Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package dcmtk for openSUSE:Factory checked
in at 2025-01-14 16:22:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dcmtk (Old)
and /work/SRC/openSUSE:Factory/.dcmtk.new.1881 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dcmtk"
Tue Jan 14 16:22:31 2025 rev:32 rq:1237553 version:3.6.9
Changes:
--------
--- /work/SRC/openSUSE:Factory/dcmtk/dcmtk.changes 2024-11-21
15:14:59.820398571 +0100
+++ /work/SRC/openSUSE:Factory/.dcmtk.new.1881/dcmtk.changes 2025-01-14
16:23:31.912203577 +0100
@@ -1,0 +2,21 @@
+Mon Jan 13 18:43:39 UTC 2025 - Christophe Marin <christo...@krop.fr>
+
+- Update to 3.6.9. See DOCS/CHANGES.368 for the full list of changes
+- Drop patches, merged upstream:
+ * 0001-Fixed-buffer-overflow-in-decompression-codecs.patch
+ * 0001-Fixed-possible-overflows-when-allocating-memory.patch
+ * 0001-Fixed-two-segmentation-faults.patch
+ * 0001-Fixed-unchecked-typecasts-of-DcmItem-search-results.patch
+ * 0002-Fixed-unchecked-typecasts-and-fixed-LUT-handling.patch
+ * 0003-Fixed-wrong-error-handling-previous-commit.patch
+ * 0001-Fixed-DcmDecimalString-unit-tests.patch
+ * 0001-Fixed-link-instructions-for-libtiff.patch
+ * 0001-Fix-find_package-library-variables-for-libtiff.patch
+- Add patches:
+ * 0001-Added-check-to-make-sure-HighBit-BitsAllocated.patch
+ (CVE-2024-52333, boo#1235811)
+ * 0001-Replaced-call-of-delete-by-delete.patch
+ * 0001-Fixed-issue-rendering-invalid-monochrome-image.patch
+ (CVE-2024-47796, boo#1235810)
+
+-------------------------------------------------------------------
Old:
----
0001-Fix-find_package-library-variables-for-libtiff.patch
0001-Fixed-DcmDecimalString-unit-tests.patch
0001-Fixed-buffer-overflow-in-decompression-codecs.patch
0001-Fixed-link-instructions-for-libtiff.patch
0001-Fixed-possible-overflows-when-allocating-memory.patch
0001-Fixed-two-segmentation-faults.patch
0001-Fixed-unchecked-typecasts-of-DcmItem-search-results.patch
0002-Fixed-unchecked-typecasts-and-fixed-LUT-handling.patch
0003-Fixed-wrong-error-handling-previous-commit.patch
dcmtk-3.6.8.tar.gz
New:
----
0001-Added-check-to-make-sure-HighBit-BitsAllocated.patch
0001-Fixed-issue-rendering-invalid-monochrome-image.patch
0001-Replaced-call-of-delete-by-delete.patch
dcmtk-3.6.9.tar.gz
BETA DEBUG BEGIN:
Old: * 0001-Fixed-link-instructions-for-libtiff.patch
* 0001-Fix-find_package-library-variables-for-libtiff.patch
- Add patches:
Old: * 0003-Fixed-wrong-error-handling-previous-commit.patch
* 0001-Fixed-DcmDecimalString-unit-tests.patch
* 0001-Fixed-link-instructions-for-libtiff.patch
Old:- Drop patches, merged upstream:
* 0001-Fixed-buffer-overflow-in-decompression-codecs.patch
* 0001-Fixed-possible-overflows-when-allocating-memory.patch
Old: * 0001-Fixed-DcmDecimalString-unit-tests.patch
* 0001-Fixed-link-instructions-for-libtiff.patch
* 0001-Fix-find_package-library-variables-for-libtiff.patch
Old: * 0001-Fixed-buffer-overflow-in-decompression-codecs.patch
* 0001-Fixed-possible-overflows-when-allocating-memory.patch
* 0001-Fixed-two-segmentation-faults.patch
Old: * 0001-Fixed-possible-overflows-when-allocating-memory.patch
* 0001-Fixed-two-segmentation-faults.patch
* 0001-Fixed-unchecked-typecasts-of-DcmItem-search-results.patch
Old: * 0001-Fixed-two-segmentation-faults.patch
* 0001-Fixed-unchecked-typecasts-of-DcmItem-search-results.patch
* 0002-Fixed-unchecked-typecasts-and-fixed-LUT-handling.patch
Old: * 0001-Fixed-unchecked-typecasts-of-DcmItem-search-results.patch
* 0002-Fixed-unchecked-typecasts-and-fixed-LUT-handling.patch
* 0003-Fixed-wrong-error-handling-previous-commit.patch
Old: * 0002-Fixed-unchecked-typecasts-and-fixed-LUT-handling.patch
* 0003-Fixed-wrong-error-handling-previous-commit.patch
* 0001-Fixed-DcmDecimalString-unit-tests.patch
BETA DEBUG END:
BETA DEBUG BEGIN:
New:- Add patches:
* 0001-Added-check-to-make-sure-HighBit-BitsAllocated.patch
(CVE-2024-52333, boo#1235811)
New: * 0001-Replaced-call-of-delete-by-delete.patch
* 0001-Fixed-issue-rendering-invalid-monochrome-image.patch
(CVE-2024-47796, boo#1235810)
New: (CVE-2024-52333, boo#1235811)
* 0001-Replaced-call-of-delete-by-delete.patch
* 0001-Fixed-issue-rendering-invalid-monochrome-image.patch
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dcmtk.spec ++++++
--- /var/tmp/diff_new_pack.CNvwXV/_old 2025-01-14 16:23:32.480227081 +0100
+++ /var/tmp/diff_new_pack.CNvwXV/_new 2025-01-14 16:23:32.480227081 +0100
@@ -16,26 +16,20 @@
#
-%define abiversion 18
+%define abiversion 19
Name: dcmtk
-Version: 3.6.8
+Version: 3.6.9
Release: 0
Summary: DICOM Toolkit
License: Apache-2.0 AND BSD-3-Clause
URL: https://dicom.offis.de/dcmtk.php.en
-Source0:
ftp://dicom.offis.de/pub/dicom/offis/software/dcmtk/release/%{name}-%{version}.tar.gz
+Source0:
https://dicom.offis.de/download/dcmtk/dcmtk369/%{name}-%{version}.tar.gz
# PATCH-FIX-OPENSUSE dcmtk-fix-DCMTKTargets.cmake.patch -- Do not track
executables to be able to use dcmtk-devel without dcmtk package
Patch0: dcmtk-fix-DCMTKTargets.cmake.patch
# PATCH-FIX-UPSTREAM
-Patch1: 0001-Fixed-buffer-overflow-in-decompression-codecs.patch
-Patch2: 0001-Fixed-possible-overflows-when-allocating-memory.patch
-Patch3: 0001-Fixed-two-segmentation-faults.patch
-Patch4: 0001-Fixed-unchecked-typecasts-of-DcmItem-search-results.patch
-Patch5: 0002-Fixed-unchecked-typecasts-and-fixed-LUT-handling.patch
-Patch6: 0003-Fixed-wrong-error-handling-previous-commit.patch
-Patch7: 0001-Fixed-DcmDecimalString-unit-tests.patch
-Patch8: 0001-Fixed-link-instructions-for-libtiff.patch
-Patch9: 0001-Fix-find_package-library-variables-for-libtiff.patch
+Patch1: 0001-Added-check-to-make-sure-HighBit-BitsAllocated.patch
+Patch2: 0001-Replaced-call-of-delete-by-delete.patch
+Patch3: 0001-Fixed-issue-rendering-invalid-monochrome-image.patch
BuildRequires: cmake
BuildRequires: doxygen
BuildRequires: fdupes
@@ -88,7 +82,8 @@
-DDCMTK_WITH_XML=ON \
-DDCMTK_WITH_OPENSSL=ON \
-DDCMTK_WITH_SNDFILE=ON \
- -DDCMTK_WITH_ZLIB=ON}
+ -DDCMTK_WITH_ZLIB=ON \
+ -DCMAKE_INSTALL_SYSCONFDIR=%{_sysconfdir}}
%cmake_build
@@ -123,7 +118,6 @@
%{_mandir}/man1/*
%files devel
-%license COPYRIGHT
%{_includedir}/dcmtk/
%{_libdir}/*.so
%{_libdir}/cmake/dcmtk/
++++++ 0001-Added-check-to-make-sure-HighBit-BitsAllocated.patch ++++++
>From 03e851b0586d05057c3268988e180ffb426b2e03 Mon Sep 17 00:00:00 2001
From: Joerg Riesmeier <di...@jriesmeier.com>
Date: Fri, 3 Jan 2025 16:08:44 +0100
Subject: [PATCH] Added check to make sure: HighBit < BitsAllocated.
Added check to the image preprocessing to make sure that the value of
HighBit is always less than the value of BitsAllocated. Before, this
missing check could lead to memory corruption if an invalid combination
of values was retrieved from a malformed DICOM dataset.
Thanks to Emmanuel Tacheau from the Cisco Talos team
<vulndiscov...@external.cisco.com> for the report, sample file (PoC)
and detailed analysis. See TALOS-2024-2121 and CVE-2024-52333.
---
dcmimgle/libsrc/diimage.cc | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/dcmimgle/libsrc/diimage.cc b/dcmimgle/libsrc/diimage.cc
index 480235e3b..1827ac68b 100644
--- a/dcmimgle/libsrc/diimage.cc
+++ b/dcmimgle/libsrc/diimage.cc
@@ -1,6 +1,6 @@
/*
*
- * Copyright (C) 1996-2024, OFFIS e.V.
+ * Copyright (C) 1996-2025, OFFIS e.V.
* All rights reserved. See COPYRIGHT file for details.
*
* This software and supporting documentation were developed by
@@ -549,12 +549,18 @@ void DiImage::convertPixelData()
{
const unsigned long fsize = OFstatic_cast(unsigned long, Rows) *
OFstatic_cast(unsigned long, Columns) *
OFstatic_cast(unsigned long, SamplesPerPixel);
- if ((BitsAllocated < 1) || (BitsStored < 1) || (BitsAllocated <
BitsStored) ||
- (BitsStored > OFstatic_cast(Uint16, HighBit + 1)))
+ if ((BitsAllocated < 1) || (BitsStored < 1))
{
ImageStatus = EIS_InvalidValue;
- DCMIMGLE_ERROR("invalid values for 'BitsAllocated' (" <<
BitsAllocated << "), "
- << "'BitsStored' (" << BitsStored << ") and/or 'HighBit' (" <<
HighBit << ")");
+ DCMIMGLE_ERROR("invalid value(s) for 'BitsAllocated' (" <<
BitsAllocated << "), "
+ << "and/or 'BitsStored' (" << BitsStored << ")");
+ return;
+ }
+ else if ((BitsAllocated < BitsStored) || (BitsAllocated <= HighBit) ||
((BitsStored - 1) > HighBit))
+ {
+ ImageStatus = EIS_InvalidValue;
+ DCMIMGLE_ERROR("invalid combination of values for 'BitsAllocated'
(" << BitsAllocated << "), "
+ << "'BitsStored' (" << BitsStored << ") and 'HighBit' (" <<
HighBit << ")");
return;
}
else if ((evr == EVR_OB) && (BitsStored <= 8))
--
2.47.1
++++++ 0001-Fixed-issue-rendering-invalid-monochrome-image.patch ++++++
>From 89a6e399f1e17d08a8bc8cdaa05b2ac9a50cd4f6 Mon Sep 17 00:00:00 2001
From: Joerg Riesmeier <di...@jriesmeier.com>
Date: Sat, 11 Jan 2025 17:59:39 +0100
Subject: [PATCH] Fixed issue rendering invalid monochrome image.
Fixed issue when rendering an invalid monochrome DICOM image where the
number of pixels stored does not match the expected number of pixels.
If the stored number is less than the expected number, the rest of the
pixel matrix for the intermediate representation was always filled with
the value 0. Under certain, very rare conditions, this could result in
memory problems reported by an Address Sanitizer (ASAN). Now, the rest
of the matrix is filled with the smallest possible value for the image.
Thanks to Emmanuel Tacheau from the Cisco Talos team
<vulndiscov...@external.cisco.com> for the original report, the sample
file (PoC) and further details. See TALOS-2024-2122 and CVE-2024-47796.
---
dcmimgle/include/dcmtk/dcmimgle/dimoipxt.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/dcmimgle/include/dcmtk/dcmimgle/dimoipxt.h
b/dcmimgle/include/dcmtk/dcmimgle/dimoipxt.h
index e749a6b16..50389a540 100644
--- a/dcmimgle/include/dcmtk/dcmimgle/dimoipxt.h
+++ b/dcmimgle/include/dcmtk/dcmimgle/dimoipxt.h
@@ -72,9 +72,9 @@ class DiMonoInputPixelTemplate
rescale(pixel); // "copy" or reference
pixel data
this->determineMinMax(OFstatic_cast(T3,
this->Modality->getMinValue()), OFstatic_cast(T3,
this->Modality->getMaxValue()));
}
- /* erase empty part of the buffer (= blacken the background) */
+ /* erase empty part of the buffer (= fill the background with the
smallest possible value) */
if ((this->Data != NULL) && (this->InputCount < this->Count))
- OFBitmanipTemplate<T3>::zeroMem(this->Data + this->InputCount,
this->Count - this->InputCount);
+ OFBitmanipTemplate<T3>::setMem(this->Data + this->InputCount,
OFstatic_cast(T3, this->Modality->getAbsMinimum()), this->Count -
this->InputCount);
}
}
--
2.47.1
++++++ 0001-Replaced-call-of-delete-by-delete.patch ++++++
>From f192e0cd43af21021454a69016c565b89bfd8e90 Mon Sep 17 00:00:00 2001
From: Joerg Riesmeier <di...@jriesmeier.com>
Date: Sat, 11 Jan 2025 17:47:15 +0100
Subject: [PATCH] Replaced call of delete by delete[].
This issue has been reported by the gcc address sanitizer (using option
-fsanitize=address).
---
dcmimgle/libsrc/diimage.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dcmimgle/libsrc/diimage.cc b/dcmimgle/libsrc/diimage.cc
index 1827ac68b..0f5258758 100644
--- a/dcmimgle/libsrc/diimage.cc
+++ b/dcmimgle/libsrc/diimage.cc
@@ -889,7 +889,7 @@ int DiImage::writeBMP(FILE *stream,
result = 1;
}
/* delete pixel data */
- delete OFstatic_cast(char *, data); // type cast necessary to
avoid compiler warnings using gcc >2.95
+ delete[] OFstatic_cast(char *, data);
}
return result;
}
--
2.47.1
++++++ dcmtk-3.6.8.tar.gz -> dcmtk-3.6.9.tar.gz ++++++
/work/SRC/openSUSE:Factory/dcmtk/dcmtk-3.6.8.tar.gz
/work/SRC/openSUSE:Factory/.dcmtk.new.1881/dcmtk-3.6.9.tar.gz differ: char 5,
line 1
++++++ dcmtk-fix-DCMTKTargets.cmake.patch ++++++
--- /var/tmp/diff_new_pack.CNvwXV/_old 2025-01-14 16:23:32.540229563 +0100
+++ /var/tmp/diff_new_pack.CNvwXV/_new 2025-01-14 16:23:32.544229729 +0100
@@ -10,7 +10,7 @@
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/CMake/GenerateCMakeExports.cmake
b/CMake/GenerateCMakeExports.cmake
-index 4512624..11205e3 100644
+index b4f44e4..0e3cc3c 100644
--- a/CMake/GenerateCMakeExports.cmake
+++ b/CMake/GenerateCMakeExports.cmake
@@ -18,8 +18,8 @@
@@ -25,10 +25,10 @@
# Get and store libraries to DCMTKTargets.cmake within the build's main dir
get_property(DCMTK_LIBRARY_TARGETS GLOBAL PROPERTY DCMTK_LIBRARY_TARGETS)
diff --git a/CMake/dcmtkMacros.cmake b/CMake/dcmtkMacros.cmake
-index 6cbce0a..0844e58 100644
+index bd35469..b318a56 100644
--- a/CMake/dcmtkMacros.cmake
+++ b/CMake/dcmtkMacros.cmake
-@@ -64,7 +64,7 @@ macro(DCMTK_ADD_EXECUTABLE PROGRAM)
+@@ -63,7 +63,7 @@ macro(DCMTK_ADD_EXECUTABLE PROGRAM)
# declare installation files, also export DCMTKTargets.cmake
install(TARGETS ${PROGRAM}
@@ -37,7 +37,4 @@
COMPONENT bin
DESTINATION ${CMAKE_INSTALL_BINDIR})
endif()
---
-2.37.1
-
