tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [Patch] Switch nvi from bundled regex to tre

On 2017/11/16 7:58, Kamil Rytarowski wrote:
On 15.11.2017 23:40, Rin Okuyama wrote:
Hmm, the upstream has not been actively updated for this past
few years. Critical bugs including CVE-2016-8859 left untouched.
DragonFly and Apple, who use tre as their regex routines in libc,
also leave the CVE. On the other hand, musl libc aggressively
fixes bugs.

How about taking fixes from musl, after syncing with the latest
official upstream? Whereas musl itself is in the MIT license,
but, of course, files from tre are kept in the BSD license.

I'd like to merge their fixes except for nonstandard extensions
to regular expressions. How do you think about it?

Sounds good,

I noted that upstream (in GitHub repo) is open to patches. Best to keep
a local diff that has a minimal delta with upstream.


I'll send a pull-request to the upstream to keep in touch with them.


Home | Main Index | Thread Index | Old Index