diff options
author | Sigmanificient <edhyjox@gmail.com> | 2024-04-21 18:10:00 +0200 |
---|---|---|
committer | Sigmanificient <edhyjox@gmail.com> | 2024-04-21 19:10:20 +0200 |
commit | 9fa18cfbbddbf9e7e44618ca1e642a4938f3ec14 (patch) | |
tree | 88e415886a6ca86c91e599c647927c7007a0db59 | |
parent | 65b10c53d110fb78e1c752ca53dfba1e72746ad1 (diff) |
afl: remove
-rw-r--r-- | pkgs/tools/security/afl/README.md | 19 | ||||
-rw-r--r-- | pkgs/tools/security/afl/default.nix | 82 | ||||
-rw-r--r-- | pkgs/tools/security/afl/libdislocator.nix | 35 | ||||
-rw-r--r-- | pkgs/tools/security/afl/qemu-patches/no-etc-install.patch | 13 | ||||
-rw-r--r-- | pkgs/tools/security/afl/qemu-patches/syscall-glibc2_30.diff | 51 | ||||
-rw-r--r-- | pkgs/tools/security/afl/qemu.nix | 77 | ||||
-rw-r--r-- | pkgs/top-level/aliases.nix | 1 | ||||
-rw-r--r-- | pkgs/top-level/all-packages.nix | 6 |
8 files changed, 2 insertions, 282 deletions
diff --git a/pkgs/tools/security/afl/README.md b/pkgs/tools/security/afl/README.md deleted file mode 100644 index 180cad6bc4ca6..0000000000000 --- a/pkgs/tools/security/afl/README.md +++ /dev/null @@ -1,19 +0,0 @@ -Updating the QEMU patches -========================= - -When updating to the latest American Fuzzy Lop, make sure to check for -any new patches to qemu for binary fuzzing support: - -https://github.com/google/AFL/tree/master/qemu_mode - -Be sure to check the build script and make sure it's also using the -right QEMU version and options in `qemu.nix`: - -https://github.com/google/AFL/blob/master/qemu_mode/build_qemu_support.sh - -`afl-config.h`, `afl-types.h`, and `afl-qemu-cpu-inl.h` are part of -the afl source code, and copied from `config.h`, `types.h` and -`afl-qemu-cpu-inl.h` appropriately. These files and the QEMU patches -need to be slightly adjusted to fix their `#include`s (the patches -try to otherwise include files like `../../config.h` which causes the -build to fail). diff --git a/pkgs/tools/security/afl/default.nix b/pkgs/tools/security/afl/default.nix deleted file mode 100644 index ccdbd78716d96..0000000000000 --- a/pkgs/tools/security/afl/default.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ lib, stdenv, fetchFromGitHub, callPackage, makeWrapper -, clang, llvm, which, libcgroup -}: - -let - afl-qemu = callPackage ./qemu.nix { inherit afl; }; - qemu-exe-name = if stdenv.hostPlatform.system == "x86_64-linux" then "qemu-x86_64" - else if stdenv.hostPlatform.system == "i686-linux" then "qemu-i386" - else throw "afl: no support for ${stdenv.hostPlatform.system}!"; - afl = stdenv.mkDerivation rec { - pname = "afl"; - version = "2.57b"; - - src = fetchFromGitHub { - owner = "google"; - repo = pname; - rev = "v${version}"; - sha256 = "0fqj3g6ds1f21kxz7m9mc1fspi9r4jg9jcmi60inwxijrc5ncvr6"; - }; - enableParallelBuilding = true; - - # Note: libcgroup isn't needed for building, just for the afl-cgroup - # script. - nativeBuildInputs = [ makeWrapper which llvm.dev ]; - buildInputs = [ llvm ]; - - makeFlags = [ "PREFIX=$(out)" ]; - postBuild = '' - make -C llvm_mode $makeFlags -j$NIX_BUILD_CORES - ''; - postInstall = '' - # Install the custom QEMU emulator for binary blob fuzzing. - cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace - - # Install the cgroups wrapper for asan-based fuzzing. - cp experimental/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup - chmod +x $out/bin/afl-cgroup - substituteInPlace $out/bin/afl-cgroup \ - --replace "cgcreate" "${libcgroup}/bin/cgcreate" \ - --replace "cgexec" "${libcgroup}/bin/cgexec" \ - --replace "cgdelete" "${libcgroup}/bin/cgdelete" - - # Patch shebangs before wrapping - patchShebangs $out/bin - - # Wrap afl-clang-fast(++) with a *different* AFL_PATH, because it - # has totally different semantics in that case(?) - and also set a - # proper AFL_CC and AFL_CXX so we don't pick up the wrong one out - # of $PATH. - # first though we need to replace the afl-clang-fast++ symlink with - # a real copy to prevent wrapProgram skipping the symlink and confusing - # nix's cc wrapper - rm $out/bin/afl-clang-fast++ - cp $out/bin/afl-clang-fast $out/bin/afl-clang-fast++ - for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do - wrapProgram $x \ - --prefix AFL_PATH : "$out/lib/afl" \ - --run 'export AFL_CC=''${AFL_CC:-${clang}/bin/clang} AFL_CXX=''${AFL_CXX:-${clang}/bin/clang++}' - done - ''; - - passthru.qemu = afl-qemu; - - meta = { - description = "Powerful fuzzer via genetic algorithms and instrumentation"; - longDescription = '' - American fuzzy lop is a fuzzer that employs a novel type of - compile-time instrumentation and genetic algorithms to - automatically discover clean, interesting test cases that - trigger new internal states in the targeted binary. This - substantially improves the functional coverage for the fuzzed - code. The compact synthesized corpora produced by the tool are - also useful for seeding other, more labor or resource-intensive - testing regimes down the road. - ''; - homepage = "https://lcamtuf.coredump.cx/afl/"; - license = lib.licenses.asl20; - platforms = ["x86_64-linux" "i686-linux"]; - maintainers = with lib.maintainers; [ thoughtpolice ris ]; - }; - }; -in afl diff --git a/pkgs/tools/security/afl/libdislocator.nix b/pkgs/tools/security/afl/libdislocator.nix deleted file mode 100644 index 1030ffaf9eb85..0000000000000 --- a/pkgs/tools/security/afl/libdislocator.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ lib, stdenv, afl}: - -stdenv.mkDerivation { - version = lib.getVersion afl; - pname = "libdislocator"; - - src = afl.src; - sourceRoot = "${afl.src.name}/libdislocator"; - - makeFlags = [ "PREFIX=$(out)" ]; - - preInstall = '' - mkdir -p $out/lib/afl - ''; - postInstall = '' - mkdir $out/bin - cat > $out/bin/get-libdislocator-so <<END - #!${stdenv.shell} - echo $out/lib/afl/libdislocator.so - END - chmod +x $out/bin/get-libdislocator-so - ''; - - meta = with lib; { - homepage = "https://lcamtuf.coredump.cx/afl/"; - description = '' - Drop-in replacement for the libc allocator which improves - the odds of bumping into heap-related security bugs in - several ways. - ''; - mainProgram = "get-libdislocator-so"; - license = lib.licenses.asl20; - maintainers = with maintainers; [ ris ]; - }; -} diff --git a/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch b/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch deleted file mode 100644 index 5dfbfd780f1ca..0000000000000 --- a/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/Makefile b/Makefile -index d6b9dc1..ce7c493 100644 ---- a/Makefile -+++ b/Makefile -@@ -601,7 +601,7 @@ install-localstatedir: - endif - - --install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir -+install: all $(if $(BUILD_DOCS),install-doc) install-datadir - ifneq ($(TOOLS),) - $(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir)) - endif diff --git a/pkgs/tools/security/afl/qemu-patches/syscall-glibc2_30.diff b/pkgs/tools/security/afl/qemu-patches/syscall-glibc2_30.diff deleted file mode 100644 index aa2950bf157c7..0000000000000 --- a/pkgs/tools/security/afl/qemu-patches/syscall-glibc2_30.diff +++ /dev/null @@ -1,51 +0,0 @@ ---- qemu-2.10.0-clean/linux-user/syscall.c 2020-03-12 18:47:47.898592169 +0100 -+++ qemu-2.10.0/linux-user/syscall.c 2020-03-13 09:13:42.461809699 +0100 -@@ -34,6 +34,7 @@ - #include <sys/resource.h> - #include <sys/swap.h> - #include <linux/capability.h> -+#include <linux/sockios.h> // https://lkml.org/lkml/2019/6/3/988 - #include <sched.h> - #include <sys/timex.h> - #ifdef __ia64__ -@@ -256,7 +257,9 @@ static type name (type1 arg1,type2 arg2, - #endif - - #ifdef __NR_gettid --_syscall0(int, gettid) -+// taken from https://patchwork.kernel.org/patch/10862231/ -+#define __NR_sys_gettid __NR_gettid -+_syscall0(int, sys_gettid) - #else - /* This is a replacement for the host gettid() and must return a host - errno. */ -@@ -6219,7 +6222,7 @@ static void *clone_func(void *arg) - cpu = ENV_GET_CPU(env); - thread_cpu = cpu; - ts = (TaskState *)cpu->opaque; -- info->tid = gettid(); -+ info->tid = sys_gettid(); - task_settid(ts); - if (info->child_tidptr) - put_user_u32(info->tid, info->child_tidptr); -@@ -6363,9 +6366,9 @@ static int do_fork(CPUArchState *env, un - mapping. We can't repeat the spinlock hack used above because - the child process gets its own copy of the lock. */ - if (flags & CLONE_CHILD_SETTID) -- put_user_u32(gettid(), child_tidptr); -+ put_user_u32(sys_gettid(), child_tidptr); - if (flags & CLONE_PARENT_SETTID) -- put_user_u32(gettid(), parent_tidptr); -+ put_user_u32(sys_gettid(), parent_tidptr); - ts = (TaskState *)cpu->opaque; - if (flags & CLONE_SETTLS) - cpu_set_tls (env, newtls); -@@ -11402,7 +11405,7 @@ abi_long do_syscall(void *cpu_env, int n - break; - #endif - case TARGET_NR_gettid: -- ret = get_errno(gettid()); -+ ret = get_errno(sys_gettid()); - break; - #ifdef TARGET_NR_readahead - case TARGET_NR_readahead: diff --git a/pkgs/tools/security/afl/qemu.nix b/pkgs/tools/security/afl/qemu.nix deleted file mode 100644 index 845d9fa3e6f15..0000000000000 --- a/pkgs/tools/security/afl/qemu.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ lib, stdenv, fetchurl, afl, python2, zlib, pkg-config, glib, perl -, texinfo, libuuid, flex, bison, pixman, autoconf -}: - -let - cpuTarget = if stdenv.hostPlatform.system == "x86_64-linux" then "x86_64-linux-user" - else if stdenv.hostPlatform.system == "i686-linux" then "i386-linux-user" - else throw "afl: no support for ${stdenv.hostPlatform.system}!"; -in -stdenv.mkDerivation rec { - pname = "afl-qemu"; - version = "2.10.0"; - - srcs = [ - (fetchurl { - url = "https://download.qemu.org/qemu-${version}.tar.bz2"; - sha256 = "0j3dfxzrzdp1w21k21fjvmakzc6lcha1rsclaicwqvbf63hkk7vy"; - }) - afl.src - ]; - - sourceRoot = "qemu-${version}"; - - postUnpack = '' - cp ${afl.src.name}/types.h $sourceRoot/afl-types.h - substitute ${afl.src.name}/config.h $sourceRoot/afl-config.h \ - --replace "types.h" "afl-types.h" - substitute ${afl.src.name}/qemu_mode/patches/afl-qemu-cpu-inl.h $sourceRoot/afl-qemu-cpu-inl.h \ - --replace "../../config.h" "afl-config.h" - substituteInPlace ${afl.src.name}/qemu_mode/patches/cpu-exec.diff \ - --replace "../patches/afl-qemu-cpu-inl.h" "afl-qemu-cpu-inl.h" - ''; - - nativeBuildInputs = [ - python2 perl pkg-config flex bison autoconf texinfo - ]; - - buildInputs = [ - zlib glib pixman libuuid - ]; - - enableParallelBuilding = true; - - patches = [ - # patches extracted from afl source - "../${afl.src.name}/qemu_mode/patches/cpu-exec.diff" - "../${afl.src.name}/qemu_mode/patches/elfload.diff" - "../${afl.src.name}/qemu_mode/patches/syscall.diff" - "../${afl.src.name}/qemu_mode/patches/configure.diff" - "../${afl.src.name}/qemu_mode/patches/memfd.diff" - # nix-specific patches to make installation more well-behaved - ./qemu-patches/no-etc-install.patch - # patch for fixing qemu build on glibc >= 2.30 - ./qemu-patches/syscall-glibc2_30.diff - ]; - - configureFlags = - [ "--disable-system" - "--enable-linux-user" - "--disable-gtk" - "--disable-sdl" - "--disable-vnc" - "--disable-kvm" - "--target-list=${cpuTarget}" - "--enable-pie" - "--sysconfdir=/etc" - "--localstatedir=/var" - ]; - - meta = with lib; { - homepage = "https://www.qemu.org/"; - description = "Fork of QEMU with AFL instrumentation support"; - license = licenses.gpl2Plus; - maintainers = with maintainers; [ thoughtpolice ]; - platforms = platforms.linux; - }; -} diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index c8a80540f9e82..0a388f0b57046 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -61,6 +61,7 @@ mapAliases ({ adtool = throw "'adtool' has been removed, as it was broken and unmaintained"; advcpmv = throw "'advcpmv' has been removed, as it is not being actively maintained and break recent coreutils."; # Added 2024-03-29 aether = throw "aether has been removed from nixpkgs; upstream unmaintained, security issues"; # Added 2023-10-03 + afl = throw "afl has been removed as the upstream project was archived. Consider using 'aflplusplus'"; # Added 2024-04-21 airfield = throw "airfield has been removed due to being unmaintained"; # Added 2023-05-19 alertmanager-bot = throw "alertmanager-bot is broken and has been archived by upstream"; # Added 2023-07-28 alsa-project = throw "alsa-project was removed and its sub-attributes were promoted to top-level."; # Added 2023-11-12 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1665a3b0e7710..0f17f400fc501 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1612,10 +1612,6 @@ with pkgs; afio = callPackage ../tools/archivers/afio { }; - afl = callPackage ../tools/security/afl { - stdenv = clangStdenv; - }; - honggfuzz = callPackage ../tools/security/honggfuzz { clang = clang_16; llvm = llvm_16; @@ -1630,7 +1626,7 @@ with pkgs; ledfx = callPackage ../applications/audio/ledfx { }; - libdislocator = callPackage ../tools/security/afl/libdislocator.nix { }; + libdislocator = callPackage ../tools/security/aflplusplus/libdislocator.nix { }; afpfs-ng = callPackage ../tools/filesystems/afpfs-ng { }; |