Alternative fix for CVE-2022-4304 #1441
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: GitHub CI | |
on: [pull_request, push] | |
# for some reason, this does not work: | |
# variables: | |
# BUILDOPTS: "-j4" | |
# not implemented for v1.1.1: HARNESS_JOBS: "${HARNESS_JOBS:-4}" | |
# for some reason, this does not work: | |
# before_script: | |
# - make="make -s" | |
jobs: | |
check_update: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: config | |
run: ./config --strict-warnings && perl configdata.pm --dump | |
- name: make build_generated | |
run: make -s build_generated | |
- name: make update | |
run: make -s update | |
- name: git diff | |
run: git diff --exit-code | |
check_docs: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: config | |
run: ./config --strict-warnings && perl configdata.pm --dump | |
- name: make build_generated | |
run: make -s build_generated | |
- name: make doc-nits | |
run: make doc-nits | |
basic_gcc: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: config | |
run: ./config --strict-warnings && perl configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: make test | |
run: make test | |
- name: make clean | |
run: make clean | |
- name: check dirty | |
run: test $(git status --porcelain | wc -l) -eq "0" | |
basic_clang: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: config | |
run: CC=clang ./config --strict-warnings && perl configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: make test | |
run: make test | |
- name: make clean | |
run: make clean | |
- name: check dirty | |
run: test $(git status --porcelain | wc -l) -eq "0" | |
minimal: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: config | |
run: ./config --strict-warnings no-shared no-dso no-pic no-async no-autoload-config no-blake2 no-bf no-camellia no-cast no-chacha no-cmac no-cms no-comp no-ct no-des no-dgram no-dh no-dsa no-dtls no-ec2m no-engine no-filenames no-gost no-idea no-mdc2 no-md4 no-multiblock no-nextprotoneg no-ocsp no-ocb no-poly1305 no-psk no-rc2 no-rc4 no-rmd160 no-seed no-siphash no-sm2 no-sm3 no-sm4 no-srp no-srtp no-ssl3 no-ssl3-method no-ts no-ui-console no-whirlpool no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: make test | |
run: make test | |
- name: make clean | |
run: make clean | |
- name: check dirty | |
run: test $(git status --porcelain | wc -l) -eq "0" | |
out-of-tree_build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: setup build dir | |
run: | | |
set -eux | |
mkdir -p ${myblddir:=../_build/nest/a/little/more} | |
echo "mysrcdir=$(realpath .)" | tee -a $GITHUB_ENV | |
echo "myblddir=$(realpath $myblddir)" | tee -a $GITHUB_ENV | |
- name: config | |
run: set -eux ; cd ${{ env.myblddir }} && ${{ env.mysrcdir }}/config --strict-warnings && perl configdata.pm --dump | |
- name: make build_generated | |
run: set -eux; cd ${{ env.myblddir }} && make -s build_generated | |
- name: make update | |
run: set -eux; cd ${{ env.myblddir }} && make update | |
- name: make | |
run: set -eux; cd ${{ env.myblddir }} && make -s -j4 | |
- name: make test (minimal subset) | |
run: set -eux; cd ${{ env.myblddir }} && make test TESTS='0[0-9]' | |
no-deprecated: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: config | |
run: ./config --strict-warnings no-deprecated && perl configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: make test | |
run: make test | |
- name: make clean | |
run: make clean | |
- name: check dirty | |
run: test $(git status --porcelain | wc -l) -eq "0" | |
sanitizers: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: config | |
run: ./config --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 && perl configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: make test | |
run: make test OPENSSL_TEST_RAND_ORDER=0 | |
- name: make clean | |
run: make clean | |
- name: check dirty | |
run: test $(git status --porcelain | wc -l) -eq "0" | |
enable_non-default_options: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: config | |
run: ./config --strict-warnings enable-asan enable-ubsan enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-ntls enable-delegated-credential enable-cert-compression enable-export-sm4 && perl configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: make test | |
run: make test | |
- name: make clean | |
run: make clean | |
- name: check dirty | |
run: test $(git status --porcelain | wc -l) -eq "0" | |
symbol_prefix-test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: config | |
run: ./config --strict-warnings --symbol-prefix=BABA_ enable-asan enable-ubsan enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-ntls enable-delegated-credential enable-cert-compression && perl configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: make test | |
run: make test | |
- name: make clean | |
run: make clean | |
- name: check dirty | |
run: test $(git status --porcelain | wc -l) -eq "0" | |
legacy: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: config | |
run: ./config -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 && perl configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: make test | |
run: make test | |
- name: make clean | |
run: make clean | |
- name: check dirty | |
run: test $(git status --porcelain | wc -l) -eq "0" | |
buildtest: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: config | |
run: ./config no-makedepend enable-buildtest-c++ --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: make test | |
run: make test | |
- name: make clean | |
run: make clean | |
- name: check dirty | |
run: test $(git status --porcelain | wc -l) -eq "0" | |
ntls-without-sm234: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: config | |
run: ./config enable-ntls no-sm2 no-sm3 no-sm4 --strict-warnings && perl configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: make test | |
run: make test | |
- name: make clean | |
run: make clean | |
- name: check dirty | |
run: test $(git status --porcelain | wc -l) -eq "0" | |
ntls-sanitizers: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: config | |
run: ./config enable-ntls --strict-warnings enable-asan -fsanitize=address -static-libasan enable-crypto-mdebug enable-crypto-mdebug-backtrace && perl configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: make test | |
run: make test | |
- name: make clean | |
run: make clean | |
- name: check dirty | |
run: test $(git status --porcelain | wc -l) -eq "0" | |
ec_elgamal_test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: config | |
run: ./config --strict-warnings enable-asan enable-ubsan enable-ssl-trace enable-zlib enable-zlib-dynamic enable-ec_elgamal && perl configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: make test | |
run: make test | |
- name: make clean | |
run: make clean | |
- name: check dirty | |
run: test $(git status --porcelain | wc -l) -eq "0" | |
sm4ni_test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: config | |
run: ./config --strict-warnings enable-asan enable-ubsan -march=native && perl configdata.pm --dump | |
- name: make | |
run: make -s -j4 | |
- name: make test | |
run: make test | |
- name: make clean | |
run: make clean | |
- name: check dirty | |
run: test $(git status --porcelain | wc -l) -eq "0" |