summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorRicardo Wurmus <rekado@elephly.net>2017-05-24 12:05:47 +0200
committerRicardo Wurmus <rekado@elephly.net>2017-05-24 12:05:47 +0200
commitd1a914082b7e53636f9801769ef96218b2125c4b (patch)
tree998805fc59fe0b1bb105b24a6a79fff646257d96 /gnu/packages/patches
parent657fb6c947d94cf946f29cd24e88bd080c01ff0a (diff)
parentae548434337cddf9677a4cd52b9370810b2cc9b6 (diff)
downloadguix-d1a914082b7e53636f9801769ef96218b2125c4b.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/abiword-black-drawing-with-gtk322.patch49
-rw-r--r--gnu/packages/patches/abiword-explictly-cast-bools.patch14
-rw-r--r--gnu/packages/patches/aspell-default-dict-dir.patch20
-rw-r--r--gnu/packages/patches/audacity-fix-ffmpeg-binding.patch32
-rw-r--r--gnu/packages/patches/calibre-dont-load-remote-icons.patch45
-rw-r--r--gnu/packages/patches/calibre-drop-unrar.patch48
-rw-r--r--gnu/packages/patches/calibre-use-packaged-feedparser.patch51
-rw-r--r--gnu/packages/patches/cdrtools-3.01-mkisofs-isoinfo.patch514
-rw-r--r--gnu/packages/patches/ceph-disable-cpu-optimizations.patch27
-rw-r--r--gnu/packages/patches/ceph-disable-unittest-throttle.patch52
-rw-r--r--gnu/packages/patches/cool-retro-term-dont-check-uninit-member.patch33
-rw-r--r--gnu/packages/patches/cool-retro-term-fix-array-size.patch25
-rw-r--r--gnu/packages/patches/cool-retro-term-memory-leak-1.patch32
-rw-r--r--gnu/packages/patches/cool-retro-term-remove-non-free-fonts.patch205
-rw-r--r--gnu/packages/patches/dvd+rw-tools-add-include.patch14
-rw-r--r--gnu/packages/patches/elixir-disable-failing-tests.patch145
-rw-r--r--gnu/packages/patches/fabric-tests.patch15
-rw-r--r--gnu/packages/patches/fuse-overlapping-headers.patch28
-rw-r--r--gnu/packages/patches/gcc-libiberty-printf-decl.patch28
-rw-r--r--gnu/packages/patches/gcj-arm-mode.patch36
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2017-8291.patch73
-rw-r--r--gnu/packages/patches/glibc-memchr-overflow-i686.patch74
-rw-r--r--gnu/packages/patches/glog-gcc-5-demangling.patch64
-rw-r--r--gnu/packages/patches/gnome-shell-CVE-2017-8288.patch54
-rw-r--r--gnu/packages/patches/gnupg-2.1-fix-Y2038-test-failure.patch67
-rw-r--r--gnu/packages/patches/graphite2-CVE-2017-5436.patch25
-rw-r--r--gnu/packages/patches/graphite2-check-code-point-limit.patch50
-rw-r--r--gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch93
-rw-r--r--gnu/packages/patches/graphite2-non-linear-classes-even-number.patch26
-rw-r--r--gnu/packages/patches/grub-CVE-2015-8370.patch45
-rw-r--r--gnu/packages/patches/grub-freetype.patch24
-rw-r--r--gnu/packages/patches/grub-gets-undeclared.patch42
-rw-r--r--gnu/packages/patches/gspell-dash-test.patch16
-rw-r--r--gnu/packages/patches/guile-arm-fixes.patch203
-rw-r--r--gnu/packages/patches/guile-ssh-double-free.patch37
-rw-r--r--gnu/packages/patches/guile-ssh-rexec-bug.patch16
-rw-r--r--gnu/packages/patches/hurd-fix-eth-multiplexer-dependency.patch26
-rw-r--r--gnu/packages/patches/hypre-doc-tables.patch25
-rw-r--r--gnu/packages/patches/hypre-ldflags.patch9
-rw-r--r--gnu/packages/patches/icecat-avoid-bundled-libraries.patch37
-rw-r--r--gnu/packages/patches/icecat-binutils.patch40
-rw-r--r--gnu/packages/patches/icu4c-CVE-2014-6585.patch21
-rw-r--r--gnu/packages/patches/icu4c-CVE-2015-1270.patch15
-rw-r--r--gnu/packages/patches/icu4c-CVE-2015-4760.patch189
-rw-r--r--gnu/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch164
-rw-r--r--gnu/packages/patches/icu4c-reset-keyword-list-iterator.patch130
-rw-r--r--gnu/packages/patches/jasper-CVE-2017-6850.patch284
-rw-r--r--gnu/packages/patches/jbig2dec-CVE-2017-7885.patch38
-rw-r--r--gnu/packages/patches/jbig2dec-CVE-2017-7975.patch40
-rw-r--r--gnu/packages/patches/jbig2dec-CVE-2017-7976.patch122
-rw-r--r--gnu/packages/patches/kiki-level-selection-crash.patch19
-rw-r--r--gnu/packages/patches/kiki-makefile.patch57
-rw-r--r--gnu/packages/patches/kiki-missing-includes.patch55
-rw-r--r--gnu/packages/patches/kiki-portability-64bit.patch328
-rw-r--r--gnu/packages/patches/kio-CVE-2017-6410.patch53
-rw-r--r--gnu/packages/patches/libbase-fix-includes.patch71
-rw-r--r--gnu/packages/patches/libbase-use-own-logging.patch80
-rw-r--r--gnu/packages/patches/libcroco-CVE-2017-7960.patch66
-rw-r--r--gnu/packages/patches/libcroco-CVE-2017-7961.patch50
-rw-r--r--gnu/packages/patches/libdrm-symbol-check.patch25
-rw-r--r--gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch77
-rw-r--r--gnu/packages/patches/libsndfile-CVE-2017-8362.patch61
-rw-r--r--gnu/packages/patches/libsndfile-armhf-type-checks.patch42
-rw-r--r--gnu/packages/patches/libtiff-CVE-2017-7593.patch113
-rw-r--r--gnu/packages/patches/libtiff-CVE-2017-7594.patch54
-rw-r--r--gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch449
-rw-r--r--gnu/packages/patches/libtirpc-CVE-2017-8779.patch263
-rw-r--r--gnu/packages/patches/lierolibre-check-unaligned-access.patch30
-rw-r--r--gnu/packages/patches/lierolibre-is-free-software.patch38
-rw-r--r--gnu/packages/patches/lierolibre-newer-libconfig.patch190
-rw-r--r--gnu/packages/patches/lierolibre-remove-arch-warning.patch30
-rw-r--r--gnu/packages/patches/lierolibre-try-building-other-arch.patch56
-rw-r--r--gnu/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch35
-rw-r--r--gnu/packages/patches/luminance-hdr-qt-printer.patch28
-rw-r--r--gnu/packages/patches/lvm2-static-link.patch4
-rw-r--r--gnu/packages/patches/lxterminal-CVE-2016-10369.patch37
-rw-r--r--gnu/packages/patches/lz4-fix-test-failures.patch136
-rw-r--r--gnu/packages/patches/mesa-fix-32bit-test-failures.patch58
-rw-r--r--gnu/packages/patches/mesa-skip-disk-cache-test.patch20
-rw-r--r--gnu/packages/patches/miniupnpc-CVE-2017-8798.patch55
-rw-r--r--gnu/packages/patches/mozjs38-pkg-config-version.patch24
-rw-r--r--gnu/packages/patches/mozjs38-shell-version.patch67
-rw-r--r--gnu/packages/patches/mozjs38-tracelogger.patch608
-rw-r--r--gnu/packages/patches/mozjs38-version-detection.patch180
-rw-r--r--gnu/packages/patches/mplayer2-theora-fix.patch286
-rw-r--r--gnu/packages/patches/mupdf-CVE-2017-5896.patch63
-rw-r--r--gnu/packages/patches/mupdf-CVE-2017-5991.patch101
-rw-r--r--gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch16
-rw-r--r--gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch188
-rw-r--r--gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch36
-rw-r--r--gnu/packages/patches/node-9077.patch25
-rw-r--r--gnu/packages/patches/nss-disable-long-b64-tests.patch34
-rw-r--r--gnu/packages/patches/nss-increase-test-timeout.patch10
-rw-r--r--gnu/packages/patches/password-store-gnupg-compat.patch53
-rw-r--r--gnu/packages/patches/pcre-CVE-2017-7186.patch56
-rw-r--r--gnu/packages/patches/pcre2-CVE-2017-7186.patch68
-rw-r--r--gnu/packages/patches/pcre2-CVE-2017-8786.patch155
-rw-r--r--gnu/packages/patches/perl-net-dns-resolver-programmable-fix.patch (renamed from gnu/packages/patches/perl-net-dns-resolver-programmable-Fix-broken-interface.patch)0
-rw-r--r--gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch335
-rw-r--r--gnu/packages/patches/portaudio-audacity-compat.patch60
-rw-r--r--gnu/packages/patches/proot-test-fhs.patch98
-rw-r--r--gnu/packages/patches/python-cython-fix-tests-32bit.patch27
-rw-r--r--gnu/packages/patches/python-pyopenssl-skip-network-test.patch25
-rw-r--r--gnu/packages/patches/qemu-CVE-2016-10155.patch49
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-2615.patch52
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-2620.patch134
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-2630.patch47
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5525.patch55
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5526.patch58
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5552.patch44
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5578.patch39
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5579.patch44
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5667.patch46
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5856.patch68
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5898.patch44
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5931.patch55
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-7493.patch182
-rw-r--r--gnu/packages/patches/qtscript-disable-tests.patch64
-rw-r--r--gnu/packages/patches/reptyr-fix-gcc-7.patch38
-rw-r--r--gnu/packages/patches/rpcbind-CVE-2017-8779.patch29
-rw-r--r--gnu/packages/patches/ruby-concurrent-test-arm.patch26
-rw-r--r--gnu/packages/patches/screen-fix-info-syntax-error.patch47
-rw-r--r--gnu/packages/patches/serf-comment-style-fix.patch23
-rw-r--r--gnu/packages/patches/serf-deflate-buckets-test-fix.patch69
-rw-r--r--gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch31
-rw-r--r--gnu/packages/patches/shadow-CVE-2017-2616.patch72
-rw-r--r--gnu/packages/patches/soprano-find-clucene.patch15
-rw-r--r--gnu/packages/patches/teeworlds-use-latest-wavpack.patch84
-rw-r--r--gnu/packages/patches/util-linux-CVE-2017-2616.patch65
-rw-r--r--gnu/packages/patches/wmfire-update-for-new-gdk-versions.patch144
-rw-r--r--gnu/packages/patches/xf86-video-intel-compat-api.patch13
-rw-r--r--gnu/packages/patches/xf86-video-intel-glibc-2.20.patch15
132 files changed, 7389 insertions, 2820 deletions
diff --git a/gnu/packages/patches/abiword-black-drawing-with-gtk322.patch b/gnu/packages/patches/abiword-black-drawing-with-gtk322.patch
new file mode 100644
index 0000000000..88a5ca4c38
--- /dev/null
+++ b/gnu/packages/patches/abiword-black-drawing-with-gtk322.patch
@@ -0,0 +1,49 @@
+commit 2ee38d1881aeea27bb49acc450631d813d1f28ba
+Author: Hubert Figuière <hub@figuiere.net>
+Date:   Wed Dec 7 09:44:01 2016 -0500
+
+    Bug 13815 - draw event should return TRUE
+    
+    This fix the black drawing regression witj Gtk3.22
+
+diff --git a/src/af/xap/gtk/xap_UnixFrameImpl.cpp b/src/af/xap/gtk/xap_UnixFrameImpl.cpp
+index 780000e..10f8e00 100644
+--- a/src/af/xap/gtk/xap_UnixFrameImpl.cpp
++++ b/src/af/xap/gtk/xap_UnixFrameImpl.cpp
+@@ -1208,9 +1208,9 @@ gint XAP_UnixFrameImpl::_fe::delete_event(GtkWidget * w, GdkEvent * /*event*/, g
+ }
+ 
+ #if GTK_CHECK_VERSION(3,0,0)
+-gint XAP_UnixFrameImpl::_fe::draw(GtkWidget * w, cairo_t * cr)
++gboolean XAP_UnixFrameImpl::_fe::draw(GtkWidget * w, cairo_t * cr)
+ #else
+-gint XAP_UnixFrameImpl::_fe::expose(GtkWidget * w, GdkEventExpose* pExposeEvent)
++gboolean XAP_UnixFrameImpl::_fe::expose(GtkWidget * w, GdkEventExpose* pExposeEvent)
+ #endif
+ {
+ 	XAP_UnixFrameImpl * pUnixFrameImpl = static_cast<XAP_UnixFrameImpl *>(g_object_get_data(G_OBJECT(w), "user_data"));
+@@ -1243,7 +1243,7 @@ gint XAP_UnixFrameImpl::_fe::expose(GtkWidget * w, GdkEventExpose* pExposeEvent)
+ 		pView->draw(&rClip);
+ #endif
+ 	}
+-	return FALSE;
++	return TRUE;
+ }
+ 
+ static bool bScrollWait = false;
+diff --git a/src/af/xap/gtk/xap_UnixFrameImpl.h b/src/af/xap/gtk/xap_UnixFrameImpl.h
+index 30ee5d8..a0ff57f 100644
+--- a/src/af/xap/gtk/xap_UnixFrameImpl.h
++++ b/src/af/xap/gtk/xap_UnixFrameImpl.h
+@@ -152,9 +152,9 @@ protected:
+ 			static gint key_release_event(GtkWidget* w, GdkEventKey* e);
+ 			static gint delete_event(GtkWidget * w, GdkEvent * /*event*/, gpointer /*data*/);
+ #if GTK_CHECK_VERSION(3,0,0)
+-			static gint draw(GtkWidget * w, cairo_t * cr);
++			static gboolean draw(GtkWidget * w, cairo_t * cr);
+ #else
+-			static gint expose(GtkWidget * w, GdkEventExpose* pExposeEvent);
++			static gboolean expose(GtkWidget * w, GdkEventExpose* pExposeEvent);
+ #endif
+ 			static gint do_ZoomUpdate( gpointer /* xap_UnixFrame * */ p);
+ 			static void vScrollChanged(GtkAdjustment * w, gpointer /*data*/);
diff --git a/gnu/packages/patches/abiword-explictly-cast-bools.patch b/gnu/packages/patches/abiword-explictly-cast-bools.patch
index 7927a180ba..97ae6653c2 100644
--- a/gnu/packages/patches/abiword-explictly-cast-bools.patch
+++ b/gnu/packages/patches/abiword-explictly-cast-bools.patch
@@ -2,18 +2,18 @@ As of JPEG-9, the type 'boolean' is an enumeration, but since glib defines
 TRUE and FALSE as numeric constants and this is C++, they need to be explicitly
 casted.
 
---- a/src/af/util/xp/ut_jpeg.cpp	2009-07-08 19:33:53.000000000 +0200
-+++ b/src/af/util/xp/ut_jpeg.cpp	2014-09-06 19:55:55.876997404 +0200
-@@ -102,7 +102,7 @@
+--- a/src/af/util/xp/ut_jpeg.cpp
++++ b/src/af/util/xp/ut_jpeg.cpp
+@@ -102,7 +102,7 @@ static boolean _jpegFillInputBuffer (j_decompress_ptr cinfo)
  	src->pub.next_input_byte = src->sourceBuf->getPointer (src->pos);
  	src->pub.bytes_in_buffer = src->sourceBuf->getLength ();
- 	
--	return TRUE;
+ 
+-	return 1; // boolean is a libjpeg type that is an int.
 +	return (boolean)TRUE;
  }
  
  /*
-@@ -161,7 +161,7 @@
+@@ -161,7 +161,7 @@ bool UT_JPEG_getDimensions(const UT_ByteBuf* pBB, UT_sint32& iImageWidth,
  	/* set the data source */
  	_JPEG_ByteBufSrc (&cinfo, pBB);
  
@@ -22,7 +22,7 @@ casted.
  	jpeg_start_decompress(&cinfo);
      iImageWidth = cinfo.output_width;
      iImageHeight = cinfo.output_height;
-@@ -189,7 +189,7 @@
+@@ -189,7 +189,7 @@ bool UT_JPEG_getRGBData(const UT_ByteBuf* pBB, UT_Byte* pDest, UT_sint32 iDestRo
  	/* set the data source */
  	_JPEG_ByteBufSrc (&cinfo, pBB);
  
diff --git a/gnu/packages/patches/aspell-default-dict-dir.patch b/gnu/packages/patches/aspell-default-dict-dir.patch
new file mode 100644
index 0000000000..17a6ff606f
--- /dev/null
+++ b/gnu/packages/patches/aspell-default-dict-dir.patch
@@ -0,0 +1,20 @@
+This patch changes the default value of 'dict-dir' to correspond
+to ~/.guix-profile/lib/aspell rather than $prefix/lib/aspell-X.Y.
+
+This is not strictly necessary for the 'aspell' program itself since
+one can simply set "ASPELL_CONF=dict-dir $HOME/.guix-profile/lib/aspell".
+However it is necessary for applications that use libaspell since
+'ASPELL_CONF' is not honored in this case.  See <https://bugs.gnu.org/25836>.
+
+--- a/common/config.cpp
++++ b/common/config.cpp
+@@ -1349,6 +1349,9 @@ namespace acommon {
+ #  define REPL     ".aspell.<lang>.prepl"
+ #endif
+ 
++#undef DICT_DIR
++#define DICT_DIR "<$ASPELL_DICT_DIR|home-dir/.guix-profile/lib/aspell>"
++
+   static const KeyInfo config_keys[] = {
+     // the description should be under 50 chars
+     {"actual-dict-dir", KeyInfoString, "<dict-dir^master>", 0}
diff --git a/gnu/packages/patches/audacity-fix-ffmpeg-binding.patch b/gnu/packages/patches/audacity-fix-ffmpeg-binding.patch
deleted file mode 100644
index d6d65338d9..0000000000
--- a/gnu/packages/patches/audacity-fix-ffmpeg-binding.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-This resolves some "declaration of C function conflicts with previous
-declaration" errors during compilation.
-
---- a/src/FFmpeg.h	2015-02-21 00:33:33.853857529 +0100
-+++ b/src/FFmpeg.h	2015-02-21 00:35:09.626497205 +0100
-@@ -688,7 +688,7 @@
-    FFMPEG_FUNCTION_WITH_RETURN(
-       AVOutputFormat*,
-       av_oformat_next,
--      (AVOutputFormat *f),
-+      (const AVOutputFormat *f),
-       (f)
-    );
-    FFMPEG_FUNCTION_WITH_RETURN(
-@@ -755,7 +755,7 @@
-    FFMPEG_FUNCTION_WITH_RETURN(
-       int,
-       av_fifo_size,
--      (AVFifoBuffer *f),
-+      (const AVFifoBuffer *f),
-       (f)
-    );
-    FFMPEG_FUNCTION_WITH_RETURN(
-@@ -801,7 +801,7 @@
-    FFMPEG_FUNCTION_WITH_RETURN(
-       AVDictionaryEntry *,
-       av_dict_get,
--      (AVDictionary *m, const char *key, const AVDictionaryEntry *prev, int flags),
-+      (const AVDictionary *m, const char *key, const AVDictionaryEntry *prev, int flags),
-       (m, key, prev, flags)
-    );
-    FFMPEG_FUNCTION_WITH_RETURN(
diff --git a/gnu/packages/patches/calibre-dont-load-remote-icons.patch b/gnu/packages/patches/calibre-dont-load-remote-icons.patch
new file mode 100644
index 0000000000..2168263072
--- /dev/null
+++ b/gnu/packages/patches/calibre-dont-load-remote-icons.patch
@@ -0,0 +1,45 @@
+From: Martin Pitt <mpitt@debian.org>
+Date: Mon, 14 Nov 2016 22:41:24 +0100
+Subject: content-server: Don't load external URLs for privacy
+
+Spotted by lintian.
+---
+ resources/content_server/browse/browse.html | 4 +---
+ resources/content_server/index.html         | 2 +-
+ 2 files changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/resources/content_server/browse/browse.html b/resources/content_server/browse/browse.html
+index 36f7199..e615707 100644
+--- a/resources/content_server/browse/browse.html
++++ b/resources/content_server/browse/browse.html
+@@ -7,7 +7,7 @@
+     <title>..:: calibre {library} ::.. {title}</title>
+     <meta http-equiv="X-UA-Compatible" content="IE=100" />
+     <meta name="robots" content="noindex" />
+-    <link rel="icon" type="image/x-icon" href="//calibre-ebook.com/favicon.ico" />
++    <link rel="icon" type="image/x-icon" href="favicon.ico" />
+ 
+     <link rel="stylesheet" type="text/css" href="{prefix}/static/browse/browse.css" />
+     <link type="text/css" href="{prefix}/static/jquery_ui/css/humanity-custom/jquery-ui-1.8.5.custom.css" rel="stylesheet" />
+@@ -63,8 +63,6 @@
+                     <input type="image"
+                     src="{prefix}/static/button-donate.png"
+                         name="submit"></input>
+-                    <img alt="" src="https://www.paypal.com/en_US/i/scr/pixel.gif"
+-                        width="1" height="1"></img>
+                 </div>
+             </form>
+             <div id="calibre-home-link" title="Go to the calibre website"></div>
+diff --git a/resources/content_server/index.html b/resources/content_server/index.html
+index 51cc33a..e71d0e8 100644
+--- a/resources/content_server/index.html
++++ b/resources/content_server/index.html
+@@ -9,7 +9,7 @@
+         <script type="text/javascript" src="{prefix}/static/date.js" charset="utf-8"></script>
+         <script type="text/javascript" src="{prefix}/static/jquery.js" charset="utf-8"></script>
+         <script type="text/javascript" src="{prefix}/static/gui.js" charset="utf-8"></script>
+-		<link rel="icon" href="//calibre-ebook.com/favicon.ico" type="image/x-icon" />
++		<link rel="icon" href="favicon.ico" type="image/x-icon" />
+ 	</head>
+ 	<body>
+ 	    <div id="banner">
diff --git a/gnu/packages/patches/calibre-drop-unrar.patch b/gnu/packages/patches/calibre-drop-unrar.patch
index 4eb64404f6..adf977b183 100644
--- a/gnu/packages/patches/calibre-drop-unrar.patch
+++ b/gnu/packages/patches/calibre-drop-unrar.patch
@@ -1,15 +1,20 @@
-Taken from Debian. Updated by Alex Griffin.
+Recreated old debian patch on the latest calibre version
 
-Author: Dmitry Shachnev <mitya57@gmail.com>
-Description: do not build unrar extension as we strip unrar from the tarball
-Forwarded: not-needed
-Last-Update: 2013-04-04
+From 6764e4c211e50d4f4633dbabfba7cbc3089c51dc Mon Sep 17 00:00:00 2001
+From: Brendan Tildesley <brendan.tildesley@openmailbox.org>
+Date: Sat, 13 May 2017 21:12:12 +1000
+Subject: [PATCH] Remove unrar extension
 
-Index: calibre/setup/extensions.py
-===================================================================
---- calibre.orig/setup/extensions.json	2016-07-21 21:21:05.000000000 -0500
-+++ calibre/setup/extensions.json	2016-07-27 11:22:17.167710112 -0500
-@@ -211,14 +211,5 @@
+---
+ setup/extensions.json                  | 11 -----------
+ src/calibre/ebooks/metadata/archive.py |  2 +-
+ 2 files changed, 1 insertion(+), 12 deletions(-)
+
+diff --git a/setup/extensions.json b/setup/extensions.json
+index 1f6d1fb5fd..127390450f 100644
+--- a/setup/extensions.json
++++ b/setup/extensions.json
+@@ -211,16 +211,5 @@
          "sources": "calibre/devices/mtp/unix/devices.c calibre/devices/mtp/unix/libmtp.c",
          "headers": "calibre/devices/mtp/unix/devices.h calibre/devices/mtp/unix/upstream/music-players.h calibre/devices/mtp/unix/upstream/device-flags.h",
          "libraries": "mtp"
@@ -20,22 +25,25 @@ Index: calibre/setup/extensions.py
 -        "inc_dirs": "unrar",
 -        "defines": "SILENT RARDLL UNRAR _FILE_OFFSET_BITS=64 _LARGEFILE_SOURCE",
 -        "windows_defines": "SILENT RARDLL UNRAR",
+-        "haiku_defines": "LITTLE_ENDIAN SILENT RARDLL UNRAR _FILE_OFFSET_BITS=64 _LARGEFILE_SOURCE _BSD_SOURCE",
+-        "haiku_libraries": "bsd",
 -        "optimize_level": 2,
 -        "windows_libraries": "User32 Advapi32 kernel32 Shell32"
      }
  ]
- 
- 
-Index: calibre/src/calibre/ebooks/metadata/archive.py
-===================================================================
---- calibre.orig/src/calibre/ebooks/metadata/archive.py	2016-07-21 21:21:05.000000000 -0500
-+++ calibre/src/calibre/ebooks/metadata/archive.py	2016-07-27 11:21:07.793616039 -0500
-@@ -42,7 +42,7 @@
-     description = _('Extract common e-book formats from archives '
-         '(zip/rar) files. Also try to autodetect if they are actually '
-         'cbz/cbr files.')
+diff --git a/src/calibre/ebooks/metadata/archive.py b/src/calibre/ebooks/metadata/archive.py
+index f5c0b7bed3..32257dcdae 100644
+--- a/src/calibre/ebooks/metadata/archive.py
++++ b/src/calibre/ebooks/metadata/archive.py
+@@ -44,7 +44,7 @@ class ArchiveExtract(FileTypePlugin):
+     description = _('Extract common e-book formats from archive files '
+         '(ZIP/RAR). Also try to autodetect if they are actually '
+         'CBZ/CBR files.')
 -    file_types = set(['zip', 'rar'])
 +    file_types = set(['zip'])
      supported_platforms = ['windows', 'osx', 'linux']
      on_import = True
  
