summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-08-01 23:30:52 +0200
committerLudovic Courtès <ludo@gnu.org>2016-08-01 23:30:52 +0200
commit455859a50f88f625d13fc2f304111f02369b366b (patch)
tree285d8aa9253f033fa8d64e6b5f9f8d856aae04d2 /gnu/packages/patches
parent742effef5629667b274087adc70b06abab86b252 (diff)
downloadguix-455859a50f88f625d13fc2f304111f02369b366b.tar.gz
Merge branch 'core-updates'
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/automake-test-gzip-warning.patch17
-rw-r--r--gnu/packages/patches/dealii-p4est-interface.patch62
-rw-r--r--gnu/packages/patches/dico-idxgcide-bug.patch21
-rw-r--r--gnu/packages/patches/expat-CVE-2015-1283-refix.patch27
-rw-r--r--gnu/packages/patches/expat-CVE-2015-1283.patch89
-rw-r--r--gnu/packages/patches/glibc-CVE-2015-7547.patch559
-rw-r--r--gnu/packages/patches/glibc-hurd-extern-inline.patch35
-rw-r--r--gnu/packages/patches/glibc-locale-incompatibility.patch23
-rw-r--r--gnu/packages/patches/glibc-locales.patch6
-rw-r--r--gnu/packages/patches/libarchive-CVE-2013-0211.patch21
-rw-r--r--gnu/packages/patches/libarchive-CVE-2016-1541.patch67
-rw-r--r--gnu/packages/patches/libarchive-bsdtar-test.patch74
-rw-r--r--gnu/packages/patches/libarchive-fix-lzo-test-case.patch83
-rw-r--r--gnu/packages/patches/libarchive-mtree-filename-length-fix.patch18
-rw-r--r--gnu/packages/patches/libpthread-glibc-preparation.patch146
-rw-r--r--gnu/packages/patches/libxslt-CVE-2015-7995.patch29
-rw-r--r--gnu/packages/patches/libxslt-generated-ids.patch173
-rw-r--r--gnu/packages/patches/mit-krb5-CVE-2015-8629.patch51
-rw-r--r--gnu/packages/patches/mit-krb5-CVE-2015-8630.patch81
-rw-r--r--gnu/packages/patches/mit-krb5-CVE-2015-8631.patch576
-rw-r--r--gnu/packages/patches/mit-krb5-init-context-null-spnego.patch49
-rw-r--r--gnu/packages/patches/procps-non-linux.patch40
-rw-r--r--gnu/packages/patches/rapicorn-isnan.patch87
-rw-r--r--gnu/packages/patches/tar-d_ino_in_dirent-fix.patch33
24 files changed, 353 insertions, 2014 deletions
diff --git a/gnu/packages/patches/automake-test-gzip-warning.patch b/gnu/packages/patches/automake-test-gzip-warning.patch
new file mode 100644
index 0000000000..bcc9c207ae
--- /dev/null
+++ b/gnu/packages/patches/automake-test-gzip-warning.patch
@@ -0,0 +1,17 @@
+Adjust test to ignore gzip 1.8+ warnings.
+
+--- automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh	2016-06-14 00:36:26.554218552 +0200
++++ automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh	2016-06-14 00:37:52.903157770 +0200
+@@ -49,7 +49,11 @@ grep "cannot find sources.* in foobar" s
+ 
+ ./configure
+ run_make -E -O distcheck
+-test ! -s stderr
++
++# Gzip 1.8+ emits warnings like "gzip: warning: GZIP environment
++# variable is deprecated"; filter them out.
++test `grep -v '^gzip: warning' stderr | wc -l` -eq 0
++
+ # Sanity check: the flags have been actually seen.
+ $PERL -e 'undef $/; $_ = <>; s/ \\\n/ /g; print;' <stdout >t
+ grep '/configure .* --srcdir am-src'   t || exit 99
diff --git a/gnu/packages/patches/dealii-p4est-interface.patch b/gnu/packages/patches/dealii-p4est-interface.patch
deleted file mode 100644
index 4c4125d16c..0000000000
--- a/gnu/packages/patches/dealii-p4est-interface.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From upstream commit f764598c.
-
-The p4est_connectivity_load function used to take an unsigned long as argument,
-but this has been changed to size_t in p4est 1.0. This makes no difference on
-64 bit systems, but leads to compiler errors on 32 bit systems. Fix this.
-
---- a/source/distributed/tria.cc
-+++ b/source/distributed/tria.cc
-@@ -204,7 +204,11 @@ namespace internal
-       static
-       int (&connectivity_is_valid) (types<2>::connectivity *connectivity);
- 
--#if DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
-+#if DEAL_II_P4EST_VERSION_GTE(1,0,0,0)
-+      static
-+      types<2>::connectivity *(&connectivity_load) (const char *filename,
-+                                                    size_t *length);
-+#elif DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
-       static
-       types<2>::connectivity *(&connectivity_load) (const char *filename,
-                                                     long unsigned *length);
-@@ -384,7 +388,12 @@ namespace internal
-                                                 *connectivity)
-       = p4est_connectivity_is_valid;
- 
--#if DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
-+#if DEAL_II_P4EST_VERSION_GTE(1,0,0,0)
-+    types<2>::connectivity *
-+    (&functions<2>::connectivity_load) (const char *filename,
-+                                        size_t *length)
-+      = p4est_connectivity_load;
-+#elif DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
-     types<2>::connectivity *
-     (&functions<2>::connectivity_load) (const char *filename,
-                                         long unsigned *length)
-@@ -564,7 +573,11 @@ namespace internal
-       static
-       int (&connectivity_is_valid) (types<3>::connectivity *connectivity);
- 
--#if DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
-+#if DEAL_II_P4EST_VERSION_GTE(1,0,0,0)
-+      static
-+      types<3>::connectivity *(&connectivity_load) (const char *filename,
-+                                                    size_t *length);
-+#elif DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
-       static
-       types<3>::connectivity *(&connectivity_load) (const char *filename,
-                                                     long unsigned *length);
-@@ -747,7 +760,12 @@ namespace internal
-                                                 *connectivity)
-       = p8est_connectivity_is_valid;
- 
--#if DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
-+#if DEAL_II_P4EST_VERSION_GTE(1,0,0,0)
-+    types<3>::connectivity *
-+    (&functions<3>::connectivity_load) (const char *filename,
-+                                        size_t *length)
-+      = p8est_connectivity_load;
-+#elif DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
-     types<3>::connectivity *
-     (&functions<3>::connectivity_load) (const char *filename,
-                                         long unsigned *length)
diff --git a/gnu/packages/patches/dico-idxgcide-bug.patch b/gnu/packages/patches/dico-idxgcide-bug.patch
new file mode 100644
index 0000000000..28cc8a6a08
--- /dev/null
+++ b/gnu/packages/patches/dico-idxgcide-bug.patch
@@ -0,0 +1,21 @@
+Reported at <http://mail.gnu.org.ua/archives/bug-dico/2016-07/msg00000.html>.
+Patch the .c file to avoid depending on Flex.
+
+commit 4599abbda3b5979367138ea098e435c919fe93fc
+Author: Sergey Poznyakoff <gray@gnu.org>
+Date:   Thu Jul 28 14:09:58 2016 +0300
+
+    Bugfix
+    
+    * modules/gcide/idxgcide.l (main): Initialize ipg_header.
+
+--- dico-2.2/modules/gcide/idxgcide.c	2016-07-28 14:15:07.823587004 +0200
++++ dico-2.2/modules/gcide/idxgcide.c	2016-07-28 14:15:09.435600549 +0200
+@@ -2497,6 +2497,7 @@ main(int argc, char **argv)
+ 	dico_log(L_ERR, 0, _("not enough memory"));
+ 	exit(EX_UNAVAILABLE);
+     }
++    idx_page->ipg_header.hdr.phdr_numentries = 0;
+     idx_page->ipg_header.hdr.phdr_text_offset = idx_header.ihdr_pagesize / 2;
+ 
+     idx_header.ihdr_maxpageref = idx_header.ihdr_pagesize / 2 /
diff --git a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch b/gnu/packages/patches/expat-CVE-2015-1283-refix.patch
index af5e3bcc3e..fc8d6291f5 100644
--- a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch
+++ b/gnu/packages/patches/expat-CVE-2015-1283-refix.patch
@@ -1,42 +1,39 @@
-Update previous fix for CVE-2015-1283 to not rely on undefined behavior.
+Follow-up upstream fix for CVE-2015-1283 to not rely on undefined
+behavior.
 
-Copied from Debian, as found in Debian package version 2.1.0-6+deb8u2.
+Adapted from a patch from Debian (found in Debian package version
+2.1.0-6+deb8u2) to apply to upstream code:
 
 https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u2/debian/patches/CVE-2015-1283-refix.patch/
 
-From 29a11774d8ebbafe8418b4a5ffb4cc1160b194a1 Mon Sep 17 00:00:00 2001
-From: Pascal Cuoq <cuoq@trust-in-soft.com>
-Date: Sun, 15 May 2016 09:05:46 +0200
-Subject: [PATCH] Avoid relying on undefined behavior in CVE-2015-1283 fix.
-
 ---
- expat/lib/xmlparse.c | 6 ++++--
+ lib/xmlparse.c | 6 ++++--
  1 file changed, 4 insertions(+), 2 deletions(-)
 
 diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 13e080d..cdb12ef 100644
+index 0f6f4cd..5c70c17 100644
 --- a/lib/xmlparse.c
 +++ b/lib/xmlparse.c
-@@ -1695,7 +1695,8 @@ XML_GetBuffer(XML_Parser parser, int len
+@@ -1727,7 +1727,8 @@ XML_GetBuffer(XML_Parser parser, int len)
    }
  
    if (len > bufferLim - bufferEnd) {
 -    int neededSize = len + (int)(bufferEnd - bufferPtr);
 +    /* Do not invoke signed arithmetic overflow: */
 +    int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr));
- /* BEGIN MOZILLA CHANGE (sanity check neededSize) */
      if (neededSize < 0) {
        errorCode = XML_ERROR_NO_MEMORY;
-@@ -1729,7 +1730,8 @@ XML_GetBuffer(XML_Parser parser, int len
+       return NULL;
+@@ -1759,7 +1760,8 @@ XML_GetBuffer(XML_Parser parser, int len)
        if (bufferSize == 0)
          bufferSize = INIT_BUFFER_SIZE;
        do {
 -        bufferSize *= 2;
 +        /* Do not invoke signed arithmetic overflow: */
 +        bufferSize = (int) (2U * (unsigned) bufferSize);
- /* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */
        } while (bufferSize < neededSize && bufferSize > 0);
- /* END MOZILLA CHANGE */
+       if (bufferSize <= 0) {
+         errorCode = XML_ERROR_NO_MEMORY;
 -- 
-2.8.2
+2.8.3
 
diff --git a/gnu/packages/patches/expat-CVE-2015-1283.patch b/gnu/packages/patches/expat-CVE-2015-1283.patch
deleted file mode 100644
index f9065bea16..0000000000
--- a/gnu/packages/patches/expat-CVE-2015-1283.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-Copied from Debian.
-
-Description: fix multiple integer overflows in the XML_GetBuffer function
- Multiple integer overflows in the XML_GetBuffer function in Expat through
- 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products,
- allow remote attackers to cause a denial of service (heap-based buffer
- overflow) or possibly have unspecified other impact via crafted XML data,
- a related issue to CVE-2015-2716.
