libjpeg-turbo uses a stable mainline branch model, so the main branch is
always stable and feeds into the current release series. The next-gen
evolving release series is developed in the dev branch, and bug fixes
are cherry-picked into stable branches for past release series.
It is desirable to fuzz the dev branch to ensure that bugs are caught
before the evolving code is merged down into main (which generally
occurs in conjunction with a beta release) and also to allow for the
fuzzers themselves to evolve along with the libjpeg-turbo feature set.
It is also desirable to fuzz the stable branch from the most recent
release series (2.0.x at the moment) to ensure that the same quality is
maintained from when that code occupied the main branch.
Note that both the Dockerfile and multi-branch build script included in
this commit accommodate the fact that the dev branch may not exist. The
dev branch will not exist between the time that the current release
series enters beta and the first feature for the next-gen release series
is developed.
Closes#7479
- Eliminate unnecessary packages from Docker image (Autotools has not
been required since libjpeg-turbo 1.5.x.)
- Obtain seed corpora from a new Git repository maintained by The
libjpeg-turbo Project. (This new repo contains the old corpora from
https://lcamtuf.coredump.cx, with duplicates removed, and some new
corpora curated from historical libjpeg-turbo bug reports.)
- Remove build.sh. (The libjpeg-turbo Project is now maintaining its
own build script in order to facilitate the future creation of new
fuzz targets.)
- Remove fuzz target source code. (The libjpeg-turbo Project is now
maintaining its own fuzz targets with better code coverage.)
- Update the project home page in project.yaml.
- Change the project language to C in project.yaml. (The new fuzz
targets are written in pure C rather than C++, since libjpeg-turbo is
a C-only project.)
libjpeg-turbo 2.1 now requires NASM 2.13 or later or YASM 1.2.0 or
later. Since the Docker image is based on Ubuntu 16.04, NASM 2.13 isn't
available, so the easiest workaround is to use YASM instead.
Fixes#4931
https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/
I ran into this because I was getting errors locally, like:
E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/d/dpkg/libdpkg-perl_1.18.4ubuntu1.1_all.deb 404 Not Found [IP: 91.189.88.149 80]
It turns out you get these if you don't update, and the official best practices are to `run apt-get update && apt-get install`. In fact, running _any_ apt-get install command without the apt-get update && before it can result in unfortunate caching artifacts -- see "cache busting". (P.S. thanks to Peng on Freenode for helping me, I'm bad at Ubuntu.)
So:
sed -re \
's/RUN apt-get ((-y )?(install|build-dep))/RUN apt-get update \&\& apt-get \1/' -i \
projects/**/Dockerfile
I also manually fixed the cases that already ran apt-get update in their Dockerfile:
dlplibs/Dockerfile
grpc/Dockerfile
libreoffice/Dockerfile
DRC