MdeModulePkg/MdeModulePkg.dec | 6 +++ MdeModulePkg/MdeModulePkg.uni | 6 +++ MdeModulePkg/Core/Dxe/DxeMain.inf | 1 + MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c | 52 +++++++++++++++++--- 4 files changed, 59 insertions(+), 6 deletions(-)
Repo: https://pagure.io/lersek/edk2.git Branch: tianocore_1743_v2_resend Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1743 "RESEND" because I'm publicly posting the patches from <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c19>. The Reviewed-by tags on the patches originate from <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c20> and <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c22>. Retested with Liming's reproducer; see <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c16> and <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c18>. This series targets edk2-stable202011. I plan to merge it later this week, based on Liming's R-b. Liming, highlighting TianoCore#1743 in the "proposed features" list could be useful. Cc: Dandan Bi <dandan.bi@intel.com> Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Thanks! Laszlo Laszlo Ersek (2): MdeModulePkg/Core/Dxe: assert SectionInstance invariant in FindChildNode() MdeModulePkg/Core/Dxe: limit FwVol encapsulation section recursion MdeModulePkg/MdeModulePkg.dec | 6 +++ MdeModulePkg/MdeModulePkg.uni | 6 +++ MdeModulePkg/Core/Dxe/DxeMain.inf | 1 + MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c | 52 +++++++++++++++++--- 4 files changed, 59 insertions(+), 6 deletions(-) -- 2.19.1.3.g30247aa5d201 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#67707): https://edk2.groups.io/g/devel/message/67707 Mute This Topic: https://groups.io/mt/78362191/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Laszlo: I am OK to merge this patch and the fix in LzmaUefiDecompressGetInfo for this stable tag. After you are done, I will update the proposed feature list to include them. In BZ, there is no CVE number. So, I want to confirm whether CVE number is required. Thanks Liming > -----邮件原件----- > 发件人: bounce+27952+67707+4905953+8761045@groups.io > <bounce+27952+67707+4905953+8761045@groups.io> 代表 Laszlo Ersek > 发送时间: 2020年11月19日 18:54 > 收件人: edk2-devel-groups-io <devel@edk2.groups.io> > 抄送: Dandan Bi <dandan.bi@intel.com>; Hao A Wu <hao.a.wu@intel.com>; > Jian J Wang <jian.j.wang@intel.com>; Liming Gao > <gaoliming@byosoft.com.cn>; Philippe Mathieu-Daudé <philmd@redhat.com> > 主题: [edk2-devel] [PATCH v2 RESEND 0/2] security fix: unlimited FV > recursion, round 2 (DXE Core) > > Repo: https://pagure.io/lersek/edk2.git > Branch: tianocore_1743_v2_resend > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1743 > > "RESEND" because I'm publicly posting the patches from > <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c19>. > > The Reviewed-by tags on the patches originate from > <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c20> and > <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c22>. > > Retested with Liming's reproducer; see > <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c16> and > <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c18>. > > This series targets edk2-stable202011. I plan to merge it later this > week, based on Liming's R-b. > > Liming, highlighting TianoCore#1743 in the "proposed features" list > could be useful. > > Cc: Dandan Bi <dandan.bi@intel.com> > Cc: Hao A Wu <hao.a.wu@intel.com> > Cc: Jian J Wang <jian.j.wang@intel.com> > Cc: Liming Gao <gaoliming@byosoft.com.cn> > Cc: Philippe Mathieu-Daudé <philmd@redhat.com> > > Thanks! > Laszlo > > Laszlo Ersek (2): > MdeModulePkg/Core/Dxe: assert SectionInstance invariant in > FindChildNode() > MdeModulePkg/Core/Dxe: limit FwVol encapsulation section recursion > > MdeModulePkg/MdeModulePkg.dec > | 6 +++ > MdeModulePkg/MdeModulePkg.uni > | 6 +++ > MdeModulePkg/Core/Dxe/DxeMain.inf > | 1 + > MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c | 52 > +++++++++++++++++--- > 4 files changed, 59 insertions(+), 6 deletions(-) > > -- > 2.19.1.3.g30247aa5d201 > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#67742): https://edk2.groups.io/g/devel/message/67742 Mute This Topic: https://groups.io/mt/78383549/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On 11/20/20 06:30, gaoliming wrote: > Laszlo: > I am OK to merge this patch and the fix in LzmaUefiDecompressGetInfo for this stable tag. After you are done, I will update the proposed feature list to include them. Merged as commit range 6c8dd15c4ae4..47343af30435, via <https://github.com/tianocore/edk2/pull/1137>. Thanks, Laszlo > > In BZ, there is no CVE number. So, I want to confirm whether CVE number is required. > > Thanks > Liming >> -----邮件原件----- >> 发件人: bounce+27952+67707+4905953+8761045@groups.io >> <bounce+27952+67707+4905953+8761045@groups.io> 代表 Laszlo Ersek >> 发送时间: 2020年11月19日 18:54 >> 