diff --git a/infra/build/blog/deploy.sh b/infra/build/blog/deploy.sh new file mode 100755 index 000000000000..1ab67012a02a --- /dev/null +++ b/infra/build/blog/deploy.sh @@ -0,0 +1,54 @@ +#!/bin/bash -eux +# Copyright 2026 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Ensure the project ID is provided as an argument +if [ $# -ne 1 ]; then + echo "Usage: $0 " + exit 1 +fi + +PROJECT_ID=$1 +BUCKET_NAME="oss-fuzz-blog" + +# Change to the blog directory +cd "$(dirname "$0")" + +# Build the site using Docker to guarantee Hugo version dependencies +echo "Building the blog via Docker..." +docker build -t oss-fuzz-blog-builder . + +# Extract compiled static files from the built container +echo "Extracting compiled site..." +docker run --name temp-blog-container -d oss-fuzz-blog-builder +if [ -d "./public" ]; then + rm -rf ./public +fi +docker cp temp-blog-container:/oss-fuzz-blog/page/public ./public +docker rm -f temp-blog-container + +# Backup the current live version from GCS to a local backup directory +BACKUP_DIR="./backup_$(date +%Y%m%d_%H%M%S)" +echo "Creating local backup of current production site to ${BACKUP_DIR}..." +mkdir -p "${BACKUP_DIR}" +gcloud storage cp -r "gs://${BUCKET_NAME}/*" "${BACKUP_DIR}" --project="${PROJECT_ID}" + +# Deploy to the production Google Cloud Storage bucket +echo "Deploying static files to gs://${BUCKET_NAME}..." +gcloud storage rsync -r ./public "gs://${BUCKET_NAME}" --delete-unmatched-destination-objects --project="${PROJECT_ID}" + +echo "Deployment completed successfully!" + diff --git a/projects/libfuse/build.sh b/projects/libfuse/build.sh index 50f3eeca9862..4b2c25e2e087 100755 --- a/projects/libfuse/build.sh +++ b/projects/libfuse/build.sh @@ -18,8 +18,8 @@ mkdir build cd build meson setup .. -meson configure -D default_library=static -ninja +meson configure -D default_library=static -D examples=false -D tests=false -D utils=false +ninja lib/libfuse3.a $CC $CFLAGS -c $SRC/fuzz_optparse.c -o fuzz_optparse.o \ -I$SRC/libfuse/lib/ -I$SRC/libfuse/include -I./ \ diff --git a/projects/ntp/Dockerfile b/projects/ntp/Dockerfile index b70d4349dd40..c59113e85dc6 100644 --- a/projects/ntp/Dockerfile +++ b/projects/ntp/Dockerfile @@ -16,7 +16,7 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool bison flex rsync lynx lld -RUN GIT_SSL_NO_VERIFY=true git clone -b dev https://bitbucket.nwtime.org/pc/ntp.git ntp-dev +RUN git clone -b dev https://github.com/ntp-project/ntp.git ntp-dev WORKDIR $SRC COPY build.sh $SRC/ COPY patch.diff $SRC/ diff --git a/projects/num-bigint/Dockerfile b/projects/num-bigint/Dockerfile index 19e7eaba3b46..7e579ab12c39 100644 --- a/projects/num-bigint/Dockerfile +++ b/projects/num-bigint/Dockerfile @@ -16,7 +16,7 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool wget python -RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz -RUN git clone --depth 1 https://github.com/randombit/botan.git +RUN git clone --depth 1 https://github.com/MozillaSecurity/cryptofuzz +RUN git clone --branch 3.8.0 --depth 1 https://github.com/randombit/botan.git RUN wget https://archives.boost.io/release/1.84.0/source/boost_1_84_0.tar.bz2 COPY build.sh $SRC/ diff --git a/projects/s2geometry/build.sh b/projects/s2geometry/build.sh index da2688941f7b..2d8f6efa251a 100755 --- a/projects/s2geometry/build.sh +++ b/projects/s2geometry/build.sh @@ -18,7 +18,7 @@ cp $SRC/s2_fuzzer.cc $SRC/s2geometry/src/ cd $SRC/ -git clone --depth=1 https://github.com/abseil/abseil-cpp +git clone --depth=1 --branch 20260107.1 https://github.com/abseil/abseil-cpp cd abseil-cpp mkdir build && cd build cmake -DCMAKE_POSITION_INDEPENDENT_CODE=ON ../ && make && make install diff --git a/projects/s2geometry/project.patch