File _service:tar_scm:fix-cve-2023-52722.patch of Package ghostscript

From afd7188f74918cb51b5fb89f52b54eb16e8acfd1 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: 2023-09-12 10:46:10 +0100
Subject: [PATCH] In SAFER (default) don't allow eexec seeds other than the Type 1 standard
 Type 1 standard

---
 psi/zmisc1.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/psi/zmisc1.c b/psi/zmisc1.c
index 3c47e99..81556ac 100644
--- a/psi/zmisc1.c
+++ b/psi/zmisc1.c
@@ -93,6 +93,9 @@ zexE(i_ctx_t *i_ctx_p)
 
     if (code < 0)
         return code;
+    if (gs_is_path_control_active(imemory) != 0 && state.cstate != 55665) {
+        return_error(gs_error_rangecheck);
+    }
     return filter_write(i_ctx_p, code, &s_exE_template, (stream_state *)&state, 0);
 }
 
@@ -130,6 +133,11 @@ zexD(i_ctx_t *i_ctx_p)
     }
     if (code < 0)
         return code;
+
+    if (gs_is_path_control_active(imemory) != 0 && state.cstate != 55665) {
+        return_error(gs_error_rangecheck);
+    }
+
     /*
      * If we're reading a .PFB file, let the filter know about it,
      * so it can read recklessly to the end of the binary section.
-- 
2.43.0