summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2019-04-02 20:30:22 +0000
committer Eric Hameleers <alien@slackware.com>2019-04-03 08:59:45 +0200
commitcaa5f28b83340fe23012ab27244a288449b26b26 (patch)
tree70102860b8f3df20347f25125b7ea065340cd1d5
parentdf86158dc598141c63689a86c2f247053e616719 (diff)
downloadcurrent-caa5f28b83340fe23012ab27244a288449b26b26.tar.gz
current-caa5f28b83340fe23012ab27244a288449b26b26.tar.xz
Tue Apr 2 20:30:22 UTC 201920190402203022
a/hwdata-0.322-noarch-1.txz: Upgraded. a/kernel-firmware-20190402_67b7579-noarch-1.txz: Upgraded. a/shadow-4.6-x86_64-2.txz: Rebuilt. adduser: reprompt on invalid user input. Thanks to ttk. ap/ghostscript-9.26-x86_64-2.txz: Rebuilt. Fixes security issues: A specially crafted PostScript file could have access to the file system outside of the constrains imposed by -dSAFER. Transient procedures can allow access to system operators, leading to remote code execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3835 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3838 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6116 (* Security fix *) d/vala-0.44.2-x86_64-1.txz: Upgraded. l/glib-networking-2.60.1-x86_64-1.txz: Upgraded. l/imagemagick-6.9.10_36-x86_64-1.txz: Upgraded. l/python-pillow-6.0.0-x86_64-1.txz: Upgraded. n/wget-1.20.2-x86_64-1.txz: Upgraded. Fixed an unspecified buffer overflow vulnerability. (* Security fix *)
-rw-r--r--ChangeLog.rss36
-rw-r--r--ChangeLog.txt24
-rw-r--r--FILELIST.TXT158
-rwxr-xr-xrecompress.sh4
-rw-r--r--source/a/shadow/adduser31
-rwxr-xr-xsource/a/shadow/shadow.SlackBuild2
-rw-r--r--source/ap/ghostscript/ghostscript-cve-2019-3835.patch615
-rw-r--r--source/ap/ghostscript/ghostscript-cve-2019-3838.patch56
-rw-r--r--source/ap/ghostscript/ghostscript-cve-2019-6116.patch770
-rw-r--r--source/ap/ghostscript/ghostscript-subclassing-devices-fix-put_image-method.patch28
-rwxr-xr-xsource/ap/ghostscript/ghostscript.SlackBuild8
-rwxr-xr-xsource/l/python-pillow/python-pillow.SlackBuild2
-rwxr-xr-xsource/n/wget/wget.SlackBuild2
13 files changed, 1641 insertions, 95 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss
index 19b84da77..2c35fbf32 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,10 +11,42 @@
<description>Tracking Slackware development in git.</description>
<language>en-us</language>
<id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
- <pubDate>Sun, 31 Mar 2019 18:51:16 GMT</pubDate>
- <lastBuildDate>Mon, 1 Apr 2019 06:59:39 GMT</lastBuildDate>
+ <pubDate>Tue, 2 Apr 2019 20:30:22 GMT</pubDate>
+ <lastBuildDate>Wed, 3 Apr 2019 06:59:41 GMT</lastBuildDate>
<generator>maintain_current_git.sh v 1.10</generator>
<item>
+ <title>Tue, 2 Apr 2019 20:30:22 GMT</title>
+ <pubDate>Tue, 2 Apr 2019 20:30:22 GMT</pubDate>
+ <link>https://git.slackware.nl/current/tag/?h=20190402203022</link>
+ <guid isPermaLink="false">20190402203022</guid>
+ <description>
+ <![CDATA[<pre>
+a/hwdata-0.322-noarch-1.txz: Upgraded.
+a/kernel-firmware-20190402_67b7579-noarch-1.txz: Upgraded.
+a/shadow-4.6-x86_64-2.txz: Rebuilt.
+ adduser: reprompt on invalid user input. Thanks to ttk.
+ap/ghostscript-9.26-x86_64-2.txz: Rebuilt.
+ Fixes security issues:
+ A specially crafted PostScript file could have access to the file system
+ outside of the constrains imposed by -dSAFER.
+ Transient procedures can allow access to system operators, leading to
+ remote code execution.
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3835
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3838
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6116
+ (* Security fix *)
+d/vala-0.44.2-x86_64-1.txz: Upgraded.
+l/glib-networking-2.60.1-x86_64-1.txz: Upgraded.
+l/imagemagick-6.9.10_36-x86_64-1.txz: Upgraded.
+l/python-pillow-6.0.0-x86_64-1.txz: Upgraded.
+n/wget-1.20.2-x86_64-1.txz: Upgraded.
+ Fixed an unspecified buffer overflow vulnerability.
+ (* Security fix *)
+ </pre>]]>
+ </description>
+ </item>
+ <item>
<title>Sun, 31 Mar 2019 18:51:16 GMT</title>
<pubDate>Sun, 31 Mar 2019 18:51:16 GMT</pubDate>
<link>https://git.slackware.nl/current/tag/?h=20190331185116</link>
diff --git a/ChangeLog.txt b/ChangeLog.txt
index 1e8b94749..339bd3979 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,27 @@
+Tue Apr 2 20:30:22 UTC 2019
+a/hwdata-0.322-noarch-1.txz: Upgraded.
+a/kernel-firmware-20190402_67b7579-noarch-1.txz: Upgraded.
+a/shadow-4.6-x86_64-2.txz: Rebuilt.
+ adduser: reprompt on invalid user input. Thanks to ttk.
+ap/ghostscript-9.26-x86_64-2.txz: Rebuilt.
+ Fixes security issues:
+ A specially crafted PostScript file could have access to the file system
+ outside of the constrains imposed by -dSAFER.
+ Transient procedures can allow access to system operators, leading to
+ remote code execution.
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3835
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3838
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6116
+ (* Security fix *)
+d/vala-0.44.2-x86_64-1.txz: Upgraded.
+l/glib-networking-2.60.1-x86_64-1.txz: Upgraded.
+l/imagemagick-6.9.10_36-x86_64-1.txz: Upgraded.
+l/python-pillow-6.0.0-x86_64-1.txz: Upgraded.
+n/wget-1.20.2-x86_64-1.txz: Upgraded.
+ Fixed an unspecified buffer overflow vulnerability.
+ (* Security fix *)
++--------------------------+
Sun Mar 31 18:51:16 UTC 2019
a/quota-4.05-x86_64-1.txz: Upgraded.
d/cmake-3.14.1-x86_64-1.txz: Upgraded.
diff --git a/FILELIST.TXT b/FILELIST.TXT
index d4214212c..dcdf24d51 100644
--- a/FILELIST.TXT
+++ b/FILELIST.TXT
@@ -1,20 +1,20 @@
-Sun Mar 31 19:02:43 UTC 2019
+Tue Apr 2 20:45:57 UTC 2019
Here is the file list for this directory. If you are using a
mirror site and find missing or extra files in the disk
subdirectories, please have the archive administrator refresh
the mirror.
-drwxr-xr-x 12 root root 4096 2019-03-31 18:51 .
+drwxr-xr-x 12 root root 4096 2019-04-02 20:30 .
-rw-r--r-- 1 root root 10064 2016-06-30 18:39 ./ANNOUNCE.14_2
-rw-r--r-- 1 root root 14341 2018-11-29 05:40 ./CHANGES_AND_HINTS.TXT
--rw-r--r-- 1 root root 913865 2019-03-29 18:37 ./CHECKSUMS.md5
--rw-r--r-- 1 root root 163 2019-03-29 18:37 ./CHECKSUMS.md5.asc
+-rw-r--r-- 1 root root 913784 2019-03-31 19:03 ./CHECKSUMS.md5
+-rw-r--r-- 1 root root 163 2019-03-31 19:03 ./CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING
-rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3
-rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT
-rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
--rw-r--r-- 1 root root 599330 2019-03-31 18:51 ./ChangeLog.txt
+-rw-r--r-- 1 root root 600416 2019-04-02 20:30 ./ChangeLog.txt
drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI
drwxr-xr-x 2 root root 4096 2019-03-27 20:37 ./EFI/BOOT
-rw-r--r-- 1 root root 1253376 2018-02-24 20:49 ./EFI/BOOT/bootx64.efi
@@ -25,9 +25,9 @@ drwxr-xr-x 2 root root 4096 2019-03-27 20:37 ./EFI/BOOT
-rwxr-xr-x 1 root root 2494 2018-02-24 20:49 ./EFI/BOOT/make-grub.sh
-rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
-rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
--rw-r--r-- 1 root root 1201772 2019-03-29 18:37 ./FILELIST.TXT
+-rw-r--r-- 1 root root 1201674 2019-03-31 19:02 ./FILELIST.TXT
-rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY
--rw-r--r-- 1 root root 732375 2019-03-31 19:00 ./PACKAGES.TXT
+-rw-r--r-- 1 root root 732373 2019-04-02 20:44 ./PACKAGES.TXT
-rw-r--r-- 1 root root 8564 2016-06-28 21:33 ./README.TXT
-rw-r--r-- 1 root root 3635 2019-03-27 20:14 ./README.initrd
-rw-r--r-- 1 root root 34412 2017-12-01 17:44 ./README_CRYPT.TXT
@@ -787,13 +787,13 @@ drwxr-xr-x 2 root root 4096 2012-09-20 18:06 ./patches
-rw-r--r-- 1 root root 575 2012-09-20 18:06 ./patches/FILE_LIST
-rw-r--r-- 1 root root 14 2012-09-20 18:06 ./patches/MANIFEST.bz2
-rw-r--r-- 1 root root 224 2012-09-20 18:06 ./patches/PACKAGES.TXT
-drwxr-xr-x 18 root root 4096 2019-03-31 19:01 ./slackware64
--rw-r--r-- 1 root root 290566 2019-03-31 19:01 ./slackware64/CHECKSUMS.md5
--rw-r--r-- 1 root root 163 2019-03-31 19:01 ./slackware64/CHECKSUMS.md5.asc
--rw-r--r-- 1 root root 361941 2019-03-31 18:58 ./slackware64/FILE_LIST
--rw-r--r-- 1 root root 3639495 2019-03-31 18:59 ./slackware64/MANIFEST.bz2
+drwxr-xr-x 18 root root 4096 2019-04-02 20:44 ./slackware64
+-rw-r--r-- 1 root root 290560 2019-04-02 20:44 ./slackware64/CHECKSUMS.md5
+-rw-r--r-- 1 root root 163 2019-04-02 20:44 ./slackware64/CHECKSUMS.md5.asc
+-rw-r--r-- 1 root root 361937 2019-04-02 20:41 ./slackware64/FILE_LIST
+-rw-r--r-- 1 root root 3636614 2019-04-02 20:42 ./slackware64/MANIFEST.bz2
lrwxrwxrwx 1 root root 15 2009-08-23 23:34 ./slackware64/PACKAGES.TXT -> ../PACKAGES.TXT
-drwxr-xr-x 2 root root 28672 2019-03-31 18:58 ./slackware64/a
+drwxr-xr-x 2 root root 28672 2019-04-02 20:41 ./slackware64/a
-rw-r--r-- 1 root root 327 2018-06-24 18:44 ./slackware64/a/aaa_base-14.2-x86_64-5.txt
-rw-r--r-- 1 root root 10820 2018-06-24 18:44 ./slackware64/a/aaa_base-14.2-x86_64-5.txz
-rw-r--r-- 1 root root 163 2018-06-24 18:44 ./slackware64/a/aaa_base-14.2-x86_64-5.txz.asc
@@ -929,9 +929,9 @@ drwxr-xr-x 2 root root 28672 2019-03-31 18:58 ./slackware64/a
-rw-r--r-- 1 root root 441 2018-11-07 23:40 ./slackware64/a/hostname-3.21-x86_64-1.txt
-rw-r--r-- 1 root root 9156 2018-11-07 23:40 ./slackware64/a/hostname-3.21-x86_64-1.txz
-rw-r--r-- 1 root root 163 2018-11-07 23:40 ./slackware64/a/hostname-3.21-x86_64-1.txz.asc
--rw-r--r-- 1 root root 316 2019-03-05 21:40 ./slackware64/a/hwdata-0.321-noarch-1.txt
--rw-r--r-- 1 root root 1324456 2019-03-05 21:40 ./slackware64/a/hwdata-0.321-noarch-1.txz
--rw-r--r-- 1 root root 163 2019-03-05 21:40 ./slackware64/a/hwdata-0.321-noarch-1.txz.asc
+-rw-r--r-- 1 root root 316 2019-04-02 19:31 ./slackware64/a/hwdata-0.322-noarch-1.txt
+-rw-r--r-- 1 root root 1328944 2019-04-02 19:31 ./slackware64/a/hwdata-0.322-noarch-1.txz
+-rw-r--r-- 1 root root 163 2019-04-02 19:31 ./slackware64/a/hwdata-0.322-noarch-1.txz.asc
-rw-r--r-- 1 root root 465 2019-03-01 19:41 ./slackware64/a/infozip-6.0-x86_64-5.txt
-rw-r--r-- 1 root root 410772 2019-03-01 19:41 ./slackware64/a/infozip-6.0-x86_64-5.txz
-rw-r--r-- 1 root root 163 2019-03-01 19:41 ./slackware64/a/infozip-6.0-x86_64-5.txz.asc
@@ -946,9 +946,9 @@ drwxr-xr-x 2 root root 28672 2019-03-31 18:58 ./slackware64/a
-rw-r--r-- 1 root root 461 2018-04-13 13:06 ./slackware64/a/kbd-1.15.3-x86_64-4.txt
-rw-r--r-- 1 root root 1144600 2018-04-13 13:06 ./slackware64/a/kbd-1.15.3-x86_64-4.txz
