diff --git a/0019-CVE-2024-34509.patch b/0019-CVE-2024-34509.patch new file mode 100644 index 0000000000000000000000000000000000000000..714af28aa240a6c5c0817c5d0aba3bc5ed98b63a --- /dev/null +++ b/0019-CVE-2024-34509.patch @@ -0,0 +1,81 @@ +diff --git a/dcmdata/libsrc/dcelem.cc b/dcmdata/libsrc/dcelem.cc +index b55c6cf..00ed20d 100644 +--- a/dcmdata/libsrc/dcelem.cc ++++ b/dcmdata/libsrc/dcelem.cc +@@ -1,6 +1,6 @@ + /* + * +- * Copyright (C) 1994-2021, OFFIS e.V. ++ * Copyright (C) 1994-2024, OFFIS e.V. + * All rights reserved. See COPYRIGHT file for details. + * + * This software and supporting documentation were developed by +@@ -717,6 +717,13 @@ OFCondition DcmElement::loadValue(DcmInputStream *inStream) + if (isStreamNew) + delete readStream; + } ++ else ++ { ++ errorFlag = EC_InvalidStream; // incomplete dataset read from stream ++ DCMDATA_ERROR("DcmElement: " << getTagName() << " " << getTag() ++ << " larger (" << getLengthField() << ") than remaining bytes (" ++ << getTransferredBytes() << ") in file, premature end of stream"); ++ } + } + /* return result value */ + return errorFlag; +diff --git a/dcmnet/libsrc/dimcmd.cc b/dcmnet/libsrc/dimcmd.cc +index 31dad0c..d8e29b3 100644 +--- a/dcmnet/libsrc/dimcmd.cc ++++ b/dcmnet/libsrc/dimcmd.cc +@@ -1,6 +1,6 @@ + /* + * +- * Copyright (C) 1994-2021, OFFIS e.V. ++ * Copyright (C) 1994-2024, OFFIS e.V. + * All rights reserved. See COPYRIGHT file for details. + * + * This software and supporting documentation were partly developed by +@@ -205,22 +205,25 @@ getString(DcmDataset *obj, DcmTagKey t, char *s, int maxlen, OFBool *spacePadded + return parseErrorWithMsg("dimcmd:getString: string too small", t); + } else { + ec = elem->getString(aString); +- strncpy(s, aString, maxlen); +- if (spacePadded) ++ if (ec.good()) + { +- /* before we remove leading and tailing spaces we want to know +- * whether the string is actually space padded. Required to communicate +- * with dumb peers which send space padded UIDs and fail if they +- * receive correct UIDs back. +- * +- * This test can only detect space padded strings if +- * dcmEnableAutomaticInputDataCorrection is false; otherwise the padding +- * has already been removed by dcmdata at this stage. +- */ +- size_t s_len = strlen(s); +- if ((s_len > 0)&&(s[s_len-1] == ' ')) *spacePadded = OFTrue; else *spacePadded = OFFalse; ++ strncpy(s, aString, maxlen); ++ if (spacePadded) ++ { ++ /* before we remove leading and tailing spaces we want to know ++ * whether the string is actually space padded. Required to communicate ++ * with dumb peers which send space padded UIDs and fail if they ++ * receive correct UIDs back. ++ * ++ * This test can only detect space padded strings if ++ * dcmEnableAutomaticInputDataCorrection is false; otherwise the padding ++ * has already been removed by dcmdata at this stage. ++ */ ++ size_t s_len = strlen(s); ++ if ((s_len > 0)&&(s[s_len-1] == ' ')) *spacePadded = OFTrue; else *spacePadded = OFFalse; ++ } ++ DU_stripLeadingAndTrailingSpaces(s); + } +- DU_stripLeadingAndTrailingSpaces(s); + } + } + return (ec.good())? ec : DIMSE_PARSEFAILED; +-- +2.41.0 + diff --git a/dcmtk.spec b/dcmtk.spec index d643d7ffa0e8044cb2b06a0fd4079a13cc6c9f2d..8159f19cfb9a3351b184fb81bedd4bbf7fd319bf 100644 --- a/dcmtk.spec +++ b/dcmtk.spec @@ -1,4 +1,4 @@ -%global abi_version 17 +%global abi_version 18 %bcond_with charls2 @@ -34,6 +34,7 @@ Patch: 0016-Update-JpegLsEncode-for-CharLS-2.patch Patch: 0017-Increase-sleep-for-tests.patch Patch: 0018-CVE-2022-43272-Fixed-memory-leak-in-single-process-mode.patch +Patch: 0019-CVE-2024-34509.patch BuildRequires: gcc BuildRequires: gcc-c++ @@ -227,5 +228,8 @@ rm -f $RPM_BUILD_ROOT%{_datadir}/%{name}/wlistdb/OFFIS/lockfile %{_libdir}/libofstd.so %changelog +* Mon Jun 9 2025 wh02252983 - 3.6.7-2 +- Fix CVE-2024-34509 + * Fri Jun 16 2023 forrest_ly - 3.6.7-1 - init for anolis 23