|
Bernhard M. Wiedemann |
b204e0 |
<revisionlist>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="1" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>8c35c9fb0cbd1855c6f3683d1814f113</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>1.57b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1427313922</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>add the american fuzzing language</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>292839</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="2" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>bc784d240d219222f391be78b7df434f</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>1.58b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1427736796</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>afl 1.58b and libexedir improvement</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>293476</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="3" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>bbfe60a91b9383dd661e691b638da8ce</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>1.60b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1428652486</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>1</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>295181</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="4" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>7d61228e9dff4dcf0eee4f320306618d</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>1.62b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1428790273</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>afl 1.62b (forwarded request 295378 from AndreasStieger)</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>295379</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="5" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>bbad7d1d768914bdc1c77abdcc26832d</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>1.69b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1429186454</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>1</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>297081</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="6" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>f30177a8de7bfd170ad865b243940096</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>1.71b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1429658324</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>afl 1.71b (forwarded request 298226 from AndreasStieger)</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>298227</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="7" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>2e49df504cf7a56177611519f1baee18</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>1.73b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1430891339</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>Automatic submission by obs-autosubmit</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>305275</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="8" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>97c4bf2651a0bd0acefcebe8bbf5a8e8</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>1.77b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1431247640</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>coolo</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>1</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>305943</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="9" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>db4b525688240242ddc7674270a3a96b</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>1.78b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1431987680</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>coolo</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>1</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>307842</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="10" vrev="2">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>db4b525688240242ddc7674270a3a96b</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>1.78b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1431987681</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>coolo</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>1</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>307842</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="11" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>5e87531019b5c79509f8d1ba6a5f0cee</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>1.80b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1433232709</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>afl 1.80b</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>309667</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="12" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>4f6523b0efa0bd29c2c8d66aabac8ec1</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>1.83b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1434456316</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>coolo</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>afl 1.83b</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>312108</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="13" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>eaf83f5522eff95579d23c547a36a42a</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>1.85b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1438899844</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>1</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>320742</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="14" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>5c6d482bd88021fd927cb140f3d78337</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>1.86b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1439385178</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>1</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>321770</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="15" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>1628482f22422f979becc6274aa619ee</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>1.92b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1441727103</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>afl 1.92b</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>329519</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="16" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>6a4aa3a40023cd11a728f59a8aaafd86</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>1.94b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1444130757</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>1</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>335943</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="17" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>007ecf44597a2d4da46d281a9fc4236a</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>1.95b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1447454174</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>1</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>344165</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="18" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>c0f6c65ac1165980f113f74e02d4a930</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>1.96b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1450856989</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>1</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>349658</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="19" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>e5e3e0df73b9ed0d4bd56fbdeedb7db6</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.01b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1455790027</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>afl 2.01</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>359642</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="20" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>767913d5ac695a2272b88d536cace58b</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.04b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1456434656</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>1</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>361310</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="21" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>85572331ca9d924c6a5ae3b37d17f557</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.05b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1456821914</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>afl 2.05b</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>362828</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="22" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>e1c08ff2bd624521d36db15bdd5b3168</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.09b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1459422193</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>1</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>381246</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="23" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>0fd16dce5ebed81c2047edbcc9ac0b0e</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.10b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1461855261</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>1</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>390313</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="24" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>cead3c2a1dc5319382c0a683cfa462e9</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.11b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1462428765</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>1</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>393279</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="25" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>cabb5e16f91716ecdf2060b80be7fc8c</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.13b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1464853130</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>1</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>399108</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="26" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>49349cb50a98f813061dc619c6a698a0</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.14b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1466326173</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>afl 2.14b (forwarded request 402522 from AndreasStieger)</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>402531</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="27" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>aa85b19b1f41c48196100d8cf8abcde2</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.17b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1467359969</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>afl 2.17b</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>405155</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="28" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>9a4dbdaa762893c4c8fceb98c64e9d93</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.21b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1469742399</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>afl 2.21b</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>414716</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="29" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>8e48ec90552b9472e2317d6363b60382</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.32b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1472477748</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>- Version 2.32b:
|
|
Bernhard M. Wiedemann |
b204e0 |
- Added a check for AFL_HARDEN combined with AFL_USE_*SAN. Suggested by Hanno Boeck.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Made several other cosmetic adjustments to cycle timing in the wake of the big tweak made in 2.31b.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Version 2.31b:
|
|
Bernhard M. Wiedemann |
b204e0 |
- Changed havoc cycle counts for a marked performance boost, especially
|
|
Bernhard M. Wiedemann |
b204e0 |
with -S / -d. See the discussion of FidgetyAFL in:
|
|
Bernhard M. Wiedemann |
b204e0 |
https://groups.google.com/forum/#!topic/afl-users/fOPeb62FZUg
|
|
Bernhard M. Wiedemann |
b204e0 |
While this does not implement the approach proposed by the authors of
|
|
Bernhard M. Wiedemann |
b204e0 |
the CCS paper, the solution is a result of digging into that research;
|
|
Bernhard M. Wiedemann |
b204e0 |
more improvements may follow as I do more experiments and get more
|
|
Bernhard M. Wiedemann |
b204e0 |
definitive data.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Version 2.30b:
|
|
Bernhard M. Wiedemann |
b204e0 |
- Made minor improvements to persistent mode to avoid the remote
|
|
Bernhard M. Wiedemann |
b204e0 |
possibility of "no instrumentation detected" issues with very low
|
|
Bernhard M. Wiedemann |
b204e0 |
instrumentation densities.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Fixed a minor glitch with a leftover process in persistent mode.
|
|
Bernhard M. Wiedemann |
b204e0 |
Reported by Jakub Wilk and Daniel Stender.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Made persistent mode bitmaps a bit more consistent and adjusted the way
|
|
Bernhard M. Wiedemann |
b204e0 |
this is shown in the UI, especially in persistent mode.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Version 2.29b:
|
|
Bernhard M. Wiedemann |
b204e0 |
- Made a minor #include fix to llvm_mode. Suggested by Jonathan Metzman.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Made cosmetic updates to the docs.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Version 2.28b:
|
|
Bernhard M. Wiedemann |
b204e0 |
- Added "life pro tips" to docs/.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Moved testcases/_extras/ to dictionaries/ for visibility.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Made minor improvements to install scripts.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Added an important safety tip.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Version 2.27b:
|
|
Bernhard M. Wiedemann |
b204e0 |
- Added libtokencap, a simple feature to intercept strcmp / memcmp and
|
|
Bernhard M. Wiedemann |
b204e0 |
generate dictionary entries that can help extend coverage. (forwarded request 422107 from msmeissn)</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>422108</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="30" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>ca74e618a16398028a9ce8ecc6d24626</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.35b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1477219906</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>1</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>436567</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="31" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>d545fbda19625ba14aa6969b2f2ea031</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.39b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1486968575</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>- update to 2.39b:
|
|
Bernhard M. Wiedemann |
b204e0 |
- Improved error reporting in afl-cmin. Suggested by floyd.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Made a minor tweak to trace-pc-guard support. Suggested by kcc.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Added a mention of afl-monitor.
|
|
Bernhard M. Wiedemann |
b204e0 |
|
|
Bernhard M. Wiedemann |
b204e0 |
- update to 2.38b:
|
|
Bernhard M. Wiedemann |
b204e0 |
* Added -mllvm -sanitizer-coverage-block-threshold=0 to
|
|
Bernhard M. Wiedemann |
b204e0 |
trace-pc-guard mode
|
|
Bernhard M. Wiedemann |
b204e0 |
* Fixed a cosmetic bad free() bug when aborting -S sessions
|
|
Bernhard M. Wiedemann |
b204e0 |
* Made a small change to afl-whatsup to sort fuzzers by name.
|
|
Bernhard M. Wiedemann |
b204e0 |
* Fixed a minor issue with malloc(0) in libdislocator
|
|
Bernhard M. Wiedemann |
b204e0 |
* Changed the clobber pattern in libdislocator to a slightly more
|
|
Bernhard M. Wiedemann |
b204e0 |
reliable one
|
|
Bernhard M. Wiedemann |
b204e0 |
* Added a note about THP performance
|
|
Bernhard M. Wiedemann |
b204e0 |
* Added a somewhat unofficial support for running afl-tmin with a
|
|
Bernhard M. Wiedemann |
b204e0 |
baseline "mask" that causes it to minimize only for edges that
|
|
Bernhard M. Wiedemann |
b204e0 |
are unique to the input file, but not to the "boring" baseline.
|
|
Bernhard M. Wiedemann |
b204e0 |
* "Fixed" a getPassName() problem with never versions of clang.</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>455996</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="32" vrev="2">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>ec4b501d4c50da1313978bd08678ba18</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.39b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1489345471</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>1</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>477897</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="33" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>57752c02c42137ca7e6edf4480793ebc</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.41b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1492011470</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>maxlin_factory</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>- update to 2.41b:
|
|
Bernhard M. Wiedemann |
b204e0 |
- Addressed a major user complaint related to timeout detection. Timing out
|
|
Bernhard M. Wiedemann |
b204e0 |
inputs are now binned as "hangs" only if they exceed a far more generous
|
|
Bernhard M. Wiedemann |
b204e0 |
time limit than the one used to reject slow paths.
|
|
Bernhard M. Wiedemann |
b204e0 |
- update to 2.40b:
|
|
Bernhard M. Wiedemann |
b204e0 |
- Fixed a minor oversight in the insertion strategy for dictionary words.
|
|
Bernhard M. Wiedemann |
b204e0 |
Spotted by Andrzej Jackowski.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Made a small improvement to the havoc block insertion strategy.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Adjusted color rules for "is it done yet?" indicators.</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>487488</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="34" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>7fbfd8fecf54971d0c2b26aea9ec8610</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.44b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1499152240</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>afl 2.44b</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>507727</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="35" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>f2cd2248f217c48d48674fa270aca0a4</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.45b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1499598256</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>- update to 2.45b:
|
|
Bernhard M. Wiedemann |
b204e0 |
- Added strstr, strcasestr support to libtokencap. Contributed by
|
|
Bernhard M. Wiedemann |
b204e0 |
Daniel Hodson.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Fixed a resumption offset glitch spotted by Jakub Wilk.
|
|
Bernhard M. Wiedemann |
b204e0 |
- There are definitely no bugs in afl-showmap -c now.</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>508930</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="36" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>c8763e4829d04296667284a307c42eff</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.49b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1501067186</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>- Version 2.49b
|
|
Bernhard M. Wiedemann |
b204e0 |
- Added AFL_TMIN_EXACT to allow path constraint for crash minimization.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Added dates for releases (retroactively for all of 2017).
|
|
Bernhard M. Wiedemann |
b204e0 |
- Version 2.48b
|
|
Bernhard M. Wiedemann |
b204e0 |
- Added AFL_ALLOW_TMP to permit some scripts to run in /tmp.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Fixed cwd handling in afl-analyze (similar to the quirk in afl-tmin).
|
|
Bernhard M. Wiedemann |
b204e0 |
- Made it possible to point -o and -f to the same file in afl-tmin.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Version 2.47b
|
|
Bernhard M. Wiedemann |
b204e0 |
- Fixed cwd handling in afl-tmin. Spotted by Jakub Wilk.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Version 2.46b
|
|
Bernhard M. Wiedemann |
b204e0 |
- libdislocator now supports AFL_LD_NO_CALLOC_OVER for folks who do not
|
|
Bernhard M. Wiedemann |
b204e0 |
want to abort on calloc() overflows.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Made a minor fix to libtokencap. Reported by Daniel Stender.
|
|
Bernhard M. Wiedemann |
b204e0 |
- Added a small JSON dictionary, inspired on a dictionary done by Jakub Wilk. (forwarded request 512610 from msmeissn)</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>512611</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="37" vrev="2">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>b30044222b6c770b2a993257c0652100</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.49b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1501572313</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>maxlin_factory</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>- include docs/README</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>513056</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="38" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>e81fb0fea818447a41a6c11bab29df50</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.51b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1504521546</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment>afl 2.51b</comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>520490</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="39" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>ffd3bd2daa7929b375a62c97d54be750</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.52b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1510045241</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment></comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>539104</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="40" vrev="2">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>1871a0125bbbbb6474e1a968f1c1b524</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.52b</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1535705281</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment></comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>632354</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
<revision rev="41" vrev="1">
|
|
Bernhard M. Wiedemann |
b204e0 |
<srcmd5>0de895c49b90ed5dc6037cc2ea2af3a0</srcmd5>
|
|
Bernhard M. Wiedemann |
b204e0 |
<version>2.52c</version>
|
|
Bernhard M. Wiedemann |
b204e0 |
<time>1561405994</time>
|
|
Bernhard M. Wiedemann |
b204e0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
b204e0 |
<comment></comment>
|
|
Bernhard M. Wiedemann |
b204e0 |
<requestid>711649</requestid>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revision>
|
|
Bernhard M. Wiedemann |
86aab5 |
<revision rev="42" vrev="2">
|
|
Bernhard M. Wiedemann |
86aab5 |
<srcmd5>d6be61645c82848a72b5aaee4f163610</srcmd5>
|
|
Bernhard M. Wiedemann |
86aab5 |
<version>2.52c</version>
|
|
Bernhard M. Wiedemann |
86aab5 |
<time>1573044698</time>
|
|
Bernhard M. Wiedemann |
86aab5 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
86aab5 |
<comment></comment>
|
|
Bernhard M. Wiedemann |
86aab5 |
<requestid>739467</requestid>
|
|
Bernhard M. Wiedemann |
86aab5 |
</revision>
|
|
Bernhard M. Wiedemann |
e600a5 |
<revision rev="43" vrev="1">
|
|
Bernhard M. Wiedemann |
e600a5 |
<srcmd5>4bf57340ef562a229a5a1d27d3fe5723</srcmd5>
|
|
Bernhard M. Wiedemann |
e600a5 |
<version>2.58c</version>
|
|
Bernhard M. Wiedemann |
e600a5 |
<time>1574784126</time>
|
|
Bernhard M. Wiedemann |
e600a5 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
e600a5 |
<comment>- updated to 2.58c
|
|
Bernhard M. Wiedemann |
e600a5 |
- reverted patch to not unlink and recreate the input file, it resulted in performance loss of ~10%
|
|
Bernhard M. Wiedemann |
e600a5 |
- added test/test-performance.sh script
|
|
Bernhard M. Wiedemann |
e600a5 |
- (re)added gcc_plugin, fast inline instrumentation is not yet finished, however it includes the whitelisting and persistance feature! by hexcoder-
|
|
Bernhard M. Wiedemann |
e600a5 |
- gcc_plugin tests added to testing framework
|
|
Bernhard M. Wiedemann |
e600a5 |
- jump to 2.57 instead of 2.55 to catch up with Google's versioning
|
|
Bernhard M. Wiedemann |
e600a5 |
- persistent mode for QEMU (see qemu_mode/README.md)
|
|
Bernhard M. Wiedemann |
e600a5 |
- custom mutator library is now an additional mutator, to exclusivly use it
|
|
Bernhard M. Wiedemann |
e600a5 |
- add AFL_CUSTOM_MUTATOR_ONLY (that will trigger the previous behaviour)
|
|
Bernhard M. Wiedemann |
e600a5 |
- new library qemu_mode/unsigaction which filters sigaction events
|
|
Bernhard M. Wiedemann |
e600a5 |
- afl-fuzz: new command line option -I to execute a command on a new crash
|
|
Bernhard M. Wiedemann |
e600a5 |
- no more unlinking the input file, this way the input file can also be a
|
|
Bernhard M. Wiedemann |
e600a5 |
- FIFO or disk partition
|
|
Bernhard M. Wiedemann |
e600a5 |
- setting LLVM_CONFIG for llvm_mode will now again switch to the selected
|
|
Bernhard M. Wiedemann |
e600a5 |
- llvm version. If your setup is correct.
|
|
Bernhard M. Wiedemann |
e600a5 |
- fuzzing strategy yields for custom mutator were missing from the UI, added them :)
|
|
Bernhard M. Wiedemann |
e600a5 |
- added "make tests" which will perform checks to see that all functionality
|
|
Bernhard M. Wiedemann |
e600a5 |
- is working as expected. this is currently the starting point, its not complete :)
|
|
Bernhard M. Wiedemann |
e600a5 |
- added mutation documentation feature ("make document"), creates afl-fuzz-document
|
|
Bernhard M. Wiedemann |
e600a5 |
- and saves all mutations of the first run on the first file into out/queue/mutations
|
|
Bernhard M. Wiedemann |
e600a5 |
- libtokencap and libdislocator now compile to the afl_root directory and are
|
|
Bernhard M. Wiedemann |
e600a5 |
- installed to the .../lib/afl directory when present during make install
|
|
Bernhard M. Wiedemann |
e600a5 |
- more BSD support, e.g. free CPU binding code for FreeBSD (thanks to devnexen)
|
|
Bernhard M. Wiedemann |
e600a5 |
- reducing duplicate code in afl-fuzz
|
|
Bernhard M. Wiedemann |
e600a5 |
- added "make help"
|
|
Bernhard M. Wiedemann |
e600a5 |
- removed compile warnings from python internal stuff
|
|
Bernhard M. Wiedemann |
e600a5 |
- added man page for afl-clang-fast[++]
|
|
Bernhard M. Wiedemann |
e600a5 |
- updated documentation
|
|
Bernhard M. Wiedemann |
e600a5 |
- Wine mode to run Win32 binaries with the QEMU instrumentation (-W)
|
|
Bernhard M. Wiedemann |
e600a5 |
- CompareCoverage for ARM target in QEMU/Unicorn</comment>
|
|
Bernhard M. Wiedemann |
e600a5 |
<requestid>750847</requestid>
|
|
Bernhard M. Wiedemann |
e600a5 |
</revision>
|
|
Bernhard M. Wiedemann |
084487 |
<revision rev="44" vrev="1">
|
|
Bernhard M. Wiedemann |
084487 |
<srcmd5>2ac8241680c609af39976da23e77e454</srcmd5>
|
|
Bernhard M. Wiedemann |
084487 |
<version>2.59c</version>
|
|
Bernhard M. Wiedemann |
084487 |
<time>1577536833</time>
|
|
Bernhard M. Wiedemann |
084487 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
084487 |
<comment>- updated to 2.59c
|
|
Bernhard M. Wiedemann |
084487 |
- qbdi_mode: fuzz android native libraries via QBDI framework
|
|
Bernhard M. Wiedemann |
084487 |
- unicorn_mode: switched to the new unicornafl, thanks domenukk
|
|
Bernhard M. Wiedemann |
084487 |
(see https://github.com/vanhauser-thc/unicorn)
|
|
Bernhard M. Wiedemann |
084487 |
- afl-fuzz:
|
|
Bernhard M. Wiedemann |
084487 |
- added radamsa as (an optional) mutator stage (-R[R])
|
|
Bernhard M. Wiedemann |
084487 |
- added -u command line option to not unlink the fuzz input file
|
|
Bernhard M. Wiedemann |
084487 |
- Python3 support (autodetect)
|
|
Bernhard M. Wiedemann |
084487 |
- AFL_DISABLE_TRIM env var to disable the trim stage
|
|
Bernhard M. Wiedemann |
084487 |
- CPU affinity support for DragonFly
|
|
Bernhard M. Wiedemann |
084487 |
- llvm_mode:
|
|
Bernhard M. Wiedemann |
084487 |
- float splitting is now configured via AFL_LLVM_LAF_SPLIT_FLOATS
|
|
Bernhard M. Wiedemann |
084487 |
- support for llvm 10 included now (thanks to devnexen)
|
|
Bernhard M. Wiedemann |
084487 |
- libtokencap:
|
|
Bernhard M. Wiedemann |
084487 |
- support for *BSD/OSX/Dragonfly added
|
|
Bernhard M. Wiedemann |
084487 |
- hook common *cmp functions from widely used libraries
|
|
Bernhard M. Wiedemann |
084487 |
- compcov:
|
|
Bernhard M. Wiedemann |
084487 |
- hook common *cmp functions from widely used libraries
|
|
Bernhard M. Wiedemann |
084487 |
- floating point splitting support for QEMU on x86 targets
|
|
Bernhard M. Wiedemann |
084487 |
- qemu_mode: AFL_QEMU_DISABLE_CACHE env to disable QEMU TranslationBlocks caching
|
|
Bernhard M. Wiedemann |
084487 |
- afl-analyze: added AFL_SKIP_BIN_CHECK support
|
|
Bernhard M. Wiedemann |
084487 |
- better random numbers for gcc_plugin and llvm_mode (thanks to devnexen)
|
|
Bernhard M. Wiedemann |
084487 |
- Dockerfile by courtesy of devnexen
|
|
Bernhard M. Wiedemann |
084487 |
- added regex.dictionary
|
|
Bernhard M. Wiedemann |
084487 |
- qemu and unicorn download scripts now try to download until the full
|
|
Bernhard M. Wiedemann |
084487 |
download succeeded. f*ckin travis fails downloading 40% of the time!
|
|
Bernhard M. Wiedemann |
084487 |
- more support for Android (please test!)
|
|
Bernhard M. Wiedemann |
084487 |
- added the few Android stuff we didnt have already from Google afl repository
|
|
Bernhard M. Wiedemann |
084487 |
- removed unnecessary warnings (forwarded request 759706 from msmeissn)</comment>
|
|
Bernhard M. Wiedemann |
084487 |
<requestid>759716</requestid>
|
|
Bernhard M. Wiedemann |
084487 |
</revision>
|
|
Bernhard M. Wiedemann |
c80802 |
<revision rev="45" vrev="1">
|
|
Bernhard M. Wiedemann |
c80802 |
<srcmd5>dc62c5d029166820085bdafeab147fef</srcmd5>
|
|
Bernhard M. Wiedemann |
c80802 |
<version>2.60c</version>
|
|
Bernhard M. Wiedemann |
c80802 |
<time>1578069437</time>
|
|
Bernhard M. Wiedemann |
c80802 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
c80802 |
<comment></comment>
|
|
Bernhard M. Wiedemann |
c80802 |
<requestid>760476</requestid>
|
|
Bernhard M. Wiedemann |
c80802 |
</revision>
|
|
Bernhard M. Wiedemann |
cd3887 |
<revision rev="46" vrev="2">
|
|
Bernhard M. Wiedemann |
cd3887 |
<srcmd5>f655dde382beeff468c32a9960dd3af6</srcmd5>
|
|
Bernhard M. Wiedemann |
cd3887 |
<version>2.60c</version>
|
|
Bernhard M. Wiedemann |
cd3887 |
<time>1581368024</time>
|
|
Bernhard M. Wiedemann |
cd3887 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
cd3887 |
<comment>- added radamsa mutator (forwarded request 772507 from msmeissn)</comment>
|
|
Bernhard M. Wiedemann |
cd3887 |
<requestid>772508</requestid>
|
|
Bernhard M. Wiedemann |
cd3887 |
</revision>
|
|
Bernhard M. Wiedemann |
7dcbe3 |
<revision rev="47" vrev="1">
|
|
Bernhard M. Wiedemann |
7dcbe3 |
<srcmd5>63e3900a53a741e64b0c699a730d5ac1</srcmd5>
|
|
Bernhard M. Wiedemann |
7dcbe3 |
<version>2.61c</version>
|
|
Bernhard M. Wiedemann |
7dcbe3 |
<time>1582725849</time>
|
|
Bernhard M. Wiedemann |
7dcbe3 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
7dcbe3 |
<comment>- updated to 2.61c
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- use -march=native if available
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- most tools now check for mistyped environment variables
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- gcc 10 is now supported
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- the memory safety checks are now disabled for a little more speed during
|
|
Bernhard M. Wiedemann |
7dcbe3 |
fuzzing (only affects creating queue entries), can be toggled in config.h
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- afl-fuzz:
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- MOpt out of bounds writing crash fixed
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- now prints the real python version support compiled in
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- set stronger performance compile options and little tweaks
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- Android: prefer bigcores when selecting a CPU
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- CmpLog forkserver
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- Redqueen input-2-state mutator (cmp instructions only ATM)
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- all Python 2+3 versions supported now
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- changed execs_per_sec in fuzzer_stats from "current" execs per second
|
|
Bernhard M. Wiedemann |
7dcbe3 |
(which is pointless) to total execs per second
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- bugfix for dictionary insert stage count (fix via Google repo PR)
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- added warning if -M is used together with custom mutators with _ONLY option
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- AFL_TMPDIR checks are now later and better explained if they fail
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- llvm_mode
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- InsTrim: three bug fixes:
|
|
Bernhard M. Wiedemann |
7dcbe3 |
1. (minor) no pointless instrumentation of 1 block functions
|
|
Bernhard M. Wiedemann |
7dcbe3 |
2. (medium) path bug that leads a few blocks not instrumented that
|
|
Bernhard M. Wiedemann |
7dcbe3 |
should be
|
|
Bernhard M. Wiedemann |
7dcbe3 |
3. (major) incorrect prev_loc was written, fixed!
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- afl-clang-fast:
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- show in the help output for which llvm version it was compiled for
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- now does not need to be recompiled between trace-pc and pass
|
|
Bernhard M. Wiedemann |
7dcbe3 |
instrumentation. compile normally and set AFL_LLVM_USE_TRACE_PC :)
|
|
Bernhard M. Wiedemann |
7dcbe3 |
- LLVM 11 is supported (forwarded request 779147 from msmeissn)</comment>
|
|
Bernhard M. Wiedemann |
7dcbe3 |
<requestid>779153</requestid>
|
|
Bernhard M. Wiedemann |
7dcbe3 |
</revision>
|
|
Bernhard M. Wiedemann |
5c5c65 |
<revision rev="48" vrev="1">
|
|
Bernhard M. Wiedemann |
5c5c65 |
<srcmd5>12174eb19eb75b29865e72462865b2e7</srcmd5>
|
|
Bernhard M. Wiedemann |
5c5c65 |
<version>2.62c</version>
|
|
Bernhard M. Wiedemann |
5c5c65 |
<time>1583007859</time>
|
|
Bernhard M. Wiedemann |
5c5c65 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
5c5c65 |
<comment>- updated to 2.62c
|
|
Bernhard M. Wiedemann |
5c5c65 |
- Important fix for memory allocation functions that result in afl-fuzz not identifying crashes - UPDATE!
|
|
Bernhard M. Wiedemann |
5c5c65 |
- Small fix for -E/-V to release the CPU
|
|
Bernhard M. Wiedemann |
5c5c65 |
- CmpLog does not need sancov anymore (forwarded request 780290 from msmeissn)</comment>
|
|
Bernhard M. Wiedemann |
5c5c65 |
<requestid>780291</requestid>
|
|
Bernhard M. Wiedemann |
5c5c65 |
</revision>
|
|
Bernhard M. Wiedemann |
4187e6 |
<revision rev="49" vrev="1">
|
|
Bernhard M. Wiedemann |
4187e6 |
<srcmd5>c1e019cfa9df801847804e1ddb8d7f90</srcmd5>
|
|
Bernhard M. Wiedemann |
4187e6 |
<version>2.63c</version>
|
|
Bernhard M. Wiedemann |
4187e6 |
<time>1586775224</time>
|
|
Bernhard M. Wiedemann |
4187e6 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
4187e6 |
<comment>- updated to 2.63c
|
|
Bernhard M. Wiedemann |
4187e6 |
- all:
|
|
Bernhard M. Wiedemann |
4187e6 |
- big code changes to make afl-fuzz thread-safe so afl-fuzz can spawn
|
|
Bernhard M. Wiedemann |
4187e6 |
multiple fuzzing threads in the future or even become a library
|
|
Bernhard M. Wiedemann |
4187e6 |
- afl basic tools now report on the environment variables picked up
|
|
Bernhard M. Wiedemann |
4187e6 |
- more tools get environment variable usage info in the help output
|
|
Bernhard M. Wiedemann |
4187e6 |
- force all output to stdout (some OK/SAY/WARN messages were sent to
|
|
Bernhard M. Wiedemann |
4187e6 |
stdout, some to stderr)
|
|
Bernhard M. Wiedemann |
4187e6 |
- uninstrumented mode uses an internal forkserver ("fauxserver")
|
|
Bernhard M. Wiedemann |
4187e6 |
- now builds with `-D_FORTIFY_SOURCE=2`
|
|
Bernhard M. Wiedemann |
4187e6 |
- drastically reduced number of (de)allocations during fuzzing
|
|
Bernhard M. Wiedemann |
4187e6 |
- afl-fuzz:
|
|
Bernhard M. Wiedemann |
4187e6 |
- python mutator modules and custom mutator modules now use the same
|
|
Bernhard M. Wiedemann |
4187e6 |
interface and hence the API changed
|
|
Bernhard M. Wiedemann |
4187e6 |
- AFL_AUTORESUME will resume execution without the need to specify `-i -`
|
|
Bernhard M. Wiedemann |
4187e6 |
- added experimental power schedules (-p):
|
|
Bernhard M. Wiedemann |
4187e6 |
- mmopt: ignores runtime of queue entries, gives higher weighting to
|
|
Bernhard M. Wiedemann |
4187e6 |
the last 5 queue entries
|
|
Bernhard M. Wiedemann |
4187e6 |
- rare: puts focus on queue entries that hits rare branches, also ignores
|
|
Bernhard M. Wiedemann |
4187e6 |
runtime
|
|
Bernhard M. Wiedemann |
4187e6 |
- llvm_mode:
|
|
Bernhard M. Wiedemann |
4187e6 |
- added SNAPSHOT feature (using https://github.com/AFLplusplus/AFL-Snapshot-LKM)
|
|
Bernhard M. Wiedemann |
4187e6 |
- added Control Flow Integrity sanitizer (AFL_USE_CFISAN)
|
|
Bernhard M. Wiedemann |
4187e6 |
- added AFL_LLVM_INSTRUMENT option to control the instrumentation type
|
|
Bernhard M. Wiedemann |
4187e6 |
easier: DEFAULT, CFG (INSTRIM), LTO, CTX, NGRAM-x (x=2-16)
|
|
Bernhard M. Wiedemann |
4187e6 |
- made USE_TRACE_PC compile obsolete
|
|
Bernhard M. Wiedemann |
4187e6 |
- LTO collision free instrumented added in llvm_mode with afl-clang-lto -
|
|
Bernhard M. Wiedemann |
4187e6 |
note that this mode is amazing, but quite some targets won't compile
|
|
Bernhard M. Wiedemann |
4187e6 |
- Added llvm_mode NGRAM prev_loc coverage by Adrean Herrera
|
|
Bernhard M. Wiedemann |
4187e6 |
(https://github.com/adrianherrera/afl-ngram-pass/), activate by setting (forwarded request 793419 from msmeissn)</comment>
|
|
Bernhard M. Wiedemann |
4187e6 |
<requestid>793420</requestid>
|
|
Bernhard M. Wiedemann |
4187e6 |
</revision>
|
|
Bernhard M. Wiedemann |
8e41b9 |
<revision rev="50" vrev="1">
|
|
Bernhard M. Wiedemann |
8e41b9 |
<srcmd5>7177d2669cf97ea3db88bea694772887</srcmd5>
|
|
Bernhard M. Wiedemann |
8e41b9 |
<version>2.64c</version>
|
|
Bernhard M. Wiedemann |
8e41b9 |
<time>1587467530</time>
|
|
Bernhard M. Wiedemann |
8e41b9 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
8e41b9 |
<comment>- updated to 2.64c
|
|
Bernhard M. Wiedemann |
8e41b9 |
- llvm_mode LTO mode:
|
|
Bernhard M. Wiedemann |
8e41b9 |
- now requires llvm11 - but compiles all targets! :)
|
|
Bernhard M. Wiedemann |
8e41b9 |
- autodictionary feature added, enable with `AFL_LLVM_LTO_AUTODICTIONARY`
|
|
Bernhard M. Wiedemann |
8e41b9 |
- variable map size usage
|
|
Bernhard M. Wiedemann |
8e41b9 |
- afl-fuzz:
|
|
Bernhard M. Wiedemann |
8e41b9 |
- variable map size support added (only LTO mode can use this)
|
|
Bernhard M. Wiedemann |
8e41b9 |
- snapshot feature usage now visible in UI
|
|
Bernhard M. Wiedemann |
8e41b9 |
- Now setting `-L -1` will enable MOpt in parallel to normal mutation.
|
|
Bernhard M. Wiedemann |
8e41b9 |
Additionally, this allows to run dictionaries, radamsa and cmplog.
|
|
Bernhard M. Wiedemann |
8e41b9 |
- fix for cmplog/redqueen mode if stdin was used
|
|
Bernhard M. Wiedemann |
8e41b9 |
- fix for writing a better plot_data file
|
|
Bernhard M. Wiedemann |
8e41b9 |
- qemu_mode: fix for persistent mode (which would not terminate or get stuck)
|
|
Bernhard M. Wiedemann |
8e41b9 |
- compare-transform/AFL_LLVM_LAF_TRANSFORM_COMPARES now transforms also
|
|
Bernhard M. Wiedemann |
8e41b9 |
static global and local variable comparisons (cannot find all though)
|
|
Bernhard M. Wiedemann |
8e41b9 |
- extended forkserver: map_size and more information is communicated to
|
|
Bernhard M. Wiedemann |
8e41b9 |
afl-fuzz (and afl-fuzz acts accordingly)
|
|
Bernhard M. Wiedemann |
8e41b9 |
- new environment variable: AFL_MAP_SIZE to specify the size of the shared map
|
|
Bernhard M. Wiedemann |
8e41b9 |
- if AFL_CC/AFL_CXX is set but empty afl compilers did fail, fixed
|
|
Bernhard M. Wiedemann |
8e41b9 |
(this bug is in vanilla afl too)
|
|
Bernhard M. Wiedemann |
8e41b9 |
- added NO_PYTHON flag to disable python support when building afl-fuzz
|
|
Bernhard M. Wiedemann |
8e41b9 |
- more refactoring (forwarded request 795493 from msmeissn)</comment>
|
|
Bernhard M. Wiedemann |
8e41b9 |
<requestid>795494</requestid>
|
|
Bernhard M. Wiedemann |
8e41b9 |
</revision>
|
|
Bernhard M. Wiedemann |
042a36 |
<revision rev="51" vrev="1">
|
|
Bernhard M. Wiedemann |
042a36 |
<srcmd5>77fa9af715afae54a2165c47f7927dbb</srcmd5>
|
|
Bernhard M. Wiedemann |
042a36 |
<version>2.65c</version>
|
|
Bernhard M. Wiedemann |
042a36 |
<time>1589579541</time>
|
|
Bernhard M. Wiedemann |
042a36 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
042a36 |
<comment>- updated to 2.65c
|
|
Bernhard M. Wiedemann |
042a36 |
- afl-fuzz:
|
|
Bernhard M. Wiedemann |
042a36 |
- AFL_MAP_SIZE was not working correctly
|
|
Bernhard M. Wiedemann |
042a36 |
- better python detection
|
|
Bernhard M. Wiedemann |
042a36 |
- an old, old bug in afl that would show negative stability in rare
|
|
Bernhard M. Wiedemann |
042a36 |
circumstances is now hopefully fixed
|
|
Bernhard M. Wiedemann |
042a36 |
- AFL_POST_LIBRARY was deprecated, use AFL_CUSTOM_MUTATOR_LIBRARY
|
|
Bernhard M. Wiedemann |
042a36 |
instead (see docs/custom_mutators.md)
|
|
Bernhard M. Wiedemann |
042a36 |
- llvm_mode:
|
|
Bernhard M. Wiedemann |
042a36 |
- afl-clang-fast/lto now do not skip single block functions. This
|
|
Bernhard M. Wiedemann |
042a36 |
behaviour can be reactivated with AFL_LLVM_SKIPSINGLEBLOCK
|
|
Bernhard M. Wiedemann |
042a36 |
- if LLVM 11 is installed the posix shm_open+mmap is used and a fixed
|
|
Bernhard M. Wiedemann |
042a36 |
address for the shared memory map is used as this increases the
|
|
Bernhard M. Wiedemann |
042a36 |
fuzzing speed
|
|
Bernhard M. Wiedemann |
042a36 |
- InsTrim now has an LTO version! :-) That is the best and fastest mode!
|
|
Bernhard M. Wiedemann |
042a36 |
- fixes to LTO mode if instrumented edges > MAP_SIZE
|
|
Bernhard M. Wiedemann |
042a36 |
- CTX and NGRAM can now be used together
|
|
Bernhard M. Wiedemann |
042a36 |
- CTX and NGRAM are now also supported in CFG/INSTRIM mode
|
|
Bernhard M. Wiedemann |
042a36 |
- AFL_LLVM_LAF_TRANSFORM_COMPARES could crash, fixed
|
|
Bernhard M. Wiedemann |
042a36 |
- added AFL_LLVM_SKIP_NEVERZERO to skip the never zero coverage counter
|
|
Bernhard M. Wiedemann |
042a36 |
implementation. For targets with few or no loops or heavily called
|
|
Bernhard M. Wiedemann |
042a36 |
functions. Gives a small performance boost.
|
|
Bernhard M. Wiedemann |
042a36 |
- qemu_mode:
|
|
Bernhard M. Wiedemann |
042a36 |
- add information on PIE/PIC load addresses for 32 bit
|
|
Bernhard M. Wiedemann |
042a36 |
- better dependency checks
|
|
Bernhard M. Wiedemann |
042a36 |
- gcc_plugin:
|
|
Bernhard M. Wiedemann |
042a36 |
- better dependency checks
|
|
Bernhard M. Wiedemann |
042a36 |
- unicorn_mode:
|
|
Bernhard M. Wiedemann |
042a36 |
- validate_crash_callback can now count non-crashing inputs as crash as well
|
|
Bernhard M. Wiedemann |
042a36 |
- better submodule handling (forwarded request 805785 from msmeissn)</comment>
|
|
Bernhard M. Wiedemann |
042a36 |
<requestid>805787</requestid>
|
|
Bernhard M. Wiedemann |
042a36 |
</revision>
|
|
Bernhard M. Wiedemann |
9364c0 |
<revision rev="52" vrev="1">
|
|
Bernhard M. Wiedemann |
9364c0 |
<srcmd5>6d99881c19893bc5910837898b7ee0b9</srcmd5>
|
|
Bernhard M. Wiedemann |
9364c0 |
<version>2.66c</version>
|
|
Bernhard M. Wiedemann |
9364c0 |
<time>1593728035</time>
|
|
Bernhard M. Wiedemann |
9364c0 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
9364c0 |
<comment>- updated to 2.66c
|
|
Bernhard M. Wiedemann |
9364c0 |
- renamed blacklist/whitelist to ignorelist/instrumentlist ->
|
|
Bernhard M. Wiedemann |
9364c0 |
AFL_LLVM_INSTRUMENT_FILE and AFL_GCC_INSTRUMENT_FILE
|
|
Bernhard M. Wiedemann |
9364c0 |
- warn on deprecated environment variables
|
|
Bernhard M. Wiedemann |
9364c0 |
- afl-fuzz:
|
|
Bernhard M. Wiedemann |
9364c0 |
- -S secondary nodes now only sync from the main node to increase
|
|
Bernhard M. Wiedemann |
9364c0 |
performance, the -M main node still syncs from everyone. Added checks
|
|
Bernhard M. Wiedemann |
9364c0 |
that ensure exactly one main node is present and warn otherwise
|
|
Bernhard M. Wiedemann |
9364c0 |
- Add -D after -S to force a secondary to perform deterministic fuzzing
|
|
Bernhard M. Wiedemann |
9364c0 |
- If no main node is present at a sync one secondary node automatically
|
|
Bernhard M. Wiedemann |
9364c0 |
becomes a temporary main node until a real main nodes shows up
|
|
Bernhard M. Wiedemann |
9364c0 |
- Fixed a mayor performance issue we inherited from AFLfast
|
|
Bernhard M. Wiedemann |
9364c0 |
- switched murmur2 hashing and random() for xxh3 and xoshiro256**,
|
|
Bernhard M. Wiedemann |
9364c0 |
resulting in an up to 5.5% speed increase
|
|
Bernhard M. Wiedemann |
9364c0 |
- Resizing the window does not crash afl-fuzz anymore
|
|
Bernhard M. Wiedemann |
9364c0 |
- Ensure that the targets are killed on exit
|
|
Bernhard M. Wiedemann |
9364c0 |
- fix/update to MOpt (thanks to arnow117)
|
|
Bernhard M. Wiedemann |
9364c0 |
- added MOpt dictionary support from repo
|
|
Bernhard M. Wiedemann |
9364c0 |
- added experimental SEEK power schedule. It is EXPLORE with ignoring
|
|
Bernhard M. Wiedemann |
9364c0 |
the runtime and less focus on the length of the test case
|
|
Bernhard M. Wiedemann |
9364c0 |
- llvm_mode:
|
|
Bernhard M. Wiedemann |
9364c0 |
- the default instrumentation is now PCGUARD if the llvm version is >= 7,
|
|
Bernhard M. Wiedemann |
9364c0 |
as it is faster and provides better coverage. The original afl
|
|
Bernhard M. Wiedemann |
9364c0 |
instrumentation can be set via AFL_LLVM_INSTRUMENT=AFL. This is
|
|
Bernhard M. Wiedemann |
9364c0 |
automatically done when the instrument_file list feature is used.
|
|
Bernhard M. Wiedemann |
9364c0 |
- PCGUARD mode is now even better because we made it collision free - plus
|
|
Bernhard M. Wiedemann |
9364c0 |
it has a fixed map size, so it is also faster! :)
|
|
Bernhard M. Wiedemann |
9364c0 |
- some targets want a ld variant for LD that is not gcc/clang but ld,
|
|
Bernhard M. Wiedemann |
9364c0 |
added afl-ld-lto to solve this
|
|
Bernhard M. Wiedemann |
9364c0 |
- lowered minimum required llvm version to 3.4 (except LLVMInsTrim, which (forwarded request 818318 from msmeissn)</comment>
|
|
Bernhard M. Wiedemann |
9364c0 |
<requestid>818325</requestid>
|
|
Bernhard M. Wiedemann |
9364c0 |
</revision>
|
|
Bernhard M. Wiedemann |
2f3b9c |
<revision rev="53" vrev="1">
|
|
Bernhard M. Wiedemann |
2f3b9c |
<srcmd5>1cba31032ea50e49bea977cf0420b80b</srcmd5>
|
|
Bernhard M. Wiedemann |
2f3b9c |
<version>2.67c</version>
|
|
Bernhard M. Wiedemann |
2f3b9c |
<time>1597856472</time>
|
|
Bernhard M. Wiedemann |
2f3b9c |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
2f3b9c |
<comment>- updated to 2.67c
|
|
Bernhard M. Wiedemann |
2f3b9c |
- Support for improved afl++ snapshot module:
|
|
Bernhard M. Wiedemann |
2f3b9c |
https://github.com/AFLplusplus/AFL-Snapshot-LKM
|
|
Bernhard M. Wiedemann |
2f3b9c |
- Due to the instrumentation needing more memory, the initial memory sizes
|
|
Bernhard M. Wiedemann |
2f3b9c |
for -m have been increased
|
|
Bernhard M. Wiedemann |
2f3b9c |
- afl-fuzz:
|
|
Bernhard M. Wiedemann |
2f3b9c |
- added -F option to allow -M main fuzzers to sync to foreign fuzzers,
|
|
Bernhard M. Wiedemann |
2f3b9c |
e.g. honggfuzz or libfuzzer
|
|
Bernhard M. Wiedemann |
2f3b9c |
- added -b option to bind to a specific CPU
|
|
Bernhard M. Wiedemann |
2f3b9c |
- eliminated CPU affinity race condition for -S/-M runs
|
|
Bernhard M. Wiedemann |
2f3b9c |
- expanded havoc mode added, on no cycle finds add extra splicing and
|
|
Bernhard M. Wiedemann |
2f3b9c |
MOpt into the mix
|
|
Bernhard M. Wiedemann |
2f3b9c |
- fixed a bug in redqueen for strings and made deterministic with -s
|
|
Bernhard M. Wiedemann |
2f3b9c |
- llvm_mode:
|
|
Bernhard M. Wiedemann |
2f3b9c |
- now supports llvm 12
|
|
Bernhard M. Wiedemann |
2f3b9c |
- support for AFL_LLVM_ALLOWLIST/AFL_LLVM_DENYLIST (previous
|
|
Bernhard M. Wiedemann |
2f3b9c |
AFL_LLVM_WHITELIST and AFL_LLVM_INSTRUMENT_FILE are deprecated and
|
|
Bernhard M. Wiedemann |
2f3b9c |
are matched to AFL_LLVM_ALLOWLIST). The format is compatible to llvm
|
|
Bernhard M. Wiedemann |
2f3b9c |
sancov, and also supports function matching :)
|
|
Bernhard M. Wiedemann |
2f3b9c |
- added neverzero counting to trace-pc/pcgard
|
|
Bernhard M. Wiedemann |
2f3b9c |
- fixes for laf-intel float splitting (thanks to mark-griffin for
|
|
Bernhard M. Wiedemann |
2f3b9c |
reporting)
|
|
Bernhard M. Wiedemann |
2f3b9c |
- fixes for llvm 4.0
|
|
Bernhard M. Wiedemann |
2f3b9c |
- skipping ctors and ifuncs for instrumentation
|
|
Bernhard M. Wiedemann |
2f3b9c |
- LTO: switch default to the dynamic memory map, set AFL_LLVM_MAP_ADDR
|
|
Bernhard M. Wiedemann |
2f3b9c |
for a fixed map address (eg. 0x10000)
|
|
Bernhard M. Wiedemann |
2f3b9c |
- LTO: improved stability for persistent mode, no other instrumentation
|
|
Bernhard M. Wiedemann |
2f3b9c |
has that advantage
|
|
Bernhard M. Wiedemann |
2f3b9c |
- LTO: fixed autodict for long strings
|
|
Bernhard M. Wiedemann |
2f3b9c |
- LTO: laf-intel and redqueen/cmplog are now applied at link time (forwarded request 827912 from msmeissn)</comment>
|
|
Bernhard M. Wiedemann |
2f3b9c |
<requestid>827914</requestid>
|
|
Bernhard M. Wiedemann |
2f3b9c |
</revision>
|
|
Bernhard M. Wiedemann |
e3a247 |
<revision rev="54" vrev="1">
|
|
Bernhard M. Wiedemann |
e3a247 |
<srcmd5>0d026e50ed9e20f66a5e81c74c77b911</srcmd5>
|
|
Bernhard M. Wiedemann |
e3a247 |
<version>2.68c</version>
|
|
Bernhard M. Wiedemann |
e3a247 |
<time>1599421061</time>
|
|
Bernhard M. Wiedemann |
e3a247 |
<user>dimstar_suse</user>
|
|
Bernhard M. Wiedemann |
e3a247 |
<comment>- updated to 2.68c
|
|
Bernhard M. Wiedemann |
e3a247 |
- added the GSoC excellent afl++ grammar mutator by Shengtuo to our
|
|
Bernhard M. Wiedemann |
e3a247 |
custom_mutators/ (see custom_mutators/README.md) - or get it here:
|
|
Bernhard M. Wiedemann |
e3a247 |
https://github.com/AFLplusplus/Grammar-Mutator
|
|
Bernhard M. Wiedemann |
e3a247 |
- a few QOL changes for Apple and its outdated gmake
|
|
Bernhard M. Wiedemann |
e3a247 |
- afl-fuzz:
|
|
Bernhard M. Wiedemann |
e3a247 |
- fix for auto dictionary entries found during fuzzing to not throw out
|
|
Bernhard M. Wiedemann |
e3a247 |
a -x dictionary
|
|
Bernhard M. Wiedemann |
e3a247 |
- added total execs done to plot file
|
|
Bernhard M. Wiedemann |
e3a247 |
- AFL_MAX_DET_EXTRAS env variable added to control the amount of
|
|
Bernhard M. Wiedemann |
e3a247 |
deterministic dict entries without recompiling.
|
|
Bernhard M. Wiedemann |
e3a247 |
- AFL_FORKSRV_INIT_TMOUT env variable added to control the time to wait
|
|
Bernhard M. Wiedemann |
e3a247 |
for the forkserver to come up without the need to increase the overall
|
|
Bernhard M. Wiedemann |
e3a247 |
timeout.
|
|
Bernhard M. Wiedemann |
e3a247 |
- bugfix for cmplog that results in a heap overflow based on target data
|
|
Bernhard M. Wiedemann |
e3a247 |
(thanks to the magma team for reporting!)
|
|
Bernhard M. Wiedemann |
e3a247 |
- write fuzzing setup into out/fuzzer_setup (environment variables and
|
|
Bernhard M. Wiedemann |
e3a247 |
command line)
|
|
Bernhard M. Wiedemann |
e3a247 |
- custom mutators:
|
|
Bernhard M. Wiedemann |
e3a247 |
- added afl_custom_fuzz_count/fuzz_count function to allow specifying
|
|
Bernhard M. Wiedemann |
e3a247 |
the number of fuzz attempts for custom_fuzz
|
|
Bernhard M. Wiedemann |
e3a247 |
- llvm_mode:
|
|
Bernhard M. Wiedemann |
e3a247 |
- ported SanCov to LTO, and made it the default for LTO. better
|
|
Bernhard M. Wiedemann |
e3a247 |
instrumentation locations
|
|
Bernhard M. Wiedemann |
e3a247 |
- Further llvm 12 support (fast moving target like afl++ :-) )
|
|
Bernhard M. Wiedemann |
e3a247 |
- deprecated LLVM SKIPSINGLEBLOCK env environment (forwarded request 832521 from msmeissn)</comment>
|
|
Bernhard M. Wiedemann |
e3a247 |
<requestid>832522</requestid>
|
|
Bernhard M. Wiedemann |
e3a247 |
</revision>
|
|
|
837015 |
<revision rev="55" vrev="1">
|
|
|
837015 |
<srcmd5>7721aeac5ea266c415b704bdd11ad916</srcmd5>
|
|
|
837015 |
<version>3.0c</version>
|
|
|
837015 |
<time>1608112838</time>
|
|
|
837015 |
<user>dimstar_suse</user>
|
|
|
837015 |
<comment>- updated to 3.0c
|
|
|
837015 |
- llvm_mode/ and gcc_plugin/ moved to instrumentation/
|
|
|
837015 |
- examples/ renamed to utils/
|
|
|
837015 |
- moved libdislocator, libtokencap and qdbi_mode to utils/
|
|
|
837015 |
- all compilers combined to afl-cc which emulates the previous ones
|
|
|
837015 |
- afl-llvm/gcc-rt.o merged into afl-compiler-rt.o
|
|
|
837015 |
- afl-fuzz
|
|
|
837015 |
- not specifying -M or -S will now auto-set "-S default"
|
|
|
837015 |
- deterministic fuzzing is now disabled by default and can be enabled with
|
|
|
837015 |
-D. It is still enabled by default for -M.
|
|
|
837015 |
- a new seed selection was implemented that uses weighted randoms based on
|
|
|
837015 |
a schedule performance score, which is much better that the previous
|
|
|
837015 |
walk the whole queue approach. Select the old mode with -Z (auto enabled
|
|
|
837015 |
with -M)
|
|
|
837015 |
- Marcel Boehme submitted a patch that improves all AFFast schedules :)
|
|
|
837015 |
- the default schedule is now FAST
|
|
|
837015 |
- memory limits are now disabled by default, set them with -m if required
|
|
|
837015 |
- rpc.statsd support, for stats and charts, by Edznux, thanks a lot!
|
|
|
837015 |
- reading testcases from -i now descends into subdirectories
|
|
|
837015 |
- allow the -x command line option up to 4 times
|
|
|
837015 |
- loaded extras now have a duplication protection
|
|
|
837015 |
- If test cases are too large we do a partial read on the maximum
|
|
|
837015 |
supported size
|
|
|
837015 |
- longer seeds with the same trace information will now be ignored
|
|
|
837015 |
for fuzzing but still be used for splicing
|
|
|
837015 |
- crashing seeds are now not prohibiting a run anymore but are
|
|
|
837015 |
skipped - they are used for splicing, though
|
|
|
837015 |
- update MOpt for expanded havoc modes
|
|
|
837015 |
- setting the env var AFL_NO_AUTODICT will not load an LTO autodictionary
|
|
|
837015 |
- added NO_SPLICING compile option and makefile define (forwarded request 855999 from msmeissn)</comment>
|
|
|
837015 |
<requestid>856003</requestid>
|
|
|
837015 |
</revision>
|
|
|
ab8fb8 |
<revision rev="56" vrev="1">
|
|
|
ab8fb8 |
<srcmd5>3d07e873b06b3441070e7b6eb6bb5924</srcmd5>
|
|
|
ab8fb8 |
<version>3.10c</version>
|
|
|
ab8fb8 |
<time>1614684892</time>
|
|
|
ab8fb8 |
<user>RBrownSUSE</user>
|
|
|
ab8fb8 |
<comment>- update to 3.10c
|
|
|
ab8fb8 |
- Mac OS ARM64 support
|
|
|
ab8fb8 |
- Android support fixed and updated by Joey Jiaojg - thanks!
