Hello community,
here is the log from the commit of package afl for openSUSE:Factory checked in
at 2015-08-07 00:24:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/afl (Old)
and /work/SRC/openSUSE:Factory/.afl.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "afl"
Changes:
--------
--- /work/SRC/openSUSE:Factory/afl/afl.changes 2015-06-16 14:05:18.000000000
+0200
+++ /work/SRC/openSUSE:Factory/.afl.new/afl.changes 2015-08-07
00:24:05.000000000 +0200
@@ -1,0 +2,16 @@
+Wed Aug 5 13:46:26 UTC 2015 - mplus...@suse.com
+
+- Update to 1.85b
+ * Fixed a garbled sentence in notes on parallel fuzzing.
+ * Fixed a minor glitch in afl-cmin.
+- Changes for 1.84b
+ * Made SIMPLE_FILES behave as expected when naming backup
+ directories for crashes and hangs.
+ * Added the total number of favored paths to fuzzer_stats.
+ * Made afl-tmin, afl-fuzz, and afl-cmin reject negative values
+ passed to -t and -m, since they generally won't work as
+ expected.
+ * Made a fix for no lahf / sahf support on older versions of
+ FreeBSD.
+
+-------------------------------------------------------------------
Old:
----
afl-1.83b.tgz
New:
----
afl-1.85b.tgz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ afl.spec ++++++
--- /var/tmp/diff_new_pack.H94HV9/_old 2015-08-07 00:24:06.000000000 +0200
+++ /var/tmp/diff_new_pack.H94HV9/_new 2015-08-07 00:24:06.000000000 +0200
@@ -17,7 +17,7 @@
Name: afl
-Version: 1.83b
+Version: 1.85b
Release: 0
Summary: American fuzzy lop is a security-oriented fuzzer
License: Apache-2.0
++++++ afl-1.58b-fix-paths.patch ++++++
--- /var/tmp/diff_new_pack.H94HV9/_old 2015-08-07 00:24:06.000000000 +0200
+++ /var/tmp/diff_new_pack.H94HV9/_new 2015-08-07 00:24:06.000000000 +0200
@@ -2,11 +2,11 @@
Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
-Index: afl-1.58b/Makefile
+Index: afl-1.85b/Makefile
===================================================================
---- afl-1.58b.orig/Makefile 2015-03-27 07:47:58.000000000 +0100
-+++ afl-1.58b/Makefile 2015-03-27 21:14:10.000000000 +0100
-@@ -18,8 +18,8 @@ VERSION = 1.58b
+--- afl-1.85b.orig/Makefile
++++ afl-1.85b/Makefile
+@@ -18,8 +18,8 @@ VERSION = 1.85b
PREFIX ?= /usr/local
BIN_PATH = $(PREFIX)/bin
++++++ afl-1.83b.tgz -> afl-1.85b.tgz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.83b/Makefile new/afl-1.85b/Makefile
--- old/afl-1.83b/Makefile 2015-06-14 16:34:26.000000000 +0200
+++ new/afl-1.85b/Makefile 2015-08-01 04:44:56.000000000 +0200
@@ -14,7 +14,7 @@
#
PROGNAME = afl
-VERSION = 1.83b
+VERSION = 1.85b
PREFIX ?= /usr/local
BIN_PATH = $(PREFIX)/bin
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.83b/afl-as.h new/afl-1.85b/afl-as.h
--- old/afl-1.83b/afl-as.h 2015-06-11 08:33:07.000000000 +0200
+++ new/afl-1.85b/afl-as.h 2015-07-17 19:53:09.000000000 +0200
@@ -388,11 +388,11 @@
"\n"
"__afl_maybe_log:\n"
"\n"
-#ifdef __OpenBSD__
+#if defined(__OpenBSD__) || (defined(__FreeBSD__) && (__FreeBSD__ < 9))
" .byte 0x9f /* lahf */\n"
#else
" lahf\n"
-#endif /* ^__OpenBSD__ */
+#endif /* ^__OpenBSD__, etc */
" seto %al\n"
"\n"
" /* Check if SHM region is already mapped. */\n"
@@ -420,11 +420,11 @@
"__afl_return:\n"
"\n"
" addb $127, %al\n"
-#ifdef __OpenBSD__
+#if defined(__OpenBSD__) || (defined(__FreeBSD__) && (__FreeBSD__ < 9))
" .byte 0x9e /* sahf */\n"
#else
" sahf\n"
-#endif /* ^__OpenBSD__ */
+#endif /* ^__OpenBSD__, etc */
" ret\n"
"\n"
".align 8\n"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.83b/afl-cmin new/afl-1.85b/afl-cmin
