From 4a7c69123f5d8948a0a78b4e45f3cba0c182bf62 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 14 Mar 2024 09:00:15 +0100
Subject: [PATCH 1/4] ci: update ubuntu22.04 builds with clang14+asan

using a workround about ASLR
---
 .github/workflows/builds.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml
index 21d3531f79cf..6f656282910b 100644
--- a/.github/workflows/builds.yml
+++ b/.github/workflows/builds.yml
@@ -1519,6 +1519,7 @@ jobs:
                 parallel \
                 python3-yaml \
                 software-properties-common \
+                sudo \
                 zlib1g \
                 zlib1g-dev \
                 exuberant-ctags \
@@ -1546,6 +1547,11 @@ jobs:
           cp prep/cbindgen $HOME/.cargo/bin
           chmod 755 $HOME/.cargo/bin/cbindgen
           echo "$HOME/.cargo/bin" >> $GITHUB_PATH
+      - name: Fix kernel mmap rnd bits
+      # Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
+      # high-entropy ASLR in much newer kernels that GitHub runners are
+      # using leading to random crashes: https://github.com/actions/runner-images/issues/9491
+        run: sudo sysctl vm.mmap_rnd_bits=28
       - run: ./autogen.sh
       - run: ./configure --with-gnu-ld --enable-fuzztargets --disable-shared --enable-gccprotect
         env:
@@ -1776,6 +1782,7 @@ jobs:
                 python3-yaml \
                 rustc \
                 software-properties-common \
+                sudo \
                 zlib1g \
                 zlib1g-dev \
                 exuberant-ctags
@@ -1795,6 +1802,11 @@ jobs:
           cp prep/cbindgen $HOME/.cargo/bin
           chmod 755 $HOME/.cargo/bin/cbindgen
           echo "$HOME/.cargo/bin" >> $GITHUB_PATH
+      - name: Fix kernel mmap rnd bits
+      # Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
+      # high-entropy ASLR in much newer kernels that GitHub runners are
+      # using leading to random crashes: https://github.com/actions/runner-images/issues/9491
+        run: sudo sysctl vm.mmap_rnd_bits=28
       - run: ./autogen.sh
       - run: ./configure --enable-debug-validation
         env:

From d8701a198093e4099b817cb0a282ed475c88b20b Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 14 Mar 2024 15:00:01 +0100
Subject: [PATCH 2/4] fixup! ci: update ubuntu22.04 builds with clang14+asan

---
 .github/workflows/builds.yml | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml
index 6f656282910b..b711932590a1 100644
--- a/.github/workflows/builds.yml
+++ b/.github/workflows/builds.yml
@@ -1471,7 +1471,12 @@ jobs:
   ubuntu-22-04-cov-fuzz:
     name: Ubuntu 22.04 (fuzz corpus coverage)
     runs-on: ubuntu-latest
-    container: ubuntu:22.04
+    container:
+      image: ubuntu:22.04
+      # Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
+      # high-entropy ASLR in much newer kernels that GitHub runners are
+      # using leading to random crashes: https://github.com/actions/runner-images/issues/9491
+      options: --sysctl vm.mmap_rnd_bits=28 --privileged
     needs: [prepare-deps, prepare-cbindgen]
     steps:
       - name: Cache ~/.cargo
@@ -1547,11 +1552,6 @@ jobs:
           cp prep/cbindgen $HOME/.cargo/bin
           chmod 755 $HOME/.cargo/bin/cbindgen
           echo "$HOME/.cargo/bin" >> $GITHUB_PATH
-      - name: Fix kernel mmap rnd bits
-      # Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
-      # high-entropy ASLR in much newer kernels that GitHub runners are
-      # using leading to random crashes: https://github.com/actions/runner-images/issues/9491
-        run: sudo sysctl vm.mmap_rnd_bits=28
       - run: ./autogen.sh
       - run: ./configure --with-gnu-ld --enable-fuzztargets --disable-shared --enable-gccprotect
         env:
@@ -1735,7 +1735,12 @@ jobs:
   ubuntu-22-04-debug-validation:
     name: Ubuntu 22.04 (Debug Validation)
     runs-on: ubuntu-22.04
-    container: ubuntu:22.04
+    container:
+      image: ubuntu:22.04
+      # Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
+      # high-entropy ASLR in much newer kernels that GitHub runners are
+      # using leading to random crashes: https://github.com/actions/runner-images/issues/9491
+      options: --sysctl vm.mmap_rnd_bits=28 --privileged
     needs: [prepare-deps, prepare-cbindgen]
     steps:
 
