From 4d37baca5be3409919ec4f7c118c2827422c38da Mon Sep 17 00:00:00 2001
From: msmeissn <>
Date: Jun 29 2022 14:20:24 +0000
Subject: Update afl to version 4.01c / rev 70 via SR 985621
https://build.opensuse.org/request/show/985621
by user msmeissn + dimstar_suse
- updated to 4.01c
- fixed */build_...sh scripts to work outside of git
- new custom_mutator: libafl with token fuzzing :)
- afl-fuzz:
- when you just want to compile once and set CMPLOG, then just
set -c 0 to tell afl-fuzz that the fuzzing binary is also for
CMPLOG.
- new commandline options -g/G to set min/max length of generated
fuzz inputs
- you can set the time for syncing to other fuzzer now with
AFL_SYNC_TIME
- reintroduced AFL_PERSISTENT and AFL_DEFER_FORKSRV to allow
persistent mode and manual forkserver support if these are not
in the target binary (e.g. are in a shared library)
- add AFL_EARLY_FORKSERVER to install the forkserver as earliest as
possible in the target (for afl-gcc-fast/afl-clang-fast/
afl-cl
---
diff --git a/.files b/.files
index 8b9d58a..140fa10 100644
Binary files a/.files and b/.files differ
diff --git a/.rev b/.rev
index 272247e..031f31d 100644
--- a/.rev
+++ b/.rev
@@ -1073,4 +1073,41 @@
- Add llvm14-fix-build.patch: fix build with LLVM 14. (forwarded request 980763 from aaronpuchert)980919
+
+ 2671e67bdd5ad42dec2e002b6fa5c424
+ 4.01c
+
+ dimstar_suse
+ - updated to 4.01c
+ - fixed */build_...sh scripts to work outside of git
+ - new custom_mutator: libafl with token fuzzing :)
+ - afl-fuzz:
+ - when you just want to compile once and set CMPLOG, then just
+ set -c 0 to tell afl-fuzz that the fuzzing binary is also for
+ CMPLOG.
+ - new commandline options -g/G to set min/max length of generated
+ fuzz inputs
+ - you can set the time for syncing to other fuzzer now with
+ AFL_SYNC_TIME
+ - reintroduced AFL_PERSISTENT and AFL_DEFER_FORKSRV to allow
+ persistent mode and manual forkserver support if these are not
+ in the target binary (e.g. are in a shared library)
+ - add AFL_EARLY_FORKSERVER to install the forkserver as earliest as
+ possible in the target (for afl-gcc-fast/afl-clang-fast/
+ afl-clang-lto)
+ - "saved timeouts" was wrong information, timeouts are still thrown
+ away by default even if they have new coverage (hangs are always
+ kept), unless AFL_KEEP_TIMEOUTS are set
+ - AFL never implemented auto token inserts (but user token inserts,
+ user token overwrite and auto token overwrite), added now!
+ - fixed a mutation type in havoc mode
+ - Mopt fix to always select the correct algorithm
+ - fix effector map calculation (deterministic mode)
+ - fix custom mutator post_process functionality
+ - document and auto-activate pizza mode on condition
+ - afl-cc:
+ - due a bug in lld of llvm 15 LTO instrumentation wont work atm :-(
+ - converted all passed to use the new llvm pass manager for llvm 11+
+ 985621
+
diff --git a/4.00c.tar.gz b/4.00c.tar.gz
deleted file mode 120000
index 540afa4..0000000
--- a/4.00c.tar.gz
+++ /dev/null
@@ -1 +0,0 @@
-/ipfs/bafybeia26ywzf3we5qkryl6igxnen2mxh3kii26qnmzgesqziw63da63n4
\ No newline at end of file
diff --git a/4.01c.tar.gz b/4.01c.tar.gz
new file mode 120000
index 0000000..1d75437
--- /dev/null
+++ b/4.01c.tar.gz
@@ -0,0 +1 @@
+/ipfs/bafybeifzy4b25plru4lrce6zjancldn52fsecu4nqcrcelg275funmsjoq
\ No newline at end of file
diff --git a/afl.changes b/afl.changes
index eda64b6..f0f89a4 100644
--- a/afl.changes
+++ b/afl.changes
@@ -1,4 +1,47 @@
-------------------------------------------------------------------
+Tue Jun 28 14:32:52 UTC 2022 - Marcus Meissner
+
+- updated to 4.01c
+ - fixed */build_...sh scripts to work outside of git
+ - new custom_mutator: libafl with token fuzzing :)
+ - afl-fuzz:
+ - when you just want to compile once and set CMPLOG, then just
+ set -c 0 to tell afl-fuzz that the fuzzing binary is also for
+ CMPLOG.
