On Mon, May 29, 2017 at 08:38:58PM +0200, Ricardo Wurmus wrote:
> 
> Leo Famulari <leo@famulari.name> writes:
> 
> > Here are patches that allow you build groff, cairo, and cups with the
> > Artifex Ghostscript.
> 
> Woo!

I'm not sure what I was thinking... I forgot to actually make groff,
cairo, and cups use this artifex-ghostscript :p

Testing now...

> > +        (patches (search-patches "artifex-ghostscript-runpath.patch"
> > +                                 ;; TODO:
> > +                                 ;;"ghostscript-CVE-2017-8291.patch"
> > +                                 ))
> 
> What’s up with this?  Is the latest release of Artifex Ghostscript
> vulnerable?

Yes, it's vulnerable. I saw this fixed in the Arch Linux package, but I
didn't check yet if there are other important bugs to fix in Ghostscript
9.21.

> Couldn’t we just add “#:make-flags '("so")” and avoid replacing the
> build phase?

I'll try this.