Hello community, here is the log from the commit of package afl for openSUSE:Factory checked in at 2015-12-23 08:49:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/afl (Old) and /work/SRC/openSUSE:Factory/.afl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "afl" Changes: -------- --- /work/SRC/openSUSE:Factory/afl/afl.changes 2015-11-13 23:36:15.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.afl.new/afl.changes 2015-12-23 08:49:50.000000000 +0100 @@ -1,0 +2,11 @@ +Sat Dec 19 15:45:22 UTC 2015 - mpluskal@suse.com + +- Update to 1.96b + * Added -fpic to CFLAGS for the clang plugin, as suggested by + Hanno Boeck. + * Made another clang change (IRBuilder) suggested by Jeff Trull. + * Fixed several typos, spotted by Jakub Wilk. + * Added support for AFL_SHUFFLE_QUEUE, based on discussions with + Christian Holler. + +------------------------------------------------------------------- Old: ---- afl-1.95b.tgz New: ---- afl-1.96b.tgz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ afl.spec ++++++ --- /var/tmp/diff_new_pack.xfq7nb/_old 2015-12-23 08:49:51.000000000 +0100 +++ /var/tmp/diff_new_pack.xfq7nb/_new 2015-12-23 08:49:51.000000000 +0100 @@ -17,7 +17,7 @@ Name: afl -Version: 1.95b +Version: 1.96b Release: 0 Summary: American fuzzy lop is a security-oriented fuzzer License: Apache-2.0 ++++++ afl-1.95b.tgz -> afl-1.96b.tgz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.95b/Makefile new/afl-1.96b/Makefile --- old/afl-1.95b/Makefile 2015-11-13 03:58:12.000000000 +0100 +++ new/afl-1.96b/Makefile 2015-12-16 05:24:06.000000000 +0100 @@ -14,7 +14,7 @@ # PROGNAME = afl -VERSION = 1.95b +VERSION = 1.96b PREFIX ?= /usr/local BIN_PATH = $(PREFIX)/bin diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.95b/afl-fuzz.c new/afl-1.96b/afl-fuzz.c --- old/afl-1.95b/afl-fuzz.c 2015-11-13 03:58:02.000000000 +0100 +++ new/afl-1.96b/afl-fuzz.c 2015-12-16 05:57:42.000000000 +0100 @@ -96,6 +96,7 @@ auto_changed, /* Auto-generated tokens changed? */ no_cpu_meter_red, /* Feng shui on the status screen */ no_var_check, /* Don't detect variable behavior */ + shuffle_queue, /* Shuffle input queue? */ bitmap_changed = 1, /* Time to update bitmap? */ qemu_mode, /* Running in QEMU mode? */ skip_requested, /* Skip request, via SIGUSR1 */ @@ -335,6 +336,24 @@ } +/* Shuffle an array of pointers. Might be slightly biased. */ + +static void shuffle_ptrs(void** ptrs, u32 cnt) { + + u32 i; + + for (i = 0; i < cnt - 2; i++) { + + u32 j = i + UR(cnt - i); + void *s = ptrs[i]; + ptrs[i] = ptrs[j]; + ptrs[j] = s; + + } + +} + + #ifndef IGNORE_FINDS /* Helper function to compare buffers; returns first and last differing offset. We @@ -1276,6 +1295,13 @@ } + if (shuffle_queue && nl_cnt > 1) { + + ACTF("Shuffling queue..."); + shuffle_ptrs((void**)nl, nl_cnt); + + } + for (i = 0; i < nl_cnt; i++) { struct stat st; @@ -1523,7 +1549,7 @@ } - if (x) FATAL("Dictinary levels not supported for directories."); + if (x) FATAL("Dictionary levels not supported for directories."); while ((de = readdir(d))) { @@ -2657,7 +2683,7 @@ useless_at_start++; - if (!in_bitmap) + if (!in_bitmap && !shuffle_queue) WARNF("No new instrumentation output, test case may be useless."); break; @@ -7517,9 +7543,10 @@ } - if (getenv("AFL_NO_FORKSRV")) no_forkserver = 1; - if (getenv("AFL_NO_CPU_RED")) no_cpu_meter_red = 1; - if (getenv("AFL_NO_VAR_CHECK")) no_var_check = 1; + if (getenv("AFL_NO_FORKSRV")) no_forkserver = 1; + if (getenv("AFL_NO_CPU_RED")) no_cpu_meter_red = 1; + if (getenv("AFL_NO_VAR_CHECK")) no_var_check = 1; + if (getenv("AFL_SHUFFLE_QUEUE")) shuffle_queue = 1; if (dumb_mode == 2 && no_forkserver) FATAL("AFL_DUMB_FORKSRV and