Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package orthanc-authorization for
openSUSE:Factory checked in at 2026-01-26 11:05:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/orthanc-authorization (Old)
and /work/SRC/openSUSE:Factory/.orthanc-authorization.new.1928 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "orthanc-authorization"
Mon Jan 26 11:05:50 2026 rev:9 rq:1329067 version:0.10.3
Changes:
--------
---
/work/SRC/openSUSE:Factory/orthanc-authorization/orthanc-authorization.changes
2025-10-12 22:29:46.599320109 +0200
+++
/work/SRC/openSUSE:Factory/.orthanc-authorization.new.1928/orthanc-authorization.changes
2026-01-26 11:05:55.239027633 +0100
@@ -1,0 +2,8 @@
+Sun Jan 25 11:25:13 UTC 2026 - Axel Braun <[email protected]>
+
+- version 0.10.3
+ * New default permissions for worklists
+ * New default permissions for tools/metrics-prometheus
+ * New default permissions for tools/generate-uid
+
+-------------------------------------------------------------------
Old:
----
OrthancAuthorization-0.10.2.tar.gz
New:
----
OrthancAuthorization-0.10.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ orthanc-authorization.spec ++++++
--- /var/tmp/diff_new_pack.ZaPB9Y/_old 2026-01-26 11:05:56.191067465 +0100
+++ /var/tmp/diff_new_pack.ZaPB9Y/_new 2026-01-26 11:05:56.191067465 +0100
@@ -1,8 +1,8 @@
#
# spec file for package orthanc-authorization
#
-# Copyright (c) 2025 SUSE LLC and contributors
-# Copyright (c) 2025 Dr. Axel Braun <[email protected]>
+# Copyright (c) 2026 SUSE LLC and contributors
+# Copyright (c) 2025-2026 Dr. Axel Braun <[email protected]>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,7 +21,7 @@
Summary: Authorisation plugin for Orthanc
License: GPL-3.0-or-later
Group: Productivity/Graphics/Viewers
-Version: 0.10.2
+Version: 0.10.3
Release: 0
URL: http://orthanc-server.com
Source0:
https://orthanc.uclouvain.be/downloads/sources/%{name}/OrthancAuthorization-%{version}.tar.gz
++++++ OrthancAuthorization-0.10.2.tar.gz -> OrthancAuthorization-0.10.3.tar.gz
++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/OrthancAuthorization-0.10.2/.hg_archival.txt
new/OrthancAuthorization-0.10.3/.hg_archival.txt
--- old/OrthancAuthorization-0.10.2/.hg_archival.txt 2025-10-10
08:46:45.000000000 +0200
+++ new/OrthancAuthorization-0.10.3/.hg_archival.txt 2025-11-20
11:30:19.000000000 +0100
@@ -1,6 +1,6 @@
repo: decac5df19c4aa24efe56534b828a295397c80e4
-node: 092ccae9c2170a9341f03c97cccd728b3816263f
-branch: 0.10.2
+node: 17d187579803fb323ab3e0b53e1a993bbe9af161
+branch: 0.10.3
latesttag: null
-latesttagdistance: 237
-changessincelatesttag: 256
+latesttagdistance: 244
+changessincelatesttag: 265
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/OrthancAuthorization-0.10.2/CMakeLists.txt
new/OrthancAuthorization-0.10.3/CMakeLists.txt
--- old/OrthancAuthorization-0.10.2/CMakeLists.txt 2025-10-10
08:46:45.000000000 +0200
+++ new/OrthancAuthorization-0.10.3/CMakeLists.txt 2025-11-20
11:30:19.000000000 +0100
@@ -21,13 +21,13 @@
project(OrthancAuthorization)
-set(ORTHANC_PLUGIN_VERSION "0.10.2")
+set(ORTHANC_PLUGIN_VERSION "0.10.3")
if (ORTHANC_PLUGIN_VERSION STREQUAL "mainline")
set(ORTHANC_FRAMEWORK_VERSION "mainline")
set(ORTHANC_FRAMEWORK_DEFAULT_SOURCE "hg")
else()
- set(ORTHANC_FRAMEWORK_VERSION "1.12.2")
+ set(ORTHANC_FRAMEWORK_VERSION "1.12.9")
set(ORTHANC_FRAMEWORK_DEFAULT_SOURCE "web")
endif()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/OrthancAuthorization-0.10.2/NEWS
new/OrthancAuthorization-0.10.3/NEWS
--- old/OrthancAuthorization-0.10.2/NEWS 2025-10-10 08:46:45.000000000
+0200
+++ new/OrthancAuthorization-0.10.3/NEWS 2025-11-20 11:30:19.000000000
+0100
@@ -1,7 +1,15 @@
+2025-11-20 - v 0.10.3
+=====================
+
+* New default permissions for worklists
+* New default permissions for tools/metrics-prometheus
+* New default permissions for tools/generate-uid
+
+
2025-10-10 - v 0.10.2
=====================
-* New default permissions to add/delete modalities through the Rest API
+* New default permissions to add/delete modalities through the REST API
https://discourse.orthanc-server.org/t/managing-modalities-using-the-rest-api-and-keycloak/6137
* New standard configuration "stl"
@@ -244,9 +252,9 @@
* new user-permission based authorization model. This is enabled if you
define the new "WebServiceUserProfileUrl" configuration.
