I agree with this comment.
Laszlo Ersek 于2020年2月17日周一 下午5:32写道:
> On 02/13/20 19:33, Philippe Mathieu-Daudé wrote:
> > On 2/13/20 7:29 PM, Philippe Mathieu-Daude wrote:
> >> Math expressions written in terms of SafeIntLib function calls
> >> are easily readable, making review trivial. Convert
ASSERT in SetTime_Conf and SetWakeupTime_Conf Consistency Test.
SCT Test expect return as Invalid Parameter.
So removed ASSERT().
Added Time Validity Checks in SetWakeupTime.
Signed-off-by: Gaurav Jain
---
Changes in v2:
- reverted changes related to valid range of years.
---
I agree with this comment.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#54572): https://edk2.groups.io/g/devel/message/54572
Mute This Topic: https://groups.io/mt/71248587/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe:
I agree with this comment.
Thanks.
Guomin
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#54570): https://edk2.groups.io/g/devel/message/54570
Mute This Topic: https://groups.io/mt/71248587/21656
Group Owner: devel+ow...@edk2.groups.io
v3: correct the coding style.
v2: correct the commit message & add BZ number.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1610
This patch is to check the received package length to make sure the package
has a valid length field.
Cc: Fu Siyuan
Cc: Maciej Rabeda
Signed-off-by: Wu Jiaxin
> -Original Message-
> From: Wang, Jian J
> Sent: Monday, February 17, 2020 12:03 PM
> To: devel@edk2.groups.io; Wu, Hao A
> Cc: Ni, Ray
> Subject: RE: [edk2-devel] [PATCH v1][edk2-stable202002]
> MdeModulePkg/SdMmcPciHcDxe: Fix double PciIo Unmap in TRB creation
> (CVE-2019-14587)
>
>
>
For the whole patch series,
Reviewed-by: Jian J Wang
Regards,
Jian
> -Original Message-
> From: Sukerkar, Amol N
> Sent: Sunday, February 16, 2020 3:51 AM
> To: devel@edk2.groups.io
> Cc: Kinney, Michael D ; Yao, Jiewen
> ; Wang, Jian J ; Agrawal,
> Sachin ; Gao, Liming
> Subject:
Hi Liming,
This is a minor change and has been reviewed by Laszlo and Eric.
It will be better if it can be caught by 202002 stable tag.
You or Eric may help submit it.
Thanks,
Star
> -Original Message-
> From: Dong, Eric
> Sent: Wednesday, February 5, 2020 10:43 AM
> To:
Reviewed-by: Zhichao Gao
Thanks,
Zhichao
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Krzysztof
> Koch
> Sent: Tuesday, February 11, 2020 6:01 PM
> To: devel@edk2.groups.io
> Cc: Ni, Ray ; Gao, Zhichao ;
> matteo.carl...@arm.com; sami.muja...@arm.com; n...@arm.com
>
Hi Laszlo,
Thanks the comments. I have updated the patch to v2.
BZ link is https://bugzilla.tianocore.org/show_bug.cgi?id=1610. According
comment 7, the CVE number is CVE-2019-14559 (share with BZ2031).
I guess they are produced by the same test environment. So, they are sharing
the same CVE
Thanks liming, already corrected in V2.
> -Original Message-
> From: Gao, Liming
> Sent: Monday, February 17, 2020 10:27 PM
> To: devel@edk2.groups.io; ler...@redhat.com; Wu, Jiaxin
>
> Cc: Fu, Siyuan ; Maciej Rabeda
> ; Armour, Nicholas
>
> Subject: RE: [edk2-devel] [PATCH v1]
V2: correct the commit message & add BZ number.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1610
This patch is to check the received package length to make sure the package
has a valid length field.
Cc: Fu Siyuan
Cc: Maciej Rabeda
Signed-off-by: Wu Jiaxin
---
Hi Doron,
As for -netdev backend, you can try using tap.
See:
https://gist.github.com/extremecoders-re/e8fd8a67a515fee0c873dcafc81d811c
Looking forward to test results.
Thanks,
Maciej
On 17-Feb-20 11:32, Laszlo Ersek wrote:
On 02/17/20 11:29, Laszlo Ersek wrote:
On 02/17/20 09:17,
Hi Nicholas,
Instead of adding gBS->SignalEvent() lines, please utilize
RECYCLE_RXDATA goto label. You can find the same gBS->SignalEvent()
being done there.
Additionally, please apply goto change in place pointed by Siyuan.
Thanks,
Maciej
On 17-Feb-20 06:15, Fu, Siyuan wrote:
Hi, Nicholas
Hi Liming,
The BZ is: https://bugzilla.tianocore.org/show_bug.cgi?id=2534
Please let me know if I should change something.
Kind regards,
Krzysztof
-Original Message-
From: devel@edk2.groups.io On Behalf Of Krzysztof Koch
via Groups.Io
Sent: Monday, February 17, 2020 15:23
To:
Reviewed-by: Sami Mujawar
Regards,
Sami Mujawar
-Original Message-
From: Krzysztof Koch
Sent: 14 February 2020 13:59
To: devel@edk2.groups.io
Cc: ray...@intel.com; zhichao@intel.com; Sami Mujawar
; Matteo Carlini ; nd
Subject: [PATCH v1 1/1] ShellPkg: acpiview: Prevent
Krzysztof:
Yes. Please create one BZ for this issue.
