Accepting request 950197 from devel:tools

- updated to 4.00c
  - complete documentation restructuring, made possible by Google Season
    of Docs :) thank you Jana!
  - we renamed several UI and fuzzer_stat entries to be more precise,
    e.g. "unique crashes" -> "saved crashes", "total paths" ->
    "corpus count", "current path" -> "current item".
    This might need changing custom scripting!
  - Nyx mode (full system emulation with snapshot capability) has been
    added - thanks to @schumilo and @eqv!
  - unicorn_mode:
    -   Moved to unicorn2! by Ziqiao Kong (@lazymio)
    -   Faster, more accurate emulation (newer QEMU base), risc-v support
    -   removed indirections in rust callbacks
  - new binary-only fuzzing mode: coresight_mode for aarch64 CPUs :)
    thanks to RICSecLab submitting!
  - if instrumented libaries are dlopen()'ed after the forkserver you
    will now see a crash. Before you would have colliding coverage.
    We changed this to force fixing a broken setup rather then allowing
    ineffective fuzzing.
  - See docs/best_practices.md how to fix such setups.
  - afl-fuzz:
    -   cmplog binaries will need to be recompiled for this version
        (it is better!)
    -   fix a regression introduced in 3.10 that resulted in less
        coverage being detected. thanks to Collin May for reporting!
    -   ensure all spawned targets are killed on exit
    -   added AFL_IGNORE_PROBLEMS, plus checks to identify and abort on
        incorrect LTO usage setups and enhanced the READMEs for better
        information on how to deal with instrumenting libraries
    -   fix -n dumb mode (nobody should use this mode though) (forwarded request 950196 from msmeissn)

OBS-URL: https://build.opensuse.org/request/show/950197
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/afl?expand=0&rev=67

3.14c.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:36552e3aac5c390dfec4f75d0dd60dc802c3e97b8baf042aa1edb6529dba0766
-size 2162934

4.00c.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f427294ed674e37d34a1b756a2190de17937e046ef21abb3ae37bba018a760f1
+size 2805041

afl.changes

@@ -1,3 +1,80 @@
+-------------------------------------------------------------------
+Mon Jan 31 12:45:45 UTC 2022 - Marcus Meissner <meissner@suse.com>
+
+- updated to 4.00c
+
+  - complete documentation restructuring, made possible by Google Season
+    of Docs :) thank you Jana!
+  - we renamed several UI and fuzzer_stat entries to be more precise,
+    e.g. "unique crashes" -> "saved crashes", "total paths" ->
+    "corpus count", "current path" -> "current item".
+    This might need changing custom scripting!
+  - Nyx mode (full system emulation with snapshot capability) has been
+    added - thanks to @schumilo and @eqv!
+  - unicorn_mode:
+    -   Moved to unicorn2! by Ziqiao Kong (@lazymio)
+    -   Faster, more accurate emulation (newer QEMU base), risc-v support
+    -   removed indirections in rust callbacks
+  - new binary-only fuzzing mode: coresight_mode for aarch64 CPUs :)
+    thanks to RICSecLab submitting!
+  - if instrumented libaries are dlopen()'ed after the forkserver you
+    will now see a crash. Before you would have colliding coverage.
+    We changed this to force fixing a broken setup rather then allowing
+    ineffective fuzzing.
+  - See docs/best_practices.md how to fix such setups.
+  - afl-fuzz:
+    -   cmplog binaries will need to be recompiled for this version
+        (it is better!)
+    -   fix a regression introduced in 3.10 that resulted in less
+        coverage being detected. thanks to Collin May for reporting!
+    -   ensure all spawned targets are killed on exit
+    -   added AFL_IGNORE_PROBLEMS, plus checks to identify and abort on
+        incorrect LTO usage setups and enhanced the READMEs for better
+        information on how to deal with instrumenting libraries
+    -   fix -n dumb mode (nobody should use this mode though)
+    -   fix stability issue with LTO and cmplog
+    -   better banner
+    -   more effective cmplog mode
+    -   more often update the UI when in input2stage mode
+  - qemu_mode/unicorn_mode: fixed OOB write when using libcompcov,
+    thanks to kotee4ko for reporting!
+  - frida_mode:
+    -   better performance, bug fixes
+    -   David Carlier added Android support :)
+  - afl-showmap, afl-tmin and afl-analyze:
+    -   honor persistent mode for more speed. thanks to dloffre-snl
+        for reporting!
+    -   fix bug where targets are not killed on timeouts
+    -   moved hidden afl-showmap -A option to -H to be used for
+        coresight_mode
+  - Prevent accidentaly killing non-afl/fuzz services when aborting
+    afl-showmap and other tools.
+  - afl-cc:
+    -   detect overflow reads on initial input buffer for asan
+    -   new cmplog mode (incompatible with older afl++ versions)
+    -   support llvm IR select instrumentation for default PCGUARD and LTO
+    -   fix for shared linking on MacOS
+    -   better selective instrumentation AFL_LLVM_{ALLOW|DENY}LIST
+        on filename matching (requires llvm 11 or newer)
+    -   fixed a potential crash in targets for LAF string handling
+    -   fixed a bad assert in LAF split switches
+    -   added AFL_USE_TSAN thread sanitizer support
+    -   llvm and LTO mode modified to work with new llvm 14-dev (again.)
+    -   fix for AFL_REAL_LD
+    -   more -z defs filtering
+    -   make -v without options work
+  - added the very good grammar mutator "GramaTron" to the
+    custom_mutators
+  - added optimin, a faster and better corpus minimizer by
+    Adrian Herrera. Thank you!
+  - added afl-persistent-config script to set perform permanent system
+    configuration settings for fuzzing, for Linux and Macos.
+    thanks to jhertz!
+  - added xml, curl & exotic string functions to llvm dictionary feature
+  - fix AFL_PRELOAD issues on MacOS
+  - removed utils/afl_frida because frida_mode/ is now so much better
+  - added uninstall target to makefile (todo: update new readme!)
+
 -------------------------------------------------------------------
 Sun Sep 26 11:04:42 UTC 2021 - Marcus Meissner <meissner@suse.com>
 

afl.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package afl
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,11 +17,12 @@
 
 
 Name:           afl
-Version:        3.14c
+Version:        4.00c
 Release:        0
 Summary:        American fuzzy lop is a security-oriented fuzzer
+#URL:            https://lcamtuf.coredump.cx/afl/
 License:        Apache-2.0
-URL:            http://lcamtuf.coredump.cx/afl/
+URL:            https://github.com/AFLplusplus/AFLplusplus
 Source:         https://github.com/AFLplusplus/AFLplusplus/archive/%{version}.tar.gz
 Source1:        afl-rpmlintrc
 Patch1:         afl-3.0c-fix-paths.patch