b/projects/s2geometry/project.patch index 3b8980f0410d..ba1dc87a4d47 100644 --- a/projects/s2geometry/project.patch +++ b/projects/s2geometry/project.patch @@ -1,16 +1,16 @@ diff --git a/CMakeLists.txt b/CMakeLists.txt -index 5d951b0..9c6358d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -228,7 +228,11 @@ if (GOOGLETEST_ROOT) - src/s2/thread_testing.cc) - endif() - +@@ -289,6 +289,12 @@ + absl::utility + absl::vlog_is_on + ${CMAKE_THREAD_LIBS_INIT}) ++ +add_executable(s2fuzzer src/s2_fuzzer.cc) +set_target_properties(s2fuzzer PROPERTIES LINK_FLAGS $ENV{LIB_FUZZING_ENGINE}) -+ - target_link_libraries( -+ s2fuzzer - s2 - ${OPENSSL_LIBRARIES} - absl::absl_vlog_is_on ++target_link_libraries(s2fuzzer ++ s2 ++ ${OPENSSL_LIBRARIES}) + + # Allow other CMake projects to use this one with: + # list(APPEND CMAKE_MODULE_PATH "/third_party/cmake") diff --git a/projects/sentencepiece/build.sh b/projects/sentencepiece/build.sh index a65394ef21a1..7f141f025a98 100755 --- a/projects/sentencepiece/build.sh +++ b/projects/sentencepiece/build.sh @@ -23,6 +23,13 @@ cd build cmake ../ -B ./ -DSPM_ENABLE_SHARED=ON -DCMAKE_INSTALL_PREFIX=./root -DSPM_BUILD_TEST=ON cmake --build ./ --config Release --target install --parallel $(nproc) +# Collect absl static libraries produced during the build. Upstream now +# depends on abseil (logging, hashing, random, containers); the installed +# libsentencepiece*.a archives reference absl symbols but do not bundle +# them, so fuzzers (and the helper generate_model binary) must link them +# explicitly. +ABSL_LIBS=$(find third_party/abseil-cpp -name '*.a' | sort -u) + # Generate a minimal sentencepiece model for the processor_text_fuzzer. # Use the sanitized compiler but link without the fuzzer engine since # this is a regular executable, not a fuzzer. @@ -30,7 +37,10 @@ $CXX $CXXFLAGS -std=c++17 \ -I../src -I../src/builtin_pb -I../third_party/protobuf-lite \ -I. -I./root/include \ $SRC/generate_model.cc \ - ./root/lib/*.a \ + -Wl,--start-group \ + ./root/lib/libsentencepiece_train.a ./root/lib/libsentencepiece.a \ + $ABSL_LIBS \ + -Wl,--end-group \ -lpthread \ -o generate_model @@ -68,7 +78,10 @@ for fuzzer in $(find $SRC -name '*_fuzzer.cc' | grep -v 'third_party'); do $CXX $CXXFLAGS -std=c++17 \ -I. -I./root/include \ $fuzzer $LIB_FUZZING_ENGINE \ + -Wl,--start-group \ ./root/lib/libsentencepiece_train.a ./root/lib/libsentencepiece.a \ + $ABSL_LIBS \ + -Wl,--end-group \ -lpthread \ -o $OUT/$fuzz_basename done diff --git a/projects/sound-open-firmware/project.yaml b/projects/sound-open-firmware/project.yaml index b2d7f7a2e4a1..e15d99f32ef4 100644 --- a/projects/sound-open-firmware/project.yaml +++ b/projects/sound-open-firmware/project.yaml @@ -3,13 +3,13 @@ primary_contact: "johnylin@google.com" language: c auto_ccs: - "andyross@google.com" - - "ranjani.sridharan@intel.corp-partner.google.com" - "lgirdwood@gmail.com" - "sathyanarayana.nujella@intel.corp-partner.google.com" - "adrian.bonislawski@intel.com" - "jyri.sarha@intel.com" - "rander.wang@intel.com" - - "flavio.ceolin@intel.com" + - "tomasz.m.leman@intel.com" + - "kai.vehmanen@linux.intel.com" fuzzing_engines: - libfuzzer sanitizers: diff --git a/projects/yara/build.sh b/projects/yara/build.sh index 6709058e83c1..1dfad1528271 100755 --- a/projects/yara/build.sh +++ b/projects/yara/build.sh @@ -26,7 +26,7 @@ fuzzers=$(find $SRC/yara/tests/oss-fuzz/ -name "*.cc") for f in $fuzzers; do fuzzer_name=$(basename -s ".cc" $f) echo "Building $fuzzer_name" - $CXX $CXXFLAGS -std=c++11 -I. $f -o $OUT/$fuzzer_name \ + $CXX $CXXFLAGS -std=c++17 -I. -Ilibyara/include $f -o $OUT/$fuzzer_name \ ./.libs/libyara.a \ $LIB_FUZZING_ENGINE if [ -d "$SRC/yara/tests/oss-fuzz/${fuzzer_name}_corpus" ]; then