From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web10.3601.1581668368531982112 for ; Fri, 14 Feb 2020 00:19:28 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: liming.gao@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Feb 2020 00:19:28 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,439,1574150400"; d="scan'208,217";a="222936217" Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206]) by orsmga007.jf.intel.com with ESMTP; 14 Feb 2020 00:19:27 -0800 Received: from shsmsx603.ccr.corp.intel.com (10.109.6.143) by FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS) id 14.3.439.0; Fri, 14 Feb 2020 00:19:27 -0800 Received: from shsmsx606.ccr.corp.intel.com (10.109.6.216) by SHSMSX603.ccr.corp.intel.com (10.109.6.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Fri, 14 Feb 2020 16:19:25 +0800 Received: from shsmsx606.ccr.corp.intel.com ([10.109.6.216]) by SHSMSX606.ccr.corp.intel.com ([10.109.6.216]) with mapi id 15.01.1713.004; Fri, 14 Feb 2020 16:19:25 +0800 From: "Liming Gao" To: "devel@edk2.groups.io" , "announce@edk2.groups.io" CC: "Guptha, Soumya K" , "Kinney, Michael D" , Laszlo Ersek , "afish@apple.com" , "leif.lindholm@linaro.org" Subject: Soft Feature Freeze starts now for edk2-stable202002 Thread-Topic: Soft Feature Freeze starts now for edk2-stable202002 Thread-Index: AdXiUYr5ZXD8PHHnSrKvuaI45UBgEA== Date: Fri, 14 Feb 2020 08:19:25 +0000 Message-ID: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.2.0.6 dlp-product: dlpe-windows dlp-reaction: no-action x-originating-ip: [10.239.127.36] MIME-Version: 1.0 Return-Path: liming.gao@intel.com Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_e216d43b6049498693972107b0bd6463intelcom_" --_000_e216d43b6049498693972107b0bd6463intelcom_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, all We will enter into Soft Feature Freeze phase. In this phase, the feature = under review will not be allowed to be pushed. The patch review can continu= e without break in edk2 community. If the patch is sent before Soft Feature Freeze, and plans to catch this = stable tag, the patch contributor need reply to his patch and notify edk2 c= ommunity. If the patch is sent after Soft Feature Freeze, and plans to catch this s= table tag, please add edk2-stable202002 key words in the patch title and BZ= , so the community know this patch target and give the feedback. Below is edk2-stable202002 tag planning https://github.com/tianocore/tianoc= ore.github.io/wiki/EDK-II-Release-Planning Proposed Schedule Date (00:00:00 UTC-8) Description 2019-12-02 Beginning of development 2020-02-07 Feature Planning Freeze 2020-02-14 Soft Feature Freeze 2020-02-21 Hard Feature Freeze 2020-02-28 Release Thanks Liming --_000_e216d43b6049498693972107b0bd6463intelcom_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi, all

We will enter into Soft Feature Freeze phase.= In this phase, the feature under review will not be allowed to be pushed. = The patch review can continue without break in edk2 community.

If the patch is sent before Soft Feature Free= ze, and plans to catch this stable tag, the patch contributor need reply to= his patch and notify edk2 community.

If the patch is sent after Soft Feature Freez= e, and plans to catch this stable tag, please add edk2-stable202002 key wor= ds in the patch title and BZ, so the community know this patch target and g= ive the feedback.

Below is edk2-stable202002 tag planning https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-Planni= ng

Proposed Schedule

Date (00:00:00 UTC-8) Description

2019-12-02 = Beginning of development

2020-02-07 = Feature Planning Freeze

2020-02-14 = Soft Feature Freeze

2020-02-21 = Hard Feature Freeze

2020-02-28 = Release

Thanks

Liming

--_000_e216d43b6049498693972107b0bd6463intelcom_-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from out04.hibox.biz (out04.hibox.biz [210.71.195.45]) by mx.groups.io with SMTP id smtpd.web11.10779.1581706396083352654 for ; Fri, 14 Feb 2020 10:53:17 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: insyde.com, ip: 210.71.195.45, mailfrom: tim.lewis@insyde.com) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2BTAAD+6kZe/w00GKxmGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQEBAQEBEQEBAQEBAQEBAQEBgXuDFXUSKoxUQ4gcgz6HboNpjCUJAQE?= =?us-ascii?q?BAQEBAQEBCCUHAQIEAQGBTIJuBAICgiU4EwIQAQEGAQEBAQEFBG2Ea0wMhWY?= =?us-ascii?q?BAQIDCAIwDwUIIwwBBQYDDQQEAQFIGB4IAgQBEgsFBAkEgwaCew+tNIInGgK?= =?us-ascii?q?EGQGGE4E4gWWEH4g6g28HLj6CZAKHUwSQHocpRpdtB4oKjwQcgkl6hxoFhDI?= =?us-ascii?q?DjAGLBINkiG6SaIFpIoFYcC8hgmwJNhEYkh2CZIgQIzACgR8IFQGPGQEB?= X-IronPort-AV: E=Sophos;i="5.70,441,1574092800"; d="scan'208";a="21318427" Received: from unknown (HELO hb3-BKT203.hibox.biz) ([172.24.52.13]) by out04.hibox.biz with ESMTP; 15 Feb 2020 02:53:13 +0800 IronPort-SDR: vEDeO9jNkjF8DRC44CqB4CXr0Jfmw4TUO1nQMJrCMTiXy3ddfeEMzWb4fi0ZvAomvTLQjhqJb+ p4gP03Ko31pQ== Received: from unknown (HELO hb3-BKT101.hibox.biz) ([172.24.51.11]) by hb3-BKT203.hibox.biz with ESMTP; 15 Feb 2020 02:53:12 +0800 IronPort-SDR: FrTvc6vbYk7Muv7YZQDOVoNo4DCY2K6rYnWLijplIhgGwQsHjM3RTtgwshRea66zty+xWQoPl8 MUKRySyzP3gw== Received: from unknown (HELO hb3-IN02.hibox.biz) ([172.24.12.12]) by hb3-BKT101.hibox.biz with ESMTP; 15 Feb 2020 02:53:12 +0800 X-Remote-IP: 73.116.1.175 X-Remote-Host: c-73-116-1-175.hsd1.ca.comcast.net X-SBRS: -10.0 X-MID: 34338970 X-Auth-ID: tim.lewis@insyde.com X-EnvelopeFrom: tim.lewis@insyde.com hiBox-Sender: 1 Received: from c-73-116-1-175.hsd1.ca.comcast.net (HELO DESKTOPHG9V3E8) ([73.116.1.175]) by hb3-IN02.hibox.biz with ESMTP/TLS/AES256-SHA; 15 Feb 2020 02:52:56 +0800 From: "Tim Lewis" To: "'Liming Gao'" , , Cc: "'Guptha, Soumya K'" , "'Kinney, Michael D'" , "'Laszlo Ersek'" , , In-Reply-To: Subject: Re: [edk2-announce] Soft Feature Freeze starts now for edk2-stable202002 Date: Fri, 14 Feb 2020 10:52:55 -0800 Message-ID: <06bf01d5e367$f9c56ea0$ed504be0$@insyde.com> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-index: AQJw/13rh4bX4Zra+bHVweJBWynkrabk0M9Q Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-language: en-us Liming -- Is there any plan to list all of the security fixes related CVEs that are being checked in to the list of official features for this stable tag? We have listed the Boot Guard one. Thanks, Tim Lewis CTO, Insyde Software www.insyde.com -----Original Message----- From: announce@edk2.groups.io On Behalf Of Liming Gao Sent: Friday, February 14, 2020 12:19 AM To: devel@edk2.groups.io; announce@edk2.groups.io Cc: Guptha, Soumya K ; Kinney, Michael D ; Laszlo Ersek ; afish@apple.com; leif.lindholm@linaro.org Subject: [edk2-announce] Soft Feature Freeze starts now for edk2-stable202002 Hi, all We will enter into Soft Feature Freeze phase. In