-Origin: Mozilla, https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c
-Author: Eric Rahm <erahm@mozilla.com>
-Forwarded: not-needed
-Last-Update: 2015-07-24
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -1673,29 +1673,40 @@ XML_ParseBuffer(XML_Parser parser, int l
-   XmlUpdatePosition(encoding, positionPtr, bufferPtr, &position);
-   positionPtr = bufferPtr;
-   return result;
- }
- 
- void * XMLCALL
- XML_GetBuffer(XML_Parser parser, int len)
- {
-+/* BEGIN MOZILLA CHANGE (sanity check len) */
-+  if (len < 0) {
-+    errorCode = XML_ERROR_NO_MEMORY;
-+    return NULL;
-+  }
-+/* END MOZILLA CHANGE */
-   switch (ps_parsing) {
-   case XML_SUSPENDED:
-     errorCode = XML_ERROR_SUSPENDED;
-     return NULL;
-   case XML_FINISHED:
-     errorCode = XML_ERROR_FINISHED;
-     return NULL;
-   default: ;
-   }
- 
-   if (len > bufferLim - bufferEnd) {
--    /* FIXME avoid integer overflow */
-     int neededSize = len + (int)(bufferEnd - bufferPtr);
-+/* BEGIN MOZILLA CHANGE (sanity check neededSize) */
-+    if (neededSize < 0) {
-+      errorCode = XML_ERROR_NO_MEMORY;
-+      return NULL;
-+    }
-+/* END MOZILLA CHANGE */
- #ifdef XML_CONTEXT_BYTES
-     int keep = (int)(bufferPtr - buffer);
- 
-     if (keep > XML_CONTEXT_BYTES)
-       keep = XML_CONTEXT_BYTES;
-     neededSize += keep;
- #endif  /* defined XML_CONTEXT_BYTES */
-     if (neededSize  <= bufferLim - buffer) {
-@@ -1714,17 +1725,25 @@ XML_GetBuffer(XML_Parser parser, int len
-     }
-     else {
-       char *newBuf;
-       int bufferSize = (int)(bufferLim - bufferPtr);
-       if (bufferSize == 0)
-         bufferSize = INIT_BUFFER_SIZE;
-       do {
-         bufferSize *= 2;
--      } while (bufferSize < neededSize);
-+/* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */
-+      } while (bufferSize < neededSize && bufferSize > 0);
-+/* END MOZILLA CHANGE */
-+/* BEGIN MOZILLA CHANGE (sanity check bufferSize) */
-+      if (bufferSize <= 0) {
-+        errorCode = XML_ERROR_NO_MEMORY;
-+        return NULL;
-+      }
-+/* END MOZILLA CHANGE */
-       newBuf = (char *)MALLOC(bufferSize);
-       if (newBuf == 0) {
-         errorCode = XML_ERROR_NO_MEMORY;
-         return NULL;
-       }
-       bufferLim = newBuf + bufferSize;
- #ifdef XML_CONTEXT_BYTES
-       if (bufferPtr) {
-
-
-
-
diff --git a/gnu/packages/patches/glibc-CVE-2015-7547.patch b/gnu/packages/patches/glibc-CVE-2015-7547.patch
deleted file mode 100644
index 9a0909af74..0000000000
--- a/gnu/packages/patches/glibc-CVE-2015-7547.patch
+++ /dev/null
@@ -1,559 +0,0 @@
-Copied from Fedora:
-http://pkgs.fedoraproject.org/cgit/rpms/glibc.git/tree/glibc-CVE-2015-7547.patch?h=f23&id=9f1734eb6ce3257b788d6e9203572e8204c6c584
-
-Adapted to apply cleanly to glibc-2.22.
-
-Index: b/resolv/nss_dns/dns-host.c
-===================================================================
---- a/resolv/nss_dns/dns-host.c
-+++ b/resolv/nss_dns/dns-host.c
-@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *an
-   int h_namelen = 0;
- 
-   if (ancount == 0)
--    return NSS_STATUS_NOTFOUND;
-+    {
-+      *h_errnop = HOST_NOT_FOUND;
-+      return NSS_STATUS_NOTFOUND;
-+    }
- 
-   while (ancount-- > 0 && cp < end_of_message && had_error == 0)
-     {
-@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *an
-   /* Special case here: if the resolver sent a result but it only
-      contains a CNAME while we are looking for a T_A or T_AAAA record,
-      we fail with NOTFOUND instead of TRYAGAIN.  */
--  return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND;
-+  if (canon != NULL)
-+    {
-+      *h_errnop = HOST_NOT_FOUND;
-+      return NSS_STATUS_NOTFOUND;
-+    }
-+
-+  *h_errnop = NETDB_INTERNAL;
-+  return NSS_STATUS_TRYAGAIN;
- }
- 
- 
-@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1,
- 
-   enum nss_status status = NSS_STATUS_NOTFOUND;
- 
-+  /* Combining the NSS status of two distinct queries requires some
-+     compromise and attention to symmetry (A or AAAA queries can be
-+     returned in any order).  What follows is a breakdown of how this
-+     code is expected to work and why. We discuss only SUCCESS,
-+     TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns
-+     that apply (though RETURN and MERGE exist).  We make a distinction
-+     between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable).
-+     A recoverable TRYAGAIN is almost always due to buffer size issues
-+     and returns ERANGE in errno and the caller is expected to retry
-+     with a larger buffer.
-+
-+     Lastly, you may be tempted to make significant changes to the
-+     conditions in this code to bring about symmetry between responses.
-+     Please don't change anything without due consideration for
-+     expected application behaviour.  Some of the synthesized responses
-+     aren't very well thought out and sometimes appear to imply that
-+     IPv4 responses are always answer 1, and IPv6 responses are always
-+     answer 2, but that's not true (see the implemetnation of send_dg
-+     and send_vc to see response can arrive in any order, particlarly
-+     for UDP). However, we expect it holds roughly enough of the time
-+     that this code works, but certainly needs to be fixed to make this
-+     a more robust implementation.
-+
-+     ----------------------------------------------
-+     | Answer 1 Status /   | Synthesized | Reason |
-+     | Answer 2 Status     | Status      |        |
-+     |--------------------------------------------|
-+     | SUCCESS/SUCCESS     | SUCCESS     | [1]    |
-+     | SUCCESS/TRYAGAIN    | TRYAGAIN    | [5]    |
-+     | SUCCESS/TRYAGAIN'   | SUCCESS     | [1]    |
-+     | SUCCESS/NOTFOUND    | SUCCESS     | [1]    |
-+     | SUCCESS/UNAVAIL     | SUCCESS     | [1]    |
-+     | TRYAGAIN/SUCCESS    | TRYAGAIN    | [2]    |
-+     | TRYAGAIN/TRYAGAIN   | TRYAGAIN    | [2]    |
-+     | TRYAGAIN/TRYAGAIN'  | TRYAGAIN    | [2]    |
-+     | TRYAGAIN/NOTFOUND   | TRYAGAIN    | [2]    |
-+     | TRYAGAIN/UNAVAIL    | TRYAGAIN    | [2]    |
-+     | TRYAGAIN'/SUCCESS   | SUCCESS     | [3]    |
-+     | TRYAGAIN'/TRYAGAIN  | TRYAGAIN    | [3]    |
-+     | TRYAGAIN'/TRYAGAIN' | TRYAGAIN'   | [3]    |
-+     | TRYAGAIN'/NOTFOUND  | TRYAGAIN'   | [3]    |
-+     | TRYAGAIN'/UNAVAIL   | UNAVAIL     | [3]    |
-+     | NOTFOUND/SUCCESS    | SUCCESS     | [3]    |
-+     | NOTFOUND/TRYAGAIN   | TRYAGAIN    | [3]    |
-+     | NOTFOUND/TRYAGAIN'  | TRYAGAIN'   | [3]    |
-+     | NOTFOUND/NOTFOUND   | NOTFOUND    | [3]    |
-+     | NOTFOUND/UNAVAIL    | UNAVAIL     | [3]    |
-+     | UNAVAIL/SUCCESS     | UNAVAIL     | [4]    |
-+     | UNAVAIL/TRYAGAIN    | UNAVAIL     | [4]    |
-+     | UNAVAIL/TRYAGAIN'   | UNAVAIL     | [4]    |
-+     | UNAVAIL/NOTFOUND    | UNAVAIL     | [4]    |
-+     | UNAVAIL/UNAVAIL     | UNAVAIL     | [4]    |
-+     ----------------------------------------------
-+
-+     [1] If the first response is a success we return success.
-+         This ignores the state of the second answer and in fact
-+         incorrectly sets errno and h_errno to that of the second
-+	 answer.  However because the response is a success we ignore
-+	 *errnop and *h_errnop (though that means you touched errno on
-+         success).  We are being conservative here and returning the
-+         likely IPv4 response in the first answer as a success.
-+
-+     [2] If the first response is a recoverable TRYAGAIN we return
-+	 that instead of looking at the second response.  The
-+	 expectation here is that we have failed to get an IPv4 response
-+	 and should retry both queries.
-+
-+     [3] If the first response was not a SUCCESS and the second
-+	 response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN,
-+	 or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the
-+	 result from the second response, otherwise the first responses
-+	 status is used.  Again we have some odd side-effects when the
-+	 second response is NOTFOUND because we overwrite *errnop and
-+	 *h_errnop that means that a first answer of NOTFOUND might see
-+	 its *errnop and *h_errnop values altered.  Whether it matters
-+	 in practice that a first response NOTFOUND has the wrong
-+	 *errnop and *h_errnop is undecided.
-+
-+     [4] If the first response is UNAVAIL we return that instead of
-+	 looking at the second response.  The expectation here is that
-+	 it will have failed similarly e.g. configuration failure.
-+
-+     [5] Testing this code is complicated by the fact that truncated
-+	 second response buffers might be returned as SUCCESS if the
-+	 first answer is a SUCCESS.  To fix this we add symmetry to
-+	 TRYAGAIN with the second response.  If the second response
-+	 is a recoverable error we now return TRYAGIN even if the first
-+	 response was SUCCESS.  */
-+
-   if (anslen1 > 0)
-     status = gaih_getanswer_slice(answer1, anslen1, qname,
- 				  &pat, &buffer, &buflen,
- 				  errnop, h_errnop, ttlp,
- 				  &first);
-+
-   if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND
-        || (status == NSS_STATUS_TRYAGAIN
- 	   /* We want to look at the second answer in case of an
-@@ -1242,8 +1342,15 @@ gaih_getanswer (const querybuf *answer1,
- 						     &pat, &buffer, &buflen,
- 						     errnop, h_errnop, ttlp,
- 						     &first);
-+      /* Use the second response status in some cases.  */
-       if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND)
- 	status = status2;
-+      /* Do not return a truncated second response (unless it was
-+         unavoidable e.g. unrecoverable TRYAGAIN).  */
-+      if (status == NSS_STATUS_SUCCESS
-+	  && (status2 == NSS_STATUS_TRYAGAIN
-+	      && *errnop == ERANGE && *h_errnop != NO_RECOVERY))
-+	status = NSS_STATUS_TRYAGAIN;
-     }
- 
-   return status;
-Index: b/resolv/res_query.c
-===================================================================
---- a/resolv/res_query.c
-+++ b/resolv/res_query.c
-@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp,
- 		  {
- 		    free (*answerp2);
- 		    *answerp2 = NULL;
-+		    *nanswerp2 = 0;
- 		    *answerp2_malloced = 0;
- 		  }
- 	}
-@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp,
- 			  {
- 			    free (*answerp2);
- 			    *answerp2 = NULL;
-+			    *nanswerp2 = 0;
- 			    *answerp2_malloced = 0;
- 			  }
- 
-@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp,
- 	  {
- 	    free (*answerp2);
- 	    *answerp2 = NULL;
-+	    *nanswerp2 = 0;
- 	    *answerp2_malloced = 0;
- 	  }
- 	if (saved_herrno != -1)
-Index: b/resolv/res_send.c
-===================================================================
---- a/resolv/res_send.c
-+++ b/resolv/res_send.c
-@@ -1,3 +1,20 @@
-+/* Copyright (C) 2016 Free Software Foundation, Inc.
-+   This file is part of the GNU C Library.
-+
-+   The GNU C Library is free software; you can redistribute it and/or
-+   modify it under the terms of the GNU Lesser General Public
-+   License as published by the Free Software Foundation; either
-+   version 2.1 of the License, or (at your option) any later version.
-+
-+   The GNU C Library is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   Lesser General Public License for more details.
-+
-+   You should have received a copy of the GNU Lesser General Public
-+   License along with the GNU C Library; if not, see
-+   <http://www.gnu.org/licenses/>.  */
-+
- /*
-  * Copyright (c) 1985, 1989, 1993
-  *    The Regents of the University of California.  All rights reserved.
-@@ -361,6 +378,8 @@ __libc_res_nsend(res_state statp, const
- #ifdef USE_HOOKS
- 	if (__glibc_unlikely (statp->qhook || statp->rhook))       {
- 		if (anssiz < MAXPACKET && ansp) {
-+			/* Always allocate MAXPACKET, callers expect
-+			   this specific size.  */
- 			u_char *buf = malloc (MAXPACKET);
- 			if (buf == NULL)
- 				return (-1);
-@@ -660,6 +679,77 @@ libresolv_hidden_def (res_nsend)
- 
- /* Private */
- 
-+/* The send_vc function is responsible for sending a DNS query over TCP
-+   to the nameserver numbered NS from the res_state STATP i.e.
-+   EXT(statp).nssocks[ns].  The function supports sending both IPv4 and
-+   IPv6 queries at the same serially on the same socket.
-+
-+   Please note that for TCP there is no way to disable sending both
-+   queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP
-+   and sends the queries serially and waits for the result after each
-+   sent query.  This implemetnation should be corrected to honour these
-+   options.
-+
-+   Please also note that for TCP we send both queries over the same
-+   socket one after another.  This technically violates best practice
-+   since the server is allowed to read the first query, respond, and
-+   then close the socket (to service another client).  If the server
-+   does this, then the remaining second query in the socket data buffer
-+   will cause the server to send the client an RST which will arrive
-+   asynchronously and the client's OS will likely tear down the socket
-+   receive buffer resulting in a potentially short read and lost
-+   response data.  This will force the client to retry the query again,
-+   and this process may repeat until all servers and connection resets
-+   are exhausted and then the query will fail.  It's not known if this
-+   happens with any frequency in real DNS server implementations.  This
-+   implementation should be corrected to use two sockets by default for
-+   parallel queries.
-+
-+   The query stored in BUF of BUFLEN length is sent first followed by
-+   the query stored in BUF2 of BUFLEN2 length.  Queries are sent
-+   serially on the same socket.
-+
-+   Answers to the query are stored firstly in *ANSP up to a max of
-+   *ANSSIZP bytes.  If more than *ANSSIZP bytes are needed and ANSCP
-+   is non-NULL (to indicate that modifying the answer buffer is allowed)
-+   then malloc is used to allocate a new response buffer and ANSCP and
-+   ANSP will both point to the new buffer.  If more than *ANSSIZP bytes
-+   are needed but ANSCP is NULL, then as much of the response as
-+   possible is read into the buffer, but the results will be truncated.
-+   When truncation happens because of a small answer buffer the DNS
-+   packets header feild TC will bet set to 1, indicating a truncated
-+   message and the rest of the socket data will be read and discarded.
-+
-+   Answers to the query are stored secondly in *ANSP2 up to a max of
-+   *ANSSIZP2 bytes, with the actual response length stored in
-+   *RESPLEN2.  If more than *ANSSIZP bytes are needed and ANSP2
-+   is non-NULL (required for a second query) then malloc is used to
-+   allocate a new response buffer, *ANSSIZP2 is set to the new buffer
-+   size and *ANSP2_MALLOCED is set to 1.
-+
-+   The ANSP2_MALLOCED argument will eventually be removed as the
-+   change in buffer pointer can be used to detect the buffer has
-+   changed and that the caller should use free on the new buffer.
-+
-+   Note that the answers may arrive in any order from the server and
-+   therefore the first and second answer buffers may not correspond to
-+   the first and second queries.
-+
-+   It is not supported to call this function with a non-NULL ANSP2
-+   but a NULL ANSCP.  Put another way, you can call send_vc with a
-+   single unmodifiable buffer or two modifiable buffers, but no other
-+   combination is supported.
-+
-+   It is the caller's responsibility to free the malloc allocated
-+   buffers by detecting that the pointers have changed from their
-+   original values i.e. *ANSCP or *ANSP2 has changed.
-+
-+   If errors are encountered then *TERRNO is set to an appropriate
-+   errno value and a zero result is returned for a recoverable error,
-+   and a less-than zero result is returned for a non-recoverable error.
-+
-+   If no errors are encountered then *TERRNO is left unmodified and
-+   a the length of the first response in bytes is returned.  */
- static int
- send_vc(res_state statp,
- 	const u_char *buf, int buflen, const u_char *buf2, int buflen2,
-@@ -669,11 +759,7 @@ send_vc(res_state statp,
- {
- 	const HEADER *hp = (HEADER *) buf;
- 	const HEADER *hp2 = (HEADER *) buf2;
--	u_char *ans = *ansp;
--	int orig_anssizp = *anssizp;
--	// XXX REMOVE
--	// int anssiz = *anssizp;
--	HEADER *anhp = (HEADER *) ans;
-+	HEADER *anhp = (HEADER *) *ansp;
- 	struct sockaddr *nsap = get_nsaddr (statp, ns);
- 	int truncating, connreset, n;
- 	/* On some architectures compiler might emit a warning indicating
-@@ -766,6 +852,8 @@ send_vc(res_state statp,
- 	 * Receive length & response
- 	 */
- 	int recvresp1 = 0;
-+	/* Skip the second response if there is no second query.
-+           To do that we mark the second response as received.  */
- 	int recvresp2 = buf2 == NULL;
- 	uint16_t rlen16;
-  read_len:
-@@ -802,40 +890,14 @@ send_vc(res_state statp,
- 	u_char **thisansp;
- 	int *thisresplenp;
- 	if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
-+		/* We have not received any responses
-+		   yet or we only have one response to
-+		   receive.  */
- 		thisanssizp = anssizp;
- 		thisansp = anscp ?: ansp;
- 		assert (anscp != NULL || ansp2 == NULL);
- 		thisresplenp = &resplen;
- 	} else {
--		if (*anssizp != MAXPACKET) {
--			/* No buffer allocated for the first
--			   reply.  We can try to use the rest
--			   of the user-provided buffer.  */
--#if __GNUC_PREREQ (4, 7)
--			DIAG_PUSH_NEEDS_COMMENT;
--			DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized");
--#endif
--#if _STRING_ARCH_unaligned
--			*anssizp2 = orig_anssizp - resplen;
--			*ansp2 = *ansp + resplen;
--#else
--			int aligned_resplen
--			  = ((resplen + __alignof__ (HEADER) - 1)
--			     & ~(__alignof__ (HEADER) - 1));
--			*anssizp2 = orig_anssizp - aligned_resplen;
--			*ansp2 = *ansp + aligned_resplen;
--#endif
--#if __GNUC_PREREQ (4, 7)
--			DIAG_POP_NEEDS_COMMENT;
--#endif
--		} else {
--			/* The first reply did not fit into the
--			   user-provided buffer.  Maybe the second
--			   answer will.  */
--			*anssizp2 = orig_anssizp;
--			*ansp2 = *ansp;
--		}
--
- 		thisanssizp = anssizp2;
- 		thisansp = ansp2;
- 		thisresplenp = resplen2;
-@@ -843,10 +905,14 @@ send_vc(res_state statp,
- 	anhp = (HEADER *) *thisansp;
- 
- 	*thisresplenp = rlen;
--	if (rlen > *thisanssizp) {
--		/* Yes, we test ANSCP here.  If we have two buffers
--		   both will be allocatable.  */
--		if (__glibc_likely (anscp != NULL))       {
-+	/* Is the answer buffer too small?  */
-+	if (*thisanssizp < rlen) {
-+		/* If the current buffer is non-NULL and it's not
-+		   pointing at the static user-supplied buffer then
-+		   we can reallocate it.  */
-+		if (thisansp != NULL && thisansp != ansp) {
-+			/* Always allocate MAXPACKET, callers expect
-+			   this specific size.  */
- 			u_char *newp = malloc (MAXPACKET);
- 			if (newp == NULL) {
- 				*terrno = ENOMEM;
-@@ -858,6 +924,9 @@ send_vc(res_state statp,
- 			if (thisansp == ansp2)
- 			  *ansp2_malloced = 1;
- 			anhp = (HEADER *) newp;
-+			/* A uint16_t can't be larger than MAXPACKET
-+			   thus it's safe to allocate MAXPACKET but
-+			   read RLEN bytes instead.  */
- 			len = rlen;
- 		} else {
- 			Dprint(statp->options & RES_DEBUG,
-@@ -1021,6 +1090,66 @@ reopen (res_state statp, int *terrno, in
- 	return 1;
- }
- 
-+/* The send_dg function is responsible for sending a DNS query over UDP
-+   to the nameserver numbered NS from the res_state STATP i.e.
-+   EXT(statp).nssocks[ns].  The function supports IPv4 and IPv6 queries
-+   along with the ability to send the query in parallel for both stacks
-+   (default) or serially (RES_SINGLKUP).  It also supports serial lookup
-+   with a close and reopen of the socket used to talk to the server
-+   (RES_SNGLKUPREOP) to work around broken name servers.
-+
-+   The query stored in BUF of BUFLEN length is sent first followed by
-+   the query stored in BUF2 of BUFLEN2 length.  Queries are sent
-+   in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP).
-+
-+   Answers to the query are stored firstly in *ANSP up to a max of
-+   *ANSSIZP bytes.  If more than *ANSSIZP bytes are needed and ANSCP
-+   is non-NULL (to indicate that modifying the answer buffer is allowed)
-+   then malloc is used to allocate a new response buffer and ANSCP and
-+   ANSP will both point to the new buffer.  If more than *ANSSIZP bytes
-+   are needed but ANSCP is NULL, then as much of the response as
-+   possible is read into the buffer, but the results will be truncated.
-+   When truncation happens because of a small answer buffer the DNS
-+   packets header feild TC will bet set to 1, indicating a truncated
-+   message, while the rest of the UDP packet is discarded.
-+
-+   Answers to the query are stored secondly in *ANSP2 up to a max of
-+   *ANSSIZP2 bytes, with the actual response length stored in
-+   *RESPLEN2.  If more than *ANSSIZP bytes are needed and ANSP2
-+   is non-NULL (required for a second query) then malloc is used to
-+   allocate a new response buffer, *ANSSIZP2 is set to the new buffer
-+   size and *ANSP2_MALLOCED is set to 1.
-+
-+   The ANSP2_MALLOCED argument will eventually be removed as the
-+   change in buffer pointer can be used to detect the buffer has
-+   changed and that the caller should use free on the new buffer.
-+
-+   Note that the answers may arrive in any order from the server and
-+   therefore the first and second answer buffers may not correspond to
-+   the first and second queries.
-+
-+   It is not supported to call this function with a non-NULL ANSP2
-+   but a NULL ANSCP.  Put another way, you can call send_vc with a
-+   single unmodifiable buffer or two modifiable buffers, but no other
-+   combination is supported.
-+
-+   It is the caller's responsibility to free the malloc allocated
-+   buffers by detecting that the pointers have changed from their
-+   original values i.e. *ANSCP or *ANSP2 has changed.
-+
-+   If an answer is truncated because of UDP datagram DNS limits then
-+   *V_CIRCUIT is set to 1 and the return value non-zero to indicate to
-+   the caller to retry with TCP.  The value *GOTSOMEWHERE is set to 1
-+   if any progress was made reading a response from the nameserver and
-+   is used by the caller to distinguish between ECONNREFUSED and
-+   ETIMEDOUT (the latter if *GOTSOMEWHERE is 1).
-+
-+   If errors are encountered then *TERRNO is set to an appropriate
-+   errno value and a zero result is returned for a recoverable error,
-+   and a less-than zero result is returned for a non-recoverable error.
-+
-+   If no errors are encountered then *TERRNO is left unmodified and
-+   a the length of the first response in bytes is returned.  */
- static int
- send_dg(res_state statp,
- 	const u_char *buf, int buflen, const u_char *buf2, int buflen2,
-@@ -1030,8 +1159,6 @@ send_dg(res_state statp,
- {
- 	const HEADER *hp = (HEADER *) buf;
- 	const HEADER *hp2 = (HEADER *) buf2;
--	u_char *ans = *ansp;
--	int orig_anssizp = *anssizp;
- 	struct timespec now, timeout, finish;
- 	struct pollfd pfd[1];
- 	int ptimeout;
-@@ -1064,6 +1191,8 @@ send_dg(res_state statp,
- 	int need_recompute = 0;
- 	int nwritten = 0;
- 	int recvresp1 = 0;
-+	/* Skip the second response if there is no second query.
-+           To do that we mark the second response as received.  */
- 	int recvresp2 = buf2 == NULL;
- 	pfd[0].fd = EXT(statp).nssocks[ns];
- 	pfd[0].events = POLLOUT;
-@@ -1227,55 +1356,56 @@ send_dg(res_state statp,
- 		int *thisresplenp;
- 
- 		if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
-+			/* We have not received any responses
-+			   yet or we only have one response to
-+			   receive.  */
- 			thisanssizp = anssizp;
- 			thisansp = anscp ?: ansp;
- 			assert (anscp != NULL || ansp2 == NULL);
- 			thisresplenp = &resplen;
- 		} else {
--			if (*anssizp != MAXPACKET) {
--				/* No buffer allocated for the first
--				   reply.  We can try to use the rest
--				   of the user-provided buffer.  */
--#if _STRING_ARCH_unaligned
--				*anssizp2 = orig_anssizp - resplen;
--				*ansp2 = *ansp + resplen;
--#else
--				int aligned_resplen
--				  = ((resplen + __alignof__ (HEADER) - 1)
--				     & ~(__alignof__ (HEADER) - 1));
--				*anssizp2 = orig_anssizp - aligned_resplen;
--				*ansp2 = *ansp + aligned_resplen;
--#endif
--			} else {
--				/* The first reply did not fit into the
--				   user-provided buffer.  Maybe the second
--				   answer will.  */
--				*anssizp2 = orig_anssizp;
--				*ansp2 = *ansp;
--			}
--
- 			thisanssizp = anssizp2;
- 			thisansp = ansp2;
- 			thisresplenp = resplen2;
- 		}
- 
- 		if (*thisanssizp < MAXPACKET
--		    /* Yes, we test ANSCP here.  If we have two buffers
--		       both will be allocatable.  */
--		    && anscp
-+		    /* If the current buffer is non-NULL and it's not
-+		       pointing at the static user-supplied buffer then
-+		       we can reallocate it.  */
-+		    && (thisansp != NULL && thisansp != ansp)
- #ifdef FIONREAD
-+		    /* Is the size too small?  */
- 		    && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0
- 			|| *thisanssizp < *thisresplenp)
- #endif
-                     ) {
-+			/* Always allocate MAXPACKET, callers expect
-+			   this specific size.  */
- 			u_char *newp = malloc (MAXPACKET);
- 			if (newp != NULL) {
--				*anssizp = MAXPACKET;
--				*thisansp = ans = newp;
-+				*thisanssizp = MAXPACKET;
-+				*thisansp = newp;
- 				if (thisansp == ansp2)
- 				  *ansp2_malloced = 1;
- 			}
- 		}
-+		/* We could end up with truncation if anscp was NULL
-+		   (not allowed to change caller's buffer) and the
-+		   response buffer size is too small.  This isn't a
-+		   reliable way to detect truncation because the ioctl
-+		   may be an inaccurate report of the UDP message size.
-+		   Therefore we use this only to issue debug output.
-+		   To do truncation accurately with UDP we need
-+		   MSG_TRUNC which is only available on Linux.  We
-+		   can abstract out the Linux-specific feature in the
-+		   future to detect truncation.  */
-+		if (__glibc_unlikely (*thisanssizp < *thisresplenp)) {
-+			Dprint(statp->options & RES_DEBUG,
-+			       (stdout, ";; response may be truncated (UDP)\n")
-+			);
-+		}
-+
- 		HEADER *anhp = (HEADER *) *thisansp;
- 		socklen_t fromlen = sizeof(struct sockaddr_in6);
- 		assert (sizeof(from) <= fromlen);
diff --git a/gnu/packages/patches/glibc-hurd-extern-inline.patch b/gnu/packages/patches/glibc-hurd-extern-inline.patch
deleted file mode 100644
index a609b1f54a..0000000000
--- a/gnu/packages/patches/glibc-hurd-extern-inline.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-This changes the way _EXTERN_INLINE is defined so we can
-avoid external definition errors.
-https://lists.gnu.org/archive/html/bug-hurd/2014-04/msg00002.html
-
-diff --git a/signal/sigsetops.c b/signal/sigsetops.c
-index 0317662..b92c296 100644
---- a/signal/sigsetops.c
-+++ b/signal/sigsetops.c
-@@ -3,7 +3,9 @@
- 
- #include <features.h>
- 
--#define _EXTERN_INLINE
-+#ifndef _EXTERN_INLINE
-+#define _EXTERN_INLINE __extern_inline
-+#endif
- #ifndef __USE_EXTERN_INLINES
- # define __USE_EXTERN_INLINES  1
- #endif
-
-Link libmachuser and libhurduser automatically with libc, since they are
-considered a standard part of the API in GNU-land.
-
---- a/Makerules
-+++ b/Makerules
-@@ -978,6 +978,9 @@
- 	      '$(libdir)/$(patsubst %,$(libtype.oS),$(libprefix)$(libc-name))'\
-	      ' AS_NEEDED (' $(rtlddir)/$(rtld-installed-name) ') )' \
- 	) > $@.new
-+ifeq ($(patsubst gnu%,,$(config-os)),)
-+	echo 'INPUT ( AS_NEEDED ( -lmachuser -lhurduser ) )' >> $@.new
-+endif
- 	mv -f $@.new $@
- 
- endif
\ No newline at end of file
diff --git a/gnu/packages/patches/glibc-locale-incompatibility.patch b/gnu/packages/patches/glibc-locale-incompatibility.patch
deleted file mode 100644
index baf30a79a7..0000000000
--- a/gnu/packages/patches/glibc-locale-incompatibility.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-This patch avoids an assertion failure when incompatible locale data
-is encountered:
-
-  https://sourceware.org/ml/libc-alpha/2015-09/msg00575.html
-
---- glibc-2.22/locale/loadlocale.c	2015-09-22 17:16:02.321981548 +0200
-+++ glibc-2.22/locale/loadlocale.c	2015-09-22 17:17:34.814659064 +0200
-@@ -120,10 +120,11 @@
- 	 _nl_value_type_LC_XYZ array.  There are all pointers.  */
-       switch (category)
- 	{
--#define CATTEST(cat) \
--	case LC_##cat:							      \
--	  assert (cnt < (sizeof (_nl_value_type_LC_##cat)		      \
--			 / sizeof (_nl_value_type_LC_##cat[0])));	      \
-+#define CATTEST(cat)						\
-+	case LC_##cat:						\
-+	  if (cnt >= (sizeof (_nl_value_type_LC_##cat)		\
-+		      / sizeof (_nl_value_type_LC_##cat[0])))	\
-+	    goto puntdata;					\
- 	  break
- 	  CATTEST (NUMERIC);
- 	  CATTEST (TIME);
diff --git a/gnu/packages/patches/glibc-locales.patch b/gnu/packages/patches/glibc-locales.patch
index 1bcf12bf6f..3a125e845e 100644
--- a/gnu/packages/patches/glibc-locales.patch
+++ b/gnu/packages/patches/glibc-locales.patch
@@ -5,8 +5,8 @@ in a package separate from glibc.
   2. Use '--no-archive' to avoid building the big locale archive, and
      because the already-built 'localedef' would want to write it
      to '/run/current-system/locale', which is not possible.
-  3. Pass $(localedir)/$$locale to install files in the right place, and
-     because otherwise, 'localedef' fails with:
+  3. Pass $(inst_complocaledir)/$$locale to install files in the right
+     place, and because otherwise, 'localedef' fails with:
      "cannot write output files to `(null)'".
 
 --- glibc-2.22/localedata/Makefile	1970-01-01 01:00:00.000000000 +0100
@@ -25,7 +25,7 @@ in a package separate from glibc.
  	$(LOCALEDEF) --alias-file=../intl/locale.alias \
  		     -i locales/$$input -c -f charmaps/$$charset \
 -		     $(addprefix --prefix=,$(install_root)) $$locale \
-+		     $(addprefix --prefix=,$(install_root)) $(localedir)/$$locale \
++		     $(addprefix --prefix=,$(install_root)) $(inst_complocaledir)/$$locale \
  	&& echo ' done'; \
  
  tst-setlocale-ENV = LC_ALL=ja_JP.EUC-JP
diff --git a/gnu/packages/patches/libarchive-CVE-2013-0211.patch b/gnu/packages/patches/libarchive-CVE-2013-0211.patch
deleted file mode 100644
index b024a7d4a8..0000000000
--- a/gnu/packages/patches/libarchive-CVE-2013-0211.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Description: Fix CVE-2013-0211: read buffer overflow on 64-bit systems
-Origin: upstream
-Bug-Debian: http://bugs.debian.org/703957
-Forwarded: not-needed
-
---- libarchive-3.0.4.orig/libarchive/archive_write.c
-+++ libarchive-3.0.4/libarchive/archive_write.c
-@@ -665,8 +665,13 @@ static ssize_t
- _archive_write_data(struct archive *_a, const void *buff, size_t s)
- {
- 	struct archive_write *a = (struct archive_write *)_a;
-+	const size_t max_write = INT_MAX;
-+
- 	archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
- 	    ARCHIVE_STATE_DATA, "archive_write_data");
-+	/* In particular, this catches attempts to pass negative values. */
-+	if (s > max_write)
-+		s = max_write;
- 	archive_clear_error(&a->archive);
- 	return ((a->format_write_data)(a, buff, s));
- }
diff --git a/gnu/packages/patches/libarchive-CVE-2016-1541.patch b/gnu/packages/patches/libarchive-CVE-2016-1541.patch
deleted file mode 100644
index 6ac8773244..0000000000
--- a/gnu/packages/patches/libarchive-CVE-2016-1541.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-Fix CVE-2016-1541 (buffer overflow zip_read_mac_metadata)
-
-Taken from upstream source repository:
-https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7
-
-When reading OS X metadata entries in Zip archives that were stored
-without compression, libarchive would use the uncompressed entry size
-to allocate a buffer but would use the compressed entry size to limit
-the amount of data copied into that buffer.  Since the compressed
-and uncompressed sizes are provided by data in the archive itself,
-an attacker could manipulate these values to write data beyond
-the end of the allocated buffer.
-
-This fix provides three new checks to guard against such
-manipulation and to make libarchive generally more robust when
-handling this type of entry:
- 1. If an OS X metadata entry is stored without compression,
-    abort the entire archive if the compressed and uncompressed
-    data sizes do not match.
- 2. When sanity-checking the size of an OS X metadata entry,
-    abort this entry if either the compressed or uncompressed
-    size is larger than 4MB.
- 3. When copying data into the allocated buffer, check the copy
-    size against both the compressed entry size and uncompressed
-    entry size.
----
- libarchive/archive_read_support_format_zip.c | 13 +++++++++++++
- 1 file changed, 13 insertions(+)
-
-diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c
-index 0f8262c..0a0be96 100644
---- a/libarchive/archive_read_support_format_zip.c
-+++ b/libarchive/archive_read_support_format_zip.c
-@@ -2778,6 +2778,11 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
- 
- 	switch(rsrc->compression) {
- 	case 0:  /* No compression. */
-+		if (rsrc->uncompressed_size != rsrc->compressed_size) {
-+			archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
-+			    "Malformed OS X metadata entry: inconsistent size");
-+			return (ARCHIVE_FATAL);
-+		}
- #ifdef HAVE_ZLIB_H
- 	case 8: /* Deflate compression. */
- #endif
-@@ -2798,6 +2803,12 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
- 		    (intmax_t)rsrc->uncompressed_size);
- 		return (ARCHIVE_WARN);
- 	}
-+	if (rsrc->compressed_size > (4 * 1024 * 1024)) {
-+		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
-+		    "Mac metadata is too large: %jd > 4M bytes",
-+		    (intmax_t)rsrc->compressed_size);
-+		return (ARCHIVE_WARN);
-+	}
- 
- 	metadata = malloc((size_t)rsrc->uncompressed_size);
- 	if (metadata == NULL) {
-@@ -2836,6 +2847,8 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
- 			bytes_avail = remaining_bytes;
- 		switch(rsrc->compression) {
- 		case 0:  /* No compression. */
-+			if ((size_t)bytes_avail > metadata_bytes)
-+				bytes_avail = metadata_bytes;
- 			memcpy(mp, p, bytes_avail);
- 			bytes_used = (size_t)bytes_avail;
- 			metadata_bytes -= bytes_used;
diff --git a/gnu/packages/patches/libarchive-bsdtar-test.patch b/gnu/packages/patches/libarchive-bsdtar-test.patch
deleted file mode 100644
index 6a533a9a07..0000000000
--- a/gnu/packages/patches/libarchive-bsdtar-test.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-commit b539b2e597b566fe3c4b49cb61c9eef83e5e052d
-Author: Pavel Raiskup <praiskup@redhat.com>
-Date:   Thu Jun 27 16:01:30 2013 +0200
-
-    Use ustar format in the test_option_b test
-    
-    .. because the ustar archive does not store SELinux context.  As the default
-    format for bsdtar is "restricted pax" (trying to store xattrs and other
-    things by default), the test failed on Fedora because our files have by
-    default SELinux context set.  This results in additional data in tested
-    archive ~> and the test failed because the archive was unexpectedly big:
-    
-     tar/test/test_option_b.c:41: File archive1.tar has size 3072, expected 2048
-    
-    Reviewed by Konrad Kleine <konrad.wilhelm.kleine@gmail.com>
-
-diff --git a/tar/test/test_option_b.c b/tar/test/test_option_b.c
-index be2ae65..6fea474 100644
---- a/tar/test/test_option_b.c
-+++ b/tar/test/test_option_b.c
-@@ -25,8 +25,14 @@
- #include "test.h"
- __FBSDID("$FreeBSD$");
- 
-+#define USTAR_OPT " --format=ustar"
-+
- DEFINE_TEST(test_option_b)
- {
-+	char *testprog_ustar = malloc(strlen(testprog) + sizeof(USTAR_OPT) + 1);
-+	strcpy(testprog_ustar, testprog);
-+	strcat(testprog_ustar, USTAR_OPT);
-+
- 	assertMakeFile("file1", 0644, "file1");
- 	if (systemf("cat file1 > test_cat.out 2> test_cat.err") != 0) {
- 		skipping("Platform doesn't have cat");
-@@ -36,7 +42,7 @@ DEFINE_TEST(test_option_b)
- 	/*
- 	 * Bsdtar does not pad if the output is going directly to a disk file.
