [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Update
>Oniguruma from v6.9.0 to v6.9.3
>
>BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2066
>Update Oniguruma to the latest version v6.9.3.
>Oniguruma https://github.com/kkos/oniguruma
>This release is the security fix release. It includes the changes:
>Fixed CVE-2019-13224
>Fixed CVE-2019-13225
>Fixed many problems (found by libfuzzer programs)
>
>Verify VS2015, GCC5 build.
>Verify RegularExpressionProtocol GetInfo() and Match() function.
>
>Cc: Jian J Wang <jian.j.wang@intel.com>
>Cc: Hao A Wu <hao.a.wu@intel.com>
>Cc: Cinnamon Shia <cinnamon.shia@hpe.com>
>Signed-off-by: Liming Gao <liming.gao@intel.com>
>---
> MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/ascii.c
>| 2 +-
> MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regcomp.c
>| 2433 +++++++++++--------
> MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.c
>| 82 +-
> MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c
>| 63 +-
> MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regexec.c
>| 2672 +++++++++++----------
> MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/reggnu.c
>| 22 +-
> MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.c
>| 702 +++---
> MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c
>| 12 +-
> MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposix.c
>| 16 +-
> MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regsyntax.c
>| 12 +-
> MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode.c
>| 289 ++-
>
>MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_egcb
>_data.c | 31 +-
>
>MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold1
>_key.c | 2689 ++++++++++-----------
>
>MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold2
>_key.c | 4 +-
>
>MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold3
>_key.c | 4 +-
>
>MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold_
>data.c | 2256 +++++++++---------
>
>MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_prop
>erty_data.c | 8545 +++++++++++++++++++++++++++++++++++------------
>--------------------
>
>MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_prop
>erty_data_posix.c | 410 ++--
>
>MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_unfol
>d_key.c | 3253 +++++++++++++-------------
>
>MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_wb_d
>ata.c | 1023 ++++++++
> MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/utf16_le.c
>| 36 +-
> MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/oniguruma.h
>| 21 +-
> MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.h
>| 23 +-
> MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regint.h
>| 438 ++--
> MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.h
>| 313 ++-
> 25 files changed, 14055 insertions(+), 11296 deletions(-)
>
next parent reply other threads:[~2019-08-08 13:54 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <15B8F5E6C2C74026.10163@groups.io>
2019-08-08 13:52 ` Liming Gao [this message]
2019-08-08 14:51 ` [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Update Oniguruma from v6.9.0 to v6.9.3 Leif Lindholm
2019-08-09 13:51 ` Liming Gao
2019-08-08 20:34 ` Laszlo Ersek
2019-08-12 5:07 ` Wu, Hao A
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A89E2EF3DFEDB4C8BFDE51014F606A14E4CCE86@SHSMSX104.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox