Skip to content

Fix vuln OSV-2024-384 #4662

Fix vuln OSV-2024-384

Fix vuln OSV-2024-384 #4662

Workflow file for this run

name: Github CI
on:
push:
branches:
- master
- smoke/*
- gh/*
tags:
- '0.*.*'
- '0.*'
pull_request:
branches:
- '*'
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
#strategy:
# matrix:
# os: [ubuntu-14.04, ubuntu-18.04, ubuntu-latest]
jobs:
linux:
runs-on: ubuntu-latest
timeout-minutes: 50
strategy:
fail-fast: true
matrix:
CONFIGURE_ARGS:
- CFLAGS="-O0 -fno-omit-frame-pointer -fsanitize=address -fno-var-tracking" --disable-bindings
- CC="clang"
- --enable-release
- --enable-gcov --disable-bindings
- --disable-write
- CFLAGS="-O2 -m32" --disable-bindings
- CFLAGS="-O2 -fno-omit-frame-pointer -fsanitize=undefined -fno-var-tracking" --disable-bindings --enable-check-less
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 1
submodules: recursive
- name: setup-python
uses: actions/setup-python@v4
with:
python-version: 3.8
- if: matrix.CONFIGURE_ARGS == 'CFLAGS="-O2 -m32" --disable-bindings'
run: |
sudo apt-get -y update
sudo apt-get -y install gcc-multilib
#- name: setup-python-libxml2
# run: |
# python -m pip install --upgrade pip
# python -m pip install --upgrade libxml2-python3
- run: sh autogen.sh
- run: ./configure ${{ matrix.CONFIGURE_ARGS }}
- if: matrix.CONFIGURE_ARGS != '--enable-release'
run: make -j
- if: matrix.CONFIGURE_ARGS != '--enable-gcov --disable-bindings' && matrix.CONFIGURE_ARGS != '--enable-release' && startsWith(github.ref, 'refs/heads/')
run: make -j check
# run: |
# python -m pip install cpp-coveralls
# make gcov
# coveralls -e test -e bindings
- if: matrix.CONFIGURE_ARGS == '--enable-gcov --disable-bindings'
name: Run make codecov if --enable-gcov
run: make codecov
- if: matrix.CONFIGURE_ARGS == '--enable-release'
name: Run make distcheck if --enable-release
run: |
sudo apt-get -y update
sudo apt-get -y install texlive help2man libconvert-binary-c-perl shellcheck
make regen-dynapi
make distcheck
- if: matrix.CONFIGURE_ARGS == '--enable-release' && startsWith(github.ref, 'refs/tags/')
name: Prep-Release
run: sha256sum libredwg-*.tar.* > dist.sha256
- if: matrix.CONFIGURE_ARGS == '--enable-release' && startsWith(github.ref, 'refs/tags/')
name: Release
continue-on-error: true
uses: softprops/action-gh-release@v1
with:
body_path: dist.sha256
files: |
dist.sha256
libredwg-*.tar.*
ppc64-big-endian:
runs-on: ubuntu-latest
timeout-minutes: 25
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 1
submodules: recursive
- run: sudo apt-get -y update && sudo apt-get -y install gcc-powerpc64-linux-gnu libc6-ppc64-cross qemu-system-ppc binfmt-support qemu-user qemu-user-binfmt
- run: sh autogen.sh
- run: ./configure --host=powerpc64-linux-gnu --disable-bindings --disable-python
- run: make -j
- run: cd /lib64 && sudo ln -s /usr/powerpc64-linux-gnu/lib/ld64.so.1
- run: make -j check-minimal
continue-on-error: true
mips32-big-endian:
runs-on: ubuntu-latest
timeout-minutes: 35
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 1
submodules: recursive
- run: sudo apt-get -y update && sudo apt-get -y install gcc-mips-linux-gnu gcc-multilib-mips-linux-gnu
- run: sh autogen.sh
- run: CFLAGS=-Os ./configure --host=mips-linux-gnu --disable-bindings --disable-python
- run: make -j
linux-cmake:
runs-on: ubuntu-latest
timeout-minutes: 20
#strategy:
# fail-fast: true
# matrix:
# CMAKE_ARGS:
# - ""
# - "-DLIBREDWG_LIBONLY=On -DLIBREDWG_DISABLE_JSON=On"
# - "-DLIBREDWG_DISABLE_WRITE=On"
steps:
- name: setup-python
uses: actions/setup-python@v4
with:
python-version: 3.8
- name: checkout
uses: actions/checkout@v3
with:
fetch-depth: 1
submodules: recursive
- run: cmake -DLIBREDWG_LIBONLY=On .
- run: make -j
- run: make -j test
- if: failure()
run: tar cfz cmake-failure.tgz Testing/Temporary/LastTest.log src/config.h
- if: failure()