- 	 */
--	assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog));
-+	assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog_ustar));
- 	failure("bsdtar does not pad archives written directly to regular files");
- 	assertFileSize("archive1.tar", 2048);
- 	assertEmptyFile("test1.out");
-@@ -46,24 +52,24 @@ DEFINE_TEST(test_option_b)
- 	 * Bsdtar does pad to the block size if the output is going to a socket.
- 	 */
- 	/* Default is -b 20 */
--	assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog));
-+	assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog_ustar));
- 	failure("bsdtar does pad archives written to pipes");
- 	assertFileSize("archive2.tar", 10240);
- 	assertEmptyFile("test2.err");
- 
--	assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog));
-+	assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog_ustar));
- 	assertFileSize("archive3.tar", 10240);
- 	assertEmptyFile("test3.err");
- 
--	assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog));
-+	assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog_ustar));
- 	assertFileSize("archive4.tar", 5120);
- 	assertEmptyFile("test4.err");
- 
--	assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog));
-+	assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog_ustar));
- 	assertFileSize("archive5.tar", 2048);
- 	assertEmptyFile("test5.err");
- 
--	assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog));
-+	assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog_ustar));
- 	assertFileSize("archive6.tar", 4194304);
- 	assertEmptyFile("test6.err");
- 
diff --git a/gnu/packages/patches/libarchive-fix-lzo-test-case.patch b/gnu/packages/patches/libarchive-fix-lzo-test-case.patch
deleted file mode 100644
index ffdc0db922..0000000000
--- a/gnu/packages/patches/libarchive-fix-lzo-test-case.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-Description: This patch fixes test cases for LZO write support in various
- architectures, such as armhf. Writing a certain amount of files would
- cause the LZO compressor level 9 to produce a bigger archive than the
- default compressor level.
-Author: Andres Mejia <amejia@debian.org>
-
---- a/libarchive/test/test_write_filter_lzop.c
-+++ b/libarchive/test/test_write_filter_lzop.c
-@@ -39,7 +39,7 @@
- 	size_t buffsize, datasize;
- 	char path[16];
- 	size_t used1, used2;
--	int i, r, use_prog = 0;
-+	int i, r, use_prog = 0, filecount;
- 
- 	assert((a = archive_write_new()) != NULL);
- 	r = archive_write_add_filter_lzop(a);
-@@ -58,9 +58,10 @@
- 
- 	datasize = 10000;
- 	assert(NULL != (data = (char *)calloc(1, datasize)));
-+	filecount = 10;
- 
- 	/*
--	 * Write a 100 files and read them all back.
-+	 * Write a filecount files and read them all back.
- 	 */
- 	assert((a = archive_write_new()) != NULL);
- 	assertEqualIntA(a, ARCHIVE_OK, archive_write_set_format_ustar(a));
-@@ -77,7 +78,7 @@
- 	assert((ae = archive_entry_new()) != NULL);
- 	archive_entry_set_filetype(ae, AE_IFREG);
- 	archive_entry_set_size(ae, datasize);
--	for (i = 0; i < 100; i++) {
-+	for (i = 0; i < filecount; i++) {
- 		sprintf(path, "file%03d", i);
- 		archive_entry_copy_pathname(ae, path);
- 		assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae));
-@@ -97,7 +98,7 @@
- 	} else {
- 		assertEqualIntA(a, ARCHIVE_OK,
- 		    archive_read_open_memory(a, buff, used1));
--		for (i = 0; i < 100; i++) {
-+		for (i = 0; i < filecount; i++) {
- 			sprintf(path, "file%03d", i);
- 			if (!assertEqualInt(ARCHIVE_OK,
- 				archive_read_next_header(a, &ae)))
-@@ -133,7 +134,7 @@
- 	    archive_write_set_options(a, "lzop:compression-level=9"));
- 	assertEqualIntA(a, ARCHIVE_OK,
- 	    archive_write_open_memory(a, buff, buffsize, &used2));
--	for (i = 0; i < 100; i++) {
-+	for (i = 0; i < filecount; i++) {
- 		sprintf(path, "file%03d", i);
- 		assert((ae = archive_entry_new()) != NULL);
- 		archive_entry_copy_pathname(ae, path);
-@@ -161,7 +162,7 @@
- 		    archive_read_support_filter_all(a));
- 		assertEqualIntA(a, ARCHIVE_OK,
- 		    archive_read_open_memory(a, buff, used2));
--		for (i = 0; i < 100; i++) {
-+		for (i = 0; i < filecount; i++) {
- 			sprintf(path, "file%03d", i);
- 			if (!assertEqualInt(ARCHIVE_OK,
- 				archive_read_next_header(a, &ae)))
-@@ -186,7 +187,7 @@
- 	    archive_write_set_filter_option(a, NULL, "compression-level", "1"));
- 	assertEqualIntA(a, ARCHIVE_OK,
- 	    archive_write_open_memory(a, buff, buffsize, &used2));
--	for (i = 0; i < 100; i++) {
-+	for (i = 0; i < filecount; i++) {
- 		sprintf(path, "file%03d", i);
- 		assert((ae = archive_entry_new()) != NULL);
- 		archive_entry_copy_pathname(ae, path);
-@@ -216,7 +217,7 @@
- 	} else {
- 		assertEqualIntA(a, ARCHIVE_OK,
- 		    archive_read_open_memory(a, buff, used2));
--		for (i = 0; i < 100; i++) {
-+		for (i = 0; i < filecount; i++) {
- 			sprintf(path, "file%03d", i);
- 			if (!assertEqualInt(ARCHIVE_OK,
- 				archive_read_next_header(a, &ae)))
diff --git a/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch b/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch
deleted file mode 100644
index ad94592c05..0000000000
--- a/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Description: Patch to fix filename length calculation when writing mtree archives.
-Author: Dave Reisner <dreisner@archlinux.org>
-Origin: upstream
-
---- a/libarchive/archive_write_set_format_mtree.c
-+++ b/libarchive/archive_write_set_format_mtree.c
-@@ -1855,9 +1855,9 @@
- 		return (ret);
- 	}
- 
--	/* Make a basename from dirname and slash */
-+	/* Make a basename from file->parentdir.s and slash */
- 	*slash  = '\0';
--	file->parentdir.length = slash - dirname;
-+	file->parentdir.length = slash - file->parentdir.s;
- 	archive_strcpy(&(file->basename),  slash + 1);
- 	return (ret);
- }
diff --git a/gnu/packages/patches/libpthread-glibc-preparation.patch b/gnu/packages/patches/libpthread-glibc-preparation.patch
deleted file mode 100644
index a43245436c..0000000000
--- a/gnu/packages/patches/libpthread-glibc-preparation.patch
+++ /dev/null
@@ -1,146 +0,0 @@
-This patch helps to integrate the Hurd's libpthread as a libc add-on.
-
-It writes the configure file, removes an rpc call not yet 
-implemented on the version of gnumach we use and defines
-a missing macro.
-
-diff --git a/libpthread/configure b/libpthread/configure
-new file mode 100644
-index 0000000..2cdbc71
---- /dev/null
-+++ b/libpthread/configure
-@@ -0,0 +1,2 @@
-+libc_add_on_canonical=libpthread
-+libc_add_on_subdirs=.
--- 
-1.9.0
-
-We are using a version of GNU Mach that lacks 'thread_terminate_release'
-(not introduced yet).  The 'thread_terminate' RPC call will be enough for
-our needs.
-See <http://lists.gnu.org/archive/html/bug-hurd/2014-05/msg00127.html>.
-
-diff --git a/libpthread/sysdeps/mach/pt-thread-terminate.c b/libpthread/sysdeps/mach/pt-thread-terminate.c
-index 6672065..129a611 100644
---- a/libpthread/sysdeps/mach/pt-thread-terminate.c
-+++ b/libpthread/sysdeps/mach/pt-thread-terminate.c
-@@ -70,9 +70,9 @@ __pthread_thread_terminate (struct __pthread *thread)
-   __mach_port_destroy (__mach_task_self (), wakeup_port);
- 
-   /* Terminate and release all that's left.  */
--  err = __thread_terminate_release (kernel_thread, mach_task_self (),
--				    kernel_thread, reply_port,
--				    stackaddr, stacksize);
-+  /* err = __thread_terminate_release (kernel_thread, mach_task_self (), */
-+  /* 				    kernel_thread, reply_port, */
-+  /* 				    stackaddr, stacksize); */
- 
-   /* The kernel does not support it yet.  Leak but at least terminate
-      correctly.  */
--- 
-1.9.2
-
-The __PTHREAD_SPIN_LOCK_INITIALIZER definition is missing, so we 
-define it to __SPIN_LOCK_INITIALIZER which already exists.
-See <http://lists.gnu.org/archive/html/commit-hurd/2009-04/msg00006.html>.
-  
-diff --git a/libpthread/sysdeps/mach/bits/spin-lock.h b/libpthread/sysdeps/mach/bits/spin-lock.h
-index 537dac9..fca0e5a 100644
---- a/libpthread/sysdeps/mach/bits/spin-lock.h
-+++ b/libpthread/sysdeps/mach/bits/spin-lock.h
-@@ -30,7 +30,7 @@ typedef __spin_lock_t __pthread_spinlock_t;
- 
- /* Initializer for a spin lock object.  */
- #ifndef __PTHREAD_SPIN_LOCK_INITIALIZER
--#error __PTHREAD_SPIN_LOCK_INITIALIZER undefined: should be defined by <lock-intern.h>.
-+#define __PTHREAD_SPIN_LOCK_INITIALIZER __SPIN_LOCK_INITIALIZER
- #endif
- 
- __END_DECLS
-
-The version of the glibc we use doesn't include the shm-directory.c file and does
-not yet support IS_IN.
-See <https://lists.gnu.org/archive/html/bug-hurd/2015-03/msg00078.html>
-
-diff --git a/libpthread/Makefile b/libpthread/Makefile
-index 2906788..b8dee58 100644
---- a/libpthread/Makefile
-+++ b/libpthread/Makefile
-@@ -149,8 +149,6 @@ libpthread-routines := pt-attr pt-attr-destroy pt-attr-getdetachstate	    \
- 	sem-post sem-timedwait sem-trywait sem-unlink			    \
- 	sem-wait							    \
- 									    \
--	shm-directory							    \
--									    \
- 	cthreads-compat							    \
- 	$(SYSDEPS)
- 
--- 
-2.3.6
-
-diff --git a/libpthread/pthread/pt-create.c b/libpthread/pthread/pt-create.c
-index d88afae..84044dc 100644
---- a/libpthread/pthread/pt-create.c
-+++ b/libpthread/pthread/pt-create.c
-@@ -28,7 +28,7 @@
- 
- #include <pt-internal.h>
- 
--#if IS_IN (libpthread)
-+#ifdef IS_IN_libpthread
- # include <ctype.h>
- #endif
- #ifdef HAVE_USELOCALE
-@@ -50,7 +50,7 @@ entry_point (struct __pthread *self, void *(*start_routine)(void *), void *arg)
-   __resp = &self->res_state;
- #endif
- 
--#if IS_IN (libpthread)
-+#ifdef IS_IN_libpthread
-   /* Initialize pointers to locale data.  */
-   __ctype_init ();
- #endif
-diff --git a/libpthread/pthread/pt-initialize.c b/libpthread/pthread/pt-initialize.c
-index 9e5404b..b9cacbd 100644
---- a/libpthread/pthread/pt-initialize.c
-+++ b/libpthread/pthread/pt-initialize.c
-@@ -28,7 +28,7 @@
- 
- DEFINE_HOOK (__pthread_init, (void));
- 
--#if IS_IN (libpthread)
-+#ifdef IS_IN_libpthread
- static const struct pthread_functions pthread_functions =
-   {
-     .ptr_pthread_attr_destroy = __pthread_attr_destroy,
-@@ -81,7 +81,7 @@ static const struct pthread_functions pthread_functions =
- void
- ___pthread_init (void)
- {
--#if IS_IN (libpthread)
-+#ifdef IS_IN_libpthread
-   __libc_pthread_init(&pthread_functions);
- #endif
-   RUN_HOOK (__pthread_init, ());
-diff --git a/libpthread/pthread/pt-internal.h b/libpthread/pthread/pt-internal.h
-index 18b5b4c..8cdcfce 100644
---- a/libpthread/pthread/pt-internal.h
-+++ b/libpthread/pthread/pt-internal.h
-@@ -35,7 +35,7 @@
- #include <pt-sysdep.h>
- #include <pt-machdep.h>
- 
--#if IS_IN (libpthread)
-+#ifdef IS_IN_libpthread
- # include <ldsodefs.h>
- #endif
- 
-@@ -60,7 +60,7 @@ enum pthread_state
- # define PTHREAD_SYSDEP_MEMBERS
- #endif
- 
--#if !(IS_IN (libpthread))
-+#ifndef IS_IN_libpthread
- #ifdef ENABLE_TLS
- /* Type of the TCB.  */
- typedef struct
diff --git a/gnu/packages/patches/libxslt-CVE-2015-7995.patch b/gnu/packages/patches/libxslt-CVE-2015-7995.patch
deleted file mode 100644
index f291d5b387..0000000000
--- a/gnu/packages/patches/libxslt-CVE-2015-7995.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Thu, 29 Oct 2015 19:33:23 +0800
-Subject: [PATCH] Fix for type confusion in preprocessing attributes
-
-CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10
-We need to check that the parent node is an element before dereferencing
-its namespace
----
- libxslt/preproc.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/libxslt/preproc.c b/libxslt/preproc.c
-index 0eb80a0..7f69325 100644
---- a/libxslt/preproc.c
-+++ b/libxslt/preproc.c
-@@ -2249,7 +2249,8 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr inst) {
- 	} else if (IS_XSLT_NAME(inst, "attribute")) {
- 	    xmlNodePtr parent = inst->parent;
- 
--	    if ((parent == NULL) || (parent->ns == NULL) ||
-+	    if ((parent == NULL) ||
-+	        (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) ||
- 		((parent->ns != inst->ns) &&
- 		 (!xmlStrEqual(parent->ns->href, inst->ns->href))) ||
- 		(!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) {
--- 
-2.6.3
-
diff --git a/gnu/packages/patches/libxslt-generated-ids.patch b/gnu/packages/patches/libxslt-generated-ids.patch
new file mode 100644
index 0000000000..4273875c7c
--- /dev/null
+++ b/gnu/packages/patches/libxslt-generated-ids.patch
@@ -0,0 +1,173 @@
+This makes generated IDs deterministic.
