Fusil 1.4 (2011-02-16)

• Python 3 support
• fusil-python:
  • improve function listing all Python modules: use sys.builtin_module_names and pkgutil.iter_modules()
  • blacklist more modules, classes and functions

Fusil 1.3.2 (2010-01-09)

• replay.py: set sys.path to ease the usage of Fusil without installing it
• Fix fusil-gettext: ignore strace errors in locateMO()
• fusil-python:
  • hide Python warnings
  • listAllModules() includes builtin modules
  • new option --only-c to test only modules written in C
  • fix memory leak: unload tested modules
  • fix getFunctions(): use also isclass() to detect classes
• Disable Fusil process maximum memory limit

Fusil 1.3.1 (2009-11-09)

• fusil-python: autodiscover all modules instead of using a static list of modules, catch any exception when loading a module, only fuzz public functions (use module.__all__)
• FileWatch: ignore duplicate parts on session rename
• Remove session name parts duplicate (eg. "pickle-error-error" => "picke-error")
• replay.py: don't redirect stdin to /dev/null if --ptrace is used
• CPU probe: set max duration from 3 to 10 seconds (and rename the session on success)

Fusil 1.3 (2009-09-18)

• Create fusil-gimp
• Remove charset from WriteCode: use builtin open() instead codecs.open() because files created by open() are much faster
• Optimize FileWatch: don't recompile patterns at each session
• fusil now depends on python-ptrace 0.6
• Don't use close_fds argument of subprocess.Popen() on Windows
• Fix configuration reader: normal_calm_load, normal_calm_sleep, slow_calm_load, slow_calm_sleep keys global options are float, not integer
• Project website moved to http://bitbucket.org/haypo/fusil/wiki/Home
• FileWatch uses the pattern to rename the session

Fusil 1.2.1 (2009-02-06)

• Fix mangle agent of the Image Magick fuzzer
• Fix AttachProcessPID() probe: stop the probe at process exit

Fusil 1.2 (2009-02-04)

User visible changes:

• Fusil now requires Python 2.5
• Documentation: write an index (index.rst) and an user guide (usage.rst)
• Replay script: copy HOME environment for GDB and catch setuid() error
• fusil-firefox: support more file formats (bmp, gif, ico, png, svg), create --test command line option, write the HTML page into index.html file
• fusil-python: write errors to stderr (instead of stdout) to avoid unicode error (especially with Python3)
• FileWatch: rename the session with "long_output" if the program wrote more than max_nbline lines
• fusil-python: blacklist posix.fork() to avoid false positive
• If the process is killed by a signal, rename the session using the signal name (already worked if the debugger was disabled)

Developer changes:

• MangleAgent supports multiple input files
• Create DummyMangle: agent with MangleFile API but don't touch file content to test the fuzzer
• Network: close() method of NetworkClient and ServerClient use shutdown(SHUT_RDWR)
• NetworkServer uses a backlog of 5 clients for socket.listen() (instead of 1)

Bugfixes:

• Fix Directory.rmtree() and replay script for Python 3.0
• Fix ServerClient.sendBytes(): use socket.send() result to get the next data offset

Fusil 1.1 (2008-10-22)

User visible changes:

• replay.py: ask confirmation if the fuzzer will not be running under a different user or as root
• Even with --force-unsafe, show safety warning if the fuzzer is running as the root user
• Close files for child processes (close_fds=True)
• Fix directory.rmtree() for Python 3.0 final

Developer changes:

• Create IntegerRangeGenerator in fusil.unicode_generator
• Create EnvVarIntegerRange in fusil.process.env
• Create fusil-wizzard fuzzer
• Write timestamp in session.log
• Add session() method to ProjectAgent
• Add NAME attribute to a fuzzer, reused to choose the project directory name

Bugfixes:

• Fix Debugger.processSignal(): use the process agent to send the message (session_rename) since the debugger agent may be disabled
• Fix replay.py: quote gdb arguments escape quote and antislash characters (eg. "text="Hello\n".")
• replay.py uses /dev/null for stdin as Fusil does
• FileWatch: open file in binary mode to use bytes in Python3

Fusil 1.0 final (2008-09-13)

Visible changes:

• Create fusil-zzuf fuzzer (use the zzuf library)
• Create fusil-vlc fuzzer (VLC media player)
• For each session, generate a Python script (replay.py) to replay the session. The script can run the target in gdb, valgrind or gdb.py (python-ptrace debugger), with many options (--user, --limit, etc.)
• Create --force-unsafe option, like --unsafe without the confirmation
• CreateProcess is now a probe (with a score): if the debugger catchs a fatal signal, the session stops
• Always use a null device as stdin for child processes to avoid blocking the fuzzer if the process reads stdin (eg. call getchar())
• Write the created process identifier in the logs

Developer:

• Create EnvVarIntegerRange: environment variable with an integer value in a fixed range
• Changes to get a minimal Windows support: disable "change user/group" feature on Windows; remove log file before removing the project directory; use ":NUL" instead of /dev/null for null input/output
• On setupProject() error, make sure that the project is cleaned
• Close stdout files (input and output) at process exit (fix needed by Windows)
• Rename long2raw() to uint2bytes(), and bytes2long() to bytes2uint()
• Normalize score that make sure that a probe score is in range [-1; +1] and so that score*weight is in range[-weight; +weight]
• CodeC: remove method lines(), writeCode() is renamed writeIntoFile(), use unicode strings (instead of byte strings)
• Remove StdoutFile class, code merged in CreateProcess