development/aflplusplus: Added (fuzzer; replaces afl).

Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>

5 files changed, 218 insertions, 0 deletions

diff --git a/development/aflplusplus/README b/development/aflplusplus/README
new file mode 100644
index 0000000000..03eb536092
--- /dev/null
+++ b/development/aflplusplus/README
@@ -0,0 +1,22 @@
+aflplusplus (enhanced fork of afl fuzzer)
+
+afl++ is a superior fork to Google's afl - more speed, more and better
+mutations, more and better instrumentation, custom module support, etc.
+
+American fuzzy lop is a security-oriented fuzzer that employs a
+novel type of compile-time instrumentation and genetic algorithms to
+automatically discover clean, interesting test cases that trigger new
+internal states in the targeted binary. This substantially improves
+the functional coverage for the fuzzed code. The compact synthesized
+corpora produced by the tool are also useful for seeding other, more
+labor- or resource-intensive testing regimes down the road.
+
+This build of aflplusplus does not include frida and unicorn modes, so
+the -O and -U options won't work.
+
+Build option: If you need to fuzz binary-only software, aflplusplus can
+be built with QEMU support. To do this, download the qemu source from:
+
+https://slackware.uk/~urchlay/src/qemuafl-d73b0336b4.tar.xz
+
+...and place it in the SlackBuild's directory before running the script.
diff --git a/development/aflplusplus/aflplusplus.SlackBuild b/development/aflplusplus/aflplusplus.SlackBuild
new file mode 100644
index 0000000000..f0eecfe464
--- /dev/null
+++ b/development/aflplusplus/aflplusplus.SlackBuild
@@ -0,0 +1,124 @@
+#!/bin/bash
+
+# Slackware build script for aflplusplus
+
+# Written by B. Watson (yalhcru@gmail.com)
+
+# Licensed under the WTFPL. See http://www.wtfpl.net/txt/copying/ for details.
+
+cd $(dirname $0) ; CWD=$(pwd)
+
+PRGNAM=aflplusplus
+SRCNAM=AFLplusplus
+VERSION=${VERSION:-3.14c}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+PKGTYPE=${PKGTYPE:-tgz}
+
+if [ -z "$ARCH" ]; then
+  case "$( uname -m )" in
+    i?86) ARCH=i586 ;;
+    arm*) ARCH=arm ;;
+       *) ARCH=$( uname -m ) ;;
+  esac
+fi
+
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+  echo "$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE"
+  exit 0
+fi
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i586" ]; then
+  SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+  SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+  SLKCFLAGS="-O2 -fPIC"
+  LIBDIRSUFFIX="64"
+else
+  SLKCFLAGS="-O2"
+  LIBDIRSUFFIX=""
+fi
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $SRCNAM-$VERSION
+tar xvf $CWD/$SRCNAM-$VERSION.tar.gz
+cd $SRCNAM-$VERSION
+chown -R root:root .
+find -L .  -perm /111 -a \! -perm 755 -a -exec chmod 755 {} \+ -o \
+        \! -perm /111 -a \! -perm 644 -a -exec chmod 644 {} \+
+
+DOCDIR=/usr/doc/$PRGNAM-$VERSION
+PKGDOC=$PKG/$DOCDIR
+
+# Make it use the qemu source provided by us, instead of doing a git
+# clone (which didn't work properly anyway). Also this removes the
+# hexagon arch in qemu, because its meson.build breaks the build (even
+# though we're not even building hexagon support).
+patch -p1 < $CWD/build_qemu_support.diff
+
+# qemu mode is optional, only build if the source exists.
+QEMUVER="$( cat qemu_mode/QEMUAFL_VERSION )"
+QEMUSRC="$CWD/qemuafl-$QEMUVER.tar.xz"
+if [ -e "$QEMUSRC" ]; then
+  echo "=== QEMU source found, building qemu_mode"
+  ( cd qemu_mode
+    rm -rf qemuafl
+    tar xvf "$QEMUSRC" )
+    WITHQEMU=WITH
+else
+  echo "=== QEMU source NOT found, not building qemu_mode"
+  sed -i \
+    -e '/-cd qemu_mode/d' \
+    GNUmakefile
+    WITHQEMU=WITHOUT
+fi
+
+# Apply our flags, disable frida and unicorn modes because they
+# don't build.
+sed -i \
+  -e "s/= *-O3 *-funroll-loops/= $SLKCFLAGS/" \
+  -e '/MAKE.*-C *frida_mode *$/d' \
+  -e '/-cd unicorn_mode/d' \
+  GNUmakefile
+
+make \
+  DESTDIR=$PKG \
+  PREFIX=/usr \
+  HELPER_PATH=/usr/lib$LIBDIRSUFFIX/$PRGNAM \
+  DOC_PATH=$DOCDIR \
+  MAN_PATH=/usr/man/man8 \
+  distrib \
+  install
+
+# 20211216 bkw: faster than the usual find|strip stuff. Maybe this
+# should be the new template.
+find $PKG/usr/bin $PKG/usr/lib* -type f -print0 | \
+  xargs -0 file -m /etc/file/magic/elf | \
+  grep -e "executable" -e "shared object" | \
+  grep ELF | \
+  cut -d: -f1 | \
+  xargs strip --strip-unneeded 2> /dev/null || true
+
+gzip $PKG/usr/man/man8/*.8
+
+rm -f $PKGDOC/INSTALL*              # useless.
+cat README.md > $PKGDOC/README.md   # upstream forgot this.
+cat $CWD/$PRGNAM.SlackBuild > $PKGDOC/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/install
+sed "s,@WITHQEMU@,$WITHQEMU," $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE
diff --git a/development/aflplusplus/aflplusplus.info b/development/aflplusplus/aflplusplus.info
new file mode 100644
index 0000000000..9a2a68598a
--- /dev/null
+++ b/development/aflplusplus/aflplusplus.info
@@ -0,0 +1,12 @@
+PRGNAM="aflplusplus"
+VERSION="3.14c"
+HOMEPAGE="https://github.com/AFLplusplus/AFLplusplus"
+DOWNLOAD="https://github.com/AFLplusplus/AFLplusplus/archive/3.14c/AFLplusplus-3.14c.tar.gz \
+          https://github.com/frida/frida/releases/download/15.0.0/frida-gumjs-devkit-15.0.0-linux-x86_64.tar.xz"
+MD5SUM="b59357f4afa849fef2cd652c4b0fcaae \
+        d80a50c535c5b4d27f219b7cf61a693b"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+REQUIRES=""
+MAINTAINER="B. Watson"
+EMAIL="yalhcru@gmail.com"
diff --git a/development/aflplusplus/build_qemu_support.diff b/development/aflplusplus/build_qemu_support.diff
new file mode 100644
index 0000000000..b9a28a6bfd
--- /dev/null
+++ b/development/aflplusplus/build_qemu_support.diff
@@ -0,0 +1,41 @@
+diff -Naur AFLplusplus-3.14c/qemu_mode/build_qemu_support.sh AFLplusplus-3.14c.patched/qemu_mode/build_qemu_support.sh
+--- AFLplusplus-3.14c/qemu_mode/build_qemu_support.sh	2021-07-19 04:50:09.000000000 -0400
++++ AFLplusplus-3.14c.patched/qemu_mode/build_qemu_support.sh	2021-08-08 13:20:14.656823570 -0400
+@@ -68,36 +68,8 @@
+ 
+ echo "[+] All checks passed!"
+ 
+-echo "[*] Making sure qemuafl is checked out"
+-
+-git status 1>/dev/null 2>/dev/null
+-if [ $? -eq 0 ]; then
+-  echo "[*] initializing qemuafl submodule"
+-  git submodule init || exit 1
+-  git submodule update ./qemuafl 2>/dev/null # ignore errors
+-else
+-  echo "[*] cloning qemuafl"
+-  test -d qemuafl || {
+-    CNT=1
+-    while [ '!' -d qemuafl -a "$CNT" -lt 4 ]; do
+-      echo "Trying to clone qemuafl (attempt $CNT/3)"
+-      git clone --depth 1 https://github.com/AFLplusplus/qemuafl
+-      CNT=`expr "$CNT" + 1`
+-    done
+-  }
+-fi
+-
+-test -d qemuafl || { echo "[-] Not checked out, please install git or check your internet connection." ; exit 1 ; }
+-echo "[+] Got qemuafl."
+-
+ cd "qemuafl" || exit 1
+-if [ -n "$NO_CHECKOUT" ]; then
+-  echo "[*] Skipping checkout to $QEMUAFL_VERSION"
+-else
+-  echo "[*] Checking out $QEMUAFL_VERSION"
+-  sh -c 'git stash' 1>/dev/null 2>/dev/null
+-  git checkout "$QEMUAFL_VERSION" || echo Warning: could not check out to commit $QEMUAFL_VERSION
+-fi
++sed -i '/hexagon/d' target/meson.build # broken!
+ 
+ echo "[*] Making sure imported headers matches"
+ cp "../../include/config.h" "./qemuafl/imported/" || exit 1
diff --git a/development/aflplusplus/slack-desc b/development/aflplusplus/slack-desc
new file mode 100644
index 0000000000..153526c57b
--- /dev/null
+++ b/development/aflplusplus/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct.  It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+           |-----handy-ruler------------------------------------------------------|
+aflplusplus: aflplusplus (enhanced fork of afl fuzzer)
+aflplusplus:
+aflplusplus: afl++ is a superior fork to Google's afl - more speed, more/better
+aflplusplus: mutations, more/better instrumentation, custom module support, etc.
+aflplusplus:
+aflplusplus: American fuzzy lop is a security-oriented fuzzer that employs a
+aflplusplus: novel type of compile-time instrumentation and genetic algorithms to
+aflplusplus: automatically discover clean, interesting test cases that trigger new
+aflplusplus: internal states in the targeted binary.
+aflplusplus:
+aflplusplus: This package built @WITHQEMU@ qemu support.