+
+Written by Daniel Veillard.
+
+This should be fixed in next release (2.29).
+See https://bugzilla.gnome.org/show_bug.cgi?id=751621.
+
+diff --git a/libxslt/functions.c b/libxslt/functions.c
+index 6448bde..5b00a6d 100644
+--- a/libxslt/functions.c
++++ b/libxslt/functions.c
+@@ -651,6 +651,63 @@ xsltFormatNumberFunction(xmlXPathParserContextPtr ctxt, int nargs)
+ }
+ 
+ /**
++ * xsltCleanupIds:
++ * @ctxt: the transformation context
++ * @root: the root of the resulting document
++ *
++ * This clean up ids which may have been saved in Element contents
++ * by xsltGenerateIdFunction() to provide stable IDs on elements.
++ *
++ * Returns the number of items cleaned or -1 in case of error
++ */
++int
++xsltCleanupIds(xsltTransformContextPtr ctxt, xmlNodePtr root) {
++    xmlNodePtr cur;
++    int count = 0;
++
++    if ((ctxt == NULL) || (root == NULL))
++        return(-1);
++    if (root->type != XML_ELEMENT_NODE)
++        return(-1);
++
++    cur = root;
++    while (cur != NULL) {
++	if (cur->type == XML_ELEMENT_NODE) {
++	    if (cur->content != NULL) {
++	        cur->content = NULL;
++		count++;
++	    }
++	    if (cur->children != NULL) {
++		cur = cur->children;
++		continue;
++	    }
++	}
++	if (cur->next != NULL) {
++	    cur = cur->next;
++	    continue;
++	}
++	do {
++	    cur = cur->parent;
++	    if (cur == NULL)
++		break;
++	    if (cur == (xmlNodePtr) root) {
++		cur = NULL;
++		break;
++	    }
++	    if (cur->next != NULL) {
++		cur = cur->next;
++		break;
++	    }
++	} while (cur != NULL);
++    }
++
++fprintf(stderr, "Attributed %d IDs for element, cleaned up %d\n",
++        ctxt->nextid, count);
++
++    return(count);
++}
++
++/**
+  * xsltGenerateIdFunction:
+  * @ctxt:  the XPath Parser context
+  * @nargs:  the number of arguments
+@@ -701,7 +758,39 @@ xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){
+     if (obj)
+         xmlXPathFreeObject(obj);
+ 
+-    val = (long)((char *)cur - (char *)&base_address);
++    /*
++     * Try to provide stable ID for generated document:
++     *   - usually ID are computed to be placed on elements via attributes
++     *     so using the element as the node for the ID
++     *   - the cur->content should be a correct placeholder for this, we use
++     *     it to hold element node numbers in xmlXPathOrderDocElems to
++     *     speed up XPath too
++     *   - xsltCleanupIds() clean them up before handing the XSLT output
++     *     to the API client.
++     *   - other nodes types use the node address method but that should
++     *     not end up in resulting document ID
++     *   - we can enable this by default without risk of performance issues
++     *     only the one pass xsltCleanupIds() is added
++     */
++    if (cur->type == XML_ELEMENT_NODE) {
++        if (cur->content == NULL) {
++	    xsltTransformContextPtr tctxt;
++
++	    tctxt = xsltXPathGetTransformContext(ctxt);
++	    if (tctxt == NULL) {
++		val = (long)((char *)cur - (char *)&base_address);
++	    } else {
++		tctxt->nextid++;
++		val = tctxt->nextid;
++		cur->content = (void *) (val);
++	    }
++	} else {
++	    val = (long) cur->content;
++	}
++    } else {
++	val = (long)((char *)cur - (char *)&base_address);
++    }
++
+     if (val >= 0) {
+       sprintf((char *)str, "idp%ld", val);
+     } else {
+diff --git a/libxslt/functions.h b/libxslt/functions.h
+index e0e0bf9..4a1e163 100644
+--- a/libxslt/functions.h
++++ b/libxslt/functions.h
+@@ -64,6 +64,13 @@ XSLTPUBFUN void XSLTCALL
+ 					 int nargs);
+ 
+ /*
++ * Cleanup for ID generation
++ */
++XSLTPUBFUN int XSLTCALL
++	xsltCleanupIds			(xsltTransformContextPtr ctxt,
++					 xmlNodePtr root);
++
++/*
+  * And the registration
+  */
+ 
+diff --git a/libxslt/transform.c b/libxslt/transform.c
+index 24f9eb2..2bdf6bf 100644
+--- a/libxslt/transform.c
++++ b/libxslt/transform.c
+@@ -700,6 +700,7 @@ xsltNewTransformContext(xsltStylesheetPtr style, xmlDocPtr doc) {
+     cur->traceCode = (unsigned long*) &xsltDefaultTrace;
+     cur->xinclude = xsltGetXIncludeDefault();
+     cur->keyInitLevel = 0;
++    cur->nextid = 0;
+ 
+     return(cur);
+ 
+@@ -6092,6 +6093,13 @@ xsltApplyStylesheetInternal(xsltStylesheetPtr style, xmlDocPtr doc,
+     if (root != NULL) {
+         const xmlChar *doctype = NULL;
+ 
++        /*
++	 * cleanup ids which may have been saved in Elements content ptrs
++	 */
++	if (ctxt->nextid != 0) {
++	    xsltCleanupIds(ctxt, root);
++	}
++
+         if ((root->ns != NULL) && (root->ns->prefix != NULL))
+ 	    doctype = xmlDictQLookup(ctxt->dict, root->ns->prefix, root->name);
+ 	if (doctype == NULL)
+diff --git a/libxslt/xsltInternals.h b/libxslt/xsltInternals.h
+index 95e8fe6..8eedae4 100644
+--- a/libxslt/xsltInternals.h
++++ b/libxslt/xsltInternals.h
+@@ -1786,6 +1786,8 @@ struct _xsltTransformContext {
+     int funcLevel;      /* Needed to catch recursive functions issues */
+     int maxTemplateDepth;
+     int maxTemplateVars;
++
++    unsigned long nextid;/* for generating stable ids */
+ };
+ 
+ /**
diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-8629.patch b/gnu/packages/patches/mit-krb5-CVE-2015-8629.patch
deleted file mode 100644
index a296d8cb1b..0000000000
--- a/gnu/packages/patches/mit-krb5-CVE-2015-8629.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-Copied from Fedora.
-http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8629.patch?h=f22
-
-From df17a1224a3406f57477bcd372c61e04c0e5a5bb Mon Sep 17 00:00:00 2001
-From: Greg Hudson <ghudson@mit.edu>
-Date: Fri, 8 Jan 2016 12:45:25 -0500
-Subject: [PATCH 1/3] Verify decoded kadmin C strings [CVE-2015-8629]
-
-In xdr_nullstring(), check that the decoded string is terminated with
-a zero byte and does not contain any internal zero bytes.
-
-CVE-2015-8629:
-
-In all versions of MIT krb5, an authenticated attacker can cause
-kadmind to read beyond the end of allocated memory by sending a string
-without a terminating zero byte.  Information leakage may be possible
-for an attacker with permission to modify the database.
-
-    CVSSv2 Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C
-
-ticket: 8341 (new)
-target_version: 1.14-next
-target_version: 1.13-next
-tags: pullup
----
- src/lib/kadm5/kadm_rpc_xdr.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c
-index 2bef858..ba67084 100644
---- a/src/lib/kadm5/kadm_rpc_xdr.c
-+++ b/src/lib/kadm5/kadm_rpc_xdr.c
-@@ -64,7 +64,14 @@ bool_t xdr_nullstring(XDR *xdrs, char **objp)
- 		    return FALSE;
- 	       }
- 	  }
--	  return (xdr_opaque(xdrs, *objp, size));
-+	  if (!xdr_opaque(xdrs, *objp, size))
-+		  return FALSE;
-+	  /* Check that the unmarshalled bytes are a C string. */
-+	  if ((*objp)[size - 1] != '\0')
-+		  return FALSE;
-+	  if (memchr(*objp, '\0', size - 1) != NULL)
-+		  return FALSE;
-+	  return TRUE;
- 
-      case XDR_ENCODE:
- 	  if (size != 0)
--- 
-2.7.0.rc3
-
diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch b/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch
deleted file mode 100644
index c21d84b1e7..0000000000
--- a/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-Copied from Fedora.
-http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8630.patch?h=f22
-
-From b863de7fbf080b15e347a736fdda0a82d42f4f6b Mon Sep 17 00:00:00 2001
-From: Greg Hudson <ghudson@mit.edu>
-Date: Fri, 8 Jan 2016 12:52:28 -0500
-Subject: [PATCH 2/3] Check for null kadm5 policy name [CVE-2015-8630]
-
-In kadm5_create_principal_3() and kadm5_modify_principal(), check for
-entry->policy being null when KADM5_POLICY is included in the mask.
-
-CVE-2015-8630:
-
-In MIT krb5 1.12 and later, an authenticated attacker with permission
-to modify a principal entry can cause kadmind to dereference a null
-pointer by supplying a null policy value but including KADM5_POLICY in
-the mask.
-
-    CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
-
-ticket: 8342 (new)
-target_version: 1.14-next
-target_version: 1.13-next
-tags: pullup
----
- src/lib/kadm5/srv/svr_principal.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
-index 5b95fa3..1d4365c 100644
---- a/src/lib/kadm5/srv/svr_principal.c
-+++ b/src/lib/kadm5/srv/svr_principal.c
-@@ -395,6 +395,8 @@ kadm5_create_principal_3(void *server_handle,
-     /*
-      * Argument sanity checking, and opening up the DB
-      */
-+    if (entry == NULL)
-+        return EINVAL;
-     if(!(mask & KADM5_PRINCIPAL) || (mask & KADM5_MOD_NAME) ||
-        (mask & KADM5_MOD_TIME) || (mask & KADM5_LAST_PWD_CHANGE) ||
-        (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
-@@ -403,12 +405,12 @@ kadm5_create_principal_3(void *server_handle,
-         return KADM5_BAD_MASK;
-     if ((mask & KADM5_KEY_DATA) && entry->n_key_data != 0)
-         return KADM5_BAD_MASK;
-+    if((mask & KADM5_POLICY) && entry->policy == NULL)
-+        return KADM5_BAD_MASK;
-     if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
-         return KADM5_BAD_MASK;
-     if((mask & ~ALL_PRINC_MASK))
-         return KADM5_BAD_MASK;
--    if (entry == NULL)
--        return EINVAL;
- 
-     /*
-      * Check to see if the principal exists
-@@ -643,6 +645,8 @@ kadm5_modify_principal(void *server_handle,
- 
-     krb5_clear_error_message(handle->context);
- 
-+    if(entry == NULL)
-+        return EINVAL;
-     if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) ||
-        (mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) ||
-        (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
-@@ -651,10 +655,10 @@ kadm5_modify_principal(void *server_handle,
-         return KADM5_BAD_MASK;
-     if((mask & ~ALL_PRINC_MASK))
-         return KADM5_BAD_MASK;
-+    if((mask & KADM5_POLICY) && entry->policy == NULL)
-+        return KADM5_BAD_MASK;
-     if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
-         return KADM5_BAD_MASK;
--    if(entry == (kadm5_principal_ent_t) NULL)
--        return EINVAL;
-     if (mask & KADM5_TL_DATA) {
-         tl_data_orig = entry->tl_data;
-         while (tl_data_orig) {
--- 
-2.7.0.rc3
-
diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-8631.patch b/gnu/packages/patches/mit-krb5-CVE-2015-8631.patch
deleted file mode 100644
index dd1eb2945c..0000000000
--- a/gnu/packages/patches/mit-krb5-CVE-2015-8631.patch
+++ /dev/null
@@ -1,576 +0,0 @@
-Copied from Fedora.