-rw-r--r-- 1 root root 163 2018-04-13 13:06 ./slackware64/a/kbd-1.15.3-x86_64-4.txz.asc
--rw-r--r-- 1 root root 422 2019-03-19 16:16 ./slackware64/a/kernel-firmware-20190314_7bc2464-noarch-1.txt
--rw-r--r-- 1 root root 78560324 2019-03-19 16:16 ./slackware64/a/kernel-firmware-20190314_7bc2464-noarch-1.txz
--rw-r--r-- 1 root root 163 2019-03-19 16:16 ./slackware64/a/kernel-firmware-20190314_7bc2464-noarch-1.txz.asc
+-rw-r--r-- 1 root root 422 2019-04-02 19:41 ./slackware64/a/kernel-firmware-20190402_67b7579-noarch-1.txt
+-rw-r--r-- 1 root root 78864876 2019-04-02 19:41 ./slackware64/a/kernel-firmware-20190402_67b7579-noarch-1.txz
+-rw-r--r-- 1 root root 163 2019-04-02 19:41 ./slackware64/a/kernel-firmware-20190402_67b7579-noarch-1.txz.asc
-rw-r--r-- 1 root root 624 2019-03-27 18:35 ./slackware64/a/kernel-generic-4.19.32-x86_64-1.txt
-rw-r--r-- 1 root root 6458512 2019-03-27 18:35 ./slackware64/a/kernel-generic-4.19.32-x86_64-1.txz
-rw-r--r-- 1 root root 163 2019-03-27 18:35 ./slackware64/a/kernel-generic-4.19.32-x86_64-1.txz.asc
@@ -1065,9 +1065,9 @@ drwxr-xr-x 2 root root 28672 2019-03-31 18:58 ./slackware64/a
-rw-r--r-- 1 root root 406 2018-12-21 16:51 ./slackware64/a/sed-4.7-x86_64-1.txt
-rw-r--r-- 1 root root 246084 2018-12-21 16:51 ./slackware64/a/sed-4.7-x86_64-1.txz
-rw-r--r-- 1 root root 163 2018-12-21 16:51 ./slackware64/a/sed-4.7-x86_64-1.txz.asc
--rw-r--r-- 1 root root 512 2018-11-16 21:07 ./slackware64/a/shadow-4.6-x86_64-1.txt
--rw-r--r-- 1 root root 1484208 2018-11-16 21:07 ./slackware64/a/shadow-4.6-x86_64-1.txz
--rw-r--r-- 1 root root 163 2018-11-16 21:07 ./slackware64/a/shadow-4.6-x86_64-1.txz.asc
+-rw-r--r-- 1 root root 512 2019-04-02 20:20 ./slackware64/a/shadow-4.6-x86_64-2.txt
+-rw-r--r-- 1 root root 1484756 2019-04-02 20:20 ./slackware64/a/shadow-4.6-x86_64-2.txz
+-rw-r--r-- 1 root root 163 2019-04-02 20:20 ./slackware64/a/shadow-4.6-x86_64-2.txz.asc
-rw-r--r-- 1 root root 623 2018-04-13 13:12 ./slackware64/a/sharutils-4.15.2-x86_64-2.txt
-rw-r--r-- 1 root root 264912 2018-04-13 13:12 ./slackware64/a/sharutils-4.15.2-x86_64-2.txz
-rw-r--r-- 1 root root 163 2018-04-13 13:12 ./slackware64/a/sharutils-4.15.2-x86_64-2.txz.asc
@@ -1144,7 +1144,7 @@ drwxr-xr-x 2 root root 28672 2019-03-31 18:58 ./slackware64/a
-rw-r--r-- 1 root root 540 2018-04-13 13:15 ./slackware64/a/zoo-2.10_22-x86_64-2.txt
-rw-r--r-- 1 root root 56156 2018-04-13 13:15 ./slackware64/a/zoo-2.10_22-x86_64-2.txz
-rw-r--r-- 1 root root 163 2018-04-13 13:15 ./slackware64/a/zoo-2.10_22-x86_64-2.txz.asc
-drwxr-xr-x 2 root root 20480 2019-03-29 18:32 ./slackware64/ap
+drwxr-xr-x 2 root root 20480 2019-04-02 20:41 ./slackware64/ap
-rw-r--r-- 1 root root 291 2018-04-13 13:17 ./slackware64/ap/a2ps-4.14-x86_64-7.txt
-rw-r--r-- 1 root root 694880 2018-04-13 13:17 ./slackware64/ap/a2ps-4.14-x86_64-7.txz
-rw-r--r-- 1 root root 163 2018-04-13 13:17 ./slackware64/ap/a2ps-4.14-x86_64-7.txz.asc
@@ -1214,9 +1214,9 @@ drwxr-xr-x 2 root root 20480 2019-03-29 18:32 ./slackware64/ap
-rw-r--r-- 1 root root 602 2018-04-17 07:06 ./slackware64/ap/flac-1.3.2-x86_64-2.txt
-rw-r--r-- 1 root root 528104 2018-04-17 07:06 ./slackware64/ap/flac-1.3.2-x86_64-2.txz
-rw-r--r-- 1 root root 163 2018-04-17 07:06 ./slackware64/ap/flac-1.3.2-x86_64-2.txz.asc
--rw-r--r-- 1 root root 558 2018-11-21 19:10 ./slackware64/ap/ghostscript-9.26-x86_64-1.txt
--rw-r--r-- 1 root root 12317152 2018-11-21 19:10 ./slackware64/ap/ghostscript-9.26-x86_64-1.txz
--rw-r--r-- 1 root root 163 2018-11-21 19:10 ./slackware64/ap/ghostscript-9.26-x86_64-1.txz.asc
+-rw-r--r-- 1 root root 558 2019-04-02 19:45 ./slackware64/ap/ghostscript-9.26-x86_64-2.txt
+-rw-r--r-- 1 root root 12316428 2019-04-02 19:45 ./slackware64/ap/ghostscript-9.26-x86_64-2.txz
+-rw-r--r-- 1 root root 163 2019-04-02 19:45 ./slackware64/ap/ghostscript-9.26-x86_64-2.txz.asc
-rw-r--r-- 1 root root 368 2018-06-06 06:18 ./slackware64/ap/ghostscript-fonts-std-8.11-noarch-3.txt
-rw-r--r-- 1 root root 3514908 2018-06-06 06:18 ./slackware64/ap/ghostscript-fonts-std-8.11-noarch-3.txz
-rw-r--r-- 1 root root 163 2018-06-06 06:18 ./slackware64/ap/ghostscript-fonts-std-8.11-noarch-3.txz.asc
@@ -1390,7 +1390,7 @@ drwxr-xr-x 2 root root 20480 2019-03-29 18:32 ./slackware64/ap
-rw-r--r-- 1 root root 506 2019-02-04 20:25 ./slackware64/ap/zsh-5.7.1-x86_64-1.txt
-rw-r--r-- 1 root root 3008036 2019-02-04 20:25 ./slackware64/ap/zsh-5.7.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2019-02-04 20:25 ./slackware64/ap/zsh-5.7.1-x86_64-1.txz.asc
-drwxr-xr-x 2 root root 20480 2019-03-31 18:58 ./slackware64/d
+drwxr-xr-x 2 root root 20480 2019-04-02 20:41 ./slackware64/d
-rw-r--r-- 1 root root 360 2019-02-28 19:27 ./slackware64/d/Cython-0.29.6-x86_64-1.txt
-rw-r--r-- 1 root root 3074148 2019-02-28 19:27 ./slackware64/d/Cython-0.29.6-x86_64-1.txz
-rw-r--r-- 1 root root 163 2019-02-28 19:27 ./slackware64/d/Cython-0.29.6-x86_64-1.txz.asc
@@ -1579,9 +1579,9 @@ drwxr-xr-x 2 root root 20480 2019-03-31 18:58 ./slackware64/d
-rw-r--r-- 1 root root 2604416 2018-04-13 14:12 ./slackware64/d/swig-3.0.12-x86_64-2.txz
-rw-r--r-- 1 root root 163 2018-04-13 14:12 ./slackware64/d/swig-3.0.12-x86_64-2.txz.asc
-rw-r--r-- 1 root root 728 2018-11-21 20:59 ./slackware64/d/tagfile
--rw-r--r-- 1 root root 394 2019-03-17 18:54 ./slackware64/d/vala-0.44.1-x86_64-1.txt
--rw-r--r-- 1 root root 2125448 2019-03-17 18:54 ./slackware64/d/vala-0.44.1-x86_64-1.txz
--rw-r--r-- 1 root root 163 2019-03-17 18:54 ./slackware64/d/vala-0.44.1-x86_64-1.txz.asc
+-rw-r--r-- 1 root root 394 2019-04-01 18:55 ./slackware64/d/vala-0.44.2-x86_64-1.txt
+-rw-r--r-- 1 root root 2128184 2019-04-01 18:55 ./slackware64/d/vala-0.44.2-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2019-04-01 18:55 ./slackware64/d/vala-0.44.2-x86_64-1.txz.asc
-rw-r--r-- 1 root root 591 2018-04-13 14:12 ./slackware64/d/yasm-1.3.0-x86_64-2.txt
-rw-r--r-- 1 root root 532592 2018-04-13 14:12 ./slackware64/d/yasm-1.3.0-x86_64-2.txz
-rw-r--r-- 1 root root 163 2018-04-13 14:12 ./slackware64/d/yasm-1.3.0-x86_64-2.txz.asc
@@ -2455,7 +2455,7 @@ drwxr-xr-x 2 root root 20480 2016-03-10 03:11 ./slackware64/kdei
-rw-r--r-- 1 root root 7544 2018-03-01 07:54 ./slackware64/kdei/maketag
-rw-r--r-- 1 root root 7544 2018-03-01 07:54 ./slackware64/kdei/maketag.ez
-rw-r--r-- 1 root root 1500 2018-03-01 07:54 ./slackware64/kdei/tagfile
-drwxr-xr-x 2 root root 69632 2019-03-31 18:58 ./slackware64/l
+drwxr-xr-x 2 root root 69632 2019-04-02 20:41 ./slackware64/l
-rw-r--r-- 1 root root 338 2018-04-13 14:13 ./slackware64/l/ConsoleKit2-1.0.0-x86_64-4.txt
-rw-r--r-- 1 root root 149752 2018-04-13 14:13 ./slackware64/l/ConsoleKit2-1.0.0-x86_64-4.txz
-rw-r--r-- 1 root root 163 2018-04-13 14:13 ./slackware64/l/ConsoleKit2-1.0.0-x86_64-4.txz.asc
@@ -2672,9 +2672,9 @@ drwxr-xr-x 2 root root 69632 2019-03-31 18:58 ./slackware64/l
-rw-r--r-- 1 root root 302 2018-04-13 14:38 ./slackware64/l/glib-1.2.10-x86_64-6.txt
-rw-r--r-- 1 root root 116160 2018-04-13 14:38 ./slackware64/l/glib-1.2.10-x86_64-6.txz
-rw-r--r-- 1 root root 163 2018-04-13 14:38 ./slackware64/l/glib-1.2.10-x86_64-6.txz.asc
--rw-r--r-- 1 root root 300 2019-03-13 01:57 ./slackware64/l/glib-networking-2.60.0.1-x86_64-1.txt
--rw-r--r-- 1 root root 109856 2019-03-13 01:57 ./slackware64/l/glib-networking-2.60.0.1-x86_64-1.txz
--rw-r--r-- 1 root root 163 2019-03-13 01:57 ./slackware64/l/glib-networking-2.60.0.1-x86_64-1.txz.asc
+-rw-r--r-- 1 root root 300 2019-04-02 19:30 ./slackware64/l/glib-networking-2.60.1-x86_64-1.txt
+-rw-r--r-- 1 root root 109824 2019-04-02 19:30 ./slackware64/l/glib-networking-2.60.1-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2019-04-02 19:30 ./slackware64/l/glib-networking-2.60.1-x86_64-1.txz.asc
-rw-r--r-- 1 root root 407 2019-03-04 22:13 ./slackware64/l/glib2-2.60.0-x86_64-1.txt
-rw-r--r-- 1 root root 3795936 2019-03-04 22:13 ./slackware64/l/glib2-2.60.0-x86_64-1.txz
-rw-r--r-- 1 root root 163 2019-03-04 22:13 ./slackware64/l/glib2-2.60.0-x86_64-1.txz.asc
@@ -2786,9 +2786,9 @@ drwxr-xr-x 2 root root 69632 2019-03-31 18:58 ./slackware64/l
-rw-r--r-- 1 root root 370 2018-04-17 07:49 ./slackware64/l/ilmbase-2.2.0-x86_64-2.txt
-rw-r--r-- 1 root root 138092 2018-04-17 07:49 ./slackware64/l/ilmbase-2.2.0-x86_64-2.txz
-rw-r--r-- 1 root root 163 2018-04-17 07:49 ./slackware64/l/ilmbase-2.2.0-x86_64-2.txz.asc
--rw-r--r-- 1 root root 537 2019-03-25 17:16 ./slackware64/l/imagemagick-6.9.10_35-x86_64-1.txt
--rw-r--r-- 1 root root 6750008 2019-03-25 17:16 ./slackware64/l/imagemagick-6.9.10_35-x86_64-1.txz
--rw-r--r-- 1 root root 163 2019-03-25 17:16 ./slackware64/l/imagemagick-6.9.10_35-x86_64-1.txz.asc
+-rw-r--r-- 1 root root 537 2019-04-01 18:56 ./slackware64/l/imagemagick-6.9.10_36-x86_64-1.txt
+-rw-r--r-- 1 root root 6748324 2019-04-01 18:56 ./slackware64/l/imagemagick-6.9.10_36-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2019-04-01 18:56 ./slackware64/l/imagemagick-6.9.10_36-x86_64-1.txz.asc
-rwxr-xr-x 1 root root 2897 2009-06-24 22:06 ./slackware64/l/install-packages
-rw-r--r-- 1 root root 446 2006-09-18 10:41 ./slackware64/l/install.end
-rw-r--r-- 1 root root 403 2019-01-26 19:42 ./slackware64/l/iso-codes-4.2-noarch-1.txt
@@ -3270,9 +3270,9 @@ drwxr-xr-x 2 root root 69632 2019-03-31 18:58 ./slackware64/l
-rw-r--r-- 1 root root 333 2019-02-19 23:41 ./slackware64/l/python-packaging-19.0-x86_64-2.txt
-rw-r--r-- 1 root root 44652 2019-02-19 23:41 ./slackware64/l/python-packaging-19.0-x86_64-2.txz
-rw-r--r-- 1 root root 163 2019-02-19 23:41 ./slackware64/l/python-packaging-19.0-x86_64-2.txz.asc
--rw-r--r-- 1 root root 530 2019-02-19 23:29 ./slackware64/l/python-pillow-5.4.1-x86_64-2.txt
--rw-r--r-- 1 root root 832824 2019-02-19 23:29 ./slackware64/l/python-pillow-5.4.1-x86_64-2.txz
--rw-r--r-- 1 root root 163 2019-02-19 23:29 ./slackware64/l/python-pillow-5.4.1-x86_64-2.txz.asc
+-rw-r--r-- 1 root root 530 2019-04-02 19:37 ./slackware64/l/python-pillow-6.0.0-x86_64-1.txt
+-rw-r--r-- 1 root root 840924 2019-04-02 19:37 ./slackware64/l/python-pillow-6.0.0-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2019-04-02 19:37 ./slackware64/l/python-pillow-6.0.0-x86_64-1.txz.asc
-rw-r--r-- 1 root root 280 2019-03-01 18:40 ./slackware64/l/python-ply-3.11-x86_64-1.txt
-rw-r--r-- 1 root root 103360 2019-03-01 18:40 ./slackware64/l/python-ply-3.11-x86_64-1.txz