+-- 
+2.12.2
+
diff --git a/gnu/packages/patches/calibre-use-packaged-feedparser.patch b/gnu/packages/patches/calibre-use-packaged-feedparser.patch
new file mode 100644
index 0000000000..8f4bbc8248
--- /dev/null
+++ b/gnu/packages/patches/calibre-use-packaged-feedparser.patch
@@ -0,0 +1,51 @@
+From: Martin Pitt <mpitt@debian.org>
+Date: Mon, 14 Nov 2016 22:41:23 +0100
+Subject: Use packaged instead of bundled feedparser Python module
+
+---
+ recipes/lenta_ru.recipe           | 4 +++-
+ src/calibre/web/feeds/__init__.py | 4 +++-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/recipes/lenta_ru.recipe b/recipes/lenta_ru.recipe
+index aa4dac4..4b6710c 100644
+--- a/recipes/lenta_ru.recipe
++++ b/recipes/lenta_ru.recipe
+@@ -4,11 +4,13 @@
+ Lenta.ru
+ '''
+ 
+-from calibre.web.feeds.feedparser import parse
+ from calibre.ebooks.BeautifulSoup import Tag
+ from calibre.web.feeds.news import BasicNewsRecipe
++from feedparser import parse
++from functools import partial
+ import re
+ 
++parse = partial(parse, agent='Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11')
+ 
+ class LentaRURecipe(BasicNewsRecipe):
+     title = u'Lenta.ru: \u041d\u043e\u0432\u043e\u0441\u0442\u0438'
+diff --git a/src/calibre/web/feeds/__init__.py b/src/calibre/web/feeds/__init__.py
+index 8c9d748..f262604 100644
+--- a/src/calibre/web/feeds/__init__.py
++++ b/src/calibre/web/feeds/__init__.py
+@@ -11,7 +11,10 @@ from calibre.utils.logging import default_log
+ from calibre import entity_to_unicode, strftime, force_unicode
+ from calibre.utils.date import dt_factory, utcnow, local_tz
+ from calibre.utils.cleantext import clean_ascii_chars, clean_xml_chars
++from feedparser import parse
++from functools import partial
+ 
++parse = partial(parse, agent='Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11')
+ 
+ class Article(object):
+ 
+@@ -334,7 +337,6 @@ def feed_from_xml(raw_xml, title=None, oldest_article=7,
+                   max_articles_per_feed=100,
+                   get_article_url=lambda item: item.get('link', None),
+                   log=default_log):
+-    from calibre.web.feeds.feedparser import parse
+     # Handle unclosed escaped entities. They trip up feedparser and HBR for one
+     # generates them
+     raw_xml = re.sub(r'(&amp;#\d+)([^0-9;])', r'\1;\2', raw_xml)
diff --git a/gnu/packages/patches/cdrtools-3.01-mkisofs-isoinfo.patch b/gnu/packages/patches/cdrtools-3.01-mkisofs-isoinfo.patch
new file mode 100644
index 0000000000..9c817d4198
--- /dev/null
+++ b/gnu/packages/patches/cdrtools-3.01-mkisofs-isoinfo.patch
@@ -0,0 +1,514 @@
+Patch for version 3.01, taken from upstream at
+https://sourceforge.net/projects/cdrtools/files/cdrtools-3.01-fix-20151126-mkisofs-isoinfo.patch
+
+--- cdrtools-3.01.orig/mkisofs/diag/isoinfo.c	2015-07-22 20:36:45.000000000 +0000
++++ cdrtools-3.01/mkisofs/diag/isoinfo.c	2015-11-17 19:35:40.000000000 +0000
+@@ -1,8 +1,8 @@
+-/* @(#)isoinfo.c	1.95 15/07/22 joerg */
++/* @(#)isoinfo.c	1.100 15/11/17 joerg */
+ #include <schily/mconfig.h>
+ #ifndef	lint
+ static	UConst char sccsid[] =
+-	"@(#)isoinfo.c	1.95 15/07/22 joerg";
++	"@(#)isoinfo.c	1.100 15/11/17 joerg";
+ #endif
+ /*
+  * File isodump.c - dump iso9660 directory information.
+@@ -148,8 +148,10 @@ LOCAL char	er_id[256];
+ LOCAL int	su_version = 0;
+ LOCAL int	rr_version = 0;
+ LOCAL int	aa_version = 0;
++LOCAL int	cl_extent = 0;
+ LOCAL int	ucs_level = 0;
+ LOCAL BOOL	iso9660_inodes = FALSE;
++LOCAL uid_t	myuid;
+ 
+ #ifdef	USE_FIND
+ LOCAL findn_t	*find_node;		/* syntaxtree from find_parse()	*/
+@@ -208,6 +210,9 @@ LOCAL	void	extract		__PR((char *rootname
+ LOCAL	void	extract_file	__PR((int f,
+ 					struct iso_directory_record * idr,
+ 					char *fname));
++LOCAL	void	parse_cl_dir	__PR((struct iso_directory_record *idr,
++					int extent));
++LOCAL	BOOL	parse_de	__PR((struct iso_directory_record *idr));
+ LOCAL	void	parse_dir	__PR((char * rootname, int extent, int len));
+ LOCAL	void	usage		__PR((int excode));
+ EXPORT	int	main		__PR((int argc, char *argv[]));
+@@ -459,7 +464,6 @@ parse_rr(pnt, len, cont_flag)
+ 	int slen;
+ 	int xlen;
+ 	int ncount;
+-	int cl_extent;
+ 	int pl_extent;
+ 	int cont_extent, cont_offset, cont_size;
+ 	int flag1, flag2;
+@@ -469,7 +473,7 @@ parse_rr(pnt, len, cont_flag)
+ 
+ 	symlinkname[0] = 0;
+ 
+-	cont_extent = cont_offset = cont_size = 0;
++	cl_extent = cont_extent = cont_offset = cont_size = 0;
+ 
+ 	ncount = 0;
+ 	flag1 = -1;
+@@ -714,6 +718,7 @@ struct todo
+ };
+ 
+ LOCAL struct todo	*todo_idr = NULL;
++LOCAL struct todo	**todo_pp = &todo_idr;
+ 
+ LOCAL char		*months[12] = {"Jan", "Feb", "Mar", "Apr",
+ 				"May", "Jun", "Jul",
+@@ -962,8 +967,14 @@ static	BOOL		isfirst = TRUE;
+ 	close(f);
+ 	return;
+ setmode:
+-	fchmodat(AT_FDCWD, fname, fstat_buf.st_mode, AT_SYMLINK_NOFOLLOW);
+ 	fchownat(AT_FDCWD, fname, fstat_buf.st_uid, fstat_buf.st_gid, AT_SYMLINK_NOFOLLOW);
++	if (myuid != 0 && S_ISDIR(fstat_buf.st_mode)) {
++		/*
++		 * Temporary hack until we have a dirstack like star.
++		 */
++		fstat_buf.st_mode |= S_IWUSR;
++	}
++	fchmodat(AT_FDCWD, fname, fstat_buf.st_mode, AT_SYMLINK_NOFOLLOW);
+ 	times[0].tv_sec = fstat_buf.st_atime;
+ 	times[0].tv_nsec = stat_ansecs(&fstat_buf);
+ 	times[1].tv_sec = fstat_buf.st_mtime;
+@@ -1001,6 +1012,143 @@ extract_file(f, idr, fname)
+ 	}
+ }
+ 
++
++LOCAL void
++parse_cl_dir(idr, extent)
++	struct iso_directory_record	*idr;
++	int				extent;
++{
++	char				cl_name_buf[256*3];
++
++	strlcpy(cl_name_buf, name_buf, sizeof (cl_name_buf));
++#ifdef	USE_SCG
++	readsecs(extent - sector_offset, idr, 1);
++#else
++	lseek(fileno(infile), ((off_t)(extent - sector_offset)) << 11, SEEK_SET);
++	read(fileno(infile), idr, 2048);
++#endif
++
++	if (parse_de(idr) && use_rock)
++		dump_rr(idr);
++	strlcpy(name_buf, cl_name_buf, sizeof (name_buf));
++}
++
++LOCAL BOOL
++parse_de(idr)
++	struct iso_directory_record	*idr;
++{
++	unsigned char	uc;
++
++	if (idr->length[0] == 0)
++		return (FALSE);
++	memset(&fstat_buf, 0, sizeof (fstat_buf));
++	found_rr = 0;
++	name_buf[0] = xname[0] = 0;
++	fstat_buf.st_size = (off_t)(unsigned)isonum_733((unsigned char *)idr->size);
++	if (idr->flags[0] & 2)
++		fstat_buf.st_mode |= S_IFDIR;
++	else
++		fstat_buf.st_mode |= S_IFREG;
++	if (idr->name_len[0] == 1 && idr->name[0] == 0)
++		strcpy(name_buf, ".");
++	else if (idr->name_len[0] == 1 && idr->name[0] == 1)
++		strcpy(name_buf, "..");
++	else {
++		switch (ucs_level) {
++		case 3:
++		case 2:
++		case 1:
++			/*
++			 * Unicode name.  Convert as best we can.
++			 */
++			{
++			int	j;
++				name_buf[0] = '\0';
++#ifdef	USE_ICONV
++			if (use_iconv(unls)) {
++				int	u;
++				char	*to = name_buf;
++
++				for (j = 0, u = 0; j < (int)idr->name_len[0] / 2; j++) {
++					char	*ibuf = (char *)&idr->name[j*2];
++					size_t	isize = 2;		/* UCS-2 character size */
++					size_t	osize = 4;
++
++					if (iconv(unls->sic_uni2cd, (__IC_CONST char **)&ibuf, &isize,
++							(char **)&to, &osize) == -1) {
++						int	err = geterrno();
++
++						if ((err == EINVAL || err == EILSEQ) &&
++						    osize == 4) {
++							*to = '_';
++							u += 1;
++							to++;
++						}
++					} else {
++						u += 4 - osize;
++						to = &name_buf[u];
++					}
++				}
++				j = u;
++			} else
++#endif
++			for (j = 0; j < (int)idr->name_len[0] / 2; j++) {
++				UInt16_t	unichar;
++
++				unichar = (idr->name[j*2] & 0xFF) * 256 +
++					    (idr->name[j*2+1] & 0xFF);
++
++				/*
++				 * Get the backconverted char
++				 */
++				if (unls)
++					uc = sic_uni2c(unls, unichar);
++				else
++					uc = unichar > 255 ? '_' : unichar;
++
++				name_buf[j] = uc ? uc : '_';
++			}
++			name_buf[j] = '\0';
++			}
++			break;
++		case 0:
++			/*
++			 * Normal non-Unicode name.
++			 */
++			strncpy(name_buf, idr->name, idr->name_len[0]);
++			name_buf[idr->name_len[0]] = 0;
++			break;
++		default:
++			/*
++			 * Don't know how to do these yet.  Maybe they are the same
++			 * as one of the above.
++			 */
++			exit(1);
++		}
++	}
++	memcpy(date_buf, idr->date, 9);
++	/*
++	 * Always first set up time stamps and file modes from
++	 * ISO-9660. This is used as a fallback in case that
++	 * there is no related Rock Ridge based data.
++	 */
++	fstat_buf.st_atime =
++	fstat_buf.st_mtime =
++	fstat_buf.st_ctime = iso9660_time(date_buf, NULL, FALSE);
++	fstat_buf.st_mode |= S_IRUSR|S_IXUSR |
++		    S_IRGRP|S_IXGRP |
++		    S_IROTH|S_IXOTH;
++	fstat_buf.st_nlink = 1;
++	fstat_buf.st_ino = 0;
++	fstat_buf.st_uid = 0;
++	fstat_buf.st_gid = 0;
++	if (iso9660_inodes) {
++		fstat_buf.st_ino = (unsigned long)
++		    isonum_733((unsigned char *)idr->extent);
++	}
++	return (TRUE);
++}
++
+ LOCAL void
+ parse_dir(rootname, extent, len)
+ 	char	*rootname;
+@@ -1012,12 +1160,13 @@ parse_dir(rootname, extent, len)
+ 	struct iso_directory_record * idr;
+ 	struct iso_directory_record	didr;
+ 	struct stat			dstat;
+-	unsigned char	uc;
++	unsigned char	cl_buffer[2048];
+ 	unsigned char	flags = 0;
+ 	Llong		size = 0;
+ 	int		sextent = 0;
+ 	int	rlen;
+ 	int	blen;
++	int	rr_flags = 0;
+ static	char	*n = 0;
+ static	int	nlen = 0;
+ 
+@@ -1039,115 +1188,23 @@ static	int	nlen = 0;
+ 		i = 0;
+ 		while (1 == 1) {
+ 			idr = (struct iso_directory_record *) &buffer[i];
+-			if (idr->length[0] == 0) break;
+-			memset(&fstat_buf, 0, sizeof (fstat_buf));
+-			found_rr = 0;
+-			name_buf[0] = xname[0] = 0;
+-			fstat_buf.st_size = (off_t)(unsigned)isonum_733((unsigned char *)idr->size);
+-			if (idr->flags[0] & 2)
+-				fstat_buf.st_mode |= S_IFDIR;
+-			else
+-				fstat_buf.st_mode |= S_IFREG;
+-			if (idr->name_len[0] == 1 && idr->name[0] == 0)
+-				strcpy(name_buf, ".");
+-			else if (idr->name_len[0] == 1 && idr->name[0] == 1)
+-				strcpy(name_buf, "..");
+-			else {
+-				switch (ucs_level) {
+-				case 3:
+-				case 2:
+-				case 1:
+-					/*
+-					 * Unicode name.  Convert as best we can.
+-					 */
+-					{
+-					int	j;
+-
+-					name_buf[0] = '\0';
+-#ifdef	USE_ICONV
+-					if (use_iconv(unls)) {
+-						int	u;
+-						char	*to = name_buf;
+-
+-						for (j = 0, u = 0; j < (int)idr->name_len[0] / 2; j++) {
+-							char	*ibuf = (char *)&idr->name[j*2];
+-							size_t	isize = 2;		/* UCS-2 character size */
+-							size_t	osize = 4;
+-
+-							if (iconv(unls->sic_uni2cd, (__IC_CONST char **)&ibuf, &isize,
+-									(char **)&to, &osize) == -1) {
+-								int	err = geterrno();
+-
+-								if ((err == EINVAL || err == EILSEQ) &&
+-								    osize == 4) {
+-									*to = '_';
+-									u += 1;
+-									to++;
+-								}
+-							} else {
+-								u += 4 - osize;
+-								to = &name_buf[u];
+-							}
+-						}
+-						j = u;
+-					} else
+-#endif
+-					for (j = 0; j < (int)idr->name_len[0] / 2; j++) {
+-						UInt16_t	unichar;
+-
+-						unichar = (idr->name[j*2] & 0xFF) * 256 +
+-							    (idr->name[j*2+1] & 0xFF);
+-
+-						/*
+-						 * Get the backconverted char
+-						 */
+-						if (unls)
+-							uc = sic_uni2c(unls, unichar);
+-						else
+-							uc = unichar > 255 ? '_' : unichar;
++			if (idr->length[0] == 0)
++				break;
++			parse_de(idr);
++			if (use_rock) {
++				rr_flags = dump_rr(idr);
+ 
+-						name_buf[j] = uc ? uc : '_';
+-					}
+-					name_buf[j] = '\0';
+-					}
+-					break;
+-				case 0:
++				if (rr_flags & RR_FLAG_CL) {
+ 					/*
+-					 * Normal non-Unicode name.
++					 * Need to reparse the child link
++					 * but note that we parse "CL/."
++					 * so we get no usable file name.
+ 					 */
+-					strncpy(name_buf, idr->name, idr->name_len[0]);
+-					name_buf[idr->name_len[0]] = 0;
+-					break;
+-				default:
+-					/*
+-					 * Don't know how to do these yet.  Maybe they are the same
+-					 * as one of the above.
+-					 */
+-					exit(1);
+-				}
++					idr = (struct iso_directory_record *) cl_buffer;
++					parse_cl_dir(idr, cl_extent);
++				} else if (rr_flags & RR_FLAG_RE)
++					goto cont;	/* skip rr_moved */
+ 			}
+-			memcpy(date_buf, idr->date, 9);
+-			/*
+-			 * Always first set up time stamps and file modes from
+-			 * ISO-9660. This is used as a fallback in case that
+-			 * there is no related Rock Ridge based data.
+-			 */
+-			fstat_buf.st_atime =
+-			fstat_buf.st_mtime =
+-			fstat_buf.st_ctime = iso9660_time(date_buf, NULL, FALSE);
+-			fstat_buf.st_mode |= S_IRUSR|S_IXUSR |
+-				    S_IRGRP|S_IXGRP |
+-				    S_IROTH|S_IXOTH;
+-			fstat_buf.st_nlink = 1;
+-			fstat_buf.st_ino = 0;
+-			fstat_buf.st_uid = 0;
+-			fstat_buf.st_gid = 0;
+-			if (iso9660_inodes) {
+-				fstat_buf.st_ino = (unsigned long)
+-				    isonum_733((unsigned char *)idr->extent);
+-			}
+-			if (use_rock)
+-				dump_rr(idr);
+ 			if (Xtract &&
+ 			    (idr->flags[0] & 2) != 0 &&
+ 			    idr->name_len[0] == 1 &&
+@@ -1170,30 +1227,30 @@ static	int	nlen = 0;
+ 				n[rlen] = '\0';
+ 
+ 			if ((idr->flags[0] & 2) != 0 &&
+-			    (idr->name_len[0] != 1 ||
++			    ((rr_flags & RR_FLAG_CL) ||
++			    idr->name_len[0] != 1 ||
+ 			    (idr->name[0] != 0 && idr->name[0] != 1))) {
+ 				/*
+ 				 * This is a plain directory (neither "xxx/."
+ 				 * nor "xxx/..").
+ 				 * Add this directory to the todo list.
+ 				 */
+-				td = todo_idr;
+-				if (td != NULL) {
+-					while (td->next != NULL)
+-						td = td->next;
+-					td->next = (struct todo *) malloc(sizeof (*td));
+-					td = td->next;
+-				} else {
+-					todo_idr = td = (struct todo *) malloc(sizeof (*td));
+-				}
++				td = (struct todo *) malloc(sizeof (*td));
++				if (td == NULL)
++					comerr(_("No memory.\n"));
+ 				td->next = NULL;
+ 				td->extent = isonum_733((unsigned char *)idr->extent);
+ 				td->length = isonum_733((unsigned char *)idr->size);
+ 				td->name = (char *) malloc(strlen(rootname)
+ 								+ strlen(name_buf) + 2);
++				if (td->name == NULL)
++					comerr(_("No memory.\n"));
+ 				strcpy(td->name, rootname);
+ 				strcat(td->name, name_buf);
+ 				strcat(td->name, "/");
++
++				*todo_pp = td;
++				todo_pp = &td->next;
+ 			} else {
+ 				if (xtract && strcmp(xtract, n) == 0) {
+ 					extract_file(STDOUT_FILENO, idr, "stdout");
+@@ -1253,6 +1310,7 @@ static	int	nlen = 0;
+ 				if ((idr->flags[0] & ISO_MULTIEXTENT) == 0)
+ 					size = 0;
+ 			}
++		cont:
+ 			i += buffer[i];
+ 			if (i > 2048 - offsetof(struct iso_directory_record, name[0])) break;
+ 		}
+@@ -1381,12 +1439,13 @@ main(argc, argv)
+ 		usage(0);
+ 	if (prvers) {
+ 		printf(_("isoinfo %s (%s-%s-%s) Copyright (C) 1993-1999 %s (C) 1999-2015 %s\n"),
+-					VERSION,
++					"3.02a02",
+ 					HOST_CPU, HOST_VENDOR, HOST_OS,
+ 					_("Eric Youngdale"),
+ 					_("Joerg Schilling"));
+ 		exit(0);
+ 	}
++	myuid = getuid();
+ #ifdef	USE_FIND
+ 	if (do_find) {
+ 		finda_t	fa;
+--- cdrtools-3.01.orig/mkisofs/udf.c	2013-04-24 20:45:18.000000000 +0000
++++ cdrtools-3.01/mkisofs/udf.c	2015-11-25 22:07:30.000000000 +0000
+@@ -1,15 +1,15 @@
+-/* @(#)udf.c	1.42 13/04/24 Copyright 2001-2013 J. Schilling */
++/* @(#)udf.c	1.43 15/11/25 Copyright 2001-2015 J. Schilling */
+ #include <schily/mconfig.h>
+ #ifndef lint
+ static	UConst char sccsid[] =
+-	"@(#)udf.c	1.42 13/04/24 Copyright 2001-2013 J. Schilling";
++	"@(#)udf.c	1.43 15/11/25 Copyright 2001-2015 J. Schilling";
+ #endif
+ /*
+  * udf.c - UDF support for mkisofs
+  *
+  * Written by Ben Rudiak-Gould (2001).
+  *
+- * Copyright 2001-2013 J. Schilling.
++ * Copyright 2001-2015 J. Schilling.
+  */
+ /*
+  * This program is free software; you can redistribute it and/or modify
+@@ -98,7 +98,7 @@ static	UConst char sccsid[] =
+ extern	int	use_sparcboot;
+ 
+ extern struct directory *root;
+-extern time_t		begun;
++extern struct timeval	tv_begun;
+ 
+ static unsigned lba_main_seq;
+ static unsigned lba_main_seq_copy;
+@@ -110,7 +110,7 @@ static unsigned lba_end_anchor_vol_desc;
+ static unsigned num_udf_files;
+ static unsigned num_udf_directories;
+ 
+-static unsigned volume_set_id[2];
++static unsigned volume_set_id[2] = { 0, 0 };
+ 
+ #define	UDF_MAIN_SEQ_LENGTH (16)
+ #define	UDF_INTEG_SEQ_LENGTH (2)
+@@ -723,7 +723,7 @@ set_primary_vol_desc(buf, lba)
+ 	/*pvd->volume_abstract;*/
+ 	/*pvd->volume_copyright_notice;*/
+ 	/*pvd->application_ident;*/
+-	set_timestamp_from_time_t(&pvd->recording_date_and_time, begun);
++	set_timestamp_from_time_t(&pvd->recording_date_and_time, tv_begun.tv_sec);
+ 	set_impl_ident(&pvd->impl_ident);
+ 	set_tag(&pvd->desc_tag, UDF_TAGID_PRIMARY_VOLUME_DESC, lba, 512);
+ }
+@@ -831,7 +831,7 @@ set_logical_vol_integrity_desc(buf, lba)
+ 	udf_logical_volume_integrity_desc *lvid =
+ 				(udf_logical_volume_integrity_desc *)buf;
+ 
+-	set_timestamp_from_time_t(&lvid->recording_date, begun);
++	set_timestamp_from_time_t(&lvid->recording_date, tv_begun.tv_sec);
+ 	set32(&lvid->integrity_type, UDF_INTEGRITY_TYPE_CLOSE);
+ 	/*lvid->next_integrity_extent;*/
+ 	set64(&lvid->logical_volume_contents_use.unique_id,
+@@ -859,7 +859,7 @@ set_file_set_desc(buf, rba)
+ {
+ 	udf_file_set_desc *fsd = (udf_file_set_desc *)buf;
+ 
+-	set_timestamp_from_time_t(&fsd->recording_date_and_time, begun);
++	set_timestamp_from_time_t(&fsd->recording_date_and_time, tv_begun.tv_sec);
+ 	set16(&fsd->interchange_level, 3);
+ 	set16(&fsd->maximum_interchange_level, 3);
+ 	set32(&fsd->character_set_list, 1);
+@@ -1986,8 +1986,10 @@ udf_main_seq_write(out)
+ 	 * volume_set_id needs to be set to a (64-bit) "unique" number.
+ 	 * This will have to do for now.
+ 	 */
+-	volume_set_id[0] = begun;
+-	volume_set_id[1] = (unsigned)clock();	/* XXX Maybe non-portable */
++	if (volume_set_id[0] == 0) {
++		volume_set_id[0] = tv_begun.tv_sec;
++		volume_set_id[1] = (unsigned)tv_begun.tv_usec;
++	}
+ 
+ 	memset(buf, 0, sizeof (buf));
+ 	set_primary_vol_desc(buf, last_extent_written++);
+--- cdrtools-3.01.orig/mkisofs/mkisofs.c	2015-01-01 14:19:51.000000000 +0000
++++ cdrtools-3.01/mkisofs/mkisofs.c
+@@ -69 +69 @@ int		path_ind;
+-char	version_string[] = VERSION;
++char	version_string[] = "3.01-fix-20151126";
diff --git a/gnu/packages/patches/ceph-disable-cpu-optimizations.patch b/gnu/packages/patches/ceph-disable-cpu-optimizations.patch
index 6d20fe3da4..f33eb629d6 100644
--- a/gnu/packages/patches/ceph-disable-cpu-optimizations.patch
+++ b/gnu/packages/patches/ceph-disable-cpu-optimizations.patch
@@ -1,12 +1,13 @@
-Disable CPU optimizations not supported by the vast majority of
-x86_64 systems. Also don't add anything for i686.
+Disable CPU optimizations not supported by all x86_64 systems. Also
+don't add anything for i686.
 
 --- a/cmake/modules/SIMDExt.cmake	2017-03-23 22:22:58.254071694 +0100
 +++ b/cmake/modules/SIMDExt.cmake	2017-03-23 22:23:22.446848845 +0100
-@@ -6,10 +6,6 @@
+@@ -5,11 +5,6 @@
+ # HAVE_ARM_NEON
  # HAVE_INTEL_SSE
  # HAVE_INTEL_SSE2
- # HAVE_INTEL_SSE3
+-# HAVE_INTEL_SSE3
 -# HAVE_INTEL_SSSE3
 -# HAVE_INTEL_PCLMUL
 -# HAVE_INTEL_SSE4_1
@@ -14,19 +15,23 @@ x86_64 systems. Also don't add anything for i686.
  #
  # SIMD_COMPILE_FLAGS
  #
-@@ -56,7 +53,7 @@
-   if(HAVE_ARM_NEON)
+@@ -73,7 +68,7 @@
      set(SIMD_COMPILE_FLAGS "${SIMD_COMPILE_FLAGS} -mfpu=neon")
    endif()
+ 
 -elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "i386|i686|amd64|x86_64|AMD64")
 +elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "amd64|x86_64|AMD64")
    set(HAVE_INTEL 1)
    CHECK_C_COMPILER_FLAG(-msse HAVE_INTEL_SSE)
    if(HAVE_INTEL_SSE)
-@@ -70,20 +67,4 @@
-   if(HAVE_INTEL_SSE3)
-     set(SIMD_COMPILE_FLAGS "${SIMD_COMPILE_FLAGS} -msse3")
+@@ -83,26 +78,6 @@
+   if(HAVE_INTEL_SSE2)
+     set(SIMD_COMPILE_FLAGS "${SIMD_COMPILE_FLAGS} -msse2")
    endif()
+-  CHECK_C_COMPILER_FLAG(-msse3 HAVE_INTEL_SSE3)
+-  if(HAVE_INTEL_SSE3)
+-    set(SIMD_COMPILE_FLAGS "${SIMD_COMPILE_FLAGS} -msse3")
+-  endif()
 -  CHECK_C_COMPILER_FLAG(-mssse3 HAVE_INTEL_SSSE3)
 -  if(HAVE_INTEL_SSSE3)
 -    set(SIMD_COMPILE_FLAGS "${SIMD_COMPILE_FLAGS} -mssse3")
@@ -43,4 +48,6 @@ x86_64 systems. Also don't add anything for i686.
 -  if(HAVE_INTEL_SSE4_2)
 -    set(SIMD_COMPILE_FLAGS "${SIMD_COMPILE_FLAGS} -msse4.2")
 -  endif()
- endif()
+ elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "(powerpc|ppc)64le")
+   set(HAVE_PPC64LE 1)
+   message(STATUS " we are ppc64le")
diff --git a/gnu/packages/patches/ceph-disable-unittest-throttle.patch b/gnu/packages/patches/ceph-disable-unittest-throttle.patch
new file mode 100644
index 0000000000..08ae5f9e24
--- /dev/null
+++ b/gnu/packages/patches/ceph-disable-unittest-throttle.patch
@@ -0,0 +1,52 @@
+FIXME: This test broke after the gcc-5/glibc-2.25 core-updates merge.
+Not sure what's going on here, it hangs after spawning the first thread.
+
+diff --git a/src/test/common/Throttle.cc b/src/test/common/Throttle.cc
+index 5b6d73217d..40a477b2a3 100644
+--- a/src/test/common/Throttle.cc
++++ b/src/test/common/Throttle.cc
+@@ -216,44 +216,6 @@ TEST_F(ThrottleTest, wait) {
+   } while(!waited);
+ }
+ 
+-TEST_F(ThrottleTest, destructor) {
+-  Thread_get *t;
+-  {
+-    int64_t throttle_max = 10;
+-    Throttle *throttle = new Throttle(g_ceph_context, "throttle", throttle_max);
+-
+-    ASSERT_FALSE(throttle->get(5));
+-
+-    t = new Thread_get(*throttle, 7);
+-    t->create("t_throttle");
+-    bool blocked;
+-    useconds_t delay = 1;
+-    do {
+-      usleep(delay);
+-      if (throttle->get_or_fail(1)) {
+-	throttle->put(1);
+-	blocked = false;
+-      } else {
+-	blocked = true;
+-      }
+-      delay *= 2;
+-    } while(!blocked);
+-    delete throttle;
+-  }
+-
+-  { //
+-    // The thread is left hanging, otherwise it will abort().
+-    // Deleting the Throttle on which it is waiting creates a
+-    // inconsistency that will be detected: the Throttle object that
+-    // it references no longer exists.
+-    //
+-    pthread_t id = t->get_thread_id();
+-    ASSERT_EQ(pthread_kill(id, 0), 0);
+-    delete t;
+-    ASSERT_EQ(pthread_kill(id, 0), 0);
+-  }
+-}
+-
+ std::pair<double, std::chrono::duration<double> > test_backoff(
+   double low_threshhold,
+   double high_threshhold,
diff --git a/gnu/packages/patches/cool-retro-term-dont-check-uninit-member.patch b/gnu/packages/patches/cool-retro-term-dont-check-uninit-member.patch
new file mode 100644
index 0000000000..c6e1d27315
--- /dev/null
+++ b/gnu/packages/patches/cool-retro-term-dont-check-uninit-member.patch
@@ -0,0 +1,33 @@
+From 126a97d1f22f7d784d392b2b7d5aadf0a4e18c0d Mon Sep 17 00:00:00 2001
+From: Petter <petter@mykolab.ch>
+Date: Thu, 27 Apr 2017 20:28:02 +0200
+Subject: [PATCH] Avoid checking uninitialized member + simplify condition
+
+---
+ qmltermwidget/lib/TerminalDisplay.cpp | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/qmltermwidget/lib/TerminalDisplay.cpp b/qmltermwidget/lib/TerminalDisplay.cpp
+index 189a609..36d2cd2 100644
+--- a/qmltermwidget/lib/TerminalDisplay.cpp
++++ b/qmltermwidget/lib/TerminalDisplay.cpp
+@@ -325,6 +325,7 @@ TerminalDisplay::TerminalDisplay(QQuickItem *parent)
+ ,_terminalSizeHint(false)
+ ,_terminalSizeStartup(true)
+ ,_bidiEnabled(false)
++,_mouseMarks(false)
+ ,_actSel(0)
+ ,_wordSelectionMode(false)
+ ,_lineSelectionMode(false)
+@@ -1846,7 +1847,7 @@ void TerminalDisplay::mousePressEvent(QMouseEvent* ev)
+   }
+   else if ( ev->button() == Qt::MidButton )
+   {
+-    if ( _mouseMarks || (!_mouseMarks && (ev->modifiers() & Qt::ShiftModifier)) )
++    if ( _mouseMarks || (ev->modifiers() & Qt::ShiftModifier) )
+       emitSelection(true,ev->modifiers() & Qt::ControlModifier);
+     else
+       emit mouseSignal( 1, charColumn +1, charLine +1 +_scrollBar->value() -_scrollBar->maximum() , 0);
+-- 
+2.12.2
+
diff --git a/gnu/packages/patches/cool-retro-term-fix-array-size.patch b/gnu/packages/patches/cool-retro-term-fix-array-size.patch
new file mode 100644
index 0000000000..04a2a27971
--- /dev/null
+++ b/gnu/packages/patches/cool-retro-term-fix-array-size.patch
@@ -0,0 +1,25 @@
+From c91d7ae5dbb00c8392a9f93283dc56c3e296cccd Mon Sep 17 00:00:00 2001
+From: Petter <petter@mykolab.ch>
+Date: Thu, 27 Apr 2017 20:19:21 +0200
+Subject: [PATCH] Fix size of the array passed to memset()
+
+---
+ qmltermwidget/lib/History.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/qmltermwidget/lib/History.cpp b/qmltermwidget/lib/History.cpp
+index 0f9c13f..ab6f7be 100644
+--- a/qmltermwidget/lib/History.cpp
++++ b/qmltermwidget/lib/History.cpp
+@@ -515,7 +515,7 @@ void HistoryScrollBlockArray::addCells(const Character a[], int count)
+   // put cells in block's data
+   assert((count * sizeof(Character)) < ENTRIES);
+ 
+-  memset(b->data, 0, ENTRIES);
++  memset(b->data, 0, sizeof(b->data));
+ 
+   memcpy(b->data, a, count * sizeof(Character));
+   b->size = count * sizeof(Character);
+-- 
+2.12.2
+
diff --git a/gnu/packages/patches/cool-retro-term-memory-leak-1.patch b/gnu/packages/patches/cool-retro-term-memory-leak-1.patch
new file mode 100644
index 0000000000..f3fbac17de
--- /dev/null
+++ b/gnu/packages/patches/cool-retro-term-memory-leak-1.patch
@@ -0,0 +1,32 @@
+From 08628fda19128b75248548357e416bc373f14f91 Mon Sep 17 00:00:00 2001
+From: Yen Chi Hsuan <yan12125@gmail.com>
+Date: Sat, 18 Mar 2017 02:50:34 +0800
+Subject: [PATCH] Fix memory leak in hotspot (URLs & emails) detection
+
+---
+ qmltermwidget/lib/Filter.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/qmltermwidget/lib/Filter.cpp b/qmltermwidget/lib/Filter.cpp
+index 5ca7bee..2e8d2fb 100644
+--- a/qmltermwidget/lib/Filter.cpp
++++ b/qmltermwidget/lib/Filter.cpp
+@@ -26,6 +26,7 @@
+ // Qt
+ #include <QAction>
+ #include <QApplication>
++#include <QtAlgorithms>
+ #include <QClipboard>
+ #include <QString>
+ #include <QTextStream>
+@@ -194,6 +195,7 @@ Filter::~Filter()
+ }
+ void Filter::reset()
+ {
++    qDeleteAll(_hotspotList);
+     _hotspots.clear();
+     _hotspotList.clear();
+ }
+-- 
+2.12.2
+
diff --git a/gnu/packages/patches/cool-retro-term-remove-non-free-fonts.patch b/gnu/packages/patches/cool-retro-term-remove-non-free-fonts.patch
new file mode 100644
index 0000000000..7a033df413
--- /dev/null
+++ b/gnu/packages/patches/cool-retro-term-remove-non-free-fonts.patch
@@ -0,0 +1,205 @@
+From 96ceffdfdcedd3ae33c46b11357aa2518e0a6152 Mon Sep 17 00:00:00 2001
+From: Petter <petter@mykolab.ch>
+Date: Thu, 27 Apr 2017 18:55:10 +0200
+Subject: [PATCH] Remove non-free fonts from settings menu
+
+--- a/app/qml/ApplicationSettings.qml
++++ b/app/qml/ApplicationSettings.qml
+@@ -409,7 +409,7 @@
+             obj_string: '{"ambientLight":0.16,"backgroundColor":"#000000","bloom":0.4,"brightness":0.5,"flickering":0.1,"contrast":0.85,"fontName":"TERMINUS_SCALED","fontColor":"#0ccc68","frameName":"SIMPLE_WHITE_FRAME","glowingLine":0.2,"horizontalSync":0.16,"jitter":0.18,"burnIn":0.45,"staticNoise":0.1,"rasterization":0,"screenCurvature":0.1,"windowOpacity":1,"chromaColor":0,"saturationColor":0,"rbgShift":0,"fontWidth":1.0,"useCustomCommand":false,"customCommand":""}'
+             builtin: true
+         }
+-        ListElement{
++        /*ListElement{
+             text: "Default Scanlines"
+             obj_string: '{"ambientLight":0.16,"backgroundColor":"#000000","bloom":0.4,"brightness":0.5,"flickering":0.1,"contrast":0.85,"fontName":"COMMODORE_PET","fontColor":"#00ff5b","frameName":"SIMPLE_WHITE_FRAME","glowingLine":0.2,"horizontalSync":0.14,"jitter":0.11,"burnIn":0.4,"staticNoise":0.05,"rasterization":1,"screenCurvature":0.1,"windowOpacity":1,"chromaColor":0,"saturationColor":0,"rbgShift":0,"fontWidth":1.0,"useCustomCommand":false,"customCommand":""}'
+             builtin: true
+@@ -433,7 +433,7 @@
+             text: "IBM Dos"
+             obj_string: '{"ambientLight":0.16,"backgroundColor":"#000000","bloom":0.4,"brightness":0.5,"flickering":0.07,"contrast":0.85,"fontName":"IBM_DOS","fontColor":"#ffffff","frameName":"SIMPLE_WHITE_FRAME","glowingLine":0.13,"horizontalSync":0,"jitter":0.16,"burnIn":0.3,"staticNoise":0.03,"rasterization":0,"screenCurvature":0.1,"windowOpacity":1,"chromaColor":1,"saturationColor":0,"rbgShift":0.35,"fontWidth":1.0,"useCustomCommand":false,"customCommand":""}'
+             builtin: true
+-        }
++        }*/
+         ListElement{
+             text: "IBM 3278"
+             obj_string: '{"ambientLight":0.1,"backgroundColor":"#000000","bloom":0.15,"brightness":0.5,"flickering":0,"contrast":0.85,"fontName":"IBM_3278","fontColor":"#0ccc68","frameName":"SIMPLE_WHITE_FRAME","glowingLine":0,"horizontalSync":0,"jitter":0,"burnIn":0.6,"staticNoise":0,"rasterization":0,"screenCurvature":0.1,"windowOpacity":1,"chromaColor":0,"saturationColor":0,"rbgShift":0,"fontWidth":1.0,"useCustomCommand":false,"customCommand":""}'
+diff --git a/app/qml/FontPixels.qml b/app/qml/FontPixels.qml
+index 6ff85da..6f0d0ba 100644
+--- a/app/qml/FontPixels.qml
++++ b/app/qml/FontPixels.qml
+@@ -32,7 +32,7 @@ QtObject{
+     property bool lowResolutionFont: true
+ 
+     property ListModel fontlist: ListModel{
+-        ListElement{
++        /*ListElement{
+             name: "COMMODORE_PET"
+             text: "Commodore PET (1977)"
+             source: "fonts/1977-commodore-pet/COMMODORE_PET.ttf"
+@@ -40,7 +40,7 @@ QtObject{
+             pixelSize: 8
+             baseScaling: 4.0
+             fontWidth: 0.8
+-        }
++        }*/
+         ListElement{
+             name: "PROGGY_TINY"
+             text: "Proggy Tiny (Modern)"
+@@ -68,7 +68,7 @@ QtObject{
+             baseScaling: 3.0
+             fontWidth: 1.0
+         }
+-        ListElement{
++        /*ListElement{
+             name: "APPLE_II"
+             text: "Apple ][ (1977)"
+             source: "fonts/1977-apple2/PrintChar21.ttf"
+@@ -76,8 +76,8 @@ QtObject{
+             pixelSize: 8
+             baseScaling: 4.0
+             fontWidth: 0.9
+-        }
+-        ListElement{
++        }*/
++        /*ListElement{
+             name: "ATARI_400"
+             text: "Atari 400-800 (1979)"
+             source: "fonts/1979-atari-400-800/ATARI400800_original.TTF"
+@@ -85,8 +85,8 @@ QtObject{
+             pixelSize: 8
+             baseScaling: 4.0
+             fontWidth: 0.8
+-        }
+-        ListElement{
++        }*/
++        /*ListElement{
+             name: "COMMODORE_64"
+             text: "Commodore 64 (1982)"
+             source: "fonts/1982-commodore64/C64_Pro_Mono_v1.0-STYLE.ttf"
+@@ -94,6 +94,6 @@ QtObject{
+             pixelSize: 8
+             baseScaling: 4.0
+             fontWidth: 0.8
+-        }
++        }*/
+     }
+ }
+diff --git a/app/qml/FontScanlines.qml b/app/qml/FontScanlines.qml
+index eebf00b..410d7b6 100644
+--- a/app/qml/FontScanlines.qml
++++ b/app/qml/FontScanlines.qml
+@@ -32,7 +32,7 @@ QtObject{
+     property bool lowResolutionFont: true
+ 
+     property ListModel fontlist: ListModel{
+-        ListElement{
++        /*ListElement{
+             name: "COMMODORE_PET"
+             text: "Commodore PET (1977)"
+             source: "fonts/1977-commodore-pet/COMMODORE_PET.ttf"
+@@ -40,7 +40,7 @@ QtObject{
+             pixelSize: 8
+             baseScaling: 4.0
+             fontWidth: 0.7
+-        }
++        }*/
+         ListElement{
+             name: "PROGGY_TINY"
+             text: "Proggy Tiny (Modern)"
+@@ -68,7 +68,7 @@ QtObject{
+             baseScaling: 3.0
+             fontWidth: 1.0
+         }
+-        ListElement{
++        /*ListElement{
+             name: "APPLE_II"
+             text: "Apple ][ (1977)"
+             source: "fonts/1977-apple2/PrintChar21.ttf"
+@@ -76,8 +76,8 @@ QtObject{
+             pixelSize: 8
+             baseScaling: 4.0
+             fontWidth: 0.8
+-        }
+-        ListElement{
++        }*/
++        /*ListElement{
+             name: "ATARI_400"
+             text: "Atari 400-800 (1979)"
+             source: "fonts/1979-atari-400-800/ATARI400800_original.TTF"
+@@ -85,8 +85,8 @@ QtObject{
+             pixelSize: 8
+             baseScaling: 4.0
+             fontWidth: 0.7
+-        }
+-        ListElement{
++        }*/
++        /*ListElement{
+             name: "COMMODORE_64"
+             text: "Commodore 64 (1982)"
+             source: "fonts/1982-commodore64/C64_Pro_Mono_v1.0-STYLE.ttf"
+@@ -94,6 +94,6 @@ QtObject{
+             pixelSize: 8
+             baseScaling: 4.0
+             fontWidth: 0.7
+-        }
++        }*/
+     }
+ }
+diff --git a/app/qml/Fonts.qml b/app/qml/Fonts.qml
+index ad20844..882808a 100644
+--- a/app/qml/Fonts.qml
++++ b/app/qml/Fonts.qml
+@@ -80,7 +80,7 @@
+             fontWidth: 1.0
+             lowResolutionFont: true
+         }
+-        ListElement{
++        /*ListElement{
+             name: "COMMODORE_PET_SCALED"
+             text: "Commodore PET (1977)"
+             source: "fonts/1977-commodore-pet/COMMODORE_PET.ttf"
+@@ -89,7 +89,7 @@
+             baseScaling: 3.5
+             fontWidth: 0.7
+             lowResolutionFont: true
+-        }
++        }*/
+         ListElement{
+             name: "PROGGY_TINY_SCALED"
+             text: "Proggy Tiny (Modern)"
+@@ -100,7 +100,7 @@
+             fontWidth: 0.9
+             lowResolutionFont: true
+         }
+-        ListElement{
++        /*ListElement{
+             name: "APPLE_II_SCALED"
+             text: "Apple ][ (1977)"
+             source: "fonts/1977-apple2/PrintChar21.ttf"
+@@ -149,7 +149,7 @@
+             baseScaling: 2.0
+             fontWidth: 1.0
+             lowResolutionFont: true
+-        }
++        }*/
+         ListElement{
+             name: "HERMIT"
+             text: "HD: Hermit (Modern)"
+@@ -177,7 +177,7 @@
+             fontWidth: 1.0
+             lowResolutionFont: false
+         }
+-        ListElement{
++        /*ListElement{
+             name: "MONACO"
+             text: "HD: Monaco (Modern)"
+             source: "fonts/modern-monaco/monaco.ttf"
+@@ -185,7 +185,7 @@
+             pixelSize: 30
+             fontWidth: 1.0
+             lowResolutionFont: false
+-        }
++        }*/
+         ListElement{
+             name: "INCONSOLATA"
+             text: "HD: Inconsolata (Modern)"
diff --git a/gnu/packages/patches/dvd+rw-tools-add-include.patch b/gnu/packages/patches/dvd+rw-tools-add-include.patch
new file mode 100644
index 0000000000..800f8f30ba
--- /dev/null
+++ b/gnu/packages/patches/dvd+rw-tools-add-include.patch
@@ -0,0 +1,14 @@
+Without <limits.h>, INT_MAX is not defined.
+
+diff --git a/transport.hxx b/transport.hxx
+index 35a57a7..838add6 100644
+--- a/transport.hxx
++++ b/transport.hxx
+@@ -11,6 +11,7 @@
+ #include <stdlib.h>
+ #include <unistd.h>
+ #include <string.h>
++#include <limits.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
diff --git a/gnu/packages/patches/elixir-disable-failing-tests.patch b/gnu/packages/patches/elixir-disable-failing-tests.patch
index 0c67562f8d..547598b292 100644
--- a/gnu/packages/patches/elixir-disable-failing-tests.patch
+++ b/gnu/packages/patches/elixir-disable-failing-tests.patch
@@ -16,7 +16,7 @@ index 3ffd56c..1232d19 100644
 @@ -39,6 +39,7 @@ end
  defmodule Kernel.CLI.OptionParsingTest do
    use ExUnit.Case, async: true
- 
+
 +  @tag :skip
    test "properly parses paths" do
      root = fixture_path("../../..") |> to_charlist
@@ -24,7 +24,7 @@ index 3ffd56c..1232d19 100644
 @@ -57,6 +58,7 @@ end
  defmodule Kernel.CLI.AtExitTest do
    use ExUnit.Case, async: true
- 
+
 +  @tag :skip
    test "invokes at_exit callbacks" do
      assert elixir(fixture_path("at_exit.exs") |> to_charlist) ==
@@ -32,7 +32,7 @@ index 3ffd56c..1232d19 100644
 @@ -66,6 +68,7 @@ end
  defmodule Kernel.CLI.ErrorTest do
    use ExUnit.Case, async: true
- 
+
 +  @tag :skip
    test "properly format errors" do
      assert :string.str('** (throw) 1', elixir('-e "throw 1"')) == 0
@@ -40,7 +40,7 @@ index 3ffd56c..1232d19 100644
 @@ -86,6 +89,7 @@ defmodule Kernel.CLI.CompileTest do
      {:ok, [tmp_dir_path: tmp_dir_path, beam_file_path: beam_file_path, fixture: fixture]}
    end
- 
+
 +  @tag :skip
    test "compiles code", context do
      assert elixirc('#{context[:fixture]} -o #{context[:tmp_dir_path]}') == ''
@@ -48,7 +48,7 @@ index 3ffd56c..1232d19 100644
 @@ -96,6 +100,7 @@ defmodule Kernel.CLI.CompileTest do
      Code.delete_path context[:tmp_dir_path]
    end
- 
+
 +  @tag :skip
    test "fails on missing patterns", context do
      output = elixirc('#{context[:fixture]} non_existing.ex -o #{context[:tmp_dir_path]}')
@@ -56,11 +56,11 @@ index 3ffd56c..1232d19 100644
 @@ -103,6 +108,7 @@ defmodule Kernel.CLI.CompileTest do
      refute File.exists?(context[:beam_file_path]), "expected the sample to not be compiled"
    end
- 
+
 +  @tag :skip
    test "fails on missing write access to .beam file", context do
      compilation_args = '#{context[:fixture]} -o #{context[:tmp_dir_path]}'
- 
+
 diff --git a/lib/elixir/test/elixir/kernel/dialyzer_test.exs b/lib/elixir/test/elixir/kernel/dialyzer_test.exs
 index 801d852..40fc5bc 100644
 --- a/lib/elixir/test/elixir/kernel/dialyzer_test.exs
@@ -68,19 +68,19 @@ index 801d852..40fc5bc 100644
 @@ -60,16 +60,19 @@ defmodule Kernel.DialyzerTest do
      assert_dialyze_no_warnings! context
    end
- 
+
 +  @tag :skip
    test "no warnings on rewrites", context do
      copy_beam! context, Dialyzer.Rewrite
      assert_dialyze_no_warnings! context
    end
- 
+
 +  @tag :skip
    test "no warnings on raise", context do
      copy_beam! context, Dialyzer.Raise
      assert_dialyze_no_warnings! context
    end
- 
+
 +  @tag :skip
    test "no warnings on macrocallback", context do
      copy_beam! context, Dialyzer.Macrocallback
@@ -94,7 +94,7 @@ index aafa559..0f9c178 100644
      assert System.endianness == System.compiled_endianness
    end
 -
-+ 
++
 +  @tag :skip
    test "argv/0" do
      list = elixir('-e "IO.inspect System.argv" -- -o opt arg1 arg2 --long-opt 10')
@@ -106,7 +106,7 @@ index fff3351..d6ed1b3 100644
 @@ -244,6 +244,7 @@ defmodule Mix.DepTest do
      end
    end
- 
+
 +  @tag :skip
    test "remote converger" do
      deps = [{:deps_repo, "0.1.0", path: "custom/deps_repo"},
@@ -114,39 +114,12 @@ index fff3351..d6ed1b3 100644
 @@ -301,6 +302,7 @@ defmodule Mix.DepTest do
      end
    end
- 
+
 +  @tag :skip
    test "remote converger is not invoked if deps diverge" do
      deps = [{:deps_repo, "0.1.0", path: "custom/deps_repo"},
              {:git_repo, "0.2.0", git: MixTest.Case.fixture_path("git_repo"), only: :test}]
-diff --git a/lib/mix/test/mix/rebar_test.exs b/lib/mix/test/mix/rebar_test.exs
-index d2dd098..12cef15 100644
---- a/lib/mix/test/mix/rebar_test.exs
-+++ b/lib/mix/test/mix/rebar_test.exs
-@@ -120,6 +120,7 @@ defmodule Mix.RebarTest do
-     assert Enum.all?(deps, &(&1.manager == :rebar3))
-   end
- 
-+  @tag :skip
-   test "Rebar overrides" do
-     Mix.Project.push(RebarOverrideAsDep)
- 
-@@ -150,6 +151,7 @@ defmodule Mix.RebarTest do
-     end
-   end
- 
-+  @tag :skip
-   test "get and compile dependencies for Rebar" do
-     Mix.Project.push(RebarAsDep)
- 
-@@ -180,6 +182,7 @@ defmodule Mix.RebarTest do
-     end
-   end
- 
-+  @tag :skip
-   test "get and compile dependencies for rebar3" do
-     Mix.Project.push(Rebar3AsDep)
- 
+
 diff --git a/lib/mix/test/mix/shell/io_test.exs b/lib/mix/test/mix/shell/io_test.exs
 index 9bfb6b4..d982ef3 100644
 --- a/lib/mix/test/mix/shell/io_test.exs
@@ -154,11 +127,11 @@ index 9bfb6b4..d982ef3 100644
 @@ -29,6 +29,7 @@ defmodule Mix.Shell.IOTest do
      assert capture_io("", fn -> refute yes?("Ok?") end)
    end
- 
+
 +  @tag :skip
    test "runs a given command" do
      assert capture_io("", fn -> assert cmd("echo hello") == 0 end) == "hello\n"
- 
+
 diff --git a/lib/mix/test/mix/shell/quiet_test.exs b/lib/mix/test/mix/shell/quiet_test.exs
 index 626429b..99fab35 100644
 --- a/lib/mix/test/mix/shell/quiet_test.exs
@@ -166,11 +139,11 @@ index 626429b..99fab35 100644
 @@ -29,6 +29,7 @@ defmodule Mix.Shell.QuietTest do
      assert capture_io("", fn -> refute yes?("Ok?") end)
    end
- 
+
 +  @tag :skip
    test "runs a given command" do
      assert capture_io("", fn -> assert cmd("echo hello") == 0 end) == ""
- 
+
 diff --git a/lib/mix/test/mix/tasks/cmd_test.exs b/lib/mix/test/mix/tasks/cmd_test.exs
 index db4bf06..4d441f7 100644
 --- a/lib/mix/test/mix/tasks/cmd_test.exs
@@ -178,7 +151,7 @@ index db4bf06..4d441f7 100644
 @@ -3,6 +3,7 @@ Code.require_file "../../test_helper.exs", __DIR__
  defmodule Mix.Tasks.CmdTest do
    use MixTest.Case
- 
+
 +  @tag :skip
    test "runs the command for each app" do
      in_fixture "umbrella_dep/deps/umbrella", fn ->
@@ -190,19 +163,19 @@ index 4f09ff3..c371997 100644
 @@ -29,6 +29,7 @@ defmodule Mix.Tasks.Deps.TreeTest do
      end
    end
- 
+
 +  @tag :skip
    test "shows the dependency tree", context do
      Mix.Project.push ConvergedDepsApp
- 
+
 @@ -109,6 +110,7 @@ defmodule Mix.Tasks.Deps.TreeTest do
      end
    end
- 
+
 +  @tag :skip
    test "shows the dependency tree in DOT graph format", context do
      Mix.Project.push ConvergedDepsApp
- 
+
 diff --git a/lib/mix/test/mix/tasks/deps_test.exs b/lib/mix/test/mix/tasks/deps_test.exs
 index b061777..cc45cf8 100644
 --- a/lib/mix/test/mix/tasks/deps_test.exs
@@ -210,43 +183,43 @@ index b061777..cc45cf8 100644
 @@ -96,6 +96,7 @@
      end
    end
- 
+
 +  @tag :skip
    test "prints list of dependencies and their lock status" do
      Mix.Project.push DepsApp
- 
+
 @@ -409,6 +409,7 @@ defmodule Mix.Tasks.DepsTest do
      end
    end
- 
+
 +  @tag :skip
    test "fails on diverged dependencies by requirement" do
      Mix.Project.push ConvergedDepsApp
- 
+
 @@ -440,6 +441,7 @@ defmodule Mix.Tasks.DepsTest do
      end
    end
- 
+
 +  @tag :skip
    test "fails on diverged dependencies even when optional" do
      Mix.Project.push ConvergedDepsApp
- 
+
 @@ -469,6 +471,7 @@ defmodule Mix.Tasks.DepsTest do
      end
    end
- 
+
 +  @tag :skip
    test "works with converged dependencies" do
      Mix.Project.push ConvergedDepsApp
- 
+
 @@ -491,6 +494,7 @@ defmodule Mix.Tasks.DepsTest do
      purge [GitRepo, GitRepo.Mixfile]
    end
- 
+
 +  @tag :skip
    test "works with overridden dependencies" do
      Mix.Project.push OverriddenDepsApp
- 
+
 diff --git a/lib/mix/test/mix/umbrella_test.exs b/lib/mix/test/mix/umbrella_test.exs
 index 69f9428..406668a 100644
 --- a/lib/mix/test/mix/umbrella_test.exs
@@ -254,8 +227,58 @@ index 69f9428..406668a 100644
 @@ -98,6 +98,7 @@ defmodule Mix.UmbrellaTest do
      end
    end
- 
+
 +  @tag :skip
    test "loads umbrella child dependencies in all environments" do
      in_fixture "umbrella_dep/deps/umbrella", fn ->
        Mix.Project.in_project :umbrella, ".", fn _ ->
+
+diff --git a/lib/elixir/test/elixir/kernel/dialyzer_test.exs b/lib/elixir/test/elixir/kernel/dialyzer_test.exs
+index 792222c..e90beb9 100644
+--- a/lib/elixir/test/elixir/kernel/dialyzer_test.exs
++++ b/lib/elixir/test/elixir/kernel/dialyzer_test.exs
+@@ -54,6 +54,7 @@ defmodule Kernel.DialyzerTest do
+     {:ok, [outdir: dir, dialyzer: dialyzer]}
+   end
+
++  @tag :skip
+   test "no warnings on valid remote calls", context do
+     copy_beam! context, Dialyzer.RemoteCall
+     assert_dialyze_no_warnings! context
+@@ -78,11 +79,13 @@ defmodule Kernel.DialyzerTest do
+     assert_dialyze_no_warnings! context
+   end
+
++  @tag :skip
+   test "no warnings on struct update", context do
+     copy_beam! context, Dialyzer.StructUpdate
+     assert_dialyze_no_warnings! context
+   end
+
++  @tag :skip
+   test "no warnings on protocol calls with opaque types", context do
+     copy_beam! context, Dialyzer.ProtocolOpaque
+     copy_beam! context, Dialyzer.ProtocolOpaque.Entity
+@@ -90,6 +93,7 @@ defmodule Kernel.DialyzerTest do
+     assert_dialyze_no_warnings! context
+   end
+
++  @tag :skip
+   test "no warnings on and/2 and or/2", context do
+     copy_beam! context, Dialyzer.BooleanCheck
+     assert_dialyze_no_warnings! context
+
+diff --git a/Makefile b/Makefile
+index 2fc4f9a..aef8366 100644
+--- a/Makefile
++++ b/Makefile
+@@ -201,7 +201,7 @@ $(TEST_EBIN)/%.beam: $(TEST_ERL)/%.erl
+        $(Q) mkdir -p $(TEST_EBIN)
+        $(Q) $(ERLC) -o $(TEST_EBIN) $<
+
+-test_elixir: test_stdlib test_ex_unit test_logger test_mix test_eex test_iex
++test_elixir: test_stdlib test_ex_unit test_logger test_eex test_iex
+
+ test_stdlib: compile
+        @ echo "==> elixir (exunit)"
+
diff --git a/gnu/packages/patches/fabric-tests.patch b/gnu/packages/patches/fabric-tests.patch
new file mode 100644
index 0000000000..4a0ca9f8f1
--- /dev/null
+++ b/gnu/packages/patches/fabric-tests.patch
@@ -0,0 +1,15 @@
+The `fab` excecutable doesn't exist during the test phase as it is created
+dynamically during installation. Refer to the equivalent Python module
+directly.
+
+--- a/tests/test_utils.py
++++ b/tests/test_utils.py
+@@ -93,7 +93,7 @@
+     # perform when they are allowed to bubble all the way to the top. So, we
+     # invoke a subprocess and look at its stderr instead.
+     with quiet():
+-        result = local("fab -f tests/support/aborts.py kaboom", capture=True)
++        result = local("python -m fabric -f tests/support/aborts.py kaboom", capture=True)
+     # When error in #1318 is present, this has an extra "It burns!" at end of
+     # stderr string.
+     eq_(result.stderr, "Fatal error: It burns!\n\nAborting.")
\ No newline at end of file
diff --git a/gnu/packages/patches/fuse-overlapping-headers.patch b/gnu/packages/patches/fuse-overlapping-headers.patch
new file mode 100644
index 0000000000..54f9c0e709
--- /dev/null
+++ b/gnu/packages/patches/fuse-overlapping-headers.patch
@@ -0,0 +1,28 @@
+This patch is from Debian, named '0006-arm64.patch'
+
+Author: Riku Voipio <riku.voipio@linaro.org>
+Description: fuse_kernel.h: clean includes
+ Use <linux/types.h> for linux and define types used for other operating systems
+ using <stdint.h> types (Closes: #752081).
+
+diff -Naurp fuse.orig/include/fuse_kernel.h fuse/include/fuse_kernel.h
+--- fuse.orig/include/fuse_kernel.h
++++ fuse/include/fuse_kernel.h
+@@ -88,12 +88,16 @@
+ #ifndef _LINUX_FUSE_H
+ #define _LINUX_FUSE_H
+ 
+-#include <sys/types.h>
++#ifdef __linux__
++#include <linux/types.h>
++#else
++#include <stdint.h>
+ #define __u64 uint64_t
+ #define __s64 int64_t
+ #define __u32 uint32_t
+ #define __s32 int32_t
+ #define __u16 uint16_t
++#endif
+ 
+ /*
+  * Version negotiation:
diff --git a/gnu/packages/patches/gcc-libiberty-printf-decl.patch b/gnu/packages/patches/gcc-libiberty-printf-decl.patch
deleted file mode 100644
index a612c9e00e..0000000000
--- a/gnu/packages/patches/gcc-libiberty-printf-decl.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-This patch makes the exeception specifier of libiberty's 'asprintf'
-and 'vasprintf' declarations match those of glibc to work around the
-problem described at <https://gcc.gnu.org/ml/gcc-help/2016-04/msg00039.html>.
-
-The problem in part stems from the fact that libiberty is configured
-without _GNU_SOURCE (thus, it sets HAVE_DECL_ASPRINTF to 0), whereas libcc1
-is configured and built with _GNU_SOURCE, hence the conflicting declarations.
-
---- gcc-5.3.0/include/libiberty.h	2016-04-23 22:45:46.262709079 +0200
-+++ gcc-5.3.0/include/libiberty.h	2016-04-23 22:45:37.110635439 +0200
-@@ -625,7 +625,7 @@ extern int pwait (int, int *, int);
- /* Like sprintf but provides a pointer to malloc'd storage, which must
-    be freed by the caller.  */
- 
--extern int asprintf (char **, const char *, ...) ATTRIBUTE_PRINTF_2;
-+extern int asprintf (char **, const char *, ...) __THROWNL ATTRIBUTE_PRINTF_2;
- #endif
- 
- /* Like asprintf but allocates memory without fail. This works like
-@@ -637,7 +637,7 @@ extern char *xasprintf (const char *, ..
- /* Like vsprintf but provides a pointer to malloc'd storage, which
-    must be freed by the caller.  */
- 
--extern int vasprintf (char **, const char *, va_list) ATTRIBUTE_PRINTF(2,0);
-+extern int vasprintf (char **, const char *, va_list) __THROWNL ATTRIBUTE_PRINTF(2,0);
- #endif
- 
- /* Like vasprintf but allocates memory without fail. This works like
diff --git a/gnu/packages/patches/gcj-arm-mode.patch b/gnu/packages/patches/gcj-arm-mode.patch
deleted file mode 100644
index a3f999f7e9..0000000000
--- a/gnu/packages/patches/gcj-arm-mode.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Taken from
-https://sources.debian.net/data/main/g/gcc-4.9/4.9.2-10/debian/patches/gcj-arm-mode.diff
-
-# DP: For armhf, force arm mode instead of thumb mode
-
---- a/libjava/configure.host
-+++ b/libjava/configure.host
-@@ -66,6 +66,9 @@
-     ;;
- esac
- 
-+# on armhf force arm mode
-+libgcj_flags="${libgcj_flags} -marm"
-+
- AM_RUNTESTFLAGS= 
- 
- # Set any host dependent compiler flags.
---- a/gcc/java/lang-specs.h
-+++ b/gcc/java/lang-specs.h
-@@ -47,7 +47,7 @@
-     %{.class|.zip|.jar|!fsyntax-only:jc1				\
-       %{.java|fsaw-java-file:%U.jar -fsource-filename=%i %<ffilelist-file} \
-       %{.class|.zip|.jar|ffilelist-file|fcompile-resource*:%i}		\
--      %(jc1) %(cc1_options) %{I*} %{!findirect-dispatch:-faux-classpath %U.zip} \
-+      %(jc1) %(cc1_options) -marm %{I*} %{!findirect-dispatch:-faux-classpath %U.zip} \
-       %{MD:-MD_} %{MMD:-MMD_} %{M} %{MM} %{MA} %{MT*} %{MF*}\
-       %(invoke_as)}",
-       0, 0, 0},
---- a/libjava/libgcj.spec.in
-+++ b/libjava/libgcj.spec.in
-@@ -9,4 +9,4 @@
- %rename lib liborig
- *lib: @LD_START_STATIC_SPEC@ @LIBGCJ_SPEC@ @LD_FINISH_STATIC_SPEC@ @LIBMATHSPEC@ @LDLIBICONV@ @GCSPEC@ @THREADSPEC@ @ZLIBSPEC@ @SYSTEMSPEC@ %(libgcc) @LIBSTDCXXSPEC@ %(liborig)
- 
--*jc1: @HASH_SYNC_SPEC@ @DIVIDESPEC@ @CHECKREFSPEC@ @JC1GCSPEC@ @EXCEPTIONSPEC@ @BACKTRACESPEC@ @IEEESPEC@ @ATOMICSPEC@ @LIBGCJ_BC_SPEC@ -fkeep-inline-functions
-+*jc1: @HASH_SYNC_SPEC@ @DIVIDESPEC@ @CHECKREFSPEC@ @JC1GCSPEC@ @EXCEPTIONSPEC@ @BACKTRACESPEC@ @IEEESPEC@ @ATOMICSPEC@ @LIBGCJ_BC_SPEC@ -fkeep-inline-functions -marm
diff --git a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch
new file mode 100644
index 0000000000..db80b6ddec
--- /dev/null
+++ b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch
@@ -0,0 +1,73 @@
+Fix CVE-2017-8291:
+
+https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8291
+
+This patch is adapted from these two Artifex Ghostscript commits by Leo
+Famulari <leo@famulari.name>:
+
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d;hp=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3;hp=5603e8fc3e59c435318877efe627967ee6baebb8
+
+diff --git a/psi/zfrsd.c b/psi/zfrsd.c
+index fb4bce9..2629afa 100644
+--- a/psi/zfrsd.c
++++ b/psi/zfrsd.c
+@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p)
+     ref *pFilter;
+     ref *pDecodeParms;
+     int Intent = 0;
+-    bool AsyncRead;
++    bool AsyncRead = false;
+     ref empty_array, filter1_array, parms1_array;
+     uint i;
+-    int code;
++    int code = 0;
++
++    if (ref_stack_count(&o_stack) < 1)
++        return_error(e_stackunderflow);
++    if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
++        return_error(e_typecheck);
++    }
+ 
+     make_empty_array(&empty_array, a_readonly);
+-    if (dict_find_string(op, "Filter", &pFilter) > 0) {
++    if (r_has_type(op, t_dictionary)
++        && dict_find_string(op, "Filter", &pFilter) > 0) {
+         if (!r_is_array(pFilter)) {
+             if (!r_has_type(pFilter, t_name))
+                 return_error(e_typecheck);
+@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p)
+                 return_error(e_typecheck);
+         }
+     }
+-    code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
++    if (r_has_type(op, t_dictionary))
++        code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
+     if (code < 0 && code != e_rangecheck) /* out-of-range int is ok, use 0 */
+         return code;
+-    if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0
+-        )
+-        return code;
++    if (r_has_type(op, t_dictionary))
++        if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0)
++            return code;
+     push(1);
+     op[-1] = *pFilter;
+     if (pDecodeParms)
+diff --git a/psi/zmisc3.c b/psi/zmisc3.c
+index 54b3042..0d357f1 100644
+--- a/psi/zmisc3.c
++++ b/psi/zmisc3.c
+@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p)
+     ref2_t stack[MAX_DEPTH + 1];
+     ref2_t *top = stack;
+ 
++    if (ref_stack_count(&o_stack) < 2)
++        return_error(e_stackunderflow);
++    if (!r_is_array(op - 1) || !r_is_array(op)) {
++        return_error(e_typecheck);
++    }
++
+     make_array(&stack[0].proc1, 0, 1, op - 1);
+     make_array(&stack[0].proc2, 0, 1, op);
+     for (;;) {
diff --git a/gnu/packages/patches/glibc-memchr-overflow-i686.patch b/gnu/packages/patches/glibc-memchr-overflow-i686.patch
new file mode 100644
index 0000000000..0b1b5b9f96
--- /dev/null
+++ b/gnu/packages/patches/glibc-memchr-overflow-i686.patch
@@ -0,0 +1,74 @@
+Extracted from glibc upstream git repository.  Changes to the ChangeLog have
+been removed.  This patch is needed to fix spurious segmentation faults on
+i686.
+
+From 3abeeec5f46ff036bd9df60bb096e20314ccd078 Mon Sep 17 00:00:00 2001
+From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
+Date: Tue, 14 Mar 2017 14:16:13 -0300
+Subject: [PATCH] Fix i686 memchr overflow calculation (BZ#21182)
+
+This patch fixes the regression added by 23d2770 for final address
+overflow calculation.  The subtraction of the considered size (16)
+at line 120 is at wrong place, for sizes less than 16 subsequent
+overflow check will not take in consideration an invalid size (since
+the subtraction will be negative).  Also, the lea instruction also
+does not raise the carry flag (CF) that is used in subsequent jbe
+to check for overflow.
+
+The fix is to follow x86_64 logic from 3daef2c where the overflow
+is first check and a sub instruction is issued.  In case of resulting
+negative size, CF will be set by the sub instruction and a NULL
+result will be returned.  The patch also add similar tests reported
+in bug report.
+
+Checked on i686-linux-gnu and x86_64-linux-gnu.
+
+	* string/test-memchr.c (do_test): Add BZ#21182 checks for address
+	near end of a page.
+	* sysdeps/i386/i686/multiarch/memchr-sse2.S (__memchr): Fix
+	overflow calculation.
+---
+ string/test-memchr.c                      | 6 ++++++
+ sysdeps/i386/i686/multiarch/memchr-sse2.S | 2 +-
+ 3 files changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/string/test-memchr.c b/string/test-memchr.c
+index 2403c9242b..669e092e7d 100644
+--- a/string/test-memchr.c
++++ b/string/test-memchr.c
+@@ -210,6 +210,12 @@ test_main (void)
+       do_test (0, i, i + 1, i + 1, 0);
+     }
+ 
++  /* BZ#21182 - wrong overflow calculation for i686 implementation
++     with address near end of the page.  */
++  for (i = 2; i < 16; ++i)
++    /* page_size is in fact getpagesize() * 2.  */
++    do_test (page_size / 2 - i, i, i, 1, 0x9B);
++
+   do_random_tests ();
+   return ret;
+ }
+diff --git a/sysdeps/i386/i686/multiarch/memchr-sse2.S b/sysdeps/i386/i686/multiarch/memchr-sse2.S
+index 910679cfc0..e41f324a77 100644
+--- a/sysdeps/i386/i686/multiarch/memchr-sse2.S
++++ b/sysdeps/i386/i686/multiarch/memchr-sse2.S
+@@ -117,7 +117,6 @@ L(crosscache):
+ 
+ # ifndef USE_AS_RAWMEMCHR
+ 	jnz	L(match_case2_prolog1)
+-	lea	-16(%edx), %edx
+         /* Calculate the last acceptable address and check for possible
+            addition overflow by using satured math:
+            edx = ecx + edx
+@@ -125,6 +124,7 @@ L(crosscache):
+ 	add	%ecx, %edx
+ 	sbb	%eax, %eax
+ 	or	%eax, %edx
++	sub	$16, %edx
+ 	jbe	L(return_null)
+ 	lea	16(%edi), %edi
+ # else
+-- 
+2.12.2
+
diff --git a/gnu/packages/patches/glog-gcc-5-demangling.patch b/gnu/packages/patches/glog-gcc-5-demangling.patch
new file mode 100644
index 0000000000..7f3f42ceca
--- /dev/null
+++ b/gnu/packages/patches/glog-gcc-5-demangling.patch
@@ -0,0 +1,64 @@
+Fix symbol demangling for GCC 5, as reported at:
+
+  https://github.com/google/glog/issues/14
+
+Patch from:
+
+  https://github.com/google/glog/pull/50
+
+From b1639e3014996fbc7635870e013559c54e7e3b2f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?David=20Mart=C3=ADnez=20Moreno?= <ender@debian.org>
+Date: Thu, 13 Aug 2015 09:31:26 -0700
+Subject: [PATCH] Fix ABI demangling for the GCC 5.x case.
+
+When glog is compiled with gcc-5.2 in cxx11 ABI mode, it barfs about unmangled symbols.  This patches it getting inspiration from binutils and demangle.cc itself, although it may be totally wrong or maybe have to use ParseAbiTag in more places.  I haven't read the spec for the symbols, though.
+
+This patch makes the demangle unit test pass correctly.
+---
+ src/demangle.cc | 19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+
+diff --git a/src/demangle.cc b/src/demangle.cc
+index e858181..0f0c831 100644
+--- a/src/demangle.cc
++++ b/src/demangle.cc
+@@ -439,6 +439,7 @@ static bool ParseExprPrimary(State *state);
+ static bool ParseLocalName(State *state);
+ static bool ParseDiscriminator(State *state);
+ static bool ParseSubstitution(State *state);
++static bool ParseAbiTag(State *state);
+ 
+ // Implementation note: the following code is a straightforward
+ // translation of the Itanium C++ ABI defined in BNF with a couple of
+@@ -567,6 +568,8 @@ static bool ParseNestedName(State *state) {
+ static bool ParsePrefix(State *state) {
+   bool has_something = false;
+   while (true) {
++    if (ParseAbiTag(state))
++      continue;
+     MaybeAppendSeparator(state);
+     if (ParseTemplateParam(state) ||
+         ParseSubstitution(state) ||
+@@ -585,6 +588,22 @@ static bool ParsePrefix(State *state) {
+   return true;
+ }
+ 
++// <abi-tag>          ::= B <source-name>
++static bool ParseAbiTag(State *state) {
++  State copy = *state;
++
++  Append(state, "[", 1);
++  if (ParseOneCharToken(state, 'B') &&
++      ParseSourceName(state))
++  {
++    Append(state, "]", 1);
++    return true;
++  }
++
++  *state = copy;
++  return false;
++}
++
+ // <unqualified-name> ::= <operator-name>
+ //                    ::= <ctor-dtor-name>
+ //                    ::= <source-name>
diff --git a/gnu/packages/patches/gnome-shell-CVE-2017-8288.patch b/gnu/packages/patches/gnome-shell-CVE-2017-8288.patch
new file mode 100644
index 0000000000..5d8e31563f
--- /dev/null
+++ b/gnu/packages/patches/gnome-shell-CVE-2017-8288.patch
@@ -0,0 +1,54 @@
+Fix CVE-2017-8288:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8288
+http://seclists.org/oss-sec/2017/q2/136
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/gnome-shell/commit/?id=ff425d1db7082e2755d2a405af53861552acf2a1
+
+From ff425d1db7082e2755d2a405af53861552acf2a1 Mon Sep 17 00:00:00 2001
+From: Emilio Pozuelo Monfort <pochu27@gmail.com>
+Date: Tue, 25 Apr 2017 17:27:42 +0200
+Subject: extensionSystem: handle reloading broken extensions
+
+Some extensions out there may fail to reload. When that happens,
+we need to catch any exceptions so that we don't leave things in
+a broken state that could lead to leaving extensions enabled in
+the screen shield.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=781728
+---
+ js/ui/extensionSystem.js | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/js/ui/extensionSystem.js b/js/ui/extensionSystem.js
+index a4dc29e..fc352b8 100644
+--- a/js/ui/extensionSystem.js
++++ b/js/ui/extensionSystem.js
+@@ -282,12 +282,20 @@ function _onVersionValidationChanged() {
+     // temporarily disable them all
+     enabledExtensions = [];
+     for (let uuid in ExtensionUtils.extensions)
+-        reloadExtension(ExtensionUtils.extensions[uuid]);
++        try {
++            reloadExtension(ExtensionUtils.extensions[uuid]);
++        } catch(e) {
++            logExtensionError(uuid, e);
++        }
+     enabledExtensions = getEnabledExtensions();
+ 
+     if (Main.sessionMode.allowExtensions) {
+         enabledExtensions.forEach(function(uuid) {
+-            enableExtension(uuid);
++            try {
++                enableExtension(uuid);
++            } catch(e) {
++                logExtensionError(uuid, e);
++            }
+         });
+     }
+ }
+-- 
+cgit v0.12
+
diff --git a/gnu/packages/patches/gnupg-2.1-fix-Y2038-test-failure.patch b/gnu/packages/patches/gnupg-2.1-fix-Y2038-test-failure.patch
deleted file mode 100644
index b3a198c499..0000000000
--- a/gnu/packages/patches/gnupg-2.1-fix-Y2038-test-failure.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-Fix a Y2038 test failure on systems where time_t is a signed 32-bit value:
-
-https://bugs.gnupg.org/gnupg/issue2988
-
-Patch copied from upstream source repository:
-
-https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=de3838372ae3cdecbd83eea2c53c8e2656d93052
-
-From de3838372ae3cdecbd83eea2c53c8e2656d93052 Mon Sep 17 00:00:00 2001
-From: Justus Winter <justus@g10code.com>
-Date: Tue, 7 Mar 2017 12:18:59 +0100
-Subject: [PATCH] tests: Avoid overflowing signed 32 bit time_t.
-
-* tests/openpgp/quick-key-manipulation.scm: Use expiration times in
-the year 2038 instead of 2105 to avoid overflowing 32 bit time_t.
-time_t is used internally to parse the expiraton time from the iso
-timestamp.
-
-GnuPG-bug-id: 2988
-Signed-off-by: Justus Winter <justus@g10code.com>
----
- tests/openpgp/quick-key-manipulation.scm | 15 +++++++++++----
- 1 file changed, 11 insertions(+), 4 deletions(-)
-
-diff --git a/tests/openpgp/quick-key-manipulation.scm b/tests/openpgp/quick-key-manipulation.scm
-index 10f0bfe21..08ef62613 100755
---- a/tests/openpgp/quick-key-manipulation.scm
-+++ b/tests/openpgp/quick-key-manipulation.scm
-@@ -125,8 +125,13 @@
-    (default default never)
-    (rsa "sign auth encr" "seconds=600") ;; GPGME uses this
-    (rsa "auth,encr" "2") ;; "without a letter, days is assumed"
--   (rsa "sign" "2105-01-01") ;; "last year GnuPG can represent is 2105"
--   (rsa "sign" "21050101T115500") ;; "last year GnuPG can represent is 2105"
-+   ;; Sadly, the timestamp is truncated by the use of time_t on
-+   ;; systems where time_t is a signed 32 bit value.
-+   (rsa "sign" "2038-01-01")      ;; unix millennium
-+   (rsa "sign" "20380101T115500") ;; unix millennium
-+   ;; Once fixed, we can use later timestamps:
-+   ;; (rsa "sign" "2105-01-01")      ;; "last year GnuPG can represent is 2105"
-+   ;; (rsa "sign" "21050101T115500") ;; "last year GnuPG can represent is 2105"
-    (rsa sign "2d")
-    (rsa1024 sign "2w")
-    (rsa2048 encr "2m")
-@@ -157,7 +162,8 @@
-   (lambda (subkey)
-     (assert (= 1 (:alg subkey)))
-     (assert (string-contains? (:cap subkey) "s"))
--    (assert (time-matches? 4260207600 ;; 2105-01-01
-+    (assert (time-matches? 2145916800    ;; 2038-01-01
-+			   ;; 4260207600 ;; 2105-01-01
- 			   (string->number (:expire subkey))
- 			   ;; This is off by 12h, but I guess it just
- 			   ;; choses the middle of the day.
-@@ -165,7 +171,8 @@
-   (lambda (subkey)
-     (assert (= 1 (:alg subkey)))
-     (assert (string-contains? (:cap subkey) "s"))
--    (assert (time-matches? 4260254100 ;; UTC 2105-01-01 11:55:00
-+    (assert (time-matches? 2145959700    ;; UTC 2038-01-01 11:55:00
-+			   ;; 4260254100 ;; UTC 2105-01-01 11:55:00
- 			   (string->number (:expire subkey))
- 			   (minutes->seconds 5))))
-   (lambda (subkey)
--- 
-2.12.0
-
diff --git a/gnu/packages/patches/graphite2-CVE-2017-5436.patch b/gnu/packages/patches/graphite2-CVE-2017-5436.patch
new file mode 100644
index 0000000000..d7383ec8de
--- /dev/null
+++ b/gnu/packages/patches/graphite2-CVE-2017-5436.patch
@@ -0,0 +1,25 @@
+From 1ce331d5548b98ed8b818532b2556d6f2c7a3b83 Mon Sep 17 00:00:00 2001
+From: Martin Hosken <martin_hosken@sil.org>
+Date: Thu, 9 Mar 2017 22:04:04 +0000
+Subject: [PATCH] Ensure features have enough space. Fix from Mozilla
+
+---
+ src/FeatureMap.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/FeatureMap.cpp b/src/FeatureMap.cpp
+index b8c8405..83bd5f6 100644
+--- a/src/FeatureMap.cpp
++++ b/src/FeatureMap.cpp
+@@ -275,7 +275,7 @@ bool FeatureRef::applyValToFeature(uint32 val, Features & pDest) const
+     else
+       if (pDest.m_pMap!=&m_pFace->theSill().theFeatureMap())
+         return false;       //incompatible
+-    pDest.reserve(m_index);
++    pDest.reserve(m_index+1);
+     pDest[m_index] &= ~m_mask;
+     pDest[m_index] |= (uint32(val) << m_bits);
+     return true;
+-- 
+2.12.2
+
diff --git a/gnu/packages/patches/graphite2-check-code-point-limit.patch b/gnu/packages/patches/graphite2-check-code-point-limit.patch
new file mode 100644
index 0000000000..a9b6caf53f
--- /dev/null
+++ b/gnu/packages/patches/graphite2-check-code-point-limit.patch
@@ -0,0 +1,50 @@
+From 348c11e4571b534efdbd58a575bbea979c880b2f Mon Sep 17 00:00:00 2001
+From: Tim Eves <tim_eves@sil.org>
+Date: Wed, 1 Mar 2017 14:23:46 +0700
+Subject: [PATCH] Fix decoding of USV greater than U+110000
+
+Add test cases too
+---
+ src/inc/UtfCodec.h        | 4 ++--
+ tests/utftest/utftest.cpp | 3 +++
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/inc/UtfCodec.h b/src/inc/UtfCodec.h
+index 3417bac..9dc760f 100644
+--- a/src/inc/UtfCodec.h
++++ b/src/inc/UtfCodec.h
+@@ -124,7 +124,7 @@ struct _utf_codec<8>
+ private:
+     static const int8 sz_lut[16];
+     static const byte mask_lut[5];
+-
++    static const uchar_t    limit = 0x110000;
+ 
+ public:
+     typedef uint8   codeunit_t;
+@@ -157,7 +157,7 @@ public:
+             case 0:     l = -1; return 0xFFFD;
+         }
+ 
+-        if (l != seq_sz || toolong)
++        if (l != seq_sz || toolong  || u >= limit)
+         {
+             l = -l;
+             return 0xFFFD;
+diff --git a/tests/utftest/utftest.cpp b/tests/utftest/utftest.cpp
+index 21cb188..a23553a 100644
+--- a/tests/utftest/utftest.cpp
++++ b/tests/utftest/utftest.cpp
+@@ -8,6 +8,9 @@ struct test8
+     unsigned char str[12];
+ };
+ struct test8 tests8[] = {
++    { 0,  0, {0xF4, 0x90, 0x80, 0x80, 0,    0,    0,    0,    0,    0,    0,    0} },   // bad(4) [U+110000]
++    { 0,  0, {0xC0, 0x80, 0,    0,    0,    0,    0,    0,    0,    0,    0,    0} },   // bad(4) [U+110000]
++    { 0,  0, {0xA0, 0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0} },   // bad(4) [U+110000]    
+     { 4, -1, {0x7F, 0xDF, 0xBF, 0xEF, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0,    0} },   // U+7F, U+7FF, U+FFFF, U+10FFF
+     { 2,  3, {0x7F, 0xDF, 0xBF, 0xF0, 0x8F, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0} },   // U+7F, U+7FF, long(U+FFFF), U+10FFF
+     { 1,  1, {0x7F, 0xE0, 0x9F, 0xBF, 0xEF, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0} },   // U+7F, long(U+7FF), U+FFFF, U+10FFF
+-- 
+2.12.2
+
diff --git a/gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch b/gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch
new file mode 100644
index 0000000000..57d4ce2c6e
--- /dev/null
+++ b/gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch
@@ -0,0 +1,93 @@
+This patch incorporates the following 6 consecutive commits from the upstream
+graphite2 repository:
+
+75b83cd..: Martin Hosken 2017-03-28 Fix 32-bit wrap arounds
+1f97e36..: Martin Hosken 2017-03-28 balance comparisons in decompressor
+9493785..: Martin Hosken 2017-03-29 Speculative rounding fix
+09af043..: Tim Eves      2017-03-31 Move a MINMATCH to rhs of a comparisio
+28cc60d..: Tim Eves      2017-03-31 Deal with similar wrap around in literal_len
+8afc7d0..: Martin Hosken 2017-04-03 Fix 32-bit rollover in decompressor, again
+
+This diff was generated by the following command:
+
+  git diff 1ce331d5548b98ed..8afc7d0081959866
+
+
+diff --git a/src/Decompressor.cpp b/src/Decompressor.cpp
+index 084570f..56d531f 100644
+--- a/src/Decompressor.cpp
++++ b/src/Decompressor.cpp
+@@ -51,7 +51,7 @@ bool read_sequence(u8 const * &src, u8 const * const end, u8 const * &literal, u
+     literal = src;
+     src += literal_len;
+     
+-    if (src > end - 2)
++    if (src > end - 2 || src < literal)
+         return false;
+     
+     match_dist  = *src++;
+@@ -85,7 +85,7 @@ int lz4::decompress(void const *in, size_t in_size, void *out, size_t out_size)
+         {
+             // Copy in literal. At this point the last full sequence must be at
+             // least MINMATCH + 5 from the end of the output buffer.
+-            if (dst + align(literal_len) > dst_end - (MINMATCH+5))
++            if (align(literal_len) > unsigned(dst_end - dst - (MINMATCH+5)) || dst_end - dst < MINMATCH + 5)
+                 return -1;
+             dst = overrun_copy(dst, literal, literal_len);
+         }
+@@ -94,7 +94,8 @@ int lz4::decompress(void const *in, size_t in_size, void *out, size_t out_size)
+         //  decoded output.
+         u8 const * const pcpy = dst - match_dist;
+         if (pcpy < static_cast<u8*>(out)
+-                  || dst + match_len + MINMATCH > dst_end - 5)
++                  || match_len > unsigned(dst_end - dst - (MINMATCH+5))
++                  || dst_end - dst < MINMATCH + 5)
+             return -1;
+         if (dst > pcpy+sizeof(unsigned long) 
+             && dst + align(match_len + MINMATCH) <= dst_end)
+@@ -103,8 +104,8 @@ int lz4::decompress(void const *in, size_t in_size, void *out, size_t out_size)
+             dst = safe_copy(dst, pcpy, match_len + MINMATCH);
+     }
+     
+-    if (literal + literal_len > src_end
+-              || dst + literal_len > dst_end)
++    if (literal_len > src_end - literal
++              || literal_len > dst_end - dst)
+         return -1;
+     dst = fast_copy(dst, literal, literal_len);
+     
+diff --git a/src/Pass.cpp b/src/Pass.cpp
+index a4bac2e..683143c 100644
+--- a/src/Pass.cpp
++++ b/src/Pass.cpp
+@@ -171,7 +171,7 @@ bool Pass::readPass(const byte * const pass_start, size_t pass_length, size_t su
+     const uint16 * const o_actions = reinterpret_cast<const uint16 *>(p);
+     be::skip<uint16>(p, m_numRules + 1);
+     const byte * const states = p;
+-    if (e.test(p + 2u*m_numTransition*m_numColumns >= pass_end, E_BADPASSLENGTH)) return face.error(e);
++    if (e.test(2u*m_numTransition*m_numColumns >= (unsigned)(pass_end - p), E_BADPASSLENGTH)) return face.error(e);
+     be::skip<int16>(p, m_numTransition*m_numColumns);
+     be::skip<uint8>(p);
+     if (e.test(p != pcCode, E_BADPASSCCODEPTR)) return face.error(e);
+@@ -192,7 +192,7 @@ bool Pass::readPass(const byte * const pass_start, size_t pass_length, size_t su
+         m_cPConstraint = vm::Machine::Code(true, pcCode, pcCode + pass_constraint_len, 
+                                   precontext[0], be::peek<uint16>(sort_keys), *m_silf, face, PASS_TYPE_UNKNOWN);
+         if (e.test(!m_cPConstraint, E_OUTOFMEM)
+-                || e.test(!m_cPConstraint, m_cPConstraint.status() + E_CODEFAILURE))
++                || e.test(m_cPConstraint.status() != Code::loaded, m_cPConstraint.status() + E_CODEFAILURE))
+             return face.error(e);
+         face.error_context(face.error_context() - 1);
+     }
+diff --git a/src/Silf.cpp b/src/Silf.cpp
+index 72a22cd..d661992 100644
+--- a/src/Silf.cpp
++++ b/src/Silf.cpp
+@@ -191,7 +191,7 @@ bool Silf::readGraphite(const byte * const silf_start, size_t lSilf, Face& face,
+ 
+     const size_t clen = readClassMap(p, passes_start - p, version, e);
+     m_passes = new Pass[m_numPasses];
+-    if (e || e.test(p + clen > passes_start, E_BADPASSESSTART)
++    if (e || e.test(clen > unsigned(passes_start - p), E_BADPASSESSTART)
+           || e.test(!m_passes, E_OUTOFMEM))
+     { releaseBuffers(); return face.error(e); }
+ 
diff --git a/gnu/packages/patches/graphite2-non-linear-classes-even-number.patch b/gnu/packages/patches/graphite2-non-linear-classes-even-number.patch
new file mode 100644
index 0000000000..2bb1c9f94e
--- /dev/null
+++ b/gnu/packages/patches/graphite2-non-linear-classes-even-number.patch
@@ -0,0 +1,26 @@
+From 0646e4ee471183994f78a759269f0505617711f3 Mon Sep 17 00:00:00 2001
+From: Martin Hosken <martin_hosken@sil.org>
+Date: Tue, 18 Apr 2017 13:17:14 +0100
+Subject: [PATCH] Ensure non linear classes have even number of elements
+
+---
+ src/Silf.cpp | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/Silf.cpp b/src/Silf.cpp
+index d661992..9f2f954 100644
+--- a/src/Silf.cpp
++++ b/src/Silf.cpp
+@@ -293,7 +293,8 @@ size_t Silf::readClassMap(const byte *p, size_t data_len, uint32 version, Error
+         if (e.test(*o + 4 > max_off, E_HIGHCLASSOFFSET)                        // LookupClass doesn't stretch over max_off
+          || e.test(lookup[0] == 0                                                   // A LookupClass with no looks is a suspicious thing ...
+                     || lookup[0] * 2 + *o + 4 > max_off                             // numIDs lookup pairs fits within (start of LookupClass' lookups array, max_off]
+-                    || lookup[3] + lookup[1] != lookup[0], E_BADCLASSLOOKUPINFO))   // rangeShift:   numIDs  - searchRange
++                    || lookup[3] + lookup[1] != lookup[0], E_BADCLASSLOOKUPINFO)    // rangeShift:   numIDs  - searchRange
++         || e.test(((o[1] - *o) & 1) != 0, ERROROFFSET))                         // glyphs are in pairs so difference must be even.
+             return ERROROFFSET;
+     }
+ 
+-- 
+2.12.2
+
diff --git a/gnu/packages/patches/grub-CVE-2015-8370.patch b/gnu/packages/patches/grub-CVE-2015-8370.patch
deleted file mode 100644
index 5701b54759..0000000000
--- a/gnu/packages/patches/grub-CVE-2015-8370.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001
-From: Hector Marco-Gisbert <hecmargi@upv.es>
-Date: Fri, 13 Nov 2015 16:21:09 +0100
-Subject: [PATCH] Fix security issue when reading username and password
-
-  This patch fixes two integer underflows at:
-    * grub-core/lib/crypto.c
-    * grub-core/normal/auth.c
-
-Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
-Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
----
- grub-core/lib/crypto.c  | 2 +-
- grub-core/normal/auth.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
-index 010e550..524a3d8 100644
---- a/grub-core/lib/crypto.c
-+++ b/grub-core/lib/crypto.c
-@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned buf_size)
- 	  break;
- 	}
- 
--      if (key == '\b')
-+      if (key == '\b' && cur_len)
- 	{
- 	  cur_len--;
- 	  continue;
-diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c
-index c6bd96e..5782ec5 100644
---- a/grub-core/normal/auth.c
-+++ b/grub-core/normal/auth.c
-@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size)
- 	  break;
- 	}
- 
--      if (key == '\b')
-+      if (key == '\b' && cur_len)
- 	{
- 	  cur_len--;
- 	  grub_printf ("\b");
--- 
-1.9.1
-
diff --git a/gnu/packages/patches/grub-freetype.patch b/gnu/packages/patches/grub-freetype.patch
deleted file mode 100644
index 286830ccf8..0000000000
--- a/gnu/packages/patches/grub-freetype.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-commit fd0df6d098b1e6a4f60275c48a3ec88d15ba1fbb
-Author: Colin Watson <cjwatson@ubuntu.com>
-Date:   Fri Nov 29 12:19:36 2013 +0000
-
-    Fix build with FreeType 2.5.1
-    
-    * util/grub-gen-asciih.c: Include FT_SYNTHESIS_H rather than
-    <freetype/ftsynth.h>, fixing build with FreeType 2.5.1.
-    * util/grub-gen-widthspec.c: Likewise.
-    * util/grub-mkfont.c: Likewise.
-
-diff --git a/util/grub-mkfont.c b/util/grub-mkfont.c
-index 0d8eb78..242dd01 100644
---- a/util/grub-mkfont.c
-+++ b/util/grub-mkfont.c
-@@ -43,7 +43,7 @@
- #include FT_FREETYPE_H
- #include FT_TRUETYPE_TAGS_H
- #include FT_TRUETYPE_TABLES_H
--#include <freetype/ftsynth.h>
-+#include FT_SYNTHESIS_H
- 
- #undef __FTERRORS_H__
- #define FT_ERROR_START_LIST   const char *ft_errmsgs[] = { 
diff --git a/gnu/packages/patches/grub-gets-undeclared.patch b/gnu/packages/patches/grub-gets-undeclared.patch
deleted file mode 100644
index 41dddbd9d0..0000000000
--- a/gnu/packages/patches/grub-gets-undeclared.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-This patch is needed to allow builds with newer versions of
-the GNU libc (2.16+).
-
-
-commit 66712c23388e93e5c518ebc8515140fa0c807348
-Author: Eric Blake <eblake@redhat.com>
-Date:   Thu Mar 29 13:30:41 2012 -0600
-
-    stdio: don't assume gets any more
-    
-    Gnulib intentionally does not have a gets module, and now that C11
-    and glibc have dropped it, we should be more proactive about warning
-    any user on a platform that still has a declaration of this dangerous
-    interface.
-    
-    * m4/stdio_h.m4 (gl_STDIO_H, gl_STDIO_H_DEFAULTS): Drop gets
-    support.
-    * modules/stdio (Makefile.am): Likewise.
-    * lib/stdio-read.c (gets): Likewise.
-    * tests/test-stdio-c++.cc: Likewise.
-    * m4/warn-on-use.m4 (gl_WARN_ON_USE_PREPARE): Fix comment.
-    * lib/stdio.in.h (gets): Make warning occur in more places.
-    * doc/posix-functions/gets.texi (gets): Update documentation.
-    Reported by Christer Solskogen.
-    
-    Signed-off-by: Eric Blake <eblake@redhat.com>
-
---- grub-2.00/grub-core/gnulib/stdio.in.h	2013-02-10 16:17:09.000000000 +0100
-+++ grub-2.00/grub-core/gnulib/stdio.in.h	2013-02-10 16:17:11.000000000 +0100
-@@ -137,12 +137,6 @@ _GL_WARN_ON_USE (fflush, "fflush is not
-                  "use gnulib module fflush for portable POSIX compliance");
- #endif
- 
--/* It is very rare that the developer ever has full control of stdin,
--   so any use of gets warrants an unconditional warning.  Assume it is
--   always declared, since it is required by C89.  */
--#undef gets
--_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
--
- #if @GNULIB_FOPEN@
- # if @REPLACE_FOPEN@
- #  if !(defined __cplusplus && defined GNULIB_NAMESPACE)
diff --git a/gnu/packages/patches/gspell-dash-test.patch b/gnu/packages/patches/gspell-dash-test.patch
new file mode 100644
index 0000000000..e737921c4b
--- /dev/null
+++ b/gnu/packages/patches/gspell-dash-test.patch
@@ -0,0 +1,16 @@
+Somehow, Aspell 0.60.6.1 and aspell-dict-en-2016.11.20-0 don't consider
+this a valid spelling.  Skip it.
+
+--- gspell-1.3.2/testsuite/test-checker.c	2017-05-17 16:02:40.832415940 +0200
++++ gspell-1.3.2/testsuite/test-checker.c	2017-05-17 16:02:50.768351895 +0200
+@@ -101,9 +101,6 @@ test_dashes (void)
+ 
+ 	checker = gspell_checker_new (lang);
+ 
+-	correctly_spelled = gspell_checker_check_word (checker, "spell-checking", -1, &error);
+-	g_assert_no_error (error);
+-	g_assert (correctly_spelled);
+ 
+ 	correctly_spelled = gspell_checker_check_word (checker, "nrst-auie", -1, &error);
+ 	g_assert_no_error (error);
+
diff --git a/gnu/packages/patches/guile-arm-fixes.patch b/gnu/packages/patches/guile-arm-fixes.patch
deleted file mode 100644
index 62bcf0fa7b..0000000000
--- a/gnu/packages/patches/guile-arm-fixes.patch
+++ /dev/null
@@ -1,203 +0,0 @@
-Apply fixes for ARM to Guile.
-
-From df8c52e93dfa3965e4714275f4b8cea2c8e0170b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
-Date: Fri, 4 Jul 2014 15:35:06 +0200
-Subject: [PATCH] Recognize arm-* target triplets.
-
-Reported by Sylvain Beucler <beuc@beuc.net>.
-
-* module/system/base/target.scm (cpu-endianness): Add case where CPU is
-  "arm".
-* test-suite/tests/asm-to-bytecode.test ("cross-compilation")["arm-unknown-linux-androideabi"]:
-  New test.
----
- module/system/base/target.scm         | 4 +++-
- test-suite/tests/asm-to-bytecode.test | 5 ++++-
- 2 files changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/module/system/base/target.scm b/module/system/base/target.scm
-index c74ae67..cefa951 100644
---- a/module/system/base/target.scm
-+++ b/module/system/base/target.scm
-@@ -1,6 +1,6 @@
- ;;; Compilation targets
- 
--;; Copyright (C) 2011, 2012, 2013 Free Software Foundation, Inc.
-+;; Copyright (C) 2011, 2012, 2013, 2014 Free Software Foundation, Inc.
- 
- ;; This library is free software; you can redistribute it and/or
- ;; modify it under the terms of the GNU Lesser General Public
-@@ -72,6 +72,8 @@
-              (endianness big))
-             ((string-match "^arm.*el" cpu)
-              (endianness little))
-+            ((string=? "arm" cpu)                ;ARMs are LE by default
-+             (endianness little))
-             (else
-              (error "unknown CPU endianness" cpu)))))
- 
-diff --git a/test-suite/tests/asm-to-bytecode.test b/test-suite/tests/asm-to-bytecode.test
-index 6d2f20e..62ea0ed 100644
---- a/test-suite/tests/asm-to-bytecode.test
-+++ b/test-suite/tests/asm-to-bytecode.test
-@@ -1,6 +1,6 @@
- ;;;; Assembly to bytecode compilation -*- mode: scheme; coding: utf-8; -*-
- ;;;;
--;;;; 	Copyright (C) 2010, 2011, 2012, 2013 Free Software Foundation, Inc.
-+;;;; 	Copyright (C) 2010, 2011, 2012, 2013, 2014 Free Software Foundation, Inc.
- ;;;;
- ;;;; This library is free software; you can redistribute it and/or
- ;;;; modify it under the terms of the GNU Lesser General Public
-@@ -205,6 +205,9 @@
-   (test-target "x86_64-unknown-linux-gnux32"      ; x32 ABI (Debian tuplet)
-                (endianness little) 4)
- 
-+  (test-target "arm-unknown-linux-androideabi"
-+               (endianness little) 4)
-+
-   (pass-if-exception "unknown target"
-     exception:miscellaneous-error
-     (call-with-values (lambda ()
--- 
-2.1.2
-
-From ffd3e55cfd12a3559621e3130d613d319243512d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
-Date: Fri, 4 Jul 2014 17:26:41 +0200
-Subject: [PATCH] Recognize more ARM targets.
-
-Suggested by Dale P. Smith.
-
-* module/system/base/target.scm (cpu-endianness): Add cases for
-  "arm.*eb", "^aarch64.*be", and "aarch64".  Change "arm" case to
-  "arm.*".
-  (triplet-pointer-size): Allow underscore as in 'aarch64_be'.
-* test-suite/tests/asm-to-bytecode.test ("cross-compilation")["armeb-unknown-linux-gnu",
-  "aarch64-linux-gnu", "aarch64_be-linux-gnu"]: New tests.
----
- module/system/base/target.scm         | 10 ++++++++--
- test-suite/tests/asm-to-bytecode.test |  6 ++++++
- 2 files changed, 14 insertions(+), 2 deletions(-)
-
-diff --git a/module/system/base/target.scm b/module/system/base/target.scm
-index cefa951..31e3fea 100644
---- a/module/system/base/target.scm
-+++ b/module/system/base/target.scm
-@@ -72,7 +72,13 @@
-              (endianness big))
-             ((string-match "^arm.*el" cpu)
-              (endianness little))
--            ((string=? "arm" cpu)                ;ARMs are LE by default
-+            ((string-match "^arm.*eb" cpu)
-+             (endianness big))
-+            ((string-prefix? "arm" cpu)          ;ARMs are LE by default
-+             (endianness little))
-+            ((string-match "^aarch64.*be" cpu)
-+             (endianness big))
-+            ((string=? "aarch64" cpu)
-              (endianness little))
-             (else
-              (error "unknown CPU endianness" cpu)))))
-@@ -97,7 +103,7 @@
-           ((string-match "^x86_64-.*-gnux32" triplet) 4)  ; x32
- 
-           ((string-match "64$" cpu) 8)
--          ((string-match "64[lbe][lbe]$" cpu) 8)
-+          ((string-match "64_?[lbe][lbe]$" cpu) 8)
-           ((member cpu '("sparc" "powerpc" "mips" "mipsel")) 4)
-           ((string-match "^arm.*" cpu) 4)
-           (else (error "unknown CPU word size" cpu)))))
-diff --git a/test-suite/tests/asm-to-bytecode.test b/test-suite/tests/asm-to-bytecode.test
-index 62ea0ed..8aeba84 100644
---- a/test-suite/tests/asm-to-bytecode.test
-+++ b/test-suite/tests/asm-to-bytecode.test
-@@ -207,6 +207,12 @@
- 
-   (test-target "arm-unknown-linux-androideabi"
-                (endianness little) 4)
-+  (test-target "armeb-unknown-linux-gnu"
-+               (endianness big) 4)
-+  (test-target "aarch64-linux-gnu"
-+               (endianness little) 8)
-+  (test-target "aarch64_be-linux-gnu"
-+               (endianness big) 8)
- 
-   (pass-if-exception "unknown target"
-     exception:miscellaneous-error
--- 
-2.1.2
-
-From a85c78ea1393985fdb6e6678dea19135c553d341 Mon Sep 17 00:00:00 2001
-From: Mark H Weaver <mhw@netris.org>
-Date: Fri, 19 Sep 2014 21:18:09 -0400
-Subject: [PATCH] VM: ASM_MUL for ARM: Add earlyclobber constraint to the SMULL
- outputs.
-
-Reported by Rob Browning <rlb@defaultvalue.org>.
-
-* libguile/vm-i-scheme.c (ASM_MUL)[ARM]: Add earlyclobber (&) constraint
-  to the SMULL output registers.
----
- libguile/vm-i-scheme.c | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/libguile/vm-i-scheme.c b/libguile/vm-i-scheme.c
-index 587aa95..162efab 100644
---- a/libguile/vm-i-scheme.c
-+++ b/libguile/vm-i-scheme.c
-@@ -1,5 +1,4 @@
--/* Copyright (C) 2001, 2009, 2010, 2011, 2012, 2013,
-- *   2014 Free Software Foundation, Inc.
-+/* Copyright (C) 2001, 2009-2014 Free Software Foundation, Inc.
-  * 
-  * This library is free software; you can redistribute it and/or
-  * modify it under the terms of the GNU Lesser General Public License
-@@ -363,7 +362,7 @@ VM_DEFINE_FUNCTION (149, ge, "ge?", 2)
-       {									\
- 	scm_t_signed_bits rlo, rhi;					\
- 	asm ("smull %0, %1, %2, %3\n"					\
--	     : "=r" (rlo), "=r" (rhi)					\
-+	     : "=&r" (rlo), "=&r" (rhi)					\
- 	     : "r" (SCM_UNPACK (x) - scm_tc2_int),			\
- 	       "r" (SCM_I_INUM (y)));					\
- 	if (SCM_LIKELY (SCM_SRS (rlo, 31) == rhi))			\
--- 
-2.1.2
-
-From bed025bd2569b1c033f24d7d9e660e39ebf65cac Mon Sep 17 00:00:00 2001
-From: Mark H Weaver <mhw@netris.org>
-Date: Sat, 20 Sep 2014 03:59:51 -0400
-Subject: [PATCH] VM: Allow the C compiler to choose FP_REG on ARM.
-
-Reported by Rob Browning <rlb@defaultvalue.org>.
-
-* libguile/vm-engine.h (IP_REG)[__arm__]: Remove explicit register
-  choice ("r7") for FP_REG, which was reported to cause compilation
-  failures on ARM.
----
- libguile/vm-engine.h | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/libguile/vm-engine.h b/libguile/vm-engine.h
-index 46d4cff..e618be7 100644
---- a/libguile/vm-engine.h
-+++ b/libguile/vm-engine.h
-@@ -1,4 +1,4 @@
--/* Copyright (C) 2001, 2009, 2010, 2011, 2012 Free Software Foundation, Inc.
-+/* Copyright (C) 2001, 2009-2012, 2014 Free Software Foundation, Inc.
-  * 
-  * This library is free software; you can redistribute it and/or
-  * modify it under the terms of the GNU Lesser General Public License
-@@ -81,7 +81,7 @@
- #ifdef __arm__
- #define IP_REG asm("r9")
- #define SP_REG asm("r8")
--#define FP_REG asm("r7")
-+#define FP_REG
- #endif
- #endif
- 
--- 
-2.1.2
-
diff --git a/gnu/packages/patches/guile-ssh-double-free.patch b/gnu/packages/patches/guile-ssh-double-free.patch
new file mode 100644
index 0000000000..9692b81d39
--- /dev/null
+++ b/gnu/packages/patches/guile-ssh-double-free.patch
@@ -0,0 +1,37 @@
+Fix a double-free or use-after-free issue with Guile-SSH used
+with Guile 2.2.  See <https://bugs.gnu.org/26976>.
+
+diff --git a/libguile-ssh/channel-type.c b/libguile-ssh/channel-type.c
+index 3dd641f..0839854 100644
+--- a/libguile-ssh/channel-type.c
++++ b/libguile-ssh/channel-type.c
+@@ -229,10 +229,11 @@ ptob_close (SCM channel)
+       ssh_channel_free (ch->ssh_channel);
+     }
+ 
++  SCM_SETSTREAM (channel, NULL);
++
+ #if USING_GUILE_BEFORE_2_2
+   scm_gc_free (pt->write_buf, pt->write_buf_size, "port write buffer");
+   scm_gc_free (pt->read_buf,  pt->read_buf_size, "port read buffer");
+-  SCM_SETSTREAM (channel, NULL);
+ 
+   return 0;
+ #endif
+diff --git a/libguile-ssh/sftp-file-type.c b/libguile-ssh/sftp-file-type.c
+index 8879924..f87cf03 100644
+--- a/libguile-ssh/sftp-file-type.c
++++ b/libguile-ssh/sftp-file-type.c
+@@ -224,10 +224,11 @@ ptob_close (SCM sftp_file)
+       sftp_close (fd->file);
+     }
+ 
++  SCM_SETSTREAM (sftp_file, NULL);
++
+ #if USING_GUILE_BEFORE_2_2
+   scm_gc_free (pt->write_buf, pt->write_buf_size, "port write buffer");
+   scm_gc_free (pt->read_buf,  pt->read_buf_size, "port read buffer");
+-  SCM_SETSTREAM (sftp_file, NULL);
+ 
+   return 1;
+ #endif
diff --git a/gnu/packages/patches/guile-ssh-rexec-bug.patch b/gnu/packages/patches/guile-ssh-rexec-bug.patch
new file mode 100644
index 0000000000..363fea38c9
--- /dev/null
+++ b/gnu/packages/patches/guile-ssh-rexec-bug.patch
@@ -0,0 +1,16 @@
+Fix a bug whereby 'node-guile-version' would pass a node instead of
+a session to 'rexec'.
+
+diff --git a/modules/ssh/dist/node.scm b/modules/ssh/dist/node.scm
+index 9c065c7..29a3906 100644
+--- a/modules/ssh/dist/node.scm
++++ b/modules/ssh/dist/node.scm
+@@ -411,7 +411,8 @@ procedure returns the 1st evaluated value if multiple values were returned."
+   "Get Guile version installed on a NODE, return the version string.  Return
+ #f if Guile is not installed."
+   (receive (result rc)
+-      (rexec node "which guile > /dev/null && guile --version")
++      (rexec (node-session node)
++             "which guile > /dev/null && guile --version")
+     (and (zero? rc)
+          (car result))))
diff --git a/gnu/packages/patches/hurd-fix-eth-multiplexer-dependency.patch b/gnu/packages/patches/hurd-fix-eth-multiplexer-dependency.patch
new file mode 100644
index 0000000000..5f0da3eab3
--- /dev/null
+++ b/gnu/packages/patches/hurd-fix-eth-multiplexer-dependency.patch
@@ -0,0 +1,26 @@
+From ef0399bad41e60cb30d5073129abeb206076394a Mon Sep 17 00:00:00 2001
+From: Manolis Ragkousis <manolis837@gmail.com>
+Date: Sat, 8 Apr 2017 16:44:52 +0300
+Subject: [PATCH] eth-multiplexer: Fix iohelp missing dependency.
+
+* eth-multiplexer/Makefile (HURDLIBS): Add iohelp.
+---
+ eth-multiplexer/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/eth-multiplexer/Makefile b/eth-multiplexer/Makefile
+index 07f909e7..cefa0abd 100644
+--- a/eth-multiplexer/Makefile
++++ b/eth-multiplexer/Makefile
+@@ -26,7 +26,7 @@ MIGSFLAGS = -imacros $(srcdir)/mig-mutate.h
+ device-MIGSFLAGS="-DMACH_PAYLOAD_TO_PORT=ports_payload_get_name"
+ OBJS = $(SRCS:.c=.o) $(MIGSTUBS)
+ LCLHDRS = ethernet.h util.h vdev.h netfs_impl.h
+-HURDLIBS = ports ihash fshelp shouldbeinlibc netfs bpf
++HURDLIBS = ports ihash iohelp fshelp shouldbeinlibc netfs bpf
+ LDLIBS = -lpthread
+ 
+ CFLAGS += -I$(top_srcdir)/libbpf
+-- 
+2.12.2
+
diff --git a/gnu/packages/patches/hypre-doc-tables.patch b/gnu/packages/patches/hypre-doc-tables.patch
deleted file mode 100644
index 6a852ee78e..0000000000
--- a/gnu/packages/patches/hypre-doc-tables.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Fixes doc++'s treatment of tabular within a parameter block.
-
-From commit 883925f8a at http://github.com/LLNL/hypre
-
---- hypre-2.10.1/src/parcsr_ls/HYPRE_parcsr_ls.h	2015-12-04 22:12:19.000000000 -0600
-+++ hypre-2.10.1/src/parcsr_ls/HYPRE_parcsr_ls.h	2016-03-16 09:02:58.547501336 -0500
-@@ -1154,8 +1154,6 @@
-  * Set the symmetry parameter for the
-  * ParaSails preconditioner.
-  *
-- * @param solver [IN] Preconditioner object for which to set symmetry parameter.
-- * @param sym [IN] Value of the symmetry parameter:
-  * \begin{tabular}{|c|l|} \hline 
-  * value & meaning \\ \hline 
-  * 0 & nonsymmetric and/or indefinite problem, and nonsymmetric preconditioner\\
-@@ -1163,6 +1161,9 @@
-  * 2 & nonsymmetric, definite problem, and SPD (factored) preconditioner \\
-  * \hline
-  * \end{tabular}
-+ * 
-+ * @param solver [IN] Preconditioner object for which to set symmetry parameter.
-+ * @param sym [IN] Value of the symmetry parameter:
-  **/
- HYPRE_Int HYPRE_ParaSailsSetSym(HYPRE_Solver solver,
-                                 HYPRE_Int    sym);
diff --git a/gnu/packages/patches/hypre-ldflags.patch b/gnu/packages/patches/hypre-ldflags.patch
deleted file mode 100644
index a94fafa463..0000000000
--- a/gnu/packages/patches/hypre-ldflags.patch
+++ /dev/null
@@ -1,9 +0,0 @@
---- hypre-2.10.1/src/lib/Makefile.orig	2016-03-11 16:04:03.740259228 -0600
-+++ hypre-2.10.1/src/lib/Makefile	2016-03-11 16:04:57.296260190 -0600
-@@ -107,5 +107,5 @@
- 
- libHYPRE.so: ${FILES_HYPRE}
- 	@echo  "Building $@ ... "
--	${BUILD_CC_SHARED} -o ${SONAME} ${FILES_HYPRE} ${SOLIBS} ${SHARED_SET_SONAME}${SONAME} ${SHARED_OPTIONS}
-+	${BUILD_CC_SHARED} ${LDFLAGS} -o ${SONAME} ${FILES_HYPRE} ${SOLIBS} ${SHARED_SET_SONAME}${SONAME} ${SHARED_OPTIONS}
- 	ln -s ${SONAME} $@
diff --git a/gnu/packages/patches/icecat-avoid-bundled-libraries.patch b/gnu/packages/patches/icecat-avoid-bundled-libraries.patch
index 267f7b8aac..114631517a 100644
--- a/gnu/packages/patches/icecat-avoid-bundled-libraries.patch
+++ b/gnu/packages/patches/icecat-avoid-bundled-libraries.patch
@@ -1,8 +1,8 @@
 Fixes needed when avoiding bundled libraries.
 
---- icecat-45.3.0/xpcom/build/moz.build.orig
-+++ icecat-45.3.0/xpcom/build/moz.build
-@@ -92,10 +92,5 @@
+--- icecat-52.0.2/xpcom/build/moz.build.orig
++++ icecat-52.0.2/xpcom/build/moz.build
+@@ -93,10 +93,5 @@
      '/docshell/base',
  ]
  
@@ -13,38 +13,23 @@ Fixes needed when avoiding bundled libraries.
 -
  if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'cocoa':
      CXXFLAGS += CONFIG['TK_CFLAGS']
---- icecat-45.3.0/storage/moz.build.orig
-+++ icecat-45.3.0/storage/moz.build
-@@ -108,7 +108,6 @@
- DEFINES['SQLITE_MAX_LIKE_PATTERN_LENGTH'] = 50000
+--- icecat-52.0.2/storage/moz.build.orig
++++ icecat-52.0.2/storage/moz.build
+@@ -114,7 +114,6 @@
+     DEFINES['MOZ_MEMORY_TEMP_STORE_PRAGMA'] = True
  
  LOCAL_INCLUDES += [
 -    '/db/sqlite3/src',
      '/dom/base',
  ]
  
---- icecat-45.3.0/dom/indexedDB/moz.build.orig
-+++ icecat-45.3.0/dom/indexedDB/moz.build
-@@ -96,7 +96,6 @@
-     SOURCES['Key.cpp'].flags += ['-Wno-error=type-limits']
+--- icecat-52.0.2/dom/indexedDB/moz.build.orig
++++ icecat-52.0.2/dom/indexedDB/moz.build
+@@ -101,7 +101,6 @@
+     CXXFLAGS += ['-Wno-error=shadow']
  
  LOCAL_INCLUDES += [
 -    '/db/sqlite3/src',
      '/dom/base',
      '/dom/storage',
      '/dom/workers',
---- icecat-45.3.0/modules/libmar/tests/Makefile.in.orig
-+++ icecat-45.3.0/modules/libmar/tests/Makefile.in
-@@ -10,12 +10,5 @@
- ifndef MOZ_PROFILE_GENERATE
- libs::
- 	$(INSTALL) ../tool/signmar$(BIN_SUFFIX) $(TESTROOT)/unit
--	$(INSTALL) $(DEPTH)/dist/bin/$(DLL_PREFIX)nss3$(DLL_SUFFIX) $(TESTROOT)/unit
--ifndef MOZ_FOLD_LIBS
--	$(INSTALL) $(DEPTH)/dist/bin/$(DLL_PREFIX)nssutil3$(DLL_SUFFIX) $(TESTROOT)/unit
--	$(INSTALL) $(DEPTH)/dist/bin/$(DLL_PREFIX)plc4$(DLL_SUFFIX) $(TESTROOT)/unit
--	$(INSTALL) $(DEPTH)/dist/bin/$(DLL_PREFIX)nspr4$(DLL_SUFFIX) $(TESTROOT)/unit
--	$(INSTALL) $(DEPTH)/dist/bin/$(DLL_PREFIX)plds4$(DLL_SUFFIX) $(TESTROOT)/unit
--endif
- endif
- endif # Not Android
diff --git a/gnu/packages/patches/icecat-binutils.patch b/gnu/packages/patches/icecat-binutils.patch
deleted file mode 100644
index 53a3ed9bb0..0000000000
--- a/gnu/packages/patches/icecat-binutils.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-
-# HG changeset patch
-# User J. Brown <jb999@gmx.de>
-# Date 1476951900 14400
-# Node ID cca249d09ef600650e6127c18be438a37e9d4587
-# Parent  d8bbf1a3957fd25ff24bfee51331c150b154cc39
-Bug 1242901 - Fix linking libxul.so with binutils/GNU ld >= 2.26. r=glandium
-
-The build fails with:
-
-    /usr/bin/ld: ../../xpcom/components/nsComponentManager.o: relocation R_386_GOTOFF against protected data `start_kPStaticModules_NSModule' can not be used when making a shared object
-    /usr/bin/ld: final link failed: Bad value
-    collect2: error: ld returned 1 exit status
-
-This is a patch from 2016/04/27 16:36:50 ryoon found on
-http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/www/firefox45/patches/#dirlist.
-
-diff --git a/xpcom/components/Module.h b/xpcom/components/Module.h
---- a/xpcom/components/Module.h
-+++ b/xpcom/components/Module.h
-@@ -133,17 +133,17 @@ struct Module
- #if defined(MOZILLA_INTERNAL_API)
- #  define NSMODULE_NAME(_name) _name##_NSModule
- #  if defined(_MSC_VER)
- #    pragma section(".kPStaticModules$M", read)
- #    pragma comment(linker, "/merge:.kPStaticModules=.rdata")
- #    define NSMODULE_SECTION __declspec(allocate(".kPStaticModules$M"), dllexport)
- #  elif defined(__GNUC__)
- #    if defined(__ELF__)
--#      define NSMODULE_SECTION __attribute__((section(".kPStaticModules"), visibility("protected")))
-+#      define NSMODULE_SECTION __attribute__((section(".kPStaticModules"), visibility("default")))
- #    elif defined(__MACH__)
- #      define NSMODULE_SECTION __attribute__((section("__DATA, .kPStaticModules"), visibility("default")))
- #    elif defined (_WIN32)
- #      define NSMODULE_SECTION __attribute__((section(".kPStaticModules"), dllexport))
- #    endif
- #  endif
- #  if !defined(NSMODULE_SECTION)
- #    error Do not know how to define sections.
-
diff --git a/gnu/packages/patches/icu4c-CVE-2014-6585.patch b/gnu/packages/patches/icu4c-CVE-2014-6585.patch
deleted file mode 100644
index d21a0d0ba1..0000000000
--- a/gnu/packages/patches/icu4c-CVE-2014-6585.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Copied from Debian.
-
-description: out-of-bounds read
-origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6585
-
---- a/source/layout/LETableReference.h
-+++ b/source/layout/LETableReference.h
-@@ -322,7 +322,12 @@ LE_TRACE_TR("INFO: new RTAO")
-   }
-   
-   const T& operator()(le_uint32 i, LEErrorCode &success) const {
--    return *getAlias(i,success);
-+    const T *ret = getAlias(i,success);
-+    if (LE_FAILURE(success) || ret==NULL) {
-+      return *(new T());
-+    } else {
-+      return *ret;
-+    }
-   }
- 
-   size_t getOffsetFor(le_uint32 i, LEErrorCode &success) const {
diff --git a/gnu/packages/patches/icu4c-CVE-2015-1270.patch b/gnu/packages/patches/icu4c-CVE-2015-1270.patch
deleted file mode 100644
index 2a7658d36e..0000000000
--- a/gnu/packages/patches/icu4c-CVE-2015-1270.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Copied from Debian.
-
-diff --git a/source/common/ucnv_io.cpp b/source/common/ucnv_io.cpp
-index 5dd35d8..4424664 100644
---- a/source/common/ucnv_io.cpp
-+++ b/source/common/ucnv_io.cpp
-@@ -744,7 +744,7 @@ ucnv_io_getConverterName(const char *alias, UBool *containsOption, UErrorCode *p
-              * the name begins with 'x-'. If it does, strip it off and try
-              * again.  This behaviour is similar to how ICU4J does it.
-              */
--            if (aliasTmp[0] == 'x' || aliasTmp[1] == '-') {
-+            if (aliasTmp[0] == 'x' && aliasTmp[1] == '-') {
-                 aliasTmp = aliasTmp+2;
-             } else {
-                 break;
diff --git a/gnu/packages/patches/icu4c-CVE-2015-4760.patch b/gnu/packages/patches/icu4c-CVE-2015-4760.patch
deleted file mode 100644
index 77da283b7b..0000000000
--- a/gnu/packages/patches/icu4c-CVE-2015-4760.patch
+++ /dev/null
@@ -1,189 +0,0 @@
-Copied from Debian.
-
-Description: missing boundary checks in layout engine
- It was discovered that ICU Layout Engine was missing multiple boundary checks.
- These could lead to buffer overflows and memory corruption.  A specially
- crafted file could cause an application using ICU to parse untrusted font
- files to crash and, possibly, execute arbitrary code.
-Author: Laszlo Boszormenyi (GCS) <gcs@debian.org>
-Origin: upstream, http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/3f9845510b47
-Reviewed-By: srl, bae, mschoene
-Forwarded: not-needed
-Last-Update: 2015-07-30
-
----
-
---- icu-52.1.orig/source/layout/ContextualGlyphInsertionProc2.cpp
-+++ icu-52.1/source/layout/ContextualGlyphInsertionProc2.cpp
-@@ -82,6 +82,10 @@ le_uint16 ContextualGlyphInsertionProces
-     
-     le_int16 markIndex = SWAPW(entry->markedInsertionListIndex);
-     if (markIndex > 0) {
-+        if (markGlyph < 0 || markGlyph >= glyphStorage.getGlyphCount()) {
-+           success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
-+           return 0;
-+        }
-         le_int16 count = (flags & cgiMarkedInsertCountMask) >> 5;
-         le_bool isKashidaLike = (flags & cgiMarkedIsKashidaLike);
-         le_bool isBefore = (flags & cgiMarkInsertBefore);
-@@ -90,6 +94,10 @@ le_uint16 ContextualGlyphInsertionProces
- 
-     le_int16 currIndex = SWAPW(entry->currentInsertionListIndex);
-     if (currIndex > 0) {
-+        if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) {
-+           success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
-+           return 0;
-+        }
-         le_int16 count = flags & cgiCurrentInsertCountMask;
-         le_bool isKashidaLike = (flags & cgiCurrentIsKashidaLike);
-         le_bool isBefore = (flags & cgiCurrentInsertBefore);
---- icu-52.1.orig/source/layout/ContextualGlyphSubstProc.cpp
-+++ icu-52.1/source/layout/ContextualGlyphSubstProc.cpp
-@@ -51,6 +51,10 @@ ByteOffset ContextualGlyphSubstitutionPr
-   WordOffset currOffset = SWAPW(entry->currOffset);
-   
-   if (markOffset != 0 && LE_SUCCESS(success)) {
-+    if (markGlyph < 0 || markGlyph >= glyphStorage.getGlyphCount()) {
-+       success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
-+       return 0;
-+    }
-     LEGlyphID mGlyph = glyphStorage[markGlyph];
-     TTGlyphID newGlyph = SWAPW(int16Table.getObject(markOffset + LE_GET_GLYPH(mGlyph), success)); // whew. 
- 
-@@ -58,6 +62,10 @@ ByteOffset ContextualGlyphSubstitutionPr
-   }
- 
-   if (currOffset != 0) {
-+    if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) {
-+       success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
-+       return 0;
-+    }
-     LEGlyphID thisGlyph = glyphStorage[currGlyph];
-     TTGlyphID newGlyph = SWAPW(int16Table.getObject(currOffset + LE_GET_GLYPH(thisGlyph), success)); // whew. 
-     
---- icu-52.1.orig/source/layout/ContextualGlyphSubstProc2.cpp
-+++ icu-52.1/source/layout/ContextualGlyphSubstProc2.cpp
-@@ -45,17 +45,25 @@ le_uint16 ContextualGlyphSubstitutionPro
-     if(LE_FAILURE(success)) return 0;
-     le_uint16 newState = SWAPW(entry->newStateIndex);
-     le_uint16 flags = SWAPW(entry->flags);
--    le_int16 markIndex = SWAPW(entry->markIndex);
--    le_int16 currIndex = SWAPW(entry->currIndex);
-+    le_uint16 markIndex = SWAPW(entry->markIndex);
-+    le_uint16 currIndex = SWAPW(entry->currIndex);
-     
--    if (markIndex != -1) {
-+    if (markIndex != 0x0FFFF) {
-+        if (markGlyph < 0 || markGlyph >= glyphStorage.getGlyphCount()) {
-+           success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
-+           return 0;
-+        }
-         le_uint32 offset = SWAPL(perGlyphTable(markIndex, success));
-         LEGlyphID mGlyph = glyphStorage[markGlyph];
-         TTGlyphID newGlyph = lookup(offset, mGlyph, success);        
-         glyphStorage[markGlyph] = LE_SET_GLYPH(mGlyph, newGlyph);
-     }
- 
--    if (currIndex != -1) {
-+    if (currIndex != 0x0FFFF) {
-+        if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) {
-+           success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
-+           return 0;
-+        }
-         le_uint32 offset = SWAPL(perGlyphTable(currIndex, success));
-         LEGlyphID thisGlyph = glyphStorage[currGlyph];
-         TTGlyphID newGlyph = lookup(offset, thisGlyph, success);
---- icu-52.1.orig/source/layout/IndicRearrangementProcessor.cpp
-+++ icu-52.1/source/layout/IndicRearrangementProcessor.cpp
-@@ -45,6 +45,11 @@ ByteOffset IndicRearrangementProcessor::
-     ByteOffset newState = SWAPW(entry->newStateOffset);
-     IndicRearrangementFlags flags = (IndicRearrangementFlags) SWAPW(entry->flags);
- 
-+    if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) {
-+       success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
-+       return 0;
-+    }
-+
-     if (flags & irfMarkFirst) {
-         firstGlyph = currGlyph;
-     }
---- icu-52.1.orig/source/layout/IndicRearrangementProcessor2.cpp
-+++ icu-52.1/source/layout/IndicRearrangementProcessor2.cpp
-@@ -43,6 +43,11 @@ le_uint16 IndicRearrangementProcessor2::
-     le_uint16 newState = SWAPW(entry->newStateIndex); // index to the new state
-     IndicRearrangementFlags  flags =  (IndicRearrangementFlags) SWAPW(entry->flags);
-     
-+    if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) {
-+       success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
-+       return 0;
-+    }
-+
-     if (flags & irfMarkFirst) {
-         firstGlyph = currGlyph;
-     }
---- icu-52.1.orig/source/layout/LigatureSubstProc.cpp
-+++ icu-52.1/source/layout/LigatureSubstProc.cpp
-@@ -48,7 +48,7 @@ ByteOffset LigatureSubstitutionProcessor
-   const LigatureSubstitutionStateEntry *entry = entryTable.getAlias(index, success);
- 
-     ByteOffset newState = SWAPW(entry->newStateOffset);
--    le_int16 flags = SWAPW(entry->flags);
-+    le_uint16 flags = SWAPW(entry->flags);
- 
-     if (flags & lsfSetComponent) {
-         if (++m >= nComponents) {
---- icu-52.1.orig/source/layout/StateTableProcessor.cpp
-+++ icu-52.1/source/layout/StateTableProcessor.cpp
-@@ -60,6 +60,7 @@ void StateTableProcessor::process(LEGlyp
-         if (currGlyph == glyphCount) {
-             // XXX: How do we handle EOT vs. EOL?
-             classCode = classCodeEOT;
-+            break;
-         } else {
-             TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(glyphStorage[currGlyph]);
- 
---- icu-52.1.orig/source/layout/StateTableProcessor2.cpp
-+++ icu-52.1/source/layout/StateTableProcessor2.cpp
-@@ -78,6 +78,7 @@ void StateTableProcessor2::process(LEGly
-                 if (currGlyph == glyphCount || currGlyph == -1) {
-                     // XXX: How do we handle EOT vs. EOL?
-                     classCode = classCodeEOT;
-+                    break;
-                 } else {
-                     LEGlyphID gid = glyphStorage[currGlyph];
-                     TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(gid);
-@@ -109,6 +110,7 @@ void StateTableProcessor2::process(LEGly
-                 if (currGlyph == glyphCount || currGlyph == -1) {
-                     // XXX: How do we handle EOT vs. EOL?
-                     classCode = classCodeEOT;
-+                    break;
-                 } else {
-                     LEGlyphID gid = glyphStorage[currGlyph];
-                     TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(gid);
-@@ -146,6 +148,7 @@ void StateTableProcessor2::process(LEGly
-                 if (currGlyph == glyphCount || currGlyph == -1) {
-                     // XXX: How do we handle EOT vs. EOL?
-                     classCode = classCodeEOT;
-+                    break;
-                 } else if(currGlyph > glyphCount) {
-                   // note if > glyphCount, we've run off the end (bad font)
-                   currGlyph = glyphCount;
-@@ -186,6 +189,7 @@ void StateTableProcessor2::process(LEGly
-                 if (currGlyph == glyphCount || currGlyph == -1) {
-                     // XXX: How do we handle EOT vs. EOL?
-                     classCode = classCodeEOT;
-+                    break;
-                 } else {
-                     TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(glyphStorage[currGlyph]);
-                     if (glyphCode == 0xFFFF) {
---- icu-52.1.orig/source/layout/StateTables.h
-+++ icu-52.1/source/layout/StateTables.h
-@@ -101,7 +101,7 @@ typedef le_uint8 EntryTableIndex;
- struct StateEntry
- {
-     ByteOffset  newStateOffset;
--    le_int16    flags;
-+    le_uint16    flags;
- };
- 
- typedef le_uint16 EntryTableIndex2;
diff --git a/gnu/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch b/gnu/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch
new file mode 100644
index 0000000000..4db8f27998
--- /dev/null
+++ b/gnu/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch
@@ -0,0 +1,164 @@
+Fix CVE-2017-7867 and CVE-2017-7868:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7867
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7868
+
+Patch copied from upstream source repository:
+
+http://bugs.icu-project.org/trac/changeset/39671
+
+Index: icu/source/common/utext.cpp
+===================================================================
+--- icu/source/common/utext.cpp	(revision 39670)
++++ icu/source/common/utext.cpp	(revision 39671)
+@@ -848,7 +848,13 @@
+ 
+ // Chunk size.
+-//     Must be less than 85, because of byte mapping from UChar indexes to native indexes.
+-//     Worst case is three native bytes to one UChar.  (Supplemenaries are 4 native bytes
+-//     to two UChars.)
++//     Must be less than 42  (256/6), because of byte mapping from UChar indexes to native indexes.
++//     Worst case there are six UTF-8 bytes per UChar.
++//         obsolete 6 byte form fd + 5 trails maps to fffd
++//         obsolete 5 byte form fc + 4 trails maps to fffd
++//         non-shortest 4 byte forms maps to fffd
++//         normal supplementaries map to a pair of utf-16, two utf8 bytes per utf-16 unit
++//     mapToUChars array size must allow for the worst case, 6.
++//     This could be brought down to 4, by treating fd and fc as pure illegal,
++//     rather than obsolete lead bytes. But that is not compatible with the utf-8 access macros.
+ //
+ enum { UTF8_TEXT_CHUNK_SIZE=32 };
+@@ -890,5 +896,5 @@
+                                                      //    one for a supplementary starting in the last normal position,
+                                                      //    and one for an entry for the buffer limit position.
+-    uint8_t   mapToUChars[UTF8_TEXT_CHUNK_SIZE*3+6]; // Map native offset from bufNativeStart to
++    uint8_t   mapToUChars[UTF8_TEXT_CHUNK_SIZE*6+6]; // Map native offset from bufNativeStart to
+                                                      //   correspoding offset in filled part of buf.
+     int32_t   align;
+@@ -1033,4 +1039,5 @@
+             u8b = (UTF8Buf *)ut->p;   // the current buffer
+             mapIndex = ix - u8b->toUCharsMapStart;
++            U_ASSERT(mapIndex < (int32_t)sizeof(UTF8Buf::mapToUChars));
+             ut->chunkOffset = u8b->mapToUChars[mapIndex] - u8b->bufStartIdx;
+             return TRUE;
+@@ -1299,4 +1306,8 @@
+         //   If index is at the end, there is no character there to look at.
+         if (ix != ut->b) {
++            // Note: this function will only move the index back if it is on a trail byte
++            //       and there is a preceding lead byte and the sequence from the lead 
++            //       through this trail could be part of a valid UTF-8 sequence
++            //       Otherwise the index remains unchanged.
+             U8_SET_CP_START(s8, 0, ix);
+         }
+@@ -1312,5 +1323,8 @@
+         uint8_t *mapToNative = u8b->mapToNative;
+         uint8_t *mapToUChars = u8b->mapToUChars;
+-        int32_t  toUCharsMapStart = ix - (UTF8_TEXT_CHUNK_SIZE*3 + 1);
++        int32_t  toUCharsMapStart = ix - sizeof(UTF8Buf::mapToUChars) + 1;
++        // Note that toUCharsMapStart can be negative. Happens when the remaining
++        // text from current position to the beginning is less than the buffer size.
++        // + 1 because mapToUChars must have a slot at the end for the bufNativeLimit entry.
+         int32_t  destIx = UTF8_TEXT_CHUNK_SIZE+2;   // Start in the overflow region
+                                                     //   at end of buffer to leave room
+@@ -1339,4 +1353,5 @@
+                 // Special case ASCII range for speed.
+                 buf[destIx] = (UChar)c;
++                U_ASSERT(toUCharsMapStart <= srcIx);
+                 mapToUChars[srcIx - toUCharsMapStart] = (uint8_t)destIx;
+                 mapToNative[destIx] = (uint8_t)(srcIx - toUCharsMapStart);
+@@ -1368,4 +1383,5 @@
+                     mapToUChars[sIx-- - toUCharsMapStart] = (uint8_t)destIx;
+                 } while (sIx >= srcIx);
++                U_ASSERT(toUCharsMapStart <= (srcIx+1));
+ 
+                 // Set native indexing limit to be the current position.
+@@ -1542,4 +1558,5 @@
+     U_ASSERT(index<=ut->chunkNativeLimit);
+     int32_t mapIndex = index - u8b->toUCharsMapStart;
++    U_ASSERT(mapIndex < (int32_t)sizeof(UTF8Buf::mapToUChars));
+     int32_t offset = u8b->mapToUChars[mapIndex] - u8b->bufStartIdx;
+     U_ASSERT(offset>=0 && offset<=ut->chunkLength);
+Index: icu/source/test/intltest/utxttest.cpp
+===================================================================
+--- icu/source/test/intltest/utxttest.cpp	(revision 39670)
++++ icu/source/test/intltest/utxttest.cpp	(revision 39671)
+@@ -68,4 +68,6 @@
+         case 7: name = "Ticket12130";
+             if (exec) Ticket12130(); break;
++        case 8: name = "Ticket12888";
++            if (exec) Ticket12888(); break;
+         default: name = "";          break;
+     }
+@@ -1584,2 +1586,62 @@
+     utext_close(&ut);
+ }
++
++// Ticket 12888: bad handling of illegal utf-8 containing many instances of the archaic, now illegal,
++//               six byte utf-8 forms. Original implementation had an assumption that
++//               there would be at most three utf-8 bytes per UTF-16 code unit.
++//               The five and six byte sequences map to a single replacement character.
++
++void UTextTest::Ticket12888() {
++    const char *badString = 
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
++            "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80";
++
++    UErrorCode status = U_ZERO_ERROR;
++    LocalUTextPointer ut(utext_openUTF8(NULL, badString, -1, &status));
++    TEST_SUCCESS(status);
++    for (;;) {
++        UChar32 c = utext_next32(ut.getAlias());
++        if (c == U_SENTINEL) {
++            break;
++        }
++    }
++    int32_t endIdx = utext_getNativeIndex(ut.getAlias());
++    if (endIdx != (int32_t)strlen(badString)) {
++        errln("%s:%d expected=%d, actual=%d", __FILE__, __LINE__, strlen(badString), endIdx);
++        return;
++    }
++
++    for (int32_t prevIndex = endIdx; prevIndex>0;) {
++        UChar32 c = utext_previous32(ut.getAlias());
++        int32_t currentIndex = utext_getNativeIndex(ut.getAlias());
++        if (c != 0xfffd) {
++            errln("%s:%d (expected, actual, index) = (%d, %d, %d)\n",
++                    __FILE__, __LINE__, 0xfffd, c, currentIndex);
++            break;
++        }
++        if (currentIndex != prevIndex - 6) {
++            errln("%s:%d: wrong index. Expected, actual = %d, %d",
++                    __FILE__, __LINE__, prevIndex - 6, currentIndex);
++            break;
++        }
++        prevIndex = currentIndex;
++    }
++}
+Index: icu/source/test/intltest/utxttest.h
+===================================================================
+--- icu/source/test/intltest/utxttest.h	(revision 39670)
++++ icu/source/test/intltest/utxttest.h	(revision 39671)
+@@ -39,4 +39,5 @@
+     void Ticket10983();
+     void Ticket12130();
++    void Ticket12888();
+ 
+ private:
diff --git a/gnu/packages/patches/icu4c-reset-keyword-list-iterator.patch b/gnu/packages/patches/icu4c-reset-keyword-list-iterator.patch
new file mode 100644
index 0000000000..17970aa4a8
--- /dev/null
+++ b/gnu/packages/patches/icu4c-reset-keyword-list-iterator.patch
@@ -0,0 +1,130 @@
+Copied from upstream: http://bugs.icu-project.org/trac/changeset/39484/.
+
+Fixes <http://bugs.gnu.org/26462> (crashes).
+
+Paths and line endings have been adapted.
+
+Index: icu/source/common/ulist.c
+===================================================================
+--- icu/source/common/ulist.c	(revision 39483)
++++ icu/source/common/ulist.c	(revision 39484)
+@@ -30,5 +30,4 @@
+     
+     int32_t size;
+-    int32_t currentIndex;
+ };
+ 
+@@ -52,5 +51,4 @@
+     newList->tail = NULL;
+     newList->size = 0;
+-    newList->currentIndex = -1;
+     
+     return newList;
+@@ -81,6 +79,7 @@
+         p->next->previous = p->previous;
+     }
+-    list->curr = NULL;
+-    list->currentIndex = 0;
++    if (p == list->curr) {
++        list->curr = p->next;
++    }
+     --list->size;
+     if (p->forceDelete) {
+@@ -151,5 +150,4 @@
+         list->head->previous = newItem;
+         list->head = newItem;
+-        list->currentIndex++;
+     }
+     
+@@ -194,5 +192,4 @@
+     curr = list->curr;
+     list->curr = curr->next;
+-    list->currentIndex++;
+     
+     return curr->data;
+@@ -210,5 +207,4 @@
+     if (list != NULL) {
+         list->curr = list->head;
+-        list->currentIndex = 0;
+     }
+ }
+@@ -273,3 +269,2 @@
+     return (UList *)(en->context);
+ }
+-
+Index: icu/source/i18n/ucol_res.cpp
+===================================================================
+--- icu/source/i18n/ucol_res.cpp	(revision 39483)
++++ icu/source/i18n/ucol_res.cpp	(revision 39484)
+@@ -681,4 +681,5 @@
+     }
+     memcpy(en, &defaultKeywordValues, sizeof(UEnumeration));
++    ulist_resetList(sink.values);  // Initialize the iterator.
+     en->context = sink.values;
+     sink.values = NULL;  // Avoid deletion in the sink destructor.
+Index: icu/source/test/intltest/apicoll.cpp
+===================================================================
+--- icu/source/test/intltest/apicoll.cpp	(revision 39483)
++++ icu/source/test/intltest/apicoll.cpp	(revision 39484)
+@@ -82,14 +82,7 @@
+     col = Collator::createInstance(Locale::getEnglish(), success);
+     if (U_FAILURE(success)){
+-        errcheckln(success, "Default Collator creation failed. - %s", u_errorName(success));
+-        return;
+-    }
+-
+-    StringEnumeration* kwEnum = col->getKeywordValuesForLocale("", Locale::getEnglish(),true,success);
+-    if (U_FAILURE(success)){
+-        errcheckln(success, "Get Keyword Values for Locale failed. - %s", u_errorName(success));
+-        return;
+-    }
+-    delete kwEnum;
++        errcheckln(success, "English Collator creation failed. - %s", u_errorName(success));
++        return;
++    }
+ 
+     col->getVersion(versionArray);
+@@ -230,4 +223,27 @@
+     delete aFrCol;
+     delete junk;
++}
++
++void CollationAPITest::TestKeywordValues() {
++    IcuTestErrorCode errorCode(*this, "TestKeywordValues");
++    LocalPointer<Collator> col(Collator::createInstance(Locale::getEnglish(), errorCode));
++    if (errorCode.logIfFailureAndReset("English Collator creation failed")) {
++        return;
++    }
++
++    LocalPointer<StringEnumeration> kwEnum(
++        col->getKeywordValuesForLocale("collation", Locale::getEnglish(), TRUE, errorCode));
++    if (errorCode.logIfFailureAndReset("Get Keyword Values for English Collator failed")) {
++        return;
++    }
++    assertTrue("expect at least one collation tailoring for English", kwEnum->count(errorCode) > 0);
++    const char *kw;
++    UBool hasStandard = FALSE;
++    while ((kw = kwEnum->next(NULL, errorCode)) != NULL) {
++        if (strcmp(kw, "standard") == 0) {
++            hasStandard = TRUE;
++        }
++    }
++    assertTrue("expect at least the 'standard' collation tailoring for English", hasStandard);
+ }
+ 
+@@ -2467,4 +2483,5 @@
+     TESTCASE_AUTO_BEGIN;
+     TESTCASE_AUTO(TestProperty);
++    TESTCASE_AUTO(TestKeywordValues);
+     TESTCASE_AUTO(TestOperators);
+     TESTCASE_AUTO(TestDuplicate);
+Index: icu/source/test/intltest/apicoll.h
+===================================================================
+--- icu/source/test/intltest/apicoll.h	(revision 39483)
++++ icu/source/test/intltest/apicoll.h	(revision 39484)
+@@ -36,4 +36,5 @@
+      */
+     void TestProperty(/* char* par */);
++    void TestKeywordValues();
+ 
+     /**
diff --git a/gnu/packages/patches/jasper-CVE-2017-6850.patch b/gnu/packages/patches/jasper-CVE-2017-6850.patch
new file mode 100644
index 0000000000..07672762a1
--- /dev/null
+++ b/gnu/packages/patches/jasper-CVE-2017-6850.patch
@@ -0,0 +1,284 @@
+This patch is from upstream and should be fixed included in the next release
+
+From e96fc4fdd525fa0ede28074a7e2b1caf94b58b0d Mon Sep 17 00:00:00 2001
+From: Michael Adams <mdadams@ece.uvic.ca>
+Date: Sat, 4 Mar 2017 14:43:24 -0800
+Subject: [PATCH] Fixed bugs due to uninitialized data in the JP2 decoder.
+ Also, added some comments marking I/O stream interfaces that probably need to
+ be changed (in the long term) to fix integer overflow problems.
+
+---
+ src/libjasper/base/jas_stream.c | 18 +++++++++++++++++
+ src/libjasper/jp2/jp2_cod.c     | 44 ++++++++++++++++++++++++++++-------------
+ 2 files changed, 48 insertions(+), 14 deletions(-)
+
+diff --git a/src/libjasper/base/jas_stream.c b/src/libjasper/base/jas_stream.c
+index 327ee57..d70408f 100644
+--- a/src/libjasper/base/jas_stream.c
++++ b/src/libjasper/base/jas_stream.c
+@@ -664,6 +664,7 @@ int jas_stream_ungetc(jas_stream_t *stream, int c)
+ 	return 0;
+ }
+ 
++/* FIXME integral type */
+ int jas_stream_read(jas_stream_t *stream, void *buf, int cnt)
+ {
+ 	int n;
+@@ -690,6 +691,7 @@ int jas_stream_read(jas_stream_t *stream, void *buf, int cnt)
+ 	return n;
+ }
+ 
++/* FIXME integral type */
+ int jas_stream_write(jas_stream_t *stream, const void *buf, int cnt)
+ {
+ 	int n;
+@@ -742,6 +744,7 @@ int jas_stream_puts(jas_stream_t *stream, const char *s)
+ 	return 0;
+ }
+ 
++/* FIXME integral type */
+ char *jas_stream_gets(jas_stream_t *stream, char *buf, int bufsize)
+ {
+ 	int c;
+@@ -765,6 +768,7 @@ char *jas_stream_gets(jas_stream_t *stream, char *buf, int bufsize)
+ 	return buf;
+ }
+ 
++/* FIXME integral type */
+ int jas_stream_gobble(jas_stream_t *stream, int n)
+ {
+ 	int m;
+@@ -783,6 +787,7 @@ int jas_stream_gobble(jas_stream_t *stream, int n)
+ 	return n;
+ }
+ 
++/* FIXME integral type */
+ int jas_stream_pad(jas_stream_t *stream, int n, int c)
+ {
+ 	int m;
+@@ -885,6 +890,7 @@ long jas_stream_tell(jas_stream_t *stream)
+ * Buffer initialization code.
+ \******************************************************************************/
+ 
++/* FIXME integral type */
+ static void jas_stream_initbuf(jas_stream_t *stream, int bufmode, char *buf,
+   int bufsize)
+ {
+@@ -1060,6 +1066,7 @@ static int jas_strtoopenmode(const char *s)
+ 	return openmode;
+ }
+ 
++/* FIXME integral type */
+ int jas_stream_copy(jas_stream_t *out, jas_stream_t *in, int n)
+ {
+ 	int all;
+@@ -1085,6 +1092,7 @@ int jas_stream_copy(jas_stream_t *out, jas_stream_t *in, int n)
+ 	return 0;
+ }
+ 
++/* FIXME integral type */
+ long jas_stream_setrwcount(jas_stream_t *stream, long rwcnt)
+ {
+ 	int old;
+@@ -1094,6 +1102,7 @@ long jas_stream_setrwcount(jas_stream_t *stream, long rwcnt)
+ 	return old;
+ }
+ 
++/* FIXME integral type */
+ int jas_stream_display(jas_stream_t *stream, FILE *fp, int n)
+ {
+ 	unsigned char buf[16];
+@@ -1168,6 +1177,7 @@ long jas_stream_length(jas_stream_t *stream)
+ * Memory stream object.
+ \******************************************************************************/
+ 
++/* FIXME integral type */
+ static int mem_read(jas_stream_obj_t *obj, char *buf, int cnt)
+ {
+ 	ssize_t n;
+@@ -1209,6 +1219,7 @@ static int mem_resize(jas_stream_memobj_t *m, size_t bufsize)
+ 	return 0;
+ }
+ 
++/* FIXME integral type */
+ static int mem_write(jas_stream_obj_t *obj, char *buf, int cnt)
+ {
+ 	size_t n;
+@@ -1264,6 +1275,7 @@ static int mem_write(jas_stream_obj_t *obj, char *buf, int cnt)
+ 	return ret;
+ }
+ 
++/* FIXME integral type */
+ static long mem_seek(jas_stream_obj_t *obj, long offset, int origin)
+ {
+ 	jas_stream_memobj_t *m = (jas_stream_memobj_t *)obj;
+@@ -1310,6 +1322,7 @@ static int mem_close(jas_stream_obj_t *obj)
+ * File stream object.
+ \******************************************************************************/
+ 
++/* FIXME integral type */
+ static int file_read(jas_stream_obj_t *obj, char *buf, int cnt)
+ {
+ 	jas_stream_fileobj_t *fileobj;
+@@ -1318,6 +1331,7 @@ static int file_read(jas_stream_obj_t *obj, char *buf, int cnt)
+ 	return read(fileobj->fd, buf, cnt);
+ }
+ 
++/* FIXME integral type */
+ static int file_write(jas_stream_obj_t *obj, char *buf, int cnt)
+ {
+ 	jas_stream_fileobj_t *fileobj;
+@@ -1326,6 +1340,7 @@ static int file_write(jas_stream_obj_t *obj, char *buf, int cnt)
+ 	return write(fileobj->fd, buf, cnt);
+ }
+ 
++/* FIXME integral type */
+ static long file_seek(jas_stream_obj_t *obj, long offset, int origin)
+ {
+ 	jas_stream_fileobj_t *fileobj;
+@@ -1352,6 +1367,7 @@ static int file_close(jas_stream_obj_t *obj)
+ * Stdio file stream object.
+ \******************************************************************************/
+ 
++/* FIXME integral type */
+ static int sfile_read(jas_stream_obj_t *obj, char *buf, int cnt)
+ {
+ 	FILE *fp;
+@@ -1367,6 +1383,7 @@ static int sfile_read(jas_stream_obj_t *obj, char *buf, int cnt)
+ 	return result;
+ }
+ 
++/* FIXME integral type */
+ static int sfile_write(jas_stream_obj_t *obj, char *buf, int cnt)
+ {
+ 	FILE *fp;
+@@ -1377,6 +1394,7 @@ static int sfile_write(jas_stream_obj_t *obj, char *buf, int cnt)
+ 	return (n != JAS_CAST(size_t, cnt)) ? (-1) : cnt;
+ }
+ 
++/* FIXME integral type */
+ static long sfile_seek(jas_stream_obj_t *obj, long offset, int origin)
+ {
+ 	FILE *fp;
+diff --git a/src/libjasper/jp2/jp2_cod.c b/src/libjasper/jp2/jp2_cod.c
+index 7f3608a..8d98a2c 100644
+--- a/src/libjasper/jp2/jp2_cod.c
++++ b/src/libjasper/jp2/jp2_cod.c
+@@ -183,15 +183,28 @@ jp2_boxinfo_t jp2_boxinfo_unk = {
+ * Box constructor.
+ \******************************************************************************/
+ 
+-jp2_box_t *jp2_box_create(int type)
++jp2_box_t *jp2_box_create0()
+ {
+ 	jp2_box_t *box;
+-	jp2_boxinfo_t *boxinfo;
+-
+ 	if (!(box = jas_malloc(sizeof(jp2_box_t)))) {
+ 		return 0;
+ 	}
+ 	memset(box, 0, sizeof(jp2_box_t));
++	box->type = 0;
++	box->len = 0;
++	// Mark the box data as never having been constructed
++	// so that we will not errantly attempt to destroy it later.
++	box->ops = &jp2_boxinfo_unk.ops;
++	return box;
++}
++
++jp2_box_t *jp2_box_create(int type)
++{
++	jp2_box_t *box;
++	jp2_boxinfo_t *boxinfo;
++	if (!(box = jp2_box_create0())) {
++		return 0;
++	}
+ 	box->type = type;
+ 	box->len = 0;
+ 	if (!(boxinfo = jp2_boxinfolookup(type))) {
+@@ -248,14 +261,9 @@ jp2_box_t *jp2_box_get(jas_stream_t *in)
+ 	box = 0;
+ 	tmpstream = 0;
+ 
+-	if (!(box = jas_malloc(sizeof(jp2_box_t)))) {
++	if (!(box = jp2_box_create0())) {
+ 		goto error;
+ 	}
+-
+-	// Mark the box data as never having been constructed
+-	// so that we will not errantly attempt to destroy it later.
+-	box->ops = &jp2_boxinfo_unk.ops;
+-
+ 	if (jp2_getuint32(in, &len) || jp2_getuint32(in, &box->type)) {
+ 		goto error;
+ 	}
+@@ -263,10 +271,12 @@ jp2_box_t *jp2_box_get(jas_stream_t *in)
+ 	box->info = boxinfo;
+ 	box->len = len;
+ 	JAS_DBGLOG(10, (
+-	  "preliminary processing of JP2 box: type=%c%s%c (0x%08x); length=%d\n",
++	  "preliminary processing of JP2 box: "
++	  "type=%c%s%c (0x%08x); length=%"PRIuFAST32"\n",
+ 	  '"', boxinfo->name, '"', box->type, box->len
+ 	  ));
+ 	if (box->len == 1) {
++		JAS_DBGLOG(10, ("big length\n"));
+ 		if (jp2_getuint64(in, &extlen)) {
+ 			goto error;
+ 		}
+@@ -382,6 +392,7 @@ static int jp2_bpcc_getdata(jp2_box_t *box, jas_stream_t *in)
+ {
+ 	jp2_bpcc_t *bpcc = &box->data.bpcc;
+ 	unsigned int i;
++	bpcc->bpcs = 0;
+ 	bpcc->numcmpts = box->datalen;
+ 	if (!(bpcc->bpcs = jas_alloc2(bpcc->numcmpts, sizeof(uint_fast8_t)))) {
+ 		return -1;
+@@ -462,6 +473,7 @@ static int jp2_cdef_getdata(jp2_box_t *box, jas_stream_t *in)
+ 	jp2_cdef_t *cdef = &box->data.cdef;
+ 	jp2_cdefchan_t *chan;
+ 	unsigned int channo;
++	cdef->ents = 0;
+ 	if (jp2_getuint16(in, &cdef->numchans)) {
+ 		return -1;
+ 	}
+@@ -518,7 +530,9 @@ int jp2_box_put(jp2_box_t *box, jas_stream_t *out)
+ 	}
+ 
+ 	if (dataflag) {
+-		if (jas_stream_copy(out, tmpstream, box->len - JP2_BOX_HDRLEN(false))) {
++		if (jas_stream_copy(out, tmpstream, box->len -
++		  JP2_BOX_HDRLEN(false))) {
++			jas_eprintf("cannot copy box data\n");
+ 			goto error;
+ 		}
+ 		jas_stream_close(tmpstream);
+@@ -777,6 +791,7 @@ static int jp2_cmap_getdata(jp2_box_t *box, jas_stream_t *in)
+ 	jp2_cmap_t *cmap = &box->data.cmap;
+ 	jp2_cmapent_t *ent;
+ 	unsigned int i;
++	cmap->ents = 0;
+ 
+ 	cmap->numchans = (box->datalen) / 4;
+ 	if (!(cmap->ents = jas_alloc2(cmap->numchans, sizeof(jp2_cmapent_t)))) {
+@@ -835,6 +850,7 @@ static int jp2_pclr_getdata(jp2_box_t *box, jas_stream_t *in)
+ 	int_fast32_t x;
+ 
+ 	pclr->lutdata = 0;
++	pclr->bpc = 0;
+ 
+ 	if (jp2_getuint16(in, &pclr->numlutents) ||
+ 	  jp2_getuint8(in, &pclr->numchans)) {
+@@ -869,9 +885,9 @@ static int jp2_pclr_putdata(jp2_box_t *box, jas_stream_t *out)
+ #if 0
+ 	jp2_pclr_t *pclr = &box->data.pclr;
+ #endif
+-/* Eliminate warning about unused variable. */
+-box = 0;
+-out = 0;
++	/* Eliminate warning about unused variable. */
++	box = 0;
++	out = 0;
+ 	return -1;
+ }
+ 
diff --git a/gnu/packages/patches/jbig2dec-CVE-2017-7885.patch b/gnu/packages/patches/jbig2dec-CVE-2017-7885.patch
new file mode 100644
index 0000000000..a598392765
--- /dev/null
+++ b/gnu/packages/patches/jbig2dec-CVE-2017-7885.patch
@@ -0,0 +1,38 @@
+Fix CVE-2017-7885:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7885
+https://bugs.ghostscript.com/show_bug.cgi?id=697703
+
+Patch copied from upstream source repository:
+
+https://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=258290340bb657c9efb44457f717b0d8b49f4aa3
+
+From 258290340bb657c9efb44457f717b0d8b49f4aa3 Mon Sep 17 00:00:00 2001
+From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
+Date: Wed, 3 May 2017 22:06:01 +0100
+Subject: [PATCH] Bug 697703: Prevent integer overflow vulnerability.
+
+Add extra check for the offset being greater than the size
+of the image and hence reading off the end of the buffer.
+
+Thank you to Dai Ge for finding this issue and suggesting a patch.
+---
+ jbig2_symbol_dict.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c
+index 4acaba9..36225cb 100644
+--- a/jbig2_symbol_dict.c
++++ b/jbig2_symbol_dict.c
+@@ -629,7 +629,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
+                 byte *dst = image->data;
+ 
+                 /* SumatraPDF: prevent read access violation */
+-                if (size - jbig2_huffman_offset(hs) < image->height * stride) {
++                if ((size - jbig2_huffman_offset(hs) < image->height * stride) || (size < jbig2_huffman_offset(hs))) {
+                     jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "not enough data for decoding (%d/%d)", image->height * stride,
+                                 size - jbig2_huffman_offset(hs));
+                     jbig2_image_release(ctx, image);
+-- 
+2.13.0
+
diff --git a/gnu/packages/patches/jbig2dec-CVE-2017-7975.patch b/gnu/packages/patches/jbig2dec-CVE-2017-7975.patch
new file mode 100644
index 0000000000..c83fe9d9f2
--- /dev/null
+++ b/gnu/packages/patches/jbig2dec-CVE-2017-7975.patch
@@ -0,0 +1,40 @@
+Fix CVE-2017-7975:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7975
+https://bugs.ghostscript.com/show_bug.cgi?id=697693
+
+Patch copied from upstream source repository:
+
+https://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=f8992b8fe65c170c8624226f127c5c4bfed42c66
+
+From f8992b8fe65c170c8624226f127c5c4bfed42c66 Mon Sep 17 00:00:00 2001
+From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
+Date: Wed, 26 Apr 2017 22:12:14 +0100
+Subject: [PATCH] Bug 697693: Prevent SEGV due to integer overflow.
+
+While building a Huffman table, the start and end points were susceptible
+to integer overflow.
+
+Thank you to Jiaqi for finding this issue and suggesting a patch.
+---
+ jbig2_huffman.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/jbig2_huffman.c b/jbig2_huffman.c
+index 511e461..b4189a1 100644
+--- a/jbig2_huffman.c
++++ b/jbig2_huffman.c
+@@ -421,8 +421,8 @@ jbig2_build_huffman_table(Jbig2Ctx *ctx, const Jbig2HuffmanParams *params)
+ 
+             if (PREFLEN == CURLEN) {
+                 int RANGELEN = lines[CURTEMP].RANGELEN;
+-                int start_j = CURCODE << shift;
+-                int end_j = (CURCODE + 1) << shift;
++                uint32_t start_j = CURCODE << shift;
++                uint32_t end_j = (CURCODE + 1) << shift;
+                 byte eflags = 0;
+ 
+                 if (end_j > max_j) {
+-- 
+2.13.0
+
diff --git a/gnu/packages/patches/jbig2dec-CVE-2017-7976.patch b/gnu/packages/patches/jbig2dec-CVE-2017-7976.patch
new file mode 100644
index 0000000000..2fe02358b8
--- /dev/null
+++ b/gnu/packages/patches/jbig2dec-CVE-2017-7976.patch
@@ -0,0 +1,122 @@
+Fix CVE-2017-7976:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7976
+https://bugs.ghostscript.com/show_bug.cgi?id=697683
+
+In order to make the bug-fix patch apply, we also include an earlier commit
+that it depends on.
+
+Patches copied from upstream source repository:
+
+Earlier commit, creating context for the CVE fix:
+https://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=9d2c4f3bdb0bd003deae788e7187c0f86e624544
+
+CVE-2017-7976 bug fix:
+https://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=cfa054925de49675ac5445515ebf036fa9379ac6
+
+From 9d2c4f3bdb0bd003deae788e7187c0f86e624544 Mon Sep 17 00:00:00 2001
+From: Tor Andersson <tor.andersson@artifex.com>
+Date: Wed, 14 Dec 2016 15:56:31 +0100
+Subject: [PATCH] Fix warnings: remove unsigned < 0 tests that are always
+ false.
+
+---
+ jbig2_image.c       | 2 +-
+ jbig2_mmr.c         | 2 +-
+ jbig2_symbol_dict.c | 9 ++-------
+ 3 files changed, 4 insertions(+), 9 deletions(-)
+
+diff --git a/jbig2_image.c b/jbig2_image.c
+index 94e5a4c..00f966b 100644
+--- a/jbig2_image.c
++++ b/jbig2_image.c
+@@ -256,7 +256,7 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
+     /* general OR case */
+     s = ss;
+     d = dd = dst->data + y * dst->stride + leftbyte;
+-    if (d < dst->data || leftbyte > dst->stride || h * dst->stride < 0 || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) {
++    if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) {
+         return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "preventing heap overflow in jbig2_image_compose");
+     }
+     if (leftbyte == rightbyte) {
+diff --git a/jbig2_mmr.c b/jbig2_mmr.c
+index 390e27c..da54934 100644
+--- a/jbig2_mmr.c
++++ b/jbig2_mmr.c
+@@ -977,7 +977,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
+             if (b1 < 2)
+                 break;
+             if (c) {
+-                if (b1 - 2 < a0 || a0 < 0)
++                if (a0 == MINUS1 || b1 - 2 < a0)
+                     return -1;
+                 jbig2_set_bits(dst, a0, b1 - 2);
+             }
+diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c
+index 11a2252..4acaba9 100644
+--- a/jbig2_symbol_dict.c
++++ b/jbig2_symbol_dict.c
+@@ -92,11 +92,6 @@ jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols)
+ {
+     Jbig2SymbolDict *new_dict = NULL;
+ 
+-    if (n_symbols < 0) {
+-        jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "Negative number of symbols in symbol dict: %d", n_symbols);
+-        return NULL;
+-    }
+-
+     new_dict = jbig2_new(ctx, Jbig2SymbolDict, 1);
+     if (new_dict != NULL) {
+         new_dict->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols);
+@@ -613,7 +608,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
+             uint32_t j;
+             int x;
+ 
+-            if (code || (BMSIZE < 0)) {
++            if (code) {
+                 jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "error decoding size of collective bitmap!");
+                 goto cleanup4;
+             }
+@@ -716,7 +711,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
+                 code = jbig2_arith_int_decode(IAEX, as, (int32_t *)&exrunlength);
+             /* prevent infinite loop */
+             zerolength = exrunlength > 0 ? 0 : zerolength + 1;
+-            if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength + j > params->SDNUMEXSYMS))) {
++            if (code || (exrunlength > limit - i) || (zerolength > 4) || (exflag && (exrunlength + j > params->SDNUMEXSYMS))) {
+                 if (code)
+                     jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to decode exrunlength for exported symbols");
+                 else if (exrunlength <= 0)
+-- 
+2.13.0
+
+From cfa054925de49675ac5445515ebf036fa9379ac6 Mon Sep 17 00:00:00 2001
+From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
+Date: Wed, 10 May 2017 17:50:39 +0100
+Subject: [PATCH] Bug 697683: Bounds check before reading from image source
+ data.
+
+Add extra check to prevent reading off the end of the image source
+data buffer.
+
+Thank you to Dai Ge for finding this issue and suggesting a patch.
+---
+ jbig2_image.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/jbig2_image.c b/jbig2_image.c
+index 661d0a5..ae161b9 100644
+--- a/jbig2_image.c
++++ b/jbig2_image.c
+@@ -263,7 +263,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
+     /* general OR case */
+     s = ss;
+     d = dd = dst->data + y * dst->stride + leftbyte;
+-    if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) {
++    if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride ||
++        s - leftbyte + (h - 1) * src->stride + rightbyte > src->data + src->height * src->stride) {
+         return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "preventing heap overflow in jbig2_image_compose");
+     }
+     if (leftbyte == rightbyte) {
+-- 
+2.13.0
+
diff --git a/gnu/packages/patches/kiki-level-selection-crash.patch b/gnu/packages/patches/kiki-level-selection-crash.patch
new file mode 100644
index 0000000000..8cc6478509
--- /dev/null
+++ b/gnu/packages/patches/kiki-level-selection-crash.patch
@@ -0,0 +1,19 @@
+Downloaded from https://anonscm.debian.org/viewvc/pkg-games/packages/trunk/kiki-the-nano-bot/debian/patches/level-selection-with-no-levels-solved.patch?revision=8291&view=co
+
+Kiki crashes if the user tries to use the level selection menu before
+finishing any level.
+
+Peter De Wachter (pdewacht@gmail.com)
+placed in the public domain
+
+--- a/py/levelselection.py
++++ b/py/levelselection.py
+@@ -25,6 +25,8 @@
+     # ............................................................................................................    

