tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [Patch] Switch nvi from bundled regex to tre

On 2017/11/15 16:08, Rin Okuyama wrote:
On 2017/11/15 15:46, Kamil Rytarowski wrote:
While there we might sync up with upstream tre from:

Including feeding up local changes as noted in doc/3RDPARTY.

Thank you for your comments.

I will sync it with upstream before installing headers.
Also, I will send pull-request.

Hmm, the upstream has not been actively updated for this past
few years. Critical bugs including CVE-2016-8859 left untouched.
DragonFly and Apple, who use tre as their regex routines in libc,
also leave the CVE. On the other hand, musl libc aggressively
fixes bugs.

How about taking fixes from musl, after syncing with the latest
official upstream? Whereas musl itself is in the MIT license,
but, of course, files from tre are kept in the BSD license.

I'd like to merge their fixes except for nonstandard extensions
to regular expressions. How do you think about it?


Home | Main Index | Thread Index | Old Index