From 79a69b14efd9cd3befceeddcc844a42bdbfdb47c Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Mon, 8 Aug 2022 15:30:48 +0200
Subject: 4.03a

---
 docs/Changelog.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'docs')

diff --git a/docs/Changelog.md b/docs/Changelog.md
index 957f6206..ec517104 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -8,6 +8,10 @@
 Want to stay in the loop on major new features? Join our mailing list by
 sending a mail to <afl-users+subscribe@googlegroups.com>.
 
+### Version ++4.03a (dev)
+  - ... your PR? :)
+
+
 ### Version ++4.02c (release)
   - afl-cc:
     - important fix for the default pcguard mode when LLVM IR vector
@@ -22,7 +26,6 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
     - change post_process hook to allow returning NULL and 0 length to
       tell afl-fuzz to skip this mutated input
 
-
 ### Version ++4.01c (release)
   - fixed */build_...sh scripts to work outside of git
   - new custom_mutator: libafl with token fuzzing :)
-- 
cgit v1.2.3


From 3200e6515b9cc988d0d8dccd27257baccc8df021 Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Sun, 14 Aug 2022 12:24:42 +0200
Subject: add AFL_NO_STARTUP_CALIBRATION feature

---
 docs/Changelog.md        | 9 ++++++++-
 docs/env_variables.md    | 3 +++
 docs/fuzzing_in_depth.md | 7 +++++++
 3 files changed, 18 insertions(+), 1 deletion(-)

(limited to 'docs')

diff --git a/docs/Changelog.md b/docs/Changelog.md
index ec517104..f5847ade 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -9,7 +9,14 @@ Want to stay in the loop on major new features? Join our mailing list by
 sending a mail to <afl-users+subscribe@googlegroups.com>.
 
 ### Version ++4.03a (dev)
-  - ... your PR? :)
+  - afl-fuzz:
+    - added AFL_NO_STARTUP_CALIBRATION to start fuzzing at once instead
+      of calibrating all initial seeds first. Good for large queues
+      and long execution times, especially in CIs.
+  - qemu_mode:
+    - added AFL_QEMU_TRACK_UNSTABLE to log the addresses of unstable
+      edges (together with AFL_DEBUG=1 afl-fuzz). thanks to
+      worksbutnottested!
 
 
 ### Version ++4.02c (release)
diff --git a/docs/env_variables.md b/docs/env_variables.md
index 00948fc1..bb54357b 100644
--- a/docs/env_variables.md
+++ b/docs/env_variables.md
@@ -462,6 +462,9 @@ checks or alter some of the more exotic semantics of the tool:
     some basic stats. This behavior is also automatically triggered when the
     output from afl-fuzz is redirected to a file or to a pipe.
 
+  - Setting `AFL_NO_STARTUP_CALIBRATION` will skip the initial calibration
+    of all starting seeds, and start fuzzing at once.
+
   - In QEMU mode (-Q) and FRIDA mode (-O), `AFL_PATH` will be searched for
     afl-qemu-trace and afl-frida-trace.so.
 
diff --git a/docs/fuzzing_in_depth.md b/docs/fuzzing_in_depth.md
index 37889137..92c9910b 100644
--- a/docs/fuzzing_in_depth.md
+++ b/docs/fuzzing_in_depth.md
@@ -626,6 +626,9 @@ from other fuzzers in the campaign first.
 
 If you have a large corpus, a corpus from a previous run or are fuzzing in a CI,
 then also set `export AFL_CMPLOG_ONLY_NEW=1` and `export AFL_FAST_CAL=1`.
+If the queue in the CI is huge and/or the execution time is slow then you can
+also add `AFL_NO_STARTUP_CALIBRATION=1` to skip the initial queue calibration
+phase and start fuzzing at once.
 
 You can also use different fuzzers. If you are using AFL spinoffs or AFL
 conforming fuzzers, then just use the same -o directory and give it a unique
@@ -902,6 +905,10 @@ complex file formats.
 Some notes on continuous integration (CI) fuzzing - this fuzzing is different to
 normal fuzzing campaigns as these are much shorter runnings.
 
+If the queue in the CI is huge and/or the execution time is slow then you can
+also add `AFL_NO_STARTUP_CALIBRATION=1` to skip the initial queue calibration
+phase and start fuzzing at once.
+
 1. Always:
     * LTO has a much longer compile time which is diametrical to short fuzzing -
       hence use afl-clang-fast instead.
-- 
cgit v1.2.3


From 1a3b463c4cceabc38b7de83f67813e841153b536 Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Sun, 14 Aug 2022 12:55:04 +0200
Subject: add build report

---
 docs/Changelog.md | 1 +
 1 file changed, 1 insertion(+)

(limited to 'docs')

diff --git a/docs/Changelog.md b/docs/Changelog.md
index f5847ade..2ce1d85c 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -9,6 +9,7 @@ Want to stay in the loop on major new features? Join our mailing list by
 sending a mail to <afl-users+subscribe@googlegroups.com>.
 