-http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8631.patch?h=f22
-
-From 83ed75feba32e46f736fcce0d96a0445f29b96c2 Mon Sep 17 00:00:00 2001
-From: Greg Hudson <ghudson@mit.edu>
-Date: Fri, 8 Jan 2016 13:16:54 -0500
-Subject: [PATCH 3/3] Fix leaks in kadmin server stubs [CVE-2015-8631]
-
-In each kadmind server stub, initialize the client_name and
-server_name variables, and release them in the cleanup handler.  Many
-of the stubs will otherwise leak the client and server name if
-krb5_unparse_name() fails.  Also make sure to free the prime_arg
-variables in rename_principal_2_svc(), or we can leak the first one if
-unparsing the second one fails.  Discovered by Simo Sorce.
-
-CVE-2015-8631:
-
-In all versions of MIT krb5, an authenticated attacker can cause
-kadmind to leak memory by supplying a null principal name in a request
-which uses one.  Repeating these requests will eventually cause
-kadmind to exhaust all available memory.
-
-    CVSSv2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
-
-ticket: 8343 (new)
-target_version: 1.14-next
-target_version: 1.13-next
-tags: pullup
----
- src/kadmin/server/server_stubs.c | 151 ++++++++++++++++++++-------------------
- 1 file changed, 77 insertions(+), 74 deletions(-)
-
-diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c
-index 1879dc6..6ac797e 100644
---- a/src/kadmin/server/server_stubs.c
-+++ b/src/kadmin/server/server_stubs.c
-@@ -334,7 +334,8 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
- {
-     static generic_ret          ret;
-     char                        *prime_arg;
--    gss_buffer_desc             client_name, service_name;
-+    gss_buffer_desc             client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc             service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                   minor_stat;
-     kadm5_server_handle_t       handle;
-     restriction_t               *rp;
-@@ -382,10 +383,10 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
-             krb5_free_error_message(handle->context, errmsg);
-     }
-     free(prime_arg);
--    gss_release_buffer(&minor_stat, &client_name);
--    gss_release_buffer(&minor_stat, &service_name);
- 
- exit_func:
-+    gss_release_buffer(&minor_stat, &client_name);
-+    gss_release_buffer(&minor_stat, &service_name);
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -395,7 +396,8 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
- {
-     static generic_ret          ret;
-     char                        *prime_arg;
--    gss_buffer_desc             client_name, service_name;
-+    gss_buffer_desc             client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc             service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                   minor_stat;
-     kadm5_server_handle_t       handle;
-     restriction_t               *rp;
-@@ -444,10 +446,10 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
-             krb5_free_error_message(handle->context, errmsg);
-     }
-     free(prime_arg);
--    gss_release_buffer(&minor_stat, &client_name);
--    gss_release_buffer(&minor_stat, &service_name);
- 
- exit_func:
-+    gss_release_buffer(&minor_stat, &client_name);
-+    gss_release_buffer(&minor_stat, &service_name);
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -457,8 +459,8 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
- {
-     static generic_ret              ret;
-     char                            *prime_arg;
--    gss_buffer_desc                 client_name,
--        service_name;
-+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                       minor_stat;
-     kadm5_server_handle_t           handle;
-     const char                      *errmsg = NULL;
-@@ -501,10 +503,10 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
- 
-     }
-     free(prime_arg);
--    gss_release_buffer(&minor_stat, &client_name);
--    gss_release_buffer(&minor_stat, &service_name);
- 
- exit_func:
-+    gss_release_buffer(&minor_stat, &client_name);
-+    gss_release_buffer(&minor_stat, &service_name);
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -514,8 +516,8 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
- {
-     static generic_ret              ret;
-     char                            *prime_arg;
--    gss_buffer_desc                 client_name,
--        service_name;
-+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                       minor_stat;
-     kadm5_server_handle_t           handle;
-     restriction_t                   *rp;
-@@ -559,9 +561,9 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
-             krb5_free_error_message(handle->context, errmsg);
-     }
-     free(prime_arg);
-+exit_func:
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
--exit_func:
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -570,10 +572,9 @@ generic_ret *
- rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
- {
-     static generic_ret          ret;
--    char                        *prime_arg1,
--        *prime_arg2;
--    gss_buffer_desc             client_name,
--        service_name;
-+    char                        *prime_arg1 = NULL, *prime_arg2 = NULL;
-+    gss_buffer_desc             client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc             service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                   minor_stat;
-     kadm5_server_handle_t       handle;
-     restriction_t               *rp;
-@@ -655,11 +656,11 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
-             krb5_free_error_message(handle->context, errmsg);
- 
-     }
-+exit_func:
-     free(prime_arg1);
-     free(prime_arg2);
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
--exit_func:
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -669,8 +670,8 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
- {
-     static gprinc_ret               ret;
-     char                            *prime_arg, *funcname;
--    gss_buffer_desc                 client_name,
--        service_name;
-+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                       minor_stat;
-     kadm5_server_handle_t           handle;
-     const char                      *errmsg = NULL;
-@@ -719,9 +720,9 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
-             krb5_free_error_message(handle->context, errmsg);
-     }
-     free(prime_arg);
-+exit_func:
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
--exit_func:
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -731,8 +732,8 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp)
- {
-     static gprincs_ret              ret;
-     char                            *prime_arg;
--    gss_buffer_desc                 client_name,
--        service_name;
-+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                       minor_stat;
-     kadm5_server_handle_t           handle;
-     const char                      *errmsg = NULL;
-@@ -777,9 +778,9 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp)
-             krb5_free_error_message(handle->context, errmsg);
- 
-     }
-+exit_func:
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
--exit_func:
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -789,8 +790,8 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
- {
-     static generic_ret              ret;
-     char                            *prime_arg;
--    gss_buffer_desc                 client_name,
--        service_name;
-+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                       minor_stat;
-     kadm5_server_handle_t           handle;
-     const char                      *errmsg = NULL;
-@@ -840,9 +841,9 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
-     }
- 
-     free(prime_arg);
-+exit_func:
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
--exit_func:
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -852,8 +853,8 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
- {
-     static generic_ret              ret;
-     char                            *prime_arg;
--    gss_buffer_desc                 client_name,
--        service_name;
-+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                       minor_stat;
-     kadm5_server_handle_t           handle;
-     const char                      *errmsg = NULL;
-@@ -909,9 +910,9 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
-     }
- 
-     free(prime_arg);
-+exit_func:
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
--exit_func:
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -921,8 +922,8 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
- {
-     static generic_ret              ret;
-     char                            *prime_arg;
--    gss_buffer_desc                 client_name,
--        service_name;
-+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                       minor_stat;
-     kadm5_server_handle_t           handle;
-     const char                      *errmsg = NULL;
-@@ -969,9 +970,9 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
-     }
- 
-     free(prime_arg);
-+exit_func:
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
--exit_func:
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -981,8 +982,8 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
- {
-     static generic_ret              ret;
-     char                            *prime_arg;
--    gss_buffer_desc                 client_name,
--        service_name;
-+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                       minor_stat;
-     kadm5_server_handle_t           handle;
-     const char                      *errmsg = NULL;
-@@ -1029,9 +1030,9 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
-     }
- 
-     free(prime_arg);
-+exit_func:
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
--exit_func:
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -1041,8 +1042,8 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
- {
-     static generic_ret              ret;
-     char                            *prime_arg;
--    gss_buffer_desc                 client_name,
--        service_name;
-+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                       minor_stat;
-     kadm5_server_handle_t           handle;
-     const char                      *errmsg = NULL;
-@@ -1092,9 +1093,9 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
-     }
- 
-     free(prime_arg);
-+exit_func:
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
--exit_func:
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -1106,8 +1107,8 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
-     krb5_keyblock               *k;
-     int                         nkeys;
-     char                        *prime_arg, *funcname;
--    gss_buffer_desc             client_name,
--        service_name;
-+    gss_buffer_desc             client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc             service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                   minor_stat;
-     kadm5_server_handle_t       handle;
-     const char                  *errmsg = NULL;
-@@ -1164,9 +1165,9 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
-             krb5_free_error_message(handle->context, errmsg);
-     }
-     free(prime_arg);
-+exit_func:
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
--exit_func:
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -1178,8 +1179,8 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
-     krb5_keyblock               *k;
-     int                         nkeys;
-     char                        *prime_arg, *funcname;
--    gss_buffer_desc             client_name,
--        service_name;
-+    gss_buffer_desc             client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc             service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                   minor_stat;
-     kadm5_server_handle_t       handle;
-     const char                  *errmsg = NULL;
-@@ -1241,9 +1242,9 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
-             krb5_free_error_message(handle->context, errmsg);
-     }
-     free(prime_arg);
-+exit_func:
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
--exit_func:
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -1253,8 +1254,8 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp)
- {
-     static generic_ret              ret;
-     char                            *prime_arg;
--    gss_buffer_desc                 client_name,
--        service_name;
-+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                       minor_stat;
-     kadm5_server_handle_t           handle;
-     const char                      *errmsg = NULL;
-@@ -1295,9 +1296,9 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp)
-         if (errmsg != NULL)
-             krb5_free_error_message(handle->context, errmsg);
-     }
-+exit_func:
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
--exit_func:
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -1307,8 +1308,8 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp)
- {
-     static generic_ret              ret;
-     char                            *prime_arg;
--    gss_buffer_desc                 client_name,
--        service_name;
-+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                       minor_stat;
-     kadm5_server_handle_t           handle;
-     const char                      *errmsg = NULL;
-@@ -1347,9 +1348,9 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp)
-         if (errmsg != NULL)
-             krb5_free_error_message(handle->context, errmsg);
-     }
-+exit_func:
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
--exit_func:
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -1359,8 +1360,8 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp)
- {
-     static generic_ret              ret;
-     char                            *prime_arg;
--    gss_buffer_desc                 client_name,
--        service_name;
-+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                       minor_stat;
-     kadm5_server_handle_t           handle;
-     const char                      *errmsg = NULL;
-@@ -1400,9 +1401,9 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp)
-         if (errmsg != NULL)
-             krb5_free_error_message(handle->context, errmsg);
-     }
-+exit_func:
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
--exit_func:
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -1413,8 +1414,8 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
-     static gpol_ret             ret;
-     kadm5_ret_t         ret2;
-     char                        *prime_arg, *funcname;
--    gss_buffer_desc             client_name,
--        service_name;
-+    gss_buffer_desc             client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc             service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                   minor_stat;
-     kadm5_principal_ent_rec     caller_ent;
-     kadm5_server_handle_t       handle;
-@@ -1475,9 +1476,9 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
-         log_unauth(funcname, prime_arg,
-                    &client_name, &service_name, rqstp);
-     }
-+exit_func:
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
--exit_func:
-     free_server_handle(handle);
-     return &ret;
- 
-@@ -1488,8 +1489,8 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
- {
-     static gpols_ret                ret;
-     char                            *prime_arg;
--    gss_buffer_desc                 client_name,
--        service_name;
-+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                       minor_stat;
-     kadm5_server_handle_t           handle;
-     const char                      *errmsg = NULL;
-@@ -1531,9 +1532,9 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
-         if (errmsg != NULL)
-             krb5_free_error_message(handle->context, errmsg);
-     }
-+exit_func:
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
--exit_func:
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -1541,7 +1542,8 @@ exit_func:
- getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
- {
-     static getprivs_ret            ret;
--    gss_buffer_desc                client_name, service_name;
-+    gss_buffer_desc                client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc                service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                      minor_stat;
-     kadm5_server_handle_t          handle;
-     const char                     *errmsg = NULL;
-@@ -1571,9 +1573,9 @@ getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
-     if (errmsg != NULL)
-         krb5_free_error_message(handle->context, errmsg);
- 
-+exit_func:
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
--exit_func:
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -1583,7 +1585,8 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp)
- {
-     static generic_ret          ret;
-     char                        *prime_arg, *funcname;
--    gss_buffer_desc             client_name, service_name;
-+    gss_buffer_desc             client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc             service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                   minor_stat;
-     kadm5_server_handle_t       handle;
- 
-@@ -1629,9 +1632,9 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp)
-             krb5_free_error_message(handle->context, errmsg);
-     }
-     free(prime_arg);
-+exit_func:
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
--exit_func:
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -1641,8 +1644,8 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp)
- {
-     static gstrings_ret             ret;
-     char                            *prime_arg;
--    gss_buffer_desc                 client_name,
--        service_name;
-+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                       minor_stat;
-     kadm5_server_handle_t           handle;
-     const char                      *errmsg = NULL;
-@@ -1688,9 +1691,9 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp)
-             krb5_free_error_message(handle->context, errmsg);
-     }
-     free(prime_arg);
-+exit_func:
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
--exit_func:
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -1700,8 +1703,8 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp)
- {
-     static generic_ret              ret;
-     char                            *prime_arg;
--    gss_buffer_desc                 client_name,
--        service_name;
-+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
-     OM_uint32                       minor_stat;
-     kadm5_server_handle_t           handle;
-     const char                      *errmsg = NULL;
-@@ -1744,9 +1747,9 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp)
-             krb5_free_error_message(handle->context, errmsg);
-     }
-     free(prime_arg);
-+exit_func:
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
--exit_func:
-     free_server_handle(handle);
-     return &ret;
- }
-@@ -1754,8 +1757,8 @@ exit_func:
- generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
- {
-     static generic_ret         ret;
--    gss_buffer_desc            client_name,
--        service_name;
-+    gss_buffer_desc            client_name = GSS_C_EMPTY_BUFFER;
-+    gss_buffer_desc            service_name = GSS_C_EMPTY_BUFFER;
-     kadm5_server_handle_t      handle;
-     OM_uint32                  minor_stat;
-     const char                 *errmsg = NULL;
-@@ -1797,10 +1800,10 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
-                      rqstp->rq_cred.oa_flavor);
-     if (errmsg != NULL)
-         krb5_free_error_message(NULL, errmsg);
--    gss_release_buffer(&minor_stat, &client_name);
--    gss_release_buffer(&minor_stat, &service_name);
- 
- exit_func:
-+    gss_release_buffer(&minor_stat, &client_name);
-+    gss_release_buffer(&minor_stat, &service_name);
-     return(&ret);
- }
- 
--- 
-2.7.0.rc3
-
diff --git a/gnu/packages/patches/mit-krb5-init-context-null-spnego.patch b/gnu/packages/patches/mit-krb5-init-context-null-spnego.patch
deleted file mode 100644
index 195db38d08..0000000000
--- a/gnu/packages/patches/mit-krb5-init-context-null-spnego.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-Copied from Fedora.
