From a484efd54d3cb1c6a76d6bc65892c263fc3355d3 Mon Sep 17 00:00:00 2001 From: tangyi19 <2192724699@qq.com> Date: Sun, 13 Aug 2023 13:27:58 +0000 Subject: [PATCH 1/8] update debian/changelog. Signed-off-by: tangyi19 <2192724699@qq.com> --- debian/changelog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index 80bfd2c..b9f8219 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,9 +11,16 @@ ghostscript (9.50~dfsg-ok5) yangtze; urgency=medium - CVE-2020-16294 - CVE-2020-16301 - CVE-2020-16300 + - CVE-2020-16309 -- jiangdingyuan Wed, 02 Aug 2023 10:19:20 +0800 +ghostscript (9.50~dfsg-ok4) yangtze; urgency=medium + + * another-lin CVE-2020-16309 + + -- tangyi <2192724699@qq.com> Sun, 14 Aug 2023 15:32:33 +0800 + ghostscript (9.50~dfsg-ok4) yangtze; urgency=medium * another-lin CVE-2020-16288 安全更新:修复缓冲区错误的漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等. -- Gitee From dbc420df1d6f35b0eee018223b7199b303bc4423 Mon Sep 17 00:00:00 2001 From: tangyi19 <2192724699@qq.com> Date: Sun, 13 Aug 2023 13:31:02 +0000 Subject: [PATCH 2/8] =?UTF-8?q?update=20devices/gdevlxm.c.=20=E4=BF=AE?= =?UTF-8?q?=E5=A4=8DCVE-2020-16309?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: tangyi19 <2192724699@qq.com> --- devices/gdevlxm.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/devices/gdevlxm.c b/devices/gdevlxm.c index f3135dc..6f39d2c 100644 --- a/devices/gdevlxm.c +++ b/devices/gdevlxm.c @@ -245,13 +245,22 @@ quit_ignomiously: /* and a goto into an if statement is pretty ignomious! */ outp = swipeBuf; /* macro, not fcn call. Space penalty is modest, speed helps */ -#define buffer_store(x) if(outp-swipeBuf>=swipeBuf_size) {\ - gs_free(pdev->memory, (char *)swipeBuf, swipeBuf_size, 1, "lxm_print_page(swipeBuf)");\ - swipeBuf_size*=2;\ - swipeBuf = (byte *)gs_malloc(pdev->memory, swipeBuf_size, 1, "lxm_print_page(swipeBuf)");\ - if (swipeBuf == 0) goto quit_ignomiously;\ - break;}\ - else *outp++ = (x) +#define buffer_store(x)\ + {\ + if (outp-swipeBuf>=swipeBuf_size) {\ + size_t outp_offset = outp - swipeBuf;\ + size_t swipeBuf_size_new = swipeBuf_size * 2;\ + byte* swipeBuf_new = gs_malloc(pdev->memory, swipeBuf_size_new, 1, "lxm_print_page(swipeBuf_new)");\ + if (!swipeBuf_new) goto quit_ignomiously;\ + memcpy(swipeBuf_new, swipeBuf, swipeBuf_size);\ + gs_free(pdev->memory, swipeBuf, swipeBuf_size, 1, "lxm_print_page(swipeBuf)");\ + swipeBuf_size = swipeBuf_size_new;\ + swipeBuf = swipeBuf_new;\ + outp = swipeBuf + outp_offset;\ + }\ + *outp++ = (x);\ + } + {/* work out the bytes to store for this swipe*/ -- Gitee From 946bae192d6c2e7402732850bbba6a57571277e3 Mon Sep 17 00:00:00 2001 From: tangyi19 <2192724699@qq.com> Date: Sun, 13 Aug 2023 13:36:05 +0000 Subject: [PATCH 3/8] =?UTF-8?q?update=20debian/changelog.=20=E4=BF=AE?= =?UTF-8?q?=E5=A4=8D=E4=BA=86CVE-2020-16308?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: tangyi19 <2192724699@qq.com> --- debian/changelog | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index b9f8219..ef6f20f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -12,10 +12,17 @@ ghostscript (9.50~dfsg-ok5) yangtze; urgency=medium - CVE-2020-16301 - CVE-2020-16300 - CVE-2020-16309 + - CVE-2020-16308 -- jiangdingyuan Wed, 02 Aug 2023 10:19:20 +0800 -ghostscript (9.50~dfsg-ok4) yangtze; urgency=medium +ghostscript (9.50~dfsg-ok6) yangtze; urgency=medium + + * another-lin CVE-2020-16308 + + -- tangyi <2192724699@qq.com> Sun, 14 Aug 2023 15:32:36 +0800 + +ghostscript (9.50~dfsg-ok5) yangtze; urgency=medium * another-lin CVE-2020-16309 -- Gitee From 24be4affed14f67fec613b3ba87cae86a3611a29 Mon Sep 17 00:00:00 2001 From: tangyi19 <2192724699@qq.com> Date: Sun, 13 Aug 2023 13:38:39 +0000 Subject: [PATCH 4/8] =?UTF-8?q?update=20devices/gdevcdj.c.=20=E4=BF=AE?= =?UTF-8?q?=E5=A4=8D=E4=BA=86CVE-2020-16308?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: tangyi19 <2192724699@qq.com> --- devices/gdevcdj.