6 files changed, 252 insertions, 0 deletions
diff --git a/development/aflplusplus/README b/development/aflplusplus/README
new file mode 100644
index 0000000000..ec2a23db01
--- /dev/null
+++ b/development/aflplusplus/README
@@ -0,0 +1,26 @@
+aflplusplus (enhanced fork of afl fuzzer)
+
+afl++ is a superior fork to Google's afl - more speed, more and better
+mutations, more and better instrumentation, custom module support, etc.
+
+American fuzzy lop is a security-oriented fuzzer that employs a
+novel type of compile-time instrumentation and genetic algorithms to
+automatically discover clean, interesting test cases that trigger new
+internal states in the targeted binary. This substantially improves
+the functional coverage for the fuzzed code. The compact synthesized
+corpora produced by the tool are also useful for seeding other, more
+labor- or resource-intensive testing regimes down the road.
+
+This build of aflplusplus does not include the frida, unicorn,
+coresight, or nyx modes, so the afl-fuzz -O, -U, -X, -Y options won't
+work.
+
+Build option: If you need to fuzz binary-only software, aflplusplus can
+be built with QEMU support. To do this, download the qemu source from:
+
+https://slackware.uk/~urchlay/src/qemuafl-ff9de4fbeb.tar.xz
+
+Its md5sum is 58547e2ea53b639c17a585be376b5bb7. Place it in the
+SlackBuild's directory before running the script. The resulting
+package will support the -Q option to afl-fuzz. An existing
+installation of qemu is not required.
diff --git a/development/aflplusplus/aflplusplus.SlackBuild b/development/aflplusplus/aflplusplus.SlackBuild
new file mode 100644
index 0000000000..3864595b78
--- /dev/null
+++ b/development/aflplusplus/aflplusplus.SlackBuild
@@ -0,0 +1,123 @@
+#!/bin/bash
+
+# Slackware build script for aflplusplus
+
+# Written by B. Watson (urchlay@slackware.uk)
+
+# Licensed under the WTFPL. See http://www.wtfpl.net/txt/copying/ for details.
+
+cd $(dirname $0) ; CWD=$(pwd)
+
+PRGNAM=aflplusplus
+SRCNAM=AFLplusplus
+VERSION=${VERSION:-4.04c}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+PKGTYPE=${PKGTYPE:-tgz}
+
+if [ -z "$ARCH" ]; then
+  case "$( uname -m )" in
+    i?86) ARCH=i586 ;;
+    arm*) ARCH=arm ;;
+       *) ARCH=$( uname -m ) ;;
+  esac
+fi
+
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+  echo "$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE"
+  exit 0
+fi
+
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+# No SLKCFLAGS here, use upstream's flags (they know what they're doing).
+LIBDIRSUFFIX=""
+[ "$ARCH" = "x86_64" ] && LIBDIRSUFFIX="64"
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $SRCNAM-$VERSION
+tar xvf $CWD/$SRCNAM-$VERSION.tar.gz
+cd $SRCNAM-$VERSION
+chown -R root:root .
+find -L .  -perm /111 -a \! -perm 755 -a -exec chmod 755 {} \+ -o \
+        \! -perm /111 -a \! -perm 644 -a -exec chmod 644 {} \+
+
+DOCDIR=/usr/doc/$PRGNAM-$VERSION
+PKGDOC=$PKG/$DOCDIR
+
+runmake() {
+  make \
+    DESTDIR=$PKG \
+    PREFIX=/usr \
+    HELPER_PATH=/usr/lib$LIBDIRSUFFIX/$PRGNAM \
+    DOC_PATH=$DOCDIR \
+    MAN_PATH=/usr/man/man8 \
+    "$1"
+}
+
+# "make all" doesn't include qemu_mode (which gets built separately,
+# below). The other modes aren't built because they're a lot of effort
+# to build for not much gain:
+
+# coresight_mode: ARM64-only. Beyond the scope of this SBo build.
