Accepting request 985620 from home:msmeissn:branches:devel:tools

- updated to 4.01c - fixed */build_...sh scripts to work outside of git - new custom_mutator: libafl with token fuzzing :) - afl-fuzz: - when you just want to compile once and set CMPLOG, then just set -c 0 to tell afl-fuzz that the fuzzing binary is also for CMPLOG. - new commandline options -g/G to set min/max length of generated fuzz inputs - you can set the time for syncing to other fuzzer now with AFL_SYNC_TIME - reintroduced AFL_PERSISTENT and AFL_DEFER_FORKSRV to allow persistent mode and manual forkserver support if these are not in the target binary (e.g. are in a shared library) - add AFL_EARLY_FORKSERVER to install the forkserver as earliest as possible in the target (for afl-gcc-fast/afl-clang-fast/ afl-clang-lto) - "saved timeouts" was wrong information, timeouts are still thrown away by default even if they have new coverage (hangs are always kept), unless AFL_KEEP_TIMEOUTS are set - AFL never implemented auto token inserts (but user token inserts, user token overwrite and auto token overwrite), added now! - fixed a mutation type in havoc mode - Mopt fix to always select the correct algorithm - fix effector map calculation (deterministic mode) - fix custom mutator post_process functionality - document and auto-activate pizza mode on condition - afl-cc: - due a bug in lld of llvm 15 LTO instrumentation wont work atm :-( - converted all passed to use the new llvm pass manager for llvm 11+ OBS-URL: https://build.opensuse.org/request/show/985620 OBS-URL: https://build.opensuse.org/package/show/devel:tools/afl?expand=0&rev=150
2022-06-28 15:18:08 +00:00 · 2022-06-28 15:18:08 +00:00 · 4ce66ab158
commit 4ce66ab158
parent 6314bcb1a3
5 changed files with 47 additions and 146 deletions
--- a/4.00c.tar.gz
+++ b/4.00c.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f427294ed674e37d34a1b756a2190de17937e046ef21abb3ae37bba018a760f1
-size 2805041
--- a/4.01c.tar.gz
+++ b/4.01c.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4a0b42a62272c8f07cfba8f5f2fc43a5c072a30d0dbee47732bb2f06ecd7e44f
+size 2818445
--- a/afl.changes
+++ b/afl.changes
@ -1,4 +1,47 @@
 -------------------------------------------------------------------
+Tue Jun 28 14:32:52 UTC 2022 - Marcus Meissner <meissner@suse.com>
+
+- updated to 4.01c
+  - fixed */build_...sh scripts to work outside of git
+  - new custom_mutator: libafl with token fuzzing :)
+  - afl-fuzz:
+    - when you just want to compile once and set CMPLOG, then just
+      set -c 0 to tell afl-fuzz that the fuzzing binary is also for
+      CMPLOG.
+    - new commandline options -g/G to set min/max length of generated
+      fuzz inputs
+    - you can set the time for syncing to other fuzzer now with
+      AFL_SYNC_TIME
+    - reintroduced AFL_PERSISTENT and AFL_DEFER_FORKSRV to allow
+      persistent mode and manual forkserver support if these are not
+      in the target binary (e.g. are in a shared library)
+    - add AFL_EARLY_FORKSERVER to install the forkserver as earliest as
+      possible in the target (for afl-gcc-fast/afl-clang-fast/
+      afl-clang-lto)
+    - "saved timeouts" was wrong information, timeouts are still thrown
+      away by default even if they have new coverage (hangs are always
+      kept), unless AFL_KEEP_TIMEOUTS are set
+    - AFL never implemented auto token inserts (but user token inserts,
+      user token overwrite and auto token overwrite), added now!
+    - fixed a mutation type in havoc mode
+    - Mopt fix to always select the correct algorithm
+    - fix effector map calculation (deterministic mode)
+    - fix custom mutator post_process functionality
+    - document and auto-activate pizza mode on condition
+  - afl-cc:
+    - due a bug in lld of llvm 15 LTO instrumentation wont work atm :-(
+    - converted all passed to use the new llvm pass manager for llvm 11+
+    - AFL++ PCGUARD mode is not available for 10.0.1 anymore (11+ only)
+    - trying to stay on top on all these #$&§!! changes in llvm 15 ...
+  - frida_mode:
+    - update to new frida release, handles now c++ throw/catch
+  - unicorn_mode:
+    - update unicorn engine, fix C example
+  - utils:
+    - removed optimin because it looses coverage due to a bug and is
+      unmaintained :-(
+- removed upstream llvm14-fix-build.patch
+-------------------------------------------------------------------
 Sat Jun  4 13:26:34 UTC 2022 - Aaron Puchert <aaronpuchert@alice-dsl.net>

 - Add llvm14-fix-build.patch: fix build with LLVM 14. 
--- a/afl.spec
+++ b/afl.spec
@ -36,7 +36,7 @@
 %endif

 Name:           afl
-Version:        4.00c
+Version:        4.01c
 Release:        0
 Summary:        American fuzzy lop is a security-oriented fuzzer
 #URL:            https://lcamtuf.coredump.cx/afl/
@ -45,7 +45,6 @@ URL:            https://github.com/AFLplusplus/AFLplusplus
 Source:         https://github.com/AFLplusplus/AFLplusplus/archive/%{version}.tar.gz
 Source1:        afl-rpmlintrc
 Patch1:         afl-3.0c-fix-paths.patch
-Patch2:         https://github.com/AFLplusplus/AFLplusplus/commit/675d17d737ee5dee88766d9c181567771592c94c.patch#/llvm14-fix-build.patch
 BuildRequires:  clang
 BuildRequires:  gcc-c++
 %ifarch x86_64
@ -77,7 +76,6 @@ use cases - say, common image parsing or file compression libraries.
 %prep
 %setup -q -n AFLplusplus-%version
 %patch1 -p1
-%patch2 -p1
 sed -i 's|#!/usr/bin/env sh|#!/bin/sh|g' afl-cmin
 sed -i 's|#!/usr/bin/env bash|#!/bin/bash|g' afl-cmin.bash

--- a/llvm14-fix-build.patch
+++ b/llvm14-fix-build.patch
@ -1,140 +0,0 @@
-From 05119990b6075aaf8f16a385a763651f68b8b1ef Mon Sep 17 00:00:00 2001
-From: Raphael Isemann <teemperor@gmail.com>
-Date: Tue, 22 Feb 2022 10:54:51 +0100
-Subject: [PATCH] LLVM 14 fixes
-
---
- instrumentation/SanitizerCoverageLTO.so.cc        | 5 +++--
- instrumentation/SanitizerCoveragePCGUARD.so.cc    | 1 +
- instrumentation/afl-llvm-dict2file.so.cc          | 4 ++--
- instrumentation/afl-llvm-lto-instrumentlist.so.cc | 1 +
- instrumentation/afl-llvm-pass.so.cc               | 1 +
- instrumentation/compare-transform-pass.so.cc      | 4 ++--
- src/afl-cc.c                                      | 4 ++--
- 7 files changed, 12 insertions(+), 8 deletions(-)
-
-diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc
-index 6a4a071f7..1bdc53768 100644
--- a/instrumentation/SanitizerCoverageLTO.so.cc
-+++ b/instrumentation/SanitizerCoverageLTO.so.cc
-@@ -17,6 +17,7 @@
- #include "llvm/Transforms/Instrumentation/SanitizerCoverage.h"
- #include "llvm/ADT/ArrayRef.h"
- #include "llvm/ADT/SmallVector.h"
-+#include "llvm/ADT/Triple.h"
- #include "llvm/Analysis/EHPersonalities.h"
- #include "llvm/Analysis/PostDominators.h"
- #include "llvm/Analysis/ValueTracking.h"
-@@ -757,7 +758,7 @@ bool ModuleSanitizerCoverage::instrumentModule(
-             if (!HasStr2) {
- 
-               auto *Ptr = dyn_cast<ConstantExpr>(Str2P);
-              if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) {
-+              if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) {
- 
-                 if (auto *Var = dyn_cast<GlobalVariable>(Ptr->getOperand(0))) {
- 
-@@ -838,7 +839,7 @@ bool ModuleSanitizerCoverage::instrumentModule(
- 
-               auto Ptr = dyn_cast<ConstantExpr>(Str1P);
- 
-              if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) {
-+              if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) {
- 
-                 if (auto *Var = dyn_cast<GlobalVariable>(Ptr->getOperand(0))) {
- 
-diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc
-index e4ffeb508..48bb5a2cc 100644
--- a/instrumentation/SanitizerCoveragePCGUARD.so.cc
-+++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc
-@@ -13,6 +13,7 @@
- #include "llvm/Transforms/Instrumentation/SanitizerCoverage.h"
- #include "llvm/ADT/ArrayRef.h"
- #include "llvm/ADT/SmallVector.h"
-+#include "llvm/ADT/Triple.h"
- #include "llvm/Analysis/EHPersonalities.h"
- #include "llvm/Analysis/PostDominators.h"
- #include "llvm/IR/CFG.h"
-diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc
-index 391246606..94dc6984d 100644
--- a/instrumentation/afl-llvm-dict2file.so.cc
-+++ b/instrumentation/afl-llvm-dict2file.so.cc
-@@ -435,7 +435,7 @@ bool AFLdict2filePass::runOnModule(Module &M) {
-           if (!HasStr2) {
- 
-             auto *Ptr = dyn_cast<ConstantExpr>(Str2P);
-            if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) {
-+            if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) {
- 
-               if (auto *Var = dyn_cast<GlobalVariable>(Ptr->getOperand(0))) {
- 
-@@ -519,7 +519,7 @@ bool AFLdict2filePass::runOnModule(Module &M) {
- 
-             auto Ptr = dyn_cast<ConstantExpr>(Str1P);
- 
-            if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) {
-+            if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) {
- 
-               if (auto *Var = dyn_cast<GlobalVariable>(Ptr->getOperand(0))) {
- 
-diff --git a/instrumentation/afl-llvm-lto-instrumentlist.so.cc b/instrumentation/afl-llvm-lto-instrumentlist.so.cc
-index 35ba9c5a0..2ddbc7253 100644
--- a/instrumentation/afl-llvm-lto-instrumentlist.so.cc
-+++ b/instrumentation/afl-llvm-lto-instrumentlist.so.cc
-@@ -43,6 +43,7 @@
- #include "llvm/IR/IRBuilder.h"
- #include "llvm/IR/LegacyPassManager.h"
- #include "llvm/IR/Module.h"
-+#include "llvm/Pass.h"
- #include "llvm/Support/Debug.h"
- #include "llvm/Transforms/IPO/PassManagerBuilder.h"
- #include "llvm/IR/CFG.h"
-diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc
-index 5246ba089..6419cd1dc 100644
--- a/instrumentation/afl-llvm-pass.so.cc
-+++ b/instrumentation/afl-llvm-pass.so.cc
-@@ -45,6 +45,7 @@ typedef long double max_align_t;
- #endif
- 
- #include "llvm/IR/IRBuilder.h"
-+#include "llvm/Pass.h"
- #include "llvm/IR/LegacyPassManager.h"
- #include "llvm/IR/BasicBlock.h"
- #include "llvm/IR/Module.h"
-diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc
-index c3a4ee344..1e250d7aa 100644
--- a/instrumentation/compare-transform-pass.so.cc
-+++ b/instrumentation/compare-transform-pass.so.cc
-@@ -246,7 +246,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
-           if (!(HasStr1 || HasStr2)) {
- 
-             auto *Ptr = dyn_cast<ConstantExpr>(Str2P);
-            if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) {
-+            if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) {
- 
-               if (auto *Var = dyn_cast<GlobalVariable>(Ptr->getOperand(0))) {
- 
-@@ -271,7 +271,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
-             if (!HasStr2) {
- 
-               Ptr = dyn_cast<ConstantExpr>(Str1P);
-              if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) {
-+              if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) {
- 
-                 if (auto *Var = dyn_cast<GlobalVariable>(Ptr->getOperand(0))) {
- 
-diff --git a/src/afl-cc.c b/src/afl-cc.c
-index ed57ca1ed..bacd9de96 100644
--- a/src/afl-cc.c
-+++ b/src/afl-cc.c
-@@ -549,8 +549,8 @@ static void edit_params(u32 argc, char **argv, char **envp) {
-     }
- 
- #if LLVM_MAJOR >= 13
-    // fuck you llvm 13
-    cc_params[cc_par_cnt++] = "-fno-experimental-new-pass-manager";
-+    // Use the old pass manager in LLVM 14 which the afl++ passes still use.
-+    cc_params[cc_par_cnt++] = "-flegacy-pass-manager";
- #endif
- 
-     if (lto_mode && !have_c) {