From 4ce66ab158565e1fd23e11e95c0131eba6b2435b0bd9fddd853db38897887a8c Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 28 Jun 2022 15:18:08 +0000 Subject: [PATCH] Accepting request 985620 from home:msmeissn:branches:devel:tools - updated to 4.01c - fixed */build_...sh scripts to work outside of git - new custom_mutator: libafl with token fuzzing :) - afl-fuzz: - when you just want to compile once and set CMPLOG, then just set -c 0 to tell afl-fuzz that the fuzzing binary is also for CMPLOG. - new commandline options -g/G to set min/max length of generated fuzz inputs - you can set the time for syncing to other fuzzer now with AFL_SYNC_TIME - reintroduced AFL_PERSISTENT and AFL_DEFER_FORKSRV to allow persistent mode and manual forkserver support if these are not in the target binary (e.g. are in a shared library) - add AFL_EARLY_FORKSERVER to install the forkserver as earliest as possible in the target (for afl-gcc-fast/afl-clang-fast/ afl-clang-lto) - "saved timeouts" was wrong information, timeouts are still thrown away by default even if they have new coverage (hangs are always kept), unless AFL_KEEP_TIMEOUTS are set - AFL never implemented auto token inserts (but user token inserts, user token overwrite and auto token overwrite), added now! - fixed a mutation type in havoc mode - Mopt fix to always select the correct algorithm - fix effector map calculation (deterministic mode) - fix custom mutator post_process functionality - document and auto-activate pizza mode on condition - afl-cc: - due a bug in lld of llvm 15 LTO instrumentation wont work atm :-( - converted all passed to use the new llvm pass manager for llvm 11+ OBS-URL: https://build.opensuse.org/request/show/985620 OBS-URL: https://build.opensuse.org/package/show/devel:tools/afl?expand=0&rev=150 --- 4.00c.tar.gz | 3 - 4.01c.tar.gz | 3 + afl.changes | 43 +++++++++++++ afl.spec | 4 +- llvm14-fix-build.patch | 140 ----------------------------------------- 5 files changed, 47 insertions(+), 146 deletions(-) delete mode 100644 4.00c.tar.gz create mode 100644 4.01c.tar.gz delete mode 100644 llvm14-fix-build.patch diff --git a/4.00c.tar.gz b/4.00c.tar.gz deleted file mode 100644 index 36ba898..0000000 --- a/4.00c.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f427294ed674e37d34a1b756a2190de17937e046ef21abb3ae37bba018a760f1 -size 2805041 diff --git a/4.01c.tar.gz b/4.01c.tar.gz new file mode 100644 index 0000000..ed995da --- /dev/null +++ b/4.01c.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4a0b42a62272c8f07cfba8f5f2fc43a5c072a30d0dbee47732bb2f06ecd7e44f +size 2818445 diff --git a/afl.changes b/afl.changes index 98eed75..d3c9ab1 100644 --- a/afl.changes +++ b/afl.changes @@ -1,4 +1,47 @@ ------------------------------------------------------------------- +Tue Jun 28 14:32:52 UTC 2022 - Marcus Meissner + +- updated to 4.01c + - fixed */build_...sh scripts to work outside of git + - new custom_mutator: libafl with token fuzzing :) + - afl-fuzz: + - when you just want to compile once and set CMPLOG, then just + set -c 0 to tell afl-fuzz that the fuzzing binary is also for + CMPLOG. + - new commandline options -g/G to set min/max length of generated + fuzz inputs + - you can set the time for syncing to other fuzzer now with + AFL_SYNC_TIME + - reintroduced AFL_PERSISTENT and AFL_DEFER_FORKSRV to allow + persistent mode and manual forkserver support if these are not + in the target binary (e.g. are in a shared library) + - add AFL_EARLY_FORKSERVER to install the forkserver as earliest as + possible in the target (for afl-gcc-fast/afl-clang-fast/ + afl-clang-lto) + - "saved timeouts" was wrong information, timeouts are still thrown + away by default even if they have new coverage (hangs are always + kept), unless AFL_KEEP_TIMEOUTS are set + - AFL never implemented auto token inserts (but user token inserts, + user token overwrite and auto token overwrite), added now! + - fixed a mutation type in havoc mode + - Mopt fix to always select the correct algorithm + - fix effector map calculation (deterministic mode) + - fix custom mutator post_process functionality + - document and auto-activate pizza mode on condition + - afl-cc: + - due a bug in lld of llvm 15 LTO instrumentation wont work atm :-( + - converted all passed to use the new llvm pass manager for llvm 11+ + - AFL++ PCGUARD mode is not available for 10.0.1 anymore (11+ only) + - trying to stay on top on all these #$&ยง!! changes in llvm 15 ... + - frida_mode: + - update to new frida release, handles now c++ throw/catch + - unicorn_mode: + - update unicorn engine, fix C example + - utils: + - removed optimin because it looses coverage due to a bug and is + unmaintained :-( +- removed upstream llvm14-fix-build.patch +------------------------------------------------------------------- Sat Jun 4 13:26:34 UTC 2022 - Aaron Puchert - Add llvm14-fix-build.patch: fix build with LLVM 14. diff --git a/afl.spec b/afl.spec index 0b8d27b..11cbe8a 100644 --- a/afl.spec +++ b/afl.spec @@ -36,7 +36,7 @@ %endif Name: afl -Version: 4.00c +Version: 4.01c Release: 0 Summary: American fuzzy lop is a security-oriented fuzzer #URL: https://lcamtuf.coredump.cx/afl/ @@ -45,7 +45,6 @@ URL: https://github.com/AFLplusplus/AFLplusplus Source: https://github.com/AFLplusplus/AFLplusplus/archive/%{version}.tar.gz Source1: afl-rpmlintrc Patch1: afl-3.0c-fix-paths.patch -Patch2: https://github.com/AFLplusplus/AFLplusplus/commit/675d17d737ee5dee88766d9c181567771592c94c.patch#/llvm14-fix-build.patch BuildRequires: clang BuildRequires: gcc-c++ %ifarch x86_64 @@ -77,7 +76,6 @@ use cases - say, common image parsing or file compression libraries. %prep %setup -q -n AFLplusplus-%version %patch1 -p1 -%patch2 -p1 sed -i 's|#!/usr/bin/env sh|#!/bin/sh|g' afl-cmin sed -i 's|#!/usr/bin/env bash|#!/bin/bash|g' afl-cmin.bash diff --git a/llvm14-fix-build.patch b/llvm14-fix-build.patch deleted file mode 100644 index 1cb5758..0000000 --- a/llvm14-fix-build.patch +++ /dev/null @@ -1,140 +0,0 @@ -From 05119990b6075aaf8f16a385a763651f68b8b1ef Mon Sep 17 00:00:00 2001 -From: Raphael Isemann -Date: Tue, 22 Feb 2022 10:54:51 +0100 -Subject: [PATCH] LLVM 14 fixes - ---- - instrumentation/SanitizerCoverageLTO.so.cc | 5 +++-- - instrumentation/SanitizerCoveragePCGUARD.so.cc | 1 + - instrumentation/afl-llvm-dict2file.so.cc | 4 ++-- - instrumentation/afl-llvm-lto-instrumentlist.so.cc | 1 + - instrumentation/afl-llvm-pass.so.cc | 1 + - instrumentation/compare-transform-pass.so.cc | 4 ++-- - src/afl-cc.c | 4 ++-- - 7 files changed, 12 insertions(+), 8 deletions(-) - -diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc -index 6a4a071f7..1bdc53768 100644 ---- a/instrumentation/SanitizerCoverageLTO.so.cc -+++ b/instrumentation/SanitizerCoverageLTO.so.cc -@@ -17,6 +17,7 @@ - #include "llvm/Transforms/Instrumentation/SanitizerCoverage.h" - #include "llvm/ADT/ArrayRef.h" - #include "llvm/ADT/SmallVector.h" -+#include "llvm/ADT/Triple.h" - #include "llvm/Analysis/EHPersonalities.h" - #include "llvm/Analysis/PostDominators.h" - #include "llvm/Analysis/ValueTracking.h" -@@ -757,7 +758,7 @@ bool ModuleSanitizerCoverage::instrumentModule( - if (!HasStr2) { - - auto *Ptr = dyn_cast(Str2P); -- if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) { -+ if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) { - - if (auto *Var = dyn_cast(Ptr->getOperand(0))) { - -@@ -838,7 +839,7 @@ bool ModuleSanitizerCoverage::instrumentModule( - - auto