libjpeg-turbo uses a stable mainline branch model, so the main branch is
always stable and feeds into the current release series. The next-gen
evolving release series is developed in the dev branch, and bug fixes
are cherry-picked into stable branches for past release series.
It is desirable to fuzz the dev branch to ensure that bugs are caught
before the evolving code is merged down into main (which generally
occurs in conjunction with a beta release) and also to allow for the
fuzzers themselves to evolve along with the libjpeg-turbo feature set.
It is also desirable to fuzz the stable branch from the most recent
release series (2.0.x at the moment) to ensure that the same quality is
maintained from when that code occupied the main branch.
Note that both the Dockerfile and multi-branch build script included in
this commit accommodate the fact that the dev branch may not exist. The
dev branch will not exist between the time that the current release
series enters beta and the first feature for the next-gen release series
is developed.
Closes#7479
- Eliminate unnecessary packages from Docker image (Autotools has not
been required since libjpeg-turbo 1.5.x.)
- Obtain seed corpora from a new Git repository maintained by The
libjpeg-turbo Project. (This new repo contains the old corpora from
https://lcamtuf.coredump.cx, with duplicates removed, and some new
corpora curated from historical libjpeg-turbo bug reports.)
- Remove build.sh. (The libjpeg-turbo Project is now maintaining its
own build script in order to facilitate the future creation of new
fuzz targets.)
- Remove fuzz target source code. (The libjpeg-turbo Project is now
maintaining its own fuzz targets with better code coverage.)
- Update the project home page in project.yaml.
- Change the project language to C in project.yaml. (The new fuzz
targets are written in pure C rather than C++, since libjpeg-turbo is
a C-only project.)
DRC