From: "Liming Gao" <liming.gao@intel.com>
To: Leif Lindholm <leif.lindholm@linaro.org>
Cc: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"Wang, Jian J" <jian.j.wang@intel.com>,
"Wu, Hao A" <hao.a.wu@intel.com>,
Cinnamon Shia <cinnamon.shia@hpe.com>,
"afish@apple.com" <afish@apple.com>,
"Laszlo Ersek (lersek@redhat.com)" <lersek@redhat.com>,
"Kinney, Michael D" <michael.d.kinney@intel.com>,
"Cetola, Stephano" <stephano.cetola@intel.com>
Subject: Re: [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Update Oniguruma from v6.9.0 to v6.9.3
Date: Fri, 9 Aug 2019 13:51:15 +0000 [thread overview]
Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14E4CD773@SHSMSX104.ccr.corp.intel.com> (raw)
In-Reply-To: <20190808145147.GB25813@bivouac.eciton.net>
Leif:
> -----Original Message-----
> From: Leif Lindholm [mailto:leif.lindholm@linaro.org]
> Sent: Thursday, August 8, 2019 10:52 PM
> To: Gao, Liming <liming.gao@intel.com>
> Cc: devel@edk2.groups.io; Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Cinnamon Shia
> <cinnamon.shia@hpe.com>; afish@apple.com; Laszlo Ersek (lersek@redhat.com) <lersek@redhat.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Cetola, Stephano <stephano.cetola@intel.com>
> Subject: Re: [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Update Oniguruma from v6.9.0 to v6.9.3
>
> On Thu, Aug 08, 2019 at 01:52:36PM +0000, Gao, Liming wrote:
> > Hi, all
> > This patch is big. I upload it into https://github.com/lgao4/edk2/tree/Oniguruma6.9.3 for your review.
> >
> > Hi, Stewards:
> > Oniguruma version v6.9.3 is released for security fix. So, I plan to include this update for 201908 stable tag. If you have any
> comments, please let me know.
>
> This version was only released 3 days ago, so I am OK with it being
> included. (If this had been posted as an update to 6.9.2, I would have
> questioned why it was being brought in so late in the cycle.)
>
Yes. I find this version is just released. And, it is for security fix. So, I want to catch it for 201908 stable tag.
> Do we have confidence that we can achieve substantial testing before
> the stable tag?
I verify its functionality by UEFI SCT RegularExpressionProtocol.
This driver is used to produce RegularExpressionProtocol.
>
> Is it feasible to convert this to a git submodule for future updates?
>
I will submit one BZ for it. This need to contribute some change back to Oniguruma project for EDK2.
Thanks
Liming
> Best Regards,
>
> Leif
>
> > Thanks
> > Liming
> > >-----Original Message-----
> > >From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> > >Liming Gao
> > >Sent: Thursday, August 08, 2019 9:31 PM
> > >To: devel@edk2.groups.io
> > >Cc: Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>;
> > >Cinnamon Shia <cinnamon.shia@hpe.com>
> > >Subject: [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Update
> > >Oniguruma from v6.9.0 to v6.9.3
> > >
> > >BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2066
> > >Update Oniguruma to the latest version v6.9.3.
> > >Oniguruma https://github.com/kkos/oniguruma
> > >This release is the security fix release. It includes the changes:
> > >Fixed CVE-2019-13224
> > >Fixed CVE-2019-13225
> > >Fixed many problems (found by libfuzzer programs)
> > >
> > >Verify VS2015, GCC5 build.
> > >Verify RegularExpressionProtocol GetInfo() and Match() function.
> > >
> > >Cc: Jian J Wang <jian.j.wang@intel.com>
> > >Cc: Hao A Wu <hao.a.wu@intel.com>
> > >Cc: Cinnamon Shia <cinnamon.shia@hpe.com>
> > >Signed-off-by: Liming Gao <liming.gao@intel.com>
> > >---
> > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/ascii.c
> > >| 2 +-
> > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regcomp.c
> > >| 2433 +++++++++++--------
> > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.c
> > >| 82 +-
> > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c
> > >| 63 +-
> > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regexec.c
> > >| 2672 +++++++++++----------
> > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/reggnu.c
> > >| 22 +-
> > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.c
> > >| 702 +++---
> > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c
> > >| 12 +-
> > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposix.c
> > >| 16 +-
> > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regsyntax.c
> > >| 12 +-
> > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode.c
> > >| 289 ++-
> > >
> > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_egcb
> > >_data.c | 31 +-
> > >
> > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold1
> > >_key.c | 2689 ++++++++++-----------
> > >
> > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold2
> > >_key.c | 4 +-
> > >
> > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold3
> > >_key.c | 4 +-
> > >
> > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold_
> > >data.c | 2256 +++++++++---------
> > >
> > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_prop
> > >erty_data.c | 8545 +++++++++++++++++++++++++++++++++++------------
> > >--------------------
> > >
> > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_prop
> > >erty_data_posix.c | 410 ++--
> > >
> > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_unfol
> > >d_key.c | 3253 +++++++++++++-------------
> > >
> > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_wb_d
> > >ata.c | 1023 ++++++++
> > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/utf16_le.c
> > >| 36 +-
> > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/oniguruma.h
> > >| 21 +-
> > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.h
> > >| 23 +-
> > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regint.h
> > >| 438 ++--
> > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.h
> > >| 313 ++-
> > > 25 files changed, 14055 insertions(+), 11296 deletions(-)
> > >
> >
> >
next prev parent reply other threads:[~2019-08-09 13:51 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <15B8F5E6C2C74026.10163@groups.io>
2019-08-08 13:52 ` [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Update Oniguruma from v6.9.0 to v6.9.3 Liming Gao
2019-08-08 14:51 ` Leif Lindholm
2019-08-09 13:51 ` Liming Gao [this message]
2019-08-08 20:34 ` Laszlo Ersek
2019-08-12 5:07 ` Wu, Hao A
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A89E2EF3DFEDB4C8BFDE51014F606A14E4CD773@SHSMSX104.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox