./devel/zzuf, Transparent application input fuzzer

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.15, Package name: zzuf-0.15, Maintainer: pkgsrc-users

zzuf is a transparent application input fuzzer. It works by intercepting
file operations and changing random bits in the program's input. zzuf's
behaviour is deterministic, making it easy to reproduce bugs.

For instructions and examples on how to use zzuf, see the manual page.


Required to build:
[pkgtools/cwrappers]

Package options: debug

Master sites:

SHA1: 21541d54cec64750c2dd3366a73832e6f5250833
RMD160: 12052a511a789d18ee3af3428f6e69e3492452a0
Filesize: 481.991 KB

Version history: (Expand)


CVS history: (Expand)


   2017-04-16 23:46:13 by Pierre Pronchery | Files touched by this commit (7) | Package updated
Log message:
Update zzuf to version 0.15

The necessary patches have been submitted upstream.
This still does not build with PKGSRC_FORTIFY yet though.

List of intermediate commits:
* Prepare 0.15 release.
* Do not use rand() within fseek(), it might break reproducibility.
* Work around an issue with fseek() diversion. Closes #7.
* More verbose debug messages.
* Merge pull request #12 from edmcman/feature/retain_file_extension_in_copy_mode
* Also include alloca.h
* Retain file extension in copy mode.
* Merge pull request #11 from \ 
CERTCC-Vulnerability-Analysis/feature/add_opmode_null_to_run_without_fuzzing
* Add new "null" opmode which doesn't mutate the file.
* Export VERBOSE=1 in Travis so that the test suite outputs debug information.
* Add #pragma once directives in all our headers, for safety.
* Tell Travis to try to build on OS X, too.
* Add Travis build status to README.
* Move Travis builds to the container-based infrastructure.
* Tell Travis to bootstrap before running configure.
* Add a .travis.yml configuration file for CI.
* Disable the mmap regression test on OS X.
* Hopefully fix OS X compilation now. Fixes #5.
* Disable unnecessary weak symbol declaration.
* Merge pull request #4 from x9prototype/master
* Merge pull request #1 from x9prototype/x9prototype-patch-1
* Update libzzuf/lib-stream.c
* zzuf: set program version to 0.14 and prepare release.
* win32: using <stdint.h> instead of defining our own types.
* misc: fix a few minor issues found by static code analysis.
* sys: unsatisfying workaround for an issue with libasan.
* win32: clean up some Windows code.
* libzzuf: protect library initialisation with a mutex.
* build: remove spurious binary file.
* libzzuf: fix compiler warnings by adding declarations for functions that are \ 
unlikely to be exposed by system headers.
* Allow debug_str to be provided a negative length count for convenience.
* zzuf: fix a minor inconsistency between short and long options when compiled \ 
on a system with a useless rlimit().
* doc: group command line options by category in the man page.
* stream: fix a nasty bug that completely messed up with the streambuf structure \ 
tracking. Now when the new streambuf position is exactly at the end of the \ 
previous streambuf, we only fuzz the streambuf if new data is available (i.e. \ 
when streambuf_count != 0); otherwise, it just means that we?re at the end of \ 
the file, waiting for new read orders.
* debug: minor tweak to the debug string formatter.
* debug: refactor a lot of buffer debug functions using a shared formatter.
* test: use the -d flag in unit tests so that we can find potential errors in \ 
the debug() function calls.
* misc: rename a lot of _zz_-prefixed variables.
* test: add a regression test for a bug in our mmap function.
* zzuf: add a -X flag for hexadecimal dumps.
* debug: try to output as much debug output as possible and make debug() thread \ 
safe on Unix platforms.
* stream: rename a few functions for clarity.
* stream: fuzz the whole stream buffer upon opening.
* stream: refactor some streambuf getter functions.
* test: add a new regression test for a bug at stream EOF.
* stream: rename ?s? to ?stream? for consistency.
* mem: fix a buffer overflow bug in the mmap() replacement.
* misc: factor several common tests into one must_fuzz_fd() function.
* test: add a regression test for a bug in our mmap function.
* misc: C99 refactoring; put variable declarations closer to their first use
* misc: typo of the ass.
* win32: some compilation fixes introduced by refactoring for Linux.
* doc: update copyright and URLs.
* zzuf: replace a critical section with a simple spinlock.
* misc: move a lot of generic stuff to a new util/ source subdirectory.
* win32: some mingw32/mingw64 warning and compilation fixes.
* build: remove ChangeLog, as it?s convenient enough to have it in Git.
* misc: various compilation warning fixes and copyright updates.
* libzzuf: fix fseeko64 parameter type.
* fork: document more code and fix a bug reported by Will Newton.
* test: several fixes in the testsuite.
* misc: now that Visual Studio supports it some 15 years later, switch to C99.
* misc: minor fixes for compilation warnings.
* win32: Windows-specific compilation fixes.
* win32: add spinlock implementation for Windows.
* win32: update to newer mingw compiler version.
* build: remove the libcaca dependency and embed code instead.
* build: refresh build system.
* build: fix a few compilation warnings.
* core: add a lightweight spinlock to protect the list of file descriptors.
* sys: fix coding style.
* fix crash on windows 32-bit and compute_patch_size
* win32: add some console handling function diversions.
* win32: add more explicit error messages and add support for 0xb8 opcode.
* add relocate_hook to improve api hooking, fix dll name string comparison (no \ 
case sensitive), fix used after free on win32, add more hooks related to async \ 
file access
* build: fix compilation by including <wchar.h> and checking for regwexec.
* cosmetic: get rid of CRLF line endings.
* add new hook for windows (CreateFileMapping(A|W), MapViewOfFile, ReadFileEx), \ 
re-enable option -U, start to port network on windows
* port zzuf to win64 (amd64)
* add regex feature for win32
* change the method of hooking, now we disassemble the beginning of the targeted \ 
function and insert a jump to the new function.
* start to implement hotpatch hook on win32 port, but some API don't look to use \ 
it for some reason (e.g. kernel32!ReadFile)
* win32 port starts to fuzz executable (only few functions related to file \ 
handling are implemented)
* fix tmp file creation on win32, start to implement handling of win32 exception \ 
with GetExitCodeProcess
* on win32, use a named pipe and IOCP to read stdout, stderr and debugfd correctly.
*
* win32: add debug information to the function diversion code.
* linux: fix a few compilation warnings.
* Fix a weird problem with lib6 versioned symbols.
* osx: do not enforce flat namespace in copy mode on OS X.
* Win64 support in the VS solution.
* Fix wrong pointer types in the network range structures.
* Fix line endings.
* Get rid of the getopt reimplementation and depend on libcaca instead.
* Implement ReOpenFile and fix a few Win32 compilation warnings.
* Fix Win32 intermediate build directories.
* Fix missing ZZUF_DEBUGFD passing and debug function availability.
* Fix a bug in the %i formatting and implement %S.
* Get the debug channel to work on Win32.
* Treat %x arguments as unsigned in the printf reimplementation.
* Fix the printf reimplementation to properly handle INT_MIN.
* Disable select() on Win32. It is not supported on non-sockets.
* Remove useless PARENT_FD/CHILD_FD hack.
* Make it easier to dynamically allocate the debug filedescriptor later.
* Filedescriptor 0 is the debug channel, not stdin! Fix that.
* Proper child command line construction on Win32. There is no need to hardcode \ 
stuff for debugging purposes any longer.
* Inherit stdin/stdout/stderr in the child process under Win32.
* Remove useless code for Win32 diversions.
* Mark diverted Win32 functions as __stdcall, it's the correct calling convention.
* Divert ReadFile() and CloseHandle().
* Drop Visual Studio 2008 support and require the 2010 version. The 2010 express \ 
version is free to use and it's a lot better.
* Fix compilation warnings on Win32.
* Divert CreateFileW in addition to CreateFileA.
* Fix the Linux build to accomodate with the new Win32 features.
* CreateFile() diversion proof of concept.
* Add a mechanism for Win32 diversions.
* Fix a bug caused by undefined function call precedence.
* Fix zzat compilation on Win32 and create a .vcxproj file for it.
* Minor Win32 code simplification in sys.c.
* Divert AttachConsole() and AllocConsole() for debugging purposes.
* Full support for ASLR in the Win32 loader.
* Refactor the DLL initialisation code to allow several diversions.
* Improve the DLL injection code. Now seems to work rather well under Windows. \ 
But it needs a lot of polishing.
* Do not build ASLR binaries on Windows for now.
* Fix Win32 build.
* Add a few comments in the code for new Win32 strategies.
* Make check-zzuf-r-ratio slightly more tolerant.
* New operating mode "copy". It uses temporary files instead of \ 
preloading libzzuf into the process.
* Grammar.
* Add a regression test for our Gentoo __fread_chk() bug.
* Fix old typos in check-utils.
* Add fortify versions of libc calls to zzat.
* Fortify functions actually have extra arguments. Fix that.
* Update TODO list.
* Revert any potential overriding macro before declaring a new function.
* Add support for fortified glibc functions (__fgets_chk, __read_chk, etc.).
* Rename zzcat to zzat to avoid conflicts with zziplib.
* Clean up ChangeLog generation.
* Split check-build into check-source and check-win32.
* Add an OS X build script that generates fat binaries.
* Add missing svn:ignore properties.
* On OS X, resident_size is actually in bytes, not pages. Fixing memory check \ 
routine.
   2015-11-03 04:29:40 by Alistair G. Crooks | Files touched by this commit (1995)
Log message:
Add SHA512 digests for distfiles for devel category

Issues found with existing distfiles:
	distfiles/eclipse-sourceBuild-srcIncluded-3.0.1.zip
	distfiles/fortran-utils-1.1.tar.gz
	distfiles/ivykis-0.39.tar.gz
	distfiles/enum-1.11.tar.gz
	distfiles/pvs-3.2-libraries.tgz
	distfiles/pvs-3.2-linux.tgz
	distfiles/pvs-3.2-solaris.tgz
	distfiles/pvs-3.2-system.tgz
No changes made to these distinfo files.

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-02-23 19:28:52 by Joerg Sonnenberger | Files touched by this commit (14)
Log message:
Help config.guess/config.sub override logic.
   2012-10-31 12:19:55 by Aleksej Saushev | Files touched by this commit (1460)
Log message:
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
   2010-12-25 12:00:52 by OBATA Akio | Files touched by this commit (5)
Log message:
Updte zzuf to 0.12.
Based on PR#44274, with some fixes.

Changes from zzuf 0.12 to 0.13

 * various fixes for Linux, FreeBSD, OS X and OpenBSD libc calls.
 * network host filtering support.
 * support for memory limits on OS X.
 * massive testsuite improvements.
 * support most cat options in zzcat, which is now fully programmable.
   2009-06-14 19:49:18 by Joerg Sonnenberger | Files touched by this commit (454)
Log message:
Remove @dirrm entries from PLISTs
   2008-12-09 07:56:52 by Blair Sadewitz | Files touched by this commit (6) | Imported package
Log message:
Import zzuf-0.12.

zzuf is a transparent application input fuzzer. It works by intercepting
file operations and changing random bits in the program's input. zzuf's
behaviour is deterministic, making it easy to reproduce bugs.

For instructions and examples on how to use zzuf, see the manual page.