+ - new commandline options -g/G to set min/max length of generated
+ fuzz inputs
+ - you can set the time for syncing to other fuzzer now with
+ AFL_SYNC_TIME
+ - reintroduced AFL_PERSISTENT and AFL_DEFER_FORKSRV to allow
+ persistent mode and manual forkserver support if these are not
+ in the target binary (e.g. are in a shared library)
+ - add AFL_EARLY_FORKSERVER to install the forkserver as earliest as
+ possible in the target (for afl-gcc-fast/afl-clang-fast/
+ afl-clang-lto)
+ - "saved timeouts" was wrong information, timeouts are still thrown
+ away by default even if they have new coverage (hangs are always
+ kept), unless AFL_KEEP_TIMEOUTS are set
+ - AFL never implemented auto token inserts (but user token inserts,
+ user token overwrite and auto token overwrite), added now!
+ - fixed a mutation type in havoc mode
+ - Mopt fix to always select the correct algorithm
+ - fix effector map calculation (deterministic mode)
+ - fix custom mutator post_process functionality
+ - document and auto-activate pizza mode on condition
+ - afl-cc:
+ - due a bug in lld of llvm 15 LTO instrumentation wont work atm :-(
+ - converted all passed to use the new llvm pass manager for llvm 11+
+ - AFL++ PCGUARD mode is not available for 10.0.1 anymore (11+ only)
+ - trying to stay on top on all these #$&ยง!! changes in llvm 15 ...
+ - frida_mode:
+ - update to new frida release, handles now c++ throw/catch
+ - unicorn_mode:
+ - update unicorn engine, fix C example
+ - utils:
+ - removed optimin because it looses coverage due to a bug and is
+ unmaintained :-(
+- removed upstream llvm14-fix-build.patch
+-------------------------------------------------------------------
Sat Jun 4 13:26:34 UTC 2022 - Aaron Puchert
- Add llvm14-fix-build.patch: fix build with LLVM 14.
diff --git a/afl.spec b/afl.spec
index 77c8e51..a98d21b 100644
--- a/afl.spec
+++ b/afl.spec
@@ -36,7 +36,7 @@
%endif
Name: afl
-Version: 4.00c
+Version: 4.01c
Release: 0
Summary: American fuzzy lop is a security-oriented fuzzer
#URL: https://lcamtuf.coredump.cx/afl/
@@ -45,7 +45,6 @@ URL: https://github.com/AFLplusplus/AFLplusplus
Source: https://github.com/AFLplusplus/AFLplusplus/archive/%{version}.tar.gz
Source1: afl-rpmlintrc
Patch1: afl-3.0c-fix-paths.patch
-Patch2: https://github.com/AFLplusplus/AFLplusplus/commit/675d17d737ee5dee88766d9c181567771592c94c.patch#/llvm14-fix-build.patch
BuildRequires: clang
BuildRequires: gcc-c++
%ifarch x86_64
@@ -77,7 +76,6 @@ use cases - say, common image parsing or file compression libraries.
%prep
%setup -q -n AFLplusplus-%version
%patch1 -p1
-%patch2 -p1
sed -i 's|#!/usr/bin/env sh|#!/bin/sh|g' afl-cmin
sed -i 's|#!/usr/bin/env bash|#!/bin/bash|g' afl-cmin.bash
diff --git a/llvm14-fix-build.patch b/llvm14-fix-build.patch
deleted file mode 100644
index 9d8aa43..0000000
--- a/llvm14-fix-build.patch
+++ /dev/null
@@ -1,140 +0,0 @@
-From 05119990b6075aaf8f16a385a763651f68b8b1ef Mon Sep 17 00:00:00 2001
-From: Raphael Isemann
-Date: Tue, 22 Feb 2022 10:54:51 +0100
-Subject: [PATCH] LLVM 14 fixes
-
----
- instrumentation/SanitizerCoverageLTO.so.cc | 5 +++--
- instrumentation/SanitizerCoveragePCGUARD.so.cc | 1 +
- instrumentation/afl-llvm-dict2file.so.cc | 4 ++--
- instrumentation/afl-llvm-lto-instrumentlist.so.cc | 1 +
- instrumentation/afl-llvm-pass.so.cc | 1 +
- instrumentation/compare-transform-pass.so.cc | 4 ++--
- src/afl-cc.c | 4 ++--
- 7 files changed, 12 insertions(+), 8 deletions(-)
-
-diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc
-index 6a4a071f7..1bdc53768 100644
---- a/instrumentation/SanitizerCoverageLTO.so.cc
-+++ b/instrumentation/SanitizerCoverageLTO.so.cc
-@@ -17,6 +17,7 @@
- #include "llvm/Transforms/Instrumentation/SanitizerCoverage.h"
- #include "llvm/ADT/ArrayRef.h"
- #include "llvm/ADT/SmallVector.h"
-+#include "llvm/ADT/Triple.h"
- #include "llvm/Analysis/EHPersonalities.h"
- #include "llvm/Analysis/PostDominators.h"
- #include "llvm/Analysis/ValueTracking.h"
-@@ -757,7 +758,7 @@ bool ModuleSanitizerCoverage::instrumentModule(
