Projects / Fusil / Releases

All releases of Fusil

  •  09 Apr 2010 03:25
Avatar

    Release Notes: sys.path is set in replay.py to ease the usage of Fusil without installing it. fusil-gettext was fixed to ignore strace errors in locateMO(). In fusil-python, Python warnings are hidden, listAllModules() includes builtin modules, and a new "only-c" option was added. A memory leak was fixed by unloading tested modules. getFunctions() was fixed to use also isclass() to detect classes. Fusil process maximum memory limit was disabled.

    •  17 Sep 2009 23:51
    Avatar

      Release Notes: A new fuzzer for Gimp (fusil-gimp) was created. The project Web site was moved to Bitbucket and the source code is now managed by Mercurial. Fusil has been optimized. For example, a binary file is used instead of a Unicode file to write code (WriteCode class), and the regex is not recompiled for each session (FileWatch class). Usage of Popen() for Windows was fixed. Fusil now depends on python-ptrace 0.6.

      •  06 Feb 2009 09:00
      Avatar

        Release Notes: A user guide and a document index were written. The HOME environment variable is copied for GDB in the replay script. More file formats (bmp, gif, ico, png, svg) are supported in fusil-firefox. fusil-python writes errors to stderr to avoid Unicode errors (especially with Python3). FileWatch renames the session to "long_output" if the program wrote more than max_nbline lines. posix.fork() is blacklisted in fusil-python to avoid false positives.

        •  31 Jan 2009 03:51
        Avatar

          Release Notes: replay.py now asks for confirmation if the fuzzer will not be running under a different user or as root. Even with --force-unsafe, a safety warning is shown if the fuzzer is running as the root user. Files for child processes are closed (close_fds=True). IntegerRangeGenerator was created in fusil.unicode_generator. EnvVarIntegerRange was created in fusil.process.env. A fusil-wizzard fuzzer was added. Timestamps are now written in session.log.

          •  13 Sep 2008 04:28
          Avatar

            Release Notes: This release adds vlc and zzuf fuzzers, a replay.py script with many options (e.g. --valgrind), and a --force-unsafe option (like --unsafe but without the confirmation). It always uses a null device as stdin for child processes to avoid blocking the fuzzer if the process reads stdin. The created process identifier is written in the logs.

            •  03 Sep 2008 14:28
            Avatar

              Release Notes: The session is renamed using the process exit status (exit code or signal). Execution progress is displayed. The total number of processes is limited (to protect against fork bombs) and a core dump is allowed. Bugs introduced by the user switching were fixed. Compatibility with Python 3000 and FreeBSD was improved.

              •  24 Aug 2008 13:41
              Avatar

                Release Notes: A fuzzer is now an executable program (instead of a file loaded by a Fusil script). Child processes are run as a different user and group to avoid removing arbitrary files or killing arbitrary processes. The session directory is renamed on success with strings like "invalid_read" or "timeout". For each session, a shell script is created to replay the session (and another to replay in gdb). python-ptrace is used to trace child processes (catch and diplay signals). A configuration file (~/.config/fusil.conf) is created. A session can be removed even if the directory contains generated files. There is improved Python 3.0 support.

                •  08 Jul 2008 20:13
                Avatar

                  Release Notes: Support for Mac OS X, PyPy, and Windows (partial). An incremental mangle algorithm. Fuzzers for the gstreamer, Firefox, and Python modules. Improved logging. Minor changes to get less false positives. Many bugfixes.

                  •  19 Dec 2007 10:52
                  Avatar

                    Release Notes: An "aggressivity" factor was created, which was used for mangle autoconfiguration: the score of the previous session is used to update the aggressivity factor, and this factor is used to compute the operation types and the number of operations. Fusil is now portable: it works at least on Linux, NetBSD, and Mac OS X. New command line options include --max-success (default: 5), --quiet, --fast, --slow, --keep-all-sessions, and --profiler. A new probe was added to process CPU usage and ProcessTimeWatch. A function to wait until system load is low was created.

                    •  29 Nov 2007 01:47
                    Avatar

                      Release Notes: This release is able to crash ClamAV, Image Magick, libc printf(), Mplayer, PHP, RPM, xterm, libc gettext, libc environment variables, libpoppler (pdf), vim, and more.

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.