Hello community, here is the log from the commit of package afl for openSUSE:Factory checked in at 2015-08-07 00:24:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/afl (Old) and /work/SRC/openSUSE:Factory/.afl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "afl" Changes: -------- --- /work/SRC/openSUSE:Factory/afl/afl.changes 2015-06-16 14:05:18.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.afl.new/afl.changes 2015-08-07 00:24:05.000000000 +0200 @@ -1,0 +2,16 @@ +Wed Aug 5 13:46:26 UTC 2015 - mplus...@suse.com + +- Update to 1.85b + * Fixed a garbled sentence in notes on parallel fuzzing. + * Fixed a minor glitch in afl-cmin. +- Changes for 1.84b + * Made SIMPLE_FILES behave as expected when naming backup + directories for crashes and hangs. + * Added the total number of favored paths to fuzzer_stats. + * Made afl-tmin, afl-fuzz, and afl-cmin reject negative values + passed to -t and -m, since they generally won't work as + expected. + * Made a fix for no lahf / sahf support on older versions of + FreeBSD. + +------------------------------------------------------------------- Old: ---- afl-1.83b.tgz New: ---- afl-1.85b.tgz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ afl.spec ++++++ --- /var/tmp/diff_new_pack.H94HV9/_old 2015-08-07 00:24:06.000000000 +0200 +++ /var/tmp/diff_new_pack.H94HV9/_new 2015-08-07 00:24:06.000000000 +0200 @@ -17,7 +17,7 @@ Name: afl -Version: 1.83b +Version: 1.85b Release: 0 Summary: American fuzzy lop is a security-oriented fuzzer License: Apache-2.0 ++++++ afl-1.58b-fix-paths.patch ++++++ --- /var/tmp/diff_new_pack.H94HV9/_old 2015-08-07 00:24:06.000000000 +0200 +++ /var/tmp/diff_new_pack.H94HV9/_new 2015-08-07 00:24:06.000000000 +0200 @@ -2,11 +2,11 @@ Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -Index: afl-1.58b/Makefile +Index: afl-1.85b/Makefile =================================================================== ---- afl-1.58b.orig/Makefile 2015-03-27 07:47:58.000000000 +0100 -+++ afl-1.58b/Makefile 2015-03-27 21:14:10.000000000 +0100 -@@ -18,8 +18,8 @@ VERSION = 1.58b +--- afl-1.85b.orig/Makefile ++++ afl-1.85b/Makefile +@@ -18,8 +18,8 @@ VERSION = 1.85b PREFIX ?= /usr/local BIN_PATH = $(PREFIX)/bin ++++++ afl-1.83b.tgz -> afl-1.85b.tgz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.83b/Makefile new/afl-1.85b/Makefile --- old/afl-1.83b/Makefile 2015-06-14 16:34:26.000000000 +0200 +++ new/afl-1.85b/Makefile 2015-08-01 04:44:56.000000000 +0200 @@ -14,7 +14,7 @@ # PROGNAME = afl -VERSION = 1.83b +VERSION = 1.85b PREFIX ?= /usr/local BIN_PATH = $(PREFIX)/bin diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.83b/afl-as.h new/afl-1.85b/afl-as.h --- old/afl-1.83b/afl-as.h 2015-06-11 08:33:07.000000000 +0200 +++ new/afl-1.85b/afl-as.h 2015-07-17 19:53:09.000000000 +0200 @@ -388,11 +388,11 @@ "\n" "__afl_maybe_log:\n" "\n" -#ifdef __OpenBSD__ +#if defined(__OpenBSD__) || (defined(__FreeBSD__) && (__FreeBSD__ < 9)) " .byte 0x9f /* lahf */\n" #else " lahf\n" -#endif /* ^__OpenBSD__ */ +#endif /* ^__OpenBSD__, etc */ " seto %al\n" "\n" " /* Check if SHM region is already mapped. */\n" @@ -420,11 +420,11 @@ "__afl_return:\n" "\n" " addb $127, %al\n" -#ifdef __OpenBSD__ +#if defined(__OpenBSD__) || (defined(__FreeBSD__) && (__FreeBSD__ < 9)) " .byte 0x9e /* sahf */\n" #else " sahf\n" -#endif /* ^__OpenBSD__ */ +#endif /* ^__OpenBSD__, etc */ " ret\n" "\n" ".align 8\n" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.83b/afl-cmin new/afl-1.85b/afl-cmin --- old/afl-1.83b/afl-cmin 2015-06-14 16:33:53.000000000 +0200 +++ new/afl-1.85b/afl-cmin 2015-08-01 04:43:30.000000000 +0200 @@ -260,7 +260,7 @@ if [ "$STDIN_FILE" = "" ]; then - AFL_CMIN_ALLOW_ANY=1 "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/.run_test" -Z $EXTRA_PAR -- "$@" <"$IN_DIR/$fn" + AFL_CMIN_ALLOW_ANY=1 "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/.run_test" -Z $EXTRA_PAR -- "$@" <"$IN_DIR/$FIRST_FILE" else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.83b/afl-fuzz.c new/afl-1.85b/afl-fuzz.c --- old/afl-1.83b/afl-fuzz.c 2015-06-12 09:50:07.000000000 +0200 +++ new/afl-1.85b/afl-fuzz.c 2015-07-04 21:36:50.000000000 +0200 @@ -3168,6 +3168,7 @@ "execs_done : %llu\n" "execs_per_sec : %0.02f\n" "paths_total : %u\n" + "paths_favored : %u\n" "paths_found : %u\n" "paths_imported : %u\n" "max_depth : %u\n" @@ -3187,8 +3188,8 @@ "command_line : %s\n", start_time / 1000, get_cur_time() / 1000, getpid(), queue_cycle ? (queue_cycle - 1) : 0, total_execs, eps, - queued_paths, queued_discovered, queued_imported, max_depth, - current_entry, pending_favored, pending_not_fuzzed, + queued_paths, queued_favored, queued_discovered, queued_imported, + max_depth, current_entry, pending_favored, pending_not_fuzzed, queued_variable, bitmap_cvg, unique_crashes, unique_hangs, last_path_time / 1000, last_crash_time / 1000, last_hang_time / 1000, exec_tmout, use_banner, orig_cmdline); @@ -3509,10 +3510,20 @@ time_t cur_t = time(0); struct tm* t = localtime(&cur_t); +#ifndef SIMPLE_FILES + u8* nfn = alloc_printf("%s.%04u-%02u-%02u-%02u:%02u:%02u", fn, t->tm_year + 1900, t->tm_mon + 1, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec); +#else + + u8* nfn = alloc_printf("%s_%04u%02u%02u%02u%02u%02u", fn, + t->tm_year + 1900, t->tm_mon + 1, t->tm_mday, + t->tm_hour, t->tm_min, t->tm_sec); + +#endif /* ^!SIMPLE_FILES */ + rename(fn, nfn); /* Ignore errors. */ ck_free(nfn); @@ -3530,10 +3541,20 @@ time_t cur_t = time(0); struct tm* t = localtime(&cur_t); +#ifndef SIMPLE_FILES + u8* nfn = alloc_printf("%s.%04u-%02u-%02u-%02u:%02u:%02u", fn, t->tm_year + 1900, t->tm_mon + 1, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec); +#else + + u8* nfn = alloc_printf("%s_%04u%02u%02u%02u%02u%02u", fn, + t->tm_year + 1900, t->tm_mon + 1, t->tm_mday, + t->tm_hour, t->tm_min, t->tm_sec); + +#endif /* ^!SIMPLE_FILES */ + rename(fn, nfn); /* Ignore errors. */ ck_free(nfn); @@ -7322,8 +7343,8 @@ if (timeout_given) FATAL("Multiple -t options not supported"); - if (sscanf(optarg, "%u%c", &exec_tmout, &suffix) < 1) - FATAL("Bad syntax used for -t"); + if (sscanf(optarg, "%u%c", &exec_tmout, &suffix) < 1 || + optarg[0] == '-') FATAL("Bad syntax used for -t"); if (exec_tmout < 5) FATAL("Dangerously low value of -t"); @@ -7347,8 +7368,8 @@ } - if (sscanf(optarg, "%llu%c", &mem_limit, &suffix) < 1) - FATAL("Bad syntax used for -m"); + if (sscanf(optarg, "%llu%c", &mem_limit, &suffix) < 1 || + optarg[0] == '-') FATAL("Bad syntax used for -m"); switch (suffix) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.83b/afl-showmap.c new/afl-1.85b/afl-showmap.c --- old/afl-1.83b/afl-showmap.c 2015-06-12 09:37:12.000000000 +0200 +++ new/afl-1.85b/afl-showmap.c 2015-07-04 21:37:43.000000000 +0200 @@ -600,8 +600,8 @@ } - if (sscanf(optarg, "%llu%c", &mem_limit, &suffix) < 1) - FATAL("Bad syntax used for -m"); + if (sscanf(optarg, "%llu%c", &mem_limit, &suffix) < 1 || + optarg[0] == '-') FATAL("Bad syntax used for -m"); switch (suffix) { @@ -630,7 +630,10 @@ if (strcmp(optarg, "none")) { exec_tmout = atoi(optarg); - if (exec_tmout < 20) FATAL("Dangerously low value of -t"); + + if (exec_tmout < 20 || optarg[0] == '-') + FATAL("Dangerously low value of -t"); + } break; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.83b/afl-tmin.c new/afl-1.85b/afl-tmin.c --- old/afl-1.83b/afl-tmin.c 2015-06-12 09:37:17.000000000 +0200 +++ new/afl-1.85b/afl-tmin.c 2015-07-04 21:38:54.000000000 +0200 @@ -963,8 +963,8 @@ } - if (sscanf(optarg, "%llu%c", &mem_limit, &suffix) < 