收件人: edk2-devel-groups-io <devel@edk2.groups.io> >> 抄送: Dandan Bi <dandan.bi@intel.com>; Hao A Wu <hao.a.wu@intel.com>; >> Jian J Wang <jian.j.wang@intel.com>; Liming Gao >> <gaoliming@byosoft.com.cn>; Philippe Mathieu-Daudé <philmd@redhat.com> >> 主题: [edk2-devel] [PATCH v2 RESEND 0/2] security fix: unlimited FV >> recursion, round 2 (DXE Core) >> >> Repo: https://pagure.io/lersek/edk2.git >> Branch: tianocore_1743_v2_resend >> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1743 >> >> "RESEND" because I'm publicly posting the patches from >> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c19>. >> >> The Reviewed-by tags on the patches originate from >> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c20> and >> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c22>. >> >> Retested with Liming's reproducer; see >> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c16> and >> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c18>. >> >> This series targets edk2-stable202011. I plan to merge it later this >> week, based on Liming's R-b. >> >> Liming, highlighting TianoCore#1743 in the "proposed features" list >> could be useful. >> >> Cc: Dandan Bi <dandan.bi@intel.com> >> Cc: Hao A Wu <hao.a.wu@intel.com> >> Cc: Jian J Wang <jian.j.wang@intel.com> >> Cc: Liming Gao <gaoliming@byosoft.com.cn> >> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> >> >> Thanks! >> Laszlo >> >> Laszlo Ersek (2): >> MdeModulePkg/Core/Dxe: assert SectionInstance invariant in >> FindChildNode() >> MdeModulePkg/Core/Dxe: limit FwVol encapsulation section recursion >> >> MdeModulePkg/MdeModulePkg.dec >> | 6 +++ >> MdeModulePkg/MdeModulePkg.uni >> | 6 +++ >> MdeModulePkg/Core/Dxe/DxeMain.inf >> | 1 + >> MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c | 52 >> +++++++++++++++++--- >> 4 files changed, 59 insertions(+), 6 deletions(-) >> >> -- >> 2.19.1.3.g30247aa5d201 >> >> >> >> >> > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#67774): https://edk2.groups.io/g/devel/message/67774 Mute This Topic: https://groups.io/mt/78383549/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On 11/20/20 06:30, gaoliming wrote: > Laszlo: > I am OK to merge this patch and the fix in LzmaUefiDecompressGetInfo for this stable tag. After you are done, I will update the proposed feature list to include them. Thanks! > In BZ, there is no CVE number. So, I want to confirm whether CVE number is required. We seem to have failed getting a CVE number. I'm unaware of any CVE being assigned to this issue. Thanks Laszlo > > Thanks > Liming >> -----邮件原件----- >> 发件人: bounce+27952+67707+4905953+8761045@groups.io >> <bounce+27952+67707+4905953+8761045@groups.io> 代表 Laszlo Ersek >> 发送时间: 2020年11月19日 18:54 >> 收件人: edk2-devel-groups-io <devel@edk2.groups.io> >> 抄送: Dandan Bi <dandan.bi@intel.com>; Hao A Wu <hao.a.wu@intel.com>; >> Jian J Wang <jian.j.wang@intel.com>; Liming Gao >> <gaoliming@byosoft.com.cn>; Philippe Mathieu-Daudé <philmd@redhat.com> >> 主题: [edk2-devel] [PATCH v2 RESEND 0/2] security fix: unlimited FV >> recursion, round 2 (DXE Core) >> >> Repo: https://pagure.io/lersek/edk2.git >> Branch: tianocore_1743_v2_resend >> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1743 >> >> "RESEND" because I'm publicly posting the patches from >> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c19>. >> >> The Reviewed-by tags on the patches originate from >> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c20> and >> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c22>. >> >> Retested with Liming's reproducer; see >> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c16> and >> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c18>. >> >> This series targets edk2-stable202011. I plan to merge it later this >> week, based on Liming's R-b. >> >> Liming, highlighting TianoCore#1743 in the "proposed features" list >> could be useful. >> >> Cc: Dandan Bi <dandan.bi@intel.com> >> Cc: Hao A Wu <hao.a.wu@intel.com> >> Cc: Jian J Wang <jian.j.wang@intel.com> >> Cc: Liming Gao <gaoliming@byosoft.com.cn> >> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> >> >> Thanks! >> Laszlo >> >> Laszlo Ersek (2): >> MdeModulePkg/Core/Dxe: assert SectionInstance invariant in >> FindChildNode() >> MdeModulePkg/Core/Dxe: limit FwVol encapsulation section recursion >> >> MdeModulePkg/MdeModulePkg.dec >> | 6 +++ >> MdeModulePkg/MdeModulePkg.uni >> | 6 +++ >> MdeModulePkg/Core/Dxe/DxeMain.inf >> | 1 + >> MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c | 52 >> +++++++++++++++++--- >> 4 files changed, 59 insertions(+), 6 deletions(-) >> >> -- >> 2.19.1.3.g30247aa5d201 >> >> >> >> >> > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#67762): https://edk2.groups.io/g/devel/message/67762 Mute This Topic: https://groups.io/mt/78383549/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.