diff options
| author | Rick van Schijndel <rol3517@gmail.com> | 2020-04-24 20:22:54 +0200 |
|---|---|---|
| committer | Rick van Schijndel <rol3517@gmail.com> | 2020-05-04 21:56:49 +0200 |
| commit | 416c8914618c315863131903e6ced09f74165ad3 (patch) | |
| tree | 13740791f7ef63416d2fe541d5274f51b628d188 /pkgs/tools/security | |
| parent | 9a15100ca10c99b7eba0751334f531d745c9e95b (diff) | |
| download | nixlib-416c8914618c315863131903e6ced09f74165ad3.tar nixlib-416c8914618c315863131903e6ced09f74165ad3.tar.gz nixlib-416c8914618c315863131903e6ced09f74165ad3.tar.bz2 nixlib-416c8914618c315863131903e6ced09f74165ad3.tar.lz nixlib-416c8914618c315863131903e6ced09f74165ad3.tar.xz nixlib-416c8914618c315863131903e6ced09f74165ad3.tar.zst nixlib-416c8914618c315863131903e6ced09f74165ad3.zip | |
aflplusplus: 2.59c -> 2.64c
Updated together with maintainers.ris / @risicle.
Diffstat (limited to 'pkgs/tools/security')
| -rw-r--r-- | pkgs/tools/security/aflplusplus/default.nix | 82 | ||||
| -rw-r--r-- | pkgs/tools/security/aflplusplus/libdislocator.nix | 2 | ||||
| -rw-r--r-- | pkgs/tools/security/aflplusplus/libtokencap.nix | 1 | ||||
| -rw-r--r-- | pkgs/tools/security/aflplusplus/qemu.nix | 6 |
4 files changed, 54 insertions, 37 deletions
diff --git a/pkgs/tools/security/aflplusplus/default.nix b/pkgs/tools/security/aflplusplus/default.nix index a52ea88950c0..f99be6d75758 100644 --- a/pkgs/tools/security/aflplusplus/default.nix +++ b/pkgs/tools/security/aflplusplus/default.nix @@ -1,6 +1,6 @@ -{ stdenv, fetchFromGitHub, callPackage, makeWrapper -, clang, llvm, gcc, which, libcgroup, python, perl, gmp -, wine ? null +{ stdenv, stdenvNoCC, fetchFromGitHub, callPackage, makeWrapper +, clang_9, llvm_9, gcc, which, libcgroup, python, perl, gmp +, file, cmocka, wine ? null, fetchpatch }: # wine fuzzing is only known to work for win32 binaries, and using a mixture of @@ -15,24 +15,52 @@ let else throw "aflplusplus: no support for ${stdenv.targetPlatform.system}!"; libdislocator = callPackage ./libdislocator.nix { inherit aflplusplus; }; libtokencap = callPackage ./libtokencap.nix { inherit aflplusplus; }; - aflplusplus = stdenv.mkDerivation rec { + aflplusplus = stdenvNoCC.mkDerivation rec { pname = "aflplusplus"; - version = "2.59c"; + version = "2.64c"; src = fetchFromGitHub { - owner = "vanhauser-thc"; + owner = "AFLplusplus"; repo = "AFLplusplus"; rev = version; - sha256 = "1ik33ifk4n96762iv1h4kl4jf9yvsq2hgs097wkiy589siw44g5r"; + sha256 = "0n618pk6nlmkcbv1qm05fny4mnhcprrw0ppmra1phvk1y22iildj"; }; enableParallelBuilding = true; + # build of unsigaction32 broken in 2.64c: + # https://github.com/AFLplusplus/AFLplusplus/commit/079fdbf9bc5be1adba19e4bd08be965bd4dd79dc#commitcomment-38428357 + # The applied patch fixes it. + patches = [ + (fetchpatch { + url = "https://github.com/AFLplusplus/AFLplusplus/commit/5b9928f1a9d4b017ea04365ca8b522fde71236eb.patch"; + sha256 = "1m4w9w4jaxb2mjkwvr6r4qa2j5cdzzpchjphpwd95861h0zvb6hh"; + }) + ]; + # Note: libcgroup isn't needed for building, just for the afl-cgroup # script. - nativeBuildInputs = [ makeWrapper which ]; - buildInputs = [ llvm python gmp ] + nativeBuildInputs = [ makeWrapper which clang_9 gcc ]; + buildInputs = [ llvm_9 python gmp ] ++ stdenv.lib.optional (wine != null) python.pkgs.wrapPython; + + postPatch = '' + # Replace the CLANG_BIN variables with the correct path + substituteInPlace llvm_mode/afl-clang-fast.c \ + --replace "CLANGPP_BIN" '"${clang_9}/bin/clang++"' \ + --replace "CLANG_BIN" '"${clang_9}/bin/clang"' \ + --replace 'getenv("AFL_PATH")' "(getenv(\"AFL_PATH\") ? getenv(\"AFL_PATH\") : \"$out/lib/afl\")" + + # Replace "gcc" and friends with full paths in afl-gcc + # Prevents afl-gcc picking up any (possibly incorrect) gcc from the path + substituteInPlace src/afl-gcc.c \ + --replace '"gcc"' '"${gcc}/bin/gcc"' \ + --replace '"g++"' '"${gcc}/bin/g++"' \ + --replace '"gcj"' '"gcj-UNSUPPORTED"' \ + --replace '"clang"' '"clang-UNSUPPORTED"' \ + --replace '"clang++"' '"clang++-UNSUPPORTED"' + ''; + makeFlags = [ "PREFIX=$(out)" ]; buildPhase = '' common="$makeFlags -j$NIX_BUILD_CORES" @@ -45,6 +73,9 @@ let ''; postInstall = '' + # remove afl-clang(++) which are just symlinks to afl-clang-fast + rm $out/bin/afl-clang $out/bin/afl-clang++ + # the makefile neglects to install unsigaction cp qemu_mode/unsigaction/unsigaction*.so $out/lib/afl/ @@ -61,36 +92,15 @@ let cp ${libtokencap}/bin/get-libtokencap-so $out/bin/ # Install the cgroups wrapper for asan-based fuzzing. - cp experimental/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup + cp examples/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup chmod +x $out/bin/afl-cgroup substituteInPlace $out/bin/afl-cgroup \ --replace "cgcreate" "${libcgroup}/bin/cgcreate" \ --replace "cgexec" "${libcgroup}/bin/cgexec" \ --replace "cgdelete" "${libcgroup}/bin/cgdelete" - # Patch shebangs before wrapping patchShebangs $out/bin - # Wrap afl-clang-fast(++) with a *different* AFL_PATH, because it - # has totally different semantics in that case(?) - and also set a - # proper AFL_CC and AFL_CXX so we don't pick up the wrong one out - # of $PATH. - # first though we need to replace the afl-clang-fast++ symlink with - # a real copy to prevent wrapProgram skipping the symlink and confusing - # nix's cc wrapper - rm $out/bin/afl-clang-fast++ - cp $out/bin/afl-clang-fast $out/bin/afl-clang-fast++ - for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do - wrapProgram $x \ - --set-default AFL_PATH "$out/lib/afl" \ - --run 'export AFL_CC=''${AFL_CC:-${clang}/bin/clang} AFL_CXX=''${AFL_CXX:-${clang}/bin/clang++}' - done - # do similar for afl-gcc and afl-gcc-fast - for x in $out/bin/afl-gcc $out/bin/afl-gcc-fast; do - wrapProgram $x \ - --set-default AFL_PATH "$out/lib/afl" \ - --run 'export AFL_CC=''${AFL_CC:-${gcc}/bin/gcc} AFL_CXX=''${AFL_CXX:-${gcc}/bin/g++}' - done '' + stdenv.lib.optionalString (wine != null) '' substitute afl-wine-trace $out/bin/afl-wine-trace \ --replace "qemu_mode/unsigaction" "$out/lib/afl" @@ -105,17 +115,15 @@ let wrapPythonProgramsIn $out/bin ${python.pkgs.pefile} ''; - installCheckInputs = [ perl ]; + installCheckInputs = [ perl file cmocka ]; doInstallCheck = true; installCheckPhase = '' # replace references to tools in build directory with references to installed locations substituteInPlace test/test.sh \ - --replace '`which gcc`' "" \ --replace '../libcompcov.so' '`$out/bin/get-afl-qemu-libcompcov-so`' \ --replace '../libdislocator.so' '`$out/bin/get-libdislocator-so`' \ --replace '../libtokencap.so' '`$out/bin/get-libtokencap-so`' - perl -pi -e 's|(?<=\s)gcc(?=\s)|${gcc}/bin/gcc|g' test/test.sh - perl -pi -e 's|(\.\./)(\S+?)(?<!\.c)(?<!\.s?o)(?=\s)|\$out/bin/\2|g' test/test.sh + perl -pi -e 's|(?<!\.)(\.\./)([^\s\/]+?)(?<!\.c)(?<!\.s?o)(?=\s)|\$out/bin/\2|g' test/test.sh cd test && ./test.sh ''; @@ -129,10 +137,10 @@ let AFL++ is a heavily enhanced version of AFL, incorporating many features and improvements from the community. ''; - homepage = "https://github.com/vanhauser-thc/AFLplusplus"; + homepage = "https://aflplus.plus"; license = stdenv.lib.licenses.asl20; platforms = ["x86_64-linux" "i686-linux"]; - maintainers = with stdenv.lib.maintainers; [ ris ]; + maintainers = with stdenv.lib.maintainers; [ ris mindavi ]; }; }; in aflplusplus diff --git a/pkgs/tools/security/aflplusplus/libdislocator.nix b/pkgs/tools/security/aflplusplus/libdislocator.nix index d1d9dad6c5bc..6f947a7280af 100644 --- a/pkgs/tools/security/aflplusplus/libdislocator.nix +++ b/pkgs/tools/security/aflplusplus/libdislocator.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation { preInstall = '' mkdir -p $out/lib/afl + # issue is fixed upstream: https://github.com/AFLplusplus/AFLplusplus/commit/2a60ceb6944a7ca273057ddf64dcf837bf7f9521 + sed -i 's/README\.dislocator\.md/README\.md/g' Makefile ''; postInstall = '' mkdir $out/bin diff --git a/pkgs/tools/security/aflplusplus/libtokencap.nix b/pkgs/tools/security/aflplusplus/libtokencap.nix index 830708227e31..9421ee0d1e2b 100644 --- a/pkgs/tools/security/aflplusplus/libtokencap.nix +++ b/pkgs/tools/security/aflplusplus/libtokencap.nix @@ -12,6 +12,7 @@ stdenv.mkDerivation { preInstall = '' mkdir -p $out/lib/afl + mkdir -p $out/share/doc/afl ''; postInstall = '' mkdir $out/bin diff --git a/pkgs/tools/security/aflplusplus/qemu.nix b/pkgs/tools/security/aflplusplus/qemu.nix index 202657dac9ae..36fc059e3ead 100644 --- a/pkgs/tools/security/aflplusplus/qemu.nix +++ b/pkgs/tools/security/aflplusplus/qemu.nix @@ -28,11 +28,17 @@ stdenv.mkDerivation { for f in ${aflplusplus.src.name}/qemu_mode/patches/* ; do sed -E -i 's|(\.\./)+patches/([a-z-]+\.h)|\2|g' $f sed -E -i 's|\.\./\.\./config\.h|afl-config.h|g' $f + sed -E -i 's|\.\./\.\./include/cmplog\.h|afl-cmplog.h|g' $f done cp ${aflplusplus.src.name}/qemu_mode/patches/*.h $sourceRoot/ cp ${aflplusplus.src.name}/types.h $sourceRoot/afl-types.h substitute ${aflplusplus.src.name}/config.h $sourceRoot/afl-config.h \ --replace "types.h" "afl-types.h" + substitute ${aflplusplus.src.name}/include/cmplog.h $sourceRoot/afl-cmplog.h \ + --replace "config.h" "afl-config.h" \ + --replace "forkserver.h" "afl-forkserver.h" + substitute ${aflplusplus.src.name}/include/forkserver.h $sourceRoot/afl-forkserver.h \ + --replace "types.h" "afl-types.h" cat ${aflplusplus.src.name}/qemu_mode/patches/*.diff > all.patch ''; |