[prev in list] [next in list] [prev in thread] [next in thread]
List: opensuse-commit
Subject: commit afl for openSUSE:Factory
From: root () hilbert ! suse ! de (h_root)
Date: 2015-03-30 17:33:19
Message-ID: 20150330173319.09BBC40781 () hilbert ! suse ! de
[Download RAW message or body]
Hello community,
here is the log from the commit of package afl for openSUSE:Factory checked in at \
2015-03-30 19:33:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/afl (Old)
and /work/SRC/openSUSE:Factory/.afl.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "afl"
Changes:
--------
--- /work/SRC/openSUSE:Factory/afl/afl.changes 2015-03-25 21:32:49.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.afl.new/afl.changes 2015-03-30 19:33:18.000000000 \
+0200 @@ -1,0 +2,15 @@
+Fri Mar 27 20:26:35 UTC 2015 - astieger@suse.com
+
+- fix SLE 11 SP3 build, add afl-1.58b-fix-paths.patch
+
+-------------------------------------------------------------------
+Fri Mar 27 14:40:09 UTC 2015 - astieger@suse.com
+
+- afl 1.58b:
+ * Added a workaround for abort() behavior in -lpthread programs in
+ QEMU mode.
+ * Made several documentation updates, including links to the
+ static instrumentation tool (sister_projects.txt).
+- use libexecdir
+
+-------------------------------------------------------------------
Old:
----
afl-1.57b.tgz
New:
----
afl-1.58b-fix-paths.patch
afl-1.58b.tgz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ afl.spec ++++++
--- /var/tmp/diff_new_pack.VS4I7U/_old 2015-03-30 19:33:18.000000000 +0200
+++ /var/tmp/diff_new_pack.VS4I7U/_new 2015-03-30 19:33:18.000000000 +0200
@@ -17,7 +17,7 @@
Name: afl
-Version: 1.57b
+Version: 1.58b
Release: 0
Summary: American fuzzy lop is a security-oriented fuzzer
License: Apache-2.0
@@ -26,6 +26,7 @@
Source: http://lcamtuf.coredump.cx/afl/releases/%{name}-%{version}.tgz
Source1: afl-rpmlintrc
Patch0: afl-1.46b-nodate.patch
+Patch1: afl-1.58b-fix-paths.patch
BuildRequires: gcc-c++
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -37,24 +38,24 @@
%prep
%setup -q
%patch0 -p1
+%patch1 -p1
%build
export CFLAGS="$CFLAGS %{optflags}"
-make %{?_smp_mflags}
+make PREFIX=%{_prefix} LIBEXEC_DIR=%{_libexecdir} DOC_DIR=%{_docdir} %{?_smp_mflags}
%install
-export PREFIX=%{_prefix}
-make DESTDIR=%{buildroot} install %{?_smp_mflags}
-rm -rf %{buildroot}%{_datadir}/doc/%{name}
+make PREFIX=%{_prefix} LIBEXEC_DIR=%{_libexecdir} DOC_DIR=%{_docdir} \
DESTDIR=%{buildroot} install %{?_smp_mflags}
%files
%defattr(-,root,root)
+%doc docs/COPYING
%{_bindir}/%{name}-*
-%dir /usr/lib/%{name}
-/usr/lib/%{name}/%{name}-as
-/usr/lib/%{name}/as
+%dir %{_libexecdir}/%{name}
+%{_libexecdir}/%{name}/%{name}-as
+%{_libexecdir}/%{name}/as
%dir %{_datadir}/%{name}
%dir %{_datadir}/%{name}/testcases
%{_datadir}/%{name}/testcases/*
-%doc docs/COPYING docs/README docs/ChangeLog docs/*.txt docs/visualization \
docs/vuln_samples
+%changelog
++++++ afl-1.58b-fix-paths.patch ++++++
---
Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Index: afl-1.58b/Makefile
===================================================================
--- afl-1.58b.orig/Makefile 2015-03-27 07:47:58.000000000 +0100
+++ afl-1.58b/Makefile 2015-03-27 21:14:10.000000000 +0100
@@ -18,8 +18,8 @@ VERSION = 1.58b
PREFIX ?= /usr/local
BIN_PATH = $(PREFIX)/bin
-HELPER_PATH = $(PREFIX)/lib/afl
-DOC_PATH = $(PREFIX)/share/doc/afl
+HELPER_PATH = $(LIBEXEC_DIR)/afl
+DOC_PATH = $(DOC_DIR)/afl
MISC_PATH = $(PREFIX)/share/afl
PROGS = afl-gcc afl-as afl-fuzz afl-showmap afl-tmin afl-gotcpu
++++++ afl-1.57b.tgz -> afl-1.58b.tgz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' \
'--exclude=.svnignore' old/afl-1.57b/Makefile new/afl-1.58b/Makefile
--- old/afl-1.57b/Makefile 2015-03-18 08:24:38.000000000 +0100
+++ new/afl-1.58b/Makefile 2015-03-27 07:47:58.000000000 +0100
@@ -14,7 +14,7 @@
#
PROGNAME = afl
-VERSION = 1.57b
+VERSION = 1.58b
PREFIX ?= /usr/local
BIN_PATH = $(PREFIX)/bin
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' \
'--exclude=.svnignore' old/afl-1.57b/docs/ChangeLog \
new/afl-1.58b/docs/ChangeLog
--- old/afl-1.57b/docs/ChangeLog 2015-03-18 08:28:39.000000000 +0100
+++ new/afl-1.58b/docs/ChangeLog 2015-03-27 07:48:35.000000000 +0100
@@ -17,6 +17,16 @@
to get on with the times.
--------------
+Version 1.58b:
+--------------
+
+ - Added a workaround for abort() behavior in -lpthread programs in QEMU mode.
+ Spotted by Aidan Thornton.
+
+ - Made several documentation updates, including links to the static
+ instrumentation tool (sister_projects.txt).
+
+--------------
Version 1.57b:
--------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' \
'--exclude=.svnignore' old/afl-1.57b/docs/README \
new/afl-1.58b/docs/README
--- old/afl-1.57b/docs/README 2015-03-18 08:25:01.000000000 +0100
+++ new/afl-1.58b/docs/README 2015-03-27 07:42:42.000000000 +0100
@@ -417,6 +417,8 @@
Andrew Griffiths Parker Thompson
Jonathan Neuschfer Tyler Nighswander
Ben Nagy Samir Aguiar
+ Aidan Thornton Aleksandar Nikolich
+ Sam Hakim
Thank you!
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' \
'--exclude=.svnignore' old/afl-1.57b/docs/perf_tips.txt \
new/afl-1.58b/docs/perf_tips.txt
--- old/afl-1.57b/docs/perf_tips.txt 2015-02-21 08:34:36.000000000 +0100
+++ new/afl-1.58b/docs/perf_tips.txt 2015-03-23 03:00:43.000000000 +0100
@@ -76,7 +76,8 @@
config file, or disabling some compile-time features that aren't really needed
for the job (try ./configure --help). One of the notoriously resource-consuming
things would be calling other utilities via exec*(), popen(), system(), or
-equivalent calls.
+equivalent calls. Some programs may intentionally call sleep(), usleep(), or
+nanosleep(), etc.
Last but not least, if you are using ASAN and the performance is unacceptable,
consider turning it off for now, and manually examining the generated corpus
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' \
'--exclude=.svnignore' old/afl-1.57b/docs/sister_projects.txt \
new/afl-1.58b/docs/sister_projects.txt
--- old/afl-1.57b/docs/sister_projects.txt 2015-03-18 04:58:23.000000000 +0100
+++ new/afl-1.58b/docs/sister_projects.txt 2015-03-27 07:47:04.000000000 +0100
@@ -28,6 +28,16 @@
https://github.com/bnagy/aflfix
+Static binary-only instrumentation (Aleksandar Nikolich)
+--------------------------------------------------------
+
+ Allows black-box binaries to be instrumented statically (i.e., by modifying
+ the binary ahead of the time, rather than translating it on the run). Author
+ reports better performance compared to QEMU, but occassional translation
+ errors with stripped binaries.
+
+ https://github.com/vrtadmin/moflow/tree/master/afl-dyninst
+
Python AFL (Jakub Wilk)
-----------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' \
'--exclude=.svnignore' old/afl-1.57b/docs/vuln_samples/sqlite-bad-ptr.sql \
new/afl-1.58b/docs/vuln_samples/sqlite-bad-ptr.sql
--- old/afl-1.57b/docs/vuln_samples/sqlite-bad-ptr.sql 1970-01-01 01:00:00.000000000 \
+0100
+++ new/afl-1.58b/docs/vuln_samples/sqlite-bad-ptr.sql 2015-03-20 21:37:51.000000000 \
+0100 @@ -0,0 +1 @@
+SELECT 0 UNION SELECT 0 ORDER BY 1 COLLATE"""""""";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' \
'--exclude=.svnignore' old/afl-1.57b/docs/vuln_samples/sqlite-null-ptr10.sql \
new/afl-1.58b/docs/vuln_samples/sqlite-null-ptr10.sql
--- old/afl-1.57b/docs/vuln_samples/sqlite-null-ptr10.sql 1970-01-01 \
01:00:00.000000000 +0100
+++ new/afl-1.58b/docs/vuln_samples/sqlite-null-ptr10.sql 2015-03-21 \
20:06:30.000000000 +0100 @@ -0,0 +1 @@
+SELECT fts3_tokenizer(@0());
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' \
'--exclude=.svnignore' old/afl-1.57b/docs/vuln_samples/sqlite-null-ptr11.sql \
new/afl-1.58b/docs/vuln_samples/sqlite-null-ptr11.sql
--- old/afl-1.57b/docs/vuln_samples/sqlite-null-ptr11.sql 1970-01-01 \
01:00:00.000000000 +0100
+++ new/afl-1.58b/docs/vuln_samples/sqlite-null-ptr11.sql 2015-03-22 \
04:34:27.000000000 +0100 @@ -0,0 +1 @@
+select''like''like''like#0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' \
'--exclude=.svnignore' old/afl-1.57b/docs/vuln_samples/sqlite-null-ptr6.sql \
new/afl-1.58b/docs/vuln_samples/sqlite-null-ptr6.sql
--- old/afl-1.57b/docs/vuln_samples/sqlite-null-ptr6.sql 1970-01-01 \
01:00:00.000000000 +0100
+++ new/afl-1.58b/docs/vuln_samples/sqlite-null-ptr6.sql 2015-03-20 \
21:38:02.000000000 +0100 @@ -0,0 +1 @@
+PRAGMA encoding='UTF16';CREATE VIRTUAL TABLE È USING s;
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' \
'--exclude=.svnignore' old/afl-1.57b/docs/vuln_samples/sqlite-null-ptr7.sql \
new/afl-1.58b/docs/vuln_samples/sqlite-null-ptr7.sql
--- old/afl-1.57b/docs/vuln_samples/sqlite-null-ptr7.sql 1970-01-01 \
01:00:00.000000000 +0100
+++ new/afl-1.58b/docs/vuln_samples/sqlite-null-ptr7.sql 2015-03-20 \
21:38:24.000000000 +0100 @@ -0,0 +1 @@
+CREATE VIRTUAL TABLE t USING fts4(tokenize=);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' \
'--exclude=.svnignore' old/afl-1.57b/docs/vuln_samples/sqlite-null-ptr8.sql \
new/afl-1.58b/docs/vuln_samples/sqlite-null-ptr8.sql
--- old/afl-1.57b/docs/vuln_samples/sqlite-null-ptr8.sql 1970-01-01 \
01:00:00.000000000 +0100
+++ new/afl-1.58b/docs/vuln_samples/sqlite-null-ptr8.sql 2015-03-21 \
04:24:24.000000000 +0100 @@ -0,0 +1 @@
+CREATE TABLE p(a UNIQUE,PRIMARY KEY('a'))WITHOUT rowid;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' \
'--exclude=.svnignore' old/afl-1.57b/docs/vuln_samples/sqlite-null-ptr9.sql \
new/afl-1.58b/docs/vuln_samples/sqlite-null-ptr9.sql
--- old/afl-1.57b/docs/vuln_samples/sqlite-null-ptr9.sql 1970-01-01 \
01:00:00.000000000 +0100
+++ new/afl-1.58b/docs/vuln_samples/sqlite-null-ptr9.sql 2015-03-21 \
04:24:39.000000000 +0100 @@ -0,0 +1 @@
+CREATE TABLE t0(z);WITH d(x)AS(SELECT*UNION SELECT 0)INSERT INTO t0 SELECT 0 FROM d;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' \
'--exclude=.svnignore' old/afl-1.57b/docs/vuln_samples/sqlite-unint-mem.sql \
new/afl-1.58b/docs/vuln_samples/sqlite-unint-mem.sql
--- old/afl-1.57b/docs/vuln_samples/sqlite-unint-mem.sql 1970-01-01 \
01:00:00.000000000 +0100
+++ new/afl-1.58b/docs/vuln_samples/sqlite-unint-mem.sql 2015-03-20 \
21:54:52.000000000 +0100 @@ -0,0 +1 @@
+REATE VIRTUAL TABLE t0 USING fts4(prefix=0);INSERT INTO t0 VALUES(0);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' \
'--exclude=.svnignore' old/afl-1.57b/qemu_mode/README.qemu \
new/afl-1.58b/qemu_mode/README.qemu
--- old/afl-1.57b/qemu_mode/README.qemu 2015-03-03 06:22:51.000000000 +0100
+++ new/afl-1.58b/qemu_mode/README.qemu 2015-03-27 08:07:21.000000000 +0100
@@ -96,3 +96,22 @@
Beyond that, this is an early-stage mechanism, so fields reports - even just
"yeah, it worked for me" - are very much welcome. You can always drop a mail to
<afl-users@googlegroups.com>.
