From 375486dedb29c4f7c48249116a341dc197d80761 Mon Sep 17 00:00:00 2001 From: DavidKorczynski Date: Tue, 28 Jan 2025 10:25:33 +0000 Subject: [PATCH 01/15] infra: update introspector and add new light version (#12983) Adds a light version of FI that should work on all projects. This will only be used if the existing FI does not work, e.g. due to failures around LTO. Also starts using the CLI version of fuzz-introspector as opposed to calling `main.py`. --------- Signed-off-by: David Korczynski --- infra/base-images/base-builder/compile | 77 +++++++++++++++++++------ infra/base-images/base-clang/Dockerfile | 2 +- 2 files changed, 59 insertions(+), 20 deletions(-) diff --git a/infra/base-images/base-builder/compile b/infra/base-images/base-builder/compile index 1c10d9e234e7..e05d0e6ea251 100755 --- a/infra/base-images/base-builder/compile +++ b/infra/base-images/base-builder/compile @@ -229,17 +229,47 @@ if [ "$SANITIZER" = "introspector" ] || [ "$RUST_SANITIZER" = "introspector" ]; # Install Fuzz-Introspector pushd /fuzz-introspector/src - python3 -m pip install . + python3 -m pip install -e . popd if [ "$FUZZING_LANGUAGE" = "python" ]; then python3 /fuzz-introspector/src/main.py light --language=python + cp -rf $SRC/inspector/ /tmp/inspector-saved elif [ "$FUZZING_LANGUAGE" = "jvm" ]; then python3 /fuzz-introspector/src/main.py light --language=jvm + cp -rf $SRC/inspector/ /tmp/inspector-saved elif [ "$FUZZING_LANGUAGE" = "rust" ]; then python3 /fuzz-introspector/src/main.py light --language=rust + cp -rf $SRC/inspector/ /tmp/inspector-saved else python3 /fuzz-introspector/src/main.py light + + # Make a copy of the light. This is needed because we run two versions of + # introspector: one based on pure statis analysis and one based on + # regular LTO. + cp -rf $SRC/inspector/ /tmp/inspector-saved + + + # Move coverage report. + if [ -d "$OUT/textcov_reports" ] + then + find $OUT/textcov_reports/ -name "*.covreport" -exec cp {} $SRC/inspector/ \; + find $OUT/textcov_reports/ -name "*.json" -exec cp {} $SRC/inspector/ \; + fi + + # Make fuzz-introspector HTML report using light approach. + REPORT_ARGS="--name=$PROJECT_NAME" + + # Only pass coverage_url when COVERAGE_URL is set (in cloud builds) + if [[ ! -z "${COVERAGE_URL+x}" ]]; then + REPORT_ARGS="$REPORT_ARGS --coverage-url=${COVERAGE_URL}" + fi + + # Run pure static analysis fuzz introspector + fuzz-introspector full --target-dir=$SRC \ + --language=${FUZZING_LANGUAGE} \ + --out-dir=$SRC/inspector \ + ${REPORT_ARGS} fi rsync -avu --delete "$SRC/inspector/" "$OUT/inspector" @@ -313,28 +343,37 @@ if [ "$SANITIZER" = "introspector" ] || [ "$RUST_SANITIZER" = "introspector" ]; unset CFLAGS export G_ANALYTICS_TAG="G-8WTFM1Y62J" + # If we get to here, it means the e.g. LTO had no problems and succeeded. + # TO this end, we wlil restore the original light analysis and used the + # LTO processing itself. + rm -rf $SRC/inspector + cp -rf /tmp/inspector-saved $SRC/inspector + + cd /fuzz-introspector/src + python3 -m pip install -e . + cd /src/ + if [ "$FUZZING_LANGUAGE" = "jvm" ]; then echo "GOING jvm route" set -x # Output will be put in /out/ - python3 /fuzz-introspector/frontends/java/oss-fuzz-main.py + python3 -m fuzz_introspector.frontends.oss_fuzz --language jvm --target-dir $SRC --entrypoint fuzzerTestOneInput + # Move files temporarily to fit workflow of other languages. mkdir -p $SRC/my-fi-data - find $OUT/ -name *.data -exec mv {} $SRC/my-fi-data/ \; - find $OUT/ -name *.data.yaml -exec mv {} $SRC/my-fi-data/ \; + find ./ -name *.data -exec mv {} $SRC/my-fi-data/ \; + find ./ -name *.data.yaml -exec mv {} $SRC/my-fi-data/ \; elif [ "$FUZZING_LANGUAGE" = "rust" ]; then echo "GOING rust route" # Run the rust frontend - pushd /fuzz-introspector/frontends/rust/rust_function_analyser - cargo run -- $SRC + python3 -m fuzz_introspector.frontends.oss_fuzz --language rust --target-dir $SRC # Move files temporarily to fix workflow of other languages. mkdir -p $SRC/my-fi-data find ./ -name "*.data" -exec mv {} $SRC/my-fi-data/ \; find ./ -name "*.data.yaml" -exec mv {} $SRC/my-fi-data/ \; - popd # Restore the sanitizer flag for rust export SANITIZER="introspector" @@ -359,43 +398,43 @@ if [ "$SANITIZER" = "introspector" ] || [ "$RUST_SANITIZER" = "introspector" ]; REPORT_ARGS="--name=$PROJECT_NAME" # Only pass coverage_url when COVERAGE_URL is set (in cloud builds) if [[ ! -z "${COVERAGE_URL+x}" ]]; then - REPORT_ARGS="$REPORT_ARGS --coverage_url=${COVERAGE_URL}" + REPORT_ARGS="$REPORT_ARGS --coverage-url=${COVERAGE_URL}" fi # Do different things depending on languages if [ "$FUZZING_LANGUAGE" = "python" ]; then echo "GOING python route" set -x - REPORT_ARGS="$REPORT_ARGS --target_dir=$SRC/inspector" + REPORT_ARGS="$REPORT_ARGS --target-dir=$SRC/inspector" REPORT_ARGS="$REPORT_ARGS --language=python" - python3 /fuzz-introspector/src/main.py report $REPORT_ARGS + fuzz-introspector report $REPORT_ARGS rsync -avu --delete "$SRC/inspector/" "$OUT/inspector" elif [ "$FUZZING_LANGUAGE" = "jvm" ]; then echo "GOING jvm route" set -x find $OUT/ -name "jacoco.xml" -exec cp {} $SRC/inspector/ \; - REPORT_ARGS="$REPORT_ARGS --target_dir=$SRC/inspector" + REPORT_ARGS="$REPORT_ARGS --target-dir=$SRC/inspector" REPORT_ARGS="$REPORT_ARGS --language=jvm" - python3 /fuzz-introspector/src/main.py report $REPORT_ARGS + fuzz-introspector report $REPORT_ARGS rsync -avu --delete "$SRC/inspector/" "$OUT/inspector" elif [ "$FUZZING_LANGUAGE" = "rust" ]; then echo "GOING rust route" - REPORT_ARGS="$REPORT_ARGS --target_dir=$SRC/inspector" + REPORT_ARGS="$REPORT_ARGS --target-dir=$SRC/inspector" REPORT_ARGS="$REPORT_ARGS --language=rust" - python3 /fuzz-introspector/src/main.py report $REPORT_ARGS + fuzz-introspector report $REPORT_ARGS rsync -avu --delete "$SRC/inspector/" "$OUT/inspector" else # C/C++ - + mkdir -p $SRC/inspector # Correlate fuzzer binaries to fuzz-introspector's raw data - python3 /fuzz-introspector/src/main.py correlate --binaries_dir=$OUT/ + fuzz-introspector correlate --binaries-dir=$OUT/ # Generate fuzz-introspector HTML report, this generates # the file exe_to_fuzz_introspector_logs.yaml - REPORT_ARGS="$REPORT_ARGS --target_dir=$SRC/inspector" + REPORT_ARGS="$REPORT_ARGS --target-dir=$SRC/inspector" # Use the just-generated correlation file - REPORT_ARGS="$REPORT_ARGS --correlation_file=exe_to_fuzz_introspector_logs.yaml" - python3 /fuzz-introspector/src/main.py report $REPORT_ARGS + REPORT_ARGS="$REPORT_ARGS --correlation-file=exe_to_fuzz_introspector_logs.yaml" + fuzz-introspector report $REPORT_ARGS rsync -avu --delete "$SRC/inspector/" "$OUT/inspector" fi diff --git a/infra/base-images/base-clang/Dockerfile b/infra/base-images/base-clang/Dockerfile index d403bb07d876..296b1f7fb6ca 100644 --- a/infra/base-images/base-clang/Dockerfile +++ b/infra/base-images/base-clang/Dockerfile @@ -36,7 +36,7 @@ RUN apt-get update && apt-get install -y wget sudo && \ RUN apt-get update && apt-get install -y git && \ git clone https://github.com/ossf/fuzz-introspector.git fuzz-introspector && \ cd fuzz-introspector && \ - git checkout 74917384c5a4e368d900862b4bd3d16ce3fe5dd8 && \ + git checkout eab8da2f42d07fb63d28b30c1cc12a2bfcd8e648 && \ git submodule init && \ git submodule update && \ apt-get autoremove --purge -y git && \ From 20c2e35aea99b0db3d9fb1efd707d289e5b463e8 Mon Sep 17 00:00:00 2001 From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> Date: Wed, 29 Jan 2025 22:18:38 +0000 Subject: [PATCH 02/15] apache-logging-log4cxx: add seed corpus (#12991) As discussed in https://github.com/apache/logging-log4cxx/pull/460#discussion_r1930188937 cc @ swebb2066 and @rm5248 for info. Signed-off-by: Adam Korczynski --- projects/apache-logging-log4cxx/build.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/projects/apache-logging-log4cxx/build.sh b/projects/apache-logging-log4cxx/build.sh index b40e179c4b69..881dbdf83a29 100644 --- a/projects/apache-logging-log4cxx/build.sh +++ b/projects/apache-logging-log4cxx/build.sh @@ -17,3 +17,6 @@ git clone --quiet --depth 1 --branch master --single-branch https://github.com/apache/logging-log4cxx ./logging-log4cxx/src/fuzzers/bash/oss-fuzz-build.sh "$OUT" + +# Add seed corpus +zip $OUT/DOMConfiguratorFuzzer_seed_corpus.zip $SRC/logging-log4cxx/src/test/resources/input/xml/*.xml From 2f6dd58de63f52fafc708d4bfb5eadef33f4bc98 Mon Sep 17 00:00:00 2001 From: Sergey Bronnikov Date: Thu, 30 Jan 2025 14:19:59 +0300 Subject: [PATCH 03/15] tarantool: use libfuzzer options (#12985) If the dict filename is the same as your target binary name (i.e. `%fuzz_target%.dict`), it will be automatically used. If the name is different (e.g. because it is shared by several targets), specify this in `.options` file. 1. https://google.github.io/oss-fuzz/getting-started/new-project-guide/#dictionaries Needed for https://github.com/tarantool/tarantool/pull/10911 --- projects/tarantool/build.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/projects/tarantool/build.sh b/projects/tarantool/build.sh index 509d98aeb41c..1d45fb8fc1f4 100755 --- a/projects/tarantool/build.sh +++ b/projects/tarantool/build.sh @@ -91,6 +91,7 @@ cmake --build build --target fuzzers --parallel --verbose # used in Lua C API tests [1]. # # 1. https://github.com/ligurio/lua-c-api-tests/ +cp test/static/*.dict test/static/*.options $OUT/ for f in $(find build/test/fuzz/ \( -name '*_fuzzer' -o -name '*_test' \) -type f); do name=$(basename $f); @@ -98,10 +99,6 @@ do corpus_dir="test/static/corpus/$module" echo "Copying for $module"; cp $f $OUT/ - dict_path="test/static/$module.dict" - if [ -e "$dict_path" ]; then - cp $dict_path $OUT/ - fi if [ -e "$corpus_dir" ]; then zip --quiet -j $OUT/"$name"_seed_corpus.zip $corpus_dir/* fi From 71f00b920238bf1a2c1b886a4b08d82b0f045b1f Mon Sep 17 00:00:00 2001 From: serge-sans-paille Date: Thu, 30 Jan 2025 11:20:21 +0000 Subject: [PATCH 04/15] numpy: Fix build (#12989) Upgrade Python to 3.11, as it's the minimum requirement for numpy. Fixes: https://issues.oss-fuzz.com/issues/382554731 --- projects/numpy/Dockerfile | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/projects/numpy/Dockerfile b/projects/numpy/Dockerfile index 9bde369877e7..2961aeb70ef6 100644 --- a/projects/numpy/Dockerfile +++ b/projects/numpy/Dockerfile @@ -15,6 +15,16 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder-python +# Numpy requires python3.11+ +RUN apt-get update && \ + apt-get install -y software-properties-common && \ + add-apt-repository