Merge pull request #305782 from Sigmanificient/afl-remove

afl: remove
2024-04-21 20:15:19 +02:00 · 2024-04-21 20:15:19 +02:00 · 05fdb3f9ad
parent 014f831080 9fa18cfbbd
commit 05fdb3f9ad
8 changed files with 2 additions and 282 deletions
--- a/pkgs/tools/security/afl/README.md
+++ b/pkgs/tools/security/afl/README.md
@ -1,19 +0,0 @@
-Updating the QEMU patches
-=========================
-
-When updating to the latest American Fuzzy Lop, make sure to check for
-any new patches to qemu for binary fuzzing support:
-
-https://github.com/google/AFL/tree/master/qemu_mode
-
-Be sure to check the build script and make sure it's also using the
-right QEMU version and options in `qemu.nix`:
-
-https://github.com/google/AFL/blob/master/qemu_mode/build_qemu_support.sh
-
-`afl-config.h`, `afl-types.h`, and `afl-qemu-cpu-inl.h` are part of
-the afl source code, and copied from `config.h`, `types.h` and
-`afl-qemu-cpu-inl.h` appropriately. These files and the QEMU patches
-need to be slightly adjusted to fix their `#include`s (the patches
-try to otherwise include files like `../../config.h` which causes the
-build to fail).
--- a/pkgs/tools/security/afl/default.nix
+++ b/pkgs/tools/security/afl/default.nix
@ -1,82 +0,0 @@
-{ lib, stdenv, fetchFromGitHub, callPackage, makeWrapper
-, clang, llvm, which, libcgroup
-}:
-
-let
-  afl-qemu = callPackage ./qemu.nix { inherit afl; };
-  qemu-exe-name = if stdenv.hostPlatform.system == "x86_64-linux" then "qemu-x86_64"
-    else if stdenv.hostPlatform.system == "i686-linux" then "qemu-i386"
-    else throw "afl: no support for ${stdenv.hostPlatform.system}!";
-  afl = stdenv.mkDerivation rec {
-    pname = "afl";
-    version = "2.57b";
-
-    src = fetchFromGitHub {
-      owner = "google";
-      repo = pname;
-      rev = "v${version}";
-      sha256 = "0fqj3g6ds1f21kxz7m9mc1fspi9r4jg9jcmi60inwxijrc5ncvr6";
-    };
-    enableParallelBuilding = true;
-
-    # Note: libcgroup isn't needed for building, just for the afl-cgroup
-    # script.
-    nativeBuildInputs = [ makeWrapper which llvm.dev ];
-    buildInputs = [ llvm ];
-
-    makeFlags = [ "PREFIX=$(out)" ];
-    postBuild = ''
-      make -C llvm_mode $makeFlags -j$NIX_BUILD_CORES
-    '';
-    postInstall = ''
-      # Install the custom QEMU emulator for binary blob fuzzing.
-      cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace
-
-      # Install the cgroups wrapper for asan-based fuzzing.
-      cp experimental/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup
-      chmod +x $out/bin/afl-cgroup
-      substituteInPlace $out/bin/afl-cgroup \
-        --replace "cgcreate" "${libcgroup}/bin/cgcreate" \
-        --replace "cgexec"   "${libcgroup}/bin/cgexec" \
-        --replace "cgdelete" "${libcgroup}/bin/cgdelete"
-
-      # Patch shebangs before wrapping
-      patchShebangs $out/bin
-
-      # Wrap afl-clang-fast(++) with a *different* AFL_PATH, because it
-      # has totally different semantics in that case(?) - and also set a
-      # proper AFL_CC and AFL_CXX so we don't pick up the wrong one out
-      # of $PATH.
-      # first though we need to replace the afl-clang-fast++ symlink with
-      # a real copy to prevent wrapProgram skipping the symlink and confusing
-      # nix's cc wrapper
-      rm $out/bin/afl-clang-fast++
-      cp $out/bin/afl-clang-fast $out/bin/afl-clang-fast++
-      for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do
-        wrapProgram $x \
-          --prefix AFL_PATH : "$out/lib/afl" \
-          --run 'export AFL_CC=''${AFL_CC:-${clang}/bin/clang} AFL_CXX=''${AFL_CXX:-${clang}/bin/clang++}'
-      done
-    '';
-
-    passthru.qemu = afl-qemu;
-
-    meta = {
-      description = "Powerful fuzzer via genetic algorithms and instrumentation";
-      longDescription = ''
-        American fuzzy lop is a fuzzer that employs a novel type of
-        compile-time instrumentation and genetic algorithms to
-        automatically discover clean, interesting test cases that
-        trigger new internal states in the targeted binary. This
-        substantially improves the functional coverage for the fuzzed
-        code. The compact synthesized corpora produced by the tool are
-        also useful for seeding other, more labor or resource-intensive
-        testing regimes down the road.
-      '';
-      homepage    = "https://lcamtuf.coredump.cx/afl/";
-      license     = lib.licenses.asl20;
-      platforms   = ["x86_64-linux" "i686-linux"];
-      maintainers = with lib.maintainers; [ thoughtpolice ris ];
-    };
-  };
-in afl
--- a/pkgs/tools/security/afl/libdislocator.nix
+++ b/pkgs/tools/security/afl/libdislocator.nix
@ -1,35 +0,0 @@
-{ lib, stdenv, afl}:
-
-stdenv.mkDerivation {
-  version = lib.getVersion afl;
-  pname = "libdislocator";
-
-  src = afl.src;
-  sourceRoot = "${afl.src.name}/libdislocator";
-
-  makeFlags = [ "PREFIX=$(out)" ];
-
-  preInstall = ''
-    mkdir -p $out/lib/afl
-  '';
-  postInstall = ''
-    mkdir $out/bin
-    cat > $out/bin/get-libdislocator-so <<END
-    #!${stdenv.shell}
-    echo $out/lib/afl/libdislocator.so
-    END
-    chmod +x $out/bin/get-libdislocator-so
-  '';
-
-  meta = with lib; {
-    homepage = "https://lcamtuf.coredump.cx/afl/";
-    description = ''
-      Drop-in replacement for the libc allocator which improves
-      the odds of bumping into heap-related security bugs in
-      several ways.
-    '';
-    mainProgram = "get-libdislocator-so";
-    license = lib.licenses.asl20;
-    maintainers = with maintainers; [ ris ];
-  };
-}
--- a/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch
+++ b/pkgs/tools/security/afl/qemu-patches/no-etc-install.patch
@ -1,13 +0,0 @@
-diff --git a/Makefile b/Makefile
-index d6b9dc1..ce7c493 100644
--- a/Makefile
-+++ b/Makefile
-@@ -601,7 +601,7 @@ install-localstatedir:
- endif
- 
- 
-install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir
-+install: all $(if $(BUILD_DOCS),install-doc) install-datadir
- ifneq ($(TOOLS),)
- 	$(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir))
- endif
--- a/pkgs/tools/security/afl/qemu-patches/syscall-glibc2_30.diff
+++ b/pkgs/tools/security/afl/qemu-patches/syscall-glibc2_30.diff
@ -1,51 +0,0 @@
--- qemu-2.10.0-clean/linux-user/syscall.c	2020-03-12 18:47:47.898592169 +0100
-+++ qemu-2.10.0/linux-user/syscall.c	2020-03-13 09:13:42.461809699 +0100
-@@ -34,6 +34,7 @@
- #include <sys/resource.h>
- #include <sys/swap.h>
- #include <linux/capability.h>
-+#include <linux/sockios.h> // https://lkml.org/lkml/2019/6/3/988
- #include <sched.h>
- #include <sys/timex.h>
- #ifdef __ia64__
-@@ -256,7 +257,9 @@ static type name (type1 arg1,type2 arg2,
- #endif
- 
- #ifdef __NR_gettid
-_syscall0(int, gettid)
-+// taken from https://patchwork.kernel.org/patch/10862231/
-+#define __NR_sys_gettid __NR_gettid
-+_syscall0(int, sys_gettid)
- #else
- /* This is a replacement for the host gettid() and must return a host
-    errno. */
-@@ -6219,7 +6222,7 @@ static void *clone_func(void *arg)
-     cpu = ENV_GET_CPU(env);
-     thread_cpu = cpu;
-     ts = (TaskState *)cpu->opaque;
-    info->tid = gettid();
-+    info->tid = sys_gettid();
-     task_settid(ts);
-     if (info->child_tidptr)
-         put_user_u32(info->tid, info->child_tidptr);
-@@ -6363,9 +6366,9 @@ static int do_fork(CPUArchState *env, un
-                mapping.  We can't repeat the spinlock hack used above because
-                the child process gets its own copy of the lock.  */
-             if (flags & CLONE_CHILD_SETTID)
-                put_user_u32(gettid(), child_tidptr);
-+                put_user_u32(sys_gettid(), child_tidptr);
-             if (flags & CLONE_PARENT_SETTID)
-                put_user_u32(gettid(), parent_tidptr);
-+                put_user_u32(sys_gettid(), parent_tidptr);
-             ts = (TaskState *)cpu->opaque;
-             if (flags & CLONE_SETTLS)
-                 cpu_set_tls (env, newtls);
-@@ -11402,7 +11405,7 @@ abi_long do_syscall(void *cpu_env, int n
-         break;
- #endif
-     case TARGET_NR_gettid:
-        ret = get_errno(gettid());
-+        ret = get_errno(sys_gettid());
-         break;
- #ifdef TARGET_NR_readahead
-     case TARGET_NR_readahead:
--- a/pkgs/tools/security/afl/qemu.nix
+++ b/pkgs/tools/security/afl/qemu.nix
@ -1,77 +0,0 @@
-{ lib, stdenv, fetchurl, afl, python2, zlib, pkg-config, glib, perl
-, texinfo, libuuid, flex, bison, pixman, autoconf
-}:
-
-let
-  cpuTarget = if stdenv.hostPlatform.system == "x86_64-linux" then "x86_64-linux-user"
-    else if stdenv.hostPlatform.system == "i686-linux" then "i386-linux-user"
-    else throw "afl: no support for ${stdenv.hostPlatform.system}!";
-in
-stdenv.mkDerivation rec {
-  pname = "afl-qemu";
-  version = "2.10.0";
-
-  srcs = [
-    (fetchurl {
-      url = "https://download.qemu.org/qemu-${version}.tar.bz2";
-      sha256 = "0j3dfxzrzdp1w21k21fjvmakzc6lcha1rsclaicwqvbf63hkk7vy";
-    })
-    afl.src
-  ];
-
-  sourceRoot = "qemu-${version}";
-
-  postUnpack = ''
-    cp ${afl.src.name}/types.h $sourceRoot/afl-types.h
-    substitute ${afl.src.name}/config.h $sourceRoot/afl-config.h \
-      --replace "types.h" "afl-types.h"
-    substitute ${afl.src.name}/qemu_mode/patches/afl-qemu-cpu-inl.h $sourceRoot/afl-qemu-cpu-inl.h \
-      --replace "../../config.h" "afl-config.h"
-    substituteInPlace ${afl.src.name}/qemu_mode/patches/cpu-exec.diff \
-      --replace "../patches/afl-qemu-cpu-inl.h" "afl-qemu-cpu-inl.h"
-  '';
-
-  nativeBuildInputs = [
-    python2 perl pkg-config flex bison autoconf texinfo
-  ];
-
-  buildInputs = [
-    zlib glib pixman libuuid
-  ];
-
-  enableParallelBuilding = true;
-
-  patches = [
-    # patches extracted from afl source
-    "../${afl.src.name}/qemu_mode/patches/cpu-exec.diff"
-    "../${afl.src.name}/qemu_mode/patches/elfload.diff"
-    "../${afl.src.name}/qemu_mode/patches/syscall.diff"
-    "../${afl.src.name}/qemu_mode/patches/configure.diff"
-    "../${afl.src.name}/qemu_mode/patches/memfd.diff"
-    # nix-specific patches to make installation more well-behaved
-    ./qemu-patches/no-etc-install.patch
-    # patch for fixing qemu build on glibc >= 2.30
-    ./qemu-patches/syscall-glibc2_30.diff
-  ];
-
-  configureFlags =
-    [ "--disable-system"
-      "--enable-linux-user"
-      "--disable-gtk"
-      "--disable-sdl"
-      "--disable-vnc"
-      "--disable-kvm"
-      "--target-list=${cpuTarget}"
-      "--enable-pie"
-      "--sysconfdir=/etc"
-      "--localstatedir=/var"
-    ];
-
-  meta = with lib; {
-    homepage = "https://www.qemu.org/";
-    description = "Fork of QEMU with AFL instrumentation support";
-    license = licenses.gpl2Plus;
-    maintainers = with maintainers; [ thoughtpolice ];
-    platforms = platforms.linux;
-  };
-}
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@ -61,6 +61,7 @@ mapAliases ({
  adtool = throw "'adtool' has been removed, as it was broken and unmaintained";
  advcpmv = throw "'advcpmv' has been removed, as it is not being actively maintained and break recent coreutils."; # Added 2024-03-29
  aether = throw "aether has been removed from nixpkgs; upstream unmaintained, security issues"; # Added 2023-10-03
+  afl = throw "afl has been removed as the upstream project was archived. Consider using 'aflplusplus'"; # Added 2024-04-21
  airfield = throw "airfield has been removed due to being unmaintained"; # Added 2023-05-19
  alertmanager-bot = throw "alertmanager-bot is broken and has been archived by upstream"; # Added 2023-07-28
  alsa-project = throw "alsa-project was removed and its sub-attributes were promoted to top-level."; # Added 2023-11-12
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -1614,10 +1614,6 @@ with pkgs;

  afio = callPackage ../tools/archivers/afio { };

-  afl = callPackage ../tools/security/afl {
-    stdenv = clangStdenv;
-  };
-
  honggfuzz = callPackage ../tools/security/honggfuzz {
    clang = clang_16;
    llvm = llvm_16;
@ -1632,7 +1628,7 @@ with pkgs;

  ledfx = callPackage ../applications/audio/ledfx { };

-  libdislocator = callPackage ../tools/security/afl/libdislocator.nix { };
+  libdislocator = callPackage ../tools/security/aflplusplus/libdislocator.nix { };

  afpfs-ng = callPackage ../tools/filesystems/afpfs-ng { };