PR#15: Backport security patches - rpms/gdcm

		`@@ -0,0 +1,40 @@`
		`+ From 37a7a2e60e310056553a39d1fd9a9fda6e565e7b Mon Sep 17 00:00:00 2001`
		`+ From: Sandro <devel@penguinpee.nl>`
		`+ Date: Fri, 19 Apr 2024 15:18:43 +0200`
		`+ Subject: [PATCH] Python 3.13: Replace deprecated PyEval_CallObject()`
		`+`
		`+ The function has been deprecated since Python 3.9 and will be removed`
		`+ from Python 3.13.`
		`+`
		`+ See: https://docs.python.org/3.13/whatsnew/3.13.html#id9`
		`+ ---`
		`+ Wrapping/Python/gdcmswig.i \| 2 +-`
		`+ Wrapping/SWIGCommon/gdcmcommon.i \| 2 +-`
		`+ 2 files changed, 2 insertions(+), 2 deletions(-)`
		`+`
		`+ diff --git a/Wrapping/Python/gdcmswig.i b/Wrapping/Python/gdcmswig.i`
		`+ index a2aa3760db..820178b599 100644`
		`+ --- a/Wrapping/Python/gdcmswig.i`
		`+ +++ b/Wrapping/Python/gdcmswig.i`
		`+ @@ -623,7 +623,7 @@ static bool callback_helper(gdcm::DataSet const & ds1, gdcm::DataSet const & ds2`
		`+ /* fail */`
		`+ assert(0);`
		`+ }`
		`+ - result = PyEval_CallObject(func, arglist);`
		`+ + result = PyObject_CallObject(func, arglist);`
		`+ Py_DECREF(arglist);`
		`+ if (result && result != Py_None) {`
		`+ PyErr_SetString(PyExc_TypeError,`
		`+ diff --git a/Wrapping/SWIGCommon/gdcmcommon.i b/Wrapping/SWIGCommon/gdcmcommon.i`
		`+ index 8794bce14c..449cf8c77a 100644`
		`+ --- a/Wrapping/SWIGCommon/gdcmcommon.i`
		`+ +++ b/Wrapping/SWIGCommon/gdcmcommon.i`
		`+ @@ -631,7 +631,7 @@ static bool callback_helper(gdcm::DataSet const & ds1, gdcm::DataSet const & ds2`
		`+ /* fail */`
		`+ assert(0);`
		`+ }`
		`+ - result = PyEval_CallObject(func, arglist);`
		`+ + result = PyObject_CallObject(func, arglist);`
		`+ Py_DECREF(arglist);`
		`+ if (result && result != Py_None) {`
		`+ PyErr_SetString(PyExc_TypeError,`

