afl: remove
This commit is contained in:
parent
65b10c53d1
commit
9fa18cfbbd
|
@ -1,19 +0,0 @@
|
||||||
Updating the QEMU patches
|
|
||||||
=========================
|
|
||||||
|
|
||||||
When updating to the latest American Fuzzy Lop, make sure to check for
|
|
||||||
any new patches to qemu for binary fuzzing support:
|
|
||||||
|
|
||||||
https://github.com/google/AFL/tree/master/qemu_mode
|
|
||||||
|
|
||||||
Be sure to check the build script and make sure it's also using the
|
|
||||||
right QEMU version and options in `qemu.nix`:
|
|
||||||
|
|
||||||
https://github.com/google/AFL/blob/master/qemu_mode/build_qemu_support.sh
|
|
||||||
|
|
||||||
`afl-config.h`, `afl-types.h`, and `afl-qemu-cpu-inl.h` are part of
|
|
||||||
the afl source code, and copied from `config.h`, `types.h` and
|
|
||||||
`afl-qemu-cpu-inl.h` appropriately. These files and the QEMU patches
|
|
||||||
need to be slightly adjusted to fix their `#include`s (the patches
|
|
||||||
try to otherwise include files like `../../config.h` which causes the
|
|
||||||
build to fail).
|
|
|
@ -1,82 +0,0 @@
|
||||||
{ lib, stdenv, fetchFromGitHub, callPackage, makeWrapper
|
|
||||||
, clang, llvm, which, libcgroup
|
|
||||||
}:
|
|
||||||
|
|
||||||
let
|
|
||||||
afl-qemu = callPackage ./qemu.nix { inherit afl; };
|
|
||||||
qemu-exe-name = if stdenv.hostPlatform.system == "x86_64-linux" then "qemu-x86_64"
|
|
||||||
else if stdenv.hostPlatform.system == "i686-linux" then "qemu-i386"
|
|
||||||
else throw "afl: no support for ${stdenv.hostPlatform.system}!";
|
|
||||||
afl = stdenv.mkDerivation rec {
|
|
||||||
pname = "afl";
|
|
||||||
version = "2.57b";
|
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "google";
|
|
||||||
repo = pname;
|
|
||||||
rev = "v${version}";
|
|
||||||
sha256 = "0fqj3g6ds1f21kxz7m9mc1fspi9r4jg9jcmi60inwxijrc5ncvr6";
|
|
||||||
};
|
|
||||||
enableParallelBuilding = true;
|
|
||||||
|
|
||||||
# Note: libcgroup isn't needed for building, just for the afl-cgroup
|
|
||||||
# script.
|
|
||||||
nativeBuildInputs = [ makeWrapper which llvm.dev ];
|
|
||||||
buildInputs = [ llvm ];
|
|
||||||
|
|
||||||
makeFlags = [ "PREFIX=$(out)" ];
|
|
||||||
postBuild = ''
|
|
||||||
make -C llvm_mode $makeFlags -j$NIX_BUILD_CORES
|
|
||||||
'';
|
|
||||||
postInstall = ''
|
|
||||||
# Install the custom QEMU emulator for binary blob fuzzing.
|
|
||||||
cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace
|
|
||||||
|
|
||||||
# Install the cgroups wrapper for asan-based fuzzing.
|
|
||||||
cp experimental/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup
|
|
||||||
chmod +x $out/bin/afl-cgroup
|
|
||||||
substituteInPlace $out/bin/afl-cgroup \
|
|
||||||
--replace "cgcreate" "${libcgroup}/bin/cgcreate" \
|
|
||||||
--replace "cgexec" "${libcgroup}/bin/cgexec" \
|
|
||||||
--replace "cgdelete" "${libcgroup}/bin/cgdelete"
