Leif: > -----Original Message----- > From: Leif Lindholm [mailto:leif.lindh...@linaro.org] > Sent: Thursday, August 8, 2019 10:52 PM > To: Gao, Liming <liming....@intel.com> > Cc: devel@edk2.groups.io; Wang, Jian J <jian.j.w...@intel.com>; Wu, Hao A > <hao.a...@intel.com>; Cinnamon Shia > <cinnamon.s...@hpe.com>; af...@apple.com; Laszlo Ersek (ler...@redhat.com) > <ler...@redhat.com>; Kinney, Michael D > <michael.d.kin...@intel.com>; Cetola, Stephano <stephano.cet...@intel.com> > Subject: Re: [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Update > Oniguruma from v6.9.0 to v6.9.3 > > On Thu, Aug 08, 2019 at 01:52:36PM +0000, Gao, Liming wrote: > > Hi, all > > This patch is big. I upload it into > > https://github.com/lgao4/edk2/tree/Oniguruma6.9.3 for your review. > > > > Hi, Stewards: > > Oniguruma version v6.9.3 is released for security fix. So, I plan to > > include this update for 201908 stable tag. If you have any > comments, please let me know. > > This version was only released 3 days ago, so I am OK with it being > included. (If this had been posted as an update to 6.9.2, I would have > questioned why it was being brought in so late in the cycle.) > Yes. I find this version is just released. And, it is for security fix. So, I want to catch it for 201908 stable tag.
> Do we have confidence that we can achieve substantial testing before > the stable tag? I verify its functionality by UEFI SCT RegularExpressionProtocol. This driver is used to produce RegularExpressionProtocol. > > Is it feasible to convert this to a git submodule for future updates? > I will submit one BZ for it. This need to contribute some change back to Oniguruma project for EDK2. Thanks Liming > Best Regards, > > Leif > > > Thanks > > Liming > > >-----Original Message----- > > >From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > > >Liming Gao > > >Sent: Thursday, August 08, 2019 9:31 PM > > >To: devel@edk2.groups.io > > >Cc: Wang, Jian J <jian.j.w...@intel.com>; Wu, Hao A <hao.a...@intel.com>; > > >Cinnamon Shia <cinnamon.s...@hpe.com> > > >Subject: [edk2-devel] [Patch] MdeModulePkg RegularExpressionDxe: Update > > >Oniguruma from v6.9.0 to v6.9.3 > > > > > >BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2066 > > >Update Oniguruma to the latest version v6.9.3. > > >Oniguruma https://github.com/kkos/oniguruma > > >This release is the security fix release. It includes the changes: > > >Fixed CVE-2019-13224 > > >Fixed CVE-2019-13225 > > >Fixed many problems (found by libfuzzer programs) > > > > > >Verify VS2015, GCC5 build. > > >Verify RegularExpressionProtocol GetInfo() and Match() function. > > > > > >Cc: Jian J Wang <jian.j.w...@intel.com> > > >Cc: Hao A Wu <hao.a...@intel.com> > > >Cc: Cinnamon Shia <cinnamon.s...@hpe.com> > > >Signed-off-by: Liming Gao <liming....@intel.com> > > >--- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/ascii.c > > >| 2 +- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regcomp.c > > >| 2433 +++++++++++-------- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.c > > >| 82 +- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c > > >| 63 +- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regexec.c > > >| 2672 +++++++++++---------- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/reggnu.c > > >| 22 +- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.c > > >| 702 +++--- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c > > >| 12 +- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposix.c > > >| 16 +- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regsyntax.c > > >| 12 +- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode.c > > >| 289 ++- > > > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_egcb > > >_data.c | 31 +- > > > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold1 > > >_key.c | 2689 ++++++++++----------- > > > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold2 > > >_key.c | 4 +- > > > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold3 > > >_key.c | 4 +- > > > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_fold_ > > >data.c | 2256 +++++++++--------- > > > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_prop > > >erty_data.c | 8545 +++++++++++++++++++++++++++++++++++------------ > > >-------------------- > > > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_prop > > >erty_data_posix.c | 410 ++-- > > > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_unfol > > >d_key.c | 3253 +++++++++++++------------- > > > > > >MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/unicode_wb_d > > >ata.c | 1023 ++++++++ > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/utf16_le.c > > >| 36 +- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/oniguruma.h > > >| 21 +- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regenc.h > > >| 23 +- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regint.h > > >| 438 ++-- > > > MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.h > > >| 313 ++- > > > 25 files changed, 14055 insertions(+), 11296 deletions(-) > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#45273): https://edk2.groups.io/g/devel/message/45273 Mute This Topic: https://groups.io/mt/32798293/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
