pick VCPKG patches
PiperOrigin-RevId: 816142562
diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml
index d1cb80f..dc5f845 100644
--- a/.github/workflows/build_test.yml
+++ b/.github/workflows/build_test.yml
@@ -6,12 +6,16 @@
# Workflow for building and running tests under Ubuntu
name: Build/Test
+
on:
push:
branches:
- master
pull_request:
- types: [opened, reopened, labeled, synchronize]
+ types: [opened, reopened, labeled, unlabeled, synchronize]
+
+permissions:
+ contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
@@ -192,6 +196,12 @@
CXX: ${{ matrix.cxx_compiler || 'gcc' }}
steps:
+
+ - name: Harden Runner
+ uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+ with:
+ egress-policy: audit
+
- name: Install extra deps @ Ubuntu
if: ${{ runner.os == 'Linux' }}
# Already installed: bazel, clang{13-15}, cmake, gcc{9.5-13.1}, java{8,11,17,21}, maven, python{3.10}
@@ -319,6 +329,11 @@
image: ubuntu:22.04
steps:
+ - name: Harden Runner
+ uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+ with:
+ egress-policy: audit
+
- name: Install deps
run: |
apt update
diff --git a/.github/workflows/build_test_wasm.yml b/.github/workflows/build_test_wasm.yml
new file mode 100644
index 0000000..0346374
--- /dev/null
+++ b/.github/workflows/build_test_wasm.yml
@@ -0,0 +1,70 @@
+# Copyright 2025 Google Inc. All Rights Reserved.
+#
+# Distributed under MIT license.
+# See file LICENSE for detail or copy at https://opensource.org/licenses/MIT
+
+# Workflow for building and running tests with WASM
+
+name: Build/Test WASM
+
+on:
+ push:
+ branches:
+ - master
+ pull_request:
+ types: [opened, reopened, labeled, unlabeled, synchronize]
+
+permissions:
+ contents: read
+
+concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
+ cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+jobs:
+ build_test_wasm:
+ name: Build and test with WASM
+ runs-on: ubuntu-latest
+ env:
+ CCACHE_DIR: ${{ github.workspace }}/.ccache
+ BUILD_TARGET: wasm32
+ EM_VERSION: 3.1.51
+ # As of 28.08.2025 ubuntu-latest is 24.04; it is shipped with node 22.18
+ NODE_VERSION: 22
+
+ steps:
+
+ - name: Harden Runner
+ uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+ with:
+ egress-policy: audit
+
+ - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+ with:
+ submodules: true
+ fetch-depth: 1
+
+ - name: Install node
+ uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+ with:
+ node-version: ${{env.NODE_VERSION}}
+
+ - name: Get non-EMSDK node path
+ run: which node >> $HOME/.base_node_path
+
+ - name: Install emsdk
+ uses: mymindstorm/setup-emsdk@6ab9eb1bda2574c4ddb79809fc9247783eaf9021 # v14
+ with:
+ version: ${{env.EM_VERSION}}
+ no-cache: true
+
+ - name: Set EMSDK node version
+ run: |
+ echo "NODE_JS='$(cat $HOME/.base_node_path)'" >> $EMSDK/.emscripten
+ emsdk construct_env
+
+ - name: Build
+ run: |
+ LDFLAGS=" -s ALLOW_MEMORY_GROWTH=1 -s NODERAWFS=1 " emcmake cmake -B out .
+ cmake --build out
+ cd out; ctest --output-on-failure; cd ..
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 03da18b..0661268 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -9,6 +9,9 @@
schedule:
- cron: '18 15 * * 0'
+permissions:
+ contents: read
+
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
@@ -30,6 +33,12 @@
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ]
steps:
+
+ - name: Harden Runner
+ uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+ with:
+ egress-policy: audit
+
- name: Checkout repository
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml
index ac0ace5..ea834ec 100644
--- a/.github/workflows/fuzz.yml
+++ b/.github/workflows/fuzz.yml
@@ -6,8 +6,12 @@
# Workflow for building / running oss-fuzz.
name: CIFuzz
+
on: [pull_request]
+permissions:
+ contents: read
+
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
@@ -16,17 +20,25 @@
Fuzzing:
runs-on: ubuntu-latest
steps:
+
+ - name: Harden Runner
+ uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+ with:
+ egress-policy: audit
+
- name: Build Fuzzers
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
with:
oss-fuzz-project-name: 'brotli'
dry-run: false
+
- name: Run Fuzzers
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
with:
oss-fuzz-project-name: 'brotli'
fuzz-seconds: 600
dry-run: false
+
- name: Upload Crash
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: failure()
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 74d7b07..3e0cc80 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -1,3 +1,10 @@
+# Copyright 2025 Google Inc. All Rights Reserved.
+#
+# Distributed under MIT license.
