Accepting request 969759 from home:mnhauke:sdr-devel

- Add patch to fix security issue: CVE-2022-27419 (bsc#1198434) * 0001-Fix-overflow-in-Acurite-00275rm-closes-2012.patch OBS-URL: https://build.opensuse.org/request/show/969759 OBS-URL: https://build.opensuse.org/package/show/hardware:sdr/rtl_433?expand=0&rev=25
2022-04-13 08:46:58 +00:00 · 2022-04-13 08:46:58 +00:00 · b60d5aea72
commit b60d5aea72
parent 557ebfa642
3 changed files with 45 additions and 2 deletions
--- a/0001-Fix-overflow-in-Acurite-00275rm-closes-2012.patch
+++ b/0001-Fix-overflow-in-Acurite-00275rm-closes-2012.patch
@ -0,0 +1,35 @@
+From 37455483889bd1c641bdaafc493d1cc236b74904 Mon Sep 17 00:00:00 2001
+From: "Christian W. Zuckschwerdt" <christian@zuckschwerdt.org>
+Date: Fri, 18 Mar 2022 08:09:15 +0100
+Subject: [PATCH] Fix overflow in Acurite-00275rm (closes #2012)
+
+---
+ src/devices/acurite.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/devices/acurite.c b/src/devices/acurite.c
+index 6879e52d..4f3e83eb 100644
+--- a/src/devices/acurite.c
+++ b/src/devices/acurite.c
+@@ -1318,15 +1318,15 @@ static int acurite_00275rm_decode(r_device *decoder, bitbuffer_t *bitbuffer)
+ 
+     // Combine signal if exactly three repeats were found
+     if (n_rows == 3) {
+-        uint8_t *b = bitbuffer->bb[bitbuffer->num_rows];
+        bitbuffer_add_row(bitbuffer);
+        uint8_t *b = bitbuffer->bb[bitbuffer->num_rows - 1];
+         for (int i = 0; i < 11; ++i) {
+             // The majority bit count wins
+             b[i] = (b_rows[0][i] & b_rows[1][i]) |
+                     (b_rows[1][i] & b_rows[2][i]) |
+                     (b_rows[2][i] & b_rows[0][i]);
+         }
+-        bitbuffer->bits_per_row[bitbuffer->num_rows] = 88;
+-        bitbuffer->num_rows += 1;
+        bitbuffer->bits_per_row[bitbuffer->num_rows - 1] = 88;
+     }
+ 
+     // Output the first valid row
+-- 
+2.35.1
+
--- a/rtl_433.changes
+++ b/rtl_433.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Apr 13 08:32:49 UTC 2022 - Martin Hauke <mardnh@gmx.de>
+
+- Add patch to fix security issue: CVE-2022-27419 (bsc#1198434)
+  * 0001-Fix-overflow-in-Acurite-00275rm-closes-2012.patch
+
 -------------------------------------------------------------------
 Thu Dec 16 18:39:08 UTC 2021 - Martin Hauke <mardnh@gmx.de>

--- a/rtl_433.spec
+++ b/rtl_433.spec
@ -1,8 +1,8 @@
 #
 # spec file for package rtl_433
 #
-# Copyright (c) 2021 SUSE LLC
-# Copyright (c) 2017-2021, Martin Hauke <mardnh@gmx.de>
+# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2017-2022, Martin Hauke <mardnh@gmx.de>
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -25,6 +25,7 @@ License:        GPL-2.0-only
 Group:          Productivity/Hamradio/Other
 URL:            https://github.com/merbanan/rtl_433.git
 Source:         https://github.com/merbanan/rtl_433/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Patch0:         0001-Fix-overflow-in-Acurite-00275rm-closes-2012.patch
 BuildRequires:  cmake
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(SoapySDR)
@ -48,6 +49,7 @@ to make use of rtl_433.

 %prep
 %setup -q
+%patch0 -p1

 %build
 %cmake \