 ### Version ++4.03a (dev)
+  - Building now gives a build summary what succeeded and what not
   - afl-fuzz:
     - added AFL_NO_STARTUP_CALIBRATION to start fuzzing at once instead
       of calibrating all initial seeds first. Good for large queues
-- 
cgit v1.2.3


From 4e980713851c522436b6a6813f27dd95dd4e5fae Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Sun, 14 Aug 2022 14:40:26 +0200
Subject: better handling of -fsanitize=..,...,.. lists

---
 docs/Changelog.md | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'docs')

diff --git a/docs/Changelog.md b/docs/Changelog.md
index 2ce1d85c..d07cef54 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -14,6 +14,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
     - added AFL_NO_STARTUP_CALIBRATION to start fuzzing at once instead
       of calibrating all initial seeds first. Good for large queues
       and long execution times, especially in CIs.
+  - afl-cc:
+    - better handling of -fsanitize=..,...,.. lists
   - qemu_mode:
     - added AFL_QEMU_TRACK_UNSTABLE to log the addresses of unstable
       edges (together with AFL_DEBUG=1 afl-fuzz). thanks to
-- 
cgit v1.2.3


From ba14c353c07d19ad37916947708a9c26537c6d62 Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Mon, 15 Aug 2022 18:31:45 +0200
Subject: get map size from binaries within afl-cmin*

---
 docs/Changelog.md | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'docs')

diff --git a/docs/Changelog.md b/docs/Changelog.md
index d07cef54..c5934c4a 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -16,6 +16,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
       and long execution times, especially in CIs.
   - afl-cc:
     - better handling of -fsanitize=..,...,.. lists
+    - obtain the map size of a target with setting AFL_DUMP_MAP_SIZE=1
+      note that this will exit the target before main()
   - qemu_mode:
     - added AFL_QEMU_TRACK_UNSTABLE to log the addresses of unstable
       edges (together with AFL_DEBUG=1 afl-fuzz). thanks to
-- 
cgit v1.2.3


From 843ef46b2128f95b5820a0fe89c7ae57f6fcf65b Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Tue, 16 Aug 2022 10:05:52 +0200
Subject: fix docs

---
 docs/FAQ.md     | 15 +++++++++++++++
 docs/INSTALL.md |  4 ++--
 2 files changed, 17 insertions(+), 2 deletions(-)

(limited to 'docs')

diff --git a/docs/FAQ.md b/docs/FAQ.md
index 1822e46b..4a9080f8 100644
--- a/docs/FAQ.md
+++ b/docs/FAQ.md
@@ -255,3 +255,18 @@ If you find an interesting or important question missing, submit it via
 
   Solution: `git pull ; make clean install` of AFL++.
 </p></details>
+
+<details>
+  <summary id="afl-map-size-warning">AFL++ map size warning.</summary><p>
+
+  When you run a large instrumented program stand-alone or via afl-showmap
+  you might see a warning like the following:
+
+  ```
+  Warning: AFL++ tools might need to set AFL_MAP_SIZE to 223723 to be able to run this instrumented program if this crashes!
+  ```
+
+  Depending how the target works it might also crash afterwards.
+
+  Solution: just do an `export AFL_MAP_SIZE=(the value in the warning)`.
+</p></details>
diff --git a/docs/INSTALL.md b/docs/INSTALL.md
index 4f2b7174..86ba916f 100644
--- a/docs/INSTALL.md
+++ b/docs/INSTALL.md
@@ -21,8 +21,8 @@ development state of AFL++.
 If you want to build AFL++ yourself, you have many options. The easiest choice
 is to build and install everything:
 
-NOTE: depending on your Debian/Ubuntu/Kali/... version release `-12` with
-whatever llvm version is available!
+NOTE: depending on your Debian/Ubuntu/Kali/... release, replace `-12` with
+whatever llvm version is available. We recommend llvm 12, 13 or 14.
 
 ```shell
 sudo apt-get update
-- 
cgit v1.2.3


From 7b2145b914ba3c8443437c68ae29458d832b1e35 Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Fri, 19 Aug 2022 09:16:17 +0200
Subject: shorter calibration

---
 docs/Changelog.md | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'docs')

diff --git a/docs/Changelog.md b/docs/Changelog.md
index c5934c4a..e4c59978 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -14,6 +14,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
     - added AFL_NO_STARTUP_CALIBRATION to start fuzzing at once instead
       of calibrating all initial seeds first. Good for large queues
       and long execution times, especially in CIs.
+    - default calibration cycles set to 7 from 8, and only add 5 cycles
+      to variables queue items instead of 12.
   - afl-cc:
     - better handling of -fsanitize=..,...,.. lists
     - obtain the map size of a target with setting AFL_DUMP_MAP_SIZE=1
-- 
cgit v1.2.3


From 88ff8aa81e41717abb3d72f8714fdc38591b81a7 Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Thu, 25 Aug 2022 08:47:30 +0200
Subject: fix gcc_mode cmplog

---
 docs/Changelog.md | 1 +
 1 file changed, 1 insertion(+)

(limited to 'docs')

diff --git a/docs/Changelog.md b/docs/Changelog.md
index e4c59978..842b727b 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -18,6 +18,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
       to variables queue items instead of 12.
   - afl-cc:
     - better handling of -fsanitize=..,...,.. lists
+    - fix gcc_mode cmplog
     - obtain the map size of a target with setting AFL_DUMP_MAP_SIZE=1
       note that this will exit the target before main()
   - qemu_mode:
-- 
cgit v1.2.3