AFL_NO_FORKSRV are mutually exclusive"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.95b/docs/ChangeLog new/afl-1.96b/docs/ChangeLog --- old/afl-1.95b/docs/ChangeLog 2015-11-13 03:56:43.000000000 +0100 +++ new/afl-1.96b/docs/ChangeLog 2015-12-16 05:58:59.000000000 +0100 @@ -17,6 +17,19 @@ to get on with the times. -------------- +Version 1.96b: +-------------- + + - Added -fpic to CFLAGS for the clang plugin, as suggested by Hanno Boeck. + + - Made another clang change (IRBuilder) suggested by Jeff Trull. + + - Fixed several typos, spotted by Jakub Wilk. + + - Added support for AFL_SHUFFLE_QUEUE, based on discussions with + Christian Holler. + +-------------- Version 1.95b: -------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.95b/docs/README new/afl-1.96b/docs/README --- old/afl-1.95b/docs/README 2015-09-12 03:36:00.000000000 +0200 +++ new/afl-1.96b/docs/README 2015-12-16 05:28:07.000000000 +0100 @@ -424,7 +424,7 @@ rc0r Jonathan Foote Christian Holler Dominique Pelle Jacek Wielemborek Leo Barnes - Jeremy Barnes + Jeremy Barnes Jeff Trull Thank you! diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.95b/docs/env_variables.txt new/afl-1.96b/docs/env_variables.txt --- old/afl-1.95b/docs/env_variables.txt 2015-09-01 01:36:18.000000000 +0200 +++ new/afl-1.96b/docs/env_variables.txt 2015-12-16 05:46:58.000000000 +0100 @@ -114,6 +114,10 @@ intermittently, but it's not really recommended under normal operating conditions. + - AFL_SHUFFLE_QUEUE randomly reorders the input queue on startup. Requested + by some users for unorthodox parallelized fuzzing setups, but not + advisable otherwise. + - When developing custom instrumentation on top of afl-fuzz, you can use AFL_SKIP_BIN_CHECK to inhibit the checks for non-instrumented binaries and shell scripts; and AFL_DUMB_FORKSRV in conjunction with the -n diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.95b/llvm_mode/Makefile new/afl-1.96b/llvm_mode/Makefile --- old/afl-1.95b/llvm_mode/Makefile 2015-09-01 00:59:44.000000000 +0200 +++ new/afl-1.96b/llvm_mode/Makefile 2015-12-16 05:25:00.000000000 +0100 @@ -33,7 +33,7 @@ CXXFLAGS += -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign \ -DVERSION=\"$(VERSION)\" -CLANG_CFL = `$(LLVM_CONFIG) --cxxflags` -fno-rtti $(CXXFLAGS) +CLANG_CFL = `$(LLVM_CONFIG) --cxxflags` -fno-rtti -fpic $(CXXFLAGS) CLANG_LFL = `$(LLVM_CONFIG) --ldflags` $(LDFLAGS) # User teor2345 reports that this is required to make things work on MacOS X. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.95b/llvm_mode/README.llvm new/afl-1.96b/llvm_mode/README.llvm --- old/afl-1.95b/llvm_mode/README.llvm 2015-10-27 06:47:14.000000000 +0100 +++ new/afl-1.96b/llvm_mode/README.llvm 2015-12-16 05:26:18.000000000 +0100 @@ -121,7 +121,7 @@ You don't need the #ifdef guards, but including them ensures that the program will keep working normally when compiled with a tool other than afl-clang-fast. -Finally, recompile the pogram with afl-clang-fast (afl-gcc or afl-clang will +Finally, recompile the program with afl-clang-fast (afl-gcc or afl-clang will *not* generate a deferred-initialization binary) - and you should be all set! 5) Bonus feature #2: persistent mode diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.95b/llvm_mode/afl-llvm-pass.so.cc new/afl-1.96b/llvm_mode/afl-llvm-pass.so.cc --- old/afl-1.95b/llvm_mode/afl-llvm-pass.so.cc 2015-09-03 16:50:08.000000000 +0200 +++ new/afl-1.96b/llvm_mode/afl-llvm-pass.so.cc 2015-12-16 05:27:28.000000000 +0100 @@ -109,7 +109,7 @@ for (auto &BB : F) { BasicBlock::iterator IP = BB.getFirstInsertionPt(); - IRBuilder<> IRB(IP); + IRBuilder<> IRB(&(*IP)); if (R(100) >= inst_ratio) continue;