397e3b46f0
Fix wget2 ( #8587 )
...
- Speed up and stabilize the build by building libunistring and libidn2
from tarball.
- Fix the build by explicitly adding -lz at link time.
2022-09-25 22:52:42 +01:00
3075f75c9e
Fix wget ( #8585 )
...
- Speed up and stabilize the build by building libunistring and libidn2
from tarball.
- Fix the build by explicitly adding -lz at link time.
2022-09-25 22:52:21 +01:00
08e3cd0175
Update project.yaml
2022-09-25 15:27:03 -04:00
fec3696af5
Fix a file name collision in libmagic's fuzzers ( #8584 )
2022-09-24 16:43:55 +01:00
244684cf54
Add a file-base fuzzer for libmagic ( #8542 )
...
Some libmagic features (like ELF parsing) are only working against files
on disk.
Co-authored-by: Julien Voisin <jvoisin@google.com>
2022-09-23 13:07:03 -07:00
39a4c95af3
git: Combine multiple git command fuzzer to one ( #8579 )
...
List of git commands covered
GIT_ADD
GIT_BRANCH
GIT_COMMIT
GIT_CONFIG
GIT_DIFF
GIT_DIFF_FILES
GIT_DIFF_INDEX
GIT_DIFF_TREE
GIT_LS_FILES
GIT_LS_TREE
GIT_MV
GIT_RERERE
GIT_STATUS
GIT_VERSION
2022-09-23 19:26:32 +01:00
551ad63712
spring-messaging: initial integration & improve project structure ( #8573 )
2022-09-23 10:34:35 -07:00
4a8e538e4b
lotus: fix broken build ( #8570 )
...
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: AdamKorcz <adam@adalogics.com>
2022-09-23 10:29:46 -07:00
b9722412e4
lcms: update profile fuzzer ( #8576 )
...
Add more APIs for the profile
2022-09-23 12:02:40 +01:00
2f272a1a2b
Update proto dep to v2 api ( #8572 )
...
With the most recent update to cel-go, the legacy proto package has been
completely replaced
by the v2 proto API. This change updates the import to reflect code
present in the cel-go vendor
directory.
2022-09-23 10:31:10 +01:00
8b62de2784
Add additional CCs for Ruby ( #8571 )
...
👋 Hello.
We'd like to include these additional Ruby Core team members in emails
and viewing results
2022-09-23 10:30:19 +01:00
099fa2e5f5
infra: bump Go to 1.19 ( #8568 )
...
Most projects have upgraded to 1.19 which is the latest version.
This upgrades Go to 1.19 in the base-image.
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: AdamKorcz <adam@adalogics.com>
2022-09-22 11:59:15 -07:00
85fd442246
[apache.felix.main] initial integration ( #8561 )
...
Main is not fuzzable. Fuzzing target is a JSON parser which is used in
webconsole. The webconsole is an installable bundle.
2022-09-22 10:50:19 -07:00
f227ad74c4
cilium: change base image ( #8569 )
...
Ciliums fuzzers break with the testing image. Changing to get them
running.
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: AdamKorcz <adam@adalogics.com>
2022-09-22 10:49:31 -07:00
95d5e613e7
[CFL] Support parallel fuzzing ( #8396 )
...
Related: https://github.com/google/clusterfuzzlite/issues/105
2022-09-22 11:21:35 -04:00
dc07f98f97
build(deps): bump commonmarker from 0.23.5 to 0.23.6 in /docs ( #8560 )
...
