8c0ecc91b5
blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
26 lines
723 B
Makefile
26 lines
723 B
Makefile
################################################################################
|
|
#
|
|
# blktrace
|
|
#
|
|
################################################################################
|
|
|
|
BLKTRACE_VERSION = 1.2.0
|
|
BLKTRACE_SITE = http://brick.kernel.dk/snaps
|
|
BLKTRACE_DEPENDENCIES = libaio
|
|
BLKTRACE_LICENSE = GPL-2.0+
|
|
BLKTRACE_LICENSE_FILES = COPYING
|
|
|
|
# 0001-btt-make-device-devno-use-PATH_MAX-to-avoid-overflow.patch
|
|
BLKTRACE_IGNORE_CVES += CVE-2018-10689
|
|
|
|
define BLKTRACE_BUILD_CMDS
|
|
$(TARGET_MAKE_ENV) $(MAKE1) -C $(@D) $(TARGET_CONFIGURE_OPTS)
|
|
endef
|
|
|
|
define BLKTRACE_INSTALL_TARGET_CMDS
|
|
$(TARGET_MAKE_ENV) $(MAKE1) -C $(@D) $(TARGET_CONFIGURE_OPTS) install \
|
|
DESTDIR=$(TARGET_DIR) prefix=/usr
|
|
endef
|
|
|
|
$(eval $(generic-package))
|