TALOS-2024-1924.patch

file added

+63

		`@@ -0,0 +1,63 @@`
		`+ From 21a793095ab3aecb794c56439873e5b181ea9d91 Mon Sep 17 00:00:00 2001`
		`+ From: Mathieu Malaterre <mathieu.malaterre@gmail.com>`
		`+ Date: Wed, 21 Feb 2024 02:00:38 -0800`
		`+ Subject: [PATCH] Remove symptoms of TALOS-2024-1924`
		`+`
		`+`
		`+ diff --git a/Source/DataStructureAndEncodingDefinition/gdcmElement.h b/Source/DataStructureAndEncodingDefinition/gdcmElement.h`
		`+ index b49b093dc..15fb3a117 100644`
		`+ --- a/Source/DataStructureAndEncodingDefinition/gdcmElement.h`
		`+ +++ b/Source/DataStructureAndEncodingDefinition/gdcmElement.h`
		`+ @@ -473,7 +473,7 @@ public:`
		`+ assert( _is ); // Is stream valid ?`
		`+ _is.read( reinterpret_cast<char*>(data+0), type_size);`
		`+ for(unsigned long i=1; i<length; ++i) {`
		`+ - assert( _is );`
		`+ + if( _is )`
		`+ _is.read( reinterpret_cast<char*>(data+i), type_size );`
		`+ }`
		`+ //ByteSwap<T>::SwapRangeFromSwapCodeIntoSystem(data,`
		`+ @@ -489,7 +489,7 @@ public:`
		`+ assert( _is ); // Is stream valid ?`
		`+ _is.read( reinterpret_cast<char*>(data+0), type_size);`
		`+ for(unsigned long i=1; i<length; ++i) {`
		`+ - assert( _is );`
		`+ + if( _is )`
		`+ _is.read( reinterpret_cast<char*>(data+i), type_size );`
		`+ }`
		`+ //ByteSwap<T>::SwapRangeFromSwapCodeIntoSystem(data,`
		`+ diff --git a/Source/MediaStorageAndFileFormat/gdcmLookupTable.cxx b/Source/MediaStorageAndFileFormat/gdcmLookupTable.cxx`
		`+ index 0d5a99c40..2c566923b 100644`
		`+ --- a/Source/MediaStorageAndFileFormat/gdcmLookupTable.cxx`
		`+ +++ b/Source/MediaStorageAndFileFormat/gdcmLookupTable.cxx`
		`+ @@ -130,7 +130,10 @@ void LookupTable::SetLUT(LookupTableType type, const unsigned char *array,`
		`+`
		`+ if( !IncompleteLUT )`
		`+ {`
		`+ - assert( Internal->RGB.size() == 3Internal->Length[type](BitSample/8) );`
		`+ + if( Internal->RGB.size() != 3Internal->Length[type](BitSample/8) ) {`
		`+ + gdcmErrorMacro( "Invalid length for LUT data" );`
		`+ + return;`
		`+ + }`
		`+ }`
		`+ // Too funny: 05115014-mr-siemens-avanto-syngo-with-palette-icone.dcm`
		`+ // There is pseudo PALETTE_COLOR LUT in the Icon, if one look carefully the LUT values`
		`+ diff --git a/Source/MediaStorageAndFileFormat/gdcmPixmapReader.cxx b/Source/MediaStorageAndFileFormat/gdcmPixmapReader.cxx`
		`+ index 9c30ff8b9..258a23c1f 100644`
		`+ --- a/Source/MediaStorageAndFileFormat/gdcmPixmapReader.cxx`
		`+ +++ b/Source/MediaStorageAndFileFormat/gdcmPixmapReader.cxx`
		`+ @@ -306,8 +306,12 @@ static void DoIconImage(const DataSet& rootds, Pixmap& image)`
		`+ unsigned long check =`
		`+ (el_us3.GetValue(0) ? el_us3.GetValue(0) : 65536)`
		`+ * el_us3.GetValue(2) / 8;`
		`+ - assert( check == lut_raw->GetLength() \|\| 2 * check == lut_raw->GetLength()`
		`+ - \|\| check + 1 == lut_raw->GetLength() ); (void)check;`
		`+ + if(!( check == lut_raw->GetLength() \|\| 2 * check == lut_raw->GetLength()`
		`+ + \|\| check + 1 == lut_raw->GetLength() )) {`
		`+ + gdcmErrorMacro( "Icon Sequence is invalid. Giving up" );`
		`+ + pixeldata.Clear();`
		`+ + return;`
		`+ + }`
		`+ }`
		`+ else if( ds.FindDataElement( seglut ) )`
		`+ {`

TALOS-2024-1935.patch

file added

+38

		`@@ -0,0 +1,38 @@`
		`+ From 371c2d937e37b08a46eeb0628c553ce4608a45df Mon Sep 17 00:00:00 2001`
		`+ From: Mathieu Malaterre <mathieu.malaterre@gmail.com>`
		`+ Date: Wed, 21 Feb 2024 02:18:35 -0800`
		`+ Subject: [PATCH] Remove symptoms from TALOS-2024-1935`
		`+`
		`+`
		`+ diff --git a/Source/MediaStorageAndFileFormat/gdcmImageChangeTransferSyntax.cxx b/Source/MediaStorageAndFileFormat/gdcmImageChangeTransferSyntax.cxx`
		`+ index fcb61e611..9457c5e9b 100644`
		`+ --- a/Source/MediaStorageAndFileFormat/gdcmImageChangeTransferSyntax.cxx`
		`+ +++ b/Source/MediaStorageAndFileFormat/gdcmImageChangeTransferSyntax.cxx`
		`+ @@ -421,6 +421,7 @@ bool ImageChangeTransferSyntax::Change()`
		`+ if( !b )`
		`+ {`
		`+ gdcmErrorMacro( "Error in getting buffer from input image." );`
		`+ + delete bv0;`
		`+ return false;`
		`+ }`
		`+ pixeldata.SetValue( *bv0 );`
		`+ diff --git a/Source/MediaStorageAndFileFormat/gdcmJPEG2000Codec.cxx b/Source/MediaStorageAndFileFormat/gdcmJPEG2000Codec.cxx`
		`+ index 10ac23cca..430a24a87 100644`
		`+ --- a/Source/MediaStorageAndFileFormat/gdcmJPEG2000Codec.cxx`
		`+ +++ b/Source/MediaStorageAndFileFormat/gdcmJPEG2000Codec.cxx`
		`+ @@ -826,8 +826,13 @@ std::pair<char , size_t> JPEG2000Codec::DecodeByStreamsCommon(char dummy_buffe`
		`+`
		`+ // ELSCINT1_JP2vsJ2K.dcm`
		`+ // -> prec = 12, bpp = 0, sgnd = 0`
		`+ - //assert( wr == Dimensions[0] );`
		`+ - //assert( hr == Dimensions[1] );`
		`+ + if( wr != Dimensions[0] \|\| hr != Dimensions[1] ) {`
		`+ + gdcmErrorMacro("Invalid dimension");`
		`+ + delete[] raw;`
		`+ + opj_destroy_codec(dinfo);`
		`+ + opj_image_destroy(image);`
		`+ + return std::pair<char*,size_t>(nullptr,0);`
		`+ + }`
		`+ if( comp->sgnd != PF.GetPixelRepresentation() )`
		`+ {`
		`+ PF.SetPixelRepresentation( (uint16_t)comp->sgnd );`

TALOS-2024-1944.patch

file added

+36

		`@@ -0,0 +1,36 @@`
		`+ From dda17aa8d5939e4e255ebba67aacf34b09d88692 Mon Sep 17 00:00:00 2001`
		`+ From: Mathieu Malaterre <mathieu.malaterre@gmail.com>`
		`+ Date: Wed, 21 Feb 2024 02:44:55 -0800`
		`+ Subject: [PATCH] Remove symptoms from TALOS-2024-1944`
		`+`
		`+`
		`+ diff --git a/Source/MediaStorageAndFileFormat/gdcmRAWCodec.cxx b/Source/MediaStorageAndFileFormat/gdcmRAWCodec.cxx`
		`+ index 19f739399..46392461e 100644`
		`+ --- a/Source/MediaStorageAndFileFormat/gdcmRAWCodec.cxx`
		`+ +++ b/Source/MediaStorageAndFileFormat/gdcmRAWCodec.cxx`
		`+ @@ -112,9 +112,7 @@ bool RAWCodec::DecodeBytes(const char* inBytes, size_t inBufferLength,`
		`+ if(!r) return false;`
		`+`
		`+ std::string str = os.str();`
		`+ - //std::string::size_type check = str.size();//unused`
		`+`
		`+ -`
		`+ if( this->GetPixelFormat() == PixelFormat::UINT12 \|\|`
		`+ this->GetPixelFormat() == PixelFormat::INT12 )`
		`+ {`
		`+ @@ -135,7 +133,14 @@ bool RAWCodec::DecodeBytes(const char* inBytes, size_t inBufferLength,`
		`+ // DermaColorLossLess.dcm`
		`+ //assert (check == inOutBufferLength \|\| check == inOutBufferLength + 1);`
		`+ // problem with: SIEMENS_GBS_III-16-ACR_NEMA_1.acr`
		`+ - memcpy(outBytes, str.c_str(), inOutBufferLength);`
		`+ + size_t len = str.size();`
		`+ + if( inOutBufferLength <= len )`
		`+ + memcpy(outBytes, str.c_str(), inOutBufferLength);`
		`+ + else`
		`+ + {`
		`+ + gdcmWarningMacro( "Requesting too much data. Truncating result" );`
		`+ + memcpy(outBytes, str.c_str(), len);`
		`+ + }`
		`+ }`
		`+`
		`+ return r;`