Bumps [commonmarker](https://github.com/gjtorikian/commonmarker ) from
0.23.5 to 0.23.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gjtorikian/commonmarker/releases ">commonmarker's
releases</a>.</em></p>
<blockquote>
<h2>v0.23.6</h2>
<h2>What's Changed</h2>
<p>This release includes two updates from the upstream
<code>cmark-gfm</code> library, namely:</p>
<ul>
<li><a href="https://github.com/github/cmark-gfm/releases ">DoS
vulnerability in autolink extension</a> per <a
href="https://github.com/github/cmark-gfm/security/advisories/GHSA-cgh3-p57x-9q7q ">GHSA-cgh3-p57x-9q7q</a></li>
<li><a
href="https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.5 ">Added
<code>xmpp:</code> and <code>mailto:</code> support to the autolink
extension</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a8f8d76fbchttps://github-redirect.dependabot.com/gjtorikian/commonmarker/issues/190 ">#190</a>
from anticomputer/main</li>
<li><a
href="ac91634631💎 release 0.23.6</li>
<li><a
href="777fd3054bhttps://github.com/github/cmark-gfm/commit/9d57d8a23 ">https://github.com/github/cmark-gfm/commit/9d57d8a23 </a>...</li>
<li><a
href="7aaeb37e97https://github-redirect.dependabot.com/gjtorikian/commonmarker/issues/188 ">#188</a>
from stevenlaidlaw/update-to-0290gfm5</li>
<li><a
href="795e628a40https://github.com/github/cmark-gfm/commit/0578e1e4f ">https://github.com/github/cmark-gfm/commit/0578e1e4f </a>...</li>
<li><a
href="39d19d6530https://github.com/github/cmark-gfm/commit/766f161ef ">https://github.com/github/cmark-gfm/commit/766f161ef </a>...</li>
<li><a
href="63b7bf89eehttps://github.com/gjtorikian/commonmarker/compare/v0.23.5...v0.23.6 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the
default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as
the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as
the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the
default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/google/oss-fuzz/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-22 10:45:09 -04:00
940112608a
Revert "toml_edit: initial integration ( #8524 )" ( #8564 )
...
This reverts commit 60884064b0
2022-09-22 09:59:56 -04:00
ff454e51fc
git: fix bug in issue 51681 51688 ( #8563 )
...
Fix bugs in fuzzers. Aim to solve double freeing of pointers and divided
by zero float pointer exception and size calculation.
Fixed os-fuzz issue 51681 and 51688.
2022-09-22 13:54:15 +01:00
179b15c946
[krb5] initial integration ( #8452 )
...
Hello @krb5 and Team @tlyu @greghudson @kaduk
Can you comment on ```krb5``` integration into ```oss-fuzz``` for
```security and fuzzing``` of krb5?
I and the ```oss-fuzz``` team would like to hear your thought on
integration.
Signed-off-by: 0x34d <ajsinghyadav00@gmail.com>
Signed-off-by: 0x34d <ajsinghyadav00@gmail.com>
2022-09-22 07:48:58 -04:00
25abca6b48
mongoose: refine build ( #8550 )
...
Fixes: https://github.com/google/oss-fuzz/issues/8549
2022-09-21 14:32:08 -07:00
c801737278
[wolfssl] Add seed corpus ( #8558 )
2022-09-21 21:51:26 +01:00
c8c9ee902b
[greenmail] initial integration ( #8556 )
2022-09-21 10:55:31 -07:00
6c1c004067
[spring-data-redis] Initial Integration ( #8555 )
2022-09-21 10:53:19 -07:00
880dba286e
Always add `testing` package usage in native_go_fuzzer ( #8546 )
...
This fixes an issue where the `testing.F` is replaced with a new
package; if this was the only usage of `testing` in the file then we end
up with `testing` being an unused import. A workaround for this is to
just always use `testing` via some placeholder variable.
2022-09-21 10:49:21 -07:00
20ab1292c1
[jmh] Initial Integration ( #8500 )
2022-09-21 10:46:38 -07:00
53205c63ec
jupyter_server: install npm to fix build ( #8557 )
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51399
2022-09-21 17:36:53 +01:00
bd848023c1
libass: migrate to upstream changes ( #8552 )
...
Fixes: https://github.com/google/oss-fuzz/issues/8526
2022-09-21 15:18:39 +01:00
7cd6569f8a
git: create git command fuzzers ( #8553 )
...
This PR aims to create fuzzers for the git project that fuzz each of the
git commands. The initial fuzzers created are targetting the following
git commands.
1. git-version
2. git-status
3. git-diff
4. git-diff-tree
5. git-diff-files
6. git-diff-index
2022-09-21 15:17:55 +01:00
1a651ea2fc
libevent: adding myself as auto_ccs ( #8551 )
...
CC @azat
2022-09-21 10:43:55 +01:00
a01c454376
spring-expression: initial integration ( #8488 )
2022-09-21 17:37:22 +10:00
2757ed6601
Pin Centipede to a more recent version ( #8543 )
...
A recent commit allows `Centipede` to add timestamps to its log, which
can be very helpful for debugging.
This PR intends to update `Centipede` to add that commit.
2022-09-21 15:02:44 +10:00
b95ae7b412
igraph: move libxml2 download to build script ( #8545 )
...
