On 15.11.2017 23:40, Rin Okuyama wrote:
Hmm, the upstream has not been actively updated for this past
few years. Critical bugs including CVE-2016-8859 left untouched.
DragonFly and Apple, who use tre as their regex routines in libc,
also leave the CVE. On the other hand, musl libc aggressively
fixes bugs.
https://git.musl-libc.org/cgit/musl/tree/src/regex
How about taking fixes from musl, after syncing with the latest
official upstream? Whereas musl itself is in the MIT license,
but, of course, files from tre are kept in the BSD license.
I'd like to merge their fixes except for nonstandard extensions
to regular expressions. How do you think about it?
Sounds good,
I noted that upstream (in GitHub repo) is open to patches. Best to keep
a local diff that has a minimal delta with upstream.