+     

+     last_level = highscore.getLastAvailableLevel()

++    if last_level < 0:

++        last_level = 0

+     current_level = (level_index >= 0) and level_index or last_level 

+         

+     world.max_level_index = last_level

diff --git a/gnu/packages/patches/kiki-makefile.patch b/gnu/packages/patches/kiki-makefile.patch
new file mode 100644
index 0000000000..7329301f2c
--- /dev/null
+++ b/gnu/packages/patches/kiki-makefile.patch
@@ -0,0 +1,57 @@
+Downloaded from https://anonscm.debian.org/viewvc/pkg-games/packages/trunk/kiki-the-nano-bot/debian/patches/Makefile.patch?revision=15681&view=co
+
+Makefile fixes:
+ - Make CXXFLAGS, CPPFLAGS, LDFLAGS available for user-specified flags.
+ - run SWIG before compiling
+
+Peter De Wachter (pdewacht@gmail.com)
+placed in the public domain
+
+--- a/kodilib/linux/Makefile
++++ b/kodilib/linux/Makefile
+@@ -21,7 +21,7 @@
+ 

+ INCLUDES = $(KODI_INCLUDES) $(X11_INCLUDES) $(SDL_INCLUDES)

+ 

+-CXXFLAGS = $(INCLUDES) $(SDL_CFLAGS)

++CXXOPTS = -Wall $(INCLUDES) $(SDL_CFLAGS) $(CPPFLAGS) $(CXXFLAGS)

+ 

+ src =  \

+ 	$(KODISRCDIR)/handler/KEventHandler.cpp \

+@@ -95,4 +95,4 @@
+ 	$(RM) -f $(obj) libkodi.a

+ 

+ %.o:    %.cpp

+-	$(CXX) -c $(CXXFLAGS) -o $@ $<

++	$(CXX) -c $(CXXOPTS) -o $@ $<

+--- a/linux/Makefile
++++ b/linux/Makefile
+@@ -46,7 +46,7 @@
+ 

+ INCLUDES = $(KIKI_INCLUDES) $(X11_INCLUDES) $(PYTHON_INCLUDES)

+ 

+-CXXFLAGS = $(INCLUDES) $(SDLCFLAGS)

++CXXOPTS = -Wall $(INCLUDES) $(SDLCFLAGS) $(CPPFLAGS) $(CXXFLAGS)

+ 

+ src =  \

+ 	$(KIKISRC)/base/KikiAction.cpp \

+@@ -105,8 +105,10 @@
+ obj = $(src:.cpp=.o)

+ 

+ kiki: $(KIKISRC)/../SWIG/KikiPy_wrap.cpp $(obj)

+-	-(cd ../SWIG; swig -c++ -python -globals kiki -o KikiPy_wrap.cpp KikiPy.i; cp kiki.py ../py)

+-	$(CXX) $(obj) $(KODILIB) -o kiki $(GLLIBS) $(SDLLIBS) $(PYTHONLIBS)

++	$(CXX) $(LDFLAGS) $(obj) $(KODILIB) -o kiki $(GLLIBS) $(SDLLIBS) $(PYTHONLIBS)

++

++$(KIKISRC)/../SWIG/KikiPy_wrap.cpp: $(wildcard ../SWIG/*.i)

++	(cd ../SWIG && swig -c++ -python -globals kiki -DSWIG_PYTHON_LEGACY_BOOL -o KikiPy_wrap.cpp KikiPy.i && cp kiki.py ../py)

+ 

+ obj-clean:

+ 	$(RM) -f $(obj)

+@@ -115,5 +117,5 @@
+ 	$(RM) -f $(obj) kiki

+ 

+ %.o:    %.cpp

+-	$(CXX) -c $(CXXFLAGS) -o $@ $<

++	$(CXX) -c $(CXXOPTS) -o $@ $<

+ 

diff --git a/gnu/packages/patches/kiki-missing-includes.patch b/gnu/packages/patches/kiki-missing-includes.patch
new file mode 100644
index 0000000000..e5ee74f3ee
--- /dev/null
+++ b/gnu/packages/patches/kiki-missing-includes.patch
@@ -0,0 +1,55 @@
+Downloaded from https://anonscm.debian.org/viewvc/pkg-games/packages/trunk/kiki-the-nano-bot/debian/patches/missing-includes.patch?revision=7984&view=co
+
+Status: in upstream CVS
+
+--- a/kodilib/src/handler/KPickable.h
++++ b/kodilib/src/handler/KPickable.h
+@@ -8,6 +8,7 @@
+ 

+ #include "KIntrospection.h"

+ #include <vector>

++#include <limits.h>

+ 

+ #define DEBUG_PICKING		false

+ 

+--- a/kodilib/src/tools/KIntrospection.h
++++ b/kodilib/src/tools/KIntrospection.h
+@@ -11,6 +11,7 @@
+ #endif

+ 

+ #include <string>

++#include <string.h>

+ 

+ // --------------------------------------------------------------------------------------------------------

+ class KClassInfo

+--- a/kodilib/src/tools/KStringTools.cpp
++++ b/kodilib/src/tools/KStringTools.cpp
+@@ -6,7 +6,7 @@
+ #include "KStringTools.h"

+ #include "KVector.h"

+ 

+-#include <sys/types.h> 	// INT_MAX

++#include <limits.h> // INT_MAX

+ #include <stdio.h>

+ 

+ // --------------------------------------------------------------------------------------------------------

+--- a/kodilib/src/tools/KStringTools.h
++++ b/kodilib/src/tools/KStringTools.h
+@@ -9,6 +9,7 @@
+ #include <string>

+ #include <vector>

+ #include <stdarg.h>

++#include <string.h>

+ 

+ // --------------------------------------------------------------------------------------------------------

+ 

+--- a/kodilib/src/tools/KXMLTools.cpp
++++ b/kodilib/src/tools/KXMLTools.cpp
+@@ -7,6 +7,7 @@
+ #include "KConsole.h"

+ #include "KSeparatedMatrix.h"

+ #include <stdio.h>

++#include <stdlib.h>

+ 

+ // --------------------------------------------------------------------------------------------------------

+ std::string kXMLTag ( const std::string & name, const std::string & attributes, int depth )

diff --git a/gnu/packages/patches/kiki-portability-64bit.patch b/gnu/packages/patches/kiki-portability-64bit.patch
new file mode 100644
index 0000000000..456c008915
--- /dev/null
+++ b/gnu/packages/patches/kiki-portability-64bit.patch
@@ -0,0 +1,328 @@
+This patch was downloaded from Debian:
+https://anonscm.debian.org/viewvc/pkg-games/packages/trunk/kiki-the-nano-bot/debian/patches/portability-64bit.patch?revision=7984&view=co
+
+Make 64-bit clean (string positions don't fit in an int on 64-bit machines)
+
+Peter De Wachter (pdewacht@gmail.com)
+placed in the public domain
+
+Status: in upstream CVS
+
+--- a/kodilib/src/tools/KFileTools.cpp
++++ b/kodilib/src/tools/KFileTools.cpp
+@@ -214,8 +214,8 @@
+ // --------------------------------------------------------------------------------------------------------

+ string kFileSuffix ( const string & path )

+ {

+-    unsigned int lastDotPos = path.rfind(".");

+-    unsigned int lastSlashPos = path.rfind(kPathSep);

++    std::string::size_type lastDotPos = path.rfind(".");

++    std::string::size_type lastSlashPos = path.rfind(kPathSep);

+ 

+     if (lastDotPos < path.size() - 1 && (lastDotPos > lastSlashPos || lastSlashPos == string::npos))

+     {

+@@ -228,7 +228,7 @@
+ string kFileDirName ( const string & path )

+ {

+ 	string native = kFileNativePath(path);

+-    unsigned int lastSlashPos = native.rfind(kPathSep);

++    std::string::size_type lastSlashPos = native.rfind(kPathSep);

+     if (lastSlashPos < native.size())

+     {

+         return native.substr(0, lastSlashPos+1);

+@@ -241,7 +241,7 @@
+ {

+ 	string native = kFileNativePath(path);

+     string baseName = native;

+-    unsigned int lastSlashPos = native.rfind(kPathSep);

++    std::string::size_type lastSlashPos = native.rfind(kPathSep);

+     if (lastSlashPos < native.size() - 1) 

+     {

+         baseName = native.substr(lastSlashPos+1);

+--- a/kodilib/src/tools/KKeyTools.cpp
++++ b/kodilib/src/tools/KKeyTools.cpp
+@@ -170,7 +170,7 @@
+ // --------------------------------------------------------------------------------------------------------

+ int kKeyGetDisplayWidthForKey ( const std::string & keyName )

+ {

+-    unsigned int keyPos = keyName.find('_', 0);

++    std::string::size_type keyPos = keyName.find('_', 0);

+     if (keyPos == std::string::npos) 

+     {

+         return kKeyGetDisplayWidthForPureKey(keyName) + KDL_MOD_KEY_SPACING;

+@@ -313,7 +313,7 @@
+ int kKeyDisplayKey ( const std::string & keyName, const KPosition & pos )

+ {

+     KPosition start = pos;

+-    unsigned int keyPos = keyName.find('_', 0);

++    std::string::size_type keyPos = keyName.find('_', 0);

+     if (keyPos == std::string::npos) 

+     {

+         return start.x + kKeyDisplayPureKey(keyName, start) + KDL_MOD_KEY_SPACING;

+@@ -380,7 +380,7 @@
+ // --------------------------------------------------------------------------------------------------------

+ SDL_keysym kKeyGetKeysymForKeyName ( const std::string & keyName )

+ {

+-    unsigned int pos = keyName.find('_');

++    std::string::size_type pos = keyName.find('_');

+     

+     std::string modString;

+     std::string symString = keyName;

+--- a/kodilib/src/tools/KStringTools.cpp
++++ b/kodilib/src/tools/KStringTools.cpp
+@@ -13,7 +13,7 @@
+ void kStringInsertStringBehindTags ( std::string & str, const std::string & insertString, 

+                                      const std::string & tag )

+ {

+-    unsigned int oldPos = 0;

++    std::string::size_type oldPos = 0;

+     while ((oldPos = str.find(tag, oldPos)) != std::string::npos)

+     {

+         oldPos += tag.size();

+@@ -34,8 +34,8 @@
+ {

+     std::vector<std::string> components;

+     

+-    unsigned int dividerLength = divider.size();

+-    unsigned int oldpos = 0, pos;

++    std::string::size_type dividerLength = divider.size();

++    std::string::size_type oldpos = 0, pos;

+     

+     while ((pos = str.find(divider, oldpos)) != std::string::npos)

+     {

+@@ -50,7 +50,7 @@
+ // --------------------------------------------------------------------------------------------------------

+ void kStringReplace ( std::string & str, const std::string & toReplace, const std::string & replacement )

+ {

+-    unsigned int pos = 0, chars = toReplace.size();

++    std::string::size_type pos = 0, chars = toReplace.size();

+     while ((pos = str.find(toReplace, pos)) != std::string::npos)

+     {

+         str.replace(pos, chars, replacement);

+@@ -60,11 +60,11 @@
+ // --------------------------------------------------------------------------------------------------------

+ void kStringReplaceTabs ( std::string & str, unsigned int tabWidth )

+ {

+-    unsigned int tabPos;

++    std::string::size_type tabPos;

+     while ((tabPos = str.find('\t')) != std::string::npos)

+     {

+-        unsigned int lastNewlinePos = str.rfind('\n', tabPos-1);

+-        unsigned int relPos = (lastNewlinePos == std::string::npos) ? tabPos : tabPos - lastNewlinePos; 

++        std::string::size_type lastNewlinePos = str.rfind('\n', tabPos-1);

++        std::string::size_type relPos = (lastNewlinePos == std::string::npos) ? tabPos : tabPos - lastNewlinePos; 

+         str.replace(tabPos, 1, std::string(tabWidth-(relPos % tabWidth), ' '));

+     }

+ }

+@@ -114,7 +114,7 @@
+ // --------------------------------------------------------------------------------------------------------

+ unsigned int kStringNthCharPos ( const std::string & str, unsigned int n, char c )

+ {

+-    unsigned int loc = n, oloc = 0;

++    std::string::size_type loc = n, oloc = 0;

+     while (n > 0 && (loc = str.find(c, oloc)) != std::string::npos)

+     { 

+         n--; 

+@@ -138,7 +138,7 @@
+ // --------------------------------------------------------------------------------------------------------

+ void kStringCropCols ( std::string & str, unsigned int columns )

+ {        

+-    unsigned int oloc = 0, nloc = 0;

++    std::string::size_type oloc = 0, nloc = 0;

+     while ((nloc = str.find('\n', oloc)) != std::string::npos)

+     {

+         if ((nloc - oloc) > columns)

+@@ -160,10 +160,10 @@
+ unsigned int kStringCols ( const std::string & str )

+ {

+     if (str.size() == 0) return 0;

+-    int oloc = 0, nloc;

++    long oloc = 0, nloc;

+     std::string substring;

+     int maxlength = 0, length;

+-    while ((nloc = str.find('\n', oloc)) != (int)std::string::npos) 

++    while ((nloc = str.find('\n', oloc)) != (long)std::string::npos) 

+     {

+         substring = str.substr(oloc, nloc - oloc);

+         length = substring.size();

+@@ -181,7 +181,7 @@
+ unsigned int kStringRows ( const std::string & str )

+ {

+     if (str.size() == 0) return 1;

+-    unsigned int loc = 0, lines = 0;

++    std::string::size_type loc = 0, lines = 0;

+     while ((loc = str.find('\n', loc)) != std::string::npos) { lines++; loc++; }

+     if (str[str.size()-1] == '\n') return lines;

+     return lines+1;

+@@ -204,8 +204,8 @@
+ {

+     static char str[256];

+     std::string format(fmt), subformat, text;

+-    unsigned int oloc = 0;

+-    unsigned int nloc = 0;

++    std::string::size_type oloc = 0;

++    std::string::size_type nloc = 0;

+     

+     kStringReplaceTabs(format);

+     

+@@ -260,7 +260,7 @@
+ // --------------------------------------------------------------------------------------------------------

+ bool kStringHasSuffix ( const std::string & str, const std::string & suffix )

+ {

+-    unsigned int result = str.rfind(suffix);

++    std::string::size_type result = str.rfind(suffix);

+     if (result == std::string::npos) return false;

+     return (result == str.size()-suffix.size());

+ }

+--- a/kodilib/src/tools/KXMLTools.cpp
++++ b/kodilib/src/tools/KXMLTools.cpp
+@@ -58,11 +58,11 @@
+ std::string kXMLParseToTagsInVector ( std::string & xml, const std::vector<std::string> & tags )

+ {

+     std::string open("<");

+-    unsigned int minLoc = std::string::npos; 

++    std::string::size_type minLoc = std::string::npos; 

+     std::vector<std::string>::const_iterator iter = tags.begin();

+     while (iter != tags.end())

+     {

+-        unsigned int loc = xml.find(open+(*iter));

++        std::string::size_type loc = xml.find(open+(*iter));

+         if (loc < minLoc) minLoc = loc;

+         iter++;

+     }

+@@ -77,7 +77,7 @@
+     std::string value;

+     std::string nameStr(name);

+     nameStr += "='";

+-    unsigned int loc = xml.find(nameStr);

++    std::string::size_type loc = xml.find(nameStr);

+     if (loc != std::string::npos)

+     {	

+         loc += nameStr.size();

+@@ -90,7 +90,7 @@
+ // --------------------------------------------------------------------------------------------------------

+ bool kXMLParseNamedCloseTag ( std::string & xml, const std::string & name, bool printError )

+ {

+-    unsigned int loc = xml.find('<');

++    std::string::size_type loc = xml.find('<');

+     if (loc == std::string::npos) 

+     {

+         if (printError) KConsole::printError(kStringPrintf("invalid XML:\nmissing close tag '%s'", 

+@@ -117,7 +117,7 @@
+ // --------------------------------------------------------------------------------------------------------

+ bool kXMLReadNamedOpenTag ( const std::string & xml, const std::string & name, std::string * attributes )

+ {

+-    unsigned int loc = xml.find('<'), endloc;

++    std::string::size_type loc = xml.find('<'), endloc;

+     

+     if (loc == std::string::npos || xml[loc+1] == '/') return false;

+     

+@@ -140,7 +140,7 @@
+ // --------------------------------------------------------------------------------------------------------

+ std::string kXMLParseNamedOpenTag ( std::string & xml, const std::string & name, std::string * attributes, bool printError )

+ {

+-    unsigned int loc = xml.find('<');

++    std::string::size_type loc = xml.find('<');

+     if (loc == std::string::npos || xml[loc+1] == '/') 

+     {

+         if (printError) KConsole::printError(kStringPrintf("invalid XML:\nmissing tag '%s'", name.c_str()));

+@@ -191,7 +191,7 @@
+ // --------------------------------------------------------------------------------------------------------

+ bool kXMLParseOpenTag ( std::string & xml, std::string & name, std::string * attributes, bool printError )

+ {

+-    unsigned int loc = xml.find('<');

++    std::string::size_type loc = xml.find('<');

+     if (loc == std::string::npos || xml[loc+1] == '/') 

+     {

+         if (printError) KConsole::printError("invalid XML:\nmissing open tag");

+@@ -295,7 +295,7 @@
+ // --------------------------------------------------------------------------------------------------------

+ bool kXMLParseValue( std::string & xml, const std::string & name, int type, void * value, bool printError )

+ {

+-    unsigned int loc = xml.find('<');

++    std::string::size_type loc = xml.find('<');

+     if (loc == std::string::npos || xml[loc+1] == '/')     

+     {

+         if (printError) KConsole::printError(kStringPrintf("invalid XML:\nmissing value '%s'", name.c_str()));

+@@ -379,8 +379,8 @@
+         }

+         else if (typeString == "string")

+         {

+-            unsigned int first = substring.find("\"")+1;

+-            unsigned int last  = substring.rfind("\"", std::string::npos);

++            std::string::size_type first = substring.find("\"")+1;

++            std::string::size_type last  = substring.rfind("\"", std::string::npos);

+             *((std::string*)value) = substring.substr(first, last-first);

+         }

+         

+--- a/kodilib/src/types/KKey.cpp
++++ b/kodilib/src/types/KKey.cpp
+@@ -31,7 +31,7 @@
+ // --------------------------------------------------------------------------------------------------------

+ std::string KKey::getUnmodifiedName () const

+ {

+-    unsigned int keyPos = name.find('_', 0);

++    std::string::size_type keyPos = name.find('_', 0);

+     if (keyPos == std::string::npos) 

+     {

+         return name;

+@@ -42,7 +42,7 @@
+ // --------------------------------------------------------------------------------------------------------

+ std::string KKey::getModifierName () const

+ {

+-    unsigned int keyPos = name.find('_', 0);

++    std::string::size_type keyPos = name.find('_', 0);

+     if (keyPos == std::string::npos) 

+     {

+         return "";

+--- a/kodilib/src/widgets/KFileNameField.cpp
++++ b/kodilib/src/widgets/KFileNameField.cpp
+@@ -41,7 +41,7 @@
+         std::string restPath; 				 // path behind cursor

+         

+         // map cropped path to current directory and rest path to file prefix

+-        unsigned int lastSlashPos = croppedPath.rfind("/");

++        std::string::size_type lastSlashPos = croppedPath.rfind("/");

+         if (lastSlashPos < croppedPath.size()-1)

+         {

+             restPath = croppedPath.substr(lastSlashPos+1);

+@@ -88,7 +88,7 @@
+         }

+ 

+         // ............................collect list of entries in searchDir that match prefix restPath

+-        unsigned int restLength = restPath.size();

++        std::string::size_type restLength = restPath.size();

+         std::vector<std::string> matchingEntries;

+         std::vector<std::string>::iterator iter = dir_entries.begin();

+         while (iter != dir_entries.end())

+@@ -223,7 +223,7 @@
+ // --------------------------------------------------------------------------------------------------------

+ void KFileNameField::selectLastPathComponent ()

+ {

+-    unsigned int lastSlashPos = text.rfind("/");

++    std::string::size_type lastSlashPos = text.rfind("/");

+     if (lastSlashPos == text.size()-1) lastSlashPos = text.rfind("/", lastSlashPos-1);

+     if (lastSlashPos < text.size()) cursor_pos = lastSlashPos+1;

+     else cursor_pos = 0;

+--- a/src/gui/KikiMenu.cpp
++++ b/src/gui/KikiMenu.cpp
+@@ -54,7 +54,7 @@
+ {

+     std::string item_text (itemText);

+     std::string event_name (itemText);

+-    unsigned int pos;

++    std::string::size_type pos;

+     float scale_factor = 1.0;

+ 

+     KikiMenuItem * menu_item = new KikiMenuItem ();

+--- a/src/gui/KikiTextLine.cpp
++++ b/src/gui/KikiTextLine.cpp
+@@ -46,7 +46,7 @@
+ void KikiTextLine::setText ( const std::string & str )

+ {

+     text = str;

+-    unsigned int pos;

++    std::string::size_type pos;

+  

+     if ((pos = text.find ("$scale(")) != std::string::npos)

+     {

diff --git a/gnu/packages/patches/kio-CVE-2017-6410.patch b/gnu/packages/patches/kio-CVE-2017-6410.patch
deleted file mode 100644
index 748636f806..0000000000
--- a/gnu/packages/patches/kio-CVE-2017-6410.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-Fix CVE-2017-6410, "Information Leak when accessing https when using a
-malicious PAC file":
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6410
-https://www.kde.org/info/security/advisory-20170228-1.txt
-
-Patch copied from upstream source repository:
-
-https://cgit.kde.org/kio.git/commit/?id=f9d0cb47cf94e209f6171ac0e8d774e68156a6e4
-
-From f9d0cb47cf94e209f6171ac0e8d774e68156a6e4 Mon Sep 17 00:00:00 2001
-From: Albert Astals Cid <aacid@kde.org>
-Date: Tue, 28 Feb 2017 19:00:48 +0100
-Subject: Sanitize URLs before passing them to FindProxyForURL
-
-Remove user/password information
-For https: remove path and query
-
-Thanks to safebreach.com for reporting the problem
-
-CCMAIL: yoni.fridburg@safebreach.com
-CCMAIL: amit.klein@safebreach.com
-CCMAIL: itzik.kotler@safebreach.com
----
- src/kpac/script.cpp | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/src/kpac/script.cpp b/src/kpac/script.cpp
-index a0235f7..2485c54 100644
---- a/src/kpac/script.cpp
-+++ b/src/kpac/script.cpp
-@@ -754,9 +754,16 @@ QString Script::evaluate(const QUrl &url)
-         }
-     }
- 
-+    QUrl cleanUrl = url;
-+    cleanUrl.setUserInfo(QString());
-+    if (cleanUrl.scheme() == QLatin1String("https")) {
-+        cleanUrl.setPath(QString());
-+        cleanUrl.setQuery(QString());
-+    }
-+
-     QScriptValueList args;
--    args << url.url();
--    args << url.host();
-+    args << cleanUrl.url();
-+    args << cleanUrl.host();
- 
-     QScriptValue result = func.call(QScriptValue(), args);
-     if (result.isError()) {
--- 
-cgit v0.11.2
-
diff --git a/gnu/packages/patches/libbase-fix-includes.patch b/gnu/packages/patches/libbase-fix-includes.patch
new file mode 100644
index 0000000000..3071a0c400
--- /dev/null
+++ b/gnu/packages/patches/libbase-fix-includes.patch
@@ -0,0 +1,71 @@
+This patch fixes the build of adb on linux.
+
+Copied from archlinux repository:
+https://git.archlinux.org/svntogit/community.git/tree/trunk/fix_build.patch?h=packages/android-tools
+
+diff --git a/adb/sysdeps.h b/adb/sysdeps.h
+index 75dcc86..867f3ec 100644
+--- a/adb/sysdeps.h
++++ b/adb/sysdeps.h
+@@ -25,6 +25,7 @@
+ #endif
+ 
+ #include <errno.h>
++#include <sys/syscall.h>
+ 
+ #include <string>
+ #include <vector>
+@@ -831,7 +832,16 @@ static __inline__ int adb_is_absolute_host_path(const char* path) {
+ 
+ static __inline__ unsigned long adb_thread_id()
+ {
+-    return (unsigned long)gettid();
++  // TODO: this function should be merged with GetThreadId
++#if defined(__BIONIC__)
++  return gettid();
++#elif defined(__APPLE__)
++  return syscall(SYS_thread_selfid);
++#elif defined(__linux__)
++  return syscall(__NR_gettid);
++#elif defined(_WIN32)
++  return GetCurrentThreadId();
++#endif
+ }
+ 
+ #endif /* !_WIN32 */
+diff --git a/base/errors_unix.cpp b/base/errors_unix.cpp
+index 296995e..48269b6 100644
+--- a/base/errors_unix.cpp
++++ b/base/errors_unix.cpp
+@@ -17,6 +17,7 @@
+ #include "android-base/errors.h"
+ 
+ #include <errno.h>
++#include <string.h>
+ 
+ namespace android {
+ namespace base {
+diff --git a/base/file.cpp b/base/file.cpp
+index da1adba..91a3901 100644
+--- a/base/file.cpp
++++ b/base/file.cpp
+@@ -20,6 +20,7 @@
+ #include <fcntl.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
++#include <string.h>
+ 
+ #include <string>
+ 
+diff --git a/base/logging.cpp b/base/logging.cpp
+index 1741871..e97c7f1 100644
+--- a/base/logging.cpp
++++ b/base/logging.cpp
+@@ -21,6 +21,7 @@
+ #include "android-base/logging.h"
+ 
+ #include <libgen.h>
++#include <string.h>
+ 
+ // For getprogname(3) or program_invocation_short_name.
+ #if defined(__ANDROID__) || defined(__APPLE__)
diff --git a/gnu/packages/patches/libbase-use-own-logging.patch b/gnu/packages/patches/libbase-use-own-logging.patch
new file mode 100644
index 0000000000..f755bf9722
--- /dev/null
+++ b/gnu/packages/patches/libbase-use-own-logging.patch
@@ -0,0 +1,80 @@
+Patch copied from:
+https://android.googlesource.com/platform/system/core/+/e5dd71a290f664d3f3bf0dd8a4bad411dc7ad416
+
+From e5dd71a290f664d3f3bf0dd8a4bad411dc7ad416 Mon Sep 17 00:00:00 2001
+From: Elliott Hughes <enh@google.com>
+Date: Thu, 28 Jul 2016 15:15:28 -0700
+Subject: [PATCH] libbase should use its own logging!
+
+Not doing so led to us using a bogus log tag.
+
+Bug: http://b/30281203
+Change-Id: I3ac91758a1a043146c65f2ae0f36fcfbe372c30f
+---
+ base/file.cpp    | 11 +++++------
+ base/logging.cpp |  3 +--
+ 2 files changed, 6 insertions(+), 8 deletions(-)
+
+diff --git a/base/file.cpp b/base/file.cpp
+index da1adba19..4e7ac82d1 100644
+--- a/base/file.cpp
++++ b/base/file.cpp
+@@ -24,9 +24,8 @@
+ #include <string>
+ 
+ #include "android-base/macros.h"  // For TEMP_FAILURE_RETRY on Darwin.
++#include "android-base/logging.h"
+ #include "android-base/utf8.h"
+-#define LOG_TAG "base.file"
+-#include "cutils/log.h"
+ #include "utils/Compat.h"
+ 
+ namespace android {
+@@ -86,22 +85,22 @@ bool WriteStringToFile(const std::string& content, const std::string& path,
+   int flags = O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC | O_NOFOLLOW | O_BINARY;
+   int fd = TEMP_FAILURE_RETRY(open(path.c_str(), flags, mode));
+   if (fd == -1) {
+-    ALOGE("android::WriteStringToFile open failed: %s", strerror(errno));
++    PLOG(ERROR) << "android::WriteStringToFile open failed";
+     return false;
+   }
+ 
+   // We do an explicit fchmod here because we assume that the caller really
+   // meant what they said and doesn't want the umask-influenced mode.
+   if (fchmod(fd, mode) == -1) {
+-    ALOGE("android::WriteStringToFile fchmod failed: %s", strerror(errno));
++    PLOG(ERROR) << "android::WriteStringToFile fchmod failed";
+     return CleanUpAfterFailedWrite(path);
+   }
+   if (fchown(fd, owner, group) == -1) {
+-    ALOGE("android::WriteStringToFile fchown failed: %s", strerror(errno));
++    PLOG(ERROR) << "android::WriteStringToFile fchown failed";
+     return CleanUpAfterFailedWrite(path);
+   }
+   if (!WriteStringToFd(content, fd)) {
+-    ALOGE("android::WriteStringToFile write failed: %s", strerror(errno));
++    PLOG(ERROR) << "android::WriteStringToFile write failed";
+     return CleanUpAfterFailedWrite(path);
+   }
+   close(fd);
+diff --git a/base/logging.cpp b/base/logging.cpp
+index 769c266c9..959bb8b05 100644
+--- a/base/logging.cpp
++++ b/base/logging.cpp
+@@ -43,12 +43,11 @@
+ 
+ #include "android-base/macros.h"
+ #include "android-base/strings.h"
+-#include "cutils/threads.h"
+ 
+ // Headers for LogMessage::LogLine.
+ #ifdef __ANDROID__
+ #include <android/set_abort_message.h>
+-#include "cutils/log.h"
++#include "log/log.h"
+ #else
+ #include <sys/types.h>
+ #include <unistd.h>
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/libcroco-CVE-2017-7960.patch b/gnu/packages/patches/libcroco-CVE-2017-7960.patch
new file mode 100644
index 0000000000..0319c7389f
--- /dev/null
+++ b/gnu/packages/patches/libcroco-CVE-2017-7960.patch
@@ -0,0 +1,66 @@
+Fix CVE-2017-7960:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7960
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/libcroco/commit/?id=898e3a8c8c0314d2e6b106809a8e3e93cf9d4394
+
+From 898e3a8c8c0314d2e6b106809a8e3e93cf9d4394 Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <qignacio@amazon.com>
+Date: Sun, 16 Apr 2017 13:13:43 +0200
+Subject: input: check end of input before reading a byte
+
+When reading bytes we weren't check that the index wasn't
+out of bound and this could produce an invalid read which
+could deal to a security bug.
+---
+ src/cr-input.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/cr-input.c b/src/cr-input.c
+index 49000b1..3b63a88 100644
+--- a/src/cr-input.c
++++ b/src/cr-input.c
+@@ -256,7 +256,7 @@ cr_input_new_from_uri (const gchar * a_file_uri, enum CREncoding a_enc)
+                  *we should  free buf here because it's own by CRInput.
+                  *(see the last parameter of cr_input_new_from_buf().
+                  */
+-                buf = NULL ;
++                buf = NULL;
+         }
+ 
+  cleanup:
+@@ -404,6 +404,8 @@ cr_input_get_nb_bytes_left (CRInput const * a_this)
+ enum CRStatus
+ cr_input_read_byte (CRInput * a_this, guchar * a_byte)
+ {
++        gulong nb_bytes_left = 0;
++
+         g_return_val_if_fail (a_this && PRIVATE (a_this)
+                               && a_byte, CR_BAD_PARAM_ERROR);
+ 
+@@ -413,6 +415,12 @@ cr_input_read_byte (CRInput * a_this, guchar * a_byte)
+         if (PRIVATE (a_this)->end_of_input == TRUE)
+                 return CR_END_OF_INPUT_ERROR;
+ 
++        nb_bytes_left = cr_input_get_nb_bytes_left (a_this);
++
++        if (nb_bytes_left < 1) {
++                return CR_END_OF_INPUT_ERROR;
++        }
++
+         *a_byte = PRIVATE (a_this)->in_buf[PRIVATE (a_this)->next_byte_index];
+ 
+         if (PRIVATE (a_this)->nb_bytes -
+@@ -477,7 +485,6 @@ cr_input_read_char (CRInput * a_this, guint32 * a_char)
+                 if (*a_char == '\n') {
+                         PRIVATE (a_this)->end_of_line = TRUE;
+                 }
+-
+         }
+ 
+         return status;
+-- 
+cgit v0.12
+
diff --git a/gnu/packages/patches/libcroco-CVE-2017-7961.patch b/gnu/packages/patches/libcroco-CVE-2017-7961.patch
new file mode 100644
index 0000000000..675dbe4f08
--- /dev/null
+++ b/gnu/packages/patches/libcroco-CVE-2017-7961.patch
@@ -0,0 +1,50 @@
+Fix CVE-2017-7961:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7961
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/libcroco/commit/?id=9ad72875e9f08e4c519ef63d44cdbd94aa9504f7
+
+From 9ad72875e9f08e4c519ef63d44cdbd94aa9504f7 Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <qignacio@amazon.com>
+Date: Sun, 16 Apr 2017 13:56:09 +0200
+Subject: tknzr: support only max long rgb values
+
+This fixes a possible out of bound when reading rgbs which
+are longer than the support MAXLONG
+---
+ src/cr-tknzr.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/cr-tknzr.c b/src/cr-tknzr.c
+index 1a7cfeb..1548c35 100644
+--- a/src/cr-tknzr.c
++++ b/src/cr-tknzr.c
+@@ -1279,6 +1279,11 @@ cr_tknzr_parse_rgb (CRTknzr * a_this, CRRgb ** a_rgb)
+         status = cr_tknzr_parse_num (a_this, &num);
+         ENSURE_PARSING_COND ((status == CR_OK) && (num != NULL));
+ 
++        if (num->val > G_MAXLONG) {
++                status = CR_PARSING_ERROR;
++                goto error;
++        }
++
+         red = num->val;
+         cr_num_destroy (num);
+         num = NULL;
+@@ -1298,6 +1303,11 @@ cr_tknzr_parse_rgb (CRTknzr * a_this, CRRgb ** a_rgb)
+                 status = cr_tknzr_parse_num (a_this, &num);
+                 ENSURE_PARSING_COND ((status == CR_OK) && (num != NULL));
+ 
++                if (num->val > G_MAXLONG) {
++                        status = CR_PARSING_ERROR;
++                        goto error;
++                }
++
+                 PEEK_BYTE (a_this, 1, &next_bytes[0]);
+                 if (next_bytes[0] == '%') {
+                         SKIP_CHARS (a_this, 1);
+-- 
+cgit v0.12
+
diff --git a/gnu/packages/patches/libdrm-symbol-check.patch b/gnu/packages/patches/libdrm-symbol-check.patch
index 69c67e778d..0a77763a4f 100644
--- a/gnu/packages/patches/libdrm-symbol-check.patch
+++ b/gnu/packages/patches/libdrm-symbol-check.patch
@@ -174,26 +174,21 @@ mips64el-linux, armhf-linux and aarch64-linux.
 @@ -1,6 +1,6 @@
  #!/bin/bash
  
--# The following symbols (past the first five) are taken from the public headers.
-+# The following symbols (past the first 12) are taken from the public headers.
- # A list of the latter should be available Makefile.sources/LIBDRM_FREEDRENO_H_FILES
+-# The following symbols (past the first nine) are taken from tegra.h.
++# The following symbols (past the first 12) are taken from tegra.h.
  
  FUNCS=$(nm -D --format=bsd --defined-only ${1-.libs/libdrm_tegra.so} | awk '{print $3}'| while read func; do
-@@ -10,6 +10,13 @@
- _end
- _fini
- _init
+ ( grep -q "^$func$" || echo $func )  <<EOF
+@@ -9,6 +9,9 @@
+ __bss_start
+ __end__
+ _bss_end__
 +_fbss
 +_fdata
 +_ftext
-+__bss_start__
-+__bss_end__
-+_bss_end__
-+__end__
- drm_tegra_bo_get_flags
- drm_tegra_bo_get_handle
- drm_tegra_bo_get_tiling
-
+ _edata
+ _end
+ _fini
 --- libdrm-2.4.65/radeon/radeon-symbol-check.orig	2015-05-04 11:47:43.000000000 -0400
 +++ libdrm-2.4.65/radeon/radeon-symbol-check	2015-10-18 23:57:00.756759698 -0400
 @@ -1,6 +1,6 @@
diff --git a/gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch b/gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch
new file mode 100644
index 0000000000..5f63231af0
--- /dev/null
+++ b/gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch
@@ -0,0 +1,77 @@
+Fix CVE-2017-{8361,8363,8365}:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8361
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8363
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8365
+
+Patch copied from upstream source repository:
+
+https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
+
+From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Wed, 12 Apr 2017 19:45:30 +1000
+Subject: [PATCH] FLAC: Fix a buffer read overrun
+
+Buffer read overrun occurs when reading a FLAC file that switches
+from 2 channels to one channel mid-stream. Only option is to
+abort the read.
+
+Closes: https://github.com/erikd/libsndfile/issues/230
+---
+ src/common.h  |  1 +
+ src/flac.c    | 13 +++++++++++++
+ src/sndfile.c |  1 +
+ 3 files changed, 15 insertions(+)
+
+diff --git a/src/common.h b/src/common.h
+index 0bd810c3..e2669b6a 100644
+--- a/src/common.h
++++ b/src/common.h
+@@ -725,6 +725,7 @@ enum
+ 	SFE_FLAC_INIT_DECODER,
+ 	SFE_FLAC_LOST_SYNC,
+ 	SFE_FLAC_BAD_SAMPLE_RATE,
++	SFE_FLAC_CHANNEL_COUNT_CHANGED,
+ 	SFE_FLAC_UNKOWN_ERROR,
+ 
+ 	SFE_WVE_NOT_WVE,
+diff --git a/src/flac.c b/src/flac.c
+index 84de0e26..986a7b8f 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -434,6 +434,19 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
+ 
+ 	switch (metadata->type)
+ 	{	case FLAC__METADATA_TYPE_STREAMINFO :
++			if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
++			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
++									"Nothing to be but to error out.\n" ,
++									psf->sf.channels, metadata->data.stream_info.channels) ;
++				psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
++				return ;
++				} ;
++
++			if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)
++			{	psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"
++									"Carrying on as if nothing happened.",
++									psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
++				} ;
+ 			psf->sf.channels = metadata->data.stream_info.channels ;
+ 			psf->sf.samplerate = metadata->data.stream_info.sample_rate ;
+ 			psf->sf.frames = metadata->data.stream_info.total_samples ;
+diff --git a/src/sndfile.c b/src/sndfile.c
+index 41875610..e2a87be8 100644
+--- a/src/sndfile.c
++++ b/src/sndfile.c
+@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] =
+ 	{	SFE_FLAC_INIT_DECODER	, "Error : problem with initialization of the flac decoder." },
+ 	{	SFE_FLAC_LOST_SYNC		, "Error : flac decoder lost sync." },
+ 	{	SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },
++	{	SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },
+ 	{	SFE_FLAC_UNKOWN_ERROR	, "Error : unknown error in flac decoder." },
+ 
+ 	{	SFE_WVE_NOT_WVE			, "Error : not a WVE file." },
+-- 
+2.12.2
+
diff --git a/gnu/packages/patches/libsndfile-CVE-2017-8362.patch b/gnu/packages/patches/libsndfile-CVE-2017-8362.patch
new file mode 100644
index 0000000000..5fc52a377a
--- /dev/null
+++ b/gnu/packages/patches/libsndfile-CVE-2017-8362.patch
@@ -0,0 +1,61 @@
+Fix CVE-2017-8362:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8362
+
+Patch copied from upstream source repository:
+
+https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808
+
+From ef1dbb2df1c0e741486646de40bd638a9c4cd808 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Fri, 14 Apr 2017 15:19:16 +1000
+Subject: [PATCH] src/flac.c: Fix a buffer read overflow
+
+A file (generated by a fuzzer) which increased the number of channels
+from one frame to the next could cause a read beyond the end of the
+buffer provided by libFLAC. Only option is to abort the read.
+
+Closes: https://github.com/erikd/libsndfile/issues/231
+---
+ src/flac.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/flac.c b/src/flac.c
+index 5a4f8c21..e4f9aaa0 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ 	const int32_t* const *buffer = pflac->wbuffer ;
+ 	unsigned i = 0, j, offset, channels, len ;
+ 
++	if (psf->sf.channels != (int) frame->header.channels)
++	{	psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"
++									"Nothing to do but to error out.\n" ,
++									psf->sf.channels, frame->header.channels) ;
++		psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
++		return 0 ;
++		} ;
++
+ 	/*
+ 	**	frame->header.blocksize is variable and we're using a constant blocksize
+ 	**	of FLAC__MAX_BLOCK_SIZE.
+@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ 		return 0 ;
+ 		} ;
+ 
+-
+ 	len = SF_MIN (pflac->len, frame->header.blocksize) ;
+ 
+ 	if (pflac->remain % channels != 0)
+@@ -436,7 +443,7 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
+ 	{	case FLAC__METADATA_TYPE_STREAMINFO :
+ 			if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
+ 			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
+-									"Nothing to be but to error out.\n" ,
++									"Nothing to do but to error out.\n" ,
+ 									psf->sf.channels, metadata->data.stream_info.channels) ;
+ 				psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+ 				return ;
+-- 
+2.12.2
+
diff --git a/gnu/packages/patches/libsndfile-armhf-type-checks.patch b/gnu/packages/patches/libsndfile-armhf-type-checks.patch
new file mode 100644
index 0000000000..7e0c71c3f6
--- /dev/null
+++ b/gnu/packages/patches/libsndfile-armhf-type-checks.patch
@@ -0,0 +1,42 @@
+This is a regression in 1.0.28 that causes a test failure on armhf.
+
+Upstream bug URL:
+
+https://github.com/erikd/libsndfile/issues/229
+
+Patch copied from upstream source repository:
+
+https://github.com/erikd/libsndfile/commit/9d470ee5577d3ccedb1c28c7e0a7295ba17feaf5
+
+From 9d470ee5577d3ccedb1c28c7e0a7295ba17feaf5 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Sun, 16 Apr 2017 17:54:17 +1000
+Subject: [PATCH] src/rf64.c: Fix varargs related bug
+
+C's <stargs.h> functionality isn't type checked so that passing an
+`sf_count_t` (64 bits) by mistake in place of a `unit32_t` can cause
+errors. This would be fine if it was an error on every architecture
+and platform, but its not. This particular problem only manifested
+on armhf and some other Arm architectures. It was not an issue on
+32 bit x86.
+
+I have now fixed variants of this same bug several times.
+
+Closes: https://github.com/erikd/libsndfile/issues/229
+---
+ src/rf64.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/rf64.c b/src/rf64.c
+index b3d637f..02dd904 100644
+--- a/src/rf64.c
++++ b/src/rf64.c
+@@ -742,7 +742,7 @@ rf64_write_header (SF_PRIVATE *psf, int calc_length)
+ 
+ 	pad_size = psf->dataoffset - 16 - psf->header.indx ;
+ 	if (pad_size >= 0)
+-		psf_binheader_writef (psf, "m4z", PAD_MARKER, pad_size, make_size_t (pad_size)) ;
++		psf_binheader_writef (psf, "m4z", PAD_MARKER, (unsigned int) pad_size, make_size_t (pad_size)) ;
+ 
+ 	if (wpriv->rf64_downgrade && (psf->filelength < RIFF_DOWNGRADE_BYTES))
+ 		psf_binheader_writef (psf, "tm8", data_MARKER, psf->datalength) ;
diff --git a/gnu/packages/patches/libtiff-CVE-2017-7593.patch b/gnu/packages/patches/libtiff-CVE-2017-7593.patch
new file mode 100644
index 0000000000..496efb73b9
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2017-7593.patch
@@ -0,0 +1,113 @@
+Fixes CVE-2017-7593 (Potential uninitialized-memory access from tif_rawdata):
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2651
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7593
+https://security-tracker.debian.org/tracker/CVE-2017-7593
+
+2017-01-11 Even Rouault <even.rouault at spatialys.com>
+
+        * libtiff/tiffio.h, tif_unix.c, tif_win32.c, tif_vms.c: add
+        _TIFFcalloc()
+
+        * libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero
+        initialize tif_rawdata.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1208; previous revision: 1.1207
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v  <--  libtiff/tif_read.c
+new revision: 1.53; previous revision: 1.52
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_unix.c,v  <--  libtiff/tif_unix.c
+new revision: 1.28; previous revision: 1.27
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_vms.c,v  <--  libtiff/tif_vms.c
+new revision: 1.14; previous revision: 1.13
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_win32.c,v  <--  libtiff/tif_win32.c
+new revision: 1.42; previous revision: 1.41
+/cvs/maptools/cvsroot/libtiff/libtiff/tiffio.h,v  <--  libtiff/tiffio.h
+new revision: 1.94; previous revision: 1.93
+
+diff -ru tiff-4.0.7/libtiff/tiffio.h tiff-4.0.7.new/libtiff/tiffio.h
+--- tiff-4.0.7/libtiff/tiffio.h	1969-12-31 19:00:00.000000000 -0500
++++ tiff-4.0.7.new/libtiff/tiffio.h	2017-05-05 19:08:03.772999790 -0400
+@@ -1,4 +1,4 @@
+-/* $Id: tiffio.h,v 1.92 2016-01-23 21:20:34 erouault Exp $ */
++/* $Id: tiffio.h,v 1.94 2017-01-11 19:02:49 erouault Exp $ */
+ 
+ /*
+  * Copyright (c) 1988-1997 Sam Leffler
+@@ -293,6 +293,7 @@
+  */
+ 
+ extern void* _TIFFmalloc(tmsize_t s);
++extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz);
+ extern void* _TIFFrealloc(void* p, tmsize_t s);
+ extern void _TIFFmemset(void* p, int v, tmsize_t c);
+ extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c);
+diff -ru tiff-4.0.7/libtiff/tif_read.c tiff-4.0.7.new/libtiff/tif_read.c
+--- tiff-4.0.7/libtiff/tif_read.c	2017-05-05 19:04:09.740966642 -0400
++++ tiff-4.0.7.new/libtiff/tif_read.c	2017-05-05 18:59:11.070709441 -0400
+@@ -1,4 +1,4 @@
+-/* $Id: tif_read.c,v 1.50 2016-12-02 21:56:56 erouault Exp $ */
++/* $Id: tif_read.c,v 1.53 2017-01-11 19:02:49 erouault Exp $ */
+ 
+ /*
+  * Copyright (c) 1988-1997 Sam Leffler
+@@ -976,7 +976,9 @@
+ 				"Invalid buffer size");
+ 		    return (0);
+ 		}
+-		tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize);
++		/* Initialize to zero to avoid uninitialized buffers in case of */
++		/* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */
++		tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize);
+ 		tif->tif_flags |= TIFF_MYBUFFER;
+ 	}
+ 	if (tif->tif_rawdata == NULL) {
+diff -ru tiff-4.0.7/libtiff/tif_unix.c tiff-4.0.7.new/libtiff/tif_unix.c
+--- tiff-4.0.7/libtiff/tif_unix.c	1969-12-31 19:00:00.000000000 -0500
++++ tiff-4.0.7.new/libtiff/tif_unix.c	2017-05-05 19:10:48.302645187 -0400
+@@ -1,4 +1,4 @@
+-/* $Id: tif_unix.c,v 1.27 2015-08-19 02:31:04 bfriesen Exp $ */
++/* $Id: tif_unix.c,v 1.28 2017-01-11 19:02:49 erouault Exp $ */
+ 
+ /*
+  * Copyright (c) 1988-1997 Sam Leffler
+@@ -316,6 +316,14 @@
+ 	return (malloc((size_t) s));
+ }
+ 
++void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
++{
++    if( nmemb == 0 || siz == 0 )
++        return ((void *) NULL);
++
++    return calloc((size_t) nmemb, (size_t)siz);
++}
++
+ void
+ _TIFFfree(void* p)
+ {
+diff -ru tiff-4.0.7/libtiff/tif_win32.c tiff-4.0.7.new/libtiff/tif_win32.c
+--- tiff-4.0.7/libtiff/tif_win32.c	1969-12-31 19:00:00.000000000 -0500
++++ tiff-4.0.7.new/libtiff/tif_win32.c	2017-05-05 19:13:06.903399627 -0400
+@@ -1,4 +1,4 @@
+-/* $Id: tif_win32.c,v 1.41 2015-08-23 20:12:44 bfriesen Exp $ */
++/* $Id: tif_win32.c,v 1.42 2017-01-11 19:02:49 erouault Exp $ */
+ 
+ /*
+  * Copyright (c) 1988-1997 Sam Leffler
+@@ -360,6 +360,14 @@
+ 	return (malloc((size_t) s));
+ }
+ 
++void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
++{
++    if( nmemb == 0 || siz == 0 )
++        return ((void *) NULL);
++
++    return calloc((size_t) nmemb, (size_t)siz);
++}
++
+ void
+ _TIFFfree(void* p)
+ {
diff --git a/gnu/packages/patches/libtiff-CVE-2017-7594.patch b/gnu/packages/patches/libtiff-CVE-2017-7594.patch
new file mode 100644
index 0000000000..d17997d447
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2017-7594.patch
@@ -0,0 +1,54 @@
+Fixes CVE-2017-7594 (Direct leak in tif_ojpeg.c):
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2659
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7594
+https://security-tracker.debian.org/tracker/CVE-2017-7594
+
+2017-01-12 Even Rouault <even.rouault at spatialys.com>
+
+        * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesAcTable
+        when read fails.
+        Patch by Nicolás Peña.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1212; previous revision: 1.1211
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v  <--  libtiff/tif_ojpeg.c
+new revision: 1.67; previous revision: 1.66
+
+Index: libtiff/libtiff/tif_ojpeg.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v
+retrieving revision 1.67
+retrieving revision 1.68
+diff -u -r1.67 -r1.68
+--- libtiff/libtiff/tif_ojpeg.c	12 Jan 2017 17:43:26 -0000	1.67
++++ libtiff/libtiff/tif_ojpeg.c	12 Jan 2017 19:23:20 -0000	1.68
+@@ -1,4 +1,4 @@
+-/* $Id: tif_ojpeg.c,v 1.66 2016-12-03 11:15:18 erouault Exp $ */
++/* $Id: tif_ojpeg.c,v 1.68 2017-01-12 19:23:20 erouault Exp $ */
+ 
+ /* WARNING: The type of JPEG encapsulation defined by the TIFF Version 6.0
+    specification is now totally obsolete and deprecated for new applications and
+@@ -1790,7 +1790,10 @@
+ 			TIFFSeekFile(tif,sp->qtable_offset[m],SEEK_SET); 
+ 			p=(uint32)TIFFReadFile(tif,&ob[sizeof(uint32)+5],64);
+ 			if (p!=64)
++                        {
++                                _TIFFfree(ob);
+ 				return(0);
++                        }
+ 			sp->qtable[m]=ob;
+ 			sp->sof_tq[m]=m;
+ 		}
+@@ -1854,7 +1857,10 @@
+ 				rb[sizeof(uint32)+5+n]=o[n];
+ 			p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
+ 			if (p!=q)
++                        {
++                                _TIFFfree(rb);
+ 				return(0);
++                        }
+ 			sp->dctable[m]=rb;
+ 			sp->sos_tda[m]=(m<<4);
+ 		}
diff --git a/gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch b/gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch
new file mode 100644
index 0000000000..2f4509f386
--- /dev/null
+++ b/gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch
@@ -0,0 +1,449 @@
+Fixes CVE-2017-{7595,7596,7597,7598,7599,7600,7601,7602}:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7595
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7596
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7597
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7598
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7599
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7600
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7601
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7602
+
+2017-01-11 Even Rouault <even.rouault at spatialys.com>
+
+        * libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement various
+        clampings
+        of double to other data types to avoid undefined behaviour if the
+        output range
+        isn't big enough to hold the input value.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2643
+        http://bugzilla.maptools.org/show_bug.cgi?id=2642
+        http://bugzilla.maptools.org/show_bug.cgi?id=2646
+        http://bugzilla.maptools.org/show_bug.cgi?id=2647
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1204; previous revision: 1.1203
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v  <--  libtiff/tif_dir.c
+new revision: 1.129; previous revision: 1.128
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v  <-- libtiff/tif_dirread.c
+new revision: 1.207; previous revision: 1.206
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v  <-- libtiff/tif_dirwrite.c
+new revision: 1.85; previous revision: 1.84
+
+2017-01-11 Even Rouault <even.rouault at spatialys.com>
+
+        * libtiff/tif_dirread.c: avoid division by floating point 0 in
+        TIFFReadDirEntryCheckedRational() and
+        TIFFReadDirEntryCheckedSrational(),
+        and return 0 in that case (instead of infinity as before presumably)
+        Apparently some sanitizers do not like those divisions by zero.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2644
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <-- ChangeLog
+new revision: 1.1203; previous revision: 1.1202
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v  <-- libtiff/tif_dirread.c
+new revision: 1.206; previous revision: 1.205
+
+2017-01-11 Even Rouault <even.rouault at spatialys.com>
+
+        * libtiff/tif_jpeg.c: validate BitsPerSample in JPEGSetupEncode() to
+        avoid undefined behaviour caused by invalid shift exponent.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
+
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <-- ChangeLog
+new revision: 1.1205; previous revision: 1.1204
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_jpeg.c,v  <-- libtiff/tif_jpeg.c
+new revision: 1.126; previous revision: 1.125
+
+2017-01-11 Even Rouault <even.rouault at spatialys.com>
+
+        * libtiff/tif_read.c: avoid potential undefined behaviour on signed
+        integer addition in TIFFReadRawStrip1() in isMapped() case.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2650
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <-- ChangeLog
+new revision: 1.1206; previous revision: 1.1205
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v  <-- libtiff/tif_read.c
+new revision: 1.51; previous revision: 1.50
+
+Index: libtiff/libtiff/tif_dir.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v
+retrieving revision 1.128
+retrieving revision 1.129
+diff -u -r1.128 -r1.129
+--- libtiff/libtiff/tif_dir.c	3 Dec 2016 15:30:31 -0000	1.128
++++ libtiff/libtiff/tif_dir.c	11 Jan 2017 16:09:02 -0000	1.129
+@@ -1,4 +1,4 @@
+-/* $Id: tif_dir.c,v 1.128 2016-12-03 15:30:31 erouault Exp $ */
++/* $Id: tif_dir.c,v 1.129 2017-01-11 16:09:02 erouault Exp $ */
+ 
+ /*
+  * Copyright (c) 1988-1997 Sam Leffler
+@@ -31,6 +31,7 @@
+  * (and also some miscellaneous stuff)
+  */
+ #include "tiffiop.h"
++#include <float.h>
+ 
+ /*
+  * These are used in the backwards compatibility code...
+@@ -154,6 +155,15 @@
+ 	return (0);
+ }
+ 
++static float TIFFClampDoubleToFloat( double val )
++{
++    if( val > FLT_MAX )
++        return FLT_MAX;
++    if( val < -FLT_MAX )
++        return -FLT_MAX;
++    return (float)val;
++}
++
+ static int
+ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
+ {
+@@ -312,13 +322,13 @@
+         dblval = va_arg(ap, double);
+         if( dblval < 0 )
+             goto badvaluedouble;
+-		td->td_xresolution = (float) dblval;
++		td->td_xresolution = TIFFClampDoubleToFloat( dblval );
+ 		break;
+ 	case TIFFTAG_YRESOLUTION:
+         dblval = va_arg(ap, double);
+         if( dblval < 0 )
+             goto badvaluedouble;
+-		td->td_yresolution = (float) dblval;
++		td->td_yresolution = TIFFClampDoubleToFloat( dblval );
+ 		break;
+ 	case TIFFTAG_PLANARCONFIG:
+ 		v = (uint16) va_arg(ap, uint16_vap);
+@@ -327,10 +337,10 @@
+ 		td->td_planarconfig = (uint16) v;
+ 		break;
+ 	case TIFFTAG_XPOSITION:
+-		td->td_xposition = (float) va_arg(ap, double);
++		td->td_xposition = TIFFClampDoubleToFloat( va_arg(ap, double) );
+ 		break;
+ 	case TIFFTAG_YPOSITION:
+-		td->td_yposition = (float) va_arg(ap, double);
++		td->td_yposition = TIFFClampDoubleToFloat( va_arg(ap, double) );
+ 		break;
+ 	case TIFFTAG_RESOLUTIONUNIT:
+ 		v = (uint16) va_arg(ap, uint16_vap);
+Index: libtiff/libtiff/tif_dirread.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v
+retrieving revision 1.206
+retrieving revision 1.207
+diff -u -r1.206 -r1.207
+--- libtiff/libtiff/tif_dirread.c	11 Jan 2017 13:28:01 -0000	1.206
++++ libtiff/libtiff/tif_dirread.c	11 Jan 2017 16:09:02 -0000	1.207
+@@ -1,4 +1,4 @@
+-/* $Id: tif_dirread.c,v 1.205 2016-12-03 11:02:15 erouault Exp $ */
++/* $Id: tif_dirread.c,v 1.207 2017-01-11 16:09:02 erouault Exp $ */
+ 
+ /*
+  * Copyright (c) 1988-1997 Sam Leffler
+@@ -40,6 +40,7 @@
+  */
+ 
+ #include "tiffiop.h"
++#include <float.h>
+ 
+ #define IGNORE 0          /* tag placeholder used below */
+ #define FAILED_FII    ((uint32) -1)
+@@ -2406,7 +2407,14 @@
+ 				ma=(double*)origdata;
+ 				mb=data;
+ 				for (n=0; n<count; n++)
+-					*mb++=(float)(*ma++);
++                                {
++                                    double val = *ma++;
++                                    if( val > FLT_MAX )
++                                        val = FLT_MAX;
++                                    else if( val < -FLT_MAX )
++                                        val = -FLT_MAX;
++                                    *mb++=(float)val;
++                                }
+ 			}
+ 			break;
+ 	}
+Index: libtiff/libtiff/tif_dirwrite.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v
+retrieving revision 1.84
+retrieving revision 1.85
+diff -u -r1.84 -r1.85
+--- libtiff/libtiff/tif_dirwrite.c	11 Jan 2017 12:51:59 -0000	1.84
++++ libtiff/libtiff/tif_dirwrite.c	11 Jan 2017 16:09:02 -0000	1.85
+@@ -1,4 +1,4 @@
+-/* $Id: tif_dirwrite.c,v 1.83 2016-10-25 21:35:15 erouault Exp $ */
++/* $Id: tif_dirwrite.c,v 1.85 2017-01-11 16:09:02 erouault Exp $ */
+ 
+ /*
+  * Copyright (c) 1988-1997 Sam Leffler
+@@ -30,6 +30,7 @@
+  * Directory Write Support Routines.
+  */
+ #include "tiffiop.h"
++#include <float.h>
+ 
+ #ifdef HAVE_IEEEFP
+ #define TIFFCvtNativeToIEEEFloat(tif, n, fp)
+@@ -939,6 +940,69 @@
+ 	return(0);
+ }
+ 
++static float TIFFClampDoubleToFloat( double val )
++{
++    if( val > FLT_MAX )
++        return FLT_MAX;
++    if( val < -FLT_MAX )
++        return -FLT_MAX;
++    return (float)val;
++}
++
++static int8 TIFFClampDoubleToInt8( double val )
++{
++    if( val > 127 )
++        return 127;
++    if( val < -128 || val != val )
++        return -128;
++    return (int8)val;
++}
++
++static int16 TIFFClampDoubleToInt16( double val )
++{
++    if( val > 32767 )
++        return 32767;
++    if( val < -32768 || val != val )
++        return -32768;
++    return (int16)val;
++}
++
++static int32 TIFFClampDoubleToInt32( double val )
++{
++    if( val > 0x7FFFFFFF )
++        return 0x7FFFFFFF;
++    if( val < -0x7FFFFFFF-1 || val != val )
++        return -0x7FFFFFFF-1;
++    return (int32)val;
++}
++
++static uint8 TIFFClampDoubleToUInt8( double val )
++{
++    if( val < 0 )
++        return 0;
++    if( val > 255 || val != val )
++        return 255;
++    return (uint8)val;
++}
++
++static uint16 TIFFClampDoubleToUInt16( double val )
++{
++    if( val < 0 )
++        return 0;
++    if( val > 65535 || val != val )
++        return 65535;
++    return (uint16)val;
++}
++
++static uint32 TIFFClampDoubleToUInt32( double val )
++{
++    if( val < 0 )
++        return 0;
++    if( val > 0xFFFFFFFFU || val != val )
++        return 0xFFFFFFFFU;
++    return (uint32)val;
++}
++
+ static int
+ TIFFWriteDirectoryTagSampleformatArray(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, uint16 tag, uint32 count, double* value)
+ {
+@@ -959,7 +1023,7 @@
+ 			if (tif->tif_dir.td_bitspersample<=32)
+ 			{
+ 				for (i = 0; i < count; ++i)
+-					((float*)conv)[i] = (float)value[i];
++					((float*)conv)[i] = TIFFClampDoubleToFloat(value[i]);
+ 				ok = TIFFWriteDirectoryTagFloatArray(tif,ndir,dir,tag,count,(float*)conv);
+ 			}
+ 			else
+@@ -971,19 +1035,19 @@
+ 			if (tif->tif_dir.td_bitspersample<=8)
+ 			{
+ 				for (i = 0; i < count; ++i)
+-					((int8*)conv)[i] = (int8)value[i];
++					((int8*)conv)[i] = TIFFClampDoubleToInt8(value[i]);
+ 				ok = TIFFWriteDirectoryTagSbyteArray(tif,ndir,dir,tag,count,(int8*)conv);
+ 			}
+ 			else if (tif->tif_dir.td_bitspersample<=16)
+ 			{
+ 				for (i = 0; i < count; ++i)
+-					((int16*)conv)[i] = (int16)value[i];
++					((int16*)conv)[i] = TIFFClampDoubleToInt16(value[i]);
+ 				ok = TIFFWriteDirectoryTagSshortArray(tif,ndir,dir,tag,count,(int16*)conv);
+ 			}
+ 			else
+ 			{
+ 				for (i = 0; i < count; ++i)
+-					((int32*)conv)[i] = (int32)value[i];
++					((int32*)conv)[i] = TIFFClampDoubleToInt32(value[i]);
+ 				ok = TIFFWriteDirectoryTagSlongArray(tif,ndir,dir,tag,count,(int32*)conv);
+ 			}
+ 			break;
+@@ -991,19 +1055,19 @@
+ 			if (tif->tif_dir.td_bitspersample<=8)
+ 			{
+ 				for (i = 0; i < count; ++i)
+-					((uint8*)conv)[i] = (uint8)value[i];
++					((uint8*)conv)[i] = TIFFClampDoubleToUInt8(value[i]);
+ 				ok = TIFFWriteDirectoryTagByteArray(tif,ndir,dir,tag,count,(uint8*)conv);
+ 			}
+ 			else if (tif->tif_dir.td_bitspersample<=16)
+ 			{
+ 				for (i = 0; i < count; ++i)
+-					((uint16*)conv)[i] = (uint16)value[i];
++					((uint16*)conv)[i] = TIFFClampDoubleToUInt16(value[i]);
+ 				ok = TIFFWriteDirectoryTagShortArray(tif,ndir,dir,tag,count,(uint16*)conv);
+ 			}
+ 			else
+ 			{
+ 				for (i = 0; i < count; ++i)
+-					((uint32*)conv)[i] = (uint32)value[i];
++					((uint32*)conv)[i] = TIFFClampDoubleToUInt32(value[i]);
+ 				ok = TIFFWriteDirectoryTagLongArray(tif,ndir,dir,tag,count,(uint32*)conv);
+ 			}
+ 			break;
+@@ -2102,7 +2102,7 @@
+ 		m[0]=0;
+ 		m[1]=1;
+ 	}
+-	else if (value==(double)(uint32)value)
++	else if (value <= 0xFFFFFFFFU && value==(double)(uint32)value)
+ 	{
+ 		m[0]=(uint32)value;
+ 		m[1]=1;
+@@ -2148,12 +2217,13 @@
+ 	}
+ 	for (na=value, nb=m, nc=0; nc<count; na++, nb+=2, nc++)
+ 	{
+-		if (*na<=0.0)
++		if (*na<=0.0 || *na != *na)
+ 		{
+ 			nb[0]=0;
+ 			nb[1]=1;
+ 		}
+-		else if (*na==(float)(uint32)(*na))
++		else if (*na >= 0 && *na <= (float)0xFFFFFFFFU &&
++                         *na==(float)(uint32)(*na))
+ 		{
+ 			nb[0]=(uint32)(*na);
+ 			nb[1]=1;
+Index: libtiff/libtiff/tif_dirread.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v
+retrieving revision 1.205
+retrieving revision 1.206
+diff -u -r1.205 -r1.206
+--- libtiff/libtiff/tif_dirread.c	3 Dec 2016 11:02:15 -0000	1.205
++++ libtiff/libtiff/tif_dirread.c	11 Jan 2017 13:28:01 -0000	1.206
+@@ -2872,7 +2872,10 @@
+ 		m.l = direntry->tdir_offset.toff_long8;
+ 	if (tif->tif_flags&TIFF_SWAB)
+ 		TIFFSwabArrayOfLong(m.i,2);
+-	if (m.i[0]==0)
++        /* Not completely sure what we should do when m.i[1]==0, but some */
++        /* sanitizers do not like division by 0.0: */
++        /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
++	if (m.i[0]==0 || m.i[1]==0)
+ 		*value=0.0;
+ 	else
+ 		*value=(double)m.i[0]/(double)m.i[1];
+@@ -2900,7 +2903,10 @@
+ 		m.l=direntry->tdir_offset.toff_long8;
+ 	if (tif->tif_flags&TIFF_SWAB)
+ 		TIFFSwabArrayOfLong(m.i,2);
+-	if ((int32)m.i[0]==0)
++        /* Not completely sure what we should do when m.i[1]==0, but some */
++        /* sanitizers do not like division by 0.0: */
++        /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
++	if ((int32)m.i[0]==0 || m.i[1]==0)
+ 		*value=0.0;
+ 	else
+ 		*value=(double)((int32)m.i[0])/(double)m.i[1];
+Index: libtiff/libtiff/tif_jpeg.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_jpeg.c,v
+retrieving revision 1.125
+retrieving revision 1.126
+diff -u -r1.125 -r1.126
+--- libtiff/libtiff/tif_jpeg.c	11 Jan 2017 12:15:01 -0000	1.125
++++ libtiff/libtiff/tif_jpeg.c	11 Jan 2017 16:13:50 -0000	1.126
+@@ -1,4 +1,4 @@
+-/* $Id: tif_jpeg.c,v 1.123 2016-01-23 21:20:34 erouault Exp $ */
++/* $Id: tif_jpeg.c,v 1.126 2017-01-11 16:13:50 erouault Exp $ */
+ 
+ /*
+  * Copyright (c) 1994-1997 Sam Leffler
+@@ -1632,6 +1632,13 @@
+                             "Invalig horizontal/vertical sampling value");
+                     return (0);
+                 }
++                if( td->td_bitspersample > 16 )
++                {
++                    TIFFErrorExt(tif->tif_clientdata, module,
++                                 "BitsPerSample %d not allowed for JPEG",
++                                 td->td_bitspersample);
++                    return (0);
++                }
+ 
+ 		/*
+ 		 * A ReferenceBlackWhite field *must* be present since the
+Index: libtiff/libtiff/tif_read.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v
+retrieving revision 1.50
+retrieving revision 1.51
+diff -u -r1.50 -r1.51
+--- libtiff/libtiff/tif_read.c	2 Dec 2016 21:56:56 -0000	1.50
++++ libtiff/libtiff/tif_read.c	11 Jan 2017 16:33:34 -0000	1.51
+@@ -420,16 +420,25 @@
+ 			return ((tmsize_t)(-1));
+ 		}
+ 	} else {
+-		tmsize_t ma,mb;
++		tmsize_t ma;
+ 		tmsize_t n;
+-		ma=(tmsize_t)td->td_stripoffset[strip];
+-		mb=ma+size;
+-		if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size))
+-			n=0;
+-		else if ((mb<ma)||(mb<size)||(mb>tif->tif_size))
+-			n=tif->tif_size-ma;
+-		else
+-			n=size;
++		if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||
++                    ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size))
++                {
++                    n=0;
++                }
++                else if( ma > TIFF_TMSIZE_T_MAX - size )
++                {
++                    n=0;
++                }
++                else
++                {
++                    tmsize_t mb=ma+size;
++                    if (mb>tif->tif_size)
++                            n=tif->tif_size-ma;
++                    else
++                            n=size;
++                }
+ 		if (n!=size) {
+ #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
+ 			TIFFErrorExt(tif->tif_clientdata, module,
diff --git a/gnu/packages/patches/libtirpc-CVE-2017-8779.patch b/gnu/packages/patches/libtirpc-CVE-2017-8779.patch
new file mode 100644
index 0000000000..742e64df25
--- /dev/null
+++ b/gnu/packages/patches/libtirpc-CVE-2017-8779.patch
@@ -0,0 +1,263 @@
+Fix CVE-2017-8779:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8779
+
+Patch copied from the bug reporter's 3rd-party repository:
+
+https://github.com/guidovranken/rpcbomb/blob/master/libtirpc_patch.txt
+
+diff --git a/src/rpc_generic.c b/src/rpc_generic.c
+index 2f09a8f..589cbd5 100644
+--- a/src/rpc_generic.c
++++ b/src/rpc_generic.c
+@@ -615,6 +615,9 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
+ 
+ 	switch (af) {
+ 	case AF_INET:
++		if (nbuf->len < sizeof(*sin)) {
++			return NULL;
++		}
+ 		sin = nbuf->buf;
+ 		if (inet_ntop(af, &sin->sin_addr, namebuf, sizeof namebuf)
+ 		    == NULL)
+@@ -626,6 +629,9 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
+ 		break;
+ #ifdef INET6
+ 	case AF_INET6:
++		if (nbuf->len < sizeof(*sin6)) {
++			return NULL;
++		}
+ 		sin6 = nbuf->buf;
+ 		if (inet_ntop(af, &sin6->sin6_addr, namebuf6, sizeof namebuf6)
+ 		    == NULL)
+@@ -667,6 +673,8 @@ __rpc_uaddr2taddr_af(int af, const char *uaddr)
+ 
+ 	port = 0;
+ 	sin = NULL;
++	if (uaddr == NULL)
++		return NULL;
+ 	addrstr = strdup(uaddr);
+ 	if (addrstr == NULL)
+ 		return NULL;
+diff --git a/src/rpcb_prot.c b/src/rpcb_prot.c
+index 43fd385..a923c8e 100644
+--- a/src/rpcb_prot.c
++++ b/src/rpcb_prot.c
+@@ -41,6 +41,7 @@
+ #include <rpc/types.h>
+ #include <rpc/xdr.h>
+ #include <rpc/rpcb_prot.h>
++#include "rpc_com.h"
+ 
+ bool_t
+ xdr_rpcb(xdrs, objp)
+@@ -53,13 +54,13 @@ xdr_rpcb(xdrs, objp)
+ 	if (!xdr_u_int32_t(xdrs, &objp->r_vers)) {
+ 		return (FALSE);
+ 	}
+-	if (!xdr_string(xdrs, &objp->r_netid, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->r_netid, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+-	if (!xdr_string(xdrs, &objp->r_addr, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->r_addr, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+-	if (!xdr_string(xdrs, &objp->r_owner, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->r_owner, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+ 	return (TRUE);
+@@ -159,19 +160,19 @@ xdr_rpcb_entry(xdrs, objp)
+ 	XDR *xdrs;
+ 	rpcb_entry *objp;
+ {
+-	if (!xdr_string(xdrs, &objp->r_maddr, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->r_maddr, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+-	if (!xdr_string(xdrs, &objp->r_nc_netid, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->r_nc_netid, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+ 	if (!xdr_u_int32_t(xdrs, &objp->r_nc_semantics)) {
+ 		return (FALSE);
+ 	}
+-	if (!xdr_string(xdrs, &objp->r_nc_protofmly, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->r_nc_protofmly, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+-	if (!xdr_string(xdrs, &objp->r_nc_proto, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->r_nc_proto, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+ 	return (TRUE);
+@@ -292,7 +293,7 @@ xdr_rpcb_rmtcallres(xdrs, p)
+ 	bool_t dummy;
+ 	struct r_rpcb_rmtcallres *objp = (struct r_rpcb_rmtcallres *)(void *)p;
+ 
+-	if (!xdr_string(xdrs, &objp->addr, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->addr, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+ 	if (!xdr_u_int(xdrs, &objp->results.results_len)) {
+@@ -312,6 +313,11 @@ xdr_netbuf(xdrs, objp)
+ 	if (!xdr_u_int32_t(xdrs, (u_int32_t *) &objp->maxlen)) {
+ 		return (FALSE);
+ 	}
++
++	if (objp->maxlen > RPC_MAXDATASIZE) {
++		return (FALSE);
++	}
++
+ 	dummy = xdr_bytes(xdrs, (char **)&(objp->buf),
+ 			(u_int *)&(objp->len), objp->maxlen);
+ 	return (dummy);
+diff --git a/src/rpcb_st_xdr.c b/src/rpcb_st_xdr.c
+index 08db745..28e6a48 100644
+--- a/src/rpcb_st_xdr.c
++++ b/src/rpcb_st_xdr.c
+@@ -37,6 +37,7 @@
+ 
+ 
+ #include <rpc/rpc.h>
++#include "rpc_com.h"
+ 
+ /* Link list of all the stats about getport and getaddr */
+ 
+@@ -58,7 +59,7 @@ xdr_rpcbs_addrlist(xdrs, objp)
+ 	    if (!xdr_int(xdrs, &objp->failure)) {
+ 		return (FALSE);
+ 	    }
+-	    if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
++	    if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	    }
+ 
+@@ -109,7 +110,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
+ 		IXDR_PUT_INT32(buf, objp->failure);
+ 		IXDR_PUT_INT32(buf, objp->indirect);
+ 	}
+-	if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+ 	if (!xdr_pointer(xdrs, (char **)&objp->next,
+@@ -147,7 +148,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
+ 		objp->failure = (int)IXDR_GET_INT32(buf);
+ 		objp->indirect = (int)IXDR_GET_INT32(buf);
+ 	}
+-	if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+ 	if (!xdr_pointer(xdrs, (char **)&objp->next,
+@@ -175,7 +176,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
+ 	if (!xdr_int(xdrs, &objp->indirect)) {
+ 		return (FALSE);
+ 	}
+-	if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
++	if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
+ 		return (FALSE);
+ 	}
+ 	if (!xdr_pointer(xdrs, (char **)&objp->next,
+diff --git a/src/xdr.c b/src/xdr.c
+index f3fb9ad..b9a1558 100644
+--- a/src/xdr.c
++++ b/src/xdr.c
+@@ -42,8 +42,10 @@
+ #include <stdlib.h>
+ #include <string.h>
+ 
++#include <rpc/rpc.h>
+ #include <rpc/types.h>
+ #include <rpc/xdr.h>
++#include <rpc/rpc_com.h>
+ 
+ typedef quad_t          longlong_t;     /* ANSI long long type */
+ typedef u_quad_t        u_longlong_t;   /* ANSI unsigned long long type */
+@@ -53,7 +55,6 @@ typedef u_quad_t        u_longlong_t;   /* ANSI unsigned long long type */
+  */
+ #define XDR_FALSE	((long) 0)
+ #define XDR_TRUE	((long) 1)
+-#define LASTUNSIGNED	((u_int) 0-1)
+ 
+ /*
+  * for unit alignment
+@@ -629,6 +630,7 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
+ {
+ 	char *sp = *cpp;  /* sp is the actual string pointer */
+ 	u_int nodesize;
++	bool_t ret, allocated = FALSE;
+ 
+ 	/*
+ 	 * first deal with the length since xdr bytes are counted
+@@ -652,6 +654,7 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
+ 		}
+ 		if (sp == NULL) {
+ 			*cpp = sp = mem_alloc(nodesize);
++			allocated = TRUE;
+ 		}
+ 		if (sp == NULL) {
+ 			warnx("xdr_bytes: out of memory");
+@@ -660,7 +663,14 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
+ 		/* FALLTHROUGH */
+ 
+ 	case XDR_ENCODE:
+-		return (xdr_opaque(xdrs, sp, nodesize));
++		ret = xdr_opaque(xdrs, sp, nodesize);
++		if ((xdrs->x_op == XDR_DECODE) && (ret == FALSE)) {
++			if (allocated == TRUE) {
++				free(sp);
++				*cpp = NULL;
++			}
++		}
++		return (ret);
+ 
+ 	case XDR_FREE:
+ 		if (sp != NULL) {
+@@ -754,6 +764,7 @@ xdr_string(xdrs, cpp, maxsize)
+ 	char *sp = *cpp;  /* sp is the actual string pointer */
+ 	u_int size;
+ 	u_int nodesize;
++	bool_t ret, allocated = FALSE;
+ 
+ 	/*
+ 	 * first deal with the length since xdr strings are counted-strings
+@@ -793,8 +804,10 @@ xdr_string(xdrs, cpp, maxsize)
+ 	switch (xdrs->x_op) {
+ 
+ 	case XDR_DECODE:
+-		if (sp == NULL)
++		if (sp == NULL) {
+ 			*cpp = sp = mem_alloc(nodesize);
++			allocated = TRUE;
++		}
+ 		if (sp == NULL) {
+ 			warnx("xdr_string: out of memory");
+ 			return (FALSE);
+@@ -803,7 +816,14 @@ xdr_string(xdrs, cpp, maxsize)
+ 		/* FALLTHROUGH */
+ 
+ 	case XDR_ENCODE:
+-		return (xdr_opaque(xdrs, sp, size));
++		ret = xdr_opaque(xdrs, sp, size);
++		if ((xdrs->x_op == XDR_DECODE) && (ret == FALSE)) {
++			if (allocated == TRUE) {
++				free(sp);
++				*cpp = NULL;
++			}
++		}
++		return (ret);
+ 
+ 	case XDR_FREE:
+ 		mem_free(sp, nodesize);
+@@ -823,7 +843,7 @@ xdr_wrapstring(xdrs, cpp)
+ 	XDR *xdrs;
+ 	char **cpp;
+ {
+-	return xdr_string(xdrs, cpp, LASTUNSIGNED);
++	return xdr_string(xdrs, cpp, RPC_MAXDATASIZE);
+ }
+ 
+ /*
diff --git a/gnu/packages/patches/lierolibre-check-unaligned-access.patch b/gnu/packages/patches/lierolibre-check-unaligned-access.patch
new file mode 100644
index 0000000000..b720c9eb3b
--- /dev/null
+++ b/gnu/packages/patches/lierolibre-check-unaligned-access.patch
@@ -0,0 +1,30 @@
+Patch copied from Debian:
+
+https://anonscm.debian.org/cgit/pkg-games/lierolibre.git/tree/debian/patches/0001-Use-unaligned-access-define-over-checking-arch.patch?id=82910748906855f6e6bfe30b3f077e8c793ae424
+
+From 396f19b6b7743d394307f70f0c0108419824437b Mon Sep 17 00:00:00 2001
+From: Martin Erik Werner <martinerikwerner@gmail.com>
+Date: Sun, 28 Jun 2015 16:31:34 +0200
+Subject: [PATCH 1/3] Use unaligned access define over checking arch
+
+This todo item seems like it done, and just needed implementing...
+---
+ io/encoding.hpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/gvl/io/encoding.hpp b/src/gvl/io/encoding.hpp
+index c491677..89bb612 100644
+--- a/src/gvl/io/encoding.hpp
++++ b/src/gvl/io/encoding.hpp
+@@ -374,7 +374,7 @@ struct octet_stream_writer
+ 		// inlining of the common case
+ 		if(std::size_t(end_ - cur_) >= len)
+ 		{
+-#if GVL_X86 || GVL_X86_64 // TODO: A define that says whether unaligned access is allowed
++#if GVL_UNALIGNED_ACCESS
+ 			if(len < 64) // TODO: Tweak this limit
+ 			{
+ 				while(len > 4)
+-- 
+2.4.6
+
diff --git a/gnu/packages/patches/lierolibre-is-free-software.patch b/gnu/packages/patches/lierolibre-is-free-software.patch
new file mode 100644
index 0000000000..626a24dd8c
--- /dev/null
+++ b/gnu/packages/patches/lierolibre-is-free-software.patch
@@ -0,0 +1,38 @@
+Remove outdated license text. See COPYING and the description
+at http://liero.be/ for more information.
+
+--- a/data/LIEROENG.TXT
++++ b/data/LIEROENG.TXT
+@@ -11,14 +11,6 @@
+ -----------------------------------------------------------------------------