-rw-r--r-- 1 root root 163 2019-03-01 18:40 ./slackware64/l/python-ply-3.11-x86_64-1.txz.asc
@@ -3421,7 +3421,7 @@ drwxr-xr-x 2 root root 69632 2019-03-31 18:58 ./slackware64/l
-rw-r--r-- 1 root root 463 2018-12-30 04:38 ./slackware64/l/zstd-1.3.8-x86_64-1.txt
-rw-r--r-- 1 root root 385208 2018-12-30 04:38 ./slackware64/l/zstd-1.3.8-x86_64-1.txz
-rw-r--r-- 1 root root 163 2018-12-30 04:38 ./slackware64/l/zstd-1.3.8-x86_64-1.txz.asc
-drwxr-xr-x 2 root root 36864 2019-03-31 18:58 ./slackware64/n
+drwxr-xr-x 2 root root 36864 2019-04-02 20:41 ./slackware64/n
-rw-r--r-- 1 root root 357 2019-01-19 18:48 ./slackware64/n/ModemManager-1.10.0-x86_64-1.txt
-rw-r--r-- 1 root root 1644036 2019-01-19 18:48 ./slackware64/n/ModemManager-1.10.0-x86_64-1.txz
-rw-r--r-- 1 root root 163 2019-01-19 18:48 ./slackware64/n/ModemManager-1.10.0-x86_64-1.txz.asc
@@ -3841,9 +3841,9 @@ drwxr-xr-x 2 root root 36864 2019-03-31 18:58 ./slackware64/n
-rw-r--r-- 1 root root 511 2018-05-08 04:27 ./slackware64/n/vsftpd-3.0.3-x86_64-5.txt
-rw-r--r-- 1 root root 126960 2018-05-08 04:27 ./slackware64/n/vsftpd-3.0.3-x86_64-5.txz
-rw-r--r-- 1 root root 163 2018-05-08 04:27 ./slackware64/n/vsftpd-3.0.3-x86_64-5.txz.asc
--rw-r--r-- 1 root root 397 2019-02-08 21:16 ./slackware64/n/wget-1.20.1-x86_64-3.txt
--rw-r--r-- 1 root root 659632 2019-02-08 21:16 ./slackware64/n/wget-1.20.1-x86_64-3.txz
--rw-r--r-- 1 root root 163 2019-02-08 21:16 ./slackware64/n/wget-1.20.1-x86_64-3.txz.asc
+-rw-r--r-- 1 root root 397 2019-04-01 20:16 ./slackware64/n/wget-1.20.2-x86_64-1.txt
+-rw-r--r-- 1 root root 691912 2019-04-01 20:16 ./slackware64/n/wget-1.20.2-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2019-04-01 20:16 ./slackware64/n/wget-1.20.2-x86_64-1.txz.asc
-rw-r--r-- 1 root root 367 2019-03-28 19:26 ./slackware64/n/whois-5.4.2-x86_64-1.txt
-rw-r--r-- 1 root root 58412 2019-03-28 19:26 ./slackware64/n/whois-5.4.2-x86_64-1.txz
-rw-r--r-- 1 root root 163 2019-03-28 19:26 ./slackware64/n/whois-5.4.2-x86_64-1.txz.asc
@@ -5002,11 +5002,11 @@ drwxr-xr-x 2 root root 4096 2019-02-17 23:51 ./slackware64/y
-rw-r--r-- 1 root root 1147 2018-03-01 07:55 ./slackware64/y/maketag
-rw-r--r-- 1 root root 1147 2018-03-01 07:55 ./slackware64/y/maketag.ez
-rw-r--r-- 1 root root 14 2018-03-01 07:55 ./slackware64/y/tagfile
-drwxr-xr-x 19 root root 4096 2019-03-31 19:02 ./source
--rw-r--r-- 1 root root 463048 2019-03-31 19:02 ./source/CHECKSUMS.md5
--rw-r--r-- 1 root root 163 2019-03-31 19:02 ./source/CHECKSUMS.md5.asc
--rw-r--r-- 1 root root 654118 2019-03-31 19:01 ./source/FILE_LIST
--rw-r--r-- 1 root root 16748826 2019-03-31 19:01 ./source/MANIFEST.bz2
+drwxr-xr-x 19 root root 4096 2019-04-02 20:45 ./source
+-rw-r--r-- 1 root root 463417 2019-04-02 20:45 ./source/CHECKSUMS.md5
+-rw-r--r-- 1 root root 163 2019-04-02 20:45 ./source/CHECKSUMS.md5.asc
+-rw-r--r-- 1 root root 654559 2019-04-02 20:45 ./source/FILE_LIST
+-rw-r--r-- 1 root root 16754647 2019-04-02 20:45 ./source/MANIFEST.bz2
-rw-r--r-- 1 root root 1314 2006-10-02 04:40 ./source/README.TXT
drwxr-xr-x 111 root root 4096 2019-03-16 20:25 ./source/a
-rw-r--r-- 1 root root 877 2018-11-21 18:49 ./source/a/FTBFSlog
@@ -5375,8 +5375,8 @@ drwxr-xr-x 2 root root 4096 2018-11-07 23:39 ./source/a/hostname
-rwxr-xr-x 1 root root 3894 2018-11-07 23:39 ./source/a/hostname/hostname.SlackBuild
-rw-r--r-- 1 root root 13467 2018-09-27 08:59 ./source/a/hostname/hostname_3.21.tar.gz
-rw-r--r-- 1 root root 897 2018-02-27 06:13 ./source/a/hostname/slack-desc
-drwxr-xr-x 2 root root 4096 2019-03-05 21:40 ./source/a/hwdata
--rw-r--r-- 1 root root 1318870 2019-03-05 21:39 ./source/a/hwdata/hwdata-0.321.tar.lz
+drwxr-xr-x 2 root root 4096 2019-04-02 19:30 ./source/a/hwdata
+-rw-r--r-- 1 root root 1321571 2019-04-02 10:47 ./source/a/hwdata/hwdata-0.322.tar.lz
-rwxr-xr-x 1 root root 4007 2018-11-08 23:10 ./source/a/hwdata/hwdata.SlackBuild
-rw-r--r-- 1 root root 802 2018-02-27 06:13 ./source/a/hwdata/slack-desc
drwxr-xr-x 4 root root 4096 2019-03-01 19:25 ./source/a/infozip
@@ -5708,14 +5708,14 @@ drwxr-xr-x 2 root root 4096 2018-12-21 16:50 ./source/a/sed
-rw-r--r-- 1 root root 833 2018-12-21 06:04 ./source/a/sed/sed-4.7.tar.xz.sig
-rwxr-xr-x 1 root root 3825 2018-12-20 17:54 ./source/a/sed/sed.SlackBuild
-rw-r--r-- 1 root root 857 2018-02-27 06:13 ./source/a/sed/slack-desc
-drwxr-xr-x 2 root root 4096 2018-11-16 21:03 ./source/a/shadow
--rw-r--r-- 1 root root 15940 2018-07-22 19:10 ./source/a/shadow/adduser
+drwxr-xr-x 2 root root 4096 2019-04-02 20:15 ./source/a/shadow
+-rw-r--r-- 1 root root 16202 2019-04-02 20:18 ./source/a/shadow/adduser
-rw-r--r-- 1 root root 302 2018-11-16 21:02 ./source/a/shadow/doinst.sh.gz
-rw-r--r-- 1 root root 4606 2012-09-13 23:27 ./source/a/shadow/login.defs.gz
-rw-r--r-- 1 root root 1678100 2018-04-29 16:58 ./source/a/shadow/shadow-4.6.tar.xz
-rw-r--r-- 1 root root 488 2018-04-30 19:40 ./source/a/shadow/shadow-4.6.tar.xz.asc
-rw-r--r-- 1 root root 734 2013-12-14 21:05 ./source/a/shadow/shadow.CVE-2005-4890.relax.diff.gz
--rwxr-xr-x 1 root root 5796 2018-11-16 21:03 ./source/a/shadow/shadow.SlackBuild
+-rwxr-xr-x 1 root root 5796 2019-04-02 20:16 ./source/a/shadow/shadow.SlackBuild
-rw-r--r-- 1 root root 301 2017-11-22 00:17 ./source/a/shadow/shadow.login.display.short.hostname.diff.gz
-rw-r--r-- 1 root root 46 2014-07-02 00:15 ./source/a/shadow/shadow.url
-rw-r--r-- 1 root root 966 2018-11-16 21:06 ./source/a/shadow/slack-desc
@@ -5915,7 +5915,7 @@ drwxr-xr-x 2 root root 4096 2018-04-23 17:20 ./source/a/zoo
-rw-r--r-- 1 root root 173607 1994-12-30 20:19 ./source/a/zoo/zoo-2.10.tar.gz
-rwxr-xr-x 1 root root 3143 2018-04-23 17:20 ./source/a/zoo/zoo.SlackBuild
-rw-r--r-- 1 root root 14136 2010-05-22 09:49 ./source/a/zoo/zoo_2.10-22.debian.tar.gz
-drwxr-xr-x 82 root root 4096 2019-03-26 18:39 ./source/ap
+drwxr-xr-x 82 root root 4096 2019-04-02 19:42 ./source/ap
-rw-r--r-- 1 root root 270 2018-02-12 23:18 ./source/ap/FTBFSlog
drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/ap/a2ps
-rw-r--r-- 1 root root 1521 2017-10-01 17:59 ./source/ap/a2ps/a2ps-4.14-texinfo-nodes.patch.gz
@@ -6057,7 +6057,7 @@ drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/ap/flac
-rwxr-xr-x 1 root root 4358 2018-09-18 22:04 ./source/ap/flac/flac.SlackBuild
-rw-r--r-- 1 root root 433 2014-11-29 12:34 ./source/ap/flac/flac.man.diff.gz
-rw-r--r-- 1 root root 1054 2018-02-27 06:12 ./source/ap/flac/slack-desc
-drwxr-xr-x 2 root root 4096 2018-11-21 19:01 ./source/ap/ghostscript
+drwxr-xr-x 2 root root 4096 2019-04-01 19:01 ./source/ap/ghostscript
drwxr-xr-x 2 root root 4096 2018-06-05 22:36 ./source/ap/ghostscript-fonts-std
-rw-r--r-- 1 root root 169 2018-06-05 22:36 ./source/ap/ghostscript-fonts-std/doinst.sh.gz
-rw-r--r-- 1 root root 3621829 2003-07-24 12:38 ./source/ap/ghostscript-fonts-std/ghostscript-fonts-std-8.11.tar.bz2
@@ -6066,7 +6066,11 @@ drwxr-xr-x 2 root root 4096 2018-06-05 22:36 ./source/ap/ghostscript-font
-rw-r--r-- 1 root root 1878 2017-10-05 21:02 ./source/ap/ghostscript/cidfmap.gz
-rwxr-xr-x 1 root root 765 2018-03-21 17:59 ./source/ap/ghostscript/dump.unused.internal.libraries.from.sources.sh
-rw-r--r-- 1 root root 27061467 2018-11-20 16:18 ./source/ap/ghostscript/ghostscript-9.26.tar.lz
--rwxr-xr-x 1 root root 7823 2018-09-18 22:04 ./source/ap/ghostscript/ghostscript.SlackBuild
+-rw-r--r-- 1 root root 7120 2019-03-22 15:03 ./source/ap/ghostscript/ghostscript-cve-2019-3835.patch.gz
+-rw-r--r-- 1 root root 800 2019-03-22 15:03 ./source/ap/ghostscript/ghostscript-cve-2019-3838.patch.gz
+-rw-r--r-- 1 root root 7378 2019-03-22 15:03 ./source/ap/ghostscript/ghostscript-cve-2019-6116.patch.gz
+-rw-r--r-- 1 root root 634 2019-03-22 15:03 ./source/ap/ghostscript/ghostscript-subclassing-devices-fix-put_image-method.patch.gz
+-rwxr-xr-x 1 root root 8190 2019-04-01 19:01 ./source/ap/ghostscript/ghostscript.SlackBuild
-rw-r--r-- 1 root root 102 2018-11-21 19:00 ./source/ap/ghostscript/ghostscript.url
-rw-r--r-- 1 root root 942 2013-05-21 06:34 ./source/ap/ghostscript/ijs-config
-rw-r--r-- 1 root root 1017 2018-02-27 06:12 ./source/ap/ghostscript/slack-desc
@@ -6830,12 +6834,12 @@ drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/d/swig
-rw-r--r-- 1 root root 6002428 2017-01-27 23:54 ./source/d/swig/swig-3.0.12.tar.xz
-rwxr-xr-x 1 root root 3993 2018-09-18 22:04 ./source/d/swig/swig.SlackBuild
-rw-r--r-- 1 root root 87 2013-06-05 09:05 ./source/d/swig/swig.url
-drwxr-xr-x 2 root root 4096 2019-03-17 18:52 ./source/d/vala
+drwxr-xr-x 2 root root 4096 2019-04-01 18:53 ./source/d/vala
-rw-r--r-- 1 root root 1718 2019-03-10 18:11 ./source/d/vala/disable-graphviz.patch.gz
-rw-r--r-- 1 root root 116 2019-03-10 18:05 ./source/d/vala/disable-graphviz.patch.url
-rw-r--r-- 1 root root 233 2018-11-11 05:10 ./source/d/vala/no.gvc-compat.c.diff.gz
-rw-r--r-- 1 root root 849 2018-04-04 20:22 ./source/d/vala/slack-desc
--rw-r--r-- 1 root root 3335856 2019-03-17 15:37 ./source/d/vala/vala-0.44.1.tar.xz
+-rw-r--r-- 1 root root 3340588 2019-03-31 15:38 ./source/d/vala/vala-0.44.2.tar.xz
-rwxr-xr-x 1 root root 4893 2018-11-23 19:49 ./source/d/vala/vala.SlackBuild
drwxr-xr-x 2 root root 4096 2018-04-23 17:20 ./source/d/yasm
-rw-r--r-- 1 root root 1043 2018-02-27 06:13 ./source/d/yasm/slack-desc
@@ -8439,9 +8443,9 @@ drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/l/glade3
-rwxr-xr-x 1 root root 3710 2018-09-18 22:04 ./source/l/glade3/glade3.SlackBuild
-rw-r--r-- 1 root root 900 2018-02-27 06:12 ./source/l/glade3/slack-desc
drwxr-xr-x 2 root root 4096 2018-04-23 17:20 ./source/l/glib
-drwxr-xr-x 2 root root 4096 2019-03-13 01:57 ./source/l/glib-networking
+drwxr-xr-x 2 root root 4096 2019-04-02 19:29 ./source/l/glib-networking
-rw-r--r-- 1 root root 119 2011-11-06 21:59 ./source/l/glib-networking/doinst.sh.gz
--rw-r--r-- 1 root root 184368 2019-03-12 22:17 ./source/l/glib-networking/glib-networking-2.60.0.1.tar.xz
+-rw-r--r-- 1 root root 184828 2019-04-02 04:57 ./source/l/glib-networking/glib-networking-2.60.1.tar.xz
-rwxr-xr-x 1 root root 3989 2018-09-18 22:04 ./source/l/glib-networking/glib-networking.SlackBuild
-rw-r--r-- 1 root root 795 2018-02-27 06:12 ./source/l/glib-networking/slack-desc
-rw-r--r-- 1 root root 6408 2017-08-03 05:13 ./source/l/glib/glib-1.2.10-autotools.patch.gz
@@ -8694,9 +8698,9 @@ drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/l/ilmbase
-rw-r--r-- 1 root root 326876 2014-11-29 16:17 ./source/l/ilmbase/ilmbase-2.2.0.tar.xz
-rwxr-xr-x 1 root root 3609 2018-09-18 22:04 ./source/l/ilmbase/ilmbase.SlackBuild
-rw-r--r-- 1 root root 825 2018-02-27 06:12 ./source/l/ilmbase/slack-desc
-drwxr-xr-x 2 root root 4096 2019-03-25 17:12 ./source/l/imagemagick
--rw-r--r-- 1 root root 8898032 2019-03-24 20:21 ./source/l/imagemagick/ImageMagick-6.9.10-35.tar.lz
--rw-r--r-- 1 root root 836 2019-03-25 12:30 ./source/l/imagemagick/ImageMagick-6.9.10-35.tar.lz.asc
+drwxr-xr-x 2 root root 4096 2019-04-01 18:51 ./source/l/imagemagick
+-rw-r--r-- 1 root root 8902505 2019-04-01 00:37 ./source/l/imagemagick/ImageMagick-6.9.10-36.tar.lz
+-rw-r--r-- 1 root root 836 2019-04-01 13:46 ./source/l/imagemagick/ImageMagick-6.9.10-36.tar.lz.asc
-rw-r--r-- 1 root root 309 2016-05-17 04:08 ./source/l/imagemagick/doinst.sh.gz
-rwxr-xr-x 1 root root 7092 2018-10-26 18:39 ./source/l/imagemagick/imagemagick.SlackBuild
-rw-r--r-- 1 root root 512 2017-07-18 01:14 ./source/l/imagemagick/policy.xml.diff.gz
@@ -9504,9 +9508,9 @@ drwxr-xr-x 2 root root 4096 2019-02-19 21:35 ./source/l/python-packaging
-rw-r--r-- 1 root root 39971 2019-01-20 11:05 ./source/l/python-packaging/packaging-19.0.tar.lz
-rwxr-xr-x 1 root root 2950 2019-02-19 21:35 ./source/l/python-packaging/python-packaging.SlackBuild
-rw-r--r-- 1 root root 829 2018-08-27 18:22 ./source/l/python-packaging/slack-desc
-drwxr-xr-x 2 root root 4096 2019-02-19 21:35 ./source/l/python-pillow
--rw-r--r-- 1 root root 11620812 2019-01-06 12:12 ./source/l/python-pillow/Pillow-5.4.1.tar.lz
--rwxr-xr-x 1 root root 3589 2019-02-19 21:35 ./source/l/python-pillow/python-pillow.SlackBuild
+drwxr-xr-x 2 root root 4096 2019-04-02 19:36 ./source/l/python-pillow
+-rw-r--r-- 1 root root 455923 2019-04-01 22:25 ./source/l/python-pillow/Pillow-6.0.0.tar.lz
+-rwxr-xr-x 1 root root 3589 2019-04-02 19:36 ./source/l/python-pillow/python-pillow.SlackBuild
-rw-r--r-- 1 root root 991 2018-02-27 06:12 ./source/l/python-pillow/slack-desc
drwxr-xr-x 2 root root 4096 2019-03-01 18:38 ./source/l/python-ply
-rw-r--r-- 1 root root 121069 2018-02-15 19:01 ./source/l/python-ply/ply-3.11.tar.lz
@@ -10772,12 +10776,12 @@ drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/n/vsftpd
-rw-r--r-- 1 root root 315 2016-06-13 04:49 ./source/n/vsftpd/vsftpd.crypt.diff.gz
-rw-r--r-- 1 root root 262 2018-05-07 21:11 ./source/n/vsftpd/vsftpd.link-with-openssl-1.1.diff.gz
-rw-r--r-- 1 root root 115 2004-09-03 18:59 ./source/n/vsftpd/vsftpd.log.gz
-drwxr-xr-x 2 root root 4096 2019-02-08 20:52 ./source/n/wget
+drwxr-xr-x 2 root root 4096 2019-04-01 20:14 ./source/n/wget
-rw-r--r-- 1 root root 264 2008-10-01 23:27 ./source/n/wget/doinst.sh.gz
-rw-r--r-- 1 root root 849 2018-02-27 06:13 ./source/n/wget/slack-desc
--rw-r--r-- 1 root root 2120611 2018-12-26 20:13 ./source/n/wget/wget-1.20.1.tar.lz
--rw-r--r-- 1 root root 833 2018-12-26 20:13 ./source/n/wget/wget-1.20.1.tar.lz.sig
--rwxr-xr-x 1 root root 3891 2019-02-08 20:52 ./source/n/wget/wget.SlackBuild
+-rw-r--r-- 1 root root 2134961 2019-04-01 18:33 ./source/n/wget/wget-1.20.2.tar.lz
+-rw-r--r-- 1 root root 854 2019-04-01 18:33 ./source/n/wget/wget-1.20.2.tar.lz.sig
+-rwxr-xr-x 1 root root 3891 2019-04-01 20:15 ./source/n/wget/wget.SlackBuild
drwxr-xr-x 2 root root 4096 2019-03-28 19:25 ./source/n/whois
-rw-r--r-- 1 root root 820 2019-03-28 19:25 ./source/n/whois/slack-desc
-rwxr-xr-x 1 root root 2904 2019-03-28 19:25 ./source/n/whois/whois.SlackBuild
@@ -12437,12 +12441,12 @@ drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/xap/pidgin
-rw-r--r-- 1 root root 604129 2010-05-18 16:51 ./source/xap/pidgin/pidgin-encryption-3.1.tar.gz
-rwxr-xr-x 1 root root 7550 2018-09-18 22:04 ./source/xap/pidgin/pidgin.SlackBuild
-rw-r--r-- 1 root root 920 2018-02-27 06:13 ./source/xap/pidgin/slack-desc
-drwxr-xr-x 2 root root 4096 2019-01-02 22:46 ./source/xap/rdesktop
--rw-r--r-- 1 root root 250484 2019-01-02 14:21 ./source/xap/rdesktop/rdesktop-1.8.4.tar.xz
--rwxr-xr-x 1 root root 3809 2019-01-02 22:46 ./source/xap/rdesktop/rdesktop.SlackBuild
--rw-r--r-- 1 root root 850 2018-02-27 06:13 ./source/xap/rdesktop/slack-desc
-drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/xap/rxvt-unicode
--rw-r--r-- 1 root root 222 2018-03-31 17:18 ./source/xap/rxvt-unicode/rxvt-unicode-256color.desktop
+drwxr-xr-x 2 root root 4096 2019-01-02 22:46 ./source/xap/rdesktop
+-rw-r--r-- 1 root root 250484 2019-01-02 14:21 ./source/xap/rdesktop/rdesktop-1.8.4.tar.xz
+-rwxr-xr-x 1 root root 3809 2019-01-02 22:46 ./source/xap/rdesktop/rdesktop.SlackBuild
+-rw-r--r-- 1 root root 850 2018-02-27 06:13 ./source/xap/rdesktop/slack-desc
+drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/xap/rxvt-unicode
+-rw-r--r-- 1 root root 222 2018-03-31 17:18 ./source/xap/rxvt-unicode/rxvt-unicode-256color.desktop
-rw-r--r-- 1 root root 712702 2016-01-23 20:09 ./source/xap/rxvt-unicode/rxvt-unicode-9.22.tar.lz
-rwxr-xr-x 1 root root 5651 2018-11-30 21:13 ./source/xap/rxvt-unicode/rxvt-unicode.SlackBuild
-rw-r--r-- 1 root root 207 2018-03-31 17:17 ./source/xap/rxvt-unicode/rxvt-unicode.desktop
diff --git a/recompress.sh b/recompress.sh
index f95a743fb..048f2e1ff 100755
--- a/recompress.sh
+++ b/recompress.sh
@@ -704,6 +704,10 @@ gzip ./source/ap/seejpeg/seejpeg-1.10.diff
gzip ./source/ap/cups/doinst.sh
gzip ./source/ap/at/doinst.sh
gzip ./source/ap/ghostscript/cidfmap
+gzip ./source/ap/ghostscript/ghostscript-cve-2019-3835.patch
+gzip ./source/ap/ghostscript/ghostscript-cve-2019-6116.patch
+gzip ./source/ap/ghostscript/ghostscript-subclassing-devices-fix-put_image-method.patch
+gzip ./source/ap/ghostscript/ghostscript-cve-2019-3838.patch
gzip ./source/ap/screen/52fix_screen_utf8_nfd.patch
gzip ./source/ap/screen/60-revert-screenrc-change.diff
gzip ./source/ap/screen/26source_encoding.patch
diff --git a/source/a/shadow/adduser b/source/a/shadow/adduser
index 482cb7500..49c11f87a 100644
--- a/source/a/shadow/adduser
+++ b/source/a/shadow/adduser
@@ -36,6 +36,9 @@
##########################################################################
# History #
###########
+# v1.17 - 2019-04-01
+# * Re-invoking input requests when human error causes failure. <ttk>
+# qv: https://www.linuxquestions.org/questions/slackware-14/adduser-shell-script-error-4175650984/
# v1.16 - 2018-07-22
# * Added input group. <pjv>
# v1.15 - 2012-09-13
@@ -128,7 +131,7 @@ fi
# This setting enables the 'recycling' of older unused UIDs.
# When you userdel a user, it removes it from passwd and shadow but it will
# never get used again unless you specify it expliticly -- useradd (appears to) just
-# look at the last line in passwd and increment the uid. I like the idea of
+# look at the last line in passwd and increment the uid. I like the idea of
# recycling uids but you may have very good reasons not to (old forgotten
# confidential files still on the system could then be owned by this new user).
# We'll set this to no because this is what the original adduser shell script
@@ -185,7 +188,7 @@ function check_group () {
#: Read the login name for the new user :#
#
# Remember that most Mail Transfer Agents are case independant, so having
-# 'uSer' and 'user' may cause confusion/things to break. Because of this,
+# 'uSer' and 'user' may cause confusion/things to break. Because of this,
# useradd from shadow-4.0.3 no longer accepts usernames containing uppercase,
# and we must reject them, too.
@@ -195,7 +198,9 @@ LOGIN="$1"
needinput=yes
while [ ! -z $needinput ]; do
if [ -z "$LOGIN" ]; then
- while [ -z "$LOGIN" ]; do LOGIN="$(get_input "Login name for new user []:")" ; done
+ while [ -z "$LOGIN" ]; do
+ LOGIN="$(get_input "Login name for new user []:")"
+ done
fi
grep "^${LOGIN}:" $pfile >/dev/null 2>&1 # ensure it's not already used
if [ $? -eq 0 ]; then
@@ -415,7 +420,7 @@ if [ $? -gt 0 ]; then
exit 1
fi
-# chown the home dir ? We can only do this once the useradd has
+# chown the home dir? We can only do this once the useradd has
# completed otherwise the user name doesn't exist.
if [ ! -z "${CHOWNHOMEDIR}" ]; then
chown "$LOGIN"."$( echo $GID | awk '{print $2}')" "${CHOWNHOMEDIR}"
@@ -423,17 +428,19 @@ fi
# Set the finger information
$chfn "$LOGIN"
-if [ $? -gt 0 ]; then
- echo "- Warning: an error occurred while setting finger information"
-fi
+while [ $? -gt 0 ]; do
+ echo "- Warning: an error occurred while setting finger information."
+ echo " Please try again."
+ $chfn "$LOGIN"
+done
# Set a password
$passwd "$LOGIN"
-if [ $? -gt 0 ]; then
- echo "* WARNING: An error occured while setting the password for"
- echo " this account. Please manually investigate this *"
- exit 1
-fi
+while [ $? -gt 0 ]; do
+ echo "- Warning: An error occured while setting the password for"
+ echo " this account. Please try again."
+ $passwd "$LOGIN"
+done
# If it was created (it should have been!), set the permissions for that user's dir
HME="$(echo "$HME" | awk '{print $2}')" # We have to remove the -g prefix
diff --git a/source/a/shadow/shadow.SlackBuild b/source/a/shadow/shadow.SlackBuild
index c227b0f11..6fcb3f27e 100755
--- a/source/a/shadow/shadow.SlackBuild
+++ b/source/a/shadow/shadow.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=shadow
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/ap/ghostscript/ghostscript-cve-2019-3835.patch b/source/ap/ghostscript/ghostscript-cve-2019-3835.patch
new file mode 100644
index 000000000..07e14e537
--- /dev/null
+++ b/source/ap/ghostscript/ghostscript-cve-2019-3835.patch
@@ -0,0 +1,615 @@
+From 779664d79f0dca77dbdd66b753679bfd12dcbbad Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Mon, 26 Nov 2018 18:01:25 +0000
+Subject: [PATCH 1/4] Have gs_cet.ps run from gs_init.ps
+
+Previously gs_cet.ps was run on the command line, to set up the interpreter
+state so our output more closely matches the example output for the QL CET
+tests.
+
+Allow a -dCETMODE command line switch, which will cause gs_init.ps to run the
+file directly.
+
+This works better for gpdl as it means the changes are made in the intial
+interpreter state, rather than after initialisation is complete.
+
+This also means adding a definition of the default procedure for black
+generation and under color removal (rather it being defined in-line in
+.setdefaultbgucr
+
+Also, add a check so gs_cet.ps only runs once - if we try to run it a second
+time, we'll just skip over the file, flushing through to the end.
+---
+ Resource/Init/gs_cet.ps | 11 ++++++++++-
+ Resource/Init/gs_init.ps | 13 ++++++++++++-
+ 2 files changed, 22 insertions(+), 2 deletions(-)
+
+diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps
+index d3e1686..75534bb 100644
+--- a/Resource/Init/gs_cet.ps
++++ b/Resource/Init/gs_cet.ps
+@@ -1,6 +1,11 @@
+ %!PS
+ % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET
+
++systemdict /product get (PhotoPRINT SE 5.0v2) readonly eq
++{
++ (%END GS_CET) .skipeof
++} if
++
+ % do this in the server level so it is persistent across jobs
+ //true 0 startjob not {
+ (*** Warning: CET startup is not in server default) = flush
+@@ -25,7 +30,9 @@ currentglobal //true setglobal
+
+ /UNROLLFORMS true def
+
+-{ } bind dup
++(%.defaultbgrucrproc) cvn { } bind def
++
++(%.defaultbgrucrproc) cvn load dup
+ setblackgeneration
+ setundercolorremoval
+ 0 array cvx readonly dup dup dup setcolortransfer
+@@ -109,3 +116,5 @@ userdict /.smoothness currentsmoothness put
+ % end of slightly nasty hack to give consistent cluster results
+
+ //false 0 startjob pop % re-enter encapsulated mode
++
++%END GS_CET
+diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
+index d9a0829..152e98a 100644
+--- a/Resource/Init/gs_init.ps
++++ b/Resource/Init/gs_init.ps
+@@ -1544,10 +1544,18 @@ setpacking
+ % any-part-of-pixel rule.
+ 0.5 .setfilladjust
+ } bind def
++
+ % Set the default screen and BG/UCR.
++% We define the proc here, rather than inline in .setdefaultbgucr
++% for the benefit of gs_cet.ps so jobs that do anything that causes
++% .setdefaultbgucr to be called will still get the redefined proc
++% in gs_cet.ps
++(%.defaultbgrucrproc) cvn { pop 0 } def
++
+ /.setdefaultbgucr {
+ systemdict /setblackgeneration known {
+- { pop 0 } dup setblackgeneration setundercolorremoval
++ (%.defaultbgrucrproc) cvn load dup
++ setblackgeneration setundercolorremoval
+ } if
+ } bind def
+ /.useloresscreen { % - .useloresscreen <bool>
+@@ -2499,4 +2507,7 @@ WRITESYSTEMDICT {
+ % be 'true' in some cases.
+ userdict /AGM_preserve_spots //false put
+
++systemdict /CETMODE .knownget
++{ { (gs_cet.ps) runlibfile } if } if
++
+ % The interpreter will run the initial procedure (start).
+--
+2.20.1
+
+
+From e8acf6d1aa1fc92f453175509bfdad6f2b12dc73 Mon Sep 17 00:00:00 2001
+From: Nancy Durgin <nancy.durgin@artifex.com>
+Date: Thu, 14 Feb 2019 10:09:00 -0800
+Subject: [PATCH 2/4] Undef /odef in gs_init.ps
+
+Made a new temporary utility function in gs_cet.ps (.odef) to use instead
+of /odef. This makes it fine to undef odef with all the other operators in
+gs_init.ps
+
+This punts the bigger question of what to do with .makeoperator, but it
+doesn't make the situation any worse than it already was.
+---
+ Resource/Init/gs_cet.ps | 10 ++++++++--
+ Resource/Init/gs_init.ps | 1 +
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps
+index 75534bb..dbc5c4e 100644
+--- a/Resource/Init/gs_cet.ps
++++ b/Resource/Init/gs_cet.ps
+@@ -1,6 +1,10 @@
+ %!PS
+ % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET
+
++/.odef { % <name> <proc> odef -
++ 1 index exch .makeoperator def
++} bind def
++
+ systemdict /product get (PhotoPRINT SE 5.0v2) readonly eq
+ {
+ (%END GS_CET) .skipeof
+@@ -93,8 +97,8 @@ userdict /.smoothness currentsmoothness put
+ } {
+ /setsmoothness .systemvar /typecheck signalerror
+ } ifelse
+-} bind odef
+-/currentsmoothness { userdict /.smoothness get } bind odef % for 09-55.PS, 09-57.PS .
++} bind //.odef exec
++/currentsmoothness { userdict /.smoothness get } bind //.odef exec % for 09-55.PS, 09-57.PS .
+
+ % slightly nasty hack to give consistent cluster results
+ /ofnfa systemdict /filenameforall get def
+@@ -113,6 +117,8 @@ userdict /.smoothness currentsmoothness put
+ } ifelse
+ ofnfa
+ } bind def
++
++currentdict /.odef undef
+ % end of slightly nasty hack to give consistent cluster results
+
+ //false 0 startjob pop % re-enter encapsulated mode
+diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
+index 152e98a..723c447 100644
+--- a/Resource/Init/gs_init.ps
++++ b/Resource/Init/gs_init.ps
+@@ -2263,6 +2263,7 @@ SAFER { .setsafeglobal } if
+ /.systemvmSFD /.settrapparams /.currentsystemparams /.currentuserparams /.getsystemparam /.getuserparam /.setsystemparams /.setuserparams
+ /.checkpassword /.locale_to_utf8 /.currentglobal /.gcheck /.imagepath /.currentoutputdevice
+ /.type /.writecvs /.setSMask /.currentSMask /.needinput /.countexecstack /.execstack /.applypolicies
++ /odef
+
+ % Used by a free user in the Library of Congress. Apparently this is used to
+ % draw a partial page, which is then filled in by the results of a barcode
+--
+2.20.1
+
+
+From 205591753126802da850ada6511a0ff8411aa287 Mon Sep 17 00:00:00 2001
+From: Ray Johnston <ray.johnston@artifex.com>
+Date: Thu, 14 Feb 2019 10:20:03 -0800
+Subject: [PATCH 3/4] Fix bug 700585: Restrict superexec and remove it from
+ internals and gs_cet.ps
+
+Also while changing things, restructure the CETMODE so that it will
+work with -dSAFER. The gs_cet.ps is now run when we are still at save
+level 0 with systemdict writeable. Allows us to undefine .makeoperator
+and .setCPSImode internal operators after CETMODE is handled.
+
+Change previous uses of superexec to using .forceput (with the usual
+.bind executeonly to hide it).
+---
+ Resource/Init/gs_cet.ps | 39 ++++++++++++++-------------------------
+ Resource/Init/gs_dps1.ps | 2 +-
+ Resource/Init/gs_fonts.ps | 8 ++++----
+ Resource/Init/gs_init.ps | 38 +++++++++++++++++++++++++++-----------
+ Resource/Init/gs_ttf.ps | 8 ++++----
+ Resource/Init/gs_type1.ps | 6 +++---
+ 6 files changed, 53 insertions(+), 48 deletions(-)
+
+diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps
+index dbc5c4e..58da404 100644
+--- a/Resource/Init/gs_cet.ps
++++ b/Resource/Init/gs_cet.ps
+@@ -1,37 +1,28 @@
+-%!PS
+ % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET
+
+-/.odef { % <name> <proc> odef -
+- 1 index exch .makeoperator def
+-} bind def
+-
++% skip if we've already run this -- based on fake "product"
+ systemdict /product get (PhotoPRINT SE 5.0v2) readonly eq
+ {
+ (%END GS_CET) .skipeof
+ } if
+
+-% do this in the server level so it is persistent across jobs
+-//true 0 startjob not {
+- (*** Warning: CET startup is not in server default) = flush
+-} if
++% Note: this must be run at save level 0 and when systemdict is writeable
++currentglobal //true setglobal
++systemdict dup dup dup
++/version (3017.102) readonly .forceput % match CPSI 3017.102
++/product (PhotoPRINT SE 5.0v2) readonly .forceput % match CPSI 3017.102
++/revision 0 put % match CPSI 3017.103 Tek shows revision 5
++/serialnumber dup {233640} readonly .makeoperator .forceput % match CPSI 3017.102 Tek shows serialnumber 1401788461
++
++systemdict /.odef { % <name> <proc> odef -
++ 1 index exch //.makeoperator def
++} .bind .forceput % this will be undefined at the end
+
+ 300 .sethiresscreen % needed for language switch build since it
+ % processes gs_init.ps BEFORE setting the resolution
+
+ 0 array 0 setdash % CET 09-08 wants local setdash
+
+-currentglobal //true setglobal
+-
+-{
+- systemdict dup dup dup
+- /version (3017.102) readonly put % match CPSI 3017.102
+- /product (PhotoPRINT SE 5.0v2) readonly put % match CPSI 3017.102
+- /revision 0 put % match CPSI 3017.103 Tek shows revision 5
+- /serialnumber dup {233640} readonly .makeoperator put % match CPSI 3017.102 Tek shows serialnumber 1401788461
+- systemdict /deviceinfo undef % for CET 20-23-1
+-% /UNROLLFORMS true put % CET files do unreasonable things inside forms
+-} 1183615869 internaldict /superexec get exec
+-
+ /UNROLLFORMS true def
+
+ (%.defaultbgrucrproc) cvn { } bind def
+@@ -118,9 +109,7 @@ userdict /.smoothness currentsmoothness put
+ ofnfa
+ } bind def
+
+-currentdict /.odef undef
+-% end of slightly nasty hack to give consistent cluster results
+-
+-//false 0 startjob pop % re-enter encapsulated mode
++systemdict /.odef .undef
+
++% end of slightly nasty hack to give consistent cluster results
+ %END GS_CET
+diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
+index b75ea14..01475ac 100644
+--- a/Resource/Init/gs_dps1.ps
++++ b/Resource/Init/gs_dps1.ps
+@@ -85,7 +85,7 @@ level2dict begin
+ % definition, copy it into the local directory.
+ //systemdict /SharedFontDirectory .knownget
+ { 1 index .knownget
+- { //.FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly
++ { //.FontDirectory 2 index 3 -1 roll .forceput } % readonly
+ if
+ }
+ if
+diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
+index c13a2fc..787dc07 100644
+--- a/Resource/Init/gs_fonts.ps
++++ b/Resource/Init/gs_fonts.ps
+@@ -512,11 +512,11 @@ buildfontdict 3 /.buildfont3 cvx put
+ % the font in LocalFontDirectory.
+ .currentglobal
+ { //systemdict /LocalFontDirectory .knownget
+- { 2 index 2 index { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly
++ { 2 index 2 index .forceput } % readonly
+ if
+ }
+ if
+- dup //.FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
++ dup //.FontDirectory 4 -2 roll .forceput % readonly
+ % If the font originated as a resource, register it.
+ currentfile .currentresourcefile eq { dup .registerfont } if
+ readonly
+@@ -1179,13 +1179,13 @@ currentdict /.putgstringcopy .undef
+ //.FontDirectory 1 index known not {
+ 2 dict dup /FontName 3 index put
+ dup /FontType 1 put
+- //.FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
++ //.FontDirectory 3 1 roll //.forceput exec % readonly
+ } {
+ pop
+ } ifelse
+ } forall
+ } forall
+- }
++ } executeonly % hide .forceput
+ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined
+
+ % Install initial fonts from Fontmap.
+diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
+index 723c447..7ab8c6c 100644
+--- a/Resource/Init/gs_init.ps
++++ b/Resource/Init/gs_init.ps
+@@ -2194,9 +2194,6 @@ SAFER { .setsafeglobal } if
+ /.endtransparencygroup % transparency-example.ps
+ /.setdotlength % Bug687720.ps
+ /.sort /.setdebug /.mementolistnewblocks /getenv
+-
+- /.makeoperator /.setCPSImode % gs_cet.ps, this won't work on cluster with -dSAFER
+-
+ /unread
+ ]
+ {systemdict exch .forceundef} forall
+@@ -2276,7 +2273,6 @@ SAFER { .setsafeglobal } if
+
+ % Used by our own test suite files
+ %/.fileposition %image-qa.ps
+- %/.makeoperator /.setCPSImode % gs_cet.ps
+
+ % Either our code uses these in ways which mean they can't be undefined, or they are used directly by
+ % test files/utilities, or engineers expressed a desire to keep them visible.
+@@ -2464,6 +2460,16 @@ end
+ /vmreclaim where
+ { pop NOGC not { 2 .vmreclaim 0 vmreclaim } if
+ } if
++
++% Do this before systemdict is locked (see below for additional CETMODE setup using gs_cet.ps)
++systemdict /CETMODE .knownget {
++ {
++ (gs_cet.ps) runlibfile
++ } if
++} if
++systemdict /.makeoperator .undef % must be after gs_cet.ps
++systemdict /.setCPSImode .undef % must be after gs_cet.ps
++
+ DELAYBIND not {
+ systemdict /.bindnow .undef % We only need this for DELAYBIND
+ systemdict /.forcecopynew .undef % remove temptation
+@@ -2472,16 +2478,29 @@ DELAYBIND not {
+ systemdict /.forceundef .undef % ditto
+ } if
+
+-% Move superexec to internaldict if superexec is defined.
+-systemdict /superexec .knownget {
+- 1183615869 internaldict /superexec 3 -1 roll put
+- systemdict /superexec .undef
++% Move superexec to internaldict if superexec is defined. (Level 2 or later)
++systemdict /superexec known {
++ % restrict superexec to single known use by PScript5.dll
++ % We could do this only for SAFER mode, but internaldict and superexec are
++ % not very well documented, and we don't want them to be used.
++ 1183615869 internaldict /superexec {
++ 2 index /Private eq % first check for typical use in PScript5.dll
++ 1 index length 1 eq and % expected usage is: dict /Private <value> {put} superexec
++ 1 index 0 get systemdict /put get eq and
++ {
++ //superexec exec % the only usage we allow
++ } {
++ /superexec load /invalidaccess signalerror
++ } ifelse
++ } bind cvx executeonly put
++ systemdict /superexec .undef % get rid of the dangerous (unrestricted) operator
+ } if
+
+ % Can't remove this one until the last minute :-)
+ DELAYBIND not {
+ systemdict /.undef .undef
+ } if
++
+ WRITESYSTEMDICT {
+ SAFER {
+ (\n *** WARNING - you have selected SAFER, indicating you want Ghostscript\n) print
+@@ -2508,7 +2527,4 @@ WRITESYSTEMDICT {
+ % be 'true' in some cases.
+ userdict /AGM_preserve_spots //false put
+
+-systemdict /CETMODE .knownget
+-{ { (gs_cet.ps) runlibfile } if } if
+-
+ % The interpreter will run the initial procedure (start).
