Removal of AFL/remains depending on LLVM-6.0

Daniel Stender stender at debian.org
Sat Aug 17 12:28:53 BST 2019


Hi people,

American Fuzzy Lop (AFL/security binary fuzzer) in the archive [1] was updates lately (2.53b) but
remains to be build against LLVM 6.0. Trying to build it with >= 7.0 yields in a Segfault on testing
afl-clang-fast [2].

I've been pointed to the fact that Google (the project moved to Github [3]) isn't further developing AFL
anymore [4], therefore I'm going to remove AFL from the archive.

On the side: I've filed a RFP for the fork AFL++ [5], which is actively developed (upstream developers say
it's even LLVM-9 ready) and could replace AFL for Debian (and possibly work for the reverse-dependencies
afl-cov and python-afl).

Volunteers for fixing AFL 2.53b in the archive (so that we can keep it at least until the RFP get fulfilled)
[and packaging AFL++] welcome. I've tried to incorporate fixes from the AFL++ guys [6], but it didn't
worked out here.

Best,
Daniel Stender

[1] https://tracker.debian.org/pkg/afl

[2] https://bugs.debian.org/912785 (afl: doesn't build with LLVM 7 (segfault))

[3] https://github.com/google/afl

[4] https://twitter.com/Dor3s/status/1154737061787660288

[5] https://bugs.debian.org/934964 (RFP: afl++ -- security related binary fuzzer (fork of American Fuzzy Lop))

[6] https://github.com/vanhauser-thc/afl-patches

-- 
4096R/DF5182C8
https://danielstender.com



More information about the Pkg-llvm-team mailing list