1 files changed, 250 insertions, 0 deletions

diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch
new file mode 100644
index 000000000..db70bba21
--- /dev/null
+++ b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch
@@ -0,0 +1,250 @@
+From 1e830cafa56c6e3e1b08d246eaf5496fe81a0032 Mon Sep 17 00:00:00 2001
+From: Nancy Durgin <nancy.durgin@artifex.com>
+Date: Tue, 27 Nov 2018 12:36:14 -0800
+Subject: [PATCH 5/7] Undef a bunch of internal things in gs_res.ps
+
+CVE: CVE-2019-6116
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ Resource/Init/gs_res.ps   | 72 +++++++++++++++++++++++++--------------
+ Resource/Init/gs_resmp.ps |  4 +--
+ 2 files changed, 49 insertions(+), 27 deletions(-)
+
+diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
+index d9b3459..18d5452 100644
+--- a/Resource/Init/gs_res.ps
++++ b/Resource/Init/gs_res.ps
+@@ -197,7 +197,7 @@ setglobal
+ /.findresource {		% <key> <category> findresource <instance>
+         2 copy dup /Category eq
+           { pop //Category 0 get begin } { .findcategory } ifelse
+-        /FindResource .resourceexec exch pop exch pop
++        /FindResource //.resourceexec exec exch pop exch pop
+ } bind
+ end		% .Instances of Category
+ def
+@@ -223,7 +223,7 @@ def
+             not { /defineresource cvx /typecheck signaloperror } if
+           } if
+         } if
+-        /DefineResource .resourceexec
++        /DefineResource //.resourceexec exec
+         4 1 roll pop pop pop
+     } .errorexec
+ } bind executeonly odef
+@@ -252,7 +252,7 @@ def
+       % without the check.
+       /resourcestatus cvx /typecheck signalerror
+     } if
+-    2 copy .findcategory /ResourceStatus .resourceexec
++    2 copy .findcategory /ResourceStatus //.resourceexec exec
+     { 4 2 roll pop pop //true } { pop pop //false } ifelse
+   } stopped {
+     % Although resourcestatus is an operator, Adobe uses executable name
+@@ -266,7 +266,7 @@ def
+   } if
+   1 .argindex 1 index		% catch stackunderflow
+ 
+-  { .findcategory /UndefineResource .resourceexec pop pop
++  { .findcategory /UndefineResource //.resourceexec exec pop pop
+   } stopped {
+     % Although undefineresource is an operator, Adobe uses executable name
+     % here but uses operator for the errors above. CET 23-33
+@@ -315,10 +315,10 @@ currentdict /pssystemparams known not {
+   /pssystemparams 10 dict readonly def
+ } if
+ pssystemparams begin
+-  .default_resource_dir
+-  /FontResourceDir (Font) .resource_dir_name
++  //.default_resource_dir exec
++  /FontResourceDir (Font) //.resource_dir_name exec
+      readonly .forcedef	% pssys'params is r-o
+-  /GenericResourceDir () .resource_dir_name
++  /GenericResourceDir () //.resource_dir_name exec
+      readonly .forcedef	% pssys'params is r-o
+   pop % .default_resource_dir
+   /GenericResourcePathSep
+@@ -387,13 +387,13 @@ status {
+ } bind def
+ /.localresourceforall {		% <key> <value> <args> .localr'forall -
+   exch pop
+-  2 copy 0 get .stringmatch { .enumerateresource } { pop pop } ifelse
++  2 copy 0 get .stringmatch { //.enumerateresource exec } { pop pop } ifelse
+ } bind def
+ /.globalresourceforall {	% <key> <value> <args> .globalr'forall -
+   exch pop
+   2 copy 0 get .stringmatch {
+     dup 3 get begin .LocalInstances end 2 index known not {
+-      .enumerateresource
++      //.enumerateresource exec
+     } {
+       pop pop
+     } ifelse
+@@ -408,7 +408,7 @@ status {
+   3 index known {
+     pop pop pop
+   } {
+-    2 index known { pop pop } { .enumerateresource } ifelse
++    2 index known { pop pop } { //.enumerateresource exec } ifelse
+   } ifelse
+ } bind def
+ 
+@@ -468,19 +468,19 @@ status {
+           % .knownget doesn't fail on null
+           /findresource cvx /typecheck signaloperror
+         } if
+-        dup .getvminstance {
++        dup //.getvminstance exec {
+           exch pop 0 get
+         } {
+           dup ResourceStatus {
+             pop 1 gt {
+-              .DoLoadResource .getvminstance not {
+-                /findresource cvx .undefinedresource
++              .DoLoadResource //.getvminstance exec not {
++                /findresource cvx //.undefinedresource exec
+               } if 0 get
+             } {
+               .GetInstance pop 0 get
+             } ifelse
+           } {
+-           /findresource cvx .undefinedresource
++           /findresource cvx //.undefinedresource exec
+           } ifelse
+         } ifelse
+ } bind executeonly
+@@ -621,7 +621,7 @@ status {
+     .currentglobal not .setglobal
+     vmstatus pop exch pop add
+   } repeat
+-} bind def
++} bind executeonly odef
+ /.DoLoadResource {
+                 % .LoadResource may push entries on the operand stack.
