Hello community, here is the log from the commit of package afl for openSUSE:Factory checked in at 2015-08-12 15:12:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/afl (Old) and /work/SRC/openSUSE:Factory/.afl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "afl" Changes: -------- --- /work/SRC/openSUSE:Factory/afl/afl.changes 2015-08-07 00:24:05.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.afl.new/afl.changes 2015-08-12 15:13:00.000000000 +0200 @@ -1,0 +2,7 @@ +Mon Aug 10 19:49:56 UTC 2015 - astie...@suse.com + +- afl 1.86b: + * Added support for AFL_SKIP_CRASHES + * Removed the hard-fail terminal size check + +------------------------------------------------------------------- Old: ---- afl-1.85b.tgz New: ---- afl-1.86b.tgz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ afl.spec ++++++ --- /var/tmp/diff_new_pack.J1oWgy/_old 2015-08-12 15:13:01.000000000 +0200 +++ /var/tmp/diff_new_pack.J1oWgy/_new 2015-08-12 15:13:01.000000000 +0200 @@ -17,7 +17,7 @@ Name: afl -Version: 1.85b +Version: 1.86b Release: 0 Summary: American fuzzy lop is a security-oriented fuzzer License: Apache-2.0 ++++++ afl-1.85b.tgz -> afl-1.86b.tgz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.85b/Makefile new/afl-1.86b/Makefile --- old/afl-1.85b/Makefile 2015-08-01 04:44:56.000000000 +0200 +++ new/afl-1.86b/Makefile 2015-08-09 06:26:31.000000000 +0200 @@ -14,7 +14,7 @@ # PROGNAME = afl -VERSION = 1.85b +VERSION = 1.86b PREFIX ?= /usr/local BIN_PATH = $(PREFIX)/bin diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.85b/afl-fuzz.c new/afl-1.86b/afl-fuzz.c --- old/afl-1.85b/afl-fuzz.c 2015-07-04 21:36:50.000000000 +0200 +++ new/afl-1.86b/afl-fuzz.c 2015-08-09 06:34:48.000000000 +0200 @@ -88,6 +88,7 @@ resuming_fuzz, /* Resuming an older fuzzing job? */ timeout_given, /* Specific timeout given? */ not_on_tty, /* stdout is not a tty */ + term_too_small, /* terminal dimensions too small */ uses_asan, /* Target uses ASAN? */ no_forkserver, /* Disable forkserver? */ crash_mode, /* Crash mode! Yeah! */ @@ -2491,8 +2492,8 @@ static void perform_dry_run(char** argv) { struct queue_entry* q = queue; - u32 id = 0; u32 cal_failures = 0; + u8* skip_crashes = getenv("AFL_SKIP_CRASHES"); while (q) { @@ -2576,6 +2577,13 @@ if (crash_mode) break; + if (skip_crashes) { + WARNF("Test case results in a crash (skipping)"); + q->cal_failed = CAL_CHANCES; + cal_failures++; + break; + } + if (mem_limit) { SAYF("\n" cLRD "[-] " cRST @@ -2660,17 +2668,18 @@ if (q->var_behavior) WARNF("Instrumentation output varies across runs."); q = q->next; - id++; } if (cal_failures) { if (cal_failures == queued_paths) - FATAL("All test cases time out, giving up!"); + FATAL("All test cases time out%s, giving up!", + skip_crashes ? " or crash" : ""); - WARNF("Skipped %u test cases (%0.02f%%) due to timeouts.", cal_failures, - ((double)cal_failures) * 100 / queued_paths); + WARNF("Skipped %u test cases (%0.02f%%) due to timeouts%s.", cal_failures, + ((double)cal_failures) * 100 / queued_paths, + skip_crashes ? " or crashes" : ""); if (cal_failures * 5 > queued_paths) WARNF(cLRD "High percentage of rejected test cases, check settings!"); @@ -3605,6 +3614,9 @@ } +static void check_term_size(void); + + /* A spiffy retro stats screen! This is called every stats_update_freq execve() calls, plus in several other circumstances. */ @@ -3700,10 +3712,21 @@ SAYF(TERM_CLEAR CURSOR_HIDE); clear_screen = 0; + check_term_size(); + } SAYF(TERM_HOME); + if (term_too_small) { + + SAYF(cBRI "Your terminal is too small to display the UI.\n" + "Please resize terminal window to at least 80x25.\n" cNOR); + + return; + + } + /* Let's start by drawing a centered banner. */ banner_len = (crash_mode ? 24 : 22) + strlen(VERSION) + strlen(use_banner); @@ -3916,7 +3939,7 @@ sprintf(tmp, "%s/%s, %s/%s, %s/%s", DI(stage_finds[STAGE_FLIP1]), DI(stage_cycles[STAGE_FLIP1]), - DI(stage_finds[STAGE_FLIP4]), DI(stage_cycles[STAGE_FLIP2]), + DI(stage_finds[STAGE_FLIP2]), DI(stage_cycles[STAGE_FLIP2]), DI(stage_finds[STAGE_FLIP4]), DI(stage_cycles[STAGE_FLIP4])); } @@ -6618,9 +6641,9 @@ } -/* Check terminal dimensions. */ +/* Check if we're on TTY. */ -static void check_terminal(void) { +static void check_if_tty(void) { struct winsize ws; @@ -6634,19 +6657,20 @@ return; } - if (ws.ws_row < 25 || ws.ws_col < 80) { +} - SAYF("\n" cLRD "[-] " cRST - "Oops, your terminal window seems to be smaller than 80 x 25 characters.\n" - " That's not enough for afl-fuzz to correctly draw its fancy ANSI UI!\n\n" - " Depending on the terminal software you are using, you should be able to\n" - " resize the window by dragging its edges, or to adjust the dimensions in\n" - " the settings menu.\n"); +/* Check terminal dimensions after resize. */ - FATAL("Please resize terminal to 80x25 or more"); +static void check_term_size(void) { - } + struct winsize ws; + + term_too_small = 0; + + if (ioctl(1, TIOCGWINSZ, &ws)) return; + + if (ws.ws_row < 25 || ws.ws_col < 80) term_too_small = 1; } @@ -7481,7 +7505,7 @@ fix_up_banner(argv[optind]); - check_terminal(); + check_if_tty(); get_core_count(); check_crash_handling(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.85b/docs/ChangeLog new/afl-1.86b/docs/ChangeLog --- old/afl-1.85b/docs/ChangeLog 2015-08-01 04:44:35.000000000 +0200 +++ new/afl-1.86b/docs/ChangeLog 2015-08-09 06:24:23.000000000 +0200 @@ -17,6 +17,18 @@ to get on with the times. -------------- +Version 1.86b: +-------------- + + - Added support for AFL_SKIP_CRASHES, which is a very hackish solution to + the problem of resuming sessions with intermittently crashing inputs. + + - Removed the hard-fail terminal size check, replaced with a dynamic + warning shown in place of the UI. Based on feedback from Christian Holler. + + - Fixed a minor typo in show_stats. Spotted by Dingbao Xie. + +-------------- Version 1.85b: -------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.85b/docs/README new/afl-1.86b/docs/README --- old/afl-1.85b/docs/README 2015-08-01 04:44:49.000000000 +0200 +++ new/afl-1.86b/docs/README 2015-08-09 06:09:32.000000000 +0200 @@ -427,6 +427,7 @@ Keegan McAllister Kostya Serebryany Richo Healey Martijn Bogaard rc0r Jonathan Foote + Christian Holler Thank you! diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.85b/docs/env_variables.txt new/afl-1.86b/docs/env_variables.txt --- old/afl-1.85b/docs/env_variables.txt 2015-06-11 08:42:08.000000000 +0200 +++ new/afl-1.86b/docs/env_variables.txt 2015-08-09 06:26:17.000000000 +0200 @@ -107,6 +107,11 @@ normally indicated by the cycle counter in the UI turning green. May be convenient for some types of automated jobs. + - AFL_SKIP_CRASHES causes AFL to tolerate crashing files in the input + queue. This can help with rare situations where a program crashes only + intermittently, but it's not really recommended under normal operating + conditions. + - When developing custom instrumentation on top of afl-fuzz, you can use AFL_SKIP_BIN_CHECK to inhibit the checks for non-instrumented binaries and shell scripts; and AFL_DUMB_FORKSRV in conjunction with the -n diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.85b/docs/notes_for_asan.txt new/afl-1.86b/docs/notes_for_asan.txt --- old/afl-1.85b/docs/notes_for_asan.txt 2015-04-17 02:19:08.000000000 +0200 +++ new/afl-1.86b/docs/notes_for_asan.txt 2015-08-07 17:16:17.000000000 +0200 @@ -109,3 +109,16 @@ emulation, so please do not try to use them with the -Q option; QEMU doesn't seem to appreciate the shadow VM trick used by these tools, and will likely just allocate all your physical memory, then crash. + +4) What about UBSAN? +-------------------- + +Some folks expressed interest in fuzzing with UBSAN. This isn't officially +supported, because many installations of UBSAN don't offer a consistent way +to abort() on fault conditions or to terminate with a distinctive exit code. + +That said, some versions of the library can be binary-patched to address this +issue, while newer releases support explicit compile-time flags - see this +mailing list thread for tips: + + https://groups.google.com/forum/#!topic/afl-users/GyeSBJt4M38 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-1.85b/docs/sister_projects.txt new/afl-1.86b/docs/sister_projects.txt --- old/afl-1.85b/docs/sister_projects.txt 2015-07-27 07:34:57.000000000 +0200 +++ new/afl-1.86b/docs/sister_projects.txt 2015-08-06 19:35:02.000000000 +0200 @@ -21,7 +21,7 @@ Go-fuzz (Dmitry Vyukov) ----------------------- - AFL-style guided fuzzing approach for Go targets: + AFL-inspired guided fuzzing approach for Go targets: https://github.com/dvyukov/go-fuzz @@ -154,6 +154,13 @@ Narrow-purpose or experimental: ------------------------------- +Pause and resume scripts (Ben Nagy) +----------------------------------- + + Simple automation to suspend and resume groups of fuzzing jobs. + + https://gist.github.com/bnagy/8f0eb29eb125653f73fd + Static binary-only instrumentation (Aleksandar Nikolich) --------------------------------------------------------