Hello community,
here is the log from the commit of package afl for openSUSE:Factory checked in
at 2015-10-06 13:25:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/afl (Old)
and /work/SRC/openSUSE:Factory/.afl.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "afl"
Changes:
--------
--- /work/SRC/openSUSE:Factory/afl/afl.changes 2015-09-08 18:06:42.000000000
+0200
+++ /work/SRC/openSUSE:Factory/.afl.new/afl.changes 2015-10-06
13:25:58.000000000 +0200
@@ -1,0 +2,9 @@
+Fri Oct 2 15:11:23 UTC 2015 - astie...@suse.com
+
+- afl 1.94b:
+ * Changed allocator alignment to improve support for non-x86 systems
+ (now that llvm_mode makes this more feasible).
+ * Fixed an obscure bug that would affect people trying to use afl-gcc
+ with $TMP set but $TMPDIR absent.
+
+-------------------------------------------------------------------
Old:
----
afl-1.92b.tgz
New:
----
afl-1.94b.tgz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ afl.spec ++++++
--- /var/tmp/diff_new_pack.W54fAk/_old 2015-10-06 13:25:59.000000000 +0200
+++ /var/tmp/diff_new_pack.W54fAk/_new 2015-10-06 13:25:59.000000000 +0200
@@ -17,7 +17,7 @@
Name: afl
-Version: 1.92b
+Version: 1.94b
Release: 0
Summary: American fuzzy lop is a security-oriented fuzzer
License: Apache-2.0
++++++ afl-1.92b.tgz -> afl-1.94b.tgz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.92b/Makefile new/afl-1.94b/Makefile
--- old/afl-1.92b/Makefile 2015-09-03 19:54:32.000000000 +0200
+++ new/afl-1.94b/Makefile 2015-09-12 03:38:02.000000000 +0200
@@ -14,7 +14,7 @@
#
PROGNAME = afl
-VERSION = 1.92b
+VERSION = 1.94b
PREFIX ?= /usr/local
BIN_PATH = $(PREFIX)/bin
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.92b/afl-as.c new/afl-1.94b/afl-as.c
--- old/afl-1.92b/afl-as.c 2015-05-06 01:47:47.000000000 +0200
+++ new/afl-1.94b/afl-as.c 2015-09-12 03:37:44.000000000 +0200
@@ -117,6 +117,12 @@
#endif /* __APPLE__ */
+ /* Although this is not documented, GCC also uses TEMP and TMP when TMPDIR
+ is not set. We need to check these non-standard variables to properly
+ handle the pass_thru logic later on. */
+
+ if (!tmp_dir) tmp_dir = getenv("TEMP");
+ if (!tmp_dir) tmp_dir = getenv("TMP");
if (!tmp_dir) tmp_dir = "/tmp";
as_params = ck_alloc((argc + 32) * sizeof(u8*));
@@ -444,7 +450,8 @@
if (!be_quiet) {
- if (!ins_lines) WARNF("No instrumentation targets found.");
+ if (!ins_lines) WARNF("No instrumentation targets found%s.",
+ pass_thru ? " (pass-thru mode)" : "");
else OKF("Instrumented %u locations (%s-bit, %s mode, ratio %u%%).",
ins_lines, use_64bit ? "64" : "32",
getenv("AFL_HARDEN") ? "hardened" : "non-hardened",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.92b/afl-cmin new/afl-1.94b/afl-cmin
--- old/afl-1.92b/afl-cmin 2015-08-09 07:58:08.000000000 +0200
+++ new/afl-1.94b/afl-cmin 2015-09-11 19:20:46.000000000 +0200
@@ -18,8 +18,8 @@
# the starting corpus. This has two uses:
#
# - Screening large corpora of input files before using them as a seed for
-# seed for afl-fuzz. The tool will remove functionally redundant files and
-# likely leave you with a much smaller set.
+# afl-fuzz. The tool will remove functionally redundant files and likely
+# leave you with a much smaller set.
