Added check to make sure: HighBit < BitsAllocated.

Forwarded: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=03e851b0586d05057c3268988e180ffb426b2e03
Bug-Debian: https://bugs.debian.org/1093047
Reviewed-By: Étienne Mollier <emollier@debian.org>
Last-Update: 2025-01-18

Added check to the image preprocessing to make sure that the value of
HighBit is always less than the value of BitsAllocated. Before, this
missing check could lead to memory corruption if an invalid combination
of values was retrieved from a malformed DICOM dataset.

Thanks to Emmanuel Tacheau from the Cisco Talos team
<vulndiscovery@external.cisco.com> for the report, sample file (PoC)
and detailed analysis. See TALOS-2024-2121 and CVE-2024-52333.

Gbp-Pq: Name 0008-CVE-2024-52333.patch

Fixed issue rendering invalid monochrome image.

Forwarded: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=89a6e399f1e17d08a8bc8cdaa05b2ac9a50cd4f6
Bug-Debian: https://bugs.debian.org/1093043
Reviewed-By: Étienne Mollier <emollier@debian.org>
Last-Update: 2025-01-18

Fixed issue when rendering an invalid monochrome DICOM image where the
number of pixels stored does not match the expected number of pixels.
If the stored number is less than the expected number, the rest of the
pixel matrix for the intermediate representation was always filled with
the value 0. Under certain, very rare conditions, this could result in
memory problems reported by an Address Sanitizer (ASAN). Now, the rest
of the matrix is filled with the smallest possible value for the image.

Thanks to Emmanuel Tacheau from the Cisco Talos team
<vulndiscovery@external.cisco.com> for the original report, the sample
file (PoC) and further details. See TALOS-2024-2122 and CVE-2024-47796.

Gbp-Pq: Name 0007-CVE-2024-47796.patch

Remove version

Forwarded: not-needed
Last-Update: 2023-11-06

Gbp-Pq: Name remove_version.patch

Don't add executables to cmake exports

Bug-Debian: https://bugs.debian.org/803304
Forwarded: not-needed

CMake exports are used by other packages that compile
and link against dcmtk. Because Debian moves some of
these executables and also dosn't install the test
executables, this import may fail leading to failure
to configure the according package.
===================================================================

Gbp-Pq: Name 07_dont_export_all_executables.patch

The original maintainer Jürgen Salk applied

Forwarded: not-needed

a set of patches to the original code.  This file contains
changes to C++ code

Gbp-Pq: Name 01_dcmtk_3.6.0-1.patch

d/changelog: ready for upload to unstable.

0011-CVE-2025-25472.patch: new: fix CVE-2025-25472.

d/changelog: unrelease.

d/changelog: ready for upload to unstable.

0010-CVE-2025-25474.patch: new: fix CVE-2025-25474.

Closes: #1098374

0009-CVE-2025-25475.patch: new: fix CVE-2025-25475.

Closes: #1098373

Reinstate 0007-CVE-2024-47796.patch and 0008-CVE-2024-52333.patch.

These were not part of dcmtk 3.6.9 upstream and still apply.

Thanks: Salvatore Bonaccorso

d/changelog: Upload 3.6.9-3 to unstable

d/watch: Properly watch upstream on github

d/doc: Make sure to reference 3.6.9 path

d/patches: Remove old unused patches

d/changelog: Upload 3.6.9-2 to experimental

d/t/run-unit-test: Adapt to new installation

d/changelog: Upload 3.6.9-1 to experimental

Merge branch 'master' into debian/experimental

d/patches: Refresh patches

d/install: Migrate to new SOVERSION

Update upstream source from tag 'upstream/3.6.9'

Update to upstream version '3.6.9'
with Debian dir 6c3bd68558195e7a06972f9cf791344eb75eae8c

New upstream version 3.6.9

d/changelog: ready for upload to unstable.

0008-CVE-2024-52333.patch: new.

This patch addresses CVE-2024-52333.

Closes: #1093047

0007-CVE-2024-47796.patch: new.

This patch addresses CVE-2024-47796.

Closes: #1093043

0004-Fixed-two-segmentation-faults.patch: unfuzz.

0001-Fixed-unchecked-typecasts-of-DcmItem-search-results.patch

Patch refreshed.

d/changelog: Upload 3.6.8-6 to unstable

d/patches: Fixed possible overflows when allocating memory. Closes: #1074483

d/t/run-unit-test: Fix unit-test for new release. Closes: #1075917

d/changelog: Upload 3.6.8-5 to unstable

d/control: Bump Std-Vers to 4.7.0 no changes needed

d/changelog: Upload 3.6.8-4 to experimental

Merge branch 'master' into debian/experimental

Upload for unstable as 3.6.7-15

Update two of the previously applied patches to avoid breaking the ABI. Closes: #1070207.

