| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
Translations and doc/xz-file-format.txt and doc/lzma-file-format.txt
were not touched.
COPYING.0BSD was added.
|
|
|
|
|
|
The sandboxing on Linux now supports Landlock, which restricts all
supported filesystem actions after xz opens the files it needs. The
sandbox is only enabled when one file is input and we are writing to
standard out. With fsanitize=address,undefined, the instrumentation
needs to read additional files after the sandbox is in place. This
forces all xz based test to fail, so the sandbox must instead be
disabled.
|
|
Referencing actions by commit SHA in GitHub workflows guarantees you are using an immutable version. Actions referenced by tags and branches are more vulnerable to attacks, such as the tag being moved to a malicious commit or a malicious commit being pushed to the branch.
It's important to make sure the SHA's are from the original repositories and not forks.
For reference:
https://github.com/actions/checkout/releases/tag/v4.1.0
https://github.com/actions/checkout/commit/8ade135a41bc03ea155e62e844d188df1ea18608
https://github.com/actions/upload-artifact/releases/tag/v3.1.3
https://github.com/actions/upload-artifact/commit/a8a3f3ad30e3422c9c7b888a15615d19a852ae32
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
|
|
The crc64_clmul() function should be ignored by the address sanitizer
now so these builds should still pass.
|
|
ci_build.sh was updated to accept disabling of __attribute__ ifunc
and CLMUL. This will allow -fsanitize=address to pass because ifunc
is incompatible with -fsanitize=address. The CLMUL implementation has
optimizations that potentially read past the buffer and mask out the
unwanted bytes.
This test will only run on Autotools Linux.
|
|
|
|
Without the extra command, all of the CI tests were automatically
failing because the Ubuntu servers could not be reached properly.
|
|
|
|
|
|
Now, CMake will run similar feature disable tests that the Autotools
version did before. In order to do this without repeating lines in
ci.yml, it now makes sense to use the GitHub Workflow matrix to create
a loop.
|
|
Autogen now requires --no-doxygen or having doxygen installed to run
without errors.
|
|
|
|
The 32-bit build needs to be first so the configure cache only needs to
be reset one time. The 32-bit build sets the CFLAGS env variable, so any
build using that flag after will fail unless the cache is reset.
|
|
Disabling shared library generation and linking should help speed up the
runners. The shared library is still being tested in the 32 bit build
and the full feature.
Disabling nls is to check for any unexpected warnings or errors.
|
|
Run the 32 bit job sooner since this is a more interesting test than
some of the later jobs.
|
|
If all goes well, Mac autotools and Linux and Mac CMake will be added
later for 32-bit builds.
|
|
The phase split was only done for Autotools before, so should also
apply to CMake.
|
|
The old version used too many runners that resulted in unnecessary
dependency downloads. Now, the runners are reused for the different
configurations for each OS and build system.
|
|
The CI/CD workflow will only execute on Ubuntu and MacOS latest version.
The workflow will attempt to build with autotools and CMake and execute
the tests. The workflow will run for all pull requests and pushes done
to the master branch.
|