+
+6) Alternatives: static rewriting
+---------------------------------
+
+Statically rewriting binaries just once, instead of attempting to translate
+them at run time, can be a faster alternative - but it is fraught with peril,
+because it depends on being able to properly model program control flow without
+actually running it.
+
+There is a module attempting just this, contributed by Aleksandar Nikolich:
+
+ https://github.com/vrtadmin/moflow/tree/master/afl-dyninst
+ https://groups.google.com/forum/#!topic/afl-users/HlSQdbOTlpg
+
+At this point, the author reports the possibility of hiccups with stripped
+binaries. That said, if we can get it to be comparably reliable to QEMU, we may
+decide to switch to this mode!
+
+Once again, field reports are very welcome.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' \
'--exclude=.svnignore' old/afl-1.57b/qemu_mode/build_qemu_support.sh \
new/afl-1.58b/qemu_mode/build_qemu_support.sh
--- old/afl-1.57b/qemu_mode/build_qemu_support.sh 2015-02-02 09:12:55.000000000 +0100
+++ new/afl-1.58b/qemu_mode/build_qemu_support.sh 2015-03-27 07:47:49.000000000 +0100
@@ -112,6 +112,7 @@
patch -p0 <patches/elfload.diff || exit 1
patch -p0 <patches/cpu-exec.diff || exit 1
patch -p0 <patches/translate-all.diff || exit 1
+patch -p0 <patches/syscall.diff || exit 1
echo "[+] Patching done."
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' \
'--exclude=.svnignore' old/afl-1.57b/qemu_mode/patches/afl-qemu-cpu-inl.h \
new/afl-1.58b/qemu_mode/patches/afl-qemu-cpu-inl.h
--- old/afl-1.57b/qemu_mode/patches/afl-qemu-cpu-inl.h 2015-02-02 22:14:12.000000000 \
+0100
+++ new/afl-1.58b/qemu_mode/patches/afl-qemu-cpu-inl.h 2015-03-27 07:53:46.000000000 \
+0100 @@ -69,9 +69,10 @@
afl_start_code, /* .text start pointer */
afl_end_code; /* .text end pointer */
-/* Set on the child in forkserver mode: */
+/* Set in the child process in forkserver mode: */
static unsigned char afl_fork_child;
+unsigned int afl_forksrv_pid;
/* Instrumentation ratio: */
@@ -158,6 +159,8 @@
if (write(FORKSRV_FD + 1, tmp, 4) != 4) return;
+ afl_forksrv_pid = getpid();
+
/* All right, let's await orders... */
while (1) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' \
'--exclude=.svnignore' old/afl-1.57b/qemu_mode/patches/syscall.diff \
new/afl-1.58b/qemu_mode/patches/syscall.diff
--- old/afl-1.57b/qemu_mode/patches/syscall.diff 1970-01-01 01:00:00.000000000 +0100
+++ new/afl-1.58b/qemu_mode/patches/syscall.diff 2015-03-27 07:39:50.000000000 +0100
@@ -0,0 +1,25 @@
+--- qemu-2.2.0/linux-user/syscall.c.orig 2014-12-09 14:45:43.000000000 +0000
++++ qemu-2.2.0/linux-user/syscall.c 2015-03-27 06:33:00.736000000 +0000
+@@ -227,7 +227,21 @@
+ _syscall3(int,sys_rt_sigqueueinfo,int,pid,int,sig,siginfo_t *,uinfo)
+ _syscall3(int,sys_syslog,int,type,char*,bufp,int,len)
+ #if defined(TARGET_NR_tgkill) && defined(__NR_tgkill)
+-_syscall3(int,sys_tgkill,int,tgid,int,pid,int,sig)
++
++extern unsigned int afl_forksrv_pid;
++
++static int sys_tgkill(int tgid, int pid, int sig) {
++
++ /* Workaround for -lpthread to make abort() work properly, without
++ killing the forkserver due to a prematurely cached PID. */
++
++ if (afl_forksrv_pid && afl_forksrv_pid == pid && sig == SIGABRT)
++ pid = tgid = getpid();
++
++ return syscall(__NR_sys_tgkill, pid, tgid, sig);
++
++}
++
+ #endif
+ #if defined(TARGET_NR_tkill) && defined(__NR_tkill)
+ _syscall2(int,sys_tkill,int,tid,int,sig)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic