[edk2-devel] Patch List for 202002 stable tag
Laszlo Ersek
lersek at redhat.com
Tue Feb 18 20:04:27 UTC 2020
On 02/18/20 15:08, Gao, Liming wrote:
> Hi Stewards and all:
> I collect current patch lists in devel mail list. Those patch
> contributors request to add them for 201902 stable tag. Because we
> have enter into Soft Feature Freeze, I want to collect your feedback
> for them. If any patches are missing, please reply this mail to add
> them.
>
> Feature List (under review):
According to
<https://github.com/tianocore/tianocore.github.io/wiki/SoftFeatureFreeze>,
features can be merged during the SFF if their review completed before
the SFF.
The SFF date is 2020-02-14 00:00:00 UTC-8, per
<https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-Planning>.
For me (in CET = UTC+1), that makes the deadline 2020-02-14 09:00:00
CET.
> https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_pcd_to/69401948
> [PATCH v3 0/1] Add PCD to disable safe string constraint assertions
> (solution under discussion)
Posted on 2020-01-03. Review doesn't appear complete. Technically
speaking, it has missed edk2-stable202002.
There were two large gaps in the review process, namely between these
messages:
- https://edk2.groups.io/g/devel/message/53026 [2020-01-08]
- https://edk2.groups.io/g/devel/message/53485 [2020-01-27]
- https://edk2.groups.io/g/devel/message/54133 [2020-02-10]
If review seems stuck, it's advisable to ping once per week, or a bit
more frequently. Two weeks ore more between pings is way too long.
> https://edk2.groups.io/g/devel/message/54122 [PATCH 1/1] ShellPkg: Add
> support for input with separately reported modifiers (under review, is
> this a feature or bug in the disucssion)
The subject starts with "Add support for...", so it's a new feature, or
at least a feature-enablement.
Posted on 2020-02-10. Has not been reviewed yet, AFAICT. Same situation
as above. (Missed edk2-stable202002, technically speaking.)
Note: I don't have a personal preference either way. I'm just pointing
out what the SFF definition formally dictates, in my interpretation.
If we want to extend the freeze dates, I won't object.
> Bug List (reviewed):
> https://edk2.groups.io/g/devel/message/54416 [PATCH v2 00/10] Fix
> false negative issue in DxeImageVerificationHandler(CVE-2019-14575)
Clearly a bug fix; it could go in even during the HFF
<https://github.com/tianocore/tianocore.github.io/wiki/HardFeatureFreeze>.
> https://edk2.groups.io/g/devel/message/54523 [PATCH
> v1][edk2-stable202002] MdeModulePkg/SdMmcPciHcDxe: Fix double PciIo
> Unmap in TRB creation (CVE-2019-14587)
Ditto.
> https://edk2.groups.io/g/devel/message/54510 [PATCH v6 0/2]
> Enhancement and Fixes to BaseHashApiLib
Hm. I feel like I need some convincing that patch#1 --
"CryptoPkg/BaseHashApiLib: Align BaseHashApiLib with TPM 2.0
Implementation" -- is *also* a bugfix (like patch#2).
That question matters because the reviews:
- https://edk2.groups.io/g/devel/message/54513
- https://edk2.groups.io/g/devel/message/54567
were not posted before the SFF.
... I guess it's OK.
> https://edk2.groups.io/g/devel/message/53703 [PATCH V2] UefiCpuPkg
> RegisterCpuFeaturesLib: Match data type and format specifier
Even if this were a feature, it could go in; the review was posted in
time:
- https://edk2.groups.io/g/devel/message/53803
In fact I don't understand why it hasn't been merged for more than a
week now!
> https://edk2.groups.io/g/devel/message/53577 [PATCH v1 1/1] ShellPkg:
> acpiview: Remove duplicate ACPI structure size definitions
Approved in time, regardless of bugfix vs. feature. Should go in.
> https://edk2.groups.io/g/devel/message/54192 [PATCH v2 1/1] ShellPkg:
> acpiview: Validate ACPI table 'Length' field
The review was posted past the SFF, but I agree this looks like a
bugfix, so should be OK. (Supplying missing input sanitization is
arguably a fix.)
>
> Bug List (under review)
> https://edk2.groups.io/g/devel/message/54361 [PATCH 1/1]
> NetworkPkg/ArpDxe: Recycle invalid ARP packets(CVE-2019-14559)
> https://edk2.groups.io/g/devel/message/54569 [PATCH v3]
> NetworkPkg/Ip4Dxe: Check the received package length (CVE-2019-14559)
CVE fixes can clearly go in during the HFF too.
> https://edk2.groups.io/g/devel/message/54448 [PATCH v1 1/1] ShellPkg:
> acpiview: Prevent infinite loop if structure length is 0
Similar to "ShellPkg: acpiview: Validate ACPI table 'Length' field";
should be OK.
Just my opinion, of course.
Thanks
Laszlo
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#54584): https://edk2.groups.io/g/devel/message/54584
Mute This Topic: https://groups.io/mt/71371549/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list