this phase, the feature under review will not be allowed to be pushed. The patch review can continue without break in edk2 community. If the patch is sent before Soft Feature Freeze, and plans to catch this stable tag, the patch contributor need reply to his patch and notify edk2 community. If the patch is sent after Soft Feature Freeze, and plans to catch this stable tag, please add edk2-stable202002 key words in the patch title and BZ, so the community know this patch target and give the feedback. Below is edk2-stable202002 tag planning https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-Plannin g Proposed Schedule Date (00:00:00 UTC-8) Description 2019-12-02 Beginning of development 2020-02-07 Feature Planning Freeze 2020-02-14 Soft Feature Freeze 2020-02-21 Hard Feature Freeze 2020-02-28 Release Thanks Liming From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.4855.1581916808362322157 for ; Sun, 16 Feb 2020 21:20:08 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: liming.gao@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Feb 2020 21:20:07 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,451,1574150400"; d="scan'208";a="228301538" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by orsmga008.jf.intel.com with ESMTP; 16 Feb 2020 21:20:07 -0800 Received: from shsmsx603.ccr.corp.intel.com (10.109.6.143) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.439.0; Sun, 16 Feb 2020 21:20:06 -0800 Received: from shsmsx606.ccr.corp.intel.com (10.109.6.216) by SHSMSX603.ccr.corp.intel.com (10.109.6.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Mon, 17 Feb 2020 13:20:04 +0800 Received: from shsmsx606.ccr.corp.intel.com ([10.109.6.216]) by SHSMSX606.ccr.corp.intel.com ([10.109.6.216]) with mapi id 15.01.1713.004; Mon, 17 Feb 2020 13:20:04 +0800 From: "Liming Gao" To: Tim Lewis , "devel@edk2.groups.io" , "announce@edk2.groups.io" CC: "Guptha, Soumya K" , "Kinney, Michael D" , 'Laszlo Ersek' , "afish@apple.com" , "leif.lindholm@linaro.org" Subject: Re: [edk2-announce] Soft Feature Freeze starts now for edk2-stable202002 Thread-Topic: [edk2-announce] Soft Feature Freeze starts now for edk2-stable202002 Thread-Index: AdXiUYr5ZXD8PHHnSrKvuaI45UBgEAA015WAAIKhhxA= Date: Mon, 17 Feb 2020 05:20:04 +0000 Message-ID: <91295eea07a1413cb0910850f96c2564@intel.com> References: <06bf01d5e367$f9c56ea0$ed504be0$@insyde.com> In-Reply-To: <06bf01d5e367$f9c56ea0$ed504be0$@insyde.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.2.0.6 dlp-product: dlpe-windows dlp-reaction: no-action x-originating-ip: [10.239.127.36] MIME-Version: 1.0 Return-Path: liming.gao@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Tim: There is no special list for the security fixes. All bug fixes will be f= ound in Bugzilla List in stable tag wiki, such as https://github.com/tianoc= ore/edk2/releases/tag/edk2-stable201911 Boot Guard is as the feature. So, it is listed in the feature planning.