1 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch
new file mode 100644
index 0000000000..593109fb9f
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch
@@ -0,0 +1,34 @@
+From 53f0cb4c54ac951697704cb87d24154ae08aecce Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 20 Feb 2019 09:54:28 +0000
+Subject: [PATCH] Bug 700576: Make a transient proc executeonly (in
+ DefineResource).
+This prevents access to .forceput
+Solution originally suggested by cbuissar@redhat.com.
+CVE: CVE-2019-3838
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ Resource/Init/gs_res.ps | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
+index 89c0ed6..a163541 100644
+--- a/Resource/Init/gs_res.ps
+++ b/Resource/Init/gs_res.ps
+@@ -426,7 +426,7 @@ status {
+                         % so we have to use .forceput here.
+                   currentdict /.Instances 2 index .forceput    % Category dict is read-only
+                 } executeonly if
+-              }
+              } executeonly
+               { .LocalInstances dup //.emptydict eq
+                  { pop 3 dict localinstancedict Category 2 index put
+                  }
+-- 
+2.18.1

diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch new file mode 100644 index 0000000000..593109fb9f --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch
@@ -0,0 +1,34 @@
	1	From 53f0cb4c54ac951697704cb87d24154ae08aecce Mon Sep 17 00:00:00 2001
	2	From: Chris Liddell <chris.liddell@artifex.com>
	3	Date: Wed, 20 Feb 2019 09:54:28 +0000
	4	Subject: [PATCH] Bug 700576: Make a transient proc executeonly (in
	5	DefineResource).
	6
	7	This prevents access to .forceput
	8
	9	Solution originally suggested by cbuissar@redhat.com.
	10
	11	CVE: CVE-2019-3838
	12	Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
	13
	14	Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
	15	---
	16	Resource/Init/gs_res.ps \| 2 +-
	17	1 file changed, 1 insertion(+), 1 deletion(-)
	18
	19	diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
	20	index 89c0ed6..a163541 100644
	21	--- a/Resource/Init/gs_res.ps
	22	+++ b/Resource/Init/gs_res.ps
	23	@@ -426,7 +426,7 @@ status {
	24	% so we have to use .forceput here.
	25	currentdict /.Instances 2 index .forceput % Category dict is read-only
	26	} executeonly if
	27	- }
	28	+ } executeonly
	29	{ .LocalInstances dup //.emptydict eq
	30	{ pop 3 dict localinstancedict Category 2 index put
	31	}
	32	--
	33	2.18.1
	34