+# frida_mode: New and missing a lot of features. Also a PITA to build.
+# nyx_mode: Written in Rust. Too fast-moving of a target for me, sorry.
+# unicorn_mode: Looks interesting, but I don't need it, do you?
+
+# Anyone who wants to is welcome to submit SlackBuilds for the other
+# modes, though it'll take some care to keep them from conflicting
+# with this one: your script will have to build the main aflplusplus
+# stuff (make all), because the "modes" require it to be built first,
+# but your package should only install the mode-specific stuff (so you
+# can't just use "make install").
+
+runmake all
+runmake man
+
+# Make it use the qemu source provided by us, instead of doing a git
+# clone (which didn't work properly anyway). Also this disables -Werror
+# in the qemu build.
+patch -p1 < $CWD/build_qemu_support.diff
+
+# qemu mode is optional, only build if the source exists.
+QEMUVER="$( cat qemu_mode/QEMUAFL_VERSION )"
+QEMUSRC="$CWD/qemuafl-$QEMUVER.tar.xz"
+if [ -e "$QEMUSRC" ]; then
+  echo "=== QEMU source found, building qemu_mode"
+  WITHQEMU=WITH
+  ( cd qemu_mode
+    rm -rf qemuafl
+    tar xvf "$QEMUSRC"
+    NO_CHECKOUT=1 sh build_qemu_support.sh )
+else
+  echo "=== QEMU source NOT found, not building qemu_mode"
+  WITHQEMU=WITHOUT
+fi
+
+runmake install
+
+# 20211216 bkw: faster than the usual find|strip stuff. Maybe this
+# should be the new template.
+find $PKG/usr/bin $PKG/usr/lib* -type f -print0 | \
+  xargs -0 file -m /etc/file/magic/elf | \
+  grep -e "executable" -e "shared object" | \
+  grep ELF | \
+  cut -d: -f1 | \
+  xargs strip --strip-unneeded 2> /dev/null || true
+
+gzip $PKG/usr/man/man8/*.8
+
+rm -f $PKGDOC/INSTALL*              # useless.
+cat $CWD/$PRGNAM.SlackBuild > $PKGDOC/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/install
+sed "s,@WITHQEMU@,$WITHQEMU," $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE
diff --git a/development/aflplusplus/aflplusplus.info b/development/aflplusplus/aflplusplus.info
new file mode 100644
index 0000000000..49583978be
--- /dev/null
+++ b/development/aflplusplus/aflplusplus.info
@@ -0,0 +1,10 @@
+PRGNAM="aflplusplus"
+VERSION="4.04c"
+HOMEPAGE="https://github.com/AFLplusplus/AFLplusplus"
+DOWNLOAD="https://github.com/AFLplusplus/AFLplusplus/archive/4.04c/AFLplusplus-4.04c.tar.gz"
+MD5SUM="11f0176843c4b327e4e2312095cfb056"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+REQUIRES=""
+MAINTAINER="B. Watson"
+EMAIL="urchlay@slackware.uk"
diff --git a/development/aflplusplus/build_qemu_support.diff b/development/aflplusplus/build_qemu_support.diff
new file mode 100644
index 0000000000..ab4321ca2b
--- /dev/null
+++ b/development/aflplusplus/build_qemu_support.diff
@@ -0,0 +1,47 @@
+diff -Naur AFLplusplus-4.04c/qemu_mode/build_qemu_support.sh AFLplusplus-4.04c.patched/qemu_mode/build_qemu_support.sh
+--- AFLplusplus-4.04c/qemu_mode/build_qemu_support.sh	2022-10-11 09:40:55.000000000 -0400
++++ AFLplusplus-4.04c.patched/qemu_mode/build_qemu_support.sh	2022-12-29 17:08:26.492717555 -0500
+@@ -70,35 +70,7 @@
+ 
+ echo "[*] Making sure qemuafl is checked out"
+ 
+-git status 1>/dev/null 2>/dev/null
+-if [ $? -eq 0 ]; then
+-  echo "[*] initializing qemuafl submodule"
+-  git submodule init || exit 1
+-  git submodule update ./qemuafl 2>/dev/null # ignore errors
+-else
+-  echo "[*] cloning qemuafl"
+-  test -d qemuafl/.git || {
+-    CNT=1
+-    while [ '!' -d qemuafl/.git -a "$CNT" -lt 4 ]; do
+-      echo "Trying to clone qemuafl (attempt $CNT/3)"
+-      git clone --depth 1 https://github.com/AFLplusplus/qemuafl
+-      CNT=`expr "$CNT" + 1`
+-    done
+-  }
+-fi
+-
+-test -e qemuafl/.git || { echo "[-] Not checked out, please install git or check your internet connection." ; exit 1 ; }
+-echo "[+] Got qemuafl."
