On Mon, May 29, 2017 at 08:38:58PM +0200, Ricardo Wurmus wrote: > > Leo Famulari <l...@famulari.name> writes: > > > Here are patches that allow you build groff, cairo, and cups with the > > Artifex Ghostscript. > > Woo!
I'm not sure what I was thinking... I forgot to actually make groff,
cairo, and cups use this artifex-ghostscript :p
Testing now...
> > + (patches (search-patches "artifex-ghostscript-runpath.patch"
> > + ;; TODO:
> > + ;;"ghostscript-CVE-2017-8291.patch"
> > + ))
>
> What’s up with this? Is the latest release of Artifex Ghostscript
> vulnerable?
Yes, it's vulnerable. I saw this fixed in the Arch Linux package, but I
didn't check yet if there are other important bugs to fix in Ghostscript
9.21.
> Couldn’t we just add “#:make-flags '("so")” and avoid replacing the
> build phase?
I'll try this.
signature.asc
Description: PGP signature