The updated patches are:

0001-Fixed-unchecked-typecasts-of-DcmItem-search-results.patch
0003-Fixed-wrong-error-handling-previous-commit.patch

Upload for unstable as 3.6.7-14

Apply patches from NMU proposal by Adrian Bunk to address CVE-2024-28130, CVE-2024-34508 and CVE-2024-34509. Closes: #1070207.

drop salsa-ci.yml in favor of the default configuration from pipeline repository

build reproducibly without rpath and set LD_LIBRARY_PATH for running tests

removed embedded build path from DCMTKConfig.cmake

[armhf,armel] No need to drop graphviz from build-depends-indep

Build-Depends-Indep are only used to build the arch:all packages, and currently
all the arch:all autobuilder run on amd64.

routine-update: Ready to upload to unstable

d/control: add explicit dependency on libnsl-dev. Closes: #1066422.

Marked Debian-specific patches as not needing forwarding to upstream.

Acknowledge NMU

Do not build-depend on graphviz on armhf and armel.

The package is currently not installable on those arches due to the ongoing t64
transition.

Co-authored-by: Michael R. Crusoe <crusoe@debian.org>

Upload to unstable

Fix typo in target distribution during upload

Upload to unstable

d/rules: Fix armel buildd

Rename libraries for 64-bit time_t transition.

Closes: #1062022
Signed-off-by: Étienne Mollier <emollier@debian.org>

d/changelog: Upload 3.6.8-3 to experimental

d/rules: Fix armel buildd

d/changelog: Upload 3.6.8-2 to experimental

d/patches: Import bug fix from upstream

d/rules: Fix test suite on x87 hardware

d/changelog: Upload 3.6.8-1 to experimental

d/patches: Refresh patches

New upstream version 3.6.8

Update upstream source from tag 'upstream/3.6.8'

Update to upstream version '3.6.8'
with Debian dir 9197f93b8f3af0afd6f1f4f0edb87e66c45db77f

d/changelog: Upload 3.6.8~git20231027.1549d8c-2 to experimental

d/patches: Fix install path for docs

d/changelog: Upload 3.6.8~git20231027.1549d8c-1 to experimental

d/rules: Start using LTO

d/patches: Remove version from install paths

New upstream version 3.6.8~git20231027.1549d8c

Update upstream source from tag 'upstream/3.6.8_git20231027.1549d8c'

Update to upstream version '3.6.8~git20231027.1549d8c'
with Debian dir fc782cdbeb7763e3df9730ee289589274a82634b

d/changelog: Upload 3.6.8~git20221024.b8950f9-3 to experimental

d/rules: Fix debuild -A (all)

d/patches: Remove obsolete/unused patches

d/changelog: Upload 3.6.8~git20221024.b8950f9-2 to experimental

d/rules: Do not build test suite if not required

d/rules: Remove gnu extensions, only strict c++17

d/control: Reduce number of dependencies for -dev package

Upload to unstable

Fix postrm

d/changelog: Upload 3.6.7-8 to unstable

d/control: Bump Std-Vers to 4.6.2 no changes needed

d/patches: Fix CVE-2022-43272. Closes: #1027165

Upload to unstable

On purge remove /var/lib/dcmtk/db/STORESCP if exists

Add maintscript to remove outdated conffiles

d/changelog: Upload 3.6.8~git20221024.b8950f9-1 to experimental

d/patches: Refresh version for new snapshot

New upstream version 3.6.8~git20221024.b8950f9

Update upstream source from tag 'upstream/3.6.8_git20221024.b8950f9'

Update to upstream version '3.6.8~git20221024.b8950f9'
with Debian dir 9a64612beb1cdfcc4385edb6601fc50340ae3c8e

d/changelog: Upload 3.6.8~git20221013.51be018-3 to experimental

d/doc-base: Fix full path

d/changelog: Upload 3.6.8~git20221013.51be018-2 to experimental

d/control: Add missing dependency on libjs-jquery. Closes: #989108

d/lintian: Make sure to override lintian/ijg check

d/control: Add missing dependency on libjs-jquery. Closes: #989108

d/changelog: Upload 3.6.8~git20221013.51be018-1 to experimental

d/patches: Add fake version mechanism

d/install: Start migrating to new 18 ABI

d/rules: Add dcmtk-data package

New upstream version 3.6.8~git20221013.51be018