+# See file LICENSE for detail or copy at https://opensource.org/licenses/MIT
+
+# Workflow for checking typos and buildifier, formatting, etc.
+
name: "Lint"
on:
@@ -8,6 +15,9 @@
schedule:
- cron: '18 15 * * 0'
+permissions:
+ contents: read
+
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
@@ -18,6 +28,12 @@
runs-on: 'ubuntu-latest'
steps:
+
+ - name: Harden Runner
+ uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+ with:
+ egress-policy: audit
+
- name: Checkout repository
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 29190b9..40b9d94 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -14,7 +14,10 @@
release:
types: [ published ]
pull_request:
- types: [opened, reopened, labeled, synchronize]
+ types: [opened, reopened, labeled, unlabeled, synchronize]
+
+permissions:
+ contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
@@ -59,6 +62,12 @@
VCPKG_DISABLE_METRICS: 1
steps:
+
+ - name: Harden Runner
+ uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+ with:
+ egress-policy: audit
+
- name: Checkout the source
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
@@ -100,17 +109,20 @@
-DCMAKE_TOOLCHAIN_FILE=${VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake \
-DVCPKG_TARGET_TRIPLET=${{ matrix.triplet }} \
#
+
- name: Build
shell: 'bash'
run: |
set -x
cmake --build out --config Release
+
- name: Install
shell: 'bash'
run: |
set -x
cmake --build out --config Release --target install
cp LICENSE prefix/bin/LICENSE.brotli
+
- name: Upload artifacts
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
@@ -138,6 +150,11 @@
shell: bash
steps:
+ - name: Harden Runner
+ uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+ with:
+ egress-policy: audit
+
- name: Checkout the source
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
@@ -163,6 +180,11 @@
shell: bash
steps:
+ - name: Harden Runner
+ uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+ with:
+ egress-policy: audit
+
- name: Checkout the source
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 004fa4d..8aeddef 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -3,6 +3,7 @@
# policy, and support documentation.
name: Scorecard supply-chain security
+
on:
# For Branch-Protection check. Only the default branch is supported. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
@@ -14,13 +15,13 @@
push:
branches: [ "master" ]
+# Declare default permissions as read only.
+permissions: read-all
+
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
-# Declare default permissions as read only.
-permissions: read-all
-
jobs:
analysis:
name: Scorecard analysis
@@ -35,6 +36,11 @@
# actions: read
steps:
+ - name: Harden Runner
+ uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+ with:
+ egress-policy: audit
+
- name: "Checkout code"
uses: actions/checkout@v4 # v3.1.0
with:
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 634990b..22b21d2 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -10,17 +10,8 @@
cmake_policy(SET CMP0048 NEW)
project(brotli C)
-# Reflect CMake variable as a build option.
-option(BUILD_SHARED_LIBS "Build shared libraries" ON)
-set(BROTLI_BUILD_TOOLS ON CACHE BOOL "Build/install CLI tools")
-set(BROTLI_BUILD_FOR_PACKAGE OFF CACHE BOOL "Build/install both shared and static libraries")
-
-if (BROTLI_BUILD_FOR_PACKAGE AND NOT BUILD_SHARED_LIBS)
- message(FATAL_ERROR "Both BROTLI_BUILD_FOR_PACKAGE and BUILD_SHARED_LIBS are set.")
-endif()
-
if (NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES)
- message(STATUS "Setting build type to Release as none was specified.")
+ message(STATUS "Setting build type to Release as none was specified")
set(CMAKE_BUILD_TYPE "Release" CACHE STRING "Choose the type of build" FORCE)
else()
message(STATUS "Build type is '${CMAKE_BUILD_TYPE}'")
@@ -39,6 +30,20 @@
message("-- Compiler is not EMSCRIPTEN")
endif()
+if (BROTLI_EMSCRIPTEN)
+ message(STATUS "Switching to static build for EMSCRIPTEN")
+ set(BUILD_SHARED_LIBS OFF)
+endif()
+
+# Reflect CMake variable as a build option.
+option(BUILD_SHARED_LIBS "Build shared libraries" ON)
+set(BROTLI_BUILD_TOOLS ON CACHE BOOL "Build/install CLI tools")
+set(BROTLI_BUILD_FOR_PACKAGE OFF CACHE BOOL "Build/install both shared and static libraries")
+
+if (BROTLI_BUILD_FOR_PACKAGE AND NOT BUILD_SHARED_LIBS)
+ message(FATAL_ERROR "Both BROTLI_BUILD_FOR_PACKAGE and BUILD_SHARED_LIBS are set")
+endif()
+
# If Brotli is being bundled in another project, we don't want to
# install anything. However, we want to let people override this, so
# we'll use the BROTLI_BUNDLED_MODE variable to let them do that; just
@@ -86,9 +91,13 @@
include(CheckLibraryExists)
set(LIBM_LIBRARY)
+set(LIBM_DEP)
CHECK_LIBRARY_EXISTS(m log2 "" HAVE_LIB_M)
if (HAVE_LIB_M)
set(LIBM_LIBRARY "m")
+ if (NOT BUILD_SHARED_LIBS)
+ set(LIBM_DEP "-lm")
+ endif()
endif()
set(BROTLI_INCLUDE_DIRS "${CMAKE_CURRENT_SOURCE_DIR}/c/include")
@@ -110,16 +119,10 @@
endif() # BROTLI_BUILD_FOR_PACKAGE
mark_as_advanced(BROTLI_LIBRARIES)
-if (${CMAKE_SYSTEM_NAME} MATCHES "Linux")
- add_definitions(-DOS_LINUX)
-elseif (${CMAKE_SYSTEM_NAME} MATCHES "FreeBSD")
- add_definitions(-DOS_FREEBSD)
-elseif (${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
- add_definitions(-DOS_MACOSX)
-endif() # CMAKE_SYSTEM_NAME
+if (MSVC)
+ message(STATUS "Defining _CRT_SECURE_NO_WARNINGS to avoid warnings about security")
-if (BROTLI_EMSCRIPTEN)
- set(BUILD_SHARED_LIBS OFF)
+ add_definitions(-D_CRT_SECURE_NO_WARNINGS)
endif()
file(GLOB_RECURSE BROTLI_COMMON_SOURCES RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} c/common/*.c)
@@ -159,10 +162,8 @@
set_property(TARGET ${lib} APPEND PROPERTY INTERFACE_INCLUDE_DIRECTORIES "$<BUILD_INTERFACE:${BROTLI_INCLUDE_DIRS}>")
endforeach() # BROTLI_xxx_LIBRARIES
-if (NOT BROTLI_EMSCRIPTEN)
- target_link_libraries(brotlidec brotlicommon)
- target_link_libraries(brotlienc brotlicommon)
-endif()
+target_link_libraries(brotlidec brotlicommon)
+target_link_libraries(brotlienc brotlicommon)
# For projects stuck on older versions of CMake, this will set the
# BROTLI_INCLUDE_DIRS and BROTLI_LIBRARIES variables so they still
@@ -216,7 +217,14 @@
message(STATUS "wine not found, disabling tests")
set(BROTLI_DISABLE_TESTS TRUE)
endif()
- endif()
+ endif() # WIN32 emulation
+ if (BROTLI_EMSCRIPTEN)
+ find_program(BROTLI_WRAPPER NAMES node)
+ if (NOT BROTLI_WRAPPER)
+ message(STATUS "node not found, disabling tests")
+ set(BROTLI_DISABLE_TESTS TRUE)
+ endif()
+ endif() # BROTLI_EMSCRIPTEN
endif() # BROTLI_DISABLE_TESTS
# NB: BROTLI_DISABLE_TESTS might have changed.
@@ -346,6 +354,7 @@
set(PREFIX "${CMAKE_INSTALL_PREFIX}")
string(REGEX REPLACE "@prefix@" "${PREFIX}" TEXT ${TEXT})
string(REGEX REPLACE "@exec_prefix@" "${PREFIX}" TEXT ${TEXT})
+ string(REGEX REPLACE "@libm@" "${LIBM_DEP}" TEXT ${TEXT})
generate_pkg_config_path(LIBDIR "${CMAKE_INSTALL_FULL_LIBDIR}" prefix "${PREFIX}")
string(REGEX REPLACE "@libdir@" "${LIBDIR}" TEXT ${TEXT})
diff --git a/scripts/libbrotlicommon.pc.in b/scripts/libbrotlicommon.pc.in
index 2a8cf7a..b4861c2 100644
--- a/scripts/libbrotlicommon.pc.in
+++ b/scripts/libbrotlicommon.pc.in
@@ -7,5 +7,5 @@
URL: https://github.com/google/brotli
Description: Brotli common dictionary library
Version: @PACKAGE_VERSION@
-Libs: -L${libdir} -lbrotlicommon
+Libs: -L${libdir} -lbrotlicommon @libm@
Cflags: -I${includedir}
diff --git a/setup.py b/setup.py
index 88ca7c2..ea7c675 100644
--- a/setup.py
+++ b/setup.py
@@ -94,9 +94,7 @@
objects = []
macros = ext.define_macros[:]
- if platform.system() == "Darwin":
- macros.append(("OS_MACOSX", "1"))
- elif self.compiler.compiler_type == "mingw32":
+ if self.compiler.compiler_type == "mingw32":
# On Windows Python 2.7, pyconfig.h defines "hypot" as "_hypot",
# This clashes with GCC's cmath, and causes compilation errors when
# building under MinGW: http://bugs.python.org/issue11566