-http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-init_context_null_spnego.patch?h=f22
-
-From 3beb564cea3d219efcf71682b6576cad548c2d23 Mon Sep 17 00:00:00 2001
-From: Simo Sorce <simo@redhat.com>
-Date: Tue, 5 Jan 2016 12:11:59 -0500
-Subject: [PATCH] Check internal context on init context errors
-
-If the mechanism deletes the internal context handle on error, the
-mechglue must do the same with the union context, to avoid crashes if
-the application calls other functions with this invalid union context.
-
-[ghudson@mit.edu: edit commit message and code comment]
-
-ticket: 8337 (new)
-target_version: 1.14-next
-target_version: 1.13-next
-tags: pullup
----
- src/lib/gssapi/mechglue/g_init_sec_context.c | 11 +++++++----
- 1 file changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c
-index aaae767..9f154b8 100644
---- a/src/lib/gssapi/mechglue/g_init_sec_context.c
-+++ b/src/lib/gssapi/mechglue/g_init_sec_context.c
-@@ -224,12 +224,15 @@ OM_uint32 *		time_rec;
- 
-     if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) {
- 	/*
--	 * the spec says (the preferred) method is to delete all
--	 * context info on the first call to init, and on all
--	 * subsequent calls make the caller responsible for
--	 * calling gss_delete_sec_context
-+	 * The spec says the preferred method is to delete all context info on
-+	 * the first call to init, and on all subsequent calls make the caller
-+	 * responsible for calling gss_delete_sec_context.  However, if the
-+	 * mechanism decided to delete the internal context, we should also
-+	 * delete the union context.
- 	 */
- 	map_error(minor_status, mech);
-+	if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT)
-+	    *context_handle = GSS_C_NO_CONTEXT;
- 	if (*context_handle == GSS_C_NO_CONTEXT) {
- 	    free(union_ctx_id->mech_type->elements);
- 	    free(union_ctx_id->mech_type);
--- 
-2.6.4
-
diff --git a/gnu/packages/patches/procps-non-linux.patch b/gnu/packages/patches/procps-non-linux.patch
new file mode 100644
index 0000000000..9d369aeb2c
--- /dev/null
+++ b/gnu/packages/patches/procps-non-linux.patch
@@ -0,0 +1,40 @@
+From aa9bd38d0a6fe53aff7f78fb2d9f61e55677c7b5 Mon Sep 17 00:00:00 2001
+From: Craig Small <csmall@enc.com.au>
+Date: Sun, 17 Apr 2016 09:09:41 +1000
+Subject: [PATCH] tests: Conditionally add prctl to test process
+
+prctl was already bypassed on Cygwin systems. This extends to
+non-Linux systems such as kFreeBSD and Hurd.
+
+---
+ lib/test_process.c | 4 ++--
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/lib/test_process.c b/lib/test_process.c
+index 6e652ed..6a4776c 100644
+--- a/lib/test_process.c
++++ b/lib/test_process.c
+@@ -21,7 +21,9 @@
+ #include <stdlib.h>
+ #include <unistd.h>
+ #include <signal.h>
++#ifdef __linux__
+ #include <sys/prctl.h>
++#endif
+ #include "c.h"
+ 
+ #define DEFAULT_SLEEPTIME 300
+@@ -78,8 +80,10 @@
+     sigaction(SIGUSR1, &signal_action, NULL);
+     sigaction(SIGUSR2, &signal_action, NULL);
+ 
++#ifdef __linux__
+     /* set process name */
+     prctl(PR_SET_NAME, MY_NAME, NULL, NULL, NULL);
++#endif
+ 
+     while (sleep_time > 0) {
+ 	sleep_time = sleep(sleep_time);
+-- 
+2.8.2
+
diff --git a/gnu/packages/patches/rapicorn-isnan.patch b/gnu/packages/patches/rapicorn-isnan.patch
new file mode 100644
index 0000000000..b0e7819e64
--- /dev/null
+++ b/gnu/packages/patches/rapicorn-isnan.patch
@@ -0,0 +1,87 @@
+From e0c8341b3e4e13778bcde00d477e461ea8e94306 Mon Sep 17 00:00:00 2001
+From: Stefan Westerfeld <stefan@space.twc.de>
+Date: Fri, 22 Apr 2016 18:03:37 +0200
+Subject: [PATCH 031/176] RCORE: compile fixes for KUbuntu 16.04/gcc
+ 5.3.1-14ubuntu2
+
+Rapicorn uses isnan(...) and isinf(...) from cmath.h, however on KUbuntu 16.04
+it should use std::isnan(...) and std::isinf(...) instead. Patch below.
+
+Acked-by: Tim Janik <timj@gnu.org>
+---
+ rcore/strings.cc          | 10 +++++-----
+ rcore/tests/benchrcore.cc |  4 ++--
+ rcore/tests/strings.cc    |  4 ++--
+ 3 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/rcore/strings.cc b/rcore/strings.cc
+index d5b0216..8b3bc3f 100644
+--- a/rcore/strings.cc
++++ b/rcore/strings.cc
+@@ -437,7 +437,7 @@ static long double
+ libc_strtold (const char *nptr, char **endptr)
+ {
+   const long double result = strtold (nptr, endptr);
+-  if (isnan (result) && std::signbit (result) == 0)
++  if (std::isnan (result) && std::signbit (result) == 0)
+     {
+       const char *p = nptr;
+       while (isspace (*p))
+@@ -500,9 +500,9 @@ string_to_double (const char *dblstring, const char **endptr)
+ String
+ string_from_float (float value)
+ {
+-  if (isnan (value))
++  if (std::isnan (value))
+     return std::signbit (value) ? "-NaN" : "+NaN";
+-  if (isinf (value))
++  if (std::isinf (value))
+     return std::signbit (value) ? "-Infinity" : "+Infinity";
+   return string_format ("%.7g", value);
+ }
+@@ -511,9 +511,9 @@ string_from_float (float value)
+ String
+ string_from_double (double value)
+ {
+-  if (isnan (value))
++  if (std::isnan (value))
+     return std::signbit (value) ? "-NaN" : "+NaN";
+-  if (isinf (value))
++  if (std::isinf (value))
+     return std::signbit (value) ? "-Infinity" : "+Infinity";
+   return string_format ("%.17g", value);
+ }
+diff --git a/rcore/tests/benchrcore.cc b/rcore/tests/benchrcore.cc
+index 3899a08..12fde16 100644
+--- a/rcore/tests/benchrcore.cc
++++ b/rcore/tests/benchrcore.cc
+@@ -188,8 +188,8 @@ test_random_numbers()
+       const double rf = random_frange (989617512, 9876547656);
+       TASSERT (rf >= 989617512 && rf < 9876547656);
+     }
+-  TASSERT (isnan (random_frange (NAN, 1)));
+-  TASSERT (isnan (random_frange (0, NAN)));
++  TASSERT (std::isnan (random_frange (NAN, 1)));
++  TASSERT (std::isnan (random_frange (0, NAN)));
+ #if 0 // example penalty paid in random_int64()
+   size_t i, j = 0;
+   for (i = 0; i < 100; i++)
+diff --git a/rcore/tests/strings.cc b/rcore/tests/strings.cc
+index 468a6e6..dae3e3d 100644
+--- a/rcore/tests/strings.cc
++++ b/rcore/tests/strings.cc
+@@ -311,9 +311,9 @@ string_conversions (void)
+   TCMP (string_to_double ("-0.5"), ==, -0.5);
+   double tfloat;
+   tfloat = string_to_double ("+NAN");
+-  assert (isnan (tfloat) && std::signbit (tfloat) == 0);
++  assert (std::isnan (tfloat) && std::signbit (tfloat) == 0);
+   tfloat = string_to_double ("-NAN");
+-  assert (isnan (tfloat) && std::signbit (tfloat) == 1);
++  assert (std::isnan (tfloat) && std::signbit (tfloat) == 1);
+   TCMP (string_capitalize ("fOO bar"), ==, "Foo Bar");
+   TCMP (string_capitalize ("foo BAR BAZ", 2), ==, "Foo Bar BAZ");
+ }
+-- 
+2.9.1
+
diff --git a/gnu/packages/patches/tar-d_ino_in_dirent-fix.patch b/gnu/packages/patches/tar-d_ino_in_dirent-fix.patch
deleted file mode 100644
index 39d8e2b20a..0000000000
--- a/gnu/packages/patches/tar-d_ino_in_dirent-fix.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-commit e9ddc08da0982f36581ae5a8c7763453ff41cfe8
-Author: Sergey Poznyakoff <gray@gnu.org>
-Date:   Thu Sep 25 00:22:16 2014 +0300
-
-    Bugfixes.
-    
-    * doc/tar.1: Fix typo in font spec.
-    * src/tar.c (sort_mode_arg, sort_mode_flag): Protect "inode"
-    (SAVEDIR_SORT_INODE) with D_INO_IN_DIRENT
-
-diff --git a/src/tar.c b/src/tar.c
-index 225c624..f8102e0 100644
---- a/src/tar.c
-+++ b/src/tar.c
-@@ -1341,14 +1341,18 @@ static char filename_terminator;
- static char const *const sort_mode_arg[] = {
-   "none",
-   "name",
-+#if D_INO_IN_DIRENT
-   "inode",
-+#endif
-   NULL
- };
- 
- static int sort_mode_flag[] = {
-     SAVEDIR_SORT_NONE,
-     SAVEDIR_SORT_NAME,
-+#if D_INO_IN_DIRENT
-     SAVEDIR_SORT_INODE
-+#endif
- };
- 
- ARGMATCH_VERIFY (sort_mode_arg, sort_mode_flag);
\ No newline at end of file