gdcm.spec

file modified

+21 -13

		`@@ -9,7 +9,7 @@`
		`%bcond_with texdocs`

		`Name: gdcm`
		`- Version: 3.0.23`
		`+ Version: 3.0.21`
		`Release: %autorelease`
		`Summary: Grassroots DiCoM is a C++ library to parse DICOM medical files`
		`# SPDX`
		`@@ -22,8 +22,16 @@`
		`Patch1: 0001-3.0.1-Use-copyright.patch`
		`# Fix for 1687233`
		`Patch2: 0002-Fix-export-variables.patch`
		`-`
		`- BuildRequires: CharLS-devel >= 2.2`
		`+ # Python 3.13: Replace deprecated PyEval_CallObject()`
		`+ Patch3: https://github.com/malaterre/GDCM/pull/171.patch`
		`+ # TALOS-2024-1924: https://bugzilla.redhat.com/show_bug.cgi?id=2277288`
		`+ Patch4: TALOS-2024-1924.patch`
		`+ # TALOS-2024-1935: https://bugzilla.redhat.com/show_bug.cgi?id=2277292`
		`+ Patch5: TALOS-2024-1935.patch`
		`+ # TALOS-2024-1944: https://bugzilla.redhat.com/show_bug.cgi?id=2277296`
		`+ Patch6: TALOS-2024-1944.patch`
		`+`
		`+ BuildRequires: CharLS-devel >= 2.0`
		`BuildRequires: cmake`
		`BuildRequires: doxygen`
		`BuildRequires: libxslt-devel`
		`@@ -191,25 +199,25 @@`
		`%doc AUTHORS README.md`
		`%license Copyright.txt README.Copyright.txt`
		`%{_libdir}/libgdcmCommon.so.3.0`
		`- %{_libdir}/libgdcmCommon.so.3.0.23`
		`+ %{_libdir}/libgdcmCommon.so.3.0.21`
		`%{_libdir}/libgdcmDICT.so.3.0`
		`- %{_libdir}/libgdcmDICT.so.3.0.23`
		`+ %{_libdir}/libgdcmDICT.so.3.0.21`
		`%{_libdir}/libgdcmDSED.so.3.0`
		`- %{_libdir}/libgdcmDSED.so.3.0.23`
		`+ %{_libdir}/libgdcmDSED.so.3.0.21`
		`%{_libdir}/libgdcmIOD.so.3.0`
		`- %{_libdir}/libgdcmIOD.so.3.0.23`
		`+ %{_libdir}/libgdcmIOD.so.3.0.21`
		`%{_libdir}/libgdcmMEXD.so.3.0`
		`- %{_libdir}/libgdcmMEXD.so.3.0.23`
		`+ %{_libdir}/libgdcmMEXD.so.3.0.21`
		`%{_libdir}/libgdcmMSFF.so.3.0`
		`- %{_libdir}/libgdcmMSFF.so.3.0.23`
		`+ %{_libdir}/libgdcmMSFF.so.3.0.21`
		`%{_libdir}/libgdcmjpeg12.so.3.0`
		`- %{_libdir}/libgdcmjpeg12.so.3.0.23`
		`+ %{_libdir}/libgdcmjpeg12.so.3.0.21`
		`%{_libdir}/libgdcmjpeg16.so.3.0`
		`- %{_libdir}/libgdcmjpeg16.so.3.0.23`
		`+ %{_libdir}/libgdcmjpeg16.so.3.0.21`
		`%{_libdir}/libgdcmjpeg8.so.3.0`
		`- %{_libdir}/libgdcmjpeg8.so.3.0.23`
		`+ %{_libdir}/libgdcmjpeg8.so.3.0.21`
		`%{_libdir}/libgdcmmd5.so.3.0`
		`- %{_libdir}/libgdcmmd5.so.3.0.23`
		`+ %{_libdir}/libgdcmmd5.so.3.0.21`
		`%{_libdir}/libsocketxx.so.1.2`
		`%{_libdir}/libsocketxx.so.1.2.0`
		`%{_datadir}/%{name}-3.0/XML/`

sources

file modified

+1 -1

		`@@ -1,2 +1,2 @@`
		`- SHA512 (gdcm-3.0.23.tar.gz) = a1c45434e925ddac293993014686865aecf1b6745013ed6a141b6ee1bdbe7ddef6abcfc2491583e63f33f4292617ee65412da4c41f38731409df9149903a8772`
		`+ SHA512 (gdcm-3.0.21.tar.gz) = 1bdb130e02fa72f57a29484f480a74f981e072db7618a925e6264a08be172954c66db7068d611e21f9d861c006971a04c28f2a37e31ebf10dbc0e5ff9d2950f7`
		`SHA512 (gdcmData.tar.gz) = ddc67a7a0b41b2d6e1e03defb6fb8a06ceeb2e9dd9bb47dfa4f7283d79df7c1e52577b799c00e930719ae6cdda46bded9497a67b8241359f238f5366085ec9ee`