|
|
||||||
|
|
||||||
# Patch shebangs before wrapping
|
|
||||||
patchShebangs $out/bin
|
|
||||||
|
|
||||||
# Wrap afl-clang-fast(++) with a *different* AFL_PATH, because it
|
|
||||||
# has totally different semantics in that case(?) - and also set a
|
|
||||||
# proper AFL_CC and AFL_CXX so we don't pick up the wrong one out
|
|
||||||
# of $PATH.
|
|
||||||
# first though we need to replace the afl-clang-fast++ symlink with
|
|
||||||
# a real copy to prevent wrapProgram skipping the symlink and confusing
|
|
||||||
# nix's cc wrapper
|
|
||||||
rm $out/bin/afl-clang-fast++
|
|
||||||
cp $out/bin/afl-clang-fast $out/bin/afl-clang-fast++
|
|
||||||
for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do
|
|
||||||
wrapProgram $x \
|
|
||||||
--prefix AFL_PATH : "$out/lib/afl" \
|
|
||||||
--run 'export AFL_CC=''${AFL_CC:-${clang}/bin/clang} AFL_CXX=''${AFL_CXX:-${clang}/bin/clang++}'
|
|
||||||
done
|
|
||||||
'';
|
|
||||||
|
|
||||||
passthru.qemu = afl-qemu;
|
|
||||||
|
|
||||||
meta = {
|
|
||||||
description = "Powerful fuzzer via genetic algorithms and instrumentation";
|
|
||||||
longDescription = ''
|
|
||||||
American fuzzy lop is a fuzzer that employs a novel type of
|
|
||||||
compile-time instrumentation and genetic algorithms to
|
|
||||||
automatically discover clean, interesting test cases that
|
|
||||||
trigger new internal states in the targeted binary. This
|
|
||||||
substantially improves the functional coverage for the fuzzed
|
|
||||||
code. The compact synthesized corpora produced by the tool are
|
|
||||||
also useful for seeding other, more labor or resource-intensive
|
|
||||||
testing regimes down the road.
|
|
||||||
'';
|
|
||||||
homepage = "https://lcamtuf.coredump.cx/afl/";
|
|
||||||
license = lib.licenses.asl20;
|
|
||||||
platforms = ["x86_64-linux" "i686-linux"];
|
|
||||||
maintainers = with lib.maintainers; [ thoughtpolice ris ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in afl
|
|
|
@ -1,35 +0,0 @@
|
||||||
{ lib, stdenv, afl}:
|
|
||||||
|
|
||||||
stdenv.mkDerivation {
|
|
||||||
version = lib.getVersion afl;
|
|
||||||
pname = "libdislocator";
|
|
||||||
|
|
||||||
src = afl.src;
|
|
||||||
sourceRoot = "${afl.src.name}/libdislocator";
|
|
||||||
|
|
||||||
makeFlags = [ "PREFIX=$(out)" ];
|
|
||||||
|
|
||||||
preInstall = ''
|
|
||||||
mkdir -p $out/lib/afl
|
|
||||||
'';
|
|
||||||
postInstall = ''
|
|
||||||
mkdir $out/bin
|
|
||||||
cat > $out/bin/get-libdislocator-so <<END
|
|
||||||
#!${stdenv.shell}
|
|
||||||
echo $out/lib/afl/libdislocator.so
|
|
||||||
END
|
|
||||||
chmod +x $out/bin/get-libdislocator-so
|
|
||||||
'';
|
|
||||||
|
|
||||||
meta = with lib; {
|
|
||||||
homepage = "https://lcamtuf.coredump.cx/afl/";
|
|
||||||
description = ''
|
|
||||||
Drop-in replacement for the libc allocator which improves
|
|
||||||
the odds of bumping into heap-related security bugs in
|
|
||||||
several ways.
|
|
||||||
'';
|
|
||||||
mainProgram = "get-libdislocator-so";
|
|
||||||
license = lib.licenses.asl20;
|
|
||||||
maintainers = with maintainers; [ ris ];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,13 +0,0 @@
|
||||||
diff --git a/Makefile b/Makefile
|
|
||||||
index d6b9dc1..ce7c493 100644
|
|
||||||
--- a/Makefile
|
|
||||||
+++ b/Makefile
|
|
||||||
@@ -601,7 +601,7 @@ install-localstatedir:
|
|
||||||
endif
|
|
||||||
|
|
||||||
|
|
||||||
-install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir
|
|
||||||
+install: all $(if $(BUILD_DOCS),install-doc) install-datadir
|
|
||||||
ifneq ($(TOOLS),)
|
|
||||||
$(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir))
|
|
||||||
endif
|
|
|
@ -1,51 +0,0 @@
|
||||||
--- qemu-2.10.0-clean/linux-user/syscall.c 2020-03-12 18:47:47.898592169 +0100
|
|
||||||
+++ qemu-2.10.0/linux-user/syscall.c 2020-03-13 09:13:42.461809699 +0100
|
|
||||||
@@ -34,6 +34,7 @@
|
|
||||||
#include <sys/resource.h>
|
|
||||||
#include <sys/swap.h>
|
|
||||||
#include <linux/capability.h>
|
|
||||||
+#include <linux/sockios.h> // https://lkml.org/lkml/2019/6/3/988
|
|
||||||
#include <sched.h>
|
|
||||||
#include <sys/timex.h>
|
|
||||||
#ifdef __ia64__
|
|
||||||
@@ -256,7 +257,9 @@ static type name (type1 arg1,type2 arg2,
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef __NR_gettid
|
|
||||||
-_syscall0(int, gettid)
|
|
||||||
+// taken from https://patchwork.kernel.org/patch/10862231/
|
|
||||||
+#define __NR_sys_gettid __NR_gettid
|
|
||||||
+_syscall0(int, sys_gettid)
|
|
||||||
#else
|
|
||||||
/* This is a replacement for the host gettid() and must return a host
|
|
||||||
errno. */
|
|
||||||
@@ -6219,7 +6222,7 @@ static void *clone_func(void *arg)
|
|
||||||
cpu = ENV_GET_CPU(env);
|
|
||||||
thread_cpu = cpu;
|
|
||||||
ts = (TaskState *)cpu->opaque;
|
|
||||||
- info->tid = gettid();
|
|
||||||
+ info->tid = sys_gettid();
|
|
||||||
task_settid(ts);
|
|
||||||
if (info->child_tidptr)
|
|
||||||
put_user_u32(info->tid, info->child_tidptr);
|
|
||||||
@@ -6363,9 +6366,9 @@ static int do_fork(CPUArchState *env, un
|
|
||||||
mapping. We can't repeat the spinlock hack used above because
|
|
||||||
the child process gets its own copy of the lock. */
|
|
||||||
if (flags & CLONE_CHILD_SETTID)
|
|
||||||
- put_user_u32(gettid(), child_tidptr);
|
|
||||||
+ put_user_u32(sys_gettid(), child_tidptr);
|
|
||||||
if (flags & CLONE_PARENT_SETTID)
|
|
||||||
- put_user_u32(gettid(), parent_tidptr);
|
|
||||||
+ put_user_u32(sys_gettid(), parent_tidptr);
|
|
||||||
ts = (TaskState *)cpu->opaque;
|
|
||||||
if (flags & CLONE_SETTLS)
|
|
||||||
cpu_set_tls (env, newtls);
|
|
||||||
@@ -11402,7 +11405,7 @@ abi_long do_syscall(void *cpu_env, int n
|
|
||||||
break;
|
|
||||||
#endif
|
|
||||||
case TARGET_NR_gettid:
|
|
||||||
- ret = get_errno(gettid());
|
|
||||||
+ ret = get_errno(sys_gettid());
|
|
||||||
break;
|
|
||||||
#ifdef TARGET_NR_readahead
|
|
||||||
case TARGET_NR_readahead:
|
|
|
@ -1,77 +0,0 @@
|
||||||
{ lib, stdenv, fetchurl, afl, python2, zlib, pkg-config, glib, perl
|
|
||||||
, texinfo, libuuid, flex, bison, pixman, autoconf
|
|
||||||
}:
|
|
||||||
|
|
||||||
let
|
|
||||||
cpuTarget = if stdenv.hostPlatform.system == "x86_64-linux" then "x86_64-linux-user"
|
|
||||||
else if stdenv.hostPlatform.system == "i686-linux" then "i386-linux-user"
|
|
||||||
else throw "afl: no support for ${stdenv.hostPlatform.system}!";
|
|
||||||
in
|
|
||||||
stdenv.mkDerivation rec {
|
|
||||||
pname = "afl-qemu";
|
|
||||||
version = "2.10.0";
|
|
||||||
|
|
||||||
srcs = [
|
|
||||||
(fetchurl {
|
|
||||||
url = "https://download.qemu.org/qemu-${version}.tar.bz2";
|
|
||||||
sha256 = "0j3dfxzrzdp1w21k21fjvmakzc6lcha1rsclaicwqvbf63hkk7vy";
|
|
||||||
})
|
|
||||||
afl.src
|
|
||||||
];
|
|
||||||
|
|
||||||
sourceRoot = "qemu-${version}";
|
|
||||||
|
|
||||||
postUnpack = ''
|
|
||||||
cp ${afl.src.name}/types.h $sourceRoot/afl-types.h
|
|
||||||
substitute ${afl.src.name}/config.h $sourceRoot/afl-config.h \
|
|
||||||
--replace "types.h" "afl-types.h"
|
|
||||||
substitute ${afl.src.name}/qemu_mode/patches/afl-qemu-cpu-inl.h $sourceRoot/afl-qemu-cpu-inl.h \
|
|
||||||
--replace "../../config.h" "afl-config.h"
|
|
||||||
substituteInPlace ${afl.src.name}/qemu_mode/patches/cpu-exec.diff \
|
|
||||||
--replace "../patches/afl-qemu-cpu-inl.h" "afl-qemu-cpu-inl.h"
|
|
||||||
'';
|
|
||||||
|
|
||||||
nativeBuildInputs = [
|
|
||||||
python2 perl pkg-config flex bison autoconf texinfo
|
|
||||||
];
|
|
||||||
|
|
||||||
buildInputs = [
|
|
||||||
zlib glib pixman libuuid
|
|
||||||
];
|
|
||||||
|
|
||||||
enableParallelBuilding = true;
|
|
||||||
|
|
||||||
patches = [
|
|
||||||
# patches extracted from afl source
|
|
||||||
"../${afl.src.name}/qemu_mode/patches/cpu-exec.diff"
|
|
||||||
"../${afl.src.name}/qemu_mode/patches/elfload.diff"
|
|
||||||
"../${afl.src.name}/qemu_mode/patches/syscall.diff"
|
|
||||||
"../${afl.src.name}/qemu_mode/patches/configure.diff"
|
|
||||||
"../${afl.src.name}/qemu_mode/patches/memfd.diff"
|
|
||||||
# nix-specific patches to make installation more well-behaved
|
|
||||||
./qemu-patches/no-etc-install.patch
|
|
||||||
# patch for fixing qemu build on glibc >= 2.30
|
|
||||||
./qemu-patches/syscall-glibc2_30.diff
|
|
||||||
];
|
|
||||||
|
|
||||||
configureFlags =
|
|
||||||
[ "--disable-system"
|
|
||||||
"--enable-linux-user"
|
|
||||||
"--disable-gtk"
|
|
||||||
"--disable-sdl"
|
|
||||||
"--disable-vnc"
|
|
||||||
"--disable-kvm"
|
|
||||||
"--target-list=${cpuTarget}"
|
|
||||||
"--enable-pie"
|
|
||||||
"--sysconfdir=/etc"
|
|
||||||
"--localstatedir=/var"
|
|
||||||
];
|
|
||||||
|
|
||||||
meta = with lib; {
|
|
||||||
homepage = "https://www.qemu.org/";
|
|
||||||
description = "Fork of QEMU with AFL instrumentation support";
|
|
||||||
license = licenses.gpl2Plus;
|
|
||||||
maintainers = with maintainers; [ thoughtpolice ];
|
|
||||||
platforms = platforms.linux;
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -61,6 +61,7 @@ mapAliases ({
|
||||||
adtool = throw "'adtool' has been removed, as it was broken and unmaintained";
|
adtool = throw "'adtool' has been removed, as it was broken and unmaintained";
|
||||||
advcpmv = throw "'advcpmv' has been removed, as it is not being actively maintained and break recent coreutils."; # Added 2024-03-29
|
advcpmv = throw "'advcpmv' has been removed, as it is not being actively maintained and break recent coreutils."; # Added 2024-03-29
|
||||||
aether = throw "aether has been removed from nixpkgs; upstream unmaintained, security issues"; # Added 2023-10-03
|
aether = throw "aether has been removed from nixpkgs; upstream unmaintained, security issues"; # Added 2023-10-03
|
||||||
|
afl = throw "afl has been removed as the upstream project was archived. Consider using 'aflplusplus'"; # Added 2024-04-21
|
||||||
airfield = throw "airfield has been removed due to being unmaintained"; # Added 2023-05-19
|
airfield = throw "airfield has been removed due to being unmaintained"; # Added 2023-05-19
|
||||||
alertmanager-bot = throw "alertmanager-bot is broken and has been archived by upstream"; # Added 2023-07-28
|
alertmanager-bot = throw "alertmanager-bot is broken and has been archived by upstream"; # Added 2023-07-28
|
||||||
alsa-project = throw "alsa-project was removed and its sub-attributes were promoted to top-level."; # Added 2023-11-12
|
alsa-project = throw "alsa-project was removed and its sub-attributes were promoted to top-level."; # Added 2023-11-12
|
||||||
|
|
|
@ -1612,10 +1612,6 @@ with pkgs;
|
||||||
|
|
||||||
afio = callPackage ../tools/archivers/afio { };
|
afio = callPackage ../tools/archivers/afio { };
|
||||||
|
|
||||||
afl = callPackage ../tools/security/afl {
|
|
||||||
stdenv = clangStdenv;
|
|
||||||
};
|
|
||||||
|
|
||||||
honggfuzz = callPackage ../tools/security/honggfuzz {
|
honggfuzz = callPackage ../tools/security/honggfuzz {
|
||||||
clang = clang_16;
|
clang = clang_16;
|
||||||
llvm = llvm_16;
|
llvm = llvm_16;
|
||||||
|
@ -1630,7 +1626,7 @@ with pkgs;
|
||||||
|
|
||||||
ledfx = callPackage ../applications/audio/ledfx { };
|
ledfx = callPackage ../applications/audio/ledfx { };
|
||||||
|
|
||||||
libdislocator = callPackage ../tools/security/afl/libdislocator.nix { };
|
libdislocator = callPackage ../tools/security/aflplusplus/libdislocator.nix { };
|
||||||
|
|
||||||
afpfs-ng = callPackage ../tools/filesystems/afpfs-ng { };
|
afpfs-ng = callPackage ../tools/filesystems/afpfs-ng { };
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user