From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: liming.gao@intel.com) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by groups.io with SMTP; Thu, 08 Aug 2019 06:54:48 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Aug 2019 06:52:41 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,361,1559545200"; d="scan'208";a="199051093" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by fmsmga004.fm.intel.com with ESMTP; 08 Aug 2019 06:52:41 -0700 Received: from fmsmsx152.amr.corp.intel.com (10.18.125.5) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 8 Aug 2019 06:52:39 -0700 Received: from shsmsx107.ccr.corp.intel.com (10.239.4.96) by FMSMSX152.amr.corp.intel.com (10.18.125.5) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 8 Aug 2019 06:52:39 -0700 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.112]) by SHSMSX107.ccr.corp.intel.com ([169.254.9.65]) with mapi id 14.03.0439.000; Thu, 8 Aug 2019 21:52:37 +0800 From: "Liming Gao" To: "devel@edk2.groups.io" , "Gao, Liming" CC: "Wang, Jian J" , "Wu, Hao A" , Cinnamon Shia , "leif.lindholm@linaro.org" , "afish@apple.com" , "Laszlo Ersek (lersek@redhat.com)" , "Kinney, Michael D" , "Cetola, Stephano" Subject: Re: [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Update Oniguruma from v6.9.0 to v6.9.3 Thread-Topic: [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Update Oniguruma from v6.9.0 to v6.9.3 Thread-Index: AQHVTe37rpHvAPst5U2lk0xWh30O56bxQpxQ Date: Thu, 8 Aug 2019 13:52:36 +0000 Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14E4CCE86@SHSMSX104.ccr.corp.intel.com> References: <15B8F5E6C2C74026.10163@groups.io> In-Reply-To: <15B8F5E6C2C74026.10163@groups.io> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: liming.gao@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, all This patch is big. I upload it into https://github.com/lgao4/edk2/tree/On= iguruma6.9.3 for your review.=20 Hi, Stewards: Oniguruma version v6.9.3 is released for security fix. So, I plan to inc= lude this update for 201908 stable tag. If you have any comments, please le= t me know.=20 Thanks Liming >-----Original Message----- >From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of >Liming Gao >Sent: Thursday, August 08, 2019 9:31 PM >To: devel@edk2.groups.io >Cc: Wang, Jian J ; Wu, Hao A ; >Cinnamon Shia >Subject: [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Update >Oniguruma from v6.9.0 to v6.9.3 > >BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2066 >Update Oniguruma to the latest version v6.9.3. >Oniguruma https://github.com/kkos/oniguruma >This release is the security fix release. It includes the changes: >Fixed CVE-2019-13224 >Fixed CVE-2019-13225 >Fixed many problems (found by libfuzzer programs) > >Verify VS2015, GCC5 build. >Verify RegularExpressionProtocol GetInfo() and Match() function. > >Cc: Jian J Wang >Cc: Hao A Wu >Cc: Cinnamon Shia >Signed-off-by: Liming Gao >--- > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/ascii.c >| 2 +- > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regcomp.c >| 2433 +++++++++++-------- > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.c >| 82 +- > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c >| 63 +- > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regexec.c >| 2672 +++++++++++---------- > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/reggnu.c >| 22 +- > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.c >| 702 +++--- > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c >| 12 +- > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposix.c >| 16 +- > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regsyntax.c >| 12 +- > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode.c >| 289 ++- > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_egcb >_data.c | 31 +- > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold1 >_key.c | 2689 ++++++++++----------- > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold2 >_key.c | 4 +- > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold3 >_key.c | 4 +- > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold_ >data.c | 2256 +++++++++--------- > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_prop >erty_data.c | 8545 +++++++++++++++++++++++++++++++++++------------ >-------------------- > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_prop >erty_data_posix.c | 410 ++-- > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_unfol >d_key.c | 3253 +++++++++++++------------- > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_wb_d >ata.c | 1023 ++++++++ > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/utf16_le.c >| 36 +- > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/oniguruma.h >| 21 +- > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.h >| 23 +- > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regint.h >| 438 ++-- > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.h >| 313 ++- > 25 files changed, 14055 insertions(+), 11296 deletions(-) >