2025-12-14 17:56:32 +01:00
8 changed files with 33 additions and 43 deletions
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/build-and-test.yml
@ -11,9 +11,9 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        version: [14]
+        version: [12, 13, 14]
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4
      - name: Setting up gcc version
        run: |
          sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-${{ matrix.version }} 100
@ -24,11 +24,11 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        version: [19, 20]
+        version: [14, 15, 16, 17, 18]
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4
      - name: Install dependencies
-        run: sudo apt-get update && sudo apt-get install -y --no-install-recommends clang-19 clang-20
+        run: sudo apt-get update && sudo apt-get install -y --no-install-recommends clang-14 clang-15
      - name: Setting up clang version
        run: |
          sudo update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang++-${{ matrix.version }} 100
@ -40,7 +40,7 @@ jobs:
    container:
      image: alpine:latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4
      - name: Install dependencies
        run: apk update && apk add build-base python3
      - name: Build
@ -48,7 +48,7 @@ jobs:
  build-ubuntu-gcc-aarch64:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4
      - name: Install dependencies
        run: sudo apt-get update && sudo apt-get install -y --no-install-recommends gcc-aarch64-linux-gnu g++-aarch64-linux-gnu libgcc-s1-arm64-cross cpp-aarch64-linux-gnu
      - name: Build
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-/out/
+out/
-/out-light/
+out-light/
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-Copyright © 2018-2025 GrapheneOS
+Copyright © 2018-2024 GrapheneOS
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/README.md
+++ b/README.md
@ -1,4 +1,4 @@
-# hardened_malloc
+# Hardened malloc
 * [Introduction](#introduction)
 * [Dependencies](#dependencies)
@ -65,14 +65,14 @@ used instead as this allocator fundamentally doesn't support that environment.
 ## Dependencies
-Debian stable (currently Debian 13) determines the most ancient set of
+Debian stable (currently Debian 12) determines the most ancient set of
 supported dependencies:
-* glibc 2.41
+* glibc 2.36
-* Linux 6.12
+* Linux 6.1
-* Clang 19.1.7 or GCC 14.2.0
+* Clang 14.0.6 or GCC 12.2.0
-For Android, the Linux GKI 6.1, 6.6 and 6.12 branches are supported.
+For Android, the Linux GKI 5.10, 5.15 and 6.1 branches are supported.
 However, using more recent releases is highly recommended. Older versions of
 the dependencies may be compatible at the moment but are not tested and will
@ -83,7 +83,7 @@ there will be custom integration offering better performance in the future
 along with other hardening for the C standard library implementation.
 For Android, only the current generation, actively developed maintenance branch of the Android
-Open Source Project will be supported, which currently means `android16-qpr1-release`.
+Open Source Project will be supported, which currently means `android15-release`.
 ## Testing
@ -159,11 +159,8 @@ line to the `/etc/ld.so.preload` configuration file:
 The format of this configuration file is a whitespace-separated list, so it's
 good practice to put each library on a separate line.
-For maximum compatibility `libhardened_malloc.so` can be installed into
+On Debian systems `libhardened_malloc.so` should be installed into `/usr/lib/`
-`/usr/lib/` to avoid preload failures caused by AppArmor profiles or systemd
+to avoid preload failures caused by AppArmor profile restrictions.
 ExecPaths= restrictions. Check for logs of the following format:
    ERROR: ld.so: object '/usr/local/lib/libhardened_malloc.so' from /etc/ld.so.preload cannot be preloaded (failed to map segment from shared object): ignored.
 Using the `LD_PRELOAD` environment variable to load it on a case-by-case basis
 will not work when `AT_SECURE` is set such as with setuid binaries. It's also
--- a/androidtest/memtag/memtag_test.cc
+++ b/androidtest/memtag/memtag_test.cc
@ -44,7 +44,7 @@ void *set_pointer_tag(void *ptr, u8 tag) {
    return (void *) (((uintptr_t) tag << 56) | (uintptr_t) untag_pointer(ptr));
 }
-// This test checks that slab slot allocation uses tag that is distinct from tags of its neighbors
+// This test checks that slab slot allocation uses tag that is distint from tags of its neighbors
 // and from the tag of the previous allocation that used the same slot
 void tag_distinctness() {
    // tag 0 is reserved
--- a/chacha.c
+++ b/chacha.c
@ -41,7 +41,7 @@ static const unsigned rounds = 8;
    a = PLUS(a, b); d = ROTATE(XOR(d, a), 8); \
    c = PLUS(c, d); b = ROTATE(XOR(b, c), 7);
-static const char sigma[16] NONSTRING = "expand 32-byte k";
+static const char sigma[16] = "expand 32-byte k";
 void chacha_keysetup(chacha_ctx *x, const u8 *k) {
    x->input[0] = U8TO32_LITTLE(sigma + 0);
--- a/test/test_smc.py
+++ b/test/test_smc.py
@ -98,7 +98,7 @@ class TestSimpleMemoryCorruption(unittest.TestCase):
        self.assertEqual(stderr.decode("utf-8"),
                         "fatal allocator error: invalid free\n")
-    def test_invalid_malloc_usable_size_small_quarantine(self):
+    def test_invalid_malloc_usable_size_small_quarantene(self):
        _stdout, stderr, returncode = self.run_test(
            "invalid_malloc_usable_size_small_quarantine")
        self.assertEqual(returncode, -6)
--- a/util.h
+++ b/util.h
@ -32,13 +32,6 @@
 #define STRINGIFY(s) #s
 #define ALIAS(f) __attribute__((alias(STRINGIFY(f))))
 // supported since GCC 15
 #if __has_attribute (nonstring)
 #  define NONSTRING __attribute__ ((nonstring))
 #else
 #  define NONSTRING
 #endif
 typedef uint8_t u8;
 typedef uint16_t u16;
 typedef uint32_t u32;