simdsoft / 1kiss Goto Github PK
View Code? Open in Web Editor NEWBuilding opensources for multi-platforms with github actions.
License: Apache License 2.0
1kiss's People
Contributors
Stargazers
Watchers
1kiss's Issues
Workflows are referencing vulnerable actions
Hello, there!
As part of the university research we are currently doing regarding the security of Github Actions, we noticed that one or many of the workflows that are part of this repository are referencing vulnerable versions of the third-party actions. As part of a disclosure process, we decided to open issues to notify GitHub Community.
Please note that there are could be some false positives in our methodology, thus not all of the open issues could be valid. If that is the case, please let us know, so that we can improve on our approach. You can contact me directly using an email: ikoishy [at] ncsu.edu
Thanks in advance
- The workflow build-ci.yml is referencing action ilammy/msvc-dev-cmd using references v1.9.0. However this reference is missing the commit 74a501b which may contain fix to the vulnerability.
The vulnerability fix that is missing by actions' versions could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider updating the reference to the action.
If you end up updating the reference, please let us know. We need the stats for the paper :-)
Support for xcframework (macos, ios, tvos, catalyst)
Hi,
We need the xcframework for plataforms (macos x64, macos arm64, ios arm64, ios simulator x64 and arm64, tvos simulator and device x64 and arm64, catalyst x64 and arm64)
-
Create a library for each platform and use cmake platform selector to specify the correct library for each:
https://github.com/leetal/ios-cmake/blob/master/ios.toolchain.cmake#L353-L374 -
Create an IF that check effective platform, example:
https://github.com/tdlib/td/blob/master/CMake/iOS.cmake#L66-L119 -
Create a xcframework that is a simple command that unify all .a or .so or .dylib files after you use lipo:
Do a lipo to join all simulators x64 and arm64 into one lib and after, create the xcframework:
xcodebuild -create-xcframework \
-library ./libxyz_macos.a \
-headers ./include/ \
-library ./libxyz_iossimulator.a \
-headers ./include/ \
-library ./libxyz_maccatalyst.a \
-headers ./include/ \
-library ./libxyz_tvos.a \
-headers ./include/ \
-library ./libxyz_ios.a \
-headers ./include/ \
-output XYZ.xcframework
Thanks.
Support M1 and Android x64
I've updated the buildscripts in my fork of buildware: see https://github.com/pietpukkel/buildware
Buildscript now builds (on my Mac) Mac x64 and arm64 binaries and the distribution scripts make them to fat libraries. I've also added x64 libraries for Android (have not been able to test the results yet). Delete all files in buildsrc after every build.
The only issue that I have is in bulding libjitlua. Building seems to succeed for iOS/Mac but the resulting libs are most likely corrupted. Building for Android fails (for luajit). So these build steps need some TLC from someone with a bit more expertise than I have. I also see no test that actually uses this library.
Assuming the windows powershell scripts only generate the libraries for windows, i have not touched these (or looked at them).
Workflows are referencing vulnerable actions
Hello, there!
As part of the university research we are currently doing regarding the security of Github Actions, we noticed that one or many of the workflows that are part of this repository are referencing vulnerable versions of the third-party actions. As part of a disclosure process, we decided to open issues to notify GitHub Community.
Please note that there are could be some false positives in our methodology, thus not all of the open issues could be valid. If that is the case, please let us know, so that we can improve on our approach. You can contact me directly using an email: ikoishy [at] ncsu.edu
Thanks in advance
- The workflow build-ci.yml is referencing action ilammy/msvc-dev-cmd using references v1.9.0. However this reference is missing the commit 74a501b which may contain fix to the vulnerability.
The vulnerability fix that is missing by actions' versions could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider updating the reference to the action.
If you end up updating the reference, please let us know. We need the stats for the paper :-)
Build for tvOS
Hi,
Do you have any fast contact instead of write message by message?
Thanks.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.