The upstream freetype-testing project now pulls llvm-project and builds
libcxx and libcxx-abi and statically links against them to support the
use of C++ in the fuzzer driver.
The upstream build of the fuzzer currently builds freetype --without-zlib
and --without-png so these are not needed. In addition, because of the
way these dependencies are used they must be built with the sanitizer in
order to detect interesting issues like CVE-2020-15999, where FreeType
may call into libpng incorrectly but it is libpng which actually does
the reads and writes. This has been proposed upstream at
https://github.com/freetype/freetype2-testing/pull/86 which uses
prefixes to ensure that the system symbols are never used, but it would
be beneficial to not have them available at all.
* [presubmit] Enforce language attribute in projectt.yaml to be always set.
* Update documentation, better presubmit check, new project template.
* add docstring to templates.py
* Add example values in the project.yaml template and remove python value for now
* Add "project: c++" to 256 projects
* format
* Add labels and selective_unpack sections to the presubmit check
* fix incorrect auto_ccs format in three projects
* fix nss emails after rebase
Rationale: I am maintaining the inclusion and rolling of FreeType into
Chromium and have been fixing bugs found by pdfium and chromium fuzzing
in FreeType.
* Add Mozilla fuzzing team to auto_cc of their used 3rd party libraries
* Use new vendor_ccs field in projects.yml (#2703)
* Remove not yet approved projects
* Remove not yet approved projects
- Build the known target `ftfuzzer' with FreeType's new, dedicated testing repository.
- Move most of the build logic regarding the fuzz targets to FreeType's repository.
https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/
I ran into this because I was getting errors locally, like:
E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/d/dpkg/libdpkg-perl_1.18.4ubuntu1.1_all.deb 404 Not Found [IP: 91.189.88.149 80]
It turns out you get these if you don't update, and the official best practices are to `run apt-get update && apt-get install`. In fact, running _any_ apt-get install command without the apt-get update && before it can result in unfortunate caching artifacts -- see "cache busting". (P.S. thanks to Peng on Freenode for helping me, I'm bad at Ubuntu.)
So:
sed -re \
's/RUN apt-get ((-y )?(install|build-dep))/RUN apt-get update \&\& apt-get \1/' -i \
projects/**/Dockerfile
I also manually fixed the cases that already ran apt-get update in their Dockerfile:
dlplibs/Dockerfile
grpc/Dockerfile
libreoffice/Dockerfile
bungeman