ppa:deadsnakes/ppa && \ + apt-get install -y python3.11 python3.11-dev && \ + update-alternatives --install /usr/local/bin/python3 python $(which python3.11) 5 +# Install Python dependencies for python 3.11 +RUN curl -LO https://bootstrap.pypa.io/get-pip.py && \ + python3 get-pip.py && \ + python3 -m pip install --root-user-action=ignore atheris pyinstaller RUN git clone https://github.com/numpy/numpy && cd numpy && git submodule update --init WORKDIR $SRC COPY *.py build.sh $SRC/ From 6d001a53eee1ad2f36aa96386701dffb34a67989 Mon Sep 17 00:00:00 2001 From: Lily Chen Date: Thu, 30 Jan 2025 06:21:32 -0500 Subject: [PATCH 05/15] Update contact email in unrar/project.yaml (#12988) Updates an auto-cc. --- projects/unrar/project.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/unrar/project.yaml b/projects/unrar/project.yaml index 09c4340260fa..be7268cde469 100644 --- a/projects/unrar/project.yaml +++ b/projects/unrar/project.yaml @@ -3,7 +3,7 @@ language: c++ primary_contact: "roshal@rarlab.com" auto_ccs: - "vakh@chromium.org" - - "drubery@chromium.org" + - "chlily@chromium.org" sanitizers: - address - memory From 31f676aa0f435de875c0869a9f00fd7ffadd380d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20L=C3=B6bl?= Date: Thu, 30 Jan 2025 13:56:38 +0100 Subject: [PATCH 06/15] cgif: add file fuzzer (#12987) Adds a new fuzzer. Improves the code coverage. For reference: dloebl/cgif#74 --- projects/cgif/build.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/projects/cgif/build.sh b/projects/cgif/build.sh index c20f15513652..d641f75513c9 100644 --- a/projects/cgif/build.sh +++ b/projects/cgif/build.sh @@ -23,7 +23,11 @@ meson install -C build meson test -C build cp "build/fuzz/cgif_fuzzer_seed_corpus.zip" $OUT/. +cp "build/fuzz/cgif_file_fuzzer_seed_corpus.zip" $OUT/. -# build cgif's fuzz target +# build cgif's fuzz targets $CXX $CXXFLAGS -o "$OUT/cgif_fuzzer" -I"$WORK/include" \ $LIB_FUZZING_ENGINE fuzz/cgif_fuzzer.c "$WORK/lib/libcgif.a" + +$CXX $CXXFLAGS -o "$OUT/cgif_file_fuzzer" -I"$WORK/include" \ + $LIB_FUZZING_ENGINE fuzz/cgif_file_fuzzer.c "$WORK/lib/libcgif.a" From ef3b5c803a4304219287628afba9cc1fcaf325bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Novomesk=C3=BD?= <52529860+novomesk@users.noreply.github.com> Date: Thu, 30 Jan 2025 14:13:16 +0100 Subject: [PATCH 07/15] kimageformats: fix build (#12992) https://issues.oss-fuzz.com/issues/391935574 --- projects/kimageformats/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/kimageformats/Dockerfile b/projects/kimageformats/Dockerfile index 72aa8d01d114..29d7771cf1f2 100644 --- a/projects/kimageformats/Dockerfile +++ b/projects/kimageformats/Dockerfile @@ -17,7 +17,7 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install --yes cmake make autoconf automake autopoint libtool wget po4a ninja-build pkgconf RUN git clone --depth 1 https://github.com/madler/zlib.git -RUN git clone --depth 1 https://github.com/facebook/zstd.git +RUN git clone --depth 1 -b v1.5.6 https://github.com/facebook/zstd.git RUN git clone --depth 1 https://github.com/nih-at/libzip.git RUN wget https://sourceware.org/pub/bzip2/bzip2-1.0.8.tar.gz RUN git clone https://github.com/tukaani-project/xz.git From 9efdcf3b7178cfb01809f026ef6c6312e3f06f5d Mon Sep 17 00:00:00 2001 From: Oliver Chang Date: Fri, 31 Jan 2025 14:17:28 +1100 Subject: [PATCH 08/15] Add more information on pre-built ccached images to README. (#12994) --- infra/experimental/chronos/README.