- if (!HasStr2) {
-
- auto *Ptr = dyn_cast(Str2P);
-- if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) {
-+ if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) {
-
- if (auto *Var = dyn_cast(Ptr->getOperand(0))) {
-
-@@ -838,7 +839,7 @@ bool ModuleSanitizerCoverage::instrumentModule(
-
- auto Ptr = dyn_cast(Str1P);
-
-- if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) {
-+ if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) {
-
- if (auto *Var = dyn_cast(Ptr->getOperand(0))) {
-
-diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc
-index e4ffeb508..48bb5a2cc 100644
---- a/instrumentation/SanitizerCoveragePCGUARD.so.cc
-+++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc
-@@ -13,6 +13,7 @@
- #include "llvm/Transforms/Instrumentation/SanitizerCoverage.h"
- #include "llvm/ADT/ArrayRef.h"
- #include "llvm/ADT/SmallVector.h"
-+#include "llvm/ADT/Triple.h"
- #include "llvm/Analysis/EHPersonalities.h"
- #include "llvm/Analysis/PostDominators.h"
- #include "llvm/IR/CFG.h"
-diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc
-index 391246606..94dc6984d 100644
---- a/instrumentation/afl-llvm-dict2file.so.cc
-+++ b/instrumentation/afl-llvm-dict2file.so.cc
-@@ -435,7 +435,7 @@ bool AFLdict2filePass::runOnModule(Module &M) {
- if (!HasStr2) {
-
- auto *Ptr = dyn_cast(Str2P);
-- if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) {
-+ if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) {
-
- if (auto *Var = dyn_cast(Ptr->getOperand(0))) {
-
-@@ -519,7 +519,7 @@ bool AFLdict2filePass::runOnModule(Module &M) {
-
- auto Ptr = dyn_cast(Str1P);
-
-- if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) {
-+ if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) {
-
- if (auto *Var = dyn_cast(Ptr->getOperand(0))) {
-
-diff --git a/instrumentation/afl-llvm-lto-instrumentlist.so.cc b/instrumentation/afl-llvm-lto-instrumentlist.so.cc
-index 35ba9c5a0..2ddbc7253 100644
---- a/instrumentation/afl-llvm-lto-instrumentlist.so.cc
-+++ b/instrumentation/afl-llvm-lto-instrumentlist.so.cc
-@@ -43,6 +43,7 @@
- #include "llvm/IR/IRBuilder.h"
- #include "llvm/IR/LegacyPassManager.h"
- #include "llvm/IR/Module.h"
-+#include "llvm/Pass.h"
- #include "llvm/Support/Debug.h"
- #include "llvm/Transforms/IPO/PassManagerBuilder.h"
- #include "llvm/IR/CFG.h"
-diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc
-index 5246ba089..6419cd1dc 100644
---- a/instrumentation/afl-llvm-pass.so.cc
-+++ b/instrumentation/afl-llvm-pass.so.cc
-@@ -45,6 +45,7 @@ typedef long double max_align_t;
- #endif
-
- #include "llvm/IR/IRBuilder.h"
-+#include "llvm/Pass.h"
- #include "llvm/IR/LegacyPassManager.h"
- #include "llvm/IR/BasicBlock.h"
- #include "llvm/IR/Module.h"
-diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc
-index c3a4ee344..1e250d7aa 100644
---- a/instrumentation/compare-transform-pass.so.cc
-+++ b/instrumentation/compare-transform-pass.so.cc
-@@ -246,7 +246,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
- if (!(HasStr1 || HasStr2)) {
-
- auto *Ptr = dyn_cast(Str2P);
-- if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) {
-+ if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) {
-
- if (auto *Var = dyn_cast(Ptr->getOperand(0))) {
-
-@@ -271,7 +271,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
- if (!HasStr2) {
-
- Ptr = dyn_cast(Str1P);
-- if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) {
-+ if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) {
-
- if (auto *Var = dyn_cast(Ptr->getOperand(0))) {
-
-diff --git a/src/afl-cc.c b/src/afl-cc.c
-index ed57ca1ed..bacd9de96 100644
---- a/src/afl-cc.c
-+++ b/src/afl-cc.c
-@@ -549,8 +549,8 @@ static void edit_params(u32 argc, char **argv, char **envp) {
- }
-
- #if LLVM_MAJOR >= 13
-- // fuck you llvm 13
-- cc_params[cc_par_cnt++] = "-fno-experimental-new-pass-manager";
-+ // Use the old pass manager in LLVM 14 which the afl++ passes still use.
-+ cc_params[cc_par_cnt++] = "-flegacy-pass-manager";
- #endif
-
- if (lto_mode && !have_c) {