+                 % It is an undocumented feature of Adobe implementations,
+@@ -633,8 +633,8 @@ status {
+         {.LoadResource} 4 1 roll 4 .execn
+                 % Stack: ... count key memused
+         .vmused exch sub
+-        1 index .getvminstance not {
+-          pop dup .undefinedresource	% didn't load
++        1 index //.getvminstance exec not {
++          pop dup //.undefinedresource exec	% didn't load
+         } if
+         dup 1 1 put
+         2 3 -1 roll put
+@@ -648,7 +648,7 @@ status {
+               { //true setglobal { .runresource } stopped //false setglobal { stop } if }
+              ifelse
+            }
+-           { dup .undefinedresource
++           { dup //.undefinedresource exec
+            }
+          ifelse
+         } bind
+@@ -758,7 +758,7 @@ counttomark 2 idiv
+    /FindResource
+         { .Instances 1 index .knownget
+            { exch pop }
+-           { /findresource cvx .undefinedresource }
++           { /findresource cvx //.undefinedresource exec }
+           ifelse
+         } bind executeonly
+    /ResourceStatus
+@@ -862,7 +862,7 @@ userdict /.localcsdefaults //false put
+   2 copy /Generic /Category findresource /DefineResource get exec
+   exch pop
+   exch //.defaultcsnames exch .knownget {
+-    1 index .definedefaultcs
++    1 index //.definedefaultcs exec
+     currentglobal not { .userdict /.localcsdefaults //true put } if
+   } if
+ } bind executeonly
+@@ -872,13 +872,13 @@ userdict /.localcsdefaults //false put
+   //.defaultcsnames 1 index .knownget {
+         % Stack: resname index
+     currentglobal {
+-      .undefinedefaultcs pop
++      //.undefinedefaultcs exec pop
+     } {
+         % We removed the local definition, but there might be a global one.
+       exch .GetInstance {
+-        0 get .definedefaultcs
++        0 get //.definedefaultcs exec
+       } {
+-        .undefinedefaultcs
++        //.undefinedefaultcs exec
+       } ifelse
+         % Recompute .localcsdefaults by scanning.  This is rarely needed.
+       .userdict /.localcsdefaults //false //.defaultcsnames {
+@@ -997,7 +997,7 @@ currentdict /.fontstatusaux .undef
+           /Generic /Category findresource /UndefineResource get exec
+         } bind executeonly
+ /FindResource {
+-        dup .getvminstance {
++        dup //.getvminstance exec {
+           exch pop 0 get
+         } {
+           dup ResourceStatus {
+@@ -1024,7 +1024,7 @@ currentdict /.fontstatusaux .undef
+                 % stack: name font vmused
+                 % findfont has the prerogative of not calling definefont
+                 % in certain obscure cases of font substitution.
+-        2 index .getvminstance {
++        2 index //.getvminstance exec {
+           dup 1 1 put
+           2 3 -1 roll put
+         } {
+@@ -1159,3 +1159,25 @@ end				% level2dict
+ 
+ %% Replace 1 (gs_resmp.ps)
+ (gs_resmp.ps)  dup runlibfile VMDEBUG
++
++[
++    /.default_resource_dir
++    /.resource_dir_name
++]
++{systemdict exch .forceundef} forall
++
++[
++    /.definedefaultcs
++    /.undefinedefaultcs
++    /.defaultcsnames
++    /.enumerateresource
++    /.externalresourceforall
++    /.getvminstance
++    /.globalresourceforall
++    /.localresourceforall
++    /resourceforall1
++    /.resourceexec
++    /.undefinedresource
++    /.vmused
++]
++{level2dict exch .forceundef} forall
+diff --git a/Resource/Init/gs_resmp.ps b/Resource/Init/gs_resmp.ps
+index 9bb4263..cb948d1 100644
+--- a/Resource/Init/gs_resmp.ps
++++ b/Resource/Init/gs_resmp.ps
+@@ -230,7 +230,7 @@ currentpacking //false setpacking
+       } {
+         dup dup .map exch .knownget {      % /Name /Name <<record>>
+           dup dup /RecordVirtualMethods get /IsActive get exec {
+-            1 index .getvminstance {       % /Name /Name <<record>> holder
++            1 index //.getvminstance exec {       % /Name /Name <<record>> holder
+               1 get 1 eq
+             } {
+               //true
+@@ -242,7 +242,7 @@ currentpacking //false setpacking
+             DefineResource exec            % size bStatusIs1 /Name Instance
+             % Make ResourceStatus to return correct values for this instance :
+             % Hack: we replace status values in the instance holder :
+-            exch .getvminstance pop        % size bStatusIs1 Instance holder
++            exch //.getvminstance exec pop        % size bStatusIs1 Instance holder
+             dup 5 -1 roll 2 exch put       % bStatusIs1 Instance holder
+             3 2 roll {                     % Instance holder
+               1 1 put                      % Instance
+-- 
+2.18.1
+