On 15.11.2017 23:40, Rin Okuyama wrote: > On 2017/11/15 16:08, Rin Okuyama wrote: >> On 2017/11/15 15:46, Kamil Rytarowski wrote: >>> While there we might sync up with upstream tre from: >>> https://github.com/laurikari/tre >>> >>> Including feeding up local changes as noted in doc/3RDPARTY. >> >> Thank you for your comments. >> >> I will sync it with upstream before installing headers. >> Also, I will send pull-request. > > Hmm, the upstream has not been actively updated for this past > few years. Critical bugs including CVE-2016-8859 left untouched. > DragonFly and Apple, who use tre as their regex routines in libc, > also leave the CVE. On the other hand, musl libc aggressively > fixes bugs. > > https://git.musl-libc.org/cgit/musl/tree/src/regex > > How about taking fixes from musl, after syncing with the latest > official upstream? Whereas musl itself is in the MIT license, > but, of course, files from tre are kept in the BSD license. > > I'd like to merge their fixes except for nonstandard extensions > to regular expressions. How do you think about it? > > rin Sounds good, I noted that upstream (in GitHub repo) is open to patches. Best to keep a local diff that has a minimal delta with upstream.
Attachment:
signature.asc
Description: OpenPGP digital signature