import gdcm-3.0.12-7.el9

SOURCES/171.patch

@@ -0,0 +1,40 @@
+From 37a7a2e60e310056553a39d1fd9a9fda6e565e7b Mon Sep 17 00:00:00 2001
+From: Sandro <devel@penguinpee.nl>
+Date: Fri, 19 Apr 2024 15:18:43 +0200
+Subject: [PATCH] Python 3.13: Replace deprecated PyEval_CallObject()
+
+The function has been deprecated since Python 3.9 and will be removed
+from Python 3.13.
+
+See: https://docs.python.org/3.13/whatsnew/3.13.html#id9
+---
+ Wrapping/Python/gdcmswig.i       | 2 +-
+ Wrapping/SWIGCommon/gdcmcommon.i | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Wrapping/Python/gdcmswig.i b/Wrapping/Python/gdcmswig.i
+index a2aa3760db..820178b599 100644
+--- a/Wrapping/Python/gdcmswig.i
++++ b/Wrapping/Python/gdcmswig.i
+@@ -623,7 +623,7 @@ static bool callback_helper(gdcm::DataSet const & ds1, gdcm::DataSet const & ds2
+     /* fail */
+     assert(0);
+   }
+-  result = PyEval_CallObject(func, arglist);
++  result = PyObject_CallObject(func, arglist);
+   Py_DECREF(arglist);
+   if (result && result != Py_None) {
+     PyErr_SetString(PyExc_TypeError,
+diff --git a/Wrapping/SWIGCommon/gdcmcommon.i b/Wrapping/SWIGCommon/gdcmcommon.i
+index 8794bce14c..449cf8c77a 100644
+--- a/Wrapping/SWIGCommon/gdcmcommon.i
++++ b/Wrapping/SWIGCommon/gdcmcommon.i
+@@ -631,7 +631,7 @@ static bool callback_helper(gdcm::DataSet const & ds1, gdcm::DataSet const & ds2
+     /* fail */
+     assert(0);
+   }
+-  result = PyEval_CallObject(func, arglist);
++  result = PyObject_CallObject(func, arglist);
+   Py_DECREF(arglist);
+   if (result && result != Py_None) {
+     PyErr_SetString(PyExc_TypeError,

SOURCES/TALOS-2024-1924.patch

@@ -0,0 +1,63 @@
+From 21a793095ab3aecb794c56439873e5b181ea9d91 Mon Sep 17 00:00:00 2001
+From: Mathieu Malaterre <mathieu.malaterre@gmail.com>
+Date: Wed, 21 Feb 2024 02:00:38 -0800
+Subject: [PATCH] Remove symptoms of TALOS-2024-1924
+
+
+diff --git a/Source/DataStructureAndEncodingDefinition/gdcmElement.h b/Source/DataStructureAndEncodingDefinition/gdcmElement.h
+index b49b093dc..15fb3a117 100644
+--- a/Source/DataStructureAndEncodingDefinition/gdcmElement.h
++++ b/Source/DataStructureAndEncodingDefinition/gdcmElement.h
+@@ -473,7 +473,7 @@ public:
+     assert( _is ); // Is stream valid ?
+     _is.read( reinterpret_cast<char*>(data+0), type_size);
+     for(unsigned long i=1; i<length; ++i) {
+-      assert( _is );
++      if( _is )
+       _is.read( reinterpret_cast<char*>(data+i), type_size );
+     }
+     //ByteSwap<T>::SwapRangeFromSwapCodeIntoSystem(data,
+@@ -489,7 +489,7 @@ public:
+     assert( _is ); // Is stream valid ?
+     _is.read( reinterpret_cast<char*>(data+0), type_size);
+     for(unsigned long i=1; i<length; ++i) {
+-      assert( _is );
++      if( _is )
+       _is.read( reinterpret_cast<char*>(data+i), type_size );
+     }
+     //ByteSwap<T>::SwapRangeFromSwapCodeIntoSystem(data,
+diff --git a/Source/MediaStorageAndFileFormat/gdcmLookupTable.cxx b/Source/MediaStorageAndFileFormat/gdcmLookupTable.cxx
+index 0d5a99c40..2c566923b 100644
+--- a/Source/MediaStorageAndFileFormat/gdcmLookupTable.cxx
++++ b/Source/MediaStorageAndFileFormat/gdcmLookupTable.cxx
+@@ -130,7 +130,10 @@ void LookupTable::SetLUT(LookupTableType type, const unsigned char *array,
+ 
+   if( !IncompleteLUT )
+     {
+-    assert( Internal->RGB.size() == 3*Internal->Length[type]*(BitSample/8) );
++    if( Internal->RGB.size() != 3*Internal->Length[type]*(BitSample/8) ) {
++      gdcmErrorMacro( "Invalid length for LUT data" );
++      return;
++    }
+     }
+   // Too funny: 05115014-mr-siemens-avanto-syngo-with-palette-icone.dcm
+   // There is pseudo PALETTE_COLOR LUT in the Icon, if one look carefully the LUT values
+diff --git a/Source/MediaStorageAndFileFormat/gdcmPixmapReader.cxx b/Source/MediaStorageAndFileFormat/gdcmPixmapReader.cxx
+index 9c30ff8b9..258a23c1f 100644
+--- a/Source/MediaStorageAndFileFormat/gdcmPixmapReader.cxx
++++ b/Source/MediaStorageAndFileFormat/gdcmPixmapReader.cxx
+@@ -306,8 +306,12 @@ static void DoIconImage(const DataSet& rootds, Pixmap& image)
+           unsigned long check =
+             (el_us3.GetValue(0) ? el_us3.GetValue(0) : 65536)
+             * el_us3.GetValue(2) / 8;
+-          assert( check == lut_raw->GetLength() || 2 * check == lut_raw->GetLength()
+-            || check + 1 == lut_raw->GetLength() ); (void)check;
++          if(!( check == lut_raw->GetLength() || 2 * check == lut_raw->GetLength()
++            || check + 1 == lut_raw->GetLength() )) {
++          gdcmErrorMacro( "Icon Sequence is invalid. Giving up" );
++          pixeldata.Clear();
++          return;
++	  }
+           }
+         else if( ds.FindDataElement( seglut ) )
+           {

SOURCES/TALOS-2024-1935.patch

@@ -0,0 +1,38 @@
+From 371c2d937e37b08a46eeb0628c553ce4608a45df Mon Sep 17 00:00:00 2001
+From: Mathieu Malaterre <mathieu.malaterre@gmail.com>
+Date: Wed, 21 Feb 2024 02:18:35 -0800
+Subject: [PATCH] Remove symptoms from TALOS-2024-1935
+
+
+diff --git a/Source/MediaStorageAndFileFormat/gdcmImageChangeTransferSyntax.cxx b/Source/MediaStorageAndFileFormat/gdcmImageChangeTransferSyntax.cxx
+index fcb61e611..9457c5e9b 100644
+--- a/Source/MediaStorageAndFileFormat/gdcmImageChangeTransferSyntax.cxx
++++ b/Source/MediaStorageAndFileFormat/gdcmImageChangeTransferSyntax.cxx
+@@ -421,6 +421,7 @@ bool ImageChangeTransferSyntax::Change()
+     if( !b )
+       {
+       gdcmErrorMacro( "Error in getting buffer from input image." );
++      delete bv0;
+       return false;
+       }
+     pixeldata.SetValue( *bv0 );
+diff --git a/Source/MediaStorageAndFileFormat/gdcmJPEG2000Codec.cxx b/Source/MediaStorageAndFileFormat/gdcmJPEG2000Codec.cxx
+index 10ac23cca..430a24a87 100644
+--- a/Source/MediaStorageAndFileFormat/gdcmJPEG2000Codec.cxx
++++ b/Source/MediaStorageAndFileFormat/gdcmJPEG2000Codec.cxx
+@@ -826,8 +826,13 @@ std::pair<char *, size_t> JPEG2000Codec::DecodeByStreamsCommon(char *dummy_buffe
+ 
+     // ELSCINT1_JP2vsJ2K.dcm
+     // -> prec = 12, bpp = 0, sgnd = 0
+-    //assert( wr == Dimensions[0] );
+-    //assert( hr == Dimensions[1] );
++    if( wr != Dimensions[0] || hr != Dimensions[1] ) {
++	    gdcmErrorMacro("Invalid dimension");
++	    delete[] raw;
++    opj_destroy_codec(dinfo);
++  opj_image_destroy(image);
++    return std::pair<char*,size_t>(nullptr,0);
++    }
+     if( comp->sgnd != PF.GetPixelRepresentation() )
+       {
+       PF.SetPixelRepresentation( (uint16_t)comp->sgnd );

SOURCES/TALOS-2024-1944.patch

@@ -0,0 +1,36 @@
+From dda17aa8d5939e4e255ebba67aacf34b09d88692 Mon Sep 17 00:00:00 2001
+From: Mathieu Malaterre <mathieu.malaterre@gmail.com>
+Date: Wed, 21 Feb 2024 02:44:55 -0800
+Subject: [PATCH] Remove symptoms from TALOS-2024-1944
+
+
+diff --git a/Source/MediaStorageAndFileFormat/gdcmRAWCodec.cxx b/Source/MediaStorageAndFileFormat/gdcmRAWCodec.cxx
+index 19f739399..46392461e 100644
+--- a/Source/MediaStorageAndFileFormat/gdcmRAWCodec.cxx
++++ b/Source/MediaStorageAndFileFormat/gdcmRAWCodec.cxx
+@@ -112,9 +112,7 @@ bool RAWCodec::DecodeBytes(const char* inBytes, size_t inBufferLength,
+   if(!r) return false;
+ 
+   std::string str = os.str();
+-  //std::string::size_type check = str.size();//unused
+ 
+-  
+   if( this->GetPixelFormat() == PixelFormat::UINT12 ||
+       this->GetPixelFormat() == PixelFormat::INT12 )
+     {
+@@ -135,7 +133,14 @@ bool RAWCodec::DecodeBytes(const char* inBytes, size_t inBufferLength,
+     // DermaColorLossLess.dcm
+     //assert (check == inOutBufferLength || check == inOutBufferLength + 1);
+     // problem with: SIEMENS_GBS_III-16-ACR_NEMA_1.acr
+-    memcpy(outBytes, str.c_str(), inOutBufferLength);
++    size_t len = str.size();
++    if( inOutBufferLength <= len )
++      memcpy(outBytes, str.c_str(), inOutBufferLength);
++    else
++    {
++      gdcmWarningMacro( "Requesting too much data. Truncating result" );
++      memcpy(outBytes, str.c_str(), len);
++    }
+     }
+ 
+   return r;

SPECS/gdcm.spec

@@ -1,10 +1,11 @@
 ## START: Set by rpmautospec
-## (rpmautospec version 0.2.6)
-%define autorelease(e:s:pb:) %{?-p:0.}%{lua:
-    release_number = 5;
+## (rpmautospec version 0.6.3)
+## RPMAUTOSPEC: autorelease, autochangelog
+%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
+    release_number = 7;
     base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
     print(release_number + base_release_number - 1);
-}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{?dist}
+}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
 ## END: Set by rpmautospec
 
 # Enabled by default
@@ -26,7 +27,15 @@ Source1:    http://downloads.sourceforge.net/project/gdcm/gdcmData/gdcmData/gdcm
 
 Patch1: 0001-3.0.1-Use-copyright.patch
 # Fix for 1687233
-Patch3: 0002-Fix-export-variables.patch
+Patch2: 0002-Fix-export-variables.patch
+# Python 3.13: Replace deprecated PyEval_CallObject()
+Patch3:     https://github.com/malaterre/GDCM/pull/171.patch
+# TALOS-2024-1924: https://bugzilla.redhat.com/show_bug.cgi?id=2277288
+Patch4:     TALOS-2024-1924.patch
+# TALOS-2024-1935: https://bugzilla.redhat.com/show_bug.cgi?id=2277292
+Patch5:     TALOS-2024-1935.patch
+# TALOS-2024-1944: https://bugzilla.redhat.com/show_bug.cgi?id=2277296
+Patch6:    TALOS-2024-1944.patch
 
 BuildRequires:  CharLS-devel >= 2.0
 BuildRequires:  cmake
@@ -275,28 +284,38 @@ make test -C %{__cmake_builddir} || exit 0
 %{python3_sitearch}/__pycache__/%{name}*
 
 %changelog
+## START: Generated by rpmautospec
+* Fri Apr 26 2024 Sandro <devel@penguinpee.nl> - 3.0.12-7
+- Apply security patches
+- Fix TALOS-2024-1924, CVE-2024-22391 (RHBZ#2277288)
+- Fix TALOS-2024-1935, CVE-2024-22373 (RHBZ#2277292)
+- Fix TALOS-2024-1944, CVE-2024-25569 (RHBZ#2277296)
+
+* Fri Apr 26 2024 Sandro <devel@penguinpee.nl> - 3.0.12-6
+- Replace deprecated PyEval_CallObject() (RHBZ#2245816)
+
 * Wed Jan 10 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 3.0.12-5
 - Rebuilt for MSVSphere 9.3
 
-* Tue Aug 02 2022 Ankur Sinha (Ankur Sinha Gmail) <sanjay.ankur@gmail.com> 3.0.12-5
+* Tue Aug 02 2022 Ankur Sinha (Ankur Sinha Gmail) <sanjay.ankur@gmail.com> - 3.0.12-5
 - chore: rebuild for poppler 22.08.0
 
-* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> 3.0.12-4
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.12-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 
-* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> 3.0.12-3
+* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 3.0.12-3
 - Rebuilt for Python 3.11
 
-* Fri May 20 2022 Sandro Mani <manisandro@gmail.com> 3.0.12-2
+* Fri May 20 2022 Sandro Mani <manisandro@gmail.com> - 3.0.12-2
 - Rebuild for gdal-3.5.0 and/or openjpeg-2.5.0
 
-* Sat Apr 02 2022 Ankur Sinha (Ankur Sinha Gmail) <sanjay.ankur@gmail.com> 3.0.12-1
+* Sat Apr 02 2022 Ankur Sinha (Ankur Sinha Gmail) <sanjay.ankur@gmail.com> - 3.0.12-1
 - feat: update to 3.0.12 (fixes rhbz#2068208)
 
-* Tue Feb 08 2022 Ankur Sinha (Ankur Sinha Gmail) <sanjay.ankur@gmail.com> 3.0.10-1
+* Tue Feb 08 2022 Ankur Sinha (Ankur Sinha Gmail) <sanjay.ankur@gmail.com> - 3.0.10-1
 - feat: to 3.0.10 (fixes #2011596)
 
-* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> 3.0.9-6
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.9-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 
 * Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 3.0.9-3
@@ -786,3 +805,4 @@ already included upstream
 - Initial RPM Release
 
 
+## END: Generated by rpmautospec