#
# (In this case, you probably also want to consider running afl-tmin on
# the individual files later on to reduce their size.)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.92b/alloc-inl.h new/afl-1.94b/alloc-inl.h
--- old/afl-1.92b/alloc-inl.h 2015-02-09 06:05:56.000000000 +0100
+++ new/afl-1.94b/alloc-inl.h 2015-09-09 07:37:50.000000000 +0200
@@ -57,17 +57,17 @@
/* Magic tokens used to mark used / freed chunks. */
-#define ALLOC_MAGIC_C1 0xFF00
-#define ALLOC_MAGIC_F 0xFE00
-#define ALLOC_MAGIC_C2 0xF0
+#define ALLOC_MAGIC_C1 0xFF00FF00 /* Used head (dword) */
+#define ALLOC_MAGIC_F 0xFE00FE00 /* Freed head (dword) */
+#define ALLOC_MAGIC_C2 0xF0 /* Used tail (byte) */
/* Positions of guard tokens in relation to the user-visible pointer. */
-#define ALLOC_C1(_ptr) (((u16*)(_ptr))[-3])
+#define ALLOC_C1(_ptr) (((u32*)(_ptr))[-2])
#define ALLOC_S(_ptr) (((u32*)(_ptr))[-1])
#define ALLOC_C2(_ptr) (((u8*)(_ptr))[ALLOC_S(_ptr)])
-#define ALLOC_OFF_HEAD 6
+#define ALLOC_OFF_HEAD 8
#define ALLOC_OFF_TOTAL (ALLOC_OFF_HEAD + 1)
/* Allocator increments for ck_realloc_block(). */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.92b/docs/ChangeLog new/afl-1.94b/docs/ChangeLog
--- old/afl-1.92b/docs/ChangeLog 2015-09-03 19:55:03.000000000 +0200
+++ new/afl-1.94b/docs/ChangeLog 2015-09-12 03:35:54.000000000 +0200
@@ -17,16 +17,35 @@
to get on with the times.
--------------
-Version 1.91b:
+Version 1.94b:
+--------------
+
+ - Changed allocator alignment to improve support for non-x86 systems (now
+ that llvm_mode makes this more feasible).
+
+ - Fixed a minor typo in afl-cmin. Spotted by Jonathan Neuschafer.
+
+ - Fixed an obscure bug that would affect people trying to use afl-gcc
+ with $TMP set but $TMPDIR absent. Spotted by Jeremy Barnes.
+
+--------------
+Version 1.93b:
+--------------
+
+ - Hopefully fixed a problem with MacOS X and persistent mode, spotted by
+ Leo Barnes.
+
+--------------
+Version 1.92b:
--------------
- - Yet another C++ fix (namespaces). Reported by Daniel Lockyer.
+ - Made yet another C++ fix (namespaces). Reported by Daniel Lockyer.
--------------
Version 1.91b:
--------------
- - Another fix to make 1.90b actually work properly with C++ (d'oh).
+ - Made another fix to make 1.90b actually work properly with C++ (d'oh).
Problem spotted by Daniel Lockyer.
--------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.92b/docs/README new/afl-1.94b/docs/README
--- old/afl-1.92b/docs/README 2015-09-01 09:44:13.000000000 +0200
+++ new/afl-1.94b/docs/README 2015-09-12 03:36:00.000000000 +0200
@@ -423,7 +423,8 @@
Richo Healey Martijn Bogaard
rc0r Jonathan Foote
Christian Holler Dominique Pelle
- Jacek Wielemborek
+ Jacek Wielemborek Leo Barnes
+ Jeremy Barnes
Thank you!
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.92b/docs/notes_for_asan.txt
new/afl-1.94b/docs/notes_for_asan.txt
--- old/afl-1.92b/docs/notes_for_asan.txt 2015-08-26 06:20:38.000000000
+0200
+++ new/afl-1.94b/docs/notes_for_asan.txt 2015-09-05 19:59:28.000000000
+0200
@@ -27,6 +27,7 @@
To compile with ASAN, set AFL_USE_ASAN=1 before calling 'make clean all'. The
afl-gcc / afl-clang wrappers will pick that up and add the appropriate flags.