--- old/afl-1.83b/afl-cmin 2015-06-14 16:33:53.000000000 +0200
+++ new/afl-1.85b/afl-cmin 2015-08-01 04:43:30.000000000 +0200
@@ -260,7 +260,7 @@
if [ "$STDIN_FILE" = "" ]; then
- AFL_CMIN_ALLOW_ANY=1 "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o
"$TRACE_DIR/.run_test" -Z $EXTRA_PAR -- "$@" <"$IN_DIR/$fn"
+ AFL_CMIN_ALLOW_ANY=1 "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o
"$TRACE_DIR/.run_test" -Z $EXTRA_PAR -- "$@" <"$IN_DIR/$FIRST_FILE"
else
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.83b/afl-fuzz.c new/afl-1.85b/afl-fuzz.c
--- old/afl-1.83b/afl-fuzz.c 2015-06-12 09:50:07.000000000 +0200
+++ new/afl-1.85b/afl-fuzz.c 2015-07-04 21:36:50.000000000 +0200
@@ -3168,6 +3168,7 @@
"execs_done : %llu\n"
"execs_per_sec : %0.02f\n"
"paths_total : %u\n"
+ "paths_favored : %u\n"
"paths_found : %u\n"
"paths_imported : %u\n"
"max_depth : %u\n"
@@ -3187,8 +3188,8 @@
"command_line : %s\n",
start_time / 1000, get_cur_time() / 1000, getpid(),
queue_cycle ? (queue_cycle - 1) : 0, total_execs, eps,
- queued_paths, queued_discovered, queued_imported, max_depth,
- current_entry, pending_favored, pending_not_fuzzed,
+ queued_paths, queued_favored, queued_discovered, queued_imported,
+ max_depth, current_entry, pending_favored, pending_not_fuzzed,
queued_variable, bitmap_cvg, unique_crashes, unique_hangs,
last_path_time / 1000, last_crash_time / 1000,
last_hang_time / 1000, exec_tmout, use_banner, orig_cmdline);
@@ -3509,10 +3510,20 @@
time_t cur_t = time(0);
struct tm* t = localtime(&cur_t);
+#ifndef SIMPLE_FILES
+
u8* nfn = alloc_printf("%s.%04u-%02u-%02u-%02u:%02u:%02u", fn,
t->tm_year + 1900, t->tm_mon + 1, t->tm_mday,
t->tm_hour, t->tm_min, t->tm_sec);
+#else
+
+ u8* nfn = alloc_printf("%s_%04u%02u%02u%02u%02u%02u", fn,
+ t->tm_year + 1900, t->tm_mon + 1, t->tm_mday,
+ t->tm_hour, t->tm_min, t->tm_sec);
+
+#endif /* ^!SIMPLE_FILES */
+
rename(fn, nfn); /* Ignore errors. */
ck_free(nfn);
@@ -3530,10 +3541,20 @@
time_t cur_t = time(0);
struct tm* t = localtime(&cur_t);
+#ifndef SIMPLE_FILES
+
u8* nfn = alloc_printf("%s.%04u-%02u-%02u-%02u:%02u:%02u", fn,
t->tm_year + 1900, t->tm_mon + 1, t->tm_mday,
t->tm_hour, t->tm_min, t->tm_sec);
+#else
+
+ u8* nfn = alloc_printf("%s_%04u%02u%02u%02u%02u%02u", fn,
+ t->tm_year + 1900, t->tm_mon + 1, t->tm_mday,
+ t->tm_hour, t->tm_min, t->tm_sec);
+
+#endif /* ^!SIMPLE_FILES */
+
rename(fn, nfn); /* Ignore errors. */
ck_free(nfn);
@@ -7322,8 +7343,8 @@
if (timeout_given) FATAL("Multiple -t options not supported");
- if (sscanf(optarg, "%u%c", &exec_tmout, &suffix) < 1)
- FATAL("Bad syntax used for -t");
+ if (sscanf(optarg, "%u%c", &exec_tmout, &suffix) < 1 ||
+ optarg[0] == '-') FATAL("Bad syntax used for -t");
if (exec_tmout < 5) FATAL("Dangerously low value of -t");
@@ -7347,8 +7368,8 @@
}
- if (sscanf(optarg, "%llu%c", &mem_limit, &suffix) < 1)
- FATAL("Bad syntax used for -m");
+ if (sscanf(optarg, "%llu%c", &mem_limit, &suffix) < 1 ||
+ optarg[0] == '-') FATAL("Bad syntax used for -m");
switch (suffix) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.83b/afl-showmap.c new/afl-1.85b/afl-showmap.c
--- old/afl-1.83b/afl-showmap.c 2015-06-12 09:37:12.000000000 +0200
+++ new/afl-1.85b/afl-showmap.c 2015-07-04 21:37:43.000000000 +0200
@@ -600,8 +600,8 @@
}
- if (sscanf(optarg, "%llu%c", &mem_limit, &suffix) < 1)
- FATAL("Bad syntax used for -m");
+ if (sscanf(optarg, "%llu%c", &mem_limit, &suffix) < 1 ||
+ optarg[0] == '-') FATAL("Bad syntax used for -m");
switch (suffix) {
