Hi Laszlo, I agree with your assessments.
One comment below. Mike > -----Original Message----- > From: Laszlo Ersek <ler...@redhat.com> > Sent: Tuesday, February 18, 2020 12:04 PM > To: Gao, Liming <liming....@intel.com>; Guptha, Soumya > K <soumya.k.gup...@intel.com>; Kinney, Michael D > <michael.d.kin...@intel.com>; l...@nuviainc.com; > af...@apple.com > Cc: devel@edk2.groups.io > Subject: Re: Patch List for 202002 stable tag > > On 02/18/20 15:08, Gao, Liming wrote: > > Hi Stewards and all: > > I collect current patch lists in devel mail list. > Those patch > > contributors request to add them for 201902 stable > tag. Because we > > have enter into Soft Feature Freeze, I want to > collect your feedback > > for them. If any patches are missing, please reply > this mail to add > > them. > > > > Feature List (under review): > > According to > <https://github.com/tianocore/tianocore.github.io/wiki/ > SoftFeatureFreeze>, > features can be merged during the SFF if their review > completed before > the SFF. > > The SFF date is 2020-02-14 00:00:00 UTC-8, per > <https://github.com/tianocore/tianocore.github.io/wiki/ > EDK-II-Release-Planning>. > For me (in CET = UTC+1), that makes the deadline 2020- > 02-14 09:00:00 > CET. > > > > https://edk2.groups.io/g/devel/topic/patch_v3_0_1_add_p > cd_to/69401948 > > [PATCH v3 0/1] Add PCD to disable safe string > constraint assertions > > (solution under discussion) > > Posted on 2020-01-03. Review doesn't appear complete. > Technically > speaking, it has missed edk2-stable202002. > > There were two large gaps in the review process, namely > between these > messages: > > - https://edk2.groups.io/g/devel/message/53026 [2020- > 01-08] > - https://edk2.groups.io/g/devel/message/53485 [2020- > 01-27] > - https://edk2.groups.io/g/devel/message/54133 [2020- > 02-10] > > If review seems stuck, it's advisable to ping once per > week, or a bit > more frequently. Two weeks ore more between pings is > way too long. > > > https://edk2.groups.io/g/devel/message/54122 [PATCH > 1/1] ShellPkg: Add > > support for input with separately reported modifiers > (under review, is > > this a feature or bug in the disucssion) > > The subject starts with "Add support for...", so it's a > new feature, or > at least a feature-enablement. > > Posted on 2020-02-10. Has not been reviewed yet, > AFAICT. Same situation > as above. (Missed edk2-stable202002, technically > speaking.) > > Note: I don't have a personal preference either way. > I'm just pointing > out what the SFF definition formally dictates, in my > interpretation. > > If we want to extend the freeze dates, I won't object. > > > Bug List (reviewed): > > https://edk2.groups.io/g/devel/message/54416 [PATCH > v2 00/10] Fix > > false negative issue in > DxeImageVerificationHandler(CVE-2019-14575) > > Clearly a bug fix; it could go in even during the HFF > <https://github.com/tianocore/tianocore.github.io/wiki/ > HardFeatureFreeze>. > > > https://edk2.groups.io/g/devel/message/54523 [PATCH > > v1][edk2-stable202002] MdeModulePkg/SdMmcPciHcDxe: > Fix double PciIo > > Unmap in TRB creation (CVE-2019-14587) > > Ditto. > > > https://edk2.groups.io/g/devel/message/54510 [PATCH > v6 0/2] > > Enhancement and Fixes to BaseHashApiLib > > Hm. I feel like I need some convincing that patch#1 -- > "CryptoPkg/BaseHashApiLib: Align BaseHashApiLib with > TPM 2.0 > Implementation" -- is *also* a bugfix (like patch#2). > > That question matters because the reviews: > > - https://edk2.groups.io/g/devel/message/54513 > - https://edk2.groups.io/g/devel/message/54567 > > were not posted before the SFF. > > ... I guess it's OK. The description of the bug does not emphasis that this really is a bug fix. There were additional review comments from the CryptoPkg reviewers after the initial review/commit of this feature. These changes address that feedback. The alignment with TPM 2.0 is to use an existing set of defines for the hash algorithms instead of define yet another set of defines. Details in this thread: https://edk2.groups.io/g/devel/topic/70960524#53733 > > > https://edk2.groups.io/g/devel/message/53703 [PATCH > V2] UefiCpuPkg > > RegisterCpuFeaturesLib: Match data type and format > specifier > > Even if this were a feature, it could go in; the review > was posted in > time: > - https://edk2.groups.io/g/devel/message/53803 > > In fact I don't understand why it hasn't been merged > for more than a > week now! > > > https://edk2.groups.io/g/devel/message/53577 [PATCH > v1 1/1] ShellPkg: > > acpiview: Remove duplicate ACPI structure size > definitions > > Approved in time, regardless of bugfix vs. feature. > Should go in. > > > https://edk2.groups.io/g/devel/message/54192 [PATCH > v2 1/1] ShellPkg: > > acpiview: Validate ACPI table 'Length' field > > The review was posted past the SFF, but I agree this > looks like a > bugfix, so should be OK. (Supplying missing input > sanitization is > arguably a fix.) > > > > > Bug List (under review) > > https://edk2.groups.io/g/devel/message/54361 [PATCH > 1/1] > > NetworkPkg/ArpDxe: Recycle invalid ARP packets(CVE- > 2019-14559) > > https://edk2.groups.io/g/devel/message/54569 [PATCH > v3] > > NetworkPkg/Ip4Dxe: Check the received package length > (CVE-2019-14559) > > CVE fixes can clearly go in during the HFF too. > > > https://edk2.groups.io/g/devel/message/54448 [PATCH > v1 1/1] ShellPkg: > > acpiview: Prevent infinite loop if structure length > is 0 > > Similar to "ShellPkg: acpiview: Validate ACPI table > 'Length' field"; > should be OK. > > > Just my opinion, of course. > > Thanks > Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54587): https://edk2.groups.io/g/devel/message/54587 Mute This Topic: https://groups.io/mt/71371549/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