= =20 Thanks Liming > -----Original Message----- > From: announce@edk2.groups.io On Behalf Of Tim= Lewis > Sent: Saturday, February 15, 2020 2:53 AM > To: Gao, Liming ; devel@edk2.groups.io; announce@e= dk2.groups.io > Cc: Guptha, Soumya K ; Kinney, Michael D ; 'Laszlo Ersek' > ; afish@apple.com; leif.lindholm@linaro.org > Subject: Re: [edk2-announce] Soft Feature Freeze starts now for edk2-sta= ble202002 >=20 > Liming -- >=20 > Is there any plan to list all of the security fixes related CVEs that ar= e > being checked in to the list of official features for this stable tag? W= e > have listed the Boot Guard one. >=20 > Thanks, > Tim Lewis > CTO, Insyde Software > www.insyde.com >=20 > -----Original Message----- > From: announce@edk2.groups.io On Behalf Of Lim= ing > Gao > Sent: Friday, February 14, 2020 12:19 AM > To: devel@edk2.groups.io; announce@edk2.groups.io > Cc: Guptha, Soumya K ; Kinney, Michael D > ; Laszlo Ersek ; > afish@apple.com; leif.lindholm@linaro.org > Subject: [edk2-announce] Soft Feature Freeze starts now for > edk2-stable202002 >=20 > Hi, all > We will enter into Soft Feature Freeze phase. In this phase, the featu= re > under review will not be allowed to be pushed. The patch review can cont= inue > without break in edk2 community. >=20 > If the patch is sent before Soft Feature Freeze, and plans to catch th= is > stable tag, the patch contributor need reply to his patch and notify edk= 2 > community. > If the patch is sent after Soft Feature Freeze, and plans to catch thi= s > stable tag, please add edk2-stable202002 key words in the patch title an= d > BZ, so the community know this patch target and give the feedback. >=20 > Below is edk2-stable202002 tag planning > https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-Pla= nnin > g > Proposed Schedule > Date (00:00:00 UTC-8) Description > 2019-12-02 Beginning of development > 2020-02-07 Feature Planning Freeze > 2020-02-14 Soft Feature Freeze > 2020-02-21 Hard Feature Freeze > 2020-02-28 Release >=20 > Thanks > Liming >=20 >=20 >=20 >=20 >=20 >=20 From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from out03.hibox.biz (out03.hibox.biz [210.71.195.42]) by mx.groups.io with SMTP id smtpd.web09.4956.1581918607179069864 for ; Sun, 16 Feb 2020 21:50:08 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: insyde.com, ip: 210.71.195.42, mailfrom: tim.lewis@insyde.com) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2BmAAD1J0pe/w00GKxmGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQEBAQEBEQEBAQEBAQEBAQEBgXsCgXaBHXUSKoxUQ4gegz6LRhGMJQk?= =?us-ascii?q?BAQEBAQEBAQEIIwkBAgQBAYFMgm4EAgKCJTkFDQIQAQEGAQEBAQEFBG2Ea0w?= =?us-ascii?q?MhWYBAQIDCAIwDwUIIwwBBQYDDQQEAQFIGB4IAgQBEgsFBAkEgwaCew+qRII?= =?us-ascii?q?nGgKEGQGGEYE4gWWEH4g6g28HLj6CZAKHUwSQHocsRpduB4oKhUmJPRyCSXu?= =?us-ascii?q?HGwWEMgOMAYsFg2SIcJJpgWohgVhwLyGCbAk2ERiSHYJkiBAjMAKBHwgVAY4?= =?us-ascii?q?BAQE?= X-IronPort-AV: E=Sophos;i="5.70,451,1574092800"; d="scan'208";a="29456698" Received: from unknown (HELO hb3-BKT203.hibox.biz) ([172.24.52.13]) by out03.hibox.biz with ESMTP; 17 Feb 2020 13:50:04 +0800 IronPort-SDR: vHEvyq7W/SdzJSxTQ+Jy34HAOkMGJthVBsz3PuLzbIh0RFpYmI2CMEQxOWj8LNuDdYkgXte+ol ZiKuJHfC4kKg== Received: from unknown (HELO hb3-BKT101.hibox.biz) ([172.24.51.11]) by hb3-BKT203.hibox.biz with ESMTP; 17 Feb 2020 13:50:04 +0800 IronPort-SDR: lKc766iu6bRBD++TzvNEPHaJFNhVnH2drRXRkkS6xA2mF8Xf8ANRWOMa5qNfPNTAj4VqnfJx+n Tbs2/204HXhQ== Received: from unknown (HELO hb3-IN04.hibox.biz) ([172.24.12.14]) by hb3-BKT101.hibox.biz with ESMTP; 17 Feb 2020 13:50:04 +0800 X-Remote-IP: 73.116.1.175 X-Remote-Host: c-73-116-1-175.hsd1.ca.comcast.net X-SBRS: -10.0 X-MID: 36685788 X-Auth-ID: tim.lewis@insyde.com X-EnvelopeFrom: tim.lewis@insyde.com hiBox-Sender: 