--- /dev/null
+From 5b85ddd19a8420a1bd2d5529325be35d78e94234 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Fri, 2 Aug 2019 15:18:26 +0100
+Subject: [PATCH] Bug 701394: protect use of .forceput with executeonly
+
+Upstream-Status: Backport [http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19]
+CVE: CVE-2019-10216
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+
+---
+ Resource/Init/gs_type1.ps | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps
+index 6c7735bc0..a039ccee3 100644
+--- a/Resource/Init/gs_type1.ps
++++ b/Resource/Init/gs_type1.ps
+@@ -118,25 +118,25 @@
+ ( to be the same as glyph: ) print 1 index //== exec } if
+ 3 index exch 3 index .forceput
+ % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
+- }
++ }executeonly
+ {pop} ifelse
+- } forall
++ } executeonly forall
+ pop pop
+- }
++ } executeonly
+ {
+ pop pop pop
+ } ifelse
+- }
++ } executeonly
+ {
+ % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname
+ pop pop
+ } ifelse
+- } forall
++ } executeonly forall
+ 3 1 roll pop pop
+- } if
++ } executeonly if
+ pop
+ dup /.AGLprocessed~GS //true .forceput
+- } if
++ } executeonly if
+
+ %% We need to excute the C .buildfont1 in a stopped context so that, if there
+ %% are errors we can put the stack back sanely and exit. Otherwise callers won't
+--
+2.17.1
+