@@ -1802,11 +1807,6 @@ jobs:
           cp prep/cbindgen $HOME/.cargo/bin
           chmod 755 $HOME/.cargo/bin/cbindgen
           echo "$HOME/.cargo/bin" >> $GITHUB_PATH
-      - name: Fix kernel mmap rnd bits
-      # Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
-      # high-entropy ASLR in much newer kernels that GitHub runners are
-      # using leading to random crashes: https://github.com/actions/runner-images/issues/9491
-        run: sudo sysctl vm.mmap_rnd_bits=28
       - run: ./autogen.sh
       - run: ./configure --enable-debug-validation
         env:

From 82cf38a342e83646834c14e6456fc0dc2cb54013 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 14 Mar 2024 17:08:03 +0100
Subject: [PATCH 3/4] fixup! fixup! ci: update ubuntu22.04 builds with
 clang14+asan

---
 .github/workflows/builds.yml | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml
index b711932590a1..734af78e79bf 100644
--- a/.github/workflows/builds.yml
+++ b/.github/workflows/builds.yml
@@ -1471,12 +1471,6 @@ jobs:
   ubuntu-22-04-cov-fuzz:
     name: Ubuntu 22.04 (fuzz corpus coverage)
     runs-on: ubuntu-latest
-    container:
-      image: ubuntu:22.04
-      # Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
-      # high-entropy ASLR in much newer kernels that GitHub runners are
-      # using leading to random crashes: https://github.com/actions/runner-images/issues/9491
-      options: --sysctl vm.mmap_rnd_bits=28 --privileged
     needs: [prepare-deps, prepare-cbindgen]
     steps:
       - name: Cache ~/.cargo
@@ -1552,6 +1546,11 @@ jobs:
           cp prep/cbindgen $HOME/.cargo/bin
           chmod 755 $HOME/.cargo/bin/cbindgen
           echo "$HOME/.cargo/bin" >> $GITHUB_PATH
+      - name: Fix kernel mmap rnd bits
+      # Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
+      # high-entropy ASLR in much newer kernels that GitHub runners are
+      # using leading to random crashes: https://github.com/actions/runner-images/issues/9491
+        run: sudo sysctl vm.mmap_rnd_bits=28
       - run: ./autogen.sh
       - run: ./configure --with-gnu-ld --enable-fuzztargets --disable-shared --enable-gccprotect
         env:
@@ -1735,12 +1734,6 @@ jobs:
   ubuntu-22-04-debug-validation:
     name: Ubuntu 22.04 (Debug Validation)
     runs-on: ubuntu-22.04
-    container:
-      image: ubuntu:22.04
-      # Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
-      # high-entropy ASLR in much newer kernels that GitHub runners are
-      # using leading to random crashes: https://github.com/actions/runner-images/issues/9491
-      options: --sysctl vm.mmap_rnd_bits=28 --privileged
     needs: [prepare-deps, prepare-cbindgen]
     steps:
 
@@ -1807,6 +1800,11 @@ jobs:
           cp prep/cbindgen $HOME/.cargo/bin
           chmod 755 $HOME/.cargo/bin/cbindgen
           echo "$HOME/.cargo/bin" >> $GITHUB_PATH
+      - name: Fix kernel mmap rnd bits
+      # Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
+      # high-entropy ASLR in much newer kernels that GitHub runners are
+      # using leading to random crashes: https://github.com/actions/runner-images/issues/9491
+        run: sudo sysctl vm.mmap_rnd_bits=28
       - run: ./autogen.sh
       - run: ./configure --enable-debug-validation
         env:

From 95ececa334f92269c23c9b6f1ecaa6addc10d69a Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 14 Mar 2024 17:28:56 +0100
Subject: [PATCH 4/4] fixup! fixup! fixup! ci: update ubuntu22.04 builds with
 clang14+asan

---
 .github/workflows/builds.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml
index 734af78e79bf..3f3fd1241ee7 100644
--- a/.github/workflows/builds.yml
+++ b/.github/workflows/builds.yml
@@ -1471,6 +1471,9 @@ jobs:
   ubuntu-22-04-cov-fuzz:
     name: Ubuntu 22.04 (fuzz corpus coverage)
     runs-on: ubuntu-latest
+    container:
+      image: ubuntu:22.04
+      options: --privileged
     needs: [prepare-deps, prepare-cbindgen]
     steps:
       - name: Cache ~/.cargo
@@ -1734,6 +1737,9 @@ jobs:
   ubuntu-22-04-debug-validation:
     name: Ubuntu 22.04 (Debug Validation)
     runs-on: ubuntu-22.04
+    container:
+      image: ubuntu:22.04
+      options: --privileged
     needs: [prepare-deps, prepare-cbindgen]
     steps: