From a8e6456eca00be4b81d5154ec9ec42de1231f6a1 Mon Sep 17 00:00:00 2001 From: khorben Date: Sun, 16 Apr 2017 21:46:12 +0000 Subject: [PATCH] Update zzuf to version 0.15 The necessary patches have been submitted upstream. This still does not build with PKGSRC_FORTIFY yet though. List of intermediate commits: * Prepare 0.15 release. * Do not use rand() within fseek(), it might break reproducibility. * Work around an issue with fseek() diversion. Closes #7. * More verbose debug messages. * Merge pull request #12 from edmcman/feature/retain_file_extension_in_copy_mode * Also include alloca.h * Retain file extension in copy mode. * Merge pull request #11 from CERTCC-Vulnerability-Analysis/feature/add_opmode_null_to_run_without_fuzzing * Add new "null" opmode which doesn't mutate the file. * Export VERBOSE=1 in Travis so that the test suite outputs debug information. * Add #pragma once directives in all our headers, for safety. * Tell Travis to try to build on OS X, too. * Add Travis build status to README. * Move Travis builds to the container-based infrastructure. * Tell Travis to bootstrap before running configure. * Add a .travis.yml configuration file for CI. * Disable the mmap regression test on OS X. * Hopefully fix OS X compilation now. Fixes #5. * Disable unnecessary weak symbol declaration. * Merge pull request #4 from x9prototype/master * Merge pull request #1 from x9prototype/x9prototype-patch-1 * Update libzzuf/lib-stream.c * zzuf: set program version to 0.14 and prepare release. * win32: using instead of defining our own types. * misc: fix a few minor issues found by static code analysis. * sys: unsatisfying workaround for an issue with libasan. * win32: clean up some Windows code. * libzzuf: protect library initialisation with a mutex. * build: remove spurious binary file. * libzzuf: fix compiler warnings by adding declarations for functions that are unlikely to be exposed by system headers. * Allow debug_str to be provided a negative length count for convenience. * zzuf: fix a minor inconsistency between short and long options when compiled on a system with a useless rlimit(). * doc: group command line options by category in the man page. * stream: fix a nasty bug that completely messed up with the streambuf structure tracking. Now when the new streambuf position is exactly at the end of the previous streambuf, we only fuzz the streambuf if new data is available (i.e. when streambuf_count != 0); otherwise, it just means that we?re at the end of the file, waiting for new read orders. * debug: minor tweak to the debug string formatter. * debug: refactor a lot of buffer debug functions using a shared formatter. * test: use the -d flag in unit tests so that we can find potential errors in the debug() function calls. * misc: rename a lot of _zz_-prefixed variables. * test: add a regression test for a bug in our mmap function. * zzuf: add a -X flag for hexadecimal dumps. * debug: try to output as much debug output as possible and make debug() thread safe on Unix platforms. * stream: rename a few functions for clarity. * stream: fuzz the whole stream buffer upon opening. * stream: refactor some streambuf getter functions. * test: add a new regression test for a bug at stream EOF. * stream: rename ?s? to ?stream? for consistency. * mem: fix a buffer overflow bug in the mmap() replacement. * misc: factor several common tests into one must_fuzz_fd() function. * test: add a regression test for a bug in our mmap function. * misc: C99 refactoring; put variable declarations closer to their first use * misc: typo of the ass. * win32: some compilation fixes introduced by refactoring for Linux. * doc: update copyright and URLs. * zzuf: replace a critical section with a simple spinlock. * misc: move a lot of generic stuff to a new util/ source subdirectory. * win32: some mingw32/mingw64 warning and compilation fixes. * build: remove ChangeLog, as it?s convenient enough to have it in