@@ -630,7 +630,10 @@
if (strcmp(optarg, "none")) {
exec_tmout = atoi(optarg);
- if (exec_tmout < 20) FATAL("Dangerously low value of -t");
+
+ if (exec_tmout < 20 || optarg[0] == '-')
+ FATAL("Dangerously low value of -t");
+
}
break;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.83b/afl-tmin.c new/afl-1.85b/afl-tmin.c
--- old/afl-1.83b/afl-tmin.c 2015-06-12 09:37:17.000000000 +0200
+++ new/afl-1.85b/afl-tmin.c 2015-07-04 21:38:54.000000000 +0200
@@ -963,8 +963,8 @@
}
- if (sscanf(optarg, "%llu%c", &mem_limit, &suffix) < 1)
- FATAL("Bad syntax used for -m");
+ if (sscanf(optarg, "%llu%c", &mem_limit, &suffix) < 1 ||
+ optarg[0] == '-') FATAL("Bad syntax used for -m");
switch (suffix) {
@@ -992,7 +992,10 @@
timeout_given = 1;
exec_tmout = atoi(optarg);
- if (exec_tmout < 10) FATAL("Dangerously low value of -t");
+
+ if (exec_tmout < 10 || optarg[0] == '-')
+ FATAL("Dangerously low value of -t");
+
break;
case 'Q':
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.83b/docs/ChangeLog new/afl-1.85b/docs/ChangeLog
--- old/afl-1.83b/docs/ChangeLog 2015-06-14 16:33:18.000000000 +0200
+++ new/afl-1.85b/docs/ChangeLog 2015-08-01 04:44:35.000000000 +0200
@@ -17,6 +17,30 @@
to get on with the times.
--------------
+Version 1.85b:
+--------------
+
+ - Fixed a garbled sentence in notes on parallel fuzzing. Thanks to Jakub
Wilk.
+
+ - Fixed a minor glitch in afl-cmin. Spotted by Jonathan Foote.
+
+--------------
+Version 1.84b:
+--------------
+
+ - Made SIMPLE_FILES behave as expected when naming backup directories for
+ crashes and hangs.
+
+ - Added the total number of favored paths to fuzzer_stats. Requested by
+ Ben Nagy.
+
+ - Made afl-tmin, afl-fuzz, and afl-cmin reject negative values passed to
+ -t and -m, since they generally won't work as expected.
+
+ - Made a fix for no lahf / sahf support on older versions of FreeBSD.
+ Patch contributed by Alex Moneger.
+
+--------------
Version 1.83b:
--------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.83b/docs/INSTALL new/afl-1.85b/docs/INSTALL
--- old/afl-1.83b/docs/INSTALL 2015-04-28 07:03:46.000000000 +0200
+++ new/afl-1.85b/docs/INSTALL 2015-06-27 21:41:01.000000000 +0200
@@ -94,6 +94,10 @@
User emulation mode of QEMU does not appear to be supported on MacOS X, so
black-box instrumentation mode (-Q) will not work.
+The llvm_mode requires a fully-operational installation of clang. The one that
+comes with Xcode is missing some of the essential headers and helper tools.
+See llvm_mode/README.llvm for advice on how to build the compiler from scratch.
+
4) Linux or *BSD on non-x86 systems
-----------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.83b/docs/README new/afl-1.85b/docs/README
--- old/afl-1.83b/docs/README 2015-06-11 08:53:02.000000000 +0200
+++ new/afl-1.85b/docs/README 2015-08-01 04:44:49.000000000 +0200
@@ -388,6 +388,9 @@
way. Preeny may offer a relatively simple option, too - see:
https://github.com/zardus/preeny
+ Some useful tips for modifying network-based services can be also found at:
+ https://www.fastly.com/blog/how-to-fuzz-server-american-fuzzy-lop
+
- AFL doesn't output human-readable coverage data. If you want to monitor
coverage, use afl-cov from Michael Rash: https://github.com/mrash/afl-cov
@@ -420,6 +423,10 @@
David A. Wheeler Turo Lamminen
Andreas Stieger Richard Godbee
Louis Dassy teor2345
+ Alex Moneger Dmitry Vyukov
+ Keegan McAllister Kostya Serebryany
+ Richo Healey Martijn Bogaard
+ rc0r Jonathan Foote
Thank you!