1) - FATAL("Bad syntax used for -m"); + if (sscanf(optarg, "%llu%c", &mem_limit, &suffix) < 1 || + optarg[0] == '-') FATAL("Bad syntax used for -m"); switch (suffix) { @@ -992,7 +992,10 @@ timeout_given = 1; exec_tmout = atoi(optarg); - if (exec_tmout < 10) FATAL("Dangerously low value of -t"); + + if (exec_tmout < 10 || optarg[0] == '-') + FATAL("Dangerously low value of -t"); + break; case 'Q': diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.83b/docs/ChangeLog new/afl-1.85b/docs/ChangeLog --- old/afl-1.83b/docs/ChangeLog 2015-06-14 16:33:18.000000000 +0200 +++ new/afl-1.85b/docs/ChangeLog 2015-08-01 04:44:35.000000000 +0200 @@ -17,6 +17,30 @@ to get on with the times. -------------- +Version 1.85b: +-------------- + + - Fixed a garbled sentence in notes on parallel fuzzing. Thanks to Jakub Wilk. + + - Fixed a minor glitch in afl-cmin. Spotted by Jonathan Foote. + +-------------- +Version 1.84b: +-------------- + + - Made SIMPLE_FILES behave as expected when naming backup directories for + crashes and hangs. + + - Added the total number of favored paths to fuzzer_stats. Requested by + Ben Nagy. + + - Made afl-tmin, afl-fuzz, and afl-cmin reject negative values passed to + -t and -m, since they generally won't work as expected. + + - Made a fix for no lahf / sahf support on older versions of FreeBSD. + Patch contributed by Alex Moneger. + +-------------- Version 1.83b: -------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.83b/docs/INSTALL new/afl-1.85b/docs/INSTALL --- old/afl-1.83b/docs/INSTALL 2015-04-28 07:03:46.000000000 +0200 +++ new/afl-1.85b/docs/INSTALL 2015-06-27 21:41:01.000000000 +0200 @@ -94,6 +94,10 @@ User emulation mode of QEMU does not appear to be supported on MacOS X, so black-box instrumentation mode (-Q) will not work. +The llvm_mode requires a fully-operational installation of clang. The one that +comes with Xcode is missing some of the essential headers and helper tools. +See llvm_mode/README.llvm for advice on how to build the compiler from scratch. + 4) Linux or *BSD on non-x86 systems ----------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.83b/docs/README new/afl-1.85b/docs/README --- old/afl-1.83b/docs/README 2015-06-11 08:53:02.000000000 +0200 +++ new/afl-1.85b/docs/README 2015-08-01 04:44:49.000000000 +0200 @@ -388,6 +388,9 @@ way. Preeny may offer a relatively simple option, too - see: https://github.com/zardus/preeny + Some useful tips for modifying network-based services can be also found at: + https://www.fastly.com/blog/how-to-fuzz-server-american-fuzzy-lop + - AFL doesn't output human-readable coverage data. If you want to monitor coverage, use afl-cov from Michael Rash: https://github.com/mrash/afl-cov @@ -420,6 +423,10 @@ David A. Wheeler Turo Lamminen Andreas Stieger Richard Godbee Louis Dassy teor2345 + Alex Moneger Dmitry Vyukov + Keegan McAllister Kostya Serebryany + Richo Healey Martijn Bogaard + rc0r Jonathan Foote Thank you! diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.83b/docs/parallel_fuzzing.txt new/afl-1.85b/docs/parallel_fuzzing.txt --- old/afl-1.83b/docs/parallel_fuzzing.txt 2015-05-05 01:16:35.000000000 +0200 +++ new/afl-1.85b/docs/parallel_fuzzing.txt 2015-07-29 06:54:11.000000000 +0200 @@ -104,6 +104,13 @@ https://github.com/MartijnB/disfuzz-afl +Another client-server implementation from Richo Healey is: + + https://github.com/richo/roving + +Note that these third-party tools are unsafe to run on systems exposed to the +Internet or to untrusted users. + When developing custom test case sync code, there are several optimizations to keep in mind: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.83b/docs/sister_projects.txt new/afl-1.85b/docs/sister_projects.txt --- old/afl-1.83b/docs/sister_projects.txt 2015-06-12 03:49:03.000000000 +0200 +++ new/afl-1.85b/docs/sister_projects.txt 2015-07-27 07:34:57.000000000 +0200 @@ -54,6 +54,14 @@ http://llvm.org/docs/LibFuzzer.html +AFL fixup shim (Ben Nagy) +------------------------- + + Allows AFL_POST_LIBRARY postprocessors to be written in arbitrary languages + that don't have C / .so bindings. Includes examples in Go. + + https://github.com/bnagy/aflfix + ---------------- Network fuzzing: ---------------- @@ -67,9 +75,34 @@ https://github.com/zardus/preeny ----------------------------------------- -Crash triage and other helper utilities: ----------------------------------------- +------------------------------------------- +Distributed fuzzing and related automation: +------------------------------------------- + +roving (Richo Healey) +--------------------- + + A client-server architecture for effortlessly orchestrating AFL runs across + a fleet of machines. You don't want to use this on systems that face the + Internet or live in other untrusted environments. + + https://github.com/richo/roving + +Distfuzz-AFL (Martijn Bogaard) +------------------------------ + + Simplifies the management of afl-fuzz instances on remote machines. The + author notes that the current implementation isn't secure and should not + be exposed on the Internet. + + https://github.com/MartijnB/disfuzz-afl + +afl-launch (Ben Nagy) +--------------------- + + Batch AFL launcher utility with a simple CLI. + + https://github.com/bnagy/afl-launch AFL Utils (rc0r) ---------------- @@ -85,6 +118,10 @@ https://github.com/floyd-fuh/afl-fuzzing-scripts/ +------------------------------------- +Crash triage, coverage analysis, etc: +------------------------------------- + afl-crash-analyzer (Tobias Ospelt) ---------------------------------- @@ -106,30 +143,6 @@ https://github.com/mrash/afl-cov -Distfuzz-AFL (Martijn Bogaard) ------------------------------- - - Simplifies the management of afl-fuzz instances on remote machines. The - author notes that the current implementation isn't secure and should not - be exposed on the Internet. - - https://github.com/MartijnB/disfuzz-afl - -afl-launch (Ben Nagy) ---------------------- - - Another AFL launcher utility with a simple CLI. - - https://github.com/bnagy/afl-launch - -AFL fixup shim (Ben Nagy) -------------------------- - - Allows AFL_POST_LIBRARY postprocessors to be written in arbitrary languages - that don't have C / .so bindings. Includes examples in Go. - - https://github.com/bnagy/aflfix - RecidiVM (Jakub Wilk) --------------------- @@ -183,6 +196,15 @@ https://github.com/mrash/fwknop/tree/master/test/afl +Building harnesses for DNS servers (Jonathan Foote, Ron Bowes) +-------------------------------------------------------------- + + Two articles outlining the general principles and showing some example code. + + https://www.fastly.com/blog/how-to-fuzz-server-american-fuzzy-lop + https://goo.gl/j9EgFf + + Fuzzer shell for SQLite (Richard Hipp) -------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.83b/docs/status_screen.txt new/afl-1.85b/docs/status_screen.txt --- old/afl-1.83b/docs/status_screen.txt 2015-02-11 23:45:45.000000000 +0100 +++ new/afl-1.85b/docs/status_screen.txt 2015-06-16 04:17:59.000000000 +0200 @@ -321,8 +321,8 @@ globally limited resources. The paths where variable behavior is detected are marked with with a matching -entry in the <out_dir>/.state/variable_behavior/ directory, so you can look -them up easily. +entry in the <out_dir>/queue/.state/variable_behavior/ directory, so you can +look them up easily. If you can't suppress variable behavior and don't want to see these warnings, simply set AFL_NO_VAR_CHECK=1 in the environment before running afl-fuzz. This