From 9dc750496a3ce6041c42058b7c3fee6d4132814a Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Sat, 27 Apr 2024 01:06:27 +0300 Subject: [PATCH] import gdcm-3.0.12-7.el9 --- SOURCES/171.patch | 40 ++++++++++++++++++++++ SOURCES/TALOS-2024-1924.patch | 63 +++++++++++++++++++++++++++++++++++ SOURCES/TALOS-2024-1935.patch | 38 +++++++++++++++++++++ SOURCES/TALOS-2024-1944.patch | 36 ++++++++++++++++++++ SPECS/gdcm.spec | 44 +++++++++++++++++------- 5 files changed, 209 insertions(+), 12 deletions(-) create mode 100644 SOURCES/171.patch create mode 100644 SOURCES/TALOS-2024-1924.patch create mode 100644 SOURCES/TALOS-2024-1935.patch create mode 100644 SOURCES/TALOS-2024-1944.patch diff --git a/SOURCES/171.patch b/SOURCES/171.patch new file mode 100644 index 0000000..1a858b8 --- /dev/null +++ b/SOURCES/171.patch @@ -0,0 +1,40 @@ +From 37a7a2e60e310056553a39d1fd9a9fda6e565e7b Mon Sep 17 00:00:00 2001 +From: Sandro +Date: Fri, 19 Apr 2024 15:18:43 +0200 +Subject: [PATCH] Python 3.13: Replace deprecated PyEval_CallObject() + +The function has been deprecated since Python 3.9 and will be removed +from Python 3.13. + +See: https://docs.python.org/3.13/whatsnew/3.13.html#id9 +--- + Wrapping/Python/gdcmswig.i | 2 +- + Wrapping/SWIGCommon/gdcmcommon.i | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Wrapping/Python/gdcmswig.i b/Wrapping/Python/gdcmswig.i +index a2aa3760db..820178b599 100644 +--- a/Wrapping/Python/gdcmswig.i ++++ b/Wrapping/Python/gdcmswig.i +@@ -623,7 +623,7 @@ static bool callback_helper(gdcm::DataSet const & ds1, gdcm::DataSet const & ds2 + /* fail */ + assert(0); + } +- result = PyEval_CallObject(func, arglist); ++ result = PyObject_CallObject(func, arglist); + Py_DECREF(arglist); + if (result && result != Py_None) { + PyErr_SetString(PyExc_TypeError, +diff --git a/Wrapping/SWIGCommon/gdcmcommon.i b/Wrapping/SWIGCommon/gdcmcommon.i +index 8794bce14c..449cf8c77a 100644 +--- a/Wrapping/SWIGCommon/gdcmcommon.i ++++ b/Wrapping/SWIGCommon/gdcmcommon.i +@@ -631,7 +631,7 @@ static bool callback_helper(gdcm::DataSet const & ds1, gdcm::DataSet const & ds2 + /* fail */ + assert(0); + } +- result = PyEval_CallObject(func, arglist); ++ result = PyObject_CallObject(func, arglist); + Py_DECREF(arglist); + if (result && result != Py_None) { + PyErr_SetString(PyExc_TypeError, diff --git a/SOURCES/TALOS-2024-1924.patch b/SOURCES/TALOS-2024-1924.patch new file mode 100644 index 0000000..bf8bac4 --- /dev/null +++ b/SOURCES/TALOS-2024-1924.patch @@ -0,0 +1,63 @@ +From 21a793095ab3aecb794c56439873e5b181ea9d91 Mon Sep 17 00:00:00 2001 +From: Mathieu Malaterre +Date: Wed, 21 Feb 2024 02:00:38 -0800 +Subject: [PATCH] Remove symptoms of TALOS-2024-1924 + + +diff --git a/Source/DataStructureAndEncodingDefinition/gdcmElement.h b/Source/DataStructureAndEncodingDefinition/gdcmElement.h +index b49b093dc..15fb3a117 100644 +--- a/Source/DataStructureAndEncodingDefinition/gdcmElement.h ++++ b/Source/DataStructureAndEncodingDefinition/gdcmElement.h +@@ -473,7 +473,7 @@ public: + assert( _is ); // Is stream valid ? + _is.read( reinterpret_cast(data+0), type_size); + for(unsigned long i=1; i(data+i), type_size ); + } + //ByteSwap::SwapRangeFromSwapCodeIntoSystem(data, +@@ -489,7 +489,7 @@ public: + assert( _is ); // Is stream valid ? + _is.read( reinterpret_cast(data+0), type_size); + for(unsigned long i=1; i(data+i), type_size ); + } + //ByteSwap::SwapRangeFromSwapCodeIntoSystem(data, +diff --git a/Source/MediaStorageAndFileFormat/gdcmLookupTable.cxx b/Source/MediaStorageAndFileFormat/gdcmLookupTable.cxx +index 0d5a99c40..2c566923b 100644 +--- a/Source/MediaStorageAndFileFormat/gdcmLookupTable.cxx ++++ b/Source/MediaStorageAndFileFormat/gdcmLookupTable.cxx +@@ -130,7 +130,10 @@ void LookupTable::SetLUT(LookupTableType type, const unsigned char *array, + + if( !IncompleteLUT ) + { +- assert( Internal->RGB.size() == 3*Internal->Length[type]*(BitSample/8) ); ++ if( Internal->RGB.size() != 3*Internal->Length[type]*(BitSample/8) ) { ++ gdcmErrorMacro( "Invalid length for LUT data" ); ++ return; ++ } + } + // Too funny: 05115014-mr-siemens-avanto-syngo-with-palette-icone.dcm + // There is pseudo PALETTE_COLOR LUT in the Icon, if one look carefully the LUT values +diff --git a/Source/MediaStorageAndFileFormat/gdcmPixmapReader.cxx b/Source/MediaStorageAndFileFormat/gdcmPixmapReader.cxx +index 9c30ff8b9..258a23c1f 100644 +--- a/Source/MediaStorageAndFileFormat/gdcmPixmapReader.cxx ++++ b/Source/MediaStorageAndFileFormat/gdcmPixmapReader.cxx +@@ -306,8 +306,12 @@ static void DoIconImage(const DataSet& rootds, Pixmap& image) + unsigned long check = + (el_us3.GetValue(0) ? el_us3.GetValue(0) : 65536) + * el_us3.GetValue(2) / 8; +- assert( check == lut_raw->GetLength() || 2 * check == lut_raw->GetLength() +- || check + 1 == lut_raw->GetLength() ); (void)check; ++ if(!( check == lut_raw->GetLength() || 2 * check == lut_raw->GetLength() ++ || check + 1 == lut_raw->GetLength() )) { ++ gdcmErrorMacro( "Icon Sequence is invalid. Giving up" ); ++ pixeldata.Clear(); ++ return; ++ } + } + else if( ds.FindDataElement( seglut ) ) + { diff --git a/SOURCES/TALOS-2024-1935.patch b/SOURCES/TALOS-2024-1935.patch new file mode 100644 index 0000000..28ce975 --- /dev/null +++ b/SOURCES/TALOS-2024-1935.patch @@ -0,0 +1,38 @@ +From 371c2d937e37b08a46eeb0628c553ce4608a45df Mon Sep 17 00:00:00 2001 +From: Mathieu Malaterre +Date: Wed, 21 Feb 2024 02:18:35 -0800 +Subject: [PATCH] Remove symptoms from TALOS-2024-1935 + + +diff --git a/Source/MediaStorageAndFileFormat/gdcmImageChangeTransferSyntax.cxx b/Source/MediaStorageAndFileFormat/gdcmImageChangeTransferSyntax.cxx +index fcb61e611..9457c5e9b 100644 +--- a/Source/MediaStorageAndFileFormat/gdcmImageChangeTransferSyntax.cxx ++++ b/Source/MediaStorageAndFileFormat/gdcmImageChangeTransferSyntax.cxx +@@ -421,6 +421,7 @@ bool ImageChangeTransferSyntax::Change() + if( !b ) + { + gdcmErrorMacro( "Error in getting buffer from input image." ); ++ delete bv0; + return false; + } + pixeldata.SetValue( *bv0 ); +diff --git a/Source/MediaStorageAndFileFormat/gdcmJPEG2000Codec.cxx b/Source/MediaStorageAndFileFormat/gdcmJPEG2000Codec.cxx +index 10ac23cca..430a24a87 100644 +--- a/Source/MediaStorageAndFileFormat/gdcmJPEG2000Codec.cxx ++++ b/Source/MediaStorageAndFileFormat/gdcmJPEG2000Codec.cxx +@@ -826,8 +826,13 @@ std::pair JPEG2000Codec::DecodeByStreamsCommon(char *dummy_buffe + + // ELSCINT1_JP2vsJ2K.dcm + // -> prec = 12, bpp = 0, sgnd = 0 +- //assert( wr == Dimensions[0] ); +- //assert( hr == Dimensions[1] ); ++ if( wr != Dimensions[0] || hr != Dimensions[1] ) { ++ gdcmErrorMacro("Invalid dimension"); ++ delete[] raw; ++ opj_destroy_codec(dinfo); ++ opj_image_destroy(image); ++ return std::pair(nullptr,0); ++ } + if( comp->sgnd != PF.GetPixelRepresentation() ) + { + PF.SetPixelRepresentation( (uint16_t)comp->sgnd ); diff --git a/SOURCES/TALOS-2024-1944.patch b/SOURCES/TALOS-2024-1944.patch new file mode 100644 index 0000000..20544a8 --- /dev/null +++ b/SOURCES/TALOS-2024-1944.patch @@ -0,0 +1,36 @@ +From dda17aa8d5939e4e255ebba67aacf34b09d88692 Mon Sep 17 00:00:00 2001 +From: Mathieu Malaterre +Date: Wed, 21 Feb 2024 02:44:55 -0800 +Subject: [PATCH] Remove symptoms from TALOS-2024-1944 + + +diff --git a/Source/MediaStorageAndFileFormat/gdcmRAWCodec.cxx b/Source/MediaStorageAndFileFormat/gdcmRAWCodec.cxx +index 19f739399..46392461e 100644 +--- a/Source/MediaStorageAndFileFormat/gdcmRAWCodec.cxx ++++ b/Source/MediaStorageAndFileFormat/gdcmRAWCodec.cxx +@@ -112,9 +112,7 @@ bool RAWCodec::DecodeBytes(const char* inBytes, size_t inBufferLength, + if(!r) return false; + + std::string str = os.str(); +- //std::string::size_type check = str.size();//unused + +- + if( this->GetPixelFormat() == PixelFormat::UINT12 || + this->GetPixelFormat() == PixelFormat::INT12 ) + { +@@ -135,7 +133,14 @@ bool RAWCodec::DecodeBytes(const char* inBytes, size_t inBufferLength, + // DermaColorLossLess.dcm + //assert (check == inOutBufferLength || check == inOutBufferLength + 1); + // problem with: SIEMENS_GBS_III-16-ACR_NEMA_1.acr +- memcpy(outBytes, str.c_str(), inOutBufferLength); ++ size_t len = str.size(); ++ if( inOutBufferLength <= len ) ++ memcpy(outBytes, str.c_str(), inOutBufferLength); ++ else ++ { ++ gdcmWarningMacro( "Requesting too much data. Truncating result" ); ++ memcpy(outBytes, str.c_str(), len); ++ } + } + + return r; diff --git a/SPECS/gdcm.spec b/SPECS/gdcm.spec index f51c100..09bb420 100644 --- a/SPECS/gdcm.spec +++ b/SPECS/gdcm.spec @@ -1,10 +1,11 @@ ## START: Set by rpmautospec -## (rpmautospec version 0.2.6) -%define autorelease(e:s:pb:) %{?-p:0.}%{lua: - release_number = 5; +## (rpmautospec version 0.6.3) +## RPMAUTOSPEC: autorelease, autochangelog +%define autorelease(e:s:pb:n) %{?-p:0.}%{lua: + release_number = 7; base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); print(release_number + base_release_number - 1); -}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{?dist} +}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} ## END: Set by rpmautospec # Enabled by default @@ -26,7 +27,15 @@ Source1: http://downloads.sourceforge.net/project/gdcm/gdcmData/gdcmData/gdcm Patch1: 0001-3.0.1-Use-copyright.patch # Fix for 1687233 -Patch3: 0002-Fix-export-variables.patch +Patch2: 0002-Fix-export-variables.patch +# Python 3.13: Replace deprecated PyEval_CallObject() +Patch3: https://github.com/malaterre/GDCM/pull/171.patch +# TALOS-2024-1924: https://bugzilla.redhat.com/show_bug.cgi?id=2277288 +Patch4: TALOS-2024-1924.patch +# TALOS-2024-1935: https://bugzilla.redhat.com/show_bug.cgi?id=2277292 +Patch5: TALOS-2024-1935.patch +# TALOS-2024-1944: https://bugzilla.redhat.com/show_bug.cgi?id=2277296 +Patch6: TALOS-2024-1944.patch BuildRequires: CharLS-devel >= 2.0 BuildRequires: cmake @@ -275,28 +284,38 @@ make test -C %{__cmake_builddir} || exit 0 %{python3_sitearch}/__pycache__/%{name}* %changelog +## START: Generated by rpmautospec +* Fri Apr 26 2024 Sandro - 3.0.12-7 +- Apply security patches +- Fix TALOS-2024-1924, CVE-2024-22391 (RHBZ#2277288) +- Fix TALOS-2024-1935, CVE-2024-22373 (RHBZ#2277292) +- Fix TALOS-2024-1944, CVE-2024-25569 (RHBZ#2277296) + +* Fri Apr 26 2024 Sandro - 3.0.12-6 +- Replace deprecated PyEval_CallObject() (RHBZ#2245816) + * Wed Jan 10 2024 MSVSphere Packaging Team - 3.0.12-5 - Rebuilt for MSVSphere 9.3 -* Tue Aug 02 2022 Ankur Sinha (Ankur Sinha Gmail) 3.0.12-5 +* Tue Aug 02 2022 Ankur Sinha (Ankur Sinha Gmail) - 3.0.12-5 - chore: rebuild for poppler 22.08.0 -* Thu Jul 21 2022 Fedora Release Engineering 3.0.12-4 +* Thu Jul 21 2022 Fedora Release Engineering - 3.0.12-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild -* Mon Jun 13 2022 Python Maint 3.0.12-3 +* Mon Jun 13 2022 Python Maint - 3.0.12-3 - Rebuilt for Python 3.11 -* Fri May 20 2022 Sandro Mani 3.0.12-2 +* Fri May 20 2022 Sandro Mani - 3.0.12-2 - Rebuild for gdal-3.5.0 and/or openjpeg-2.5.0 -* Sat Apr 02 2022 Ankur Sinha (Ankur Sinha Gmail) 3.0.12-1 +* Sat Apr 02 2022 Ankur Sinha (Ankur Sinha Gmail) - 3.0.12-1 - feat: update to 3.0.12 (fixes rhbz#2068208) -* Tue Feb 08 2022 Ankur Sinha (Ankur Sinha Gmail) 3.0.10-1 +* Tue Feb 08 2022 Ankur Sinha (Ankur Sinha Gmail) - 3.0.10-1 - feat: to 3.0.10 (fixes #2011596) -* Thu Jan 20 2022 Fedora Release Engineering 3.0.9-6 +* Thu Jan 20 2022 Fedora Release Engineering - 3.0.9-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Tue Sep 14 2021 Sahana Prasad - 3.0.9-3 @@ -786,3 +805,4 @@ already included upstream - Initial RPM Release +## END: Generated by rpmautospec