+diff --git a/Resource/Init/gs_ttf.ps b/Resource/Init/gs_ttf.ps
+index 05943c5..064b6c8 100644
+--- a/Resource/Init/gs_ttf.ps
++++ b/Resource/Init/gs_ttf.ps
+@@ -1421,7 +1421,7 @@ mark
+ TTFDEBUG { (\n1 setting alias: ) print dup ==only
+ ( to be the same as ) print 2 index //== exec } if
+
+- 7 index 2 index 3 -1 roll exch //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse
++ 7 index 2 index 3 -1 roll exch .forceput
+ } forall
+ pop pop pop
+ }
+@@ -1439,7 +1439,7 @@ mark
+ exch pop
+ TTFDEBUG { (\n2 setting alias: ) print 1 index ==only
+ ( to use glyph index: ) print dup //== exec } if
+- 5 index 3 1 roll //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse
++ 5 index 3 1 roll .forceput
+ //false
+ }
+ {
+@@ -1456,7 +1456,7 @@ mark
+ { % CharStrings(dict) isunicode(boolean) cmap(dict) RAGL(dict) gname(name) codep(integer) gindex(integer)
+ TTFDEBUG { (\3 nsetting alias: ) print 1 index ==only
+ ( to be index: ) print dup //== exec } if
+- exch pop 5 index 3 1 roll //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse
++ exch pop 5 index 3 1 roll .forceput
+ }
+ {
+ pop pop
+@@ -1486,7 +1486,7 @@ mark
+ } ifelse
+ ]
+ TTFDEBUG { (Encoding: ) print dup === flush } if
+-} bind def
++} .bind executeonly odef % hides .forceput
+
+ % to be removed 9.09......
+ currentdict /postalias undef
+diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps
+index 96e1ced..61f5269 100644
+--- a/Resource/Init/gs_type1.ps
++++ b/Resource/Init/gs_type1.ps
+@@ -116,7 +116,7 @@
+ { % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname aglname
+ CFFDEBUG { (\nsetting alias: ) print dup ==only
+ ( to be the same as glyph: ) print 1 index //== exec } if
+- 3 index exch 3 index //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse
++ 3 index exch 3 index .forceput
+ % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
+ }
+ {pop} ifelse
+@@ -135,7 +135,7 @@
+ 3 1 roll pop pop
+ } if
+ pop
+- dup /.AGLprocessed~GS //true //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse
++ dup /.AGLprocessed~GS //true .forceput
+ } if
+
+ %% We need to excute the C .buildfont1 in a stopped context so that, if there
+@@ -148,7 +148,7 @@
+ {//.buildfont1} stopped
+ 4 3 roll .setglobal
+ {//.buildfont1 $error /errorname get signalerror} if
+- } bind def
++ } .bind executeonly def % hide .forceput
+
+ % If the diskfont feature isn't included, define a dummy .loadfontdict.
+ /.loadfontdict where
+--
+2.20.1
+
+
+From d683d1e6450d74619e6277efeebfc222d9a5cb91 Mon Sep 17 00:00:00 2001
+From: Ray Johnston <ray.johnston@artifex.com>
+Date: Sun, 24 Feb 2019 22:01:04 -0800
+Subject: [PATCH 4/4] Bug 700585: Obliterate "superexec". We don't need it, nor
+ do any known apps.
+
+We were under the impression that the Windows driver 'PScript5.dll' used
+superexec, but after testing with our extensive suite of PostScript file,
+and analysis of the PScript5 "Adobe CoolType ProcSet, it does not appear
+that this operator is needed anymore. Get rid of superexec and all of the
+references to it, since it is a potential security hole.
+---
+ Resource/Init/gs_init.ps | 18 ------------------
+ psi/icontext.c | 1 -
+ psi/icstate.h | 1 -
+ psi/zcontrol.c | 30 ------------------------------
+ psi/zdict.c | 6 ++----
+ psi/zgeneric.c | 3 +--
+ 6 files changed, 3 insertions(+), 56 deletions(-)
+
+diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
+index 7ab8c6c..af881b5 100644
+--- a/Resource/Init/gs_init.ps
++++ b/Resource/Init/gs_init.ps
+@@ -2478,24 +2478,6 @@ DELAYBIND not {
+ systemdict /.forceundef .undef % ditto
+ } if
+
+-% Move superexec to internaldict if superexec is defined. (Level 2 or later)
+-systemdict /superexec known {
+- % restrict superexec to single known use by PScript5.dll
+- % We could do this only for SAFER mode, but internaldict and superexec are
+- % not very well documented, and we don't want them to be used.
+- 1183615869 internaldict /superexec {
+- 2 index /Private eq % first check for typical use in PScript5.dll
+- 1 index length 1 eq and % expected usage is: dict /Private <value> {put} superexec
+- 1 index 0 get systemdict /put get eq and
+- {
+- //superexec exec % the only usage we allow
+- } {
+- /superexec load /invalidaccess signalerror
+- } ifelse
+- } bind cvx executeonly put
+- systemdict /superexec .undef % get rid of the dangerous (unrestricted) operator
+-} if
+-
+ % Can't remove this one until the last minute :-)
+ DELAYBIND not {
+ systemdict /.undef .undef
+diff --git a/psi/icontext.c b/psi/icontext.c
+index 1fbe486..7462ea3 100644
+--- a/psi/icontext.c
++++ b/psi/icontext.c
+@@ -151,7 +151,6 @@ context_state_alloc(gs_context_state_t ** ppcst,
+ pcst->rand_state = rand_state_initial;
+ pcst->usertime_total = 0;
+ pcst->keep_usertime = false;
+- pcst->in_superexec = 0;
+ pcst->plugin_list = 0;
+ make_t(&pcst->error_object, t__invalid);
+ { /*
+diff --git a/psi/icstate.h b/psi/icstate.h
+index 4c6a14d..1009d85 100644
+--- a/psi/icstate.h
++++ b/psi/icstate.h
+@@ -54,7 +54,6 @@ struct gs_context_state_s {
+ long usertime_total; /* total accumulated usertime, */
+ /* not counting current time if running */
+ bool keep_usertime; /* true if context ever executed usertime */
+- int in_superexec; /* # of levels of superexec */
+ /* View clipping is handled in the graphics state. */
+ ref error_object; /* t__invalid or error object from operator */
+ ref userparams; /* t_dictionary */
+diff --git a/psi/zcontrol.c b/psi/zcontrol.c
+index 0362cf4..dc813e8 100644
+--- a/psi/zcontrol.c
++++ b/psi/zcontrol.c
+@@ -158,34 +158,6 @@ zexecn(i_ctx_t *i_ctx_p)
+ return o_push_estack;
+ }
+
+-/* <obj> superexec - */
+-static int end_superexec(i_ctx_t *);
+-static int
+-zsuperexec(i_ctx_t *i_ctx_p)
+-{
+- os_ptr op = osp;
+- es_ptr ep;
+-
+- check_op(1);
+- if (!r_has_attr(op, a_executable))
+- return 0; /* literal object just gets pushed back */
+- check_estack(2);
+- ep = esp += 3;
+- make_mark_estack(ep - 2, es_other, end_superexec); /* error case */
+- make_op_estack(ep - 1, end_superexec); /* normal case */
+- ref_assign(ep, op);
+- esfile_check_cache();
+- pop(1);
+- i_ctx_p->in_superexec++;
+- return o_push_estack;
+-}
+-static int
+-end_superexec(i_ctx_t *i_ctx_p)
+-{
+- i_ctx_p->in_superexec--;
+- return 0;
+-}
+-
+ /* <array> <executable> .runandhide <obj> */
+ /* before executing <executable>, <array> is been removed from */
+ /* the operand stack and placed on the execstack with attributes */
+@@ -971,8 +943,6 @@ const op_def zcontrol3_op_defs[] = {
+ {"0%loop_continue", loop_continue},
+ {"0%repeat_continue", repeat_continue},
+ {"0%stopped_push", stopped_push},
+- {"1superexec", zsuperexec},
+- {"0%end_superexec", end_superexec},
+ {"2.runandhide", zrunandhide},
+ {"0%end_runandhide", end_runandhide},
+ op_def_end(0)
+diff --git a/psi/zdict.c b/psi/zdict.c
+index b0deaaa..e2e525d 100644
+--- a/psi/zdict.c
++++ b/psi/zdict.c
+@@ -212,8 +212,7 @@ zundef(i_ctx_t *i_ctx_p)
+ int code;
+
+ check_type(*op1, t_dictionary);
+- if (i_ctx_p->in_superexec == 0)
+- check_dict_write(*op1);
++ check_dict_write(*op1);
+ code = idict_undef(op1, op);
+ if (code < 0 && code != gs_error_undefined) /* ignore undefined error */
+ return code;
+@@ -504,8 +503,7 @@ zsetmaxlength(i_ctx_t *i_ctx_p)
+ int code;
+
+ check_type(*op1, t_dictionary);
+- if (i_ctx_p->in_superexec == 0)
+- check_dict_write(*op1);
++ check_dict_write(*op1);
+ check_type(*op, t_integer);
+ if (op->value.intval < 0)
+ return_error(gs_error_rangecheck);
+diff --git a/psi/zgeneric.c b/psi/zgeneric.c
+index 8048e28..d4edddb 100644
+--- a/psi/zgeneric.c
++++ b/psi/zgeneric.c
+@@ -204,8 +204,7 @@ zput(i_ctx_t *i_ctx_p)
+
+ switch (r_type(op2)) {
+ case t_dictionary:
+- if (i_ctx_p->in_superexec == 0)
+- check_dict_write(*op2);
++ check_dict_write(*op2);
+ {
+ int code = idict_put(op2, op1, op);
+
+--
+2.20.1
+
diff --git a/source/ap/ghostscript/ghostscript-cve-2019-3838.patch b/source/ap/ghostscript/ghostscript-cve-2019-3838.patch
new file mode 100644
index 000000000..0ba1e876b
--- /dev/null
+++ b/source/ap/ghostscript/ghostscript-cve-2019-3838.patch
@@ -0,0 +1,56 @@
+From ed9fcd95bb01f0768bf273b2526732e381202319 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 20 Feb 2019 09:54:28 +0000
+Subject: [PATCH 1/2] Bug 700576: Make a transient proc executeonly (in
+ DefineResource).
+
+This prevents access to .forceput
+
+Solution originally suggested by cbuissar@redhat.com.
+---
+ Resource/Init/gs_res.ps | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
+index d9b3459..b646329 100644
+--- a/Resource/Init/gs_res.ps
++++ b/Resource/Init/gs_res.ps
+@@ -425,7 +425,7 @@ status {
+ % so we have to use .forcedef here.
+ /.Instances 1 index .forcedef % Category dict is read-only
+ } executeonly if
+- }
++ } executeonly
+ { .LocalInstances dup //.emptydict eq
+ { pop 3 dict localinstancedict Category 2 index put
+ }
+--
+2.20.1
+
+
+From a82601e8f95a2f2147f3b3b9e44ec2b8f3a6be8b Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Fri, 22 Feb 2019 12:28:23 +0000
+Subject: [PATCH 2/2] Bug 700576(redux): an extra transient proc needs
+ executeonly'ed.
+
+---
+ Resource/Init/gs_res.ps | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
+index b646329..8c1f29f 100644
+--- a/Resource/Init/gs_res.ps
++++ b/Resource/Init/gs_res.ps
+@@ -437,7 +437,7 @@ status {
+ % Now make the resource value read-only.
+ 0 2 copy get { readonly } .internalstopped pop
+ dup 4 1 roll put exch pop exch pop
+- }
++ } executeonly
+ { /defineresource cvx /typecheck signaloperror
+ }
+ ifelse
+--
+2.20.1
+
diff --git a/source/ap/ghostscript/ghostscript-cve-2019-6116.patch b/source/ap/ghostscript/ghostscript-cve-2019-6116.patch
new file mode 100644
index 000000000..1246039ea
--- /dev/null
+++ b/source/ap/ghostscript/ghostscript-cve-2019-6116.patch
@@ -0,0 +1,770 @@
+From 13b0a36f8181db66a91bcc8cea139998b53a8996 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 5 Dec 2018 12:22:13 +0000
+Subject: [PATCH 1/4] Sanitize op stack for error conditions
+
+We save the stacks to an array and store the array for the error handler to
+access.
+
+For SAFER, we traverse the array, and deep copy any op arrays (procedures). As
+we make these copies, we check for operators that do *not* exist in systemdict,
+when we find one, we replace the operator with a name object (of the form
+"/--opname--").