Git. * misc: various compilation warning fixes and copyright updates. * libzzuf: fix fseeko64 parameter type. * fork: document more code and fix a bug reported by Will Newton. * test: several fixes in the testsuite. * misc: now that Visual Studio supports it some 15 years later, switch to C99. * misc: minor fixes for compilation warnings. * win32: Windows-specific compilation fixes. * win32: add spinlock implementation for Windows. * win32: update to newer mingw compiler version. * build: remove the libcaca dependency and embed code instead. * build: refresh build system. * build: fix a few compilation warnings. * core: add a lightweight spinlock to protect the list of file descriptors. * sys: fix coding style. * fix crash on windows 32-bit and compute_patch_size * win32: add some console handling function diversions. * win32: add more explicit error messages and add support for 0xb8 opcode. * add relocate_hook to improve api hooking, fix dll name string comparison (no case sensitive), fix used after free on win32, add more hooks related to async file access * build: fix compilation by including and checking for regwexec. * cosmetic: get rid of CRLF line endings. * add new hook for windows (CreateFileMapping(A|W), MapViewOfFile, ReadFileEx), re-enable option -U, start to port network on windows * port zzuf to win64 (amd64) * add regex feature for win32 * change the method of hooking, now we disassemble the beginning of the targeted function and insert a jump to the new function. * start to implement hotpatch hook on win32 port, but some API don't look to use it for some reason (e.g. kernel32!ReadFile) * win32 port starts to fuzz executable (only few functions related to file handling are implemented) * fix tmp file creation on win32, start to implement handling of win32 exception with GetExitCodeProcess * on win32, use a named pipe and IOCP to read stdout, stderr and debugfd correctly. * * win32: add debug information to the function diversion code. * linux: fix a few compilation warnings. * Fix a weird problem with lib6 versioned symbols. * osx: do not enforce flat namespace in copy mode on OS X. * Win64 support in the VS solution. * Fix wrong pointer types in the network range structures. * Fix line endings. * Get rid of the getopt reimplementation and depend on libcaca instead. * Implement ReOpenFile and fix a few Win32 compilation warnings. * Fix Win32 intermediate build directories. * Fix missing ZZUF_DEBUGFD passing and debug function availability. * Fix a bug in the %i formatting and implement %S. * Get the debug channel to work on Win32. * Treat %x arguments as unsigned in the printf reimplementation. * Fix the printf reimplementation to properly handle INT_MIN. * Disable select() on Win32. It is not supported on non-sockets. * Remove useless PARENT_FD/CHILD_FD hack. * Make it easier to dynamically allocate the debug filedescriptor later. * Filedescriptor 0 is the debug channel, not stdin! Fix that. * Proper child command line construction on Win32. There is no need to hardcode stuff for debugging purposes any longer. * Inherit stdin/stdout/stderr in the child process under Win32. * Remove useless code for Win32 diversions. * Mark diverted Win32 functions as __stdcall, it's the correct calling convention. * Divert ReadFile() and CloseHandle(). * Drop Visual Studio 2008 support and require the 2010 version. The 2010 express version is free to use and it's a lot better. * Fix compilation warnings on Win32. * Divert CreateFileW in addition to CreateFileA. * Fix the Linux build to accomodate with the new Win32 features. * CreateFile() diversion proof of concept. * Add a mechanism for Win32 diversions. * Fix a bug caused by undefined function call precedence. * Fix zzat compilation on Win32 and create a .vcxproj file for it. * Minor Win32 code simplification in sys.c. * Divert AttachConsole() and AllocConsole() for debugging purposes. * Full support for ASLR in the Win32 loader. * Refactor the DLL initialisation code to allow several diversions. * Improve the DLL injection code. Now seems to work rather well under Windows. But it needs a lot of polishing. * Do not build ASLR binaries on Windows for now. * Fix Win32 build. * Add a few comments in the code for new Win32 strategies. * Make check-zzuf-r-ratio slightly more tolerant. * New operating mode "copy". It uses temporary files instead of preloading libzzuf into the process. * Grammar. * Add a regression test for our Gentoo __fread_chk() bug. * Fix old typos in check-utils. * Add fortify versions of libc calls to zzat. * Fortify functions actually have extra arguments. Fix that. * Update TODO list. * Revert any potential overriding macro before declaring a new function. * Add support for fortified glibc functions (__fgets_chk, __read_chk, etc.). * Rename zzcat to zzat to avoid conflicts with zziplib. * Clean up ChangeLog generation. * Split check-build into check-source and check-win32. * Add an OS X build script that generates fat binaries. * Add missing svn:ignore properties. * On OS X, resident_size is actually in bytes, not pages. Fixing memory check routine. --- devel/zzuf/Makefile | 6 +++--- devel/zzuf/PLIST | 6 +++--- devel/zzuf/distinfo | 14 +++++++++----- devel/zzuf/patches/patch-config.h.in | 28 +++++++++++++++++++++++++++ devel/zzuf/patches/patch-configure | 26 +++++++++++++++++++++++++ devel/zzuf/patches/patch-configure.ac | 20 +++++++++++++++++++ devel/zzuf/patches/patch-src_zzuf.c | 22 +++++++++++++++++++++ 7 files changed, 111 insertions(+), 11 deletions(-) create mode 100644 devel/zzuf/patches/patch-config.h.in create mode 100644 devel/zzuf/patches/patch-configure create mode 100644 devel/zzuf/patches/patch-configure.ac create mode 100644 devel/zzuf/patches/patch-src_zzuf.c diff --git a/devel/zzuf/Makefile b/devel/zzuf/Makefile index ed17f8ade7507..9eaafc8ae0d4c 100644 --- a/devel/zzuf/Makefile +++ b/devel/zzuf/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.4 2015/02/23 18:28:51 joerg Exp $ +# $NetBSD: Makefile,v 1.5 2017/04/16 21:46:12 khorben Exp $ # -DISTNAME= zzuf-0.13 +DISTNAME= zzuf-0.15 CATEGORIES= devel security -MASTER_SITES= http://caca.zoy.org/files/zzuf/ +MASTER_SITES= ${MASTER_SITE_GITHUB:=samhocevar/zzuf/releases/download/v${DISTNAME:C:zzuf-::}/} MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://caca.zoy.org/wiki/zzuf/ diff --git a/devel/zzuf/PLIST b/devel/zzuf/PLIST index 2d044d806bfae..f384ae7104c13 100644 --- a/devel/zzuf/PLIST +++ b/devel/zzuf/PLIST @@ -1,7 +1,7 @@ -@comment $NetBSD: PLIST,v 1.3 2010/12/25 11:00:51 obache Exp $ -bin/zzcat +@comment $NetBSD: PLIST,v 1.4 2017/04/16 21:46:12 khorben Exp $ +bin/zzat bin/zzuf lib/zzuf/libzzuf.la -man/man1/zzcat.1 +man/man1/zzat.1 man/man1/zzuf.1 man/man3/libzzuf.3 diff --git a/devel/zzuf/distinfo b/devel/zzuf/distinfo index 4a7dc0036d704..eaa6b45a01320 100644 --- a/devel/zzuf/distinfo +++ b/devel/zzuf/distinfo @@ -1,6 +1,10 @@ -$NetBSD: distinfo,v 1.3 2015/11/03 03:29:40 agc Exp $ +$NetBSD: distinfo,v 1.4 2017/04/16 21:46:12 khorben Exp $ -SHA1 (zzuf-0.13.tar.gz) = 19f904d63d045194885639c381a607ca86a319b5 -RMD160 (zzuf-0.13.tar.gz) = ef9988a6d97f213090227a0b6d87e4d942ed8c15 -SHA512 (zzuf-0.13.tar.gz) = e8208dae68b4eee5ebc96775476f616c6822bc9a6a9c753d7f477e9f3e6f527a03e1aec494c2cb8a6666f3159104ea2e221acf8da35efb7d8e357666dbc315ce -Size (zzuf-0.13.tar.gz) = 461498 bytes +SHA1 (zzuf-0.15.tar.gz) = 21541d54cec64750c2dd3366a73832e6f5250833 +RMD160 (zzuf-0.15.tar.gz) = 12052a511a789d18ee3af3428f6e69e3492452a0 +SHA512 (zzuf-0.15.tar.gz) = f5b26f630343d4e0d87705df26b2fa01059ea7ffd7a4970a353014f9e59bc31526edde675de6a4dab9372e39d762cfd180a38990e498f609a3c7ae7fe44ba487 +Size (zzuf-0.15.tar.gz) = 493559 bytes +SHA1 (patch-config.h.in) = 517bc764b4b53b15e189fe39322341fe50af3ec8 +SHA1 (patch-configure) = e6797a1b4f90ebb41ea86e7d99241ca78b9b0ad9 +SHA1 (patch-configure.ac) = d236876a47c3df13b6a82dda5c941f7a314b1abc +SHA1 (patch-src_zzuf.c) = 28a1223a7a4d4a3d6a0320910b7c782ce202c8d0 diff --git a/devel/zzuf/patches/patch-config.h.in b/devel/zzuf/patches/patch-config.h.in new file mode 100644 index 0000000000000..d91948e45d5b3 --- /dev/null +++ b/devel/zzuf/patches/patch-config.h.in @@ -0,0 +1,28 @@ +$NetBSD: patch-config.h.in,v 1.1 2017/04/16 21:46:12 khorben Exp $ + +Build fix for NetBSD, where: +* does not exist but alloca(3) is available in instead +* is not automatically visible + +--- config.h.in.orig 2017-04-16 21:19:47.000000000 +0000 ++++ config.h.in +@@ -138,6 +138,9 @@ + /* Define to 1 if you have the header file. */ + #undef HAVE_MACH_TASK_H + ++/* Define to 1 if you have the header file. */ ++#undef HAVE_ALLOCA_H ++ + /* Define to 1 if you have the header file. */ + #undef HAVE_MALLOC_H + +@@ -252,6 +255,9 @@ + /* Define to 1 if you have the header file. */ + #undef HAVE_SYS_RESOURCE_H + ++/* Define to 1 if you have the header file. */ ++#undef HAVE_SYS_SELECT_H ++ + /* Define to 1 if you have the header file. */ + #undef HAVE_SYS_SOCKET_H + diff --git a/devel/zzuf/patches/patch-configure b/devel/zzuf/patches/patch-configure new file mode 100644 index 0000000000000..17040e1b13380 --- /dev/null +++ b/devel/zzuf/patches/patch-configure @@ -0,0 +1,26 @@ +$NetBSD: patch-configure,v 1.1 2017/04/16 21:46:12 khorben Exp $ + +Build fix for NetBSD, where: +* does not exist but alloca(3) is available in instead +* is not automatically visible + +--- configure.orig 2016-05-03 06:12:05.000000000 +0000 ++++ configure +@@ -12561,7 +12561,7 @@ fi + + done + +-for ac_header in malloc.h dlfcn.h regex.h sys/cdefs.h sys/socket.h ++for ac_header in alloca.h malloc.h dlfcn.h regex.h sys/cdefs.h sys/socket.h + do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` + ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +@@ -12587,7 +12587,7 @@ fi + + done + +-for ac_header in sys/mman.h sys/wait.h sys/resource.h sys/time.h ++for ac_header in sys/mman.h sys/wait.h sys/resource.h sys/select.h sys/time.h + do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` + ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" diff --git a/devel/zzuf/patches/patch-configure.ac b/devel/zzuf/patches/patch-configure.ac new file mode 100644 index 0000000000000..519c644fdbee8 --- /dev/null +++ b/devel/zzuf/patches/patch-configure.ac @@ -0,0 +1,20 @@ +$NetBSD: patch-configure.ac,v 1.1 2017/04/16 21:46:12 khorben Exp $ + +Build fix for NetBSD, where: +* does not exist but alloca(3) is available in instead +* is not automatically visible + +--- configure.ac.orig 2016-05-03 06:11:49.000000000 +0000 ++++ configure.ac +@@ -65,9 +65,9 @@ AC_SUBST(DLL_LDFLAGS) + + AC_CHECK_HEADERS(unistd.h inttypes.h stdint.h endian.h libc.h) + AC_CHECK_HEADERS(windows.h winsock2.h process.h) +-AC_CHECK_HEADERS(malloc.h dlfcn.h regex.h sys/cdefs.h sys/socket.h) ++AC_CHECK_HEADERS(alloca.h malloc.h dlfcn.h regex.h sys/cdefs.h sys/socket.h) + AC_CHECK_HEADERS(netinet/in.h arpa/inet.h sys/uio.h aio.h) +-AC_CHECK_HEADERS(sys/mman.h sys/wait.h sys/resource.h sys/time.h) ++AC_CHECK_HEADERS(sys/mman.h sys/wait.h sys/resource.h sys/select.h sys/time.h) + AC_CHECK_HEADERS(io.h mach/task.h) + + AC_CHECK_FUNCS(setenv waitpid setrlimit gettimeofday fork kill pipe _pipe) diff --git a/devel/zzuf/patches/patch-src_zzuf.c b/devel/zzuf/patches/patch-src_zzuf.c new file mode 100644 index 0000000000000..e7e3d58da2d83 --- /dev/null +++ b/devel/zzuf/patches/patch-src_zzuf.c @@ -0,0 +1,22 @@ +$NetBSD: patch-src_zzuf.c,v 1.1 2017/04/16 21:46:12 khorben Exp $ + +Build fix for NetBSD, where: +* does not exist but alloca(3) is available in instead +* is not automatically visible + +--- src/zzuf.c.orig 2016-04-13 08:24:10.000000000 +0000 ++++ src/zzuf.c +@@ -48,7 +48,12 @@ + #include + #include + #include +-#include ++#if defined HAVE_ALLOCA_H ++# include ++#endif ++#if defined HAVE_SYS_SELECT_H ++# include ++#endif + #if defined HAVE_SYS_TIME_H + # include + #endif