commit dcmtk for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package dcmtk for openSUSE:Factory checked 
in at 2025-03-17 22:18:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dcmtk (Old)
 and      /work/SRC/openSUSE:Factory/.dcmtk.new.19136 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "dcmtk"

Mon Mar 17 22:18:25 2025 rev:34 rq:1253699 version:3.6.9

Changes:
--------
--- /work/SRC/openSUSE:Factory/dcmtk/dcmtk.changes      2025-02-20 
16:38:45.797985895 +0100
+++ /work/SRC/openSUSE:Factory/.dcmtk.new.19136/dcmtk.changes   2025-03-17 
22:22:09.893937545 +0100
@@ -1,0 +2,6 @@
+Mon Mar 17 10:31:13 UTC 2025 - Christophe Marin <christo...@krop.fr>
+
+- Add upstream change (CVE-2025-2357, boo#1239679)
+  * CVE-2025-2357.patch
+
+-------------------------------------------------------------------

New:
----
  CVE-2025-2357.patch

BETA DEBUG BEGIN:
  New:- Add upstream change (CVE-2025-2357, boo#1239679)
  * CVE-2025-2357.patch
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ dcmtk.spec ++++++
--- /var/tmp/diff_new_pack.oyRfkH/_old  2025-03-17 22:22:10.465961483 +0100
+++ /var/tmp/diff_new_pack.oyRfkH/_new  2025-03-17 22:22:10.465961483 +0100
@@ -36,6 +36,8 @@
 Patch5:         0001-Fixed-another-issue-with-invalid-DICOM-images.patch
 # CVE-2025-25475
 Patch6:         0001-Fixed-issue-with-invalid-RLE-compressed-DICOM-images.patch
+# CVE-2025-2357
+Patch7:         CVE-2025-2357.patch
 BuildRequires:  cmake
 BuildRequires:  doxygen
 BuildRequires:  fdupes

++++++ CVE-2025-2357.patch ++++++
>From 69a6690db71927e02a6fb6ee655cb449f0431466 Mon Sep 17 00:00:00 2001
From: Marco Eichelberg <eichelb...@offis.de>
Date: Mon, 3 Mar 2025 12:33:18 +0100
Subject: [PATCH] Fixed segfault in JPEG-LS decoder.

Fixed a bug in the JPEG-LS decoder that led to a segmentation fault if invalid
input data was processed, due to insufficient validation of input data.

Thanks to Ding zhengzheng <xiaozheng.ding...@gmail.com> for the report
and the sample file (PoC).

This closes DCMTK issue #1155.
---
 dcmjpls/libcharls/scan.h | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/dcmjpls/libcharls/scan.h b/dcmjpls/libcharls/scan.h
index b4dea20..d6dfa5a 100644
--- a/dcmjpls/libcharls/scan.h
+++ b/dcmjpls/libcharls/scan.h
@@ -629,14 +629,24 @@ void JlsCodec<TRAITS,STRATEGY>::DoLine(SAMPLE*)
        LONG index = 0;
        LONG Rb = _previousLine[index-1];
        LONG Rd = _previousLine[index];
+    LONG RANGE_UPPER = 1 << traits.bpp;
+    LONG RANGE_LOWER = - RANGE_UPPER;
 
        while(index < _width)
-       {       
+       {
                LONG Ra = _currentLine[index -1];
                LONG Rc = Rb;
                Rb = Rd;
                Rd = _previousLine[index + 1];
 
+        // make sure that values are not out of range
+        if (  (Rd - Rb < RANGE_LOWER) || (Rd - Rb > RANGE_UPPER)
+           || (Rb - Rc < RANGE_LOWER) || (Rb - Rc > RANGE_UPPER)
+           || (Rc - Ra < RANGE_LOWER) || (Rc - Ra > RANGE_UPPER))
+        {
+            throw JlsException(InvalidCompressedData);
+        }
+
                LONG Qs = ComputeContextID(QuantizeGratient(Rd - Rb), 
QuantizeGratient(Rb - Rc), QuantizeGratient(Rc - Ra));
 
                if (Qs != 0)
-- 
2.48.1