I have moved the libxml2 download to the build script from the
Dockerfile, so I can more easily update the version, and related
operations would not be split up. Is this okay with you?
See
5a89bbc76c
2022-09-20 14:39:26 -04:00
7765e4d548
infra: Update Jazzer to fix coverage build failures ( #8495 )
...
Fixes #8241
2022-09-20 13:37:22 -04:00
0fe33b3bd3
Add more compressed formats support for libmagic ( #8540 )
...
Co-authored-by: Julien Voisin <jvoisin@google.com>
2022-09-20 17:27:38 +01:00
1690d89456
KImageFormats: add RAW plugin fuzzer ( #8539 )
...
New fuzzer to test the new camera RAW plugin.
2022-09-20 17:27:19 +01:00
3f2bb3b38e
checker-framework: initial integration ( #8532 )
2022-09-20 09:50:42 -04:00
d5eb14f834
golang: modify fuzzer ( #8541 )
...
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: AdamKorcz <adam@adalogics.com>
2022-09-20 14:36:44 +01:00
e8ac9ba77e
cloud-hypervisor: Add additional fuzzers ( #8538 )
...
New fuzzers since last update: virtio-{balloon, pmem, rng, watchdog}
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2022-09-20 10:50:27 +01:00
a6af5704de
Revert "[gpsd] initial integration" ( #8537 )
...
Reverts google/oss-fuzz#8493
2022-09-20 17:30:12 +10:00
81006e27df
[gpsd] initial integration ( #8493 )
...
Hey @ckuethe ,
Can you take a look at this?
Signed-off-by: 0x34d <ajsinghyadav00@gmail.com>
Signed-off-by: 0x34d <ajsinghyadav00@gmail.com>
2022-09-20 16:52:15 +10:00
c8a9c23666
update afl++ commit id ( #8216 )
...
this fixes a bug that affects coverage.
Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
2022-09-19 18:48:32 -04:00
12c881f772
Use Swift 5.7.0. ( #8501 )
...
Swift 5.4.2 was released back in June 2021.
Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
2022-09-19 18:40:00 -04:00
f42f2551a9
Add a fuzzer for libmagic's db parsing ( #8536 )
...
Co-authored-by: Julien Voisin <jvoisin@google.com>
2022-09-19 13:57:09 -07:00
44d55a37f3
Process compressed files and analyse as much as possible ( #8535 )
...
- MAGIC_COMPRESS: If the file is compressed, unpack it and look at the
contents.
- MAGIC_CONTINUE: Return all matches, not just the first.
Co-authored-by: Julien Voisin <jvoisin@google.com>
2022-09-19 08:48:28 -07:00
5678b99ef5
spring-security-web: initial integration ( #8530 )
...
Co-authored-by: CheeseHunter117 <yoshi.weber@gmail.com>
2022-09-19 10:54:20 -04:00
609535a8df
Improve libmagic's corpus ( #8533 )
...
Co-authored-by: Julien Voisin <jvoisin@google.com>
2022-09-19 10:53:29 -04:00
ee3a25c0a4
igraph: update libxml2 to 2.10.0 ( #8534 )
2022-09-19 10:52:57 -04:00
60884064b0
toml_edit: initial integration ( #8524 )
...
Hi, [toml_edit](https://github.com/ordian/toml_edit ) crate allows you to
parse and modify toml documents, while preserving comments, spaces and
relative order or items.
- It has 2 million+ downloads as per
[crates.io](https://crates.io/crates/toml_edit ).
- It's being used by projects like
[cargo](https://github.com/rust-lang/cargo ),
[diem](https://github.com/diem/diem ),
[lapce](https://github.com/lapce/lapce ),
[materialize](https://github.com/MaterializeInc/materialize ),
[clap](https://github.com/clap-rs/clap ),
[foundry](https://github.com/foundry-rs/foundry ) as per [github's
dependent
graph](https://github.com/ordian/toml_edit/network/dependents?dependent_type=PACKAGE&package_id=UGFja2FnZS0zMjE3NzcwMjM2 )
and [crates.io's reverse
dependencies](https://crates.io/crates/toml_edit/reverse_dependencies ).
2022-09-19 10:52:29 -04:00
783cdab978
g-api-common-protos: fix build ( #8531 )
2022-09-19 11:28:33 +01:00
0277ae2e42
Update Mail ID ( #8529 )
...
updating the mail ID of Mr. @geographika
2022-09-19 10:25:20 +01:00
Tim Rühsen