On Thu, Aug 08, 2019 at 01:52:36PM +0000, Gao, Liming wrote: > Hi, all > This patch is big. I upload it into > https://github.com/lgao4/edk2/tree/Oniguruma6.9.3 for your review. > > Hi, Stewards: > Oniguruma version v6.9.3 is released for security fix. So, I plan to > include this update for 201908 stable tag. If you have any comments, please > let me know.
This version was only released 3 days ago, so I am OK with it being included. (If this had been posted as an update to 6.9.2, I would have questioned why it was being brought in so late in the cycle.) Do we have confidence that we can achieve substantial testing before the stable tag? Is it feasible to convert this to a git submodule for future updates? Best Regards, Leif > Thanks > Liming > >-----Original Message----- > >From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > >Liming Gao > >Sent: Thursday, August 08, 2019 9:31 PM > >To: devel@edk2.groups.io > >Cc: Wang, Jian J <jian.j.w...@intel.com>; Wu, Hao A <hao.a...@intel.com>; > >Cinnamon Shia <cinnamon.s...@hpe.com> > >Subject: [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Update > >Oniguruma from v6.9.0 to v6.9.3 > > > >BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2066 > >Update Oniguruma to the latest version v6.9.3. > >Oniguruma https://github.com/kkos/oniguruma > >This release is the security fix release. It includes the changes: > >Fixed CVE-2019-13224 > >Fixed CVE-2019-13225 > >Fixed many problems (found by libfuzzer programs) > > > >Verify VS2015, GCC5 build. > >Verify RegularExpressionProtocol GetInfo() and Match() function. > > > >Cc: Jian J Wang <jian.j.w...@intel.com> > >Cc: Hao A Wu <hao.a...@intel.com> > >Cc: Cinnamon Shia <cinnamon.s...@hpe.com> > >Signed-off-by: Liming Gao <liming....@intel.com> > >--- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/ascii.c > >| 2 +- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regcomp.c > >| 2433 +++++++++++-------- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.c > >| 82 +- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c > >| 63 +- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regexec.c > >| 2672 +++++++++++---------- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/reggnu.c > >| 22 +- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.c > >| 702 +++--- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c > >| 12 +- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposix.c > >| 16 +- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regsyntax.c > >| 12 +- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode.c > >| 289 ++- > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_egcb > >_data.c | 31 +- > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold1 > >_key.c | 2689 ++++++++++----------- > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold2 > >_key.c | 4 +- > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold3 > >_key.c | 4 +- > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold_ > >data.c | 2256 +++++++++--------- > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_prop > >erty_data.c | 8545 +++++++++++++++++++++++++++++++++++------------ > >-------------------- > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_prop > >erty_data_posix.c | 410 ++-- > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_unfol > >d_key.c | 3253 +++++++++++++------------- > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_wb_d > >ata.c | 1023 ++++++++ > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/utf16_le.c > >| 36 +- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/oniguruma.h > >| 21 +- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.h > >| 23 +- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regint.h > >| 438 ++-- > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.h > >| 313 ++- > > 25 files changed, 14055 insertions(+), 11296 deletions(-) > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#45196): https://edk2.groups.io/g/devel/message/45196 Mute This Topic: https://groups.io/mt/32798293/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