+---
+ psi/int.mak | 3 +-
+ psi/interp.c | 8 ++++++
+ psi/istack.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++
+ psi/istack.h | 3 ++
+ 4 files changed, 91 insertions(+), 1 deletion(-)
+
+diff --git a/psi/int.mak b/psi/int.mak
+index 6ab5bf0..6b349cb 100644
+--- a/psi/int.mak
++++ b/psi/int.mak
+@@ -204,7 +204,8 @@ $(PSOBJ)iparam.$(OBJ) : $(PSSRC)iparam.c $(GH)\
+ $(PSOBJ)istack.$(OBJ) : $(PSSRC)istack.c $(GH) $(memory__h)\
+ $(ierrors_h) $(gsstruct_h) $(gsutil_h)\
+ $(ialloc_h) $(istack_h) $(istkparm_h) $(istruct_h) $(iutil_h) $(ivmspace_h)\
+- $(store_h) $(INT_MAK) $(MAKEDIRS)
++ $(store_h) $(icstate_h) $(iname_h) $(dstack_h) $(idict_h) \
++ $(INT_MAK) $(MAKEDIRS)
+ $(PSCC) $(PSO_)istack.$(OBJ) $(C_) $(PSSRC)istack.c
+
+ $(PSOBJ)iutil.$(OBJ) : $(PSSRC)iutil.c $(GH) $(math__h) $(memory__h) $(string__h)\
+diff --git a/psi/interp.c b/psi/interp.c
+index 6dc0dda..aa5779c 100644
+--- a/psi/interp.c
++++ b/psi/interp.c
+@@ -761,6 +761,7 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr)
+ uint size = ref_stack_count(pstack) - skip;
+ uint save_space = ialloc_space(idmemory);
+ int code, i;
++ ref *safety, *safe;
+
+ if (size > 65535)
+ size = 65535;
+@@ -778,6 +779,13 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr)
+ make_null(&arr->value.refs[i]);
+ }
+ }
++ if (pstack == &o_stack && dict_find_string(systemdict, "SAFETY", &safety) > 0 &&
++ dict_find_string(safety, "safe", &safe) > 0 && r_has_type(safe, t_boolean) &&
++ safe->value.boolval == true) {
++ code = ref_stack_array_sanitize(i_ctx_p, arr, arr);
++ if (code < 0)
++ return code;
++ }
+ ialloc_set_space(idmemory, save_space);
+ return code;
+ }
+diff --git a/psi/istack.c b/psi/istack.c
+index 8fe151f..f1a3e51 100644
+--- a/psi/istack.c
++++ b/psi/istack.c
+@@ -27,6 +27,10 @@
+ #include "iutil.h"
+ #include "ivmspace.h" /* for local/global test */
+ #include "store.h"
++#include "icstate.h"
++#include "iname.h"
++#include "dstack.h"
++#include "idict.h"
+
+ /* Forward references */
+ static void init_block(ref_stack_t *pstack, const ref *pblock_array,
+@@ -294,6 +298,80 @@ ref_stack_store_check(const ref_stack_t *pstack, ref *parray, uint count,
+ return 0;
+ }
+
++int
++ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr)
++{
++ int i, code;
++ ref obj, arr2;
++ ref *pobj2;
++ gs_memory_t *mem = (gs_memory_t *)idmemory->current;
++
++ if (!r_is_array(sarr) || !r_has_type(darr, t_array))
++ return_error(gs_error_typecheck);
++
++ for (i = 0; i < r_size(sarr); i++) {
++ code = array_get(mem, sarr, i, &obj);
++ if (code < 0)
++ make_null(&obj);
++ switch(r_type(&obj)) {
++ case t_operator:
++ {
++ int index = op_index(&obj);
++
++ if (index > 0 && index < op_def_count) {
++ const byte *data = (const byte *)(op_index_def(index)->oname + 1);
++ if (dict_find_string(systemdict, (const char *)data, &pobj2) <= 0) {
++ byte *s = gs_alloc_bytes(mem, strlen((char *)data) + 5, "ref_stack_array_sanitize");
++ if (s) {
++ s[0] = '\0';
++ strcpy((char *)s, "--");
++ strcpy((char *)s + 2, (char *)data);
++ strcpy((char *)s + strlen((char *)data) + 2, "--");
++ }
++ else {
++ s = (byte *)data;
++ }
++ code = name_ref(imemory, s, strlen((char *)s), &obj, 1);
++ if (code < 0) make_null(&obj);
++ if (s != data)
++ gs_free_object(mem, s, "ref_stack_array_sanitize");
++ }
++ }
++ else {
++ make_null(&obj);
++ }
++ ref_assign(darr->value.refs + i, &obj);
++ break;
++ }
++ case t_array:
++ case t_shortarray:
++ case t_mixedarray:
++ {
++ int attrs = r_type_attrs(&obj) & (a_write | a_read | a_execute | a_executable);
++ /* We only want to copy executable arrays */
++ if (attrs & (a_execute | a_executable)) {
++ code = ialloc_ref_array(&arr2, attrs, r_size(&obj), "ref_stack_array_sanitize");
++ if (code < 0) {
++ make_null(&arr2);
++ }
++ else {
++ code = ref_stack_array_sanitize(i_ctx_p, &obj, &arr2);
++ }
++ ref_assign(darr->value.refs + i, &arr2);
++ }
++ else {
++ ref_assign(darr->value.refs + i, &obj);
++ }
++ break;
++ }
++ default:
++ ref_assign(darr->value.refs + i, &obj);
++ }
++ }
++ return 0;
++}
++
++
+ /*
+ * Store the top 'count' elements of a stack, starting 'skip' elements below
+ * the top, into an array, with or without store/undo checking. age=-1 for
+diff --git a/psi/istack.h b/psi/istack.h
+index 051dcbe..54be405 100644
+--- a/psi/istack.h
++++ b/psi/istack.h
+@@ -129,6 +129,9 @@ int ref_stack_store(const ref_stack_t *pstack, ref *parray, uint count,
+ uint skip, int age, bool check,
+ gs_dual_memory_t *idmem, client_name_t cname);
+
++int
++ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr);
++
+ /*
+ * Pop the top N elements off a stack.
+ * The number must not exceed the number of elements in use.
+--
+2.20.1
+
+
+From 2db98f9c66135601efb103d8db7d020a672308db Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 13 Dec 2018 15:28:34 +0000
+Subject: [PATCH 2/4] Any transient procedures that call .force* operators
+
+(i.e. for conditionals or loops) make them executeonly.
+---
+ Resource/Init/gs_diskn.ps | 2 +-
+ Resource/Init/gs_dps1.ps | 4 ++--
+ Resource/Init/gs_fntem.ps | 4 ++--
+ Resource/Init/gs_fonts.ps | 12 ++++++------
+ Resource/Init/gs_init.ps | 4 ++--
+ Resource/Init/gs_lev2.ps | 11 ++++++-----
+ Resource/Init/gs_pdfwr.ps | 2 +-
+ Resource/Init/gs_res.ps | 4 ++--
+ Resource/Init/gs_setpd.ps | 2 +-
+ Resource/Init/pdf_base.ps | 13 ++++++++-----
+ Resource/Init/pdf_draw.ps | 16 +++++++++-------
+ Resource/Init/pdf_font.ps | 6 +++---
+ Resource/Init/pdf_main.ps | 4 ++--
+ Resource/Init/pdf_ops.ps | 7 ++++---
+ 14 files changed, 49 insertions(+), 42 deletions(-)
+
+diff --git a/Resource/Init/gs_diskn.ps b/Resource/Init/gs_diskn.ps
+index fd694bc..8bf2054 100644
+--- a/Resource/Init/gs_diskn.ps
++++ b/Resource/Init/gs_diskn.ps
+@@ -51,7 +51,7 @@ systemdict begin
+ mark 5 1 roll ] mark exch { { } forall } forall ]
+ //systemdict /.searchabledevs 2 index .forceput
+ exch .setglobal
+- }
++ } executeonly
+ if
+ } .bind executeonly odef % must be bound and hidden for .forceput
+
+diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
+index ec5db61..4fae283 100644
+--- a/Resource/Init/gs_dps1.ps
++++ b/Resource/Init/gs_dps1.ps
+@@ -78,7 +78,7 @@ level2dict begin
+ .currentglobal
+ { % Current mode is global; delete from local directory too.
+ //systemdict /LocalFontDirectory .knownget
+- { 1 index .forceundef } % LocalFontDirectory is readonly
++ { 1 index .forceundef } executeonly % LocalFontDirectory is readonly
+ if
+ }
+ { % Current mode is local; if there was a shadowed global
+@@ -126,7 +126,7 @@ level2dict begin
+ }
+ ifelse
+ } forall
+- pop counttomark 2 idiv { .forceundef } repeat pop % readonly
++ pop counttomark 2 idiv { .forceundef } executeonly repeat pop % readonly
+ }
+ if
+ //SharedFontDirectory exch .forcecopynew pop
+diff --git a/Resource/Init/gs_fntem.ps b/Resource/Init/gs_fntem.ps
+index c1f7651..6eb672a 100644
+--- a/Resource/Init/gs_fntem.ps
++++ b/Resource/Init/gs_fntem.ps
+@@ -401,12 +401,12 @@ currentdict end def
+ .forceput % FontInfo can be read-only.
+ pop % bool <font>
+ exit
+- } if
++ } executeonly if
+ dup /FontInfo get % bool <font> <FI>
+ /GlyphNames2Unicode /Unicode /Decoding findresource
+ .forceput % FontInfo can be read-only.
+ exit
+- } loop
++ } executeonly loop
+ exch setglobal
+ } .bind executeonly odef % must be bound and hidden for .forceput
+
+diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
+index 803faca..290da0c 100644
+--- a/Resource/Init/gs_fonts.ps
++++ b/Resource/Init/gs_fonts.ps
+@@ -374,7 +374,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
+ /.setnativefontmapbuilt { % set whether we've been run
+ dup type /booleantype eq {
+ systemdict exch /.nativefontmapbuilt exch .forceput
+- }
++ } executeonly
+ {pop}
+ ifelse
+ } .bind executeonly odef
+@@ -1007,11 +1007,11 @@ $error /SubstituteFont { } put
+ { 2 index gcheck currentglobal
+ 2 copy eq {
+ pop pop .forceput
+- } {
++ } executeonly {
+ 5 1 roll setglobal
+ dup length string copy
+ .forceput setglobal
+- } ifelse
++ } executeonly ifelse
+ } .bind executeonly odef % must be bound and hidden for .forceput
+
+ % Attempt to load a font from a file.
+@@ -1084,7 +1084,7 @@ $error /SubstituteFont { } put
+ .FontDirectory 3 index .forceundef % readonly
+ 1 index (r) file .loadfont .FontDirectory exch
+ /.setglobal .systemvar exec
+- }
++ } executeonly
+ { .loadfont .FontDirectory
+ }
+ ifelse
+@@ -1105,7 +1105,7 @@ $error /SubstituteFont { } put
+ dup 3 index .fontknownget
+ { dup /PathLoad 4 index .putgstringcopy
+ 4 1 roll pop pop pop //true exit
+- } if
++ } executeonly if
+
+ % Maybe the file had a different FontName.
+ % See if we can get a FontName from the file, and if so,
+@@ -1134,7 +1134,7 @@ $error /SubstituteFont { } put
+ ifelse % Stack: origfontname fontdict
+ exch pop //true exit
+ % Stack: fontdict
+- }
++ } executeonly
+ if pop % Stack: origfontname fontdirectory path
+ }
+ if pop pop % Stack: origfontname
+diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
+index d733124..56c0bd2 100644
+--- a/Resource/Init/gs_init.ps
++++ b/Resource/Init/gs_init.ps
+@@ -2357,7 +2357,7 @@ SAFER { .setsafeglobal } if
+ % Update the copy of the user parameters.
+ mark .currentuserparams counttomark 2 idiv {
+ userparams 3 1 roll .forceput % userparams is read-only
+- } repeat pop
++ } executeonly repeat pop
+ % Turn on idiom recognition, if available.
+ currentuserparams /IdiomRecognition known {
+ /IdiomRecognition //true .definepsuserparam
+@@ -2376,7 +2376,7 @@ SAFER { .setsafeglobal } if
+ % Remove real system params from pssystemparams.
+ mark .currentsystemparams counttomark 2 idiv {
+ pop pssystemparams exch .forceundef
+- } repeat pop
++ } executeonly repeat pop
+ } if
+
+ % Set up AlignToPixels :
+diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps
+index 44fe619..0f0d573 100644
+--- a/Resource/Init/gs_lev2.ps
++++ b/Resource/Init/gs_lev2.ps
+@@ -154,7 +154,8 @@ end
+ % protect top level of parameters that we copied
+ dup type dup /arraytype eq exch /stringtype eq or { readonly } if
+ /userparams .systemvar 3 1 roll .forceput % userparams is read-only
+- } {
++ } executeonly
++ {
+ pop pop
+ } ifelse
+ } forall
+@@ -224,7 +225,7 @@ end
+ % protect top level parameters that we copied
+ dup type dup /arraytype eq exch /stringtype eq or { readonly } if
+ //pssystemparams 3 1 roll .forceput % pssystemparams is read-only
+- }
++ } executeonly
+ { pop pop
+ }
+ ifelse
+@@ -934,7 +935,7 @@ mark
+ dup /PaintProc get
+ 1 index /Implementation known not {
+ 1 index dup /Implementation //null .forceput readonly pop
+- } if
++ } executeonly if
+ exec
+ }.bind odef
+
+@@ -958,7 +959,7 @@ mark
+ dup /PaintProc get
+ 1 index /Implementation known not {
+ 1 index dup /Implementation //null .forceput readonly pop
+- } if
++ } executeonly if
+ /UNROLLFORMS where {/UNROLLFORMS get}{false}ifelse not
+ %% [CTM] <<Form>> PaintProc .beginform -
+ {
+@@ -1005,7 +1006,7 @@ mark
+ %% Form dictioanry using the /Implementation key).
+ 1 dict dup /FormID 4 -1 roll put
+ 1 index exch /Implementation exch .forceput readonly pop
+- }
++ } executeonly
+ ifelse
+ }
+ {
+diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps
+index 58e75d3..b425103 100644
+--- a/Resource/Init/gs_pdfwr.ps
++++ b/Resource/Init/gs_pdfwr.ps
+@@ -650,7 +650,7 @@ currentdict /.pdfmarkparams .undef
+ } ifelse
+ } bind .makeoperator .forceput
+ systemdict /.pdf_hooked_DSC_Creator //true .forceput
+- } if
++ } executeonly if
+ pop
+ } if
+ } {
+diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
+index 8eb8bb0..d9b3459 100644
+--- a/Resource/Init/gs_res.ps
++++ b/Resource/Init/gs_res.ps
+@@ -152,7 +152,7 @@ setglobal
+ % use .forceput / .forcedef later to replace the dummy,
+ % empty .Instances dictionary with the real one later.
+ readonly
+- } {
++ }{
+ /defineresource cvx /typecheck signaloperror
+ } ifelse
+ } bind executeonly odef
+@@ -424,7 +424,7 @@ status {
+ % As noted above, Category dictionaries are read-only,
+ % so we have to use .forcedef here.
+ /.Instances 1 index .forcedef % Category dict is read-only
+- } if
++ } executeonly if
+ }
+ { .LocalInstances dup //.emptydict eq
+ { pop 3 dict localinstancedict Category 2 index put
+diff --git a/Resource/Init/gs_setpd.ps b/Resource/Init/gs_setpd.ps
+index e22597e..7875d1f 100644
+--- a/Resource/Init/gs_setpd.ps
++++ b/Resource/Init/gs_setpd.ps
+@@ -634,7 +634,7 @@ NOMEDIAATTRS {
+ SETPDDEBUG { (Rolling back.) = pstack flush } if
+ 3 index 2 index 3 -1 roll .forceput
+ 4 index 1 index .knownget
+- { 4 index 3 1 roll .forceput }
++ { 4 index 3 1 roll .forceput } executeonly
+ { 3 index exch .undef }
+ ifelse
+ } bind executeonly odef
+diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps
+index b45e980..7312729 100644
+--- a/Resource/Init/pdf_base.ps
++++ b/Resource/Init/pdf_base.ps
+@@ -130,26 +130,29 @@ currentdict /num-chars-dict .undef
+
+ /.pdfexectoken { % <count> <opdict> <exectoken> .pdfexectoken ?
+ PDFDEBUG {
+- pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } if
++ pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } executeonly if
+ PDFSTEP {
+ pdfdict /PDFtokencount 2 copy .knownget { 1 add } { 1 } ifelse .forceput
+ PDFSTEPcount 1 gt {
+ pdfdict /PDFSTEPcount PDFSTEPcount 1 sub .forceput
+- } {
++ } executeonly
++ {
+ dup ==only
+ ( step # ) print PDFtokencount =only
+ ( ? ) print flush 1 //false .outputpage
+ (%stdin) (r) file 255 string readline {
+ token {
+ exch pop pdfdict /PDFSTEPcount 3 -1 roll .forceput
+- } {
++ } executeonly
++ {
+ pdfdict /PDFSTEPcount 1 .forceput
+- } ifelse % token
++ } executeonly ifelse % token
+ } {
+ pop /PDFSTEP //false def % EOF on stdin
+ } ifelse % readline
+ } ifelse % PDFSTEPcount > 1
+- } {
++ } executeonly
++ {
+ dup ==only () = flush
+ } ifelse % PDFSTEP
+ } if % PDFDEBUG
+diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps
+index 6b0ba93..40c6ac8 100644
+--- a/Resource/Init/pdf_draw.ps
++++ b/Resource/Init/pdf_draw.ps
+@@ -1118,14 +1118,14 @@ currentdict end readonly def
+ pdfdict /.Qqwarning_issued //true .forceput
+ .setglobal
+ pdfformaterror
+- } ifelse
++ } executeonly ifelse
+ }
+ {
+ currentglobal pdfdict gcheck .setglobal
+ pdfdict /.Qqwarning_issued //true .forceput
+ .setglobal
+ pdfformaterror
+- } ifelse
++ } executeonly ifelse
+ end
+ } ifelse
+ } loop
+@@ -1141,14 +1141,14 @@ currentdict end readonly def
+ pdfdict /.Qqwarning_issued //true .forceput
+ .setglobal
+ pdfformaterror
+- } ifelse
++ } executeonly ifelse
+ }
+ {
+ currentglobal pdfdict gcheck .setglobal
+ pdfdict /.Qqwarning_issued //true .forceput
+ .setglobal
+ pdfformaterror
+- } ifelse
++ } executeonly ifelse
+ } if
+ pop
+
+@@ -2350,9 +2350,10 @@ currentdict /last-ditch-bpc-csp undef
+ /IncrementAppearanceNumber {
+ pdfdict /AppearanceNumber .knownget {
+ 1 add pdfdict /AppearanceNumber 3 -1 roll .forceput
+- }{
++ } executeonly
++ {
+ pdfdict /AppearanceNumber 0 .forceput
+- } ifelse
++ } executeonly ifelse
+ }bind executeonly odef
+
+ /MakeAppearanceName {
+@@ -2510,7 +2511,8 @@ currentdict /last-ditch-bpc-csp undef
+ %% want to preserve it.
+ pdfdict /.PreservePDFForm false .forceput
+ /q cvx /execform cvx 5 -2 roll
+- }{
++ } executeonly
++ {
+ /q cvx /PDFexecform cvx 5 -2 roll
+ } ifelse
+
+diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps
+index bea9ea9..4cd62b9 100644
+--- a/Resource/Init/pdf_font.ps
++++ b/Resource/Init/pdf_font.ps
+@@ -714,7 +714,7 @@ currentdict end readonly def
+ pop pop pop
+ currentdict /.stackdepth .forceundef
+ currentdict /.dstackdepth .forceundef
+- }
++ } executeonly
+ {pop pop pop}
+ ifelse
+
+@@ -1232,7 +1232,7 @@ currentdict /eexec_pdf_param_dict .undef
+ (\n **** Warning: Type 3 glyph has unbalanced q/Q operators \(too many q's\)\n Output may be incorrect.\n)
+ pdfformatwarning
+ pdfdict /.Qqwarning_issued //true .forceput
+- } if
++ } executeonly if
+ Q
+ } repeat
+ Q
+@@ -2016,7 +2016,7 @@ currentdict /CMap_read_dict undef
+ /CIDFallBack /CIDFont findresource
+ } if
+ exit
+- } if
++ } executeonly if
+ } if
+ } if
+
+diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps
+index 00da47a..37e69b3 100644
+--- a/Resource/Init/pdf_main.ps
++++ b/Resource/Init/pdf_main.ps
+@@ -2701,14 +2701,14 @@ currentdict /PDF2PS_matrix_key undef
+ pdfdict /.Qqwarning_issued //true .forceput
+ .setglobal
+ pdfformaterror
+- } ifelse
++ } executeonly ifelse
+ }
+ {
+ currentglobal pdfdict gcheck .setglobal
+ pdfdict /.Qqwarning_issued //true .forceput
+ .setglobal
+ pdfformaterror
+- } ifelse
++ } executeonly ifelse
+ } if
+ } if
+ pop
+diff --git a/Resource/Init/pdf_ops.ps b/Resource/Init/pdf_ops.ps
+index 8672d61..aa09641 100644
+--- a/Resource/Init/pdf_ops.ps
++++ b/Resource/Init/pdf_ops.ps
+@@ -184,14 +184,14 @@ currentdict /gput_always_allow .undef
+ pdfdict /.Qqwarning_issued //true .forceput
+ .setglobal
+ pdfformaterror
+- } ifelse
++ } executeonly ifelse
+ }
+ {
+ currentglobal pdfdict gcheck .setglobal
+ pdfdict /.Qqwarning_issued //true .forceput
+ .setglobal
+ pdfformaterror
+- } ifelse
++ } executeonly ifelse
+ } if
+ } bind executeonly odef
+
+@@ -439,7 +439,8 @@ currentdict /gput_always_allow .undef
+ dup type /booleantype eq {
+ .currentSMask type /dicttype eq {
+ .currentSMask /Processed 2 index .forceput
+- } {
++ } executeonly
++ {
+ .setSMask
+ }ifelse
+ }{
+--
+2.20.1
+
+
+From 99f13091a3f309bdc95d275ea9fec10bb9f42d9a Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Sat, 15 Dec 2018 09:08:32 +0000
+Subject: [PATCH 3/4] Bug700317: Fix logic for an older change
+
+Unlike almost every other function in gs, dict_find_string() returns 1 on
+success 0 or <0 on failure. The logic for this case was wrong.
+---
+ psi/interp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/psi/interp.c b/psi/interp.c
+index aa5779c..f6c45bb 100644
+--- a/psi/interp.c
++++ b/psi/interp.c
+@@ -703,7 +703,7 @@ again:
+ * i.e. it's an internal operator we have hidden
+ */
+ code = dict_find_string(systemdict, (const char *)bufptr, &tobj);
+- if (code < 0) {
++ if (code <= 0) {
+ buf[0] = buf[1] = buf[rlen + 2] = buf[rlen + 3] = '-';
+ rlen += 4;
+ bufptr = buf;
+--
+2.20.1
+
+
+From 59d8f4deef90c1598ff50616519d5576756b4495 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Tue, 18 Dec 2018 10:42:10 +0000
+Subject: [PATCH 4/4] Harden some uses of .force* operators
+
+by adding a few immediate evalutions
+---
+ Resource/Init/gs_dps1.ps | 4 ++--
+ Resource/Init/gs_fonts.ps | 20 ++++++++++----------
+ Resource/Init/gs_init.ps | 6 +++---
+ 3 files changed, 15 insertions(+), 15 deletions(-)
+
+diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
+index 4fae283..b75ea14 100644
+--- a/Resource/Init/gs_dps1.ps
++++ b/Resource/Init/gs_dps1.ps
+@@ -74,7 +74,7 @@ level2dict begin
+ } odef
+ % undefinefont has to take local/global VM into account.
+ /undefinefont % <fontname> undefinefont -
+- { .FontDirectory 1 .argindex .forceundef % FontDirectory is readonly
++ { //.FontDirectory 1 .argindex .forceundef % FontDirectory is readonly
+ .currentglobal
+ { % Current mode is global; delete from local directory too.
+ //systemdict /LocalFontDirectory .knownget
+@@ -85,7 +85,7 @@ level2dict begin
+ % definition, copy it into the local directory.
+ //systemdict /SharedFontDirectory .knownget
+ { 1 index .knownget
+- { .FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly
++ { //.FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly
+ if
+ }
+ if
+diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
+index 290da0c..c13a2fc 100644
+--- a/Resource/Init/gs_fonts.ps
++++ b/Resource/Init/gs_fonts.ps
+@@ -516,7 +516,7 @@ buildfontdict 3 /.buildfont3 cvx put
+ if
+ }
+ if
+- dup .FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
++ dup //.FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
+ % If the font originated as a resource, register it.
+ currentfile .currentresourcefile eq { dup .registerfont } if
+ readonly
+@@ -943,7 +943,7 @@ $error /SubstituteFont { } put
+ % Try to find a font using only the present contents of Fontmap.
+ /.tryfindfont { % <fontname> .tryfindfont <font> true
+ % <fontname> .tryfindfont false
+- .FontDirectory 1 index .fontknownget
++ //.FontDirectory 1 index .fontknownget
+ { % Already loaded
+ exch pop //true
+ }
+@@ -975,7 +975,7 @@ $error /SubstituteFont { } put
+ { % Font with a procedural definition
+ exec % The procedure will load the font.
+ % Check to make sure this really happened.
+- .FontDirectory 1 index .knownget
++ //.FontDirectory 1 index .knownget
+ { exch pop //true exit }
+ if
+ }
+@@ -1081,11 +1081,11 @@ $error /SubstituteFont { } put
+ % because it's different depending on language level.
+ .currentglobal exch /.setglobal .systemvar exec
+ % Remove the fake definition, if any.
+- .FontDirectory 3 index .forceundef % readonly
+- 1 index (r) file .loadfont .FontDirectory exch
++ //.FontDirectory 3 index .forceundef % readonly
++ 1 index (r) file .loadfont //.FontDirectory exch
+ /.setglobal .systemvar exec
+ } executeonly
+- { .loadfont .FontDirectory
++ { .loadfont //.FontDirectory
+ }
+ ifelse
+ % Stack: fontname fontfilename fontdirectory
+@@ -1119,8 +1119,8 @@ $error /SubstituteFont { } put
+ % Stack: origfontname fontdirectory filefontname fontdict
+ 3 -1 roll pop
+ % Stack: origfontname filefontname fontdict
+- dup /FontName get dup FontDirectory exch .forceundef
+- GlobalFontDirectory exch .forceundef
++ dup /FontName get dup //.FontDirectory exch .forceundef
++ /GlobalFontDirectory .systemvar exch .forceundef
+ dup length dict .copydict dup 3 index /FontName exch put
+ 2 index exch definefont
+ exch
+@@ -1176,10 +1176,10 @@ currentdict /.putgstringcopy .undef
+ {
+ {
+ pop dup type /stringtype eq { cvn } if
+- .FontDirectory 1 index known not {
++ //.FontDirectory 1 index known not {
+ 2 dict dup /FontName 3 index put
+ dup /FontType 1 put
+- .FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
++ //.FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
+ } {
+ pop
+ } ifelse
+diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
+index 56c0bd2..d9a0829 100644
+--- a/Resource/Init/gs_init.ps
++++ b/Resource/Init/gs_init.ps
+@@ -1168,8 +1168,8 @@ errordict /unknownerror .undef
+ }ifelse
+ }forall
+ noaccess pop
+- systemdict /.setsafeerrors .forceundef
+- systemdict /.SAFERERRORLIST .forceundef
++ //systemdict /.setsafeerrors .forceundef
++ //systemdict /.SAFERERRORLIST .forceundef
+ } bind executeonly odef
+
+ SAFERERRORS {.setsafererrors} if
+@@ -2114,7 +2114,7 @@ currentdict /tempfilepaths undef
+
+ /.locksafe {
+ .locksafe_userparams
+- systemdict /getenv {pop //false} .forceput
++ //systemdict /getenv {pop //false} .forceput
+ % setpagedevice has the side effect of clearing the page, but
+ % we will just document that. Using setpagedevice keeps the device
+ % properties and pagedevice .LockSafetyParams in agreement even
+--
+2.20.1
+
diff --git a/source/ap/ghostscript/ghostscript-subclassing-devices-fix-put_image-method.patch b/source/ap/ghostscript/ghostscript-subclassing-devices-fix-put_image-method.patch
new file mode 100644
index 000000000..fadb948d5
--- /dev/null
+++ b/source/ap/ghostscript/ghostscript-subclassing-devices-fix-put_image-method.patch
@@ -0,0 +1,28 @@
+From fae21f1668d2b44b18b84cf0923a1d5f3008a696 Mon Sep 17 00:00:00 2001
+From: Ken Sharp <ken.sharp@artifex.com>
+Date: Tue, 4 Dec 2018 21:31:31 +0000
+Subject: subclassing devices - fix put_image method
+
+The subclassing devices need to change the 'memory device' parameter to
+be the child device, when its the same as the subclassing device.
+
+Otherwise we end up trying to access the child device's memory pointers
+in the subclassing device, which may not contain valid copies of
+those pointers.
+
+diff --git a/base/gdevsclass.c b/base/gdevsclass.c
+index d9c85d2e4..51092585a 100644
+--- a/base/gdevsclass.c
++++ b/base/gdevsclass.c
+@@ -797,7 +797,10 @@ int default_subclass_put_image(gx_device *dev, gx_device *mdev, const byte **buf
+ int alpha_plane_index, int tag_plane_index)
+ {
+ if (dev->child)
+- return dev_proc(dev->child, put_image)(dev->child, mdev, buffers, num_chan, x, y, width, height, row_stride, alpha_plane_index, tag_plane_index);
++ if (dev == mdev)
++ return dev_proc(dev->child, put_image)(dev->child, dev->child, buffers, num_chan, x, y, width, height, row_stride, alpha_plane_index, tag_plane_index);
++ else
++ return dev_proc(dev->child, put_image)(dev->child, mdev, buffers, num_chan, x, y, width, height, row_stride, alpha_plane_index, tag_plane_index);
+
+ return 0;
+ }
diff --git a/source/ap/ghostscript/ghostscript.SlackBuild b/source/ap/ghostscript/ghostscript.SlackBuild
index cad33b149..2d15f220d 100755
--- a/source/ap/ghostscript/ghostscript.SlackBuild
+++ b/source/ap/ghostscript/ghostscript.SlackBuild
@@ -27,7 +27,7 @@ if [ -r gnu-ghostscript-*.tar.?z ]; then
SRCPREFIX="gnu-"
fi
VERSION=${VERSION:-$(echo $SRCPREFIX$PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@@ -76,6 +76,12 @@ cd ${SRCPREFIX}${PKGNAM}-$VERSION || exit 1
# Remove unmaintained garbage:
rm -rf freetype jpeg lcms2 libpng libtiff png tiff zlib
+# Security and bugfix patches:
+zcat $CWD/ghostscript-cve-2019-6116.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/ghostscript-subclassing-devices-fix-put_image-method.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/ghostscript-cve-2019-3835.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/ghostscript-cve-2019-3838.patch.gz | patch -p1 --verbose || exit 1
+
# Regenerate ./configure. Needed if patched, or to prevent libtool mismatch.
autoreconf --force --install
( cd jbig2dec ; autoreconf --force --install )
diff --git a/source/l/python-pillow/python-pillow.SlackBuild b/source/l/python-pillow/python-pillow.SlackBuild
index c45c3fc9f..76e5743b8 100755
--- a/source/l/python-pillow/python-pillow.SlackBuild
+++ b/source/l/python-pillow/python-pillow.SlackBuild
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=python-pillow
VERSION=${VERSION:-$(echo Pillow-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/n/wget/wget.SlackBuild b/source/n/wget/wget.SlackBuild
index bcf4a3f60..ddbbd1c44 100755
--- a/source/n/wget/wget.SlackBuild
+++ b/source/n/wget/wget.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=wget
VERSION=${VERSION:-$(echo wget-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-1}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}