uses: actions/upload-artifact@v3
with:
name: cmake-failure.tgz
path: cmake-failure.tgz
macOS:
name: macOS
runs-on: macOS-latest
steps:
- name: init
run: brew install automake texinfo
- name: link texinfo
run: brew link texinfo --force
- name: setup-python
uses: actions/setup-python@v4
with:
python-version: 3.8
- name: checkout
uses: actions/checkout@v3
with:
fetch-depth: 1
submodules: recursive
- run: sh autogen.sh
- run: ./configure --disable-bindings --disable-werror
- run: PATH="/usr/local/opt/texinfo/bin:$PATH" make
- run: PATH="/usr/local/opt/texinfo/bin:$PATH" make check
#- run: make distcheck
mingw:
name: mingw
runs-on: windows-latest
env:
MSYS2_DIR: msys64
MSYS2_ARCH: x86_64
MSYSTEM: MINGW64
ARCH: win64
PLATFORM: x64
#PATH: "C:\%MSYS2_DIR%\%MSYSTEM%\bin;C:\%MSYS2_DIR%\usr\bin;%PATH%"
steps:
# see https://github.com/msys2/setup-msys2
- name: setup-msys2
uses: msys2/setup-msys2@v2
with:
path-type: minimal
update: true
install: >-
git
base-devel
mingw-w64-x86_64-toolchain
mingw-w64-x86_64-libtool
mingw-w64-x86_64-libiconv
mingw-w64-x86_64-libxml2
mingw-w64-x86_64-swig
mingw-w64-x86_64-python2
libtool
autoconf-wrapper
automake-wrapper
texinfo
gperf
mingw-w64-x86_64-perl
mingw-w64-x86_64-pcre2
- run: reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting" /f /v DontShowUI /d 1
- name: checkout
uses: actions/checkout@v3
with:
fetch-depth: 1
submodules: recursive
- shell: msys2 {0}
run: sh ./autogen.sh
continue-on-error: true
- shell: msys2 {0}
run: ./configure --disable-dependency-tracking --enable-check-less
- shell: msys2 {0}
run: make -j
- if: failure()
run: make -C src dwg_api.i; tar cfz artefact-failure.tgz src/dwg_api.i src/config.h
- if: failure()
uses: actions/upload-artifact@v3
with:
name: artefact-failure.tgz
path: artefact-failure.tgz
- shell: msys2 {0}
run: make -j check
mingw-cmake:
runs-on: windows-latest
timeout-minutes: 20
steps:
- name: setup-msys2
uses: msys2/setup-msys2@v2
with:
path-type: minimal
- name: checkout
uses: actions/checkout@v3
with:
fetch-depth: 1
submodules: recursive
- run: cmake -G "MinGW Makefiles" -DDISABLE_WERROR=ON .
- run: mingw32-make -j VERBOSE=1 | tee make.log
- if: failure()
run: tar cfz msys-failure.tgz make.log src/config.h
- if: failure()
uses: actions/upload-artifact@v3
with:
name: msys-failure.tgz
path: msys-failure.tgz
vs2019:
runs-on: windows-2019
timeout-minutes: 20
steps:
- name: checkout
uses: actions/checkout@v3
with:
fetch-depth: 1
submodules: recursive
- run: cmake -G "Visual Studio 16 2019" -A x64 -DCMAKE_BUILD_TYPE=Release .
- run: cmake --build . --config Release
- run: copy Release/libredwg.dll test/unit-testing/Release/
- run: ctest . --output-on-failure
- if: failure()
run: tar cfz msvc-failure.tgz Testing/Temporary/LastTest.log src/config.h
- if: failure()
uses: actions/upload-artifact@v3
with:
name: msvc-failure.tgz
path: msvc-failure.tgz
vs2019-ninja:
runs-on: windows-2019
timeout-minutes: 20
#env:
# ACTIONS_ALLOW_UNSECURE_COMMANDS: true
steps:
- name: checkout
uses: actions/checkout@v3
with:
fetch-depth: 1
submodules: recursive
- uses: ilammy/[email protected]
- run: choco install ninja
# use the preinstalled vcpkg from image
# https://github.com/actions/virtual-environments/blob/main/images/win/Windows2019-Readme.md#package-management
- name: Setup vcpkg
uses: lukka/run-vcpkg@v11
with:
vcpkgDirectory: C:/vcpkg
doNotUpdateVcpkg: true # the preinstalled vcpkg is updated regularly
- name: cmake -G "Ninja"
shell: cmd
run: |
cmake -G "Ninja" . ^
-DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DCMAKE_BUILD_TYPE=Release ^
-DCMAKE_TOOLCHAIN_FILE=C:\vcpkg\scripts\buildsystems\vcpkg.cmake ^
-DVCPKG_TARGET_TRIPLET=x64-windows-static-release ^
-DVERBOSE_CONFIGURE=ON ^
-DCMAKE_CXX_COMPILER=cl ^
-DCMAKE_C_COMPILER=cl
- run: ninja
- run: copy libredwg.dll test\unit-testing\
- run: ctest . --output-on-failure