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/infra/experimental/chronos/README.md b/infra/experimental/chronos/README.md index 3c29d16c8412..5931dbc15f30 100644 --- a/infra/experimental/chronos/README.md +++ b/infra/experimental/chronos/README.md @@ -1,5 +1,33 @@ # Chronos: rebuilding OSS-Fuzz harnesses using cached builds +## Pre-built images. + +Daily pre-built images are available at: + +- `us-central1-docker.pkg.dev/oss-fuzz/oss-fuzz-gen/-ofg-cached-address` +- `us-central1-docker.pkg.dev/oss-fuzz/oss-fuzz-gen/-ofg-cached-coverage` + +They can be used as drop-in replacements for the usual `gcr.io/oss-fuzz/` images. + +These images are generated in 2 ways: +- (Preferred) [Generate](https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-builder/bash_parser.py) + a replay build script that can be re-run alongside existing build artifacts, + leveraging existing build system mechanisms to avoid rebuilding (e.g. running + `make` twice should not actually rebuild everything). This is error-prone, so + we validate the script works by running it. +- (Fallback, if the replay build script didn't work). We leverage + [ccache](https://ccache.dev/), to provide a compiler cache. This is often not + as fast as the replay build script, because some project builds spend + significant time doing non-compiler tasks (e.g. checking out submodules, + running configure scripts). + +Note: this mechanism does not work for every single OSS-Fuzz project today. The +resulting image may either: +- Not provide much performance improvement compared with a normal image, or +- Not exist at all (if neither approach worked). + +TODO: Aggregate stats on expected performance improvements. + ## Usage locally **Example 1: htslib** From 8fb8fe3a12e1843601f4c9761759823e924562f4 Mon Sep 17 00:00:00 2001 From: Oliver Chang Date: Fri, 31 Jan 2025 14:37:18 +1100 Subject: [PATCH 09/15] chronos: Some fixes. (#12995) - Improve logging to make it easier to derive log-based metrics on GCP. - Compare compile times between replay and ccache and pick the better one. --- .../experimental/chronos/build_cache_local.sh | 26 ++++++++----------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/infra/experimental/chronos/build_cache_local.sh b/infra/experimental/chronos/build_cache_local.sh index 64c203381f45..9b201832aded 100755 --- a/infra/experimental/chronos/build_cache_local.sh +++ b/infra/experimental/chronos/build_cache_local.sh @@ -97,17 +97,16 @@ REPLAY_WORKED= # If this step is successful, then the process can exit as it's ready. if [[ "$executables_replay" == "$executables_vanilla" ]] then - echo "Replay worked" - echo "Vanilla compile time: ${B_TIME}" - echo "Replay compile time: ${R_TIME}" - REPLAY_WORKED=1 if [ -z "${RUN_ALL+1}" ]; then + echo "${_PROJECT}: Replay worked." + echo "${_PROJECT}: Compile times: Vanilla=${B_TIME}; Replay=${R_TIME};" exit 0 fi else - echo "Replay did not work" + echo "${_PROJECT}: Replay did not work" + R_TIME="N/A" fi # Step 8: prepare Dockerfile for ccache @@ -145,17 +144,14 @@ executables_ccache="$(find ./build/out/${_PROJECT}/ -executable -type f | sort)" # Step 12: validate the ccache builds are successful if [[ "$executables_ccache" == "$executables_vanilla" ]] then - echo "Vanilla compile time: ${B_TIME}" - if [[ "$executables_replay" == "$executables_vanilla" ]] - then - echo "Replay worked" - echo "Replay compile time: ${R_TIME}" - fi + echo "${_PROJECT}: Compile times: Vanilla=${B_TIME}; Replay=${R_TIME}; CCache=${A_TIME};" - echo "Ccache compile time: ${A_TIME}" + if [[ -z "${REPLAY_WORKED}" || ${R_TIME} -gt ${A_TIME} ]]; then + if [ ${R_TIME} -gt ${A_TIME} ]; then + echo "Replay was slower than ccache." + fi - if [ -z "${REPLAY_WORKED}" ]; then - # Replay didn't work, so make the default "cached" image use the ccache one. + # Replay didn't work or was slower, so make the default "cached" image use the ccache one. docker image tag \ $CCACHE_IMAGE_NAME \ $FINAL_IMAGE_NAME @@ -163,7 +159,7 @@ then exit 0 else - echo "Replay and ccaching did not work." + echo "${_PROJECT}: Replay and ccaching did not work." exit 1 fi From 6dd695a3888fd0bcec1c448da4bb71fb77e8cef1 Mon Sep 17 00:00:00 2001 From: Alex Crichton Date: Fri, 31 Jan 2025 07:22:16 -0600 Subject: [PATCH 10/15] wasmtime: Remove usage of initialized corpus (#12993) Wasmtime's initial corpus repository hasn't been updated in years. Many of its files are entirely unused at this time. Other preexisting corpus files no longer test what they originally did as Wasmtime's fuzzing relies on interpreting the input as a "DNA string" where the exact meaning of the DNA changes over time as we change fuzz targets. We concluded recently in Wasmtime to archive/delete the repository we were previously using to avoid confusion so this change follows-up on the OSS-Fuzz side of thing to remove usage of this outdated corpus. cc @fitzgen --- projects/wasmtime/build.sh | 7 ------- 1 file changed, 7 deletions(-) diff --git a/projects/wasmtime/build.sh b/projects/wasmtime/build.sh index d8d5a63deaf1..c562795c601d 100755 --- a/projects/wasmtime/build.sh +++ b/projects/wasmtime/build.sh @@ -18,7 +18,6 @@ # Commands migrated from Dockerfile to make CIFuzz work # REF: https://github.com/google/oss-fuzz/issues/6755 git submodule update --init --recursive -git clone --depth 1 https://github.com/bytecodealliance/wasmtime-libfuzzer-corpus wasmtime-libfuzzer-corpus # Note: This project creates Rust fuzz targets exclusively @@ -53,12 +52,6 @@ build() { dst_name=$fuzzer_prefix$src_name cp $FUZZ_TARGET_OUTPUT_DIR/$src_name $OUT/$dst_name - if [[ -d $SRC/wasmtime/wasmtime-libfuzzer-corpus/$dst_name/ ]]; then - zip -jr \ - $OUT/${dst_name}_seed_corpus.zip \ - $SRC/wasmtime/wasmtime-libfuzzer-corpus/$dst_name/ - fi - if [[ -f $SRC/$dst_name.options ]]; then cp $SRC/$dst_name.options $OUT/$dst_name.options else From 71c2ec046aec9c0ba382a6ca777250480f38c833 Mon Sep 17 00:00:00 2001 From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> Date: Fri, 31 Jan 2025 13:33:46 +0000 Subject: [PATCH 11/15] apache-logging-log4cxx: add more sanitizers and engines (#12996) Signed-off-by: Adam Korczynski --- projects/apache-logging-log4cxx/project.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/projects/apache-logging-log4cxx/project.yaml b/projects/apache-logging-log4cxx/project.yaml index bcb8ac62cc63..906455ffc42e 100644 --- a/projects/apache-logging-log4cxx/project.yaml +++ b/projects/apache-logging-log4cxx/project.yaml @@ -3,10 +3,14 @@ main_repo: "https://github.com/apache/logging-log4cxx" language: c++ fuzzing_engines: + - afl + - honggfuzz - libfuzzer + - centipede sanitizers: - address + - undefined # Apache Logging Services PMC members[1] that contribute the fuzz tests. # We cannot share `security@logging.apache.org` here, since it must be associated with a Google account[2]. From 3e8ac8e7ef8acf61b739b97091fbf233afe826ac Mon Sep 17 00:00:00 2001 From: Rowan Baker <36425137+rowan-baker@users.noreply.github.com> Date: Sat, 1 Feb 2025 00:19:26 +0000 Subject: [PATCH 12/15] Remove former SurrealDB employee from auto-ccs (#12998) Tidy up of the surrealdb project.yaml to remove inactive email addresses of former SurrealDB employees or project contributors. --- projects/surrealdb/project.