From 6fbc62419b70ef7a0336bd65c89227db2aec0f5b Mon Sep 17 00:00:00 2001 From: Austin Seipp Date: Wed, 13 May 2015 06:52:56 -0500 Subject: nixpkgs: afl 1.67b -> 1.80b Signed-off-by: Austin Seipp --- pkgs/tools/security/afl/default.nix | 15 +++++---------- pkgs/tools/security/afl/qemu-patches/afl-config.h | 9 +++++---- pkgs/tools/security/afl/qemu-patches/cpu-exec.patch | 14 +++++++------- pkgs/tools/security/afl/qemu-patches/elfload.patch | 8 ++++---- pkgs/tools/security/afl/qemu-patches/syscall.patch | 4 ++-- pkgs/tools/security/afl/qemu-patches/translate-all.patch | 6 +++--- pkgs/tools/security/afl/qemu.nix | 4 ++-- 7 files changed, 28 insertions(+), 32 deletions(-) (limited to 'pkgs/tools/security/afl') diff --git a/pkgs/tools/security/afl/default.nix b/pkgs/tools/security/afl/default.nix index ea495145d1ac1..2aed8df32605e 100644 --- a/pkgs/tools/security/afl/default.nix +++ b/pkgs/tools/security/afl/default.nix @@ -9,11 +9,11 @@ let in stdenv.mkDerivation rec { name = "afl-${version}"; - version = "1.67b"; + version = "1.80b"; src = fetchurl { url = "http://lcamtuf.coredump.cx/afl/releases/${name}.tgz"; - sha256 = "11763zgwqg2b5hak006rp0jb3w252js067z9ibgl4nj3br2ncmd2"; + sha256 = "008l2qirwlf40yhlrybcpglsil9nw8498qcjmvrnvvq31piwyhp0"; }; # Note: libcgroup isn't needed for building, just for the afl-cgroup @@ -22,7 +22,9 @@ stdenv.mkDerivation rec { buildPhase = '' make PREFIX=$out - cd llvm_mode && make && cd .. + cd llvm_mode + make PREFIX=$out CC=${clang}/bin/clang CXX=${clang}/bin/clang++ + cd .. ''; installPhase = '' # Do the normal installation @@ -42,13 +44,6 @@ stdenv.mkDerivation rec { # Patch shebangs before wrapping patchShebangs $out/bin - # Wrap every program with a custom $AFL_PATH; I believe there is a - # bug in afl which causes it to fail to find `afl-qemu-trace` - # relative to `afl-fuzz` or `afl-showmap`, so we instead set - # $AFL_PATH as a workaround, which allows it to be found. - for x in `ls $out/bin/afl-* | grep -v afl-clang-fast`; do - wrapProgram $x --prefix AFL_PATH : "$out/bin" - done # Wrap afl-clang-fast(++) with a *different* AFL_PATH, because it # has totally different semantics in that case(?) - and also set a # proper AFL_CC and AFL_CXX so we don't pick up the wrong one out diff --git a/pkgs/tools/security/afl/qemu-patches/afl-config.h b/pkgs/tools/security/afl/qemu-patches/afl-config.h index 0017f9d83f4b3..cbf48881ade2a 100644 --- a/pkgs/tools/security/afl/qemu-patches/afl-config.h +++ b/pkgs/tools/security/afl/qemu-patches/afl-config.h @@ -88,10 +88,10 @@ /* Maximum stacking for havoc-stage tweaks. The actual value is calculated like this: - n = random between 0 and HAVOC_STACK_POW2 + n = random between 1 and HAVOC_STACK_POW2 stacking = 2^n - In other words, the default (n = 7) produces 1, 2, 4, 8, 16, 32, 64, or + In other words, the default (n = 7) produces 2, 4, 8, 16, 32, 64, or 128 stacked tweaks: */ #define HAVOC_STACK_POW2 7 @@ -250,9 +250,10 @@ #define RESEED_RNG 10000 -/* Maximum line length passed from GCC to 'as': */ +/* Maximum line length passed from GCC to 'as' and used for parsing + configuration files: */ -#define MAX_AS_LINE 8192 +#define MAX_LINE 8192 /* Environment variable used to pass SHM ID to the called program. */ diff --git a/pkgs/tools/security/afl/qemu-patches/cpu-exec.patch b/pkgs/tools/security/afl/qemu-patches/cpu-exec.patch index 29b65e71b9ade..75a7ea450effe 100644 --- a/pkgs/tools/security/afl/qemu-patches/cpu-exec.patch +++ b/pkgs/tools/security/afl/qemu-patches/cpu-exec.patch @@ -1,15 +1,15 @@ ---- qemu-2.2.0/cpu-exec.c.orig 2014-12-09 14:45:40.000000000 +0000 -+++ qemu-2.2.0/cpu-exec.c 2015-02-20 22:07:02.966000000 +0000 -@@ -25,6 +25,8 @@ - #include "sysemu/qtest.h" - #include "qemu/timer.h" +--- qemu-2.3.0/cpu-exec.c.orig 2014-12-09 14:45:40.000000000 +0000 ++++ qemu-2.3.0/cpu-exec.c 2015-02-20 22:07:02.966000000 +0000 +@@ -28,6 +28,8 @@ + #include "exec/memory-internal.h" + #include "qemu/rcu.h" +#include "afl-qemu-cpu-inl.h" + /* -icount align implementation. */ typedef struct SyncClocks { -@@ -262,8 +264,11 @@ +@@ -296,8 +298,11 @@ } not_found: /* if no translated code available, then translate it now */ @@ -21,7 +21,7 @@ found: /* Move the last found TB to the head of the list */ if (likely(*ptb1)) { -@@ -455,6 +460,9 @@ +@@ -492,6 +497,9 @@ next_tb = 0; tcg_ctx.tb_ctx.tb_invalidated_flag = 0; } diff --git a/pkgs/tools/security/afl/qemu-patches/elfload.patch b/pkgs/tools/security/afl/qemu-patches/elfload.patch index 65f1572e9a7bf..325c917d15a33 100644 --- a/pkgs/tools/security/afl/qemu-patches/elfload.patch +++ b/pkgs/tools/security/afl/qemu-patches/elfload.patch @@ -1,5 +1,5 @@ ---- qemu-2.2.0/linux-user/elfload.c.orig 2014-12-09 14:45:42.000000000 +0000 -+++ qemu-2.2.0/linux-user/elfload.c 2015-01-28 02:51:23.719000000 +0000 +--- qemu-2.3.0/linux-user/elfload.c.orig 2014-12-09 14:45:42.000000000 +0000 ++++ qemu-2.3.0/linux-user/elfload.c 2015-01-28 02:51:23.719000000 +0000 @@ -28,6 +28,8 @@ #define ELF_OSABI ELFOSABI_SYSV @@ -9,7 +9,7 @@ /* from personality.h */ /* -@@ -1886,6 +1888,8 @@ +@@ -1889,6 +1891,8 @@ info->brk = 0; info->elf_flags = ehdr->e_flags; @@ -18,7 +18,7 @@ for (i = 0; i < ehdr->e_phnum; i++) { struct elf_phdr *eppnt = phdr + i; if (eppnt->p_type == PT_LOAD) { -@@ -1919,9 +1923,11 @@ +@@ -1922,9 +1926,11 @@ if (elf_prot & PROT_EXEC) { if (vaddr < info->start_code) { info->start_code = vaddr; diff --git a/pkgs/tools/security/afl/qemu-patches/syscall.patch b/pkgs/tools/security/afl/qemu-patches/syscall.patch index c8ffb61ba2cf2..75d39386164ee 100644 --- a/pkgs/tools/security/afl/qemu-patches/syscall.patch +++ b/pkgs/tools/security/afl/qemu-patches/syscall.patch @@ -1,5 +1,5 @@ ---- qemu-2.2.0/linux-user/syscall.c.orig 2014-12-09 14:45:43.000000000 +0000 -+++ qemu-2.2.0/linux-user/syscall.c 2015-03-27 06:33:00.736000000 +0000 +--- qemu-2.3.0/linux-user/syscall.c.orig 2014-12-09 14:45:43.000000000 +0000 ++++ qemu-2.3.0/linux-user/syscall.c 2015-03-27 06:33:00.736000000 +0000 @@ -227,7 +227,21 @@ _syscall3(int,sys_rt_sigqueueinfo,int,pid,int,sig,siginfo_t *,uinfo) _syscall3(int,sys_syslog,int,type,char*,bufp,int,len) diff --git a/pkgs/tools/security/afl/qemu-patches/translate-all.patch b/pkgs/tools/security/afl/qemu-patches/translate-all.patch index 89163b607fdc4..180b3a55ab25b 100644 --- a/pkgs/tools/security/afl/qemu-patches/translate-all.patch +++ b/pkgs/tools/security/afl/qemu-patches/translate-all.patch @@ -1,6 +1,6 @@ ---- qemu-2.2.0/translate-all.c.orig 2014-12-09 14:45:46.000000000 +0000 -+++ qemu-2.2.0/translate-all.c 2015-01-28 22:37:42.383000000 +0000 -@@ -387,8 +387,13 @@ +--- qemu-2.3.0/translate-all.c.orig 2014-12-09 14:45:46.000000000 +0000 ++++ qemu-2.3.0/translate-all.c 2015-01-28 22:37:42.383000000 +0000 +@@ -393,8 +393,13 @@ /* We can't use g_malloc because it may recurse into a locked mutex. */ # define ALLOC(P, SIZE) \ do { \ diff --git a/pkgs/tools/security/afl/qemu.nix b/pkgs/tools/security/afl/qemu.nix index 5b69811d08d65..3dd47f50cf76d 100644 --- a/pkgs/tools/security/afl/qemu.nix +++ b/pkgs/tools/security/afl/qemu.nix @@ -7,7 +7,7 @@ with stdenv.lib; let - n = "qemu-2.2.0"; + n = "qemu-2.3.0"; aflHeaderFile = writeText "afl-qemu-cpu-inl.h" (builtins.readFile ./qemu-patches/afl-qemu-cpu-inl.h); @@ -25,7 +25,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "http://wiki.qemu.org/download/${n}.tar.bz2"; - sha256 = "1703c3scl5n07gmpilg7g2xzyxnr7jczxgx6nn4m8kv9gin9p35n"; + sha256 = "120m53c3p28qxmfzllicjzr8syjv6v4d9rsyrgkp7gnmcgvvgfmn"; }; buildInputs = -- cgit 1.4.1