pyca · alex · Apr 22, 2025 · Apr 21, 2025
diff --git a/src/libsodium-1.0.20-stable-msvc.zip b/src/libsodium-1.0.20-stable-msvc.zip
diff --git a/src/libsodium/.github/workflows/autocloser.yml b/src/libsodium/.github/workflows/autocloser.yml
@@ -0,0 +1,12 @@
+name: Autocloser
+on: [issues]
+jobs:
+  autoclose:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Autoclose issues that did not follow issue template
+      uses: roots/issue-closer@v1.2
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        issue-close-message: "This issue was automatically closed because it did not follow the issue template. We use the issue tracker exclusively for bug reports and feature additions that have been previously discussed. However, this issue appears to be a support request. Please use the discussion forums for support requests."
+        issue-pattern: ".*(do we replicate the issue|Expected behavior|raised as discussion|# Impact).*"
diff --git a/src/libsodium/.github/workflows/ci.yml b/src/libsodium/.github/workflows/ci.yml
@@ -41,9 +41,9 @@ jobs:
         run: sudo apt-get update
 
       - name: Install Zig
-        uses: goto-bus-stop/setup-zig@d866436887ad1b24590684f9d00480376663dd36
+        uses: mlugg/setup-zig@v1
         with:
-          version: 0.12.0
+          version: 0.14.0
 
       - name: Autogen
         run: ./autogen.sh -s
@@ -53,6 +53,7 @@ jobs:
           zig build
           zig build -Dtarget=x86_64-linux
           zig build -Dtarget=aarch64-linux
+          zig build -Dtarget=x86-windows
           zig build -Dtarget=x86_64-windows
           zig build -Dtarget=aarch64-windows
           zig build -Dtarget=x86_64-macos
@@ -171,7 +172,7 @@ jobs:
       - name: Install Android NDK
         run: |
           mkdir /tmp/android && cd /tmp/android
-          curl -o ndk.zip -L https://dl.google.com/android/repository/android-ndk-r25c-linux.zip
+          curl -o ndk.zip -L https://dl.google.com/android/repository/android-ndk-r27c-linux.zip
           unzip ndk.zip && rm -f *.zip && mv android-ndk* ndk
 
       - name: Android compilation

diff --git a/src/libsodium/.github/workflows/cifuzz.yml b/src/libsodium/.github/workflows/cifuzz.yml
@@ -0,0 +1,32 @@
+name: CIFuzz
+
+on:
+  push:
+    branches: [stable, next]
+  pull_request:
+    branches: [stable, next]
+
+jobs:
+  Fuzzing:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Build Fuzzers
+        id: build
+        uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+        with:
+          oss-fuzz-project-name: "libsodium"
+          dry-run: false
+          language: c++
+      - name: Run Fuzzers
+        uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+        with:
+          oss-fuzz-project-name: "libsodium"
+          fuzz-seconds: 300
+          dry-run: false
+          language: c++
+      - name: Upload Crash
+        uses: actions/upload-artifact@v4
+        if: failure() && steps.build.outcome == 'success'
+        with:
+          name: artifacts
+          path: ./out/artifacts
diff --git a/src/libsodium/.github/workflows/codeql-analysis.yml b/src/libsodium/.github/workflows/codeql-analysis.yml
@@ -2,29 +2,47 @@ name: "CodeQL scan"
 
 on:
   push:
+    branches: [ "master stable next" ]
   pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "master stable next" ]
   schedule:
-    - cron: "0 17 * * 2"
+    - cron: '0 17 * * 2'
 
 jobs:
-  CodeQL-Build:
-    runs-on: ubuntu-latest
+  analyze:
+    name: Analyze
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'c-cpp' ]
 
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 2
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 2
 
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
-        with:
-          languages: cpp
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
 
-      - run: |
-          ./autogen.sh -s
-          env CPPFLAGS="-DDEV_MODE=1" ./configure --disable-dependency-tracking
-          make -j $(nproc) check
+    - run: |
+        echo "Run, Build Application using script"
+        ./autogen.sh -s
+        env CPPFLAGS="-DDEV_MODE=1" ./configure --disable-dependency-tracking
+        make -j $(nproc) check
 
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"