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/projects/surrealdb/project.yaml b/projects/surrealdb/project.yaml index b4be29fd6c81..899b46fca0e7 100644 --- a/projects/surrealdb/project.yaml +++ b/projects/surrealdb/project.yaml @@ -4,15 +4,11 @@ primary_contact: "tobie@surrealdb.com" main_repo: "https://github.com/surrealdb/surrealdb" auto_ccs: - security@surrealdb.com - - finn.bear@surrealdb.com - - salvador.girones@surrealdb.com - - gerard.guillemas@surrealdb.com - mees.delzenne@surrealdb.com - emmanuel.keller@surrealdb.com - micha.de.vries@surrealdb.com - rushmore@surrealdb.com - rowan.baker@surrealdb.com - - nathaniel.brough@gmail.com sanitizers: - address From 547b2d8ec4876002436e774202717ffd106d0c5f Mon Sep 17 00:00:00 2001 From: Oliver Chang Date: Mon, 3 Feb 2025 16:05:02 +1100 Subject: [PATCH 13/15] chronos: Update stats (#13002) --- infra/experimental/chronos/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/infra/experimental/chronos/README.md b/infra/experimental/chronos/README.md index 5931dbc15f30..67c59f71bd61 100644 --- a/infra/experimental/chronos/README.md +++ b/infra/experimental/chronos/README.md @@ -26,7 +26,8 @@ resulting image may either: - Not provide much performance improvement compared with a normal image, or - Not exist at all (if neither approach worked). -TODO: Aggregate stats on expected performance improvements. +Stats from a recent run: +(Feb 3 2025). ## Usage locally From ac61cfcf865e22555040a00d53e871bc40b1b43f Mon Sep 17 00:00:00 2001 From: Tristan Matthews Date: Mon, 3 Feb 2025 03:37:01 -0500 Subject: [PATCH 14/15] vlc: update primary contact and drop external CCs (#13000) We handle all security issues through security@videolan.org exclusively now and want to limit the scope. --- projects/vlc/project.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/projects/vlc/project.yaml b/projects/vlc/project.yaml index 3aa97aa955c8..983ddb789271 100644 --- a/projects/vlc/project.yaml +++ b/projects/vlc/project.yaml @@ -1,9 +1,12 @@ homepage: "https://github.com/videolan/vlc" language: c -primary_contact: "ossfuzz@videolan.org" +primary_contact: "security@videolan.org" auto_ccs: - - "adam@adalogics.com" - - "david@adalogics.com" + - "le.businessman@gmail.com" + - "thomas.guillem@gmail.com" + - "alexandre.janniaux@gmail.com" + - "kempfjb@gmail.com" + - "courmisch@gmail.com" sanitizers: - address - undefined From 5e96edbdf285045cc82dbca5600cbe994a3b1a74 Mon Sep 17 00:00:00 2001 From: Stephen Webb Date: Mon, 3 Feb 2025 20:16:21 +1100 Subject: [PATCH 15/15] Add to log4cxx cc list (#12999) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR allows me to help address bugs found by oss-fuzz - I am a PMC for Apache Logging PMC – see [the team list](https://logging.apache.org/team-list.html) --------- Co-authored-by: Stephen Webb --- projects/apache-logging-log4cxx/project.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/projects/apache-logging-log4cxx/project.yaml b/projects/apache-logging-log4cxx/project.yaml index 906455ffc42e..49a393001ccf 100644 --- a/projects/apache-logging-log4cxx/project.yaml +++ b/projects/apache-logging-log4cxx/project.yaml @@ -22,3 +22,5 @@ auto_ccs: - piotr.karwasz@gmail.com - osfan6313@gmail.com - adam@adalogics.com + - swebb2066@gmail.com +