diff --git a/debian/changelog b/debian/changelog index 0cb6a0bbb1a61cf6c25b4bfae98b72ad8a4bcd76..8525a9e23010ee61a61e73e3c87af64aff45765a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,43 @@ +ghostscript (9.50~dfsg-ok6) yangtze; urgency=medium + + * Update package info. + + -- zhouganqing Mon, 04 Sep 2023 17:05:57 +0800 + +ghostscript (9.50~dfsg-ok5) yangtze; urgency=medium + + * CVE问题修复: + - CVE-2023-28879 + - CVE-2020-16289 + - CVE-2023-36664 + - CVE-2020-16295 + - CVE-2020-16292 + - CVE-2020-16293 + - CVE-2020-16296 + - CVE-2020-16294 + - CVE-2020-16301 + - CVE-2020-16300 + + -- jiangdingyuan Wed, 02 Aug 2023 10:19:20 +0800 + +ghostscript (9.50~dfsg-ok4) yangtze; urgency=medium + + * another-lin CVE-2020-16288 安全更新:修复缓冲区错误的漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等. + + -- zhonglinliang Fri, 24 Mar 2023 15:32:33 +0800 + +ghostscript (9.50~dfsg-ok3) yangtze; urgency=medium + + * uivnsd CVE-2020-16287 安全更新:Artifex Software Ghostscript存在缓冲区错误漏洞. + + -- heguanli Wed, 15 Mar 2023 21:56:17 +0800 + +ghostscript (9.50~dfsg-ok2) yangtze; urgency=medium + + * TaciturnZ CVE-2020-15900 安全更新:Artifex Software Ghostscript 9.50版本和9.52版本中存在数字错误漏洞。攻击者可利用该漏洞关闭沙盒保护. + + -- wengz Tue, 14 Mar 2023 15:42:43 +0800 + ghostscript (9.50~dfsg-ok1) yangtze; urgency=medium * Build for openKylin. diff --git a/debian/control b/debian/control index 1b02c451cc2aa67c8658777f77c576770f1e4a43..8cf3a23cc57edb593ad772d408f87d2f25668e17 100644 --- a/debian/control +++ b/debian/control @@ -1,7 +1,7 @@ Source: ghostscript Section: text Priority: optional -Maintainer: Debian Printing Team +Maintainer: openKylin Developers Build-Depends: cdbs, debhelper, @@ -37,8 +37,8 @@ Uploaders: Michael Gilbert , Bastien ROUCARIÈS , Homepage: https://www.ghostscript.com/ -Vcs-Git: https://salsa.debian.org/printing-team/ghostscript.git -Vcs-Browser: https://salsa.debian.org/printing-team/ghostscript +Vcs-Git: https://gitee.com/openkylin/ghostscript.git +Vcs-Browser: https://gitee.com/openkylin/ghostscript Rules-Requires-Root: no Package: ghostscript diff --git a/debian/patches/0017-changelog.patch b/debian/patches/0017-changelog.patch new file mode 100644 index 0000000000000000000000000000000000000000..6acc3100dd27319ef4498cb3726a6b4b0377f9ad --- /dev/null +++ b/debian/patches/0017-changelog.patch @@ -0,0 +1,37 @@ +From: wengz +Date: Tue, 14 Mar 2023 15:44:02 +0800 +Subject: =?utf-8?b?Y2hhbmdlbG9n5L+u5pS5?= + +--- + psi/zstring.c | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +diff --git a/psi/zstring.c b/psi/zstring.c +index fac72fa..82bdc83 100644 +--- a/psi/zstring.c ++++ b/psi/zstring.c +@@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forward) + return 0; + found: + op->tas.type_attrs = op1->tas.type_attrs; +- op->value.bytes = ptr; +- r_set_size(op, size); ++ op->value.bytes = ptr; /* match */ ++ op->tas.rsize = size; /* match */ + push(2); +- op[-1] = *op1; +- r_set_size(op - 1, ptr - op[-1].value.bytes); +- op1->value.bytes = ptr + size; +- r_set_size(op1, count + (!forward ? (size - 1) : 0)); ++ op[-1] = *op1; /* pre */ ++ op[-3].value.bytes = ptr + size; /* post */ ++ if (forward) { ++ op[-1].tas.rsize = ptr - op[-1].value.bytes; /* pre */ ++ op[-3].tas.rsize = count; /* post */ ++ } else { ++ op[-1].tas.rsize = count; /* pre */ ++ op[-3].tas.rsize -= count + size; /* post */ ++ } + make_true(op); + return 0; + } diff --git a/debian/patches/0018-CVE-2020-16287-Artifex-Software-Ghostscript.patch b/debian/patches/0018-CVE-2020-16287-Artifex-Software-Ghostscript.patch new file mode 100644 index 0000000000000000000000000000000000000000..8e4edd5e212e5b976a4f9ea85df07cf4a1d0ea6c --- /dev/null +++ b/debian/patches/0018-CVE-2020-16287-Artifex-Software-Ghostscript.patch @@ -0,0 +1,31 @@ +From: uivnsd +Date: Wed, 15 Mar 2023 21:57:54 +0800 +Subject: =?utf-8?b?Q1ZFLTIwMjAtMTYyODcg5a6J5YWo5pu05paw77yaQXJ0aWZleCBTb2Z0?= + =?utf-8?b?d2FyZSBHaG9zdHNjcmlwdCDlrZjlnKjnvJPlhrLljLrplJnor6/mvI/mtJ4u?= + +--- + contrib/lips4/gdevlprn.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/contrib/lips4/gdevlprn.c b/contrib/lips4/gdevlprn.c +index df8f862..7461e46 100644 +--- a/contrib/lips4/gdevlprn.c ++++ b/contrib/lips4/gdevlprn.c +@@ -334,9 +334,16 @@ lprn_is_black(gx_device_printer * pdev, int r, int h, int bx) + y0 = (r + h - bh) % maxY; + for (y = 0; y < bh; y++) { + p = &lprn->ImageBuf[(y0 + y) * bpl + bx * lprn->nBw]; +- for (x = 0; x < lprn->nBw; x++) ++ for (x = 0; x < lprn->nBw; x++) { ++ /* bpl isn't necessarily a multiple of lprn->nBw, so ++ we need to explicitly stop after the last byte in this ++ line to avoid accessing either the next line's data or ++ going off the end of our buffer completely. This avoids ++ https://bugs.ghostscript.com/show_bug.cgi?id=701785. */ ++ if (bx * lprn->nBw + x >= bpl) break; + if (p[x] != 0) + return 1; ++ } + } + return 0; + } diff --git a/debian/patches/0019-CVE-2020-16288.patch b/debian/patches/0019-CVE-2020-16288.patch new file mode 100644 index 0000000000000000000000000000000000000000..233387b27314109096d615f5cb585a7500dc5eb3 --- /dev/null +++ b/debian/patches/0019-CVE-2020-16288.patch @@ -0,0 +1,26 @@ +From: Hayaii <937416020@qq.com> +Date: Fri, 24 Mar 2023 15:47:47 +0800 +Subject: =?utf-8?b?Q1ZFLTIwMjAtMTYyODgg5a6J5YWo5pu05paw77ya5L+u5aSN57yT5Yay?= + =?utf-8?b?5Yy66ZSZ6K+v55qE5ryP5rSe44CC6K+l5ryP5rSe5rqQ5LqO572R57uc57O757uf?= + =?utf-8?b?5oiW5Lqn5ZOB5Zyo5YaF5a2Y5LiK5omn6KGM5pON5L2c5pe277yM5pyq5q2j56Gu?= + =?utf-8?b?6aqM6K+B5pWw5o2u6L6555WM77yM5a+86Ie05ZCR5YWz6IGU55qE5YW25LuW5YaF?= + =?utf-8?b?5a2Y5L2N572u5LiK5omn6KGM5LqG6ZSZ6K+v55qE6K+75YaZ5pON5L2c44CC5pS7?= + =?utf-8?b?5Ye76ICF5Y+v5Yip55So6K+l5ryP5rSe5a+86Ie057yT5Yay5Yy65rqi5Ye65oiW?= + =?utf-8?b?5aCG5rqi5Ye6562JLg==?= + +--- + devices/gdevpjet.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/devices/gdevpjet.c b/devices/gdevpjet.c +index 4b47419..935b974 100644 +--- a/devices/gdevpjet.c ++++ b/devices/gdevpjet.c +@@ -117,6 +117,7 @@ pj_common_print_page(gx_device_printer *pdev, gp_file *prn_stream, int y_origin, + "paintjet_print_page(plane_data)"); + return_error(gs_error_VMerror); + } ++ memset(data, 0x00, DATA_SIZE); + + /* set raster graphics resolution -- 90 or 180 dpi */ + gp_fprintf(prn_stream, "\033*t%dR", X_DPI); diff --git a/debian/patches/0020-build-debian-9.50-dfsg-ok5.patch b/debian/patches/0020-build-debian-9.50-dfsg-ok5.patch new file mode 100644 index 0000000000000000000000000000000000000000..46a48350a2da222a59b3fbee9eb136e72e13dfa8 --- /dev/null +++ b/debian/patches/0020-build-debian-9.50-dfsg-ok5.patch @@ -0,0 +1,512 @@ +From: jiangdingyuan +Date: Wed, 2 Aug 2023 10:21:05 +0800 +Subject: build(debian): 9.50~dfsg-ok5 + +--- + base/gpmisc.c | 119 ++++++++++++++++++++++++++++++++------------- + base/gslibctx.c | 56 +++++++++++++++------ + base/gxblend.c | 4 +- + base/sbcp.c | 8 +++ + contrib/japanese/gdevmjc.c | 2 +- + contrib/lips4/gdevlips.c | 4 +- + devices/gdevcif.c | 4 +- + devices/gdevclj.c | 2 +- + devices/gdevepsc.c | 54 ++++++++++++++------ + devices/gdevokii.c | 47 ++++++++++++------ + devices/gdevtfnx.c | 8 ++- + 11 files changed, 222 insertions(+), 86 deletions(-) + +diff --git a/base/gpmisc.c b/base/gpmisc.c +index 9cca5d5..6cca88e 100644 +--- a/base/gpmisc.c ++++ b/base/gpmisc.c +@@ -435,7 +435,7 @@ generic_pwrite(gp_file *f, size_t count, gs_offset_t offset, const void *buf) + + gp_file *gp_file_alloc(gs_memory_t *mem, const gp_file_ops_t *prototype, size_t size, const char *cname) + { +- gp_file *file = (gp_file *)gs_alloc_bytes(mem->non_gc_memory, size, cname ? cname : "gp_file"); ++ gp_file *file = (gp_file *)gs_alloc_bytes(mem->thread_safe_memory, size, cname ? cname : "gp_file"); + if (file == NULL) + return NULL; + +@@ -449,7 +449,7 @@ gp_file *gp_file_alloc(gs_memory_t *mem, const gp_file_ops_t *prototype, size_t + memset(((char *)file)+sizeof(*prototype), + 0, + size - sizeof(*prototype)); +- file->memory = mem->non_gc_memory; ++ file->memory = mem->thread_safe_memory; + + return file; + } +@@ -1008,48 +1008,101 @@ gp_validate_path_len(const gs_memory_t *mem, + const uint len, + const char *mode) + { +- char *buffer; ++ char *buffer, *bufferfull; + uint rlen; + int code = 0; ++ const char *cdirstr = gp_file_name_current(); ++ int cdirstrl = strlen(cdirstr); ++ const char *dirsepstr = gp_file_name_separator(); ++ int dirsepstrl = strlen(dirsepstr); ++ int prefix_len = cdirstrl + dirsepstrl; + + /* mem->gs_lib_ctx can be NULL when we're called from mkromfs */ + if (mem->gs_lib_ctx == NULL || + mem->gs_lib_ctx->core->path_control_active == 0) + return 0; + +- rlen = len+1; +- buffer = (char *)gs_alloc_bytes(mem->non_gc_memory, rlen, "gp_validate_path"); +- if (buffer == NULL) +- return gs_error_VMerror; +- +- if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) +- return gs_error_invalidfileaccess; +- buffer[rlen] = 0; ++ /* For current directory accesses, we need handle both a "bare" name, ++ * and one with a cwd prefix (in Unix terms, both "myfile.ps" and ++ * "./myfile.ps". ++ * ++ * So we check up front if it's absolute, then just use that. ++ * If it includes cwd prefix, we try that, then remove the prefix ++ * and try again. ++ * If it doesn't include the cwd prefix, we try it, then add the ++ * prefix and try again. ++ * To facilitate that, we allocate a large enough buffer to take ++ * the path *and* the prefix up front. ++ */ ++ if (gp_file_name_is_absolute(path, len)) { ++ /* Absolute path, we don't need anything extra */ ++ prefix_len = cdirstrl = dirsepstrl = 0; ++ } ++ else if (len > prefix_len && !memcmp(path, cdirstr, cdirstrl) ++ && !memcmp(path + cdirstrl, dirsepstr, dirsepstrl)) { ++ prefix_len = 0; ++ } + +- switch (mode[0]) +- { +- case 'r': /* Read */ +- code = validate(mem, buffer, gs_permit_file_reading); +- break; +- case 'w': /* Write */ +- code = validate(mem, buffer, gs_permit_file_writing); +- break; +- case 'a': /* Append needs reading and writing */ +- code = (validate(mem, buffer, gs_permit_file_reading) | +- validate(mem, buffer, gs_permit_file_writing)); +- break; +- case 'c': /* "Control" */ +- code = validate(mem, buffer, gs_permit_file_control); +- break; +- case 't': /* "Rename to" */ +- code = (validate(mem, buffer, gs_permit_file_writing) | +- validate(mem, buffer, gs_permit_file_control)); ++ /* "%pipe%" do not follow the normal rules for path definitions, so we ++ don't "reduce" them to avoid unexpected results ++ */ ++ if (path[0] == '|' || (len > 5 && memcmp(path, "%pipe", 5) == 0)) { ++ bufferfull = buffer = (char *)gs_alloc_bytes(mem->thread_safe_memory, len + 1, "gp_validate_path"); ++ if (buffer == NULL) ++ return gs_error_VMerror; ++ memcpy(buffer, path, len); ++ buffer[len] = 0; ++ rlen = len; ++ } ++ else { ++ rlen = len+1; ++ bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen + prefix_len, "gp_validate_path"); ++ if (bufferfull == NULL) ++ return gs_error_VMerror; ++ ++ buffer = bufferfull + prefix_len; ++ if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) ++ return gs_error_invalidfileaccess; ++ buffer[rlen] = 0; ++ } ++ while (1) { ++ switch (mode[0]) ++ { ++ case 'r': /* Read */ ++ code = validate(mem, buffer, gs_permit_file_reading); ++ break; ++ case 'w': /* Write */ ++ code = validate(mem, buffer, gs_permit_file_writing); ++ break; ++ case 'a': /* Append needs reading and writing */ ++ code = (validate(mem, buffer, gs_permit_file_reading) | ++ validate(mem, buffer, gs_permit_file_writing)); ++ break; ++ case 'c': /* "Control" */ ++ code = validate(mem, buffer, gs_permit_file_control); ++ break; ++ case 't': /* "Rename to" */ ++ code = (validate(mem, buffer, gs_permit_file_writing) | ++ validate(mem, buffer, gs_permit_file_control)); ++ break; ++ default: ++ errprintf(mem, "gp_validate_path: Unknown mode='%s'\n", mode); ++ code = gs_note_error(gs_error_invalidfileaccess); ++ } ++ if (code < 0 && prefix_len > 0 && buffer > bufferfull) { ++ buffer = bufferfull; ++ memcpy(buffer, cdirstr, cdirstrl); ++ memcpy(buffer + cdirstrl, dirsepstr, dirsepstrl); ++ continue; ++ } ++ else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull) { ++ buffer = bufferfull + cdirstrl + dirsepstrl; ++ continue; ++ } + break; +- default: +- errprintf(mem, "gp_validate_path: Unknown mode='%s'\n", mode); +- code = gs_note_error(gs_error_invalidfileaccess); + } +- gs_free_object(mem->non_gc_memory, buffer, "gp_validate_path"); ++ ++ gs_free_object(mem->thread_safe_memory, bufferfull, "gp_validate_path"); + #ifdef EACCES + if (code == gs_error_invalidfileaccess) + errno = EACCES; +diff --git a/base/gslibctx.c b/base/gslibctx.c +index 64e214d..fe6c598 100644 +--- a/base/gslibctx.c ++++ b/base/gslibctx.c +@@ -771,14 +771,28 @@ gs_add_control_path_len(const gs_memory_t *mem, gs_path_control_t type, const ch + return gs_error_rangecheck; + } + +- rlen = len+1; +- buffer = (char *)gs_alloc_bytes(core->memory, rlen, "gp_validate_path"); +- if (buffer == NULL) +- return gs_error_VMerror; ++ /* "%pipe%" do not follow the normal rules for path definitions, so we ++ don't "reduce" them to avoid unexpected results ++ */ ++ if (path[0] == '|' || (len > 5 && memcmp(path, "%pipe", 5) == 0)) { ++ buffer = (char *)gs_alloc_bytes(core->memory, len + 1, "gs_add_control_path_len"); ++ if (buffer == NULL) ++ return gs_error_VMerror; ++ memcpy(buffer, path, len); ++ buffer[len] = 0; ++ rlen = len; ++ } ++ else { ++ rlen = len + 1; + +- if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) +- return gs_error_invalidfileaccess; +- buffer[rlen] = 0; ++ buffer = (char *)gs_alloc_bytes(core->memory, rlen, "gs_add_control_path_len"); ++ if (buffer == NULL) ++ return gs_error_VMerror; ++ ++ if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) ++ return gs_error_invalidfileaccess; ++ buffer[rlen] = 0; ++ } + + n = control->num; + for (i = 0; i < n; i++) +@@ -854,14 +868,28 @@ gs_remove_control_path_len(const gs_memory_t *mem, gs_path_control_t type, const + return gs_error_rangecheck; + } + +- rlen = len+1; +- buffer = (char *)gs_alloc_bytes(core->memory, rlen, "gp_validate_path"); +- if (buffer == NULL) +- return gs_error_VMerror; ++ /* "%pipe%" do not follow the normal rules for path definitions, so we ++ don't "reduce" them to avoid unexpected results ++ */ ++ if (path[0] == '|' || (len > 5 && memcmp(path, "%pipe", 5) == 0)) { ++ buffer = (char *)gs_alloc_bytes(core->memory, len + 1, "gs_remove_control_path_len"); ++ if (buffer == NULL) ++ return gs_error_VMerror; ++ memcpy(buffer, path, len); ++ buffer[len] = 0; ++ rlen = len; ++ } ++ else { ++ rlen = len+1; + +- if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) +- return gs_error_invalidfileaccess; +- buffer[rlen] = 0; ++ buffer = (char *)gs_alloc_bytes(core->memory, rlen, "gs_remove_control_path_len"); ++ if (buffer == NULL) ++ return gs_error_VMerror; ++ ++ if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) ++ return gs_error_invalidfileaccess; ++ buffer[rlen] = 0; ++ } + + n = control->num; + for (i = 0; i < n; i++) { +diff --git a/base/gxblend.c b/base/gxblend.c +index 59d0dea..c07b2fb 100644 +--- a/base/gxblend.c ++++ b/base/gxblend.c +@@ -3476,7 +3476,7 @@ do_compose_group(pdf14_buf *tos, pdf14_buf *nos, pdf14_buf *maskbuf, + overprint == 0) { + /* Additive vs Subtractive makes no difference in normal blend mode with no spots */ + if (tos_isolated) { +- if (has_mask || maskbuf) {/* 7% */ ++ if (has_mask && maskbuf) {/* 7% */ + /* AirPrint test case hits this */ + if (maskbuf && maskbuf->rect.p.x <= x0 && maskbuf->rect.p.y <= y0 && + maskbuf->rect.q.x >= x1 && maskbuf->rect.q.y >= y1) { +@@ -4246,7 +4246,7 @@ do_compose_group16(pdf14_buf *tos, pdf14_buf *nos, pdf14_buf *maskbuf, + overprint == 0) { + /* Additive vs Subtractive makes no difference in normal blend mode with no spots */ + if (tos_isolated) { +- if (has_mask || maskbuf) {/* 7% */ ++ if (has_mask && maskbuf) {/* 7% */ + /* AirPrint test case hits this */ + if (maskbuf && maskbuf->rect.p.x <= x0 && maskbuf->rect.p.y <= y0 && + maskbuf->rect.q.x >= x1 && maskbuf->rect.q.y >= y1) +diff --git a/base/sbcp.c b/base/sbcp.c +index 6b0383c..3b8970f 100644 +--- a/base/sbcp.c ++++ b/base/sbcp.c +@@ -50,6 +50,14 @@ s_xBCPE_process(stream_state * st, stream_cursor_read * pr, + byte ch = *++p; + + if (ch <= 31 && escaped[ch]) { ++ /* Make sure we have space to store two characters in the write buffer, ++ * if we don't then exit without consuming the input character, we'll process ++ * that on the next time round. ++ */ ++ if (pw->limit - q < 2) { ++ p--; ++ break; ++ } + if (p == rlimit) { + p--; + break; +diff --git a/contrib/japanese/gdevmjc.c b/contrib/japanese/gdevmjc.c +index 85fa6a8..f7f6a13 100644 +--- a/contrib/japanese/gdevmjc.c ++++ b/contrib/japanese/gdevmjc.c +@@ -667,7 +667,7 @@ mj_raster_cmd(int c_id, int in_size, byte* in, byte* buf2, + ** walk forward, looking for matches: + */ + +- for( q++ ; *q == *p && q < in_end ; q++ ) { ++ for( q++ ; q < in_end && *q == *p ; q++ ) { + if( (q-p) >= 128 ) { + if( p > inp ) { + count = p - inp; +diff --git a/contrib/lips4/gdevlips.c b/contrib/lips4/gdevlips.c +index 11aa832..6dd0704 100644 +--- a/contrib/lips4/gdevlips.c ++++ b/contrib/lips4/gdevlips.c +@@ -145,7 +145,7 @@ GetNumSameData(const byte * curPtr, const int maxnum) + if (1 == maxnum) { + return (1); + } +- while (*curPtr == *(curPtr + count) && maxnum > count) { ++ while (maxnum > count && *curPtr == *(curPtr + count)) { + count++; + } + +@@ -160,7 +160,7 @@ GetNumWrongData(const byte * curPtr, const int maxnum) + if (1 == maxnum) { + return (1); + } +- while (*(curPtr + count) != *(curPtr + count + 1) && maxnum > count) { ++ while (maxnum > count+1 && *(curPtr + count) != *(curPtr + count + 1)) { + count++; + } + +diff --git a/devices/gdevcif.c b/devices/gdevcif.c +index f67aaf2..bd9649a 100644 +--- a/devices/gdevcif.c ++++ b/devices/gdevcif.c +@@ -58,12 +58,12 @@ cif_print_page(gx_device_printer *pdev, gp_file *prn_stream) + length = strlen(pdev->fname) + 1; + else + length = s - pdev->fname; +- s = (char *)gs_malloc(pdev->memory, length, sizeof(char), "cif_print_page(s)"); ++ s = (char *)gs_malloc(pdev->memory, length+1, sizeof(char), "cif_print_page(s)"); + + strncpy(s, pdev->fname, length); + *(s + length) = '\0'; + gp_fprintf(prn_stream, "DS1 25 1;\n9 %s;\nLCP;\n", s); +- gs_free(pdev->memory, s, length, 1, "cif_print_page(s)"); ++ gs_free(pdev->memory, s, length+1, 1, "cif_print_page(s)"); + + for (lnum = 0; lnum < pdev->height; lnum++) { + gdev_prn_copy_scan_lines(pdev, lnum, in, line_size); +diff --git a/devices/gdevclj.c b/devices/gdevclj.c +index d5b4668..a293ec4 100644 +--- a/devices/gdevclj.c ++++ b/devices/gdevclj.c +@@ -254,7 +254,7 @@ clj_media_size(float mediasize[2], gs_param_list *plist) + gs_param_int_array hwsize; + int have_pagesize = 0; + +- if ( (param_read_float_array(plist, "HWResolution", &fres) == 0) && ++ if ( param_read_float_array(plist, "HWResolution", &fres) != 0 || + !is_supported_resolution(fres.data) ) + return_error(gs_error_rangecheck); + +diff --git a/devices/gdevepsc.c b/devices/gdevepsc.c +index 192128a..282a1e4 100644 +--- a/devices/gdevepsc.c ++++ b/devices/gdevepsc.c +@@ -174,27 +174,51 @@ epsc_print_page(gx_device_printer * pdev, gp_file * prn_stream) + int y_mult = (y_24pin ? 3 : 1); + int line_size = (pdev->width + 7) >> 3; /* always mono */ + int in_size = line_size * (8 * y_mult); +- byte *in = +- (byte *) gs_malloc(pdev->memory, in_size + 1, 1, +- "epsc_print_page(in)"); + int out_size = ((pdev->width + 7) & -8) * y_mult; +- byte *out = +- (byte *) gs_malloc(pdev->memory, out_size + 1, 1, +- "epsc_print_page(out)"); ++ byte *in; ++ byte *out; + int x_dpi = (int)pdev->x_pixels_per_inch; +- char start_graphics = (char) +- ((y_24pin ? graphics_modes_24 : graphics_modes_9)[x_dpi / 60]); +- int first_pass = (start_graphics & DD ? 1 : 0); +- int last_pass = first_pass * 2; +- int dots_per_space = x_dpi / 10; /* pica space = 1/10" */ +- int bytes_per_space = dots_per_space * y_mult; ++ ++ char start_graphics; ++ int first_pass; ++ int last_pass; ++ int dots_per_space; ++ int bytes_per_space; + int skip = 0, lnum = 0, pass; + +-/* declare color buffer and related vars */ + byte *color_in; + int color_line_size, color_in_size; +- int spare_bits = (pdev->width % 8); /* left over bits to go to margin */ +- int whole_bits = pdev->width - spare_bits; ++ int spare_bits; ++ int whole_bits; ++ ++ int max_dpi = 60 * ( ++ (y_24pin) ? ++ sizeof(graphics_modes_24) / sizeof(graphics_modes_24[0]) ++ : ++ sizeof(graphics_modes_9) / sizeof(graphics_modes_9[0]) ++ ) ++ - 1; ++ if (x_dpi > max_dpi) { ++ return_error(gs_error_rangecheck); ++ } ++ ++ in = ++ (byte *) gs_malloc(pdev->memory, in_size + 1, 1, ++ "epsc_print_page(in)"); ++ out = ++ (byte *) gs_malloc(pdev->memory, out_size + 1, 1, ++ "epsc_print_page(out)"); ++ ++ start_graphics = (char) ++ ((y_24pin ? graphics_modes_24 : graphics_modes_9)[x_dpi / 60]); ++ first_pass = (start_graphics & DD ? 1 : 0); ++ last_pass = first_pass * 2; ++ dots_per_space = x_dpi / 10; /* pica space = 1/10" */ ++ bytes_per_space = dots_per_space * y_mult; ++ ++ /* declare color buffer and related vars */ ++ spare_bits = (pdev->width % 8); /* left over bits to go to margin */ ++ whole_bits = pdev->width - spare_bits; + + /* Check allocations */ + if (in == 0 || out == 0) { +diff --git a/devices/gdevokii.c b/devices/gdevokii.c +index d8929a2..82d8da5 100644 +--- a/devices/gdevokii.c ++++ b/devices/gdevokii.c +@@ -96,23 +96,42 @@ okiibm_print_page1(gx_device_printer *pdev, gp_file *prn_stream, int y_9pin_high + -1, 0 /*60*/, 1 /*120*/, -1, 3 /*240*/ + }; + +- int in_y_mult = (y_9pin_high ? 2 : 1); +- int line_size = gdev_mem_bytes_per_scan_line((gx_device *)pdev); +- /* Note that in_size is a multiple of 8. */ +- int in_size = line_size * (8 * in_y_mult); +- byte *buf1 = (byte *)gs_malloc(pdev->memory, in_size, 1, "okiibm_print_page(buf1)"); +- byte *buf2 = (byte *)gs_malloc(pdev->memory, in_size, 1, "okiibm_print_page(buf2)"); +- byte *in = buf1; +- byte *out = buf2; +- int out_y_mult = 1; +- int x_dpi = pdev->x_pixels_per_inch; +- char start_graphics = graphics_modes_9[x_dpi / 60]; +- int first_pass = (start_graphics == 3 ? 1 : 0); +- int last_pass = first_pass * 2; +- int y_passes = (y_9pin_high ? 2 : 1); ++ int in_y_mult; ++ int line_size; ++ int in_size; ++ byte *buf1; ++ byte *buf2; ++ byte *in; ++ byte *out; ++ int out_y_mult; ++ int x_dpi; ++ char start_graphics; ++ int first_pass; ++ int last_pass; ++ int y_passes; ++ + int skip = 0, lnum = 0, pass, ypass; + int y_step = 0; + ++ x_dpi = pdev->x_pixels_per_inch; ++ if (x_dpi / 60 >= sizeof(graphics_modes_9)/sizeof(graphics_modes_9[0])) { ++ return_error(gs_error_rangecheck); ++ } ++ in_y_mult = (y_9pin_high ? 2 : 1); ++ line_size = gdev_mem_bytes_per_scan_line((gx_device *)pdev); ++ /* Note that in_size is a multiple of 8. */ ++ in_size = line_size * (8 * in_y_mult); ++ buf1 = (byte *)gs_malloc(pdev->memory, in_size, 1, "okiibm_print_page(buf1)"); ++ buf2 = (byte *)gs_malloc(pdev->memory, in_size, 1, "okiibm_print_page(buf2)"); ++ in = buf1; ++ out = buf2; ++ out_y_mult = 1; ++ start_graphics = graphics_modes_9[x_dpi / 60]; ++ first_pass = (start_graphics == 3 ? 1 : 0); ++ last_pass = first_pass * 2; ++ y_passes = (y_9pin_high ? 2 : 1); ++ y_step = 0; ++ + /* Check allocations */ + if ( buf1 == 0 || buf2 == 0 ) + { if ( buf1 ) +diff --git a/devices/gdevtfnx.c b/devices/gdevtfnx.c +index f07cc15..fc9cce7 100644 +--- a/devices/gdevtfnx.c ++++ b/devices/gdevtfnx.c +@@ -146,12 +146,16 @@ tiff12_print_page(gx_device_printer * pdev, gp_file * file) + { + int y; + int size = gdev_prn_raster(pdev); +- byte *data = gs_alloc_bytes(pdev->memory, size, "tiff12_print_page"); ++ ++ /* We allocate an extra 5 bytes to avoid buffer overflow when accessing ++ src[5] below, if size if not multiple of 6. This fixes bug-701807. */ ++ int size_alloc = size + 5; ++ byte *data = gs_alloc_bytes(pdev->memory, size_alloc, "tiff12_print_page"); + + if (data == 0) + return_error(gs_error_VMerror); + +- memset(data, 0, size); ++ memset(data, 0, size_alloc); + + for (y = 0; y < pdev->height; ++y) { + const byte *src; diff --git a/debian/patches/0021-33-update-package-info.patch b/debian/patches/0021-33-update-package-info.patch new file mode 100644 index 0000000000000000000000000000000000000000..08e1d4ce7a4c0103d55d5dcb8cdd96a61e26cbd1 --- /dev/null +++ b/debian/patches/0021-33-update-package-info.patch @@ -0,0 +1,373 @@ +From: =?utf-8?b?5ZGo5rem5riF?= +Date: Mon, 4 Sep 2023 09:07:06 +0000 +Subject: =?utf-8?q?!33_update_package_info_Merge_pull_request_!33_from_?= + =?utf-8?q?=E5=91=A8=E6=B7=A6=E6=B8=85/openkylin/yangtze?= + +--- + contrib/japanese/gdevmjc.c | 6 +- + devices/gdevcdj.c | 2 +- + devices/gdevdm24.c | 44 +++++++++---- + devices/gdevlxm.c | 22 +++++-- + devices/gdevpcx.c | 2 +- + devices/gdevtsep.c | 2 + + devices/vector/gdevtxtw.c | 160 +++++++++++++++++++++++---------------------- + psi/zbfont.c | 2 +- + 8 files changed, 136 insertions(+), 104 deletions(-) + +diff --git a/contrib/japanese/gdevmjc.c b/contrib/japanese/gdevmjc.c +index f7f6a13..2588cbd 100644 +--- a/contrib/japanese/gdevmjc.c ++++ b/contrib/japanese/gdevmjc.c +@@ -1503,8 +1503,10 @@ mj_color_correct(gx_color_value *Rptr ,gx_color_value *Gptr , gx_color_value *Bp + M=0; + if (Y<0) + Y=0; +- +- if(H>256 && H<1024){ /* green correct */ ++ /* 2019-10-29 this used to be 'if(H>256 && H<1024)', which can then go ++ beyond bounds of the 512-element grnsep2[]. So have patched up to avoid ++ this, but without any proper idea about what's going on. */ ++ if(H>256 && H<768){ /* green correct */ + short work; + work=(((long)grnsep[M]*(long)grnsep2[H-256])>>16); + C+=work; +diff --git a/devices/gdevcdj.c b/devices/gdevcdj.c +index 8cf4e2e..1ab1c20 100644 +--- a/devices/gdevcdj.c ++++ b/devices/gdevcdj.c +@@ -1969,7 +1969,7 @@ ep_print_image(gp_file *prn_stream, ep_globals *eg, char cmd, byte *data, int si + /* p2 is the head of non zero image. */ + p2 = p3; + redo: +- for (p3 += row_bytes; memcmp(p3, zeros, row_bytes); p3 += row_bytes); ++ for (p3 += row_bytes; p3 < outp && memcmp(p3, zeros, row_bytes); p3 += row_bytes); + if (p3 < outp && memcmp(p3+row_bytes, zeros, row_bytes)) goto redo; + } else p1 = p2 = outp; + +diff --git a/devices/gdevdm24.c b/devices/gdevdm24.c +index abf8508..b9b79f8 100644 +--- a/devices/gdevdm24.c ++++ b/devices/gdevdm24.c +@@ -51,20 +51,38 @@ static void dot24_improve_bitmap (byte *, int); + static int + dot24_print_page (gx_device_printer *pdev, gp_file *prn_stream, char *init_string, int init_len) + { +- int xres = (int)pdev->x_pixels_per_inch; +- int yres = (int)pdev->y_pixels_per_inch; +- int x_high = (xres == 360); +- int y_high = (yres == 360); +- int bits_per_column = (y_high ? 48 : 24); +- uint line_size = gdev_prn_raster (pdev); +- uint in_size = line_size * bits_per_column; +- byte *in = (byte *) gs_malloc (pdev->memory, in_size, 1, "dot24_print_page (in)"); +- uint out_size = ((pdev->width + 7) & -8) * 3; +- byte *out = (byte *) gs_malloc (pdev->memory, out_size, 1, "dot24_print_page (out)"); +- int y_passes = (y_high ? 2 : 1); +- int dots_per_space = xres / 10; /* pica space = 1/10" */ +- int bytes_per_space = dots_per_space * 3; ++ int xres; ++ int yres; ++ int x_high; ++ int y_high; ++ int bits_per_column; ++ uint line_size; ++ uint in_size; ++ byte *in; ++ uint out_size; ++ byte *out; ++ int y_passes; ++ int dots_per_space; ++ int bytes_per_space; + int skip = 0, lnum = 0, ypass; ++ xres = (int)pdev->x_pixels_per_inch; ++ yres = (int)pdev->y_pixels_per_inch; ++ x_high = (xres == 360); ++ y_high = (yres == 360); ++ dots_per_space = xres / 10; /* pica space = 1/10" */ ++ bytes_per_space = dots_per_space * 3; ++ if (bytes_per_space == 0) { ++ /* We divide by bytes_per_space later on. */ ++ return_error(gs_error_rangecheck); ++ } ++ ++ bits_per_column = (y_high ? 48 : 24); ++ line_size = gdev_prn_raster (pdev); ++ in_size = line_size * bits_per_column; ++ in = (byte *) gs_malloc (pdev->memory, in_size, 1, "dot24_print_page (in)"); ++ out_size = ((pdev->width + 7) & -8) * 3; ++ out = (byte *) gs_malloc (pdev->memory, out_size, 1, "dot24_print_page (out)"); ++ y_passes = (y_high ? 2 : 1); + + /* Check allocations */ + if (in == 0 || out == 0) +diff --git a/devices/gdevlxm.c b/devices/gdevlxm.c +index f3135dc..ec350ee 100644 +--- a/devices/gdevlxm.c ++++ b/devices/gdevlxm.c +@@ -245,13 +245,21 @@ quit_ignomiously: /* and a goto into an if statement is pretty ignomious! */ + outp = swipeBuf; + + /* macro, not fcn call. Space penalty is modest, speed helps */ +-#define buffer_store(x) if(outp-swipeBuf>=swipeBuf_size) {\ +- gs_free(pdev->memory, (char *)swipeBuf, swipeBuf_size, 1, "lxm_print_page(swipeBuf)");\ +- swipeBuf_size*=2;\ +- swipeBuf = (byte *)gs_malloc(pdev->memory, swipeBuf_size, 1, "lxm_print_page(swipeBuf)");\ +- if (swipeBuf == 0) goto quit_ignomiously;\ +- break;}\ +- else *outp++ = (x) ++#define buffer_store(x)\ ++ {\ ++ if (outp-swipeBuf>=swipeBuf_size) {\ ++ size_t outp_offset = outp - swipeBuf;\ ++ size_t swipeBuf_size_new = swipeBuf_size * 2;\ ++ byte* swipeBuf_new = gs_malloc(pdev->memory, swipeBuf_size_new, 1, "lxm_print_page(swipeBuf_new)");\ ++ if (!swipeBuf_new) goto quit_ignomiously;\ ++ memcpy(swipeBuf_new, swipeBuf, swipeBuf_size);\ ++ gs_free(pdev->memory, swipeBuf, swipeBuf_size, 1, "lxm_print_page(swipeBuf)");\ ++ swipeBuf_size = swipeBuf_size_new;\ ++ swipeBuf = swipeBuf_new;\ ++ outp = swipeBuf + outp_offset;\ ++ }\ ++ *outp++ = (x);\ ++ } + + {/* work out the bytes to store for this swipe*/ + +diff --git a/devices/gdevpcx.c b/devices/gdevpcx.c +index 1735851..91de4ab 100644 +--- a/devices/gdevpcx.c ++++ b/devices/gdevpcx.c +@@ -442,7 +442,7 @@ pcx_write_rle(const byte * from, const byte * end, int step, gp_file * file) + byte data = *from; + + from += step; +- if (data != *from || from == end) { ++ if (from >= end || data != *from) { + if (data >= 0xc0) + gp_fputc(0xc1, file); + } else { +diff --git a/devices/gdevtsep.c b/devices/gdevtsep.c +index 5fb1025..0c860d8 100644 +--- a/devices/gdevtsep.c ++++ b/devices/gdevtsep.c +@@ -2365,6 +2365,7 @@ tiffsep_print_page(gx_device_printer * pdev, gp_file * file) + "\nUse of the %%d format is required to output more than one page to tiffsep.\n" + "See doc/Devices.htm#TIFF for details.\n\n"); + code = gs_note_error(gs_error_ioerror); ++ goto done; + } + /* Write the page directory for the CMYK equivalent file. */ + if (!tfdev->comp_file) { +@@ -2726,6 +2727,7 @@ tiffsep1_print_page(gx_device_printer * pdev, gp_file * file) + "\nUse of the %%d format is required to output more than one page to tiffsep1.\n" + "See doc/Devices.htm#TIFF for details.\n\n"); + code = gs_note_error(gs_error_ioerror); ++ goto done; + } + /* If the output file is on disk and the name contains a page #, */ + /* then delete the previous file. */ +diff --git a/devices/vector/gdevtxtw.c b/devices/vector/gdevtxtw.c +index aed535b..aacbc28 100644 +--- a/devices/vector/gdevtxtw.c ++++ b/devices/vector/gdevtxtw.c +@@ -1693,97 +1693,99 @@ static int get_unicode(textw_text_enum_t *penum, gs_font *font, gs_glyph glyph, + + length = font->procs.decode_glyph((gs_font *)font, glyph, ch, NULL, 0); + if (length == 0) { +- code = font->procs.glyph_name(font, glyph, &gnstr); +- if (code >= 0 && gnstr.size == 7) { +- if (!memcmp(gnstr.data, "uni", 3)) { +- static const char *hexdigits = "0123456789ABCDEF"; +- char *d0 = strchr(hexdigits, gnstr.data[3]); +- char *d1 = strchr(hexdigits, gnstr.data[4]); +- char *d2 = strchr(hexdigits, gnstr.data[5]); +- char *d3 = strchr(hexdigits, gnstr.data[6]); +- +- if (d0 != NULL && d1 != NULL && d2 != NULL && d3 != NULL) { +- *Buffer++ = ((d0 - hexdigits) << 12) + ((d1 - hexdigits) << 8) + ((d2 - hexdigits) << 4) + (d3 - hexdigits); +- return 1; +- } +- } +- } +- if (length == 0) { +- single_glyph_list_t *sentry = (single_glyph_list_t *)&SingleGlyphList; +- double_glyph_list_t *dentry = (double_glyph_list_t *)&DoubleGlyphList; +- treble_glyph_list_t *tentry = (treble_glyph_list_t *)&TrebleGlyphList; +- quad_glyph_list_t *qentry = (quad_glyph_list_t *)&QuadGlyphList; +- +- /* Search glyph to single Unicode value table */ +- while (sentry->Glyph != 0) { +- if (sentry->Glyph[0] < gnstr.data[0]) { +- sentry++; +- continue; +- } +- if (sentry->Glyph[0] > gnstr.data[0]){ +- break; +- } +- if (strlen(sentry->Glyph) == gnstr.size) { +- if(memcmp(gnstr.data, sentry->Glyph, gnstr.size) == 0) { +- *Buffer = sentry->Unicode; ++ if (glyph != GS_NO_GLYPH) { ++ code = font->procs.glyph_name(font, glyph, &gnstr); ++ if (code >= 0 && gnstr.size == 7) { ++ if (!memcmp(gnstr.data, "uni", 3)) { ++ static const char *hexdigits = "0123456789ABCDEF"; ++ char *d0 = strchr(hexdigits, gnstr.data[3]); ++ char *d1 = strchr(hexdigits, gnstr.data[4]); ++ char *d2 = strchr(hexdigits, gnstr.data[5]); ++ char *d3 = strchr(hexdigits, gnstr.data[6]); ++ ++ if (d0 != NULL && d1 != NULL && d2 != NULL && d3 != NULL) { ++ *Buffer++ = ((d0 - hexdigits) << 12) + ((d1 - hexdigits) << 8) + ((d2 - hexdigits) << 4) + (d3 - hexdigits); + return 1; + } + } +- sentry++; + } +- +- /* Search