* new "orthanc-explorer-2" StandardConfigurations
-* new GET "auth/user/profile" Rest API route to retrieve user permissions
-* new PUT "auth/tokens/{token-type}" Rest API route to create tokens
-* new POST "auth/tokens/decode" Rest API route to decode tokens
+* new GET "auth/user/profile" REST API route to retrieve user permissions
+* new PUT "auth/tokens/{token-type}" REST API route to create tokens
+* new POST "auth/tokens/decode" REST API route to decode tokens
* these 3 new routes required an updated auth-web-service.
* SECURITY FIX: in prior versions, it was possible to browse remote
dicom-web servers without being authenticated. (The API routes
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/OrthancAuthorization-0.10.2/Plugin/DefaultAuthorizationParser.cpp
new/OrthancAuthorization-0.10.3/Plugin/DefaultAuthorizationParser.cpp
--- old/OrthancAuthorization-0.10.2/Plugin/DefaultAuthorizationParser.cpp
2025-10-10 08:46:45.000000000 +0200
+++ new/OrthancAuthorization-0.10.3/Plugin/DefaultAuthorizationParser.cpp
2025-11-20 11:30:19.000000000 +0100
@@ -45,7 +45,7 @@
tmp = tmp.substr(0, tmp.size() - 1);
}
- // note: if you add new DICOMWeb routes here, add them in the
DefaultConfiguration.json too
+ // note: if you add new DICOMweb routes here, add them in the
DefaultConfiguration.json too
dicomWebStudies_ = boost::regex(
"^" + tmp +
"/studies/([.0-9]+)(|/series|/metadata|/instances|/rendered|/thumbnail)(|/)$");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/OrthancAuthorization-0.10.2/Plugin/DefaultConfiguration.json
new/OrthancAuthorization-0.10.3/Plugin/DefaultConfiguration.json
--- old/OrthancAuthorization-0.10.2/Plugin/DefaultConfiguration.json
2025-10-10 08:46:45.000000000 +0200
+++ new/OrthancAuthorization-0.10.3/Plugin/DefaultConfiguration.json
2025-11-20 11:30:19.000000000 +0100
@@ -60,17 +60,21 @@
// The default configuration is suitable for Orthanc-Explorer-2 (see
https://github.com/orthanc-team/orthanc-auth-service)
"Permissions" : [
["post", "^/auth/tokens/decode$", ""],
- ["post", "^/tools/lookup$", ""], // currently used to authorize
downloads in Stone (to map the StudyInstanceUID into an OrthancID. Not ideal
-> we should define a new API that has the resource ID in the path to be able
to check it at resource level) but, on another hand, you do not get any Patient
information from this route
+ ["post", "^/tools/lookup$", ""], // currently used to
authorize downloads in Stone (to map the StudyInstanceUID into an OrthancID.
Not ideal -> we should define a new API that has the resource ID in the path to
be able to check it at resource level) but, on another hand, you do not get any
Patient information from this route
+ ["get", "^/tools/generate-uid(.*)$", ""], // used in OE2 when
generating worklists but there are no sensitive data to retrieve -> allow all
// elemental browsing in OE2
["post", "^/tools/find$", "all|view"],
["post", "^/tools/count-resources$", "all|view"],
["get" , "^/(patients|studies|series|instances)(|/)", "all|view"],
["get" , "^/statistics$", "all|view"],
+ ["get" , "^/tools/metrics-prometheus$", "all|view"],
["get" , "^/changes$", "all|view"],
["get" , "^/system$", "all|view"],
["get" , "^/plugins$", "all|view"],
["get" , "^/plugins/(.*)$", "all|view"],
+ ["get" , "^/worklists$", "all|view|worklists"],
+ ["get" , "^/worklists/(.*)$", "all|view|worklists"],
// single resources patterns (SINGLE_RESOURCE_PATTERNS is an alias
for all single resource patterns defined in
https://orthanc.uclouvain.be/hg/orthanc-authorization/file/tip/Plugin/DefaultAuthorizationParser.cpp)
// (a user must have access to the route + have an authorized
label to access the resource)
@@ -107,7 +111,7 @@
["get" , "^/DICOM_WEB_ROOT/servers$",
"all|send|q-r-remote-modalities"],
["post" , "^/DICOM_WEB_ROOT/(servers)/(.*)/stow$", "all|send"],
- // DICOMWeb QIDO-RS
+ // DICOMweb QIDO-RS
["get" , "^/DICOM_WEB_ROOT/(studies|series|instances)(|/)$",
"all|view"],
// modifications/anonymization
@@ -135,9 +139,14 @@
// audit-logs
["get", "^/auth/audit-logs$", "admin-permissions|audit-logs"],
- // add-delete modalities through the Rest API
+ // add-delete modalities through the REST API
["put", "^/modalities/(.*)$", "admin-permissions"],
- ["delete", "^/modalities/(.*)$", "admin-permissions"]
+ ["delete", "^/modalities/(.*)$", "admin-permissions"],
+
+ // create-edit-delete worklists
+ ["post" , "^/worklists/create$", "all|worklists"],
+ ["put", "^/worklists/(.*)$", "all|worklists"],
+ ["delete" , "^/worklists/(.*)$", "all|worklists"]
]
// If you just need to add a few permissions, while preserving the
default ones,
@@ -146,4 +155,4 @@
// ["post", "^/my-plugin/do-something$", "all|upload"]
// ]
}
-}
\ No newline at end of file
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/OrthancAuthorization-0.10.2/Resources/Orthanc/Plugins/OrthancPluginCppWrapper.cpp
new/OrthancAuthorization-0.10.3/Resources/Orthanc/Plugins/OrthancPluginCppWrapper.cpp
---
old/OrthancAuthorization-0.10.2/Resources/Orthanc/Plugins/OrthancPluginCppWrapper.cpp
2025-10-10 08:46:45.000000000 +0200
+++
new/OrthancAuthorization-0.10.3/Resources/Orthanc/Plugins/OrthancPluginCppWrapper.cpp
2025-11-20 11:30:19.000000000 +0100
@@ -351,6 +351,34 @@
}
}
+ static void DecodeHttpHeaders(HttpHeaders& target,
+ const MemoryBuffer& source)
+ {
+ Json::Value v;
+ source.ToJson(v);
+
+ if (v.type() != Json::objectValue)
+ {
+ ORTHANC_PLUGINS_THROW_EXCEPTION(InternalError);
+ }
+
+ Json::Value::Members members = v.getMemberNames();
+ target.clear();
+
+ for (size_t i = 0; i < members.size(); i++)
+ {
+ const Json::Value& h = v[members[i]];
+ if (h.type() != Json::stringValue)
+ {
+ ORTHANC_PLUGINS_THROW_EXCEPTION(InternalError);
+ }
+ else
+ {
+ target[members[i]] = h.asString();
+ }
+ }
+ }
+
// helper class to convert std::map of headers to the plugin SDK C structure
class PluginHttpHeaders
{
@@ -2084,8 +2112,30 @@
unsigned int timeout) const
{
MemoryBuffer buffer;
+ HttpHeaders answerHeaders;
- if (DoPost(buffer, index, uri, body, headers, timeout))
+ if (DoPost(buffer, answerHeaders, index, uri, body, headers, timeout))
+ {
+ buffer.ToJson(target);
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ bool OrthancPeers::DoPost(Json::Value& target,
+ HttpHeaders& answerHeaders,
+ size_t index,
+ const std::string& uri,
+ const std::string& body,
+ const HttpHeaders& headers,
+ unsigned int timeout) const
+ {
+ MemoryBuffer buffer;
+
+ if (DoPost(buffer, answerHeaders, index, uri, body, headers, timeout))
{
buffer.ToJson(target);
return true;
@@ -2143,11 +2193,23 @@
const std::string& body,
const HttpHeaders& headers) const
{
- return DoPost(target, index, uri, body, headers, timeout_);
+ HttpHeaders answerHeaders;
+ return DoPost(target, answerHeaders, index, uri, body, headers, timeout_);
}
+ bool OrthancPeers::DoPost(MemoryBuffer& target,
+ size_t index,
+ const std::string& uri,
+ const std::string& body,
+ const HttpHeaders& headers,
+ unsigned int timeout) const
+ {
+ HttpHeaders answerHeaders;
+ return DoPost(target, answerHeaders, index, uri, body, headers, timeout);
+ }
bool OrthancPeers::DoPost(MemoryBuffer& target,
+ HttpHeaders& answerHeaders,
size_t index,
const std::string& uri,
const std::string& body,
@@ -2166,17 +2228,20 @@
}
OrthancPlugins::MemoryBuffer answer;
+ OrthancPlugins::MemoryBuffer answerHeadersBuffer;
uint16_t status;
PluginHttpHeaders pluginHeaders(headers);
OrthancPluginErrorCode code = OrthancPluginCallPeerApi
- (GetGlobalContext(), *answer, NULL, &status, peers_,
+ (GetGlobalContext(), *answer, *answerHeadersBuffer, &status, peers_,
static_cast<uint32_t>(index), OrthancPluginHttpMethod_Post, uri.c_str(),
pluginHeaders.GetSize(), pluginHeaders.GetKeys(),
pluginHeaders.GetValues(), body.empty() ? NULL : body.c_str(), body.size(),
timeout);
if (code == OrthancPluginErrorCode_Success)
{
target.Swap(answer);
+ DecodeHttpHeaders(answerHeaders, answerHeadersBuffer);
+
return (status == 200);
}
else
@@ -3223,36 +3288,6 @@
}
#endif
-
- static void DecodeHttpHeaders(HttpHeaders& target,
- const MemoryBuffer& source)
- {
- Json::Value v;
- source.ToJson(v);
-
- if (v.type() != Json::objectValue)
- {
- ORTHANC_PLUGINS_THROW_EXCEPTION(InternalError);
- }
-
- Json::Value::Members members = v.getMemberNames();
- target.clear();
-
- for (size_t i = 0; i < members.size(); i++)
- {
- const Json::Value& h = v[members[i]];
- if (h.type() != Json::stringValue)
- {
- ORTHANC_PLUGINS_THROW_EXCEPTION(InternalError);
- }
- else
- {
- target[members[i]] = h.asString();
- }
- }
- }
-
-
void HttpClient::ExecuteWithoutStream(uint16_t& httpStatus,
HttpHeaders& answerHeaders,
std::string& answerBody,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/OrthancAuthorization-0.10.2/Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h
new/OrthancAuthorization-0.10.3/Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h
---
old/OrthancAuthorization-0.10.2/Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h
2025-10-10 08:46:45.000000000 +0200
+++
new/OrthancAuthorization-0.10.3/Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h
2025-11-20 11:30:19.000000000 +0100
@@ -879,6 +879,14 @@
unsigned int timeout) const;
bool DoPost(MemoryBuffer& target,
+ HttpHeaders& answerHeaders,
+ size_t index,
+ const std::string& uri,
+ const std::string& body,
+ const HttpHeaders& headers,
+ unsigned int timeout) const;
+
+ bool DoPost(MemoryBuffer& target,
const std::string& name,
const std::string& uri,
const std::string& body,
@@ -894,6 +902,14 @@
size_t index,
const std::string& uri,
const std::string& body,
+ const HttpHeaders& headers,
+ unsigned int timeout) const;
+
+ bool DoPost(Json::Value& target,
+ HttpHeaders& answerHeaders,
+ size_t index,
+ const std::string& uri,
+ const std::string& body,
const HttpHeaders& headers,
unsigned int timeout) const;