1 Received: from c-73-116-1-175.hsd1.ca.comcast.net (HELO DESKTOPHG9V3E8) ([73.116.1.175]) by hb3-IN04.hibox.biz with ESMTP/TLS/AES256-SHA; 17 Feb 2020 13:50:02 +0800 From: "Tim Lewis" To: "'Gao, Liming'" , , Cc: "'Guptha, Soumya K'" , "'Kinney, Michael D'" , "'Laszlo Ersek'" , , In-Reply-To: <91295eea07a1413cb0910850f96c2564@intel.com> Subject: Re: [edk2-announce] Soft Feature Freeze starts now for edk2-stable202002 Date: Sun, 16 Feb 2020 21:49:59 -0800 Message-ID: <0a4d01d5e556$1a279ed0$4e76dc70$@insyde.com> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-index: AQGVAtRFJTMQ/uYywX6ChDCLk1ggI6igpdOA Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-language: en-us Liming -- Thanks for the pointer. The reason I ask is that many users of open source projects such as EDKII scan the releases for CVE numbers in order to make sure that critical components get updated. This is due to the fact that CVEs often need to be reported to downstream users. The Bugzilla list is a little hidden, since these CVE fixes are not called out directly in the wiki page. It would be much easier if the BZ items that are related to security fixes are promoted directly to the wiki page, not just available through a BZ query. Thanks Tim -----Original Message----- From: Gao, Liming Sent: Sunday, February 16, 2020 9:20 PM To: Tim Lewis ; devel@edk2.groups.io; announce@edk2.groups.io Cc: Guptha, Soumya K ; Kinney, Michael D ; 'Laszlo Ersek' ; afish@apple.com; leif.lindholm@linaro.org Subject: RE: [edk2-announce] Soft Feature Freeze starts now for edk2-stable202002 Tim: There is no special list for the security fixes. All bug fixes will be found in Bugzilla List in stable tag wiki, such as https://github.com/tianocore/edk2/releases/tag/edk2-stable201911 Boot Guard is as the feature. So, it is listed in the feature planning. Thanks Liming > -----Original Message----- > From: announce@edk2.groups.io On Behalf Of > Tim Lewis > Sent: Saturday, February 15, 2020 2:53 AM > To: Gao, Liming ; devel@edk2.groups.io; > announce@edk2.groups.io > Cc: Guptha, Soumya K ; Kinney, Michael D ; 'Laszlo Ersek' > ; afish@apple.com; leif.lindholm@linaro.org > Subject: Re: [edk2-announce] Soft Feature Freeze starts now for > edk2-stable202002 > > Liming -- > > Is there any plan to list all of the security fixes related CVEs that > are being checked in to the list of official features for this stable > tag? We have listed the Boot Guard one. > > Thanks, > Tim Lewis > CTO, Insyde Software > www.insyde.com > > -----Original Message----- > From: announce@edk2.groups.io On Behalf Of > Liming Gao > Sent: Friday, February 14, 2020 12:19 AM > To: devel@edk2.groups.io; announce@edk2.groups.io > Cc: Guptha, Soumya K ; Kinney, Michael D > ; Laszlo Ersek ; > afish@apple.com; leif.lindholm@linaro.org > Subject: [edk2-announce] Soft Feature Freeze starts now for > edk2-stable202002 > > Hi, all > We will enter into Soft Feature Freeze phase. In this phase, the > feature under review will not be allowed to be pushed. The patch > review can continue without break in edk2 community. > > If the patch is sent before Soft Feature Freeze, and plans to catch > this stable tag, the patch contributor need reply to his patch and > notify edk2 community. > If the patch is sent after Soft Feature Freeze, and plans to catch > this stable tag, please add