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.83b/docs/parallel_fuzzing.txt
new/afl-1.85b/docs/parallel_fuzzing.txt
--- old/afl-1.83b/docs/parallel_fuzzing.txt 2015-05-05 01:16:35.000000000
+0200
+++ new/afl-1.85b/docs/parallel_fuzzing.txt 2015-07-29 06:54:11.000000000
+0200
@@ -104,6 +104,13 @@
https://github.com/MartijnB/disfuzz-afl
+Another client-server implementation from Richo Healey is:
+
+ https://github.com/richo/roving
+
+Note that these third-party tools are unsafe to run on systems exposed to the
+Internet or to untrusted users.
+
When developing custom test case sync code, there are several optimizations
to keep in mind:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.83b/docs/sister_projects.txt
new/afl-1.85b/docs/sister_projects.txt
--- old/afl-1.83b/docs/sister_projects.txt 2015-06-12 03:49:03.000000000
+0200
+++ new/afl-1.85b/docs/sister_projects.txt 2015-07-27 07:34:57.000000000
+0200
@@ -54,6 +54,14 @@
http://llvm.org/docs/LibFuzzer.html
+AFL fixup shim (Ben Nagy)
+-------------------------
+
+ Allows AFL_POST_LIBRARY postprocessors to be written in arbitrary languages
+ that don't have C / .so bindings. Includes examples in Go.
+
+ https://github.com/bnagy/aflfix
+
----------------
Network fuzzing:
----------------
@@ -67,9 +75,34 @@
https://github.com/zardus/preeny
-----------------------------------------
-Crash triage and other helper utilities:
-----------------------------------------
+-------------------------------------------
+Distributed fuzzing and related automation:
+-------------------------------------------
+
+roving (Richo Healey)
+---------------------
+
+ A client-server architecture for effortlessly orchestrating AFL runs across
+ a fleet of machines. You don't want to use this on systems that face the
+ Internet or live in other untrusted environments.
+
+ https://github.com/richo/roving
+
+Distfuzz-AFL (Martijn Bogaard)
+------------------------------
+
+ Simplifies the management of afl-fuzz instances on remote machines. The
+ author notes that the current implementation isn't secure and should not
+ be exposed on the Internet.
+
+ https://github.com/MartijnB/disfuzz-afl
+
+afl-launch (Ben Nagy)
+---------------------
+
+ Batch AFL launcher utility with a simple CLI.
+
+ https://github.com/bnagy/afl-launch
AFL Utils (rc0r)
----------------
@@ -85,6 +118,10 @@
https://github.com/floyd-fuh/afl-fuzzing-scripts/
+-------------------------------------
+Crash triage, coverage analysis, etc:
+-------------------------------------
+
afl-crash-analyzer (Tobias Ospelt)
----------------------------------
@@ -106,30 +143,6 @@
https://github.com/mrash/afl-cov
-Distfuzz-AFL (Martijn Bogaard)
-------------------------------
-
- Simplifies the management of afl-fuzz instances on remote machines. The
- author notes that the current implementation isn't secure and should not
- be exposed on the Internet.
-
- https://github.com/MartijnB/disfuzz-afl
-
-afl-launch (Ben Nagy)
----------------------
-
- Another AFL launcher utility with a simple CLI.
-
- https://github.com/bnagy/afl-launch
-
-AFL fixup shim (Ben Nagy)
--------------------------
-
- Allows AFL_POST_LIBRARY postprocessors to be written in arbitrary languages
- that don't have C / .so bindings. Includes examples in Go.
-
- https://github.com/bnagy/aflfix
-
RecidiVM (Jakub Wilk)
---------------------
@@ -183,6 +196,15 @@
https://github.com/mrash/fwknop/tree/master/test/afl
+Building harnesses for DNS servers (Jonathan Foote, Ron Bowes)
+--------------------------------------------------------------
+
+ Two articles outlining the general principles and showing some example code.
+
+ https://www.fastly.com/blog/how-to-fuzz-server-american-fuzzy-lop
+ https://goo.gl/j9EgFf
+
+
Fuzzer shell for SQLite (Richard Hipp)
--------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.83b/docs/status_screen.txt
new/afl-1.85b/docs/status_screen.txt
--- old/afl-1.83b/docs/status_screen.txt 2015-02-11 23:45:45.000000000
+0100
+++ new/afl-1.85b/docs/status_screen.txt 2015-06-16 04:17:59.000000000
+0200
@@ -321,8 +321,8 @@
globally limited resources.
The paths where variable behavior is detected are marked with with a matching
-entry in the <out_dir>/.state/variable_behavior/ directory, so you can look
-them up easily.
+entry in the <out_dir>/queue/.state/variable_behavior/ directory, so you can
+look them up easily.
If you can't suppress variable behavior and don't want to see these warnings,
simply set AFL_NO_VAR_CHECK=1 in the environment before running afl-fuzz. This
