From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: liming.gao@intel.com) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by groups.io with SMTP; Fri, 09 Aug 2019 06:51:20 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 09 Aug 2019 06:51:19 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,364,1559545200"; d="scan'208";a="169322032" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by orsmga008.jf.intel.com with ESMTP; 09 Aug 2019 06:51:19 -0700 Received: from fmsmsx117.amr.corp.intel.com (10.18.116.17) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.439.0; Fri, 9 Aug 2019 06:51:18 -0700 Received: from shsmsx154.ccr.corp.intel.com (10.239.6.54) by fmsmsx117.amr.corp.intel.com (10.18.116.17) with Microsoft SMTP Server (TLS) id 14.3.439.0; Fri, 9 Aug 2019 06:51:18 -0700 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.112]) by SHSMSX154.ccr.corp.intel.com ([169.254.7.249]) with mapi id 14.03.0439.000; Fri, 9 Aug 2019 21:51:16 +0800 From: "Liming Gao" To: Leif Lindholm CC: "devel@edk2.groups.io" , "Wang, Jian J" , "Wu, Hao A" , Cinnamon Shia , "afish@apple.com" , "Laszlo Ersek (lersek@redhat.com)" , "Kinney, Michael D" , "Cetola, Stephano" Subject: Re: [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Update Oniguruma from v6.9.0 to v6.9.3 Thread-Topic: [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Update Oniguruma from v6.9.0 to v6.9.3 Thread-Index: AQHVTe37rpHvAPst5U2lk0xWh30O56bxQpxQ//+NBoCAAgXVkA== Date: Fri, 9 Aug 2019 13:51:15 +0000 Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14E4CD773@SHSMSX104.ccr.corp.intel.com> References: <15B8F5E6C2C74026.10163@groups.io> <4A89E2EF3DFEDB4C8BFDE51014F606A14E4CCE86@SHSMSX104.ccr.corp.intel.com> <20190808145147.GB25813@bivouac.eciton.net> In-Reply-To: <20190808145147.GB25813@bivouac.eciton.net> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMjA2YzU2M2QtZmU2OC00MDNjLThhNzgtYTU0MzVjZDlmN2FiIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoicWNFSTdScGpHb0Y3bHIzNmtSdVBmcWc0elRrQnV3bDlxdlB3cDVMdysyTTlHNlRDa3FiMWVPRnB4aFdGYUpyaCJ9 dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: liming.gao@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Leif: > -----Original Message----- > From: Leif Lindholm [mailto:leif.lindholm@linaro.org] > Sent: Thursday, August 8, 2019 10:52 PM > To: Gao, Liming > Cc: devel@edk2.groups.io; Wang, Jian J ; Wu, Hao A= ; Cinnamon Shia > ; afish@apple.com; Laszlo Ersek (lersek@redhat.com= ) ; Kinney, Michael D > ; Cetola, Stephano > Subject: Re: [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Upda= te Oniguruma from v6.9.0 to v6.9.3 >=20 > On Thu, Aug 08, 2019 at 01:52:36PM +0000, Gao, Liming wrote: > > Hi, all > > This patch is big. I upload it into https://github.com/lgao4/edk2/tre= e/Oniguruma6.9.3 for your review. > > > > Hi, Stewards: > > Oniguruma version v6.9.3 is released for security fix. So, I plan to= include this update for 201908 stable tag. If you have any > comments, please let me know. >=20 > This version was only released 3 days ago, so I am OK with it being > included. (If this had been posted as an update to 6.9.2, I would have > questioned why it was being brought in so late in the cycle.) >=20 Yes. I find this version is just released. And, it is for security fix. So,= I want to catch it for 201908 stable tag.=20 > Do we have confidence that we can achieve substantial testing before > the stable tag? I verify its functionality by UEFI SCT RegularExpressionProtocol.=20 This driver is used to produce RegularExpressionProtocol. >=20 > Is it feasible to convert this to a git submodule for future updates? >=20 I will submit one BZ for it. This need to contribute some change back to On= iguruma project for EDK2.=20 Thanks Liming > Best Regards, >=20 > Leif >=20 > > Thanks > > Liming > > >-----Original Message----- > > >From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > > >Liming Gao > > >Sent: Thursday, August 08, 2019 9:31 PM > > >To: devel@edk2.groups.io > > >Cc: Wang, Jian J ; Wu, Hao A ; > > >Cinnamon Shia > > >Subject: [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Updat= e > > >Oniguruma from v6.9.0 to v6.9.3 > > > > > >BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2066 > > >Update Oniguruma to the latest version v6.9.3. > > >Oniguruma https://github.com/kkos/oniguruma > > >This release is the security fix release. It includes the changes: > > >Fixed CVE-2019-13224 > > >Fixed CVE-2019-13225 > > >Fixed many problems (found by libfuzzer programs) > > > > > >Verify VS2015, GCC5 build. > > >Verify RegularExpressionProtocol GetInfo() and Match() function. > > > > > >Cc: Jian J Wang > > >Cc: Hao A Wu > > >Cc: Cinnamon Shia > > >Signed-off-by: Liming Gao > > >--- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/ascii.c > > >| 2 +- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regcomp.c > > >| 2433 +++++++++++-------- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.c > > >| 82 +- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c > > >| 63 +- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regexec.c > > >| 2672 +++++++++++---------- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/reggnu.c > > >| 22 +- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.c > > >| 702 +++--- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c > > >| 12 +- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposix.c > > >| 16 +- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regsyntax.c > > >| 12 +- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode.c > > >| 289 ++- > > > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_egcb > > >_data.c | 31 +- > > > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold1 > > >_key.c | 2689 ++++++++++----------- > > > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold2 > > >_key.c | 4 +- > > > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold3 > > >_key.c | 4 +- > > > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold_ > > >data.c | 2256 +++++++++--------- > > > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_prop > > >erty_data.c | 8545 +++++++++++++++++++++++++++++++++++----------= -- > > >-------------------- > > > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_prop > > >erty_data_posix.c | 410 ++-- > > > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_unfol > > >d_key.c | 3253 +++++++++++++------------- > > > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_wb_d > > >ata.c | 1023 ++++++++ > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/utf16_le.c > > >| 36 +- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/oniguruma.h > > >| 21 +- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.h > > >| 23 +- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regint.h > > >| 438 ++-- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.h > > >| 313 ++- > > > 25 files changed, 14055 insertions(+), 11296 deletions(-) > > > > > > >