Ptr = dyn_cast(Str1P); - -- if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) { -+ if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) { - - if (auto *Var = dyn_cast(Ptr->getOperand(0))) { - -diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc -index e4ffeb508..48bb5a2cc 100644 ---- a/instrumentation/SanitizerCoveragePCGUARD.so.cc -+++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc -@@ -13,6 +13,7 @@ - #include "llvm/Transforms/Instrumentation/SanitizerCoverage.h" - #include "llvm/ADT/ArrayRef.h" - #include "llvm/ADT/SmallVector.h" -+#include "llvm/ADT/Triple.h" - #include "llvm/Analysis/EHPersonalities.h" - #include "llvm/Analysis/PostDominators.h" - #include "llvm/IR/CFG.h" -diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc -index 391246606..94dc6984d 100644 ---- a/instrumentation/afl-llvm-dict2file.so.cc -+++ b/instrumentation/afl-llvm-dict2file.so.cc -@@ -435,7 +435,7 @@ bool AFLdict2filePass::runOnModule(Module &M) { - if (!HasStr2) { - - auto *Ptr = dyn_cast(Str2P); -- if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) { -+ if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) { - - if (auto *Var = dyn_cast(Ptr->getOperand(0))) { - -@@ -519,7 +519,7 @@ bool AFLdict2filePass::runOnModule(Module &M) { - - auto Ptr = dyn_cast(Str1P); - -- if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) { -+ if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) { - - if (auto *Var = dyn_cast(Ptr->getOperand(0))) { - -diff --git a/instrumentation/afl-llvm-lto-instrumentlist.so.cc b/instrumentation/afl-llvm-lto-instrumentlist.so.cc -index 35ba9c5a0..2ddbc7253 100644 ---- a/instrumentation/afl-llvm-lto-instrumentlist.so.cc -+++ b/instrumentation/afl-llvm-lto-instrumentlist.so.cc -@@ -43,6 +43,7 @@ - #include "llvm/IR/IRBuilder.h" - #include "llvm/IR/LegacyPassManager.h" - #include "llvm/IR/Module.h" -+#include "llvm/Pass.h" - #include "llvm/Support/Debug.h" - #include "llvm/Transforms/IPO/PassManagerBuilder.h" - #include "llvm/IR/CFG.h" -diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc -index 5246ba089..6419cd1dc 100644 ---- a/instrumentation/afl-llvm-pass.so.cc -+++ b/instrumentation/afl-llvm-pass.so.cc -@@ -45,6 +45,7 @@ typedef long double max_align_t; - #endif - - #include "llvm/IR/IRBuilder.h" -+#include "llvm/Pass.h" - #include "llvm/IR/LegacyPassManager.h" - #include "llvm/IR/BasicBlock.h" - #include "llvm/IR/Module.h" -diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc -index c3a4ee344..1e250d7aa 100644 ---- a/instrumentation/compare-transform-pass.so.cc -+++ b/instrumentation/compare-transform-pass.so.cc -@@ -246,7 +246,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, - if (!(HasStr1 || HasStr2)) { - - auto *Ptr = dyn_cast(Str2P); -- if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) { -+ if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) { - - if (auto *Var = dyn_cast(Ptr->getOperand(0))) { - -@@ -271,7 +271,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, - if (!HasStr2) { - - Ptr = dyn_cast(Str1P); -- if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) { -+ if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) { - - if (auto *Var = dyn_cast(Ptr->getOperand(0))) { - -diff --git a/src/afl-cc.c b/src/afl-cc.c -index ed57ca1ed..bacd9de96 100644 ---- a/src/afl-cc.c -+++ b/src/afl-cc.c -@@ -549,8 +549,8 @@ static void edit_params(u32 argc, char **argv, char **envp) { - } - - #if LLVM_MAJOR >= 13 -- // fuck you llvm 13 -- cc_params[cc_par_cnt++] = "-fno-experimental-new-pass-manager"; -+ // Use the old pass manager in LLVM 14 which the afl++ passes still use. -+ cc_params[cc_par_cnt++] = "-flegacy-pass-manager"; - #endif - - if (lto_mode && !have_c) {