+Note that ASAN is incompatible with -static, so be mindful of that.
(You can also use AFL_USE_MSAN=1 to enable MSAN instead.)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.92b/docs/sister_projects.txt
new/afl-1.94b/docs/sister_projects.txt
--- old/afl-1.92b/docs/sister_projects.txt 2015-09-02 07:05:13.000000000
+0200
+++ new/afl-1.94b/docs/sister_projects.txt 2015-09-04 08:00:28.000000000
+0200
@@ -118,6 +118,13 @@
https://github.com/floyd-fuh/afl-fuzzing-scripts/
+afl-sid (Jacek Wielemborek)
+---------------------------
+
+ Allows users to more conveniently build and deploy AFL via Docker.
+
+ https://github.com/d33tah/afl-sid
+
-------------------------------------
Crash triage, coverage analysis, etc:
-------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/afl-1.92b/experimental/persistent_demo/persistent_demo.c
new/afl-1.94b/experimental/persistent_demo/persistent_demo.c
--- old/afl-1.92b/experimental/persistent_demo/persistent_demo.c
2015-09-01 01:09:29.000000000 +0200
+++ new/afl-1.94b/experimental/persistent_demo/persistent_demo.c
2015-09-05 01:22:03.000000000 +0200
@@ -80,8 +80,9 @@
}
- /* Once the loop is exited, terminate normally - AFL will restat the process
- from scratch. */
+ /* Once the loop is exited, terminate normally - AFL will restart the process
+ when this happens, with a clean slate when it comes to allocated memory,
+ leftover file descriptors, etc. */
return 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.92b/llvm_mode/afl-clang-fast.c
new/afl-1.94b/llvm_mode/afl-clang-fast.c
--- old/afl-1.92b/llvm_mode/afl-clang-fast.c 2015-09-03 19:53:58.000000000
+0200
+++ new/afl-1.94b/llvm_mode/afl-clang-fast.c 2015-09-09 00:37:25.000000000
+0200
@@ -178,16 +178,44 @@
cc_params[cc_par_cnt++] = "-D__AFL_HAVE_MANUAL_CONTROL=1";
+ /* When the user tries to use persistent or deferred forkserver modes by
+ appending a single line to the program, we want to reliably inject a
+ signature into the binary (to be picked up by afl-fuzz) and we want
+ to call a function from the runtime .o file. This is unnecessarily
+ painful for three reasons:
+
+ 1) We need to convince the compiler not to optimize out the signature.
+ This is done with __attribute__((used)).
+
+ 2) We need to convince the linker, when called with -Wl,--gc-sections,
+ not to do the same. This is done by forcing an assignment to a
+ 'volatile' pointer.
+
+ 3) We need to declare __afl_persistent_loop() in the global namespace,
+ but doing this within a method in a class is hard - :: and extern "C"
+ are forbidden and __attribute__((alias(...))) doesn't work. Hence the
+ __asm__ aliasing trick.
+
+ */
+
cc_params[cc_par_cnt++] = "-D__AFL_LOOP(_A)="
"({ static volatile char *_B __attribute__((used)); "
" _B = (char*)\"" PERSIST_SIG "\"; "
+#ifdef __APPLE__
+ "int _L(unsigned int) __asm__(\"___afl_persistent_loop\"); "
+#else
"int _L(unsigned int) __asm__(\"__afl_persistent_loop\"); "
+#endif /* ^__APPLE__ */
"_L(_A); })";
cc_params[cc_par_cnt++] = "-D__AFL_INIT()="
"do { static volatile char *_A __attribute__((used)); "
" _A = (char*)\"" DEFER_SIG "\"; "
+#ifdef __APPLE__
+ "void _I(void) __asm__(\"___afl_manual_init\"); "
+#else
"void _I(void) __asm__(\"__afl_manual_init\"); "
+#endif /* ^__APPLE__ */
"_I(); } while (0)";
if (maybe_linking) {