+-
+ cd "qemuafl" || exit 1
+-if [ -n "$NO_CHECKOUT" ]; then
+-  echo "[*] Skipping checkout to $QEMUAFL_VERSION"
+-else
+-  echo "[*] Checking out $QEMUAFL_VERSION"
+-  sh -c 'git stash' 1>/dev/null 2>/dev/null
+-  git pull
+-  git checkout "$QEMUAFL_VERSION" || echo Warning: could not check out to commit $QEMUAFL_VERSION
+-fi
+ 
+ echo "[*] Making sure imported headers matches"
+ cp "../../include/config.h" "./qemuafl/imported/" || exit 1
+@@ -239,7 +211,6 @@
+     --enable-debug-stack-usage \
+     --enable-debug-tcg \
+     --enable-qom-cast-debug \
+-    --enable-werror \
+     "
+ 
+ else
diff --git a/development/aflplusplus/mkqemutarball.sh b/development/aflplusplus/mkqemutarball.sh
new file mode 100644
index 0000000000..0bd7b7b11f
--- /dev/null
+++ b/development/aflplusplus/mkqemutarball.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# maintainer script. prepares qemuafl tarball for a given version of
+# aflplusplus. requires network access and write permission to current
+# directory. qemuafl has a long git history so this takes forever...
+
+set -e
+
+source ./aflplusplus.info
+
+QEMUVER="$( tar xvfO AFLplusplus-$VERSION.tar.gz AFLplusplus-$VERSION/qemu_mode/QEMUAFL_VERSION )"
+if [ -z "$QEMUVER" ]; then
+  echo "Can't get qemuafl version, missing AFLplusplus tarball?" 1>&2
+  exit 1
+fi
+
+echo "==> checking out qemuafl commit $QEMUVER"
+rm -rf qemuafl qemuafl-$QEMUVER.tar.xz
+git clone https://github.com/AFLplusplus/qemuafl
+cd qemuafl
+git checkout $QEMUVER
+git submodule init
+git submodule update
+find . -name .git\* | xargs rm -rf
+cd -
+tar cvfJ qemuafl-$QEMUVER.tar.xz qemuafl
+md5sum qemuafl-$QEMUVER.tar.xz
diff --git a/development/aflplusplus/slack-desc b/development/aflplusplus/slack-desc
new file mode 100644
index 0000000000..153526c57b
--- /dev/null
+++ b/development/aflplusplus/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct.  It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+           |-----handy-ruler------------------------------------------------------|
+aflplusplus: aflplusplus (enhanced fork of afl fuzzer)
+aflplusplus:
+aflplusplus: afl++ is a superior fork to Google's afl - more speed, more/better
+aflplusplus: mutations, more/better instrumentation, custom module support, etc.
+aflplusplus:
+aflplusplus: American fuzzy lop is a security-oriented fuzzer that employs a
+aflplusplus: novel type of compile-time instrumentation and genetic algorithms to
+aflplusplus: automatically discover clean, interesting test cases that trigger new
+aflplusplus: internal states in the targeted binary.
+aflplusplus:
+aflplusplus: This package built @WITHQEMU@ qemu support.