Thanks
Liming
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Krzysztof Koch
> Sent: Monday, February 17, 2020 11:23 PM
> To: devel@edk2.groups.io; Gao, Liming
> Cc: Ni, Ray ; Gao, Zhichao ; Sami
> Mujawar ; Matteo
Hi Liming,
I haven't created a BZ yet, shall I create one? It would be great if the patch
makes it to the stable tag.
Over the last few months I added some security features to acpiview. They make
this debug tool less sensitive to exploits from ACPI tables. This patch
completes my efforts in
Krzysztof:
Is there one BZ for this issue? Does this patch catch to this edk2 stable tag
202002?
Thanks
Liming
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Krzysztof Koch
> Sent: Friday, February 14, 2020 9:59 PM
> To: devel@edk2.groups.io
> Cc: Ni, Ray ; Gao,
Another minor comment. Ip4Dxe is moved into NetworkPkg. So, the patch title
should be NetworkPkg/Ip4Dxe.
Thanks
Liming
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Laszlo Ersek
> Sent: Monday, February 17, 2020 6:40 PM
> To: devel@edk2.groups.io; Wu, Jiaxin
> Cc: Fu,
Hi, Mike
I have sent V5 patch which removes the ASSERT and check the FIT pointer
against valid firmware address range (4G-16MB to 4G-0x40). Please help
to review it. Thanks.
Best Regards
Siyuan
> -Original Message-
> From: Kinney, Michael D
> Sent: 2020年2月17日 4:35
> To: Fu, Siyuan ;
On 02/17/20 08:43, Wu, Jiaxin wrote:
> This patch is to check the received package length to make sure the package
> has a valid length field.
>
> Cc: Fu Siyuan
> Cc: Maciej Rabeda
> Signed-off-by: Wu Jiaxin
> Reviewed-by: Siyuan Fu
> ---
> NetworkPkg/Ip4Dxe/Ip4Input.c | 46
>
On 02/17/20 11:29, Laszlo Ersek wrote:
> On 02/17/20 09:17, doron.bleib...@ecitele.com wrote:
>> Hi Community,
>>
>> I've also opened same topic at general discussion group, but after digging
>> more into this issue I think the relevant group is here where all the
>> technical stuff happens.
>>
On 02/17/20 09:17, doron.bleib...@ecitele.com wrote:
> Hi Community,
>
> I've also opened same topic at general discussion group, but after digging
> more into this issue I think the relevant group is here where all the
> technical stuff happens.
> A short introduction to my problem:
> I'm
Sorry, because of private feedback I just want to quickly clarify this has
absolutely no effect on the current ASSERT macro and concept, it is not
considered deprecated and existing ASSERTs (most of them) would remain as-is.
This is basically an extended ASSERT_RETURN_ERROR.
Best regards,
Hi Community,
I've also opened same topic at general discussion group, but after digging more
into this issue I think the relevant group is here where all the technical
stuff happens.
A short introduction to my problem:
I'm trying to boot QEMU VM using HTTP boot.
I've modified Conf/target.txt
On 02/13/20 19:33, Philippe Mathieu-Daudé wrote:
> On 2/13/20 7:29 PM, Philippe Mathieu-Daude wrote:
>> Math expressions written in terms of SafeIntLib function calls
>> are easily readable, making review trivial. Convert the truncation
>> checks added by commit 322ac05f8 to SafeIntLib calls.
>>
Gaurav:
Does this patch catch to edk2 stable tag 202002?
Thanks
Liming
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Gaurav Jain
> Sent: Monday, February 17, 2020 3:18 PM
> To: devel@edk2.groups.io
> Cc: Wang, Jian J ; Wu, Hao A ; Ni,
> Ray ; Pankaj Bansal
>
>
On Mon, 17 Feb 2020 at 08:31, Gaurav Jain wrote:
>
> ASSERT in SetTime_Conf and SetWakeupTime_Conf Consistency Test.
> SCT Test expect return as Invalid Parameter.
> So removed ASSERT().
>
> Added Time Validity Checks in SetWakeupTime.
>
> Signed-off-by: Gaurav Jain
If this is a followup that
Good day Andrew,
First of all, thank you very much for putting this amount of thought
into the situation. I definitely agree with the problem you see, but I
could also live with Vitaly's proposal. However, I think you are
overcomplicating the situation a little. So, we do agree the caller
On 02/15/20 00:24, Sean via Groups.Io wrote:
> On Fri, Feb 14, 2020 at 02:14 PM, Laszlo Ersek wrote:
>
>>
>> I think Bugzilla tickets are the best place to capture the focused
>> analysis of a bug. I write a *lot* of text in Red Hat bugzillas
>> (most of them are public, luckily!) -- I want to
31 matches
Mail list logo