|
|
|
ab8fb8 |
- New selective instrumentation option with __AFL_COVERAGE_* commands
|
|
|
ab8fb8 |
to be placed in the source code.
|
|
|
ab8fb8 |
Check out instrumentation/README.instrument_list.md
|
|
|
ab8fb8 |
- afl-fuzz
|
|
|
ab8fb8 |
- Making AFL_MAP_SIZE (mostly) obsolete - afl-fuzz now learns on
|
|
|
ab8fb8 |
start the target map size
|
|
|
ab8fb8 |
- upgraded cmplog/redqueen: solving for floating point, solving
|
|
|
ab8fb8 |
transformations (e.g. toupper, tolower, to/from hex, xor,
|
|
|
ab8fb8 |
arithmetics, etc.). This is costly hence new command line option
|
|
|
ab8fb8 |
`-l` that sets the intensity (values 1 to 3). Recommended is 2.
|
|
|
ab8fb8 |
- added `AFL_CMPLOG_ONLY_NEW` to not use cmplog on initial seeds
|
|
|
ab8fb8 |
from `-i` or resumes (these have most likely already been done)
|
|
|
ab8fb8 |
- fix crash for very, very fast targets+systems (thanks to mhlakhani
|
|
|
ab8fb8 |
for reporting)
|
|
|
ab8fb8 |
- on restarts (`-i`)/autoresume (AFL_AUTORESUME) the stats are now
|
|
|
ab8fb8 |
reloaded and used, thanks to Vimal Joseph for this patch!
|
|
|
ab8fb8 |
- changed the meaning of '+' of the '-t' option, it now means to
|
|
|
ab8fb8 |
auto-calculate the timeout with the value given being the max
|
|
|
ab8fb8 |
timeout. The original meaning of skipping timeouts instead of
|
|
|
ab8fb8 |
abort is now inherent to the -t option.
|
|
|
ab8fb8 |
- if deterministic mode is active (`-D`, or `-M` without `-d`) then
|
|
|
ab8fb8 |
we sync after every queue entry as this can take very long time
|
|
|
ab8fb8 |
otherwise
|
|
|
ab8fb8 |
- added minimum SYNC_TIME to include/config.h (30 minutes default)
|
|
|
ab8fb8 |
- better detection if a target needs a large shared map
|
|
|
ab8fb8 |
- fix for `-Z`
|
|
|
ab8fb8 |
- fixed a few crashes</comment>
|
|
|
ab8fb8 |
<requestid>875949</requestid>
|
|
|
ab8fb8 |
</revision>
|
|
|
ab8fb8 |
<revision rev="57" vrev="1">
|
|
|
ab8fb8 |
<srcmd5>7f5a05221f1576acc954841ca903a41a</srcmd5>
|
|
|
ab8fb8 |
<version>3.11c</version>
|
|
|
ab8fb8 |
<time>1615905996</time>
|
|
|
ab8fb8 |
<user>RBrownSUSE</user>
|
|
|
ab8fb8 |
<comment>- updated to 3.11c
|
|
|
ab8fb8 |
- afl-fuzz:
|
|
|
ab8fb8 |
- better auto detection of map size
|
|
|
ab8fb8 |
- fix sanitizer settings (bug since 3.10c)
|
|
|
ab8fb8 |
- fix an off-by-one overwrite in cmplog
|
|
|
ab8fb8 |
- add non-unicode variants from unicode-looking dictionary entries
|
|
|
ab8fb8 |
- Rust custom mutator API improvements
|
|
|
ab8fb8 |
- Imported crash stats painted yellow on resume (only new ones are red)
|
|
|
ab8fb8 |
- afl-cc:
|
|
|
ab8fb8 |
- added AFL_NOOPT that will just pass everything to the normal
|
|
|
ab8fb8 |
gcc/clang compiler without any changes - to pass weird configure
|
|
|
ab8fb8 |
scripts
|
|
|
ab8fb8 |
- fixed a crash that can occur with ASAN + CMPLOG together plus
|
|
|
ab8fb8 |
better support for unicode (thanks to @stbergmann for reporting!)
|
|
|
ab8fb8 |
- fixed a crash in LAF transform for empty strings
|
|
|
ab8fb8 |
- handle erroneous setups in which multiple afl-compiler-rt are
|
|
|
ab8fb8 |
compiled into the target. This now also supports dlopen()
|
|
|
ab8fb8 |
instrumented libs loaded before the forkserver and even after the
|
|
|
ab8fb8 |
forkserver is started (then with collisions though)
|
|
|
ab8fb8 |
- the compiler rt was added also in object building (-c) which
|
|
|
ab8fb8 |
should have been fixed years ago but somewhere got lost :(
|
|
|
ab8fb8 |
- Renamed CTX to CALLER, added correct/real CTX implementation to
|
|
|
ab8fb8 |
CLASSIC
|
|
|
ab8fb8 |
- qemu_mode:
|
|
|
ab8fb8 |
- added AFL_QEMU_EXCLUDE_RANGES env by @realmadsci, thanks!
|
|
|
ab8fb8 |
- if no new/updated checkout is wanted, build with:
|
|
|
ab8fb8 |
NO_CHECKOUT=1 ./build_qemu_support.sh
|
|
|
ab8fb8 |
- we no longer perform a "git drop"
|
|
|
ab8fb8 |
- afl-cmin: support filenames with spaces
|
|
|
ab8fb8 |
- afl-3.0c-fix-paths.patch: refreshed (forwarded request 879398 from msmeissn)</comment>
|
|
|
ab8fb8 |
<requestid>879399</requestid>
|
|
|
ab8fb8 |
</revision>
|
|
|
ab8fb8 |
<revision rev="58" vrev="1">
|
|
|
ab8fb8 |
<srcmd5>47a25c4dc123fb7ba4ea3d9b657671a2</srcmd5>
|
|
|
ab8fb8 |
<version>3.12c</version>
|
|
|
ab8fb8 |
<time>1616680361</time>
|
|
|
ab8fb8 |
<user>RBrownSUSE</user>
|
|
|
ab8fb8 |
<comment>- updated to 3.12c
|
|
|
ab8fb8 |
- afl-fuzz:
|
|
|
ab8fb8 |
- added AFL_TARGET_ENV variable to pass extra env vars to the target
|
|
|
ab8fb8 |
(for things like LD_LIBRARY_PATH)
|
|
|
ab8fb8 |
- fix map detection, AFL_MAP_SIZE not needed anymore for most cases
|
|
|
ab8fb8 |
- fix counting favorites (just a display thing)
|
|
|
ab8fb8 |
- afl-cc:
|
|
|
ab8fb8 |
- fix cmplog rtn (rare crash and not being able to gather ptr data)
|
|
|
ab8fb8 |
- fix our own PCGUARD implementation to compile with llvm 10.0.1
|
|
|
ab8fb8 |
- link runtime not to shared libs
|
|
|
ab8fb8 |
- ensure shared libraries are properly built and instrumented
|
|
|
ab8fb8 |
- AFL_LLVM_INSTRUMENT_ALLOW/DENY were not implemented for LTO, added
|
|
|
ab8fb8 |
- show correct LLVM PCGUARD NATIVE mode when auto switching to it
|
|
|
ab8fb8 |
and keep fsanitize-coverage-*list=...
|
|
|
ab8fb8 |
Short mnemnonic NATIVE is now also accepted.
|
|
|
ab8fb8 |
- qemu_mode (thanks @realmadsci):
|
|
|
ab8fb8 |
- move AFL_PRELOAD and AFL_USE_QASAN logic inside afl-qemu-trace
|
|
|
ab8fb8 |
- add AFL_QEMU_CUSTOM_BIN
|
|
|
ab8fb8 |
- unicorn_mode
|
|
|
ab8fb8 |
- accidently removed the subfolder from github, re-added
|
|
|
ab8fb8 |
- added DEFAULT_PERMISSION to config.h for all files created, default
|
|
|
ab8fb8 |
to 0600 (forwarded request 881188 from msmeissn)</comment>
|
|
|
ab8fb8 |
<requestid>881268</requestid>
|
|
|
ab8fb8 |
</revision>
|
|
|
ab8fb8 |
<revision rev="59" vrev="2">
|
|
|
ab8fb8 |
<srcmd5>adf61607e46eb48a424e9f50d01c5058</srcmd5>
|
|
|
ab8fb8 |
<version>3.12c</version>
|
|
|
ab8fb8 |
<time>1617034952</time>
|
|
|
ab8fb8 |
<user>RBrownSUSE</user>
|
|
|
ab8fb8 |
<comment>- Fix packaging on aarch64 and %{arm} (forwarded request 881925 from Guillaume_G)</comment>
|
|
|
ab8fb8 |
<requestid>881926</requestid>
|
|
|
ab8fb8 |
</revision>
|
|
|
ab8fb8 |
<revision rev="60" vrev="3">
|
|
|
ab8fb8 |
<srcmd5>77811a2fda1763331dccd4d94c11b47a</srcmd5>
|
|
|
ab8fb8 |
<version>3.12c</version>
|
|
|
ab8fb8 |
<time>1617723026</time>
|
|
|
ab8fb8 |
<user>RBrownSUSE</user>
|
|
|
ab8fb8 |
<comment>- install `afl-clang-lto`, recommended by upstream as the best variant
|
|
|
ab8fb8 |
- add dependency on `lld`
|
|
|
ab8fb8 |
- bump llvm-devel up to >= 11.0.0
|
|
|
ab8fb8 |
- fix /usr/bin/env path in afl.cmin scripts
|
|
|
ab8fb8 |
- prevent stripping of runtime objects (fix bug 1184324) (forwarded request 882850 from haasn)</comment>
|
|
|
ab8fb8 |
<requestid>882886</requestid>
|
|
|
ab8fb8 |
</revision>
|
|
|
ab8fb8 |
<revision rev="61" vrev="4">
|
|
|
ab8fb8 |
<srcmd5>21277fc89eb4614f9ce6cefa7321d83c</srcmd5>
|
|
|
ab8fb8 |
<version>3.12c</version>
|
|
|
ab8fb8 |
<time>1618061277</time>
|
|
|
ab8fb8 |
<user>RBrownSUSE</user>
|
|
|
ab8fb8 |
<comment>- Fix packaging for aarch64 and %arm (forwarded request 884046 from Guillaume_G)</comment>
|
|
|
ab8fb8 |
<requestid>884083</requestid>
|
|
|
ab8fb8 |
</revision>
|
|
|
ab8fb8 |
<revision rev="62" vrev="1">
|
|
|
ab8fb8 |
<srcmd5>c7d20b09976f613e5192b628a3442cc6</srcmd5>
|
|
|
ab8fb8 |
<version>3.13c</version>
|
|
|
ab8fb8 |
<time>1622664698</time>
|
|
|
ab8fb8 |
<user>dimstar_suse</user>
|
|
|
ab8fb8 |
<comment>- updated to 3.13c
|
|
|
ab8fb8 |
- Note: plot_data switched to relative time from unix time in 3.10
|
|
|
ab8fb8 |
- frida_mode - new mode that uses frida to fuzz binary-only targets,
|
|
|
ab8fb8 |
it currently supports persistent mode and cmplog.
|
|
|
ab8fb8 |
thanks to @WorksButNotTested!
|
|
|
ab8fb8 |
- create a fuzzing dictionary with the help of CodeQL thanks to
|
|
|
ab8fb8 |
@microsvuln! see utils/autodict_ql
|
|
|
ab8fb8 |
- afl-fuzz:
|
|
|
ab8fb8 |
- added patch by @realmadsci to support @@ as part of command line
|
|
|
ab8fb8 |
options, e.g. `afl-fuzz ... -- ./target --infile=@@`
|
|
|
ab8fb8 |
- add recording of previous fuzz attempts for persistent mode
|
|
|
ab8fb8 |
to allow replay of non-reproducable crashes, see
|
|
|
ab8fb8 |
AFL_PERSISTENT_RECORD in config.h and docs/envs.h
|
|
|
ab8fb8 |
- fixed a bug when trimming for stdin targets
|
|
|
ab8fb8 |
- cmplog -l: default cmplog level is now 2, better efficiency.
|
|
|
ab8fb8 |
level 3 now performs redqueen on everything. use with care.
|
|
|
ab8fb8 |
- better fuzzing strategy yield display for enabled options
|
|
|
ab8fb8 |
- ensure one fuzzer sync per cycle
|
|
|
ab8fb8 |
- fix afl_custom_queue_new_entry original file name when syncing
|
|
|
ab8fb8 |
from fuzzers
|
|
|
ab8fb8 |
- fixed a crash when more than one custom mutator was used together
|
|
|
ab8fb8 |
with afl_custom_post_process
|
|
|
ab8fb8 |
- on a crashing seed potentially the wrong input was disabled
|
|
|
ab8fb8 |
- added AFL_EXIT_ON_SEED_ISSUES env that will exit if a seed in
|
|
|
ab8fb8 |
-i dir crashes the target or results in a timeout. By default
|
|
|
ab8fb8 |
afl++ ignores these and uses them for splicing instead.
|
|
|
ab8fb8 |
- added AFL_EXIT_ON_TIME env that will make afl-fuzz exit fuzzing
|
|
|
ab8fb8 |
after no new paths have been found for n seconds
|
|
|
ab8fb8 |
- when AFL_FAST_CAL is set a variable path will now be calibrated
|
|
|
ab8fb8 |
8 times instead of originally 40. Long calibration is now 20. (forwarded request 896670 from msmeissn)</comment>
|
|
|
ab8fb8 |
<requestid>896671</requestid>
|
|
|
ab8fb8 |
</revision>
|
|
|
ef8c28 |
<revision rev="63" vrev="2">
|
|
|
ef8c28 |
<srcmd5>4a48cb415bfb43cd21422e8714a8f20c</srcmd5>
|
|
|
ef8c28 |
<version>3.13c</version>
|
|
|
ef8c28 |
<time>1623268347</time>
|
|
|
ef8c28 |
<user>dimstar_suse</user>
|
|
|
ef8c28 |
<comment>- Fix filelist for riscv64 (forwarded request 898298 from Andreas_Schwab)</comment>
|
|
|
ef8c28 |
<requestid>898301</requestid>
|
|
|
ef8c28 |
</revision>
|
|
|
996212 |
<revision rev="64" vrev="3">
|
|
|
996212 |
<srcmd5>8ee2a64f71f5a6844b462de7b1f4ccb8</srcmd5>
|
|
|
996212 |
<version>3.13c</version>
|
|
|
996212 |
<time>1626466373</time>
|
|
|
996212 |
<user>dimstar_suse</user>
|
|
|
996212 |
<comment>- s390x added to the compiler files (forwarded request 906530 from peace)</comment>
|
|
|
996212 |
<requestid>906608</requestid>
|
|
|
996212 |
</revision>
|
|
|
50f260 |
<revision rev="65" vrev="1">
|
|
|
50f260 |
<srcmd5>ecdd86a5e8e1f50de1c87dfa829ca6e0</srcmd5>
|
|
|
50f260 |
<version>3.14c</version>
|
|
|
50f260 |
<time>1626788377</time>
|
|
|
50f260 |
<user>dimstar_suse</user>
|
|
|
50f260 |
<comment>- updated to 3.14c
|
|
|
50f260 |
- afl-fuzz:
|
|
|
50f260 |
- fix -F when a '/' was part of the parameter
|
|
|
50f260 |
- fixed a crash for cmplog for very slow inputs
|
|
|
50f260 |
- fix for AFLfast schedule counting
|
|
|
50f260 |
- removed implied -D determinstic from -M main
|
|
|
50f260 |
- if the target becomes unavailable check out out/default/error.txt
|
|
|
50f260 |
for an indicator why
|
|
|
50f260 |
- AFL_CAL_FAST was a dead env, now does the same as AFL_FAST_CAL
|
|
|
50f260 |
- reverse read the queue on resumes (more effective)
|
|
|
50f260 |
- fix custom mutator trimming
|
|
|
50f260 |
- afl-cc:
|
|
|
50f260 |
- Update to COMPCOV/laf-intel that speeds up the instrumentation
|
|
|
50f260 |
process a lot - thanks to Michael Rodler/f0rki for the PR!
|
|
|
50f260 |
- Fix for failures for some sized string instrumentations
|
|
|
50f260 |
- Fix to instrument global namespace functions in c++
|
|
|
50f260 |
- Fix for llvm 13
|
|
|
50f260 |
- support partial linking
|
|
|
50f260 |
- do honor AFL_LLVM_{ALLOW/DENY}LIST for LTO autodictionary and DICT2FILE
|
|
|
50f260 |
- We do support llvm versions from 3.8 to 5.0 again
|
|
|
50f260 |
- frida_mode:
|
|
|
50f260 |
- several fixes for cmplog
|
|
|
50f260 |
- remove need for AFL_FRIDA_PERSISTENT_RETADDR_OFFSET
|
|
|
50f260 |
- less coverage collision
|
|
|
50f260 |
- feature parity of aarch64 with intel now (persistent, cmplog,
|
|
|
50f260 |
in-memory testcases, asan)
|
|
|
50f260 |
- afl-cmin and afl-showmap -i do now descend into subdirectories
|
|
|
50f260 |
(like afl-fuzz does) - note that afl-cmin.bash does not!
|
|
|
50f260 |
- afl_analyze:
|
|
|
50f260 |
- fix timeout handling (forwarded request 907257 from msmeissn)</comment>
|
|
|
50f260 |
<requestid>907258</requestid>
|
|
|
50f260 |
</revision>
|
|
|
397132 |
<revision rev="66" vrev="2">
|
|
|
397132 |
<srcmd5>b567db90a386b5bb7044540191bda887</srcmd5>
|
|
|
397132 |
<version>3.14c</version>
|
|
|
397132 |
<time>1632685726</time>
|
|
|
397132 |
<user>dimstar_suse</user>
|
|
|
397132 |
<comment>- enable gcc-plugin on factory
|
|
|
397132 |
- build with 32bit plugins on x86_64 (forwarded request 921492 from msmeissn)</comment>
|
|
|
397132 |
<requestid>921493</requestid>
|
|
|
397132 |
</revision>
|
|
|
10fc62 |
<revision rev="67" vrev="1">
|
|
|
10fc62 |
<srcmd5>b428afb04cacf3ab5f164499866f1347</srcmd5>
|
|
|
10fc62 |
<version>4.00c</version>
|
|
|
10fc62 |
<time>1643666243</time>
|
|
|
10fc62 |
<user>dimstar_suse</user>
|
|
|
10fc62 |
<comment>- updated to 4.00c
|
|
|
10fc62 |
- complete documentation restructuring, made possible by Google Season
|
|
|
10fc62 |
of Docs :) thank you Jana!
|
|
|
10fc62 |
- we renamed several UI and fuzzer_stat entries to be more precise,
|
|
|
10fc62 |
e.g. "unique crashes" -> "saved crashes", "total paths" ->
|
|
|
10fc62 |
"corpus count", "current path" -> "current item".
|
|
|
10fc62 |
This might need changing custom scripting!
|
|
|
10fc62 |
- Nyx mode (full system emulation with snapshot capability) has been
|
|
|
10fc62 |
added - thanks to @schumilo and @eqv!
|
|
|
10fc62 |
- unicorn_mode:
|
|
|
10fc62 |
- Moved to unicorn2! by Ziqiao Kong (@lazymio)
|
|
|
10fc62 |
- Faster, more accurate emulation (newer QEMU base), risc-v support
|
|
|
10fc62 |
- removed indirections in rust callbacks
|
|
|
10fc62 |
- new binary-only fuzzing mode: coresight_mode for aarch64 CPUs :)
|
|
|
10fc62 |
thanks to RICSecLab submitting!
|
|
|
10fc62 |
- if instrumented libaries are dlopen()'ed after the forkserver you
|
|
|
10fc62 |
will now see a crash. Before you would have colliding coverage.
|
|
|
10fc62 |
We changed this to force fixing a broken setup rather then allowing
|
|
|
10fc62 |
ineffective fuzzing.
|
|
|
10fc62 |
- See docs/best_practices.md how to fix such setups.
|
|
|
10fc62 |
- afl-fuzz:
|
|
|
10fc62 |
- cmplog binaries will need to be recompiled for this version
|
|
|
10fc62 |
(it is better!)
|
|
|
10fc62 |
- fix a regression introduced in 3.10 that resulted in less
|
|
|
10fc62 |
coverage being detected. thanks to Collin May for reporting!
|
|
|
10fc62 |
- ensure all spawned targets are killed on exit
|
|
|
10fc62 |
- added AFL_IGNORE_PROBLEMS, plus checks to identify and abort on
|
|
|
10fc62 |
incorrect LTO usage setups and enhanced the READMEs for better
|
|
|
10fc62 |
information on how to deal with instrumenting libraries
|
|
|
10fc62 |
- fix -n dumb mode (nobody should use this mode though) (forwarded request 950196 from msmeissn)</comment>
|
|
|
10fc62 |
<requestid>950197</requestid>
|
|
|
10fc62 |
</revision>
|
|
|
9a19a0 |
<revision rev="68" vrev="2">
|
|
|
9a19a0 |
<srcmd5>41f14a22723c16a75da3f426eb0b7626</srcmd5>
|
|
|
9a19a0 |
<version>4.00c</version>
|
|
|
9a19a0 |
<time>1648739929</time>
|
|
|
9a19a0 |
<user>dimstar_suse</user>
|
|
|
9a19a0 |
<comment></comment>
|
|
|
9a19a0 |
<requestid>966170</requestid>
|
|
|
9a19a0 |
</revision>
|
|
|
678686 |
<revision rev="69" vrev="3">
|
|
|
678686 |
<srcmd5>607281e8e5dc2490060f77c2be105658</srcmd5>
|
|
|
678686 |
<version>4.00c</version>
|
|
|
678686 |
<time>1654457328</time>
|
|
|
678686 |
<user>dimstar_suse</user>
|
|
|
678686 |
<comment>- Add llvm14-fix-build.patch: fix build with LLVM 14. (forwarded request 980763 from aaronpuchert)</comment>
|
|
|
678686 |
<requestid>980919</requestid>
|
|
|
678686 |
</revision>
|
|
|
4d37ba |
<revision rev="70" vrev="1">
|
|
|
4d37ba |
<srcmd5>2671e67bdd5ad42dec2e002b6fa5c424</srcmd5>
|
|
|
4d37ba |
<version>4.01c</version>
|
|
|
4d37ba |
<time>1656511293</time>
|
|
|
4d37ba |
<user>dimstar_suse</user>
|
|
|
4d37ba |
<comment>- updated to 4.01c
|
|
|
4d37ba |
- fixed */build_...sh scripts to work outside of git
|
|
|
4d37ba |
- new custom_mutator: libafl with token fuzzing :)
|
|
|
4d37ba |
- afl-fuzz:
|
|
|
4d37ba |
- when you just want to compile once and set CMPLOG, then just
|
|
|
4d37ba |
set -c 0 to tell afl-fuzz that the fuzzing binary is also for
|
|
|
4d37ba |
CMPLOG.
|
|
|
4d37ba |
- new commandline options -g/G to set min/max length of generated
|
|
|
4d37ba |
fuzz inputs
|
|
|
4d37ba |
- you can set the time for syncing to other fuzzer now with
|
|
|
4d37ba |
AFL_SYNC_TIME
|
|
|
4d37ba |
- reintroduced AFL_PERSISTENT and AFL_DEFER_FORKSRV to allow
|
|
|
4d37ba |
persistent mode and manual forkserver support if these are not
|
|
|
4d37ba |
in the target binary (e.g. are in a shared library)
|
|
|
4d37ba |
- add AFL_EARLY_FORKSERVER to install the forkserver as earliest as
|
|
|
4d37ba |
possible in the target (for afl-gcc-fast/afl-clang-fast/
|
|
|
4d37ba |
afl-clang-lto)
|
|
|
4d37ba |
- "saved timeouts" was wrong information, timeouts are still thrown
|
|
|
4d37ba |
away by default even if they have new coverage (hangs are always
|
|
|
4d37ba |
kept), unless AFL_KEEP_TIMEOUTS are set
|
|
|
4d37ba |
- AFL never implemented auto token inserts (but user token inserts,
|
|
|
4d37ba |
user token overwrite and auto token overwrite), added now!
|
|
|
4d37ba |
- fixed a mutation type in havoc mode
|
|
|
4d37ba |
- Mopt fix to always select the correct algorithm
|
|
|
4d37ba |
- fix effector map calculation (deterministic mode)
|
|
|
4d37ba |
- fix custom mutator post_process functionality
|
|
|
4d37ba |
- document and auto-activate pizza mode on condition
|
|
|
4d37ba |
- afl-cc:
|
|
|
4d37ba |
- due a bug in lld of llvm 15 LTO instrumentation wont work atm :-(
|
|
|
4d37ba |
- converted all passed to use the new llvm pass manager for llvm 11+</comment>
|
|
|
4d37ba |
<requestid>985621</requestid>
|
|
|
4d37ba |
</revision>
|
|
|
f84e28 |
<revision rev="71" vrev="1">
|
|
|
f84e28 |
<srcmd5>c31081618de30e648f60e6df5c2d76c7</srcmd5>
|
|
|
f84e28 |
<version>4.02c</version>
|
|
|
f84e28 |
<time>1661020160</time>
|
|
|
f84e28 |
<user>dimstar_suse</user>
|
|
|
f84e28 |
<comment>- updated to 4.02c
|
|
|
f84e28 |
- afl-cc:
|
|
|
f84e28 |
- important fix for the default pcguard mode when LLVM IR vector
|
|
|
f84e28 |
selects are produced, thanks to @juppytt for reporting!
|
|
|
f84e28 |
- gcc_plugin:
|
|
|
f84e28 |
- Adacore submitted CMPLOG support to the gcc_plugin! :-)
|
|
|
f84e28 |
- llvm_mode:
|
|
|
f84e28 |
- laf cmp splitting fixed for more comparison types
|
|
|
f84e28 |
- frida_mode:
|
|
|
f84e28 |
- now works on Android!
|
|
|
f84e28 |
- afl-fuzz:
|
|
|
f84e28 |
- change post_process hook to allow returning NULL and 0 length to
|
|
|
f84e28 |
tell afl-fuzz to skip this mutated input (forwarded request 998343 from msmeissn)</comment>
|
|
|
f84e28 |
<requestid>998344</requestid>
|
|
|
f84e28 |
</revision>
|
|
|
39d64a |
<revision rev="72" vrev="1">
|
|
|
39d64a |
<srcmd5>f8e7c5799b9dd24e69d6f6b174ec0dae</srcmd5>
|
|
|
39d64a |
<version>4.03c</version>
|
|
|
39d64a |
<time>1663694661</time>
|
|
|
39d64a |
<user>dimstar_suse</user>
|
|
|
39d64a |
<comment>- updated to 4.03c
|
|
|
39d64a |
- Building now gives a build summary what succeeded and what not
|
|
|
39d64a |
- afl-fuzz:
|
|
|
39d64a |
- added AFL_NO_STARTUP_CALIBRATION to start fuzzing at once instead
|
|
|
39d64a |
of calibrating all initial seeds first. Good for large queues
|
|
|
39d64a |
and long execution times, especially in CIs.
|
|
|
39d64a |
- default calibration cycles set to 7 from 8, and only add 5 cycles
|
|
|
39d64a |
to variables queue items instead of 12.
|
|
|
39d64a |
- afl-cc:
|
|
|
39d64a |
- fixed off-by-one bug in our pcguard implemenation, thanks for
|
|
|
39d64a |
@tokatoka for reporting
|
|
|
39d64a |
- fix for llvm 15 and reenabling LTO, thanks to nikic for the PR!
|
|
|
39d64a |
- better handling of -fsanitize=..,...,.. lists
|
|
|
39d64a |
- support added for LLVMFuzzerRunDriver()
|
|
|
39d64a |
- fix gcc_mode cmplog
|
|
|
39d64a |
- obtain the map size of a target with setting AFL_DUMP_MAP_SIZE=1
|
|
|
39d64a |
note that this will exit the target before main()
|
|
|
39d64a |
- qemu_mode:
|
|
|
39d64a |
- added AFL_QEMU_TRACK_UNSTABLE to log the addresses of unstable
|
|
|
39d64a |
edges (together with AFL_DEBUG=1 afl-fuzz). thanks to
|
|
|
39d64a |
worksbutnottested!
|
|
|
39d64a |
- afl-analyze broke at some point, fix by CodeLogicError, thank you!
|
|
|
39d64a |
- afl-cmin/afl-cmin.bash now have an -A option to allow also crashing
|
|
|
39d64a |
and timeout inputs
|
|
|
39d64a |
- unicorn_mode:
|
|
|
39d64a |
- updated upstream unicorn version
|
|
|
39d64a |
- fixed builds for aarch64
|
|
|
39d64a |
- build now uses all available cores (forwarded request 1005008 from msmeissn)</comment>
|
|
|
39d64a |
<requestid>1005009</requestid>
|
|
|
39d64a |
</revision>
|
|
|
550f99 |
<revision rev="73" vrev="1">
|
|
|
550f99 |
<srcmd5>41488260950ab98c20fd71a13c94af38</srcmd5>
|
|
|
550f99 |
<version>4.04c</version>
|
|
|
550f99 |
<time>1666366116</time>
|
|
|
550f99 |
<user>dimstar_suse</user>
|
|
|
550f99 |
<comment>- updated to 4.04c
|
|
|
550f99 |
- fix gramatron and grammar_mutator build scripts
|
|
|
550f99 |
- enhancements to the afl-persistent-config and afl-system-config
|
|
|
550f99 |
- scripts
|
|
|
550f99 |
- afl-fuzz:
|
|
|
550f99 |
- force writing all stats on exit
|
|
|
550f99 |
- afl-cc:
|
|
|
550f99 |
- make gcc_mode (afl-gcc-fast) work with gcc down to version 3.6
|
|
|
550f99 |
- qemu_mode:
|
|
|
550f99 |
- fixed 10x speed degredation in v4.03c
|
|
|
550f99 |
- added qemu_mode/fastexit helper library
|
|
|
550f99 |
- unicorn_mode:
|
|
|
550f99 |
- Enabled tricore arch (by @jma-qb)
|
|
|
550f99 |
- Updated Capstone version in Rust bindings
|
|
|
550f99 |
- llvm-mode:
|
|
|
550f99 |
- AFL runtime will always pass inputs via shared memory, when possible,
|
|
|
550f99 |
ignoring the command line. (forwarded request 1030428 from msmeissn)</comment>
|
|
|
550f99 |
<requestid>1030429</requestid>
|
|
|
550f99 |
</revision>
|
|
|
8d9360 |
<revision rev="74" vrev="2">
|
|
|
8d9360 |
<srcmd5>ebff9bafeb59b66e0a71e34f3ed150b5</srcmd5>
|
|
|
8d9360 |
<version>4.04c</version>
|
|
|
8d9360 |
<time>1666452931</time>
|
|
|
8d9360 |
<user>dimstar_suse</user>
|
|
|
8d9360 |
<comment>- Update file list for riscv64 (forwarded request 1030538 from Andreas_Schwab)</comment>
|
|
|
8d9360 |
<requestid>1030539</requestid>
|
|
|
8d9360 |
</revision>
|
|
|
1085f1 |
<revision rev="75" vrev="1">
|
|
|
1085f1 |
<srcmd5>4c5a13c11482c4d07359af9f5371b238</srcmd5>
|
|
|
1085f1 |
<version>4.05c</version>
|
|
|
1085f1 |
<time>1673021128</time>
|
|
|
1085f1 |
<user>dimstar_suse</user>
|
|
|
1085f1 |
<comment>- updated to 4.05c
|
|
|
1085f1 |
- afl-fuzz:
|
|
|
1085f1 |
- added afl_custom_fuzz_send custom mutator feature. Now your can
|
|
|
1085f1 |
send fuzz data to the target as you need, e.g. via IPC.
|
|
|
1085f1 |
- cmplog mode now has a -l R option for random colorization, thanks
|
|
|
1085f1 |
to guyf2010 for the PR!
|
|
|
1085f1 |
- queue statistics are written every 30 minutes to
|
|
|
1085f1 |
out/NAME/queue_data if compiled with INTROSPECTION
|
|
|
1085f1 |
- new env: AFL_FORK_SERVER_KILL_SIGNAL
|
|
|
1085f1 |
- afl-showmap/afl-cmin
|
|
|
1085f1 |
- `-t none` now translates to `-t 120000` (120 seconds)
|
|
|
1085f1 |
- unicorn_mode updated
|
|
|
1085f1 |
- updated rust custom mutator dependencies and LibAFL custom mutator
|
|
|
1085f1 |
- several minor bugfixes (forwarded request 1056232 from msmeissn)</comment>
|
|
|
1085f1 |
<requestid>1056233</requestid>
|
|
|
1085f1 |
</revision>
|
|
|
d99763 |
<revision rev="76" vrev="2">
|
|
|
d99763 |
<srcmd5>a1a9338495000a865e2570a186b548b0</srcmd5>
|
|
|
d99763 |
<version>4.05c</version>
|
|
|
d99763 |
<time>1681296756</time>
|
|
|
d99763 |
<user>dimstar_suse</user>
|
|
|
d99763 |
<comment>- Pin to llvm15 for the time being: code fails to build with
|
|
|
d99763 |
llvm16. (forwarded request 1078606 from dimstar)</comment>
|
|
|
d99763 |
<requestid>1078607</requestid>
|
|
|
d99763 |
</revision>
|
|
|
4a17b5 |
<revision rev="77" vrev="1">
|
|
|
4a17b5 |
<srcmd5>b03f0ff668a07c5f96d8d02bbab5f03d</srcmd5>
|
|
|
4a17b5 |
<version>4.06c</version>
|
|
|
4a17b5 |
<time>1681746092</time>
|
|
|
4a17b5 |
<user>dimstar_suse</user>
|
|
|
4a17b5 |
<comment>- updated to 4.06c
|
|
|
4a17b5 |
- afl-fuzz:
|
|
|
4a17b5 |
- ensure temporary file descriptor is closed when not used
|
|
|
4a17b5 |
- added `AFL_NO_WARN_INSTABILITY`
|
|
|
4a17b5 |
- added time_wo_finds to fuzzer_stats
|
|
|
4a17b5 |
- fixed a crash in pizza (1st april easter egg) mode. Sorry for
|
|
|
4a17b5 |
everyone who was affected!
|
|
|
4a17b5 |
- allow pizza mode to be disabled when AFL_PIZZA_MODE is set to -1
|
|
|
4a17b5 |
- option `-p mmopt` now also selects new queue items more often
|
|
|
4a17b5 |
- fix bug in post_process custom mutator implementation
|
|
|
4a17b5 |
- print name of custom mutator in UI
|
|
|
4a17b5 |
- slight changes that improve fuzzer performance
|
|
|
4a17b5 |
- afl-cc:
|
|
|
4a17b5 |
- add CFI sanitizer variant to gcc targets
|
|
|
4a17b5 |
- llvm 16 + 17 support (thanks to @devnexen!)
|
|
|
4a17b5 |
- support llvm 15 native pcguard changes
|
|
|
4a17b5 |
- support for LLVMFuzzerTestOneInput -1 return
|
|
|
4a17b5 |
- LTO autoken and llvm_mode: added AFL_LLVM_DICT2FILE_NO_MAIN support
|
|
|
4a17b5 |
- qemu_mode:
|
|
|
4a17b5 |
- fix _RANGES envs to allow hyphens in the filenames
|
|
|
4a17b5 |
- basic riscv support
|
|
|
4a17b5 |
- frida_mode:
|
|
|
4a17b5 |
- added `AFL_FRIDA_STATS_INTERVAL`
|
|
|
4a17b5 |
- fix issue on MacOS
|
|
|
4a17b5 |
- unicorn_mode:
|
|
|
4a17b5 |
- updated and minor issues fixed
|
|
|
4a17b5 |
- nyx_mode support for all tools
|
|
|
4a17b5 |
- better sanitizer default options support for all tools
|
|
|
4a17b5 |
- new custom module: autotoken, a grammar free fuzzer for text inputs
|
|
|
4a17b5 |
- fixed custom mutator C examples (forwarded request 1079878 from msmeissn)</comment>
|
|
|
4a17b5 |
<requestid>1079879</requestid>
|
|
|
4a17b5 |
</revision>
|
|
|
3b8f9f |
<revision rev="78" vrev="1">
|
|
|
3b8f9f |
<srcmd5>ca85db012ba1a233200487b8d62cd4ce</srcmd5>
|
|
|
3b8f9f |
<version>4.07c</version>
|
|
|
3b8f9f |
<time>1686665342</time>
|
|
|
3b8f9f |
<user>dimstar_suse</user>
|
|
|
3b8f9f |
<comment>- updated to 4.07c
|
|
|
3b8f9f |
- afl-fuzz:
|
|
|
3b8f9f |
- reverse reading the seeds only on restarts (increases performance)
|
|
|
3b8f9f |
- new env `AFL_POST_PROCESS_KEEP_ORIGINAL` to keep the orignal
|
|
|
3b8f9f |
data before post process on finds (for atnwalk custom mutator)
|
|
|
3b8f9f |
- new env `AFL_IGNORE_PROBLEMS_COVERAGE` to ignore coverage from
|
|
|
3b8f9f |
loaded libs after forkserver initialization (required by Mozilla)
|
|
|
3b8f9f |
- afl-cc:
|
|
|
3b8f9f |
- added @responsefile support
|
|
|
3b8f9f |
- new env `AFL_LLVM_LTO_SKIPINIT` to support the AFL++ based WASM
|
|
|
3b8f9f |
(https://github.com/fgsect/WAFL) project
|
|
|
3b8f9f |
- error and print help if afl-clan-lto is used with lto=thin
|
|
|
3b8f9f |
- rewrote our PCGUARD pass to be compatible with LLVM 15+ shenanigans,
|
|
|
3b8f9f |
requires LLVM 13+ now instead of 10.0.1+
|
|
|
3b8f9f |
- fallback to native LLVM PCGUARD if our PCGUARD is unavailable
|
|
|
3b8f9f |
- fixed a crash in GCC CMPLOG
|
|
|
3b8f9f |
- afl-showmap:
|
|
|
3b8f9f |
- added custom mutator post_process and send support
|
|
|
3b8f9f |
- add `-I filelist` option, an alternative to `-i in_dir`
|
|
|
3b8f9f |
- afl-cmin + afl-cmin.bash:
|
|
|
3b8f9f |
- `-T threads` parallel task support, can be a huge speedup!
|
|
|
3b8f9f |
- qemu_mode:
|
|
|
3b8f9f |
- Persistent mode + QASAN support for ppc32 targets by @worksbutnottested
|
|
|
3b8f9f |
- a new grammar custom mutator atnwalk was submitted by @voidptr127 !
|
|
|
3b8f9f |
- two new custom mutators are now available:
|
|
|
3b8f9f |
- TritonDSE in custom_mutators/aflpp_tritondse
|
|
|
3b8f9f |
- SymQEMU in custom_mutators/symqemu
|
|
|
3b8f9f |
- removed ppc64le condition (failed parsing), we have no 32bit ppc64le</comment>
|
|
|
3b8f9f |
<requestid>1092592</requestid>
|
|
|
3b8f9f |
</revision>
|
|
|
66bc62 |
<revision rev="79" vrev="1">
|
|
|
66bc62 |
<srcmd5>5af9f66dca70a959dba9913db70ae5e8</srcmd5>
|
|
|
66bc62 |
<version>4.08c</version>
|
|
|
66bc62 |
<time>1692045352</time>
|
|
|
66bc62 |
<user>dimstar_suse</user>
|
|
|
66bc62 |
<comment>- updated to 4.08c
|
|
|
66bc62 |
- afl-fuzz:
|
|
|
66bc62 |
- new mutation engine: mutations that favor discovery more paths are
|
|
|
66bc62 |
prefered until no new finds for 10 minutes then switching to mutations
|
|
|
66bc62 |
that favor triggering crashes. Modes and switch time can be configured
|
|
|
66bc62 |
with `-P`. Also input mode for the target can be defined with `-a` to
|
|
|
66bc62 |
be `text` or `binary` (defaults to `generic`)
|
|
|
66bc62 |
- new custom mutator that has the new afl++ engine (so it can easily
|
|
|
66bc62 |
incorporated into new custom mutators), and also comes with a standalone
|
|
|
66bc62 |
command line tool! See custom_mutators/aflpp/standalone/
|
|
|
66bc62 |
- display the state of the fuzzing run in the UI :-)
|
|
|
66bc62 |
- fix timeout setting if '+' is used or a session is restarted
|
|
|
66bc62 |
- -l X option to enable base64 transformation solving
|
|
|
66bc62 |
- allow to disable CMPLOG with '-c -' (e.g. afl.rs enforces '-c 0' on
|
|
|
66bc62 |
every instance which is counterproductive).
|
|
|
66bc62 |
- afl-cmin/afl-cmin.bash:
|
|
|
66bc62 |
- fixed a bug inherited from vanilla AFL where a coverage of
|
|
|
66bc62 |
map[123] = 11 would be the same as map[1123] = 1
|
|
|
66bc62 |
- warn on crashing inputs
|
|
|
66bc62 |
- adjust threads if less inputs than threads specified
|
|
|
66bc62 |
- afl-cc:
|
|
|
66bc62 |
- fixed an off-by-one instrumentation of iselect, hurting coverage a bit.
|
|
|
66bc62 |
Thanks to @amykweon for spotting and fixing!
|
|
|
66bc62 |
- @toka fixed a bug in laf-intel signed integer comparison splitting,
|
|
|
66bc62 |
thanks a lot!!
|
|
|
66bc62 |
- more LLVM compatability
|
|
|
66bc62 |
- frida_mode:
|
|
|
66bc62 |
- support for long form instrumentation on x86_x64 and arm64
|
|
|
66bc62 |
- renamed utils/get_symbol_addr.sh to utils/frida_get_symbol_addr.sh
|
|
|
66bc62 |
- qemu_mode:</comment>
|
|
|
66bc62 |
<requestid>1103819</requestid>
|
|
|
66bc62 |
</revision>
|
|
Bernhard M. Wiedemann |
0794b6 |
<revision rev="80" vrev="1">
|
|
Bernhard M. Wiedemann |
0794b6 |
<srcmd5>bc4202f33b2a4da16c9f7851af04e14f</srcmd5>
|
|
Bernhard M. Wiedemann |
0794b6 |
<version>4.09c</version>
|
|
Bernhard M. Wiedemann |
0794b6 |
<time>1702845257</time>
|
|
Bernhard M. Wiedemann |
0794b6 |
<user>anag+factory</user>
|
|
Bernhard M. Wiedemann |
0794b6 |
<comment>- updated to 4.09c
|
|
Bernhard M. Wiedemann |
0794b6 |
- afl-fuzz:
|
|
Bernhard M. Wiedemann |
0794b6 |
- fixed the new mutation implementation for two bugs
|
|
Bernhard M. Wiedemann |
0794b6 |
- added `AFL_FINAL_SYNC` which forces a final fuzzer sync (also for `-F`)
|
|
Bernhard M. Wiedemann |
0794b6 |
before terminating.
|
|
Bernhard M. Wiedemann |
0794b6 |
- added AFL_IGNORE_SEED_PROBLEMS to skip over seeds that time out instead
|
|
Bernhard M. Wiedemann |
0794b6 |
of exiting with an error message
|
|
Bernhard M. Wiedemann |
0794b6 |
- allow -S/-M naming up to 50 characters (from 24)
|
|
Bernhard M. Wiedemann |
0794b6 |
- CMPLOG:
|
|
Bernhard M. Wiedemann |
0794b6 |
- added scale support (-l S)
|
|
Bernhard M. Wiedemann |
0794b6 |
- skip unhelpful insertions (u8)
|
|
Bernhard M. Wiedemann |
0794b6 |
- added --version and --help command line parameters
|
|
Bernhard M. Wiedemann |
0794b6 |
- fixed endless loop when reading malformed dictionaries
|
|
Bernhard M. Wiedemann |
0794b6 |
- new custom mutator function: post_run - thanks to yangzao!
|
|
Bernhard M. Wiedemann |
0794b6 |
- afl-whatsup:
|
|
Bernhard M. Wiedemann |
0794b6 |
- detect instanced that are starting up and show them as such as not dead
|
|
Bernhard M. Wiedemann |
0794b6 |
- now also shows coverage reached
|
|
Bernhard M. Wiedemann |
0794b6 |
- option -m shows only very relevant stats
|
|
Bernhard M. Wiedemann |
0794b6 |
- option -n will not use color in the output
|
|
Bernhard M. Wiedemann |
0794b6 |
- instrumentation:
|
|
Bernhard M. Wiedemann |
0794b6 |
- fix for a few string compare transform functions for LAF
|
|
Bernhard M. Wiedemann |
0794b6 |
- we are instrumenting __cxx internal functions again. this might break
|
|
Bernhard M. Wiedemann |
0794b6 |
a few targets, please report if so.
|
|
Bernhard M. Wiedemann |
0794b6 |
- frida_mode:
|
|
Bernhard M. Wiedemann |
0794b6 |
- fixes support for large map offsets
|
|
Bernhard M. Wiedemann |
0794b6 |
- support for AFL_FUZZER_LOOPCOUNT for afl.rs and LLVMFuzzerTestOneInput
|
|
Bernhard M. Wiedemann |
0794b6 |
- afl-cmin/afl-cmin.bash: prevent unneeded file errors
|
|
Bernhard M. Wiedemann |
0794b6 |
- added new tool afl-addseeds that adds new seeds to a running campaign
|
|
Bernhard M. Wiedemann |
0794b6 |
- added benchmark/benchmark.py if you want to see how good your fuzzing
|
|
Bernhard M. Wiedemann |
0794b6 |
speed is in comparison to other setups. (forwarded request 1133736 from msmeissn)</comment>
|
|
Bernhard M. Wiedemann |
0794b6 |
<requestid>1133737</requestid>
|
|
Bernhard M. Wiedemann |
0794b6 |
</revision>
|
|
|
38c8ef |
<revision rev="81" vrev="1">
|
|
|
38c8ef |
<srcmd5>e1e9b912bcc0f050d9689d0f9f800c9d</srcmd5>
|
|
|
38c8ef |
<version>4.10c</version>
|
|
|
38c8ef |
<time>1707328126</time>
|
|
|
38c8ef |
<user>anag+factory</user>
|
|
|
38c8ef |
<comment>- updated to 4.10c
|
|
|
38c8ef |
- afl-fuzz:
|
|
|
38c8ef |
- default power schedule is now EXPLORE, due a fix in fast schedules
|
|
|
38c8ef |
explore is slightly better now.
|
|
|
38c8ef |
- fixed minor issues in the mutation engine, thanks to @futhewo for
|
|
|
38c8ef |
reporting!
|
|
|
38c8ef |
- better deterministic fuzzing is now available, benchmarks have shown
|
|
|
38c8ef |
to improve fuzzing. Enable with -D. Thanks to @kdsjZh for the PR!
|
|
|
38c8ef |
- afl-cc:
|
|
|
38c8ef |
- large rewrite by @SonicStark which fixes a few corner cases, thanks!
|
|
|
38c8ef |
- LTO mode now requires llvm 12+
|
|
|
38c8ef |
- workaround for ASAN with gcc_plugin mode
|
|
|
38c8ef |
- instrumentation:
|
|
|
38c8ef |
- LLVM 18 support, thanks to @devnexen!
|
|
|
38c8ef |
- Injection (SQL, LDAP, XSS) fuzzing feature now available, see
|
|
|
38c8ef |
`instrumentation/README.injections.md` how to activate/use/expand.
|
|
|
38c8ef |
- compcov/LAF-intel:
|
|
|
38c8ef |
- floating point splitting bug fix by @hexcoder
|
|
|
38c8ef |
- due a bug in LLVM 17 integer splitting is disabled there!
|
|
|
38c8ef |
- when splitting floats was selected, integers were always split as well,
|
|
|
38c8ef |
fixed to require AFL_LLVM_LAF_SPLIT_COMPARES or _ALL as it should
|
|
|
38c8ef |
- dynamic instrumentation filtering for LLVM NATIVE, thanks @Mozilla!
|
|
|
38c8ef |
see utils/dynamic_covfilter/README.md
|
|
|
38c8ef |
- qemu_mode:
|
|
|
38c8ef |
- plugins are now activated by default and a new module is included that
|
|
|
38c8ef |
produces drcov compatible traces for lighthouse/lightkeeper/...
|
|
|
38c8ef |
thanks to @JRomainG to submitting!
|
|
|
38c8ef |
- updated Nyx checkout (fixes a bug) and some QOL
|
|
|
38c8ef |
- updated the custom grammar mutator
|
|
|
38c8ef |
- document afl-cmin does not work on macOS (but afl-cmin.bash does) (forwarded request 1144629 from msmeissn)</comment>
|
|
|
38c8ef |
<requestid>1144630</requestid>
|
|
|
38c8ef |
</revision>
|
|
|
c38832 |
<revision rev="82" vrev="1">
|
|
|
c38832 |
<srcmd5>3df12984002e94aa8f3ac12e18fa0e60</srcmd5>
|
|
|
c38832 |
<version>4.20c</version>
|
|
|
c38832 |
<time>1713205121</time>
|
|
|
c38832 |
<user>anag+factory</user>
|
|
|
c38832 |
<comment>- updated to 4.20c
|
|
|
c38832 |
+ A new forkserver communication model is now introduced. afl-fuzz is
|
|
|
c38832 |
backward compatible to old compiled targets if they are not built
|
|
|
c38832 |
for CMPLOG/Redqueen, but new compiled targets will not work with
|
|
|
c38832 |
old afl-fuzz versions!
|
|
|
c38832 |
+ Recompile all targets that are instrumented for CMPLOG/Redqueen!
|
|
|
c38832 |
- AFL++ now supports up to 4 billion coverage edges, up from 6 million.
|
|
|
c38832 |
- New compile option: `make PERFORMANCE=1` - this will enable special
|
|
|
c38832 |
CPU dependent optimizations that make everything more performant - but
|
|
|
c38832 |
the binaries will likely won't work on different platforms. Also
|
|
|
c38832 |
enables a faster hasher if the CPU requirements are met.
|
|
|
c38832 |
- The persistent record feature (see config.h) was expanded to also
|
|
|
c38832 |
support replay, thanks to @quarta-qti !
|
|
|
c38832 |
- afl-fuzz:
|
|
|
c38832 |
- the new deterministic fuzzing feature is now activated by default,
|
|
|
c38832 |
deactivate with -z. Parameters -d and -D are ignored.
|
|
|
c38832 |
- small improvements to CMPLOG/redqueen
|
|
|
c38832 |
- workround for a bug with MOpt -L when used with -M - in the future
|
|
|
c38832 |
we will either remove or rewrite MOpt.
|
|
|
c38832 |
- fix for `-t xxx+` feature
|
|
|
c38832 |
- -e extension option now saves the queue items, crashes, etc. with the
|
|
|
c38832 |
extension too
|
|
|
c38832 |
- fixes for trimmming, correct -V time and reading stats on resume by eqv
|
|
|
c38832 |
thanks a lot!
|
|
|
c38832 |
- afl-cc:
|
|
|
c38832 |
- added collision free caller instrumentation to LTO mode. activate with
|
|
|
c38832 |
`AFL_LLVM_LTO_CALLER=1`. You can set a max depth to go through single
|
|
|
c38832 |
block functions with `AFL_LLVM_LTO_CALLER_DEPTH` (default 0)
|
|
|
c38832 |
- fixes for COMPCOV/LAF and most other modules
|
|
|
c38832 |
- fix for GCC_PLUGIN cmplog that broke on std::strings (forwarded request 1167801 from msmeissn)</comment>
|
|
|
c38832 |
<requestid>1167802</requestid>
|
|
|
c38832 |
</revision>
|
|
Bernhard M. Wiedemann |
b204e0 |
</revisionlist>
|