glyph to double Unicode value table */ +- while (dentry->Glyph != 0) { +- if (dentry->Glyph[0] < gnstr.data[0]) { +- dentry++; +- continue; +- } +- if (dentry->Glyph[0] > gnstr.data[0]){ +- break; +- } +- if (strlen(dentry->Glyph) == gnstr.size) { +- if(memcmp(gnstr.data, dentry->Glyph, gnstr.size) == 0) { +- memcpy(Buffer, dentry->Unicode, 2); +- return 2; ++ if (length == 0) { ++ single_glyph_list_t *sentry = (single_glyph_list_t *)&SingleGlyphList; ++ double_glyph_list_t *dentry = (double_glyph_list_t *)&DoubleGlyphList; ++ treble_glyph_list_t *tentry = (treble_glyph_list_t *)&TrebleGlyphList; ++ quad_glyph_list_t *qentry = (quad_glyph_list_t *)&QuadGlyphList; ++ ++ /* Search glyph to single Unicode value table */ ++ while (sentry->Glyph != 0) { ++ if (sentry->Glyph[0] < gnstr.data[0]) { ++ sentry++; ++ continue; ++ } ++ if (sentry->Glyph[0] > gnstr.data[0]){ ++ break; + } ++ if (strlen(sentry->Glyph) == gnstr.size) { ++ if(memcmp(gnstr.data, sentry->Glyph, gnstr.size) == 0) { ++ *Buffer = sentry->Unicode; ++ return 1; ++ } ++ } ++ sentry++; + } +- dentry++; +- } + +- /* Search glyph to triple Unicode value table */ +- while (tentry->Glyph != 0) { +- if (tentry->Glyph[0] < gnstr.data[0]) { +- tentry++; +- continue; +- } +- if (tentry->Glyph[0] > gnstr.data[0]){ +- break; +- } +- if (strlen(tentry->Glyph) == gnstr.size) { +- if(memcmp(gnstr.data, tentry->Glyph, gnstr.size) == 0) { +- memcpy(Buffer, tentry->Unicode, 3); +- return 3; ++ /* Search glyph to double Unicode value table */ ++ while (dentry->Glyph != 0) { ++ if (dentry->Glyph[0] < gnstr.data[0]) { ++ dentry++; ++ continue; ++ } ++ if (dentry->Glyph[0] > gnstr.data[0]){ ++ break; ++ } ++ if (strlen(dentry->Glyph) == gnstr.size) { ++ if(memcmp(gnstr.data, dentry->Glyph, gnstr.size) == 0) { ++ memcpy(Buffer, dentry->Unicode, 2); ++ return 2; ++ } + } ++ dentry++; + } +- tentry++; +- } + +- /* Search glyph to quadruple Unicode value table */ +- while (qentry->Glyph != 0) { +- if (qentry->Glyph[0] < gnstr.data[0]) { +- qentry++; +- continue; +- } +- if (qentry->Glyph[0] > gnstr.data[0]){ +- break; ++ /* Search glyph to triple Unicode value table */ ++ while (tentry->Glyph != 0) { ++ if (tentry->Glyph[0] < gnstr.data[0]) { ++ tentry++; ++ continue; ++ } ++ if (tentry->Glyph[0] > gnstr.data[0]){ ++ break; ++ } ++ if (strlen(tentry->Glyph) == gnstr.size) { ++ if(memcmp(gnstr.data, tentry->Glyph, gnstr.size) == 0) { ++ memcpy(Buffer, tentry->Unicode, 3); ++ return 3; ++ } ++ } ++ tentry++; + } +- if (strlen(qentry->Glyph) == gnstr.size) { +- if(memcmp(gnstr.data, qentry->Glyph, gnstr.size) == 0) { +- memcpy(Buffer, qentry->Unicode, 4); +- return 4; ++ ++ /* Search glyph to quadruple Unicode value table */ ++ while (qentry->Glyph != 0) { ++ if (qentry->Glyph[0] < gnstr.data[0]) { ++ qentry++; ++ continue; ++ } ++ if (qentry->Glyph[0] > gnstr.data[0]){ ++ break; + } ++ if (strlen(qentry->Glyph) == gnstr.size) { ++ if(memcmp(gnstr.data, qentry->Glyph, gnstr.size) == 0) { ++ memcpy(Buffer, qentry->Unicode, 4); ++ return 4; ++ } ++ } ++ qentry++; + } +- qentry++; + } + } + *Buffer = fallback; +@@ -1890,8 +1892,8 @@ txtwrite_process_cmap_text(gs_text_enum_t *pte) + pte->returned.total_width.x += dpt.x; + pte->returned.total_width.y += dpt.y; + +- penum->TextBufferIndex += get_unicode(penum, (gs_font *)pte->orig_font, glyph, chr, &penum->TextBuffer[penum->TextBufferIndex]); + penum->Widths[penum->TextBufferIndex] += dpt.x; ++ penum->TextBufferIndex += get_unicode(penum, (gs_font*)pte->orig_font, glyph, chr, &penum->TextBuffer[penum->TextBufferIndex]); + break; + case 2: /* end of string */ + return 0; +diff --git a/psi/zbfont.c b/psi/zbfont.c +index 262fea9..abc03aa 100644 +--- a/psi/zbfont.c ++++ b/psi/zbfont.c +@@ -272,7 +272,7 @@ gs_font_map_glyph_to_unicode(gs_font *font, gs_glyph glyph, int ch, ushort *u, u + * can't be a default value for FontInfo.GlyphNames2Unicode . + */ + } +- if (glyph <= GS_MIN_CID_GLYPH) { ++ if (glyph <= GS_MIN_CID_GLYPH && glyph != GS_NO_GLYPH) { + UnicodeDecoding = zfont_get_to_unicode_map(font->dir); + if (UnicodeDecoding != NULL && r_type(UnicodeDecoding) == t_dictionary) + return gs_font_map_glyph_by_dict(font->memory, UnicodeDecoding, glyph, u, length); diff --git a/debian/patches/series b/debian/patches/series index ca2372dd64591c2b0ecb3ec2f74e1389cad9e6f5..9557804998e72931d8dc776c74a5954f34115a4b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -14,3 +14,8 @@ 2010_add_build_timestamp_setting.patch 2011_avoid_remote_font.patch 2012_avoid_googletagmanager.patch +0017-changelog.patch +0018-CVE-2020-16287-Artifex-Software-Ghostscript.patch +0019-CVE-2020-16288.patch +0020-build-debian-9.50-dfsg-ok5.patch +0021-33-update-package-info.patch