From 6c32ea184941d292cd8f0eb898e6cc90120ada40 Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Mon, 5 Nov 2018 16:03:35 +0800
Subject: ghostscript: fix CVE-2018-17961

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a
sandbox protection mechanism via vectors involving errorhandler
setup. NOTE: this issue exists because of an incomplete fix for
CVE-2018-17183.

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-extended/ghostscript/ghostscript_9.25.bb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'meta/recipes-extended/ghostscript/ghostscript_9.25.bb')

diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.25.bb b/meta/recipes-extended/ghostscript/ghostscript_9.25.bb
index 35eaaeb2fa..55251a55d4 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.25.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.25.bb
@@ -25,6 +25,11 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
                 file://do-not-check-local-libpng-source.patch \
                 file://avoid-host-contamination.patch \
                 file://mkdir-p.patch \
+                file://0001-Bug-699795-add-operand-checking-to-.setnativefontmap.patch \
+                file://0002-Bug-699816-Improve-hiding-of-security-critical-custo.patch \
+                file://0003-Bug-699832-add-control-over-hiding-error-handlers.patch \
+                file://0004-For-hidden-operators-pass-a-name-object-to-error-han.patch \
+                file://0005-Bug-699938-.loadfontloop-must-be-an-operator.patch \
 "
 
 SRC_URI = "${SRC_URI_BASE} \
-- 
cgit 1.2.3-korg