edk2-stable202002 key words in the patch > title and BZ, so the community know this patch target and give the feedback. > > Below is edk2-stable202002 tag planning > https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-P > lannin > g > Proposed Schedule > Date (00:00:00 UTC-8) Description > 2019-12-02 Beginning of development > 2020-02-07 Feature Planning Freeze > 2020-02-14 Soft Feature Freeze > 2020-02-21 Hard Feature Freeze > 2020-02-28 Release > > Thanks > Liming > > > > > > From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.120]) by mx.groups.io with SMTP id smtpd.web09.5723.1581925604139358543 for ; Sun, 16 Feb 2020 23:46:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=g1vGtrSU; spf=pass (domain: redhat.com, ip: 205.139.110.120, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1581925603; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=udG21hArF02iQaKYVFy1NqEOhu4xbJrXfIhFloXje5E=; b=g1vGtrSUoONmGiemkvPxynrlPWT0G/T/6pUi9+y76xNrGFd6/1cdIPr+BBzh9FJR4khb4Z Lc+uEHvlWFndExCN9VhW4qNuvHZkq63y6ervvAoV4XtVC4IjlLd6EVfWgMn83Jyfp/cCph 6yL6LFRoovUUvahqFCElgi6GHPYKnwc= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-342-Gafep4e7OCu32p7Yre21tA-1; Mon, 17 Feb 2020 02:46:36 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C44D38017CC; Mon, 17 Feb 2020 07:46:34 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-195.ams2.redhat.com [10.36.116.195]) by smtp.corp.redhat.com (Postfix) with ESMTP id CA36A5C10D; Mon, 17 Feb 2020 07:46:32 +0000 (UTC) Subject: Re: [edk2-announce] Soft Feature Freeze starts now for edk2-stable202002 To: tim.lewis@insyde.com, "'Gao, Liming'" , devel@edk2.groups.io, announce@edk2.groups.io Cc: "'Guptha, Soumya K'" , "'Kinney, Michael D'" , afish@apple.com, leif.lindholm@linaro.org References: <0a4d01d5e556$1a279ed0$4e76dc70$@insyde.com> From: "Laszlo Ersek" Message-ID: Date: Mon, 17 Feb 2020 08:46:31 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <0a4d01d5e556$1a279ed0$4e76dc70$@insyde.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-MC-Unique: Gafep4e7OCu32p7Yre21tA-1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit On 02/17/20 06:49, tim.lewis@insyde.com wrote: > Liming -- > > Thanks for the pointer. > > The reason I ask is that many users of open source projects such as EDKII > scan the releases for CVE numbers in order to make sure that critical > components get updated. This is due to the fact that CVEs often need to be > reported to downstream users. The Bugzilla list is a little hidden, since > these CVE fixes are not called out directly in the wiki page. It would be > much easier if the BZ items that are related to security fixes are promoted > directly to the wiki page, not just available through a BZ query. * Any commit that fixes a CVE is supposed to carry the CVE ID in its subject, in the git history. So if you do $ git log --oneline --reverse edk2-stable201911..master | grep CVE that should give you the list. Right now, it gives me: - CVE-2019-14563 - CVE-2019-14586 - CVE-2019-14558 * For CVE patches pending review, the mailing list can be searched similarly. (E.g. "posted after a certain date, plus has both "CVE" and "PATCH" in subject.) The pending fixes seem to be for: - CVE-2019-14575 - CVE-2019-14587 - CVE-2019-14559 (Your question is precisely why I've always asked for CVE IDs in patch subjects.) Thanks Laszlo