Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package dcmtk for openSUSE:Factory checked in at 2023-05-12 20:37:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dcmtk (Old) and /work/SRC/openSUSE:Factory/.dcmtk.new.1533 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dcmtk" Fri May 12 20:37:21 2023 rev:25 rq:1086560 version:3.6.7 Changes: -------- --- /work/SRC/openSUSE:Factory/dcmtk/dcmtk.changes 2022-07-26 19:44:02.927287645 +0200 +++ /work/SRC/openSUSE:Factory/.dcmtk.new.1533/dcmtk.changes 2023-05-12 20:40:10.742820904 +0200 @@ -1,0 +2,6 @@ +Thu May 11 14:31:47 UTC 2023 - Christophe Marin <[email protected]> + +- Add upstream change (boo#1206070, CVE-2022-43272): + * dcmtk-CVE-2022-43272.patch + +------------------------------------------------------------------- @@ -4 +10,3 @@ -- Update to 3.6.7. See DOCS/CHANGES.367 for the full list of changes +- Update to 3.6.7 (boo#1208639, boo#1208638, boo#1208637, + CVE-2022-2121, CVE-2022-2120, CVE-2022-2119) + See DOCS/CHANGES.367 for the full list of changes New: ---- dcmtk-CVE-2022-43272.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dcmtk.spec ++++++ --- /var/tmp/diff_new_pack.ZPwphp/_old 2023-05-12 20:40:11.230823585 +0200 +++ /var/tmp/diff_new_pack.ZPwphp/_new 2023-05-12 20:40:11.234823607 +0200 @@ -27,6 +27,8 @@ Source0: ftp://dicom.offis.de/pub/dicom/offis/software/dcmtk/release/%{name}-%{version}.tar.gz # PATCH-FIX-OPENSUSE dcmtk-fix-DCMTKTargets.cmake.patch -- Do not track executables to be able to use dcmtk-devel without dcmtk package Patch0: dcmtk-fix-DCMTKTargets.cmake.patch +# PATCH-FIX-UPSTREAM -- CVE-2022-43272 +Patch1: dcmtk-CVE-2022-43272.patch BuildRequires: cmake BuildRequires: doxygen BuildRequires: fdupes ++++++ dcmtk-CVE-2022-43272.patch ++++++ >From f47271fd3cb82a77c04247d3f4801e8cc591c781 Mon Sep 17 00:00:00 2001 From: Marco Eichelberg <[email protected]> Date: Thu, 9 Jun 2022 10:03:38 +0200 Subject: [PATCH] Fixed memory leak in single process mode. Fixed a memory leak in dcmqrscp's single process mode. Thanks to <[email protected]> for the bug report and test data. --- dcmqrdb/libsrc/dcmqrsrv.cc | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/dcmqrdb/libsrc/dcmqrsrv.cc b/dcmqrdb/libsrc/dcmqrsrv.cc index 157e6c0..f5f9df6 100644 --- a/dcmqrdb/libsrc/dcmqrsrv.cc +++ b/dcmqrdb/libsrc/dcmqrsrv.cc @@ -1,6 +1,6 @@ /* * - * Copyright (C) 1993-2021, OFFIS e.V. + * Copyright (C) 1993-2022, OFFIS e.V. * All rights reserved. See COPYRIGHT file for details. * * This software and supporting documentation were developed by @@ -1126,21 +1126,17 @@ OFCondition DcmQueryRetrieveSCP::waitForAssociation(T_ASC_Network * theNet) #endif } - // cleanup code + // clean-up association OFCondition oldcond = cond; /* store condition flag for later use */ - if (!options_.singleProcess_ && (cond != ASC_SHUTDOWNAPPLICATION)) + cond = ASC_dropAssociation(assoc); + if (cond.bad()) { - /* the child will handle the association, we can drop it */ - cond = ASC_dropAssociation(assoc); - if (cond.bad()) - { - DCMQRDB_ERROR("Cannot Drop Association: " << DimseCondition::dump(temp_str, cond)); - } - cond = ASC_destroyAssociation(&assoc); - if (cond.bad()) - { - DCMQRDB_ERROR("Cannot Destroy Association: " << DimseCondition::dump(temp_str, cond)); - } + DCMQRDB_ERROR("Cannot Drop Association: " << DimseCondition::dump(temp_str, cond)); + } + cond = ASC_destroyAssociation(&assoc); + if (cond.bad()) + { + DCMQRDB_ERROR("Cannot Destroy Association: " << DimseCondition::dump(temp_str, cond)); } if (oldcond == ASC_SHUTDOWNAPPLICATION) cond = oldcond; /* abort flag is reported to top-level wait loop */ -- 2.40.1