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/devices/gdevcdj.c b/devices/gdevcdj.c index 8cf4e2e..0a2ad5a 100644 --- a/devices/gdevcdj.c +++ b/devices/gdevcdj.c @@ -1969,7 +1969,9 @@ ep_print_image(gp_file *prn_stream, ep_globals *eg, char cmd, byte *data, int si /* p2 is the head of non zero image. */ p2 = p3; redo: - for (p3 += row_bytes; memcmp(p3, zeros, row_bytes); p3 += row_bytes); + for (p3 += row_bytes; p3 < outp && memcmp(p3, zeros, row_bytes); p3 += row_bytes); + if (p3 < outp && memcmp(p3+row_bytes, zeros, row_bytes)) goto redo; + } else p1 = p2 = outp; if (p3 < outp && memcmp(p3+row_bytes, zeros, row_bytes)) goto redo; } else p1 = p2 = outp; -- Gitee From d6be41a147bd860ab77f76e753733b924a8f794f Mon Sep 17 00:00:00 2001 From: tangyi19 <2192724699@qq.com> Date: Sun, 13 Aug 2023 13:47:12 +0000 Subject: [PATCH 5/8] update debian/changelog. Signed-off-by: tangyi19 <2192724699@qq.com> --- debian/changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index ef6f20f..91c543a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -18,13 +18,13 @@ ghostscript (9.50~dfsg-ok5) yangtze; urgency=medium ghostscript (9.50~dfsg-ok6) yangtze; urgency=medium - * another-lin CVE-2020-16308 + * repair CVE-2020-16308 -- tangyi <2192724699@qq.com> Sun, 14 Aug 2023 15:32:36 +0800 ghostscript (9.50~dfsg-ok5) yangtze; urgency=medium - * another-lin CVE-2020-16309 + * repair CVE-2020-16309 -- tangyi <2192724699@qq.com> Sun, 14 Aug 2023 15:32:33 +0800 -- Gitee From d534afcb39c1c1a62bb599d342e6993295ab4845 Mon Sep 17 00:00:00 2001 From: tangyi19 <2192724699@qq.com> Date: Sun, 13 Aug 2023 13:51:37 +0000 Subject: [PATCH 6/8] update debian/changelog. Signed-off-by: tangyi19 <2192724699@qq.com> --- debian/changelog | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/debian/changelog b/debian/changelog index 91c543a..06862ba 100644 --- a/debian/changelog +++ b/debian/changelog @@ -16,17 +16,17 @@ ghostscript (9.50~dfsg-ok5) yangtze; urgency=medium -- jiangdingyuan Wed, 02 Aug 2023 10:19:20 +0800 -ghostscript (9.50~dfsg-ok6) yangtze; urgency=medium +ghostscript (9.50~dfsg-ok7) yangtze; urgency=medium * repair CVE-2020-16308 - -- tangyi <2192724699@qq.com> Sun, 14 Aug 2023 15:32:36 +0800 + -- dzdtang Sun, 14 Aug 2023 15:32:36 +0800 -ghostscript (9.50~dfsg-ok5) yangtze; urgency=medium +ghostscript (9.50~dfsg-ok6) yangtze; urgency=medium * repair CVE-2020-16309 - -- tangyi <2192724699@qq.com> Sun, 14 Aug 2023 15:32:33 +0800 + -- dzdtang <2192724699@whu.edu.cn> Sun, 14 Aug 2023 15:32:33 +0800 ghostscript (9.50~dfsg-ok4) yangtze; urgency=medium -- Gitee From ccdd68e53b012be3d7066515fc28ef7c22208ff8 Mon Sep 17 00:00:00 2001 From: tangyi19 <2192724699@qq.com> Date: Sun, 13 Aug 2023 13:52:01 +0000 Subject: [PATCH 7/8] update debian/changelog. Signed-off-by: tangyi19 <2192724699@qq.com> --- debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 06862ba..8b1d3d5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -26,7 +26,7 @@ ghostscript (9.50~dfsg-ok6) yangtze; urgency=medium * repair CVE-2020-16309 - -- dzdtang <2192724699@whu.edu.cn> Sun, 14 Aug 2023 15:32:33 +0800 + -- dzdtang Sun, 14 Aug 2023 15:32:33 +0800 ghostscript (9.50~dfsg-ok4) yangtze; urgency=medium -- Gitee From 6c30ae18e35f006769be4c40276356643c18100d Mon Sep 17 00:00:00 2001 From: tangyi19 <2192724699@qq.com> Date: Sun, 13 Aug 2023 13:55:05 +0000 Subject: [PATCH 8/8] update devices/gdevcdj.c. Signed-off-by: tangyi19 <2192724699@qq.com> --- devices/gdevcdj.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/devices/gdevcdj.c b/devices/gdevcdj.c index 0a2ad5a..8cf4e2e 100644 --- a/devices/gdevcdj.c +++ b/devices/gdevcdj.c @@ -1969,9 +1969,7 @@ ep_print_image(gp_file *prn_stream, ep_globals *eg, char cmd, byte *data, int si /* p2 is the head of non zero image. */ p2 = p3; redo: - for (p3 += row_bytes; p3 < outp && memcmp(p3, zeros, row_bytes); p3 += row_bytes); - if (p3 < outp && memcmp(p3+row_bytes, zeros, row_bytes)) goto redo; - } else p1 = p2 = outp; + for (p3 += row_bytes; memcmp(p3, zeros, row_bytes); p3 += row_bytes); if (p3 < outp && memcmp(p3+row_bytes, zeros, row_bytes)) goto redo; } else p1 = p2 = outp; -- Gitee