+ 

+ GENERAL STUFF

+-

+-	Liero is freeware. What that means is that you don't have to pay

+-	for it and using it has not been restricted in any way. You may

+-        distribute it to anyone and anyhow WITHOUT ANY CHANGES MADE TO IT'S 

+-	CONTAINMENTS.

+-

+-	The source code of this game is not distributed freely (neither

+-        commercially). So if you thought that maybe you could... forget it. 

+ 	

+ 	Liero is a wormgame with weapons for 2 players. The object of the

+ 	game is definately what you think it is. Liero is excellent for 

+--- a/data/LIERO.TXT
++++ b/data/LIERO.TXT
+@@ -12,15 +12,6 @@
+ 

+ YLEISTŽ

+ 

+-        Liero on freeware, mik„ tarkoittaa ett„ sen k„yt”st„ ei tarvitse

+-        maksaa mit„„n eik„ k„ytt”„ ole rajoitettu mitenk„„n. Lieroa saa

+-        kopioida kelle tahansa ja miten tahansa SISŽLT™Ž MITENKŽŽN

+-        MUUTTAMATTA.

+-

+-        Todettakoon t„ss„ ett„ Lieron l„hdekoodi ei ole vapaassa (sen

+-        enenp„„ kuin kaupallisessakaan) jakelussa. Joten jos ajattelit

+-        ett„... niin j„t„ ajatukset sikseen.

+-

+         Liero on kahden pelattava aseellinen matosimulaatiopeli. Pelin

+         p„„m„„r„n„ on ep„ilem„tt„ se mit„ luuletkin. Liero sopii

+         erinomaisen hyvin aggressioiden purkuun ja kaverin rokitt„miseen

diff --git a/gnu/packages/patches/lierolibre-newer-libconfig.patch b/gnu/packages/patches/lierolibre-newer-libconfig.patch
new file mode 100644
index 0000000000..662d0f90fa
--- /dev/null
+++ b/gnu/packages/patches/lierolibre-newer-libconfig.patch
@@ -0,0 +1,190 @@
+Fix compatibility with newer libconfig.
+
+Patch copied from upstream source repository:
+
+https://gitlab.com/lierolibre/lierolibre/commit/b27e3604aa6bfbfcc50db1000b394d06c87ae2f2
+
+diff --git a/src/common.cpp b/src/common.cpp
+index 2d6ada5..4942b05 100644
+--- a/src/common.cpp
++++ b/src/common.cpp
+@@ -162,7 +162,7 @@ void Texts::loadFromCFG(std::string cfgFilePath)
+ 	const libconfig::Setting &sgmodes = texts["gameModes"];
+ 	for(int i = 0; i < 4; ++i)
+ 	{
+-		gameModes[i] = (char const*)sgmodes["gameModes" + to_string(i)];
++		gameModes[i] = (char const*)sgmodes[("gameModes" + to_string(i)).c_str()];
+ 	}
+ 
+ 	const libconfig::Setting &sgmspec = texts["gameModeSpec"];
+@@ -181,13 +181,13 @@ void Texts::loadFromCFG(std::string cfgFilePath)
+ 	const libconfig::Setting &swstates = texts["weapStates"];
+ 	for(int i = 0; i < 3; ++i)
+ 	{
+-		 weapStates[i] = (char const*)swstates["weapStates" + to_string(i)];
++		 weapStates[i] = (char const*)swstates[("weapStates" + to_string(i)).c_str()];
+ 	}
+ 
+ 	const libconfig::Setting &sknames = texts["keyNames"];
+ 	for(int i = 1; i < 177; ++i) // First key starts at 1
+ 	{
+-		keyNames[i] = (char const*)sknames["keyNames" + to_string(i)];
++		keyNames[i] = (char const*)sknames[("keyNames" + to_string(i)).c_str()];
+ 	}
+ 
+ 	selWeap = (char const*)texts["selWeap"];
+@@ -315,8 +315,8 @@ void Common::loadPaletteFromCFG(std::string cfgFilePath)
+ 	const libconfig::Setting &scanim = palette["colorAnim"];
+ 	for(int i = 0; i < 4; ++i)
+ 	{
+-		colorAnim[i].from = (int)scanim["colorAnim" + to_string(i) + "from"];
+-		colorAnim[i].to = (int)scanim["colorAnim" + to_string(i) + "to"];
++		colorAnim[i].from = (int)scanim[("colorAnim" + to_string(i) + "from").c_str()];
++		colorAnim[i].to = (int)scanim[("colorAnim" + to_string(i) + "to").c_str()];
+ 	}
+ }
+ 
+@@ -383,7 +383,7 @@ void Common::loadMaterialsFromCFG(std::string cfgFilePath)
+ 
+ 	for(int i = 0; i < 256; ++i)
+ 	{
+-		const libconfig::Setting &smflags = smaterials["flags" + to_string(i)];
++		const libconfig::Setting &smflags = smaterials[("flags" + to_string(i)).c_str()];
+ 		materials[i].flags = smflags;
+ 	}
+ }
+diff --git a/src/configCompat.cpp b/src/configCompat.cpp
+index 1aeb262..a72c40f 100644
+--- a/src/configCompat.cpp
++++ b/src/configCompat.cpp
+@@ -160,19 +160,19 @@ void Common::loadConstantsFromCFGVer0(string cfgFilePath)
+ 	const Setting &vconstants = constants["Values"];
+ 	for(int i = 0; i < MaxC; ++i)
+ 	{
+-		C[i] = (int)vconstants[valueConstantsNamesCFGVer0[i]];
++		C[i] = (int)vconstants[valueConstantsNamesCFGVer0[i].c_str()];
+ 	}
+ 
+ 	const Setting &sconstants = constants["Strings"];
+ 	for(int i = 0; i < MaxS; ++i)
+ 	{
+-		S[i]= (char const*)sconstants[stringConstantsNamesCFGVer0[i]];
++		S[i]= (char const*)sconstants[stringConstantsNamesCFGVer0[i].c_str()];
+ 	}
+ 
+ 	const Setting &hconstants = constants["Hacks"];
+ 	for(int i = 0; i < MaxH; ++i)
+ 	{
+-		H[i] = (bool)hconstants[hackConstantsNamesVer0[i]];
++		H[i] = (bool)hconstants[hackConstantsNamesVer0[i].c_str()];
+ 	}
+ }
+ 
+diff --git a/src/configHelper.cpp b/src/configHelper.cpp
+index fcd1f3f..a63bddc 100644
+--- a/src/configHelper.cpp
++++ b/src/configHelper.cpp
+@@ -54,15 +54,11 @@ template Uint8 ConfigHelper::getValue<Uint8, const Setting, int>(const Setting &
+ 
+ template Uint8 ConfigHelper::getValue<Uint8, const Setting, char const*>(const Setting &node, char const* index);
+ 
+-template Uint8 ConfigHelper::getValue<Uint8, const Setting, string>(const Setting &node, string index);
+-
+ // Non-const
+ template Uint8 ConfigHelper::getValue<Uint8, Setting, int>(Setting &node, int index);
+ 
+ template Uint8 ConfigHelper::getValue<Uint8, Setting, char const*>(Setting &node, char const* index);
+ 
+-template Uint8 ConfigHelper::getValue<Uint8, Setting, string>(Setting &node, string index);
+-
+ 
+ // Since we still need specialisation per value type (Setting::Type),
+ // no need to templateify these
+@@ -72,7 +68,7 @@ void ConfigHelper::put(Setting &node, string variable, string value)
+ 	{
+ 		node.add(variable, Setting::TypeString) = value;
+ 	} else {
+-		Setting &var = node[variable];
++		Setting &var = node[variable.c_str()];
+ 		var = value;
+ 	}
+ }
+@@ -83,7 +79,7 @@ void ConfigHelper::put(Setting &node, string variable, int value)
+ 	{
+ 		node.add(variable, Setting::TypeInt) = value;
+ 	} else {
+-		Setting &var = node[variable];
++		Setting &var = node[variable.c_str()];
+ 		var = value;
+ 	}
+ }
+@@ -94,7 +90,7 @@ void ConfigHelper::put(Setting &node, string variable, Uint8 value)
+ 	{
+ 		node.add(variable, Setting::TypeInt) = value;
+ 	} else {
+-		Setting &var = node[variable];
++		Setting &var = node[variable.c_str()];
+ 		var = value;
+ 	}
+ }
+@@ -105,7 +101,7 @@ void ConfigHelper::put(Setting &node, string variable, bool value)
+ 	{
+ 		node.add(variable, Setting::TypeBoolean) = value;
+ 	} else {
+-		Setting &var = node[variable];
++		Setting &var = node[variable.c_str()];
+ 		var = value;
+ 	}
+ }
+@@ -135,6 +131,6 @@ Setting& ConfigHelper::getSubgroup(Setting &node, string groupName)
+ 	{
+ 		node.add(groupName, Setting::TypeGroup);
+ 	}
+-	return node[groupName];
++	return node[groupName.c_str()];
+ }
+ 
+diff --git a/src/constants.cpp b/src/constants.cpp
+index 7fced6a..cf7bbfc 100644
+--- a/src/constants.cpp
++++ b/src/constants.cpp
+@@ -523,19 +523,19 @@ void Common::loadConstantsFromCFG(std::string cfgFilePath)
+ 	const libconfig::Setting &vconstants = constants["Values"];
+ 	for(int i = 0; i < MaxC; ++i)
+ 	{
+-		C[i] = (int)vconstants[valueConstantsNames[i]];
++		C[i] = (int)vconstants[valueConstantsNames[i].c_str()];
+ 	}
+ 
+ 	const libconfig::Setting &sconstants = constants["Strings"];
+ 	for(int i = 0; i < MaxS; ++i)
+ 	{
+-		S[i]= (char const*)sconstants[stringConstantsNames[i]];
++		S[i]= (char const*)sconstants[stringConstantsNames[i].c_str()];
+ 	}
+ 
+ 	const libconfig::Setting &hconstants = constants["Hacks"];
+ 	for(int i = 0; i < MaxH; ++i)
+ 	{
+-		H[i] = (bool)hconstants[hackConstantsNames[i]];
++		H[i] = (bool)hconstants[hackConstantsNames[i].c_str()];
+ 	}
+ }
+ 
+diff --git a/src/gfx/palette.cpp b/src/gfx/palette.cpp
+index 3fd08c4..3d3bf22 100644
+--- a/src/gfx/palette.cpp
++++ b/src/gfx/palette.cpp
+@@ -124,9 +124,9 @@ void Palette::readFromCFG(std::string cfgFilePath)
+ 
+ 	for(int i = 0; i < 256; ++i)
+ 	{
+-		entries[i].r = cfgHelp.getValue<Uint8>(spentries, "entries" + to_string(i) + "r");
+-		entries[i].g = cfgHelp.getValue<Uint8>(spentries, "entries" + to_string(i) + "g");
+-		entries[i].b = cfgHelp.getValue<Uint8>(spentries, "entries" + to_string(i) + "b");
++		entries[i].r = cfgHelp.getValue<Uint8>(spentries, ("entries" + to_string(i) + "r").c_str());
++		entries[i].g = cfgHelp.getValue<Uint8>(spentries, ("entries" + to_string(i) + "g").c_str());
++		entries[i].b = cfgHelp.getValue<Uint8>(spentries, ("entries" + to_string(i) + "b").c_str());
+ 	}
+ }
+ 
diff --git a/gnu/packages/patches/lierolibre-remove-arch-warning.patch b/gnu/packages/patches/lierolibre-remove-arch-warning.patch
new file mode 100644
index 0000000000..ca92b72546
--- /dev/null
+++ b/gnu/packages/patches/lierolibre-remove-arch-warning.patch
@@ -0,0 +1,30 @@
+Copied from Debian:
+
+https://anonscm.debian.org/cgit/pkg-games/lierolibre.git/tree/debian/patches/0003-Remove-unknown-arch-warning.patch?id=82910748906855f6e6bfe30b3f077e8c793ae424
+
+From a9592533eeabed075b13d11c64f63f503dc13343 Mon Sep 17 00:00:00 2001
+From: Martin Erik Werner <martinerikwerner@gmail.com>
+Date: Sun, 28 Jun 2015 19:31:30 +0200
+Subject: [PATCH 3/3] Remove unknown arch warning
+
+The warning was just excessivley spammy, remove it.
+---
+ support/platform.h | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/src/gvl/support/platform.h b/src/gvl/support/platform.h
+index 1857b7c..ff6a7d2 100644
+--- a/src/gvl/support/platform.h
++++ b/src/gvl/support/platform.h
+@@ -87,8 +87,6 @@
+ #  define GVL_X86_64 1
+ # elif defined(__i386__) || defined(_M_IX86) || defined(i386) || defined(i486) || defined(intel) || defined(x86) || defined(i86pc)
+ #  define GVL_X86 1
+-# else
+-#  warning "Unknown architecture, please add it"
+ # endif
+ #endif
+ 
+-- 
+2.4.6
+
diff --git a/gnu/packages/patches/lierolibre-try-building-other-arch.patch b/gnu/packages/patches/lierolibre-try-building-other-arch.patch
new file mode 100644
index 0000000000..a40dfe6110
--- /dev/null
+++ b/gnu/packages/patches/lierolibre-try-building-other-arch.patch
@@ -0,0 +1,56 @@
+Copied from Debian:
+
+https://anonscm.debian.org/cgit/pkg-games/lierolibre.git/tree/debian/patches/0001-Use-unaligned-access-define-over-checking-arch.patch?id=82910748906855f6e6bfe30b3f077e8c793ae424
+
+From a70691fb003cae1a33f06d682269285f9baa2dd9 Mon Sep 17 00:00:00 2001
+From: Martin Erik Werner <martinerikwerner@gmail.com>
+Date: Sun, 28 Jun 2015 19:00:23 +0200
+Subject: [PATCH 2/3] At least try building for other archs than x86*
+
+Allow attempting to build for other architectures than x86 and x86_64,
+whether or not the build will succeed or produce sane output is another
+question... It emits plenty of warnings about it now though...
+
+Configuration of the FPU controller is disabled on all but x86*, and the
+uninformed hope and prayer is that defaults will be fine without messing
+with them.
+---
+ math/ieee.cpp      | 2 ++
+ support/platform.h | 4 ++--
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/gvl/math/ieee.cpp b/src/gvl/math/ieee.cpp
+index 8b740d4..e0803d2 100644
+--- a/src/gvl/math/ieee.cpp
++++ b/src/gvl/math/ieee.cpp
+@@ -54,6 +54,8 @@ void gvl_init_ieee()
+ {
+ #if GVL_MSVCPP
+ // Nothing needs to be done, TODO: we should however check that the x87 state is right
++#elif !GVL_X86 && !GVL_X86_64
++// No idea what to do, but run with defaults and pray it doesn't mess things up
+ #elif GVL_GCC && GVL_WIN32
+     unsigned int const flags = _RC_NEAR | _PC_53 | _EM_INVALID | _EM_DENORMAL | _EM_ZERODIVIDE | _EM_OVERFLOW | _EM_UNDERFLOW | _EM_INEXACT;
+     _control87(flags, _MCW_EM | _MCW_PC | _MCW_RC);
+diff --git a/src/gvl/support/platform.h b/src/gvl/support/platform.h
+index 86dcaa6..1857b7c 100644
+--- a/src/gvl/support/platform.h
++++ b/src/gvl/support/platform.h
+@@ -88,12 +88,12 @@
+ # elif defined(__i386__) || defined(_M_IX86) || defined(i386) || defined(i486) || defined(intel) || defined(x86) || defined(i86pc)
+ #  define GVL_X86 1
+ # else
+-#  error "Unknown architecture, please add it"
++#  warning "Unknown architecture, please add it"
+ # endif
+ #endif
+ 
+ #if !GVL_LITTLE_ENDIAN && !GVL_BIG_ENDIAN
+-# if GVL_X86 || GVL_X86_64
++# if GVL_X86 || GVL_X86_64 || __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN
+ #  define GVL_LITTLE_ENDIAN 1
+ # else
+ #  define GVL_BIG_ENDIAN 1
+-- 
+2.4.6
+
diff --git a/gnu/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch b/gnu/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch
new file mode 100644
index 0000000000..faa8252c43
--- /dev/null
+++ b/gnu/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch
@@ -0,0 +1,35 @@
+This patch was downloaded from https://sft.its.cern.ch/jira/browse/ROOT-7047.
+It fixes the build of clang 3.5 with GCC 5.  File paths have been adjusted.
+
+From 00f3ed6eee41da871799ad0fd19153c7682d61fe Mon Sep 17 00:00:00 2001
+From: Alexander Klimov <alserkli@inbox.ru>
+Date: Mon, 26 Jan 2015 18:45:23 +0200
+Subject: [PATCH] [ADT/IntrusiveRefCntPtr] Give friend access to
+ IntrusiveRefCntPtr<X> so the relevant move constructor can
+ access 'Obj'.
+
+From LLVM upstream:
+Author: Argyrios Kyrtzidis <akyrtzi@gmail.com>
+Date:   Tue Sep 23 06:06:43 2014 +0000
+git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@218295 91177308-0d34-0410-b5e6-96231b3b80d8
+---
+ interpreter/llvm/src/include/llvm/ADT/IntrusiveRefCntPtr.h |    3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/include/llvm/ADT/IntrusiveRefCntPtr.h b/include/llvm/ADT/IntrusiveRefCntPtr.h
+index f9df378..c859c98 100644
+--- a/include/llvm/ADT/IntrusiveRefCntPtr.h
++++ b/include/llvm/ADT/IntrusiveRefCntPtr.h
+@@ -197,6 +197,9 @@ public:
+   private:
+     void retain() { if (Obj) IntrusiveRefCntPtrInfo<T>::retain(Obj); }
+     void release() { if (Obj) IntrusiveRefCntPtrInfo<T>::release(Obj); }
++
++    template <typename X>
++    friend class IntrusiveRefCntPtr;
+   };
+ 
+   template<class T, class U>
+-- 
+1.7.10.4
+
diff --git a/gnu/packages/patches/luminance-hdr-qt-printer.patch b/gnu/packages/patches/luminance-hdr-qt-printer.patch
new file mode 100644
index 0000000000..c65f9537cd
--- /dev/null
+++ b/gnu/packages/patches/luminance-hdr-qt-printer.patch
@@ -0,0 +1,28 @@
+Allow the 'QtPrinter' header to be found, as described
+at <https://github.com/LuminanceHDR/LuminanceHDR/issues/11>.
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index fbad8a2..8379c8a 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -29,6 +29,7 @@ find_package(Qt5Xml)
+ find_package(Qt5Sql)
+ find_package(Qt5Network)
+ find_package(Qt5LinguistTools)
++find_package(Qt5PrintSupport REQUIRED)
+ IF(WIN32)
+ 	find_package(Qt5WinExtras)
+ ENDIF()
+diff --git a/src/HelpBrowser/CMakeLists.txt b/src/HelpBrowser/CMakeLists.txt
+index 04319a8..5537dae 100644
+--- a/src/HelpBrowser/CMakeLists.txt
++++ b/src/HelpBrowser/CMakeLists.txt
+@@ -29,7 +29,7 @@ QT5_WRAP_UI(FILES_UI_H ${FILES_UI})
+ 
+ 
+ ADD_LIBRARY(helpbrowser ${FILES_H} ${FILES_CPP} ${FILES_MOC} ${FILES_UI_H} ${FILES_HXX})
+-qt5_use_modules(helpbrowser Core Concurrent Gui Widgets Xml WebKit WebKitWidgets)
++qt5_use_modules(helpbrowser Core Concurrent Gui Widgets Xml WebKit WebKitWidgets PrintSupport)
+ 
+ SET(FILES_TO_TRANSLATE ${FILES_TO_TRANSLATE} ${FILES_CPP} ${FILES_H} ${FILES_UI} ${FILES_HXX} PARENT_SCOPE)
+ SET(LUMINANCE_MODULES_GUI ${LUMINANCE_MODULES_GUI} helpbrowser PARENT_SCOPE)
diff --git a/gnu/packages/patches/lvm2-static-link.patch b/gnu/packages/patches/lvm2-static-link.patch
index b4b1dd92e1..6adf6891bb 100644
--- a/gnu/packages/patches/lvm2-static-link.patch
+++ b/gnu/packages/patches/lvm2-static-link.patch
@@ -1,5 +1,5 @@
 Fix static linking of 'lvm.static', which indirectly depend on libpthread
-via libdevmapper.a.
+and libm via libdevmapper.a.
 
 --- LVM2.2.02.166/tools/Makefile.in	2016-11-22 21:31:15.521045149 +0100
 +++ LVM2.2.02.166/tools/Makefile.in	2016-11-22 21:31:24.085082767 +0100
@@ -8,7 +8,7 @@ via libdevmapper.a.
  lvm.static: $(OBJECTS) lvm-static.o $(top_builddir)/lib/liblvm-internal.a  $(interfacebuilddir)/libdevmapper.a
  	$(CC) $(CFLAGS) $(LDFLAGS) -static -L$(interfacebuilddir) -o $@ \
 -	      $(OBJECTS) lvm-static.o $(LVMLIBS) $(STATIC_LIBS) $(LIBS)
-+	      $(OBJECTS) lvm-static.o $(LVMLIBS) $(STATIC_LIBS) $(LIBS) $(PTHREAD_LIBS)
++	      $(OBJECTS) lvm-static.o $(LVMLIBS) $(STATIC_LIBS) $(LIBS) $(PTHREAD_LIBS) $(M_LIBS)
  
  liblvm2cmd.a: $(top_builddir)/lib/liblvm-internal.a $(OBJECTS) lvmcmdlib.o lvm2cmd.o
  	cat $(top_builddir)/lib/liblvm-internal.a > $@
diff --git a/gnu/packages/patches/lxterminal-CVE-2016-10369.patch b/gnu/packages/patches/lxterminal-CVE-2016-10369.patch
new file mode 100644
index 0000000000..809eef08da
--- /dev/null
+++ b/gnu/packages/patches/lxterminal-CVE-2016-10369.patch
@@ -0,0 +1,37 @@
+Fix CVE-2016-10369:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10369
+
+Patch copied from upstream source repository:
+
+https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648
+
+From f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 Mon Sep 17 00:00:00 2001
+From: Yao Wei <mwei@lxde.org>
+Date: Mon, 8 May 2017 00:47:55 +0800
+Subject: [PATCH] fix: use g_get_user_runtime_dir for socket directory
+
+This bug is pointed out by stackexchange user that putting socket file in
+/tmp is a potential risk. Putting the socket dir in user directory could
+mitigate the risk.
+---
+ src/unixsocket.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/unixsocket.c b/src/unixsocket.c
+index 4c660ac..f88284c 100644
+--- a/src/unixsocket.c
++++ b/src/unixsocket.c
+@@ -140,7 +140,8 @@ gboolean lxterminal_socket_initialize(LXTermWindow * lxtermwin, gint argc, gchar
+      * This function returns TRUE if this process should keep running and FALSE if it should exit. */
+ 
+     /* Formulate the path for the Unix domain socket. */
+-    gchar * socket_path = g_strdup_printf("/tmp/.lxterminal-socket%s-%s", gdk_display_get_name(gdk_display_get_default()), g_get_user_name());
++    gchar * socket_path = g_strdup_printf("%s/.lxterminal-socket-%s", g_get_user_runtime_dir(), gdk_display_get_name(gdk_display_get_default()));
++    printf("%s\n", socket_path);
+ 
+     /* Create socket. */
+     int fd = socket(PF_UNIX, SOCK_STREAM, 0);
+-- 
+2.1.4
+
diff --git a/gnu/packages/patches/lz4-fix-test-failures.patch b/gnu/packages/patches/lz4-fix-test-failures.patch
new file mode 100644
index 0000000000..d38357d402
--- /dev/null
+++ b/gnu/packages/patches/lz4-fix-test-failures.patch
@@ -0,0 +1,136 @@
+These two patches fix some bugs in lz4's test suite:
+
+https://github.com/lz4/lz4/issues/308
+
+Patches copied from upstream source repository:
+
+https://github.com/lz4/lz4/commit/b89cac7b2e92b792af98bb0a12e4d14684d07629
+https://github.com/lz4/lz4/commit/0dfb0b9dad2a8cb7cc347d2139bf9b84de7e1481
+
+From b89cac7b2e92b792af98bb0a12e4d14684d07629 Mon Sep 17 00:00:00 2001
+From: Eric Siegerman <pub08-git@davor.org>
+Date: Tue, 14 Feb 2017 14:17:06 -0500
+Subject: [PATCH] Don't use "foo && false || true"
+
+Replace it with either:
+    test ! -f $FILE_THAT_SHOULD_NOT_EXIST
+or:
+    ! $COMMAND_THAT_SHOULD_FAIL
+
+as appropriate.
+---
+ tests/Makefile | 38 +++++++++++++++++++-------------------
+ 1 file changed, 19 insertions(+), 19 deletions(-)
+
+diff --git a/tests/Makefile b/tests/Makefile
+index 77e6ae7..ebab278 100644
+--- a/tests/Makefile
++++ b/tests/Makefile
+@@ -236,17 +236,17 @@ test-lz4-basic: lz4 datagen unlz4 lz4cat
+ 	./datagen -g256MB | $(LZ4) -vqB4D | $(LZ4) -t
+ 	@echo "hello world" > tmp
+ 	$(LZ4) --rm -f tmp
+-	ls -ls tmp         && false || true   # must fail (--rm)
+-	ls -ls tmp.lz4
+-	$(PRGDIR)/lz4cat tmp.lz4              # must display hello world
+-	ls -ls tmp.lz4
++	test ! -f tmp                      # must fail (--rm)
++	test   -f tmp.lz4
++	$(PRGDIR)/lz4cat tmp.lz4           # must display hello world
++	test   -f tmp.lz4
+ 	$(PRGDIR)/unlz4 --rm tmp.lz4
+-	ls -ls tmp
+-	ls -ls tmp.lz4     && false || true   # must fail (--rm)
+-	ls -ls tmp.lz4.lz4 && false || true   # must fail (unlz4)
+-	$(PRGDIR)/lz4cat tmp                  # pass-through mode
+-	ls -ls tmp
+-	ls -ls tmp.lz4     && false || true   # must fail (lz4cat)
++	test   -f tmp
++	test ! -f tmp.lz4                  # must fail (--rm)
++	test ! -f tmp.lz4.lz4              # must fail (unlz4)
++	$(PRGDIR)/lz4cat tmp               # pass-through mode
++	test   -f tmp
++	test ! -f tmp.lz4                  # must fail (lz4cat)
+ 	$(LZ4) tmp                         # creates tmp.lz4
+ 	$(PRGDIR)/lz4cat < tmp.lz4 > tmp3  # checks lz4cat works with stdin (#285)
+ 	$(DIFF) -q tmp tmp3
+@@ -262,22 +262,22 @@ test-lz4-hugefile: lz4 datagen
+ 
+ test-lz4-testmode: lz4 datagen
+ 	@echo "\n ---- bench mode ----"
+-	$(LZ4) -bi1
++	  $(LZ4) -bi1
+ 	@echo "\n ---- test mode ----"
+-	./datagen | $(LZ4) -t             && false || true
+-	./datagen | $(LZ4) -tf            && false || true
++	! ./datagen | $(LZ4) -t
++	! ./datagen | $(LZ4) -tf
+ 	@echo "\n ---- pass-through mode ----"
+-	./datagen | $(LZ4) -d  > $(VOID)  && false || true
+-	./datagen | $(LZ4) -df > $(VOID)
++	! ./datagen | $(LZ4) -d  > $(VOID)
++	  ./datagen | $(LZ4) -df > $(VOID)
+ 	@echo "Hello World !" > tmp1
+ 	$(LZ4) -dcf tmp1
+ 	@echo "from underground..." > tmp2
+ 	$(LZ4) -dcfm tmp1 tmp2
+ 	@echo "\n ---- test cli ----"
+-	$(LZ4)     file-does-not-exist    && false || true
+-	$(LZ4) -f  file-does-not-exist    && false || true
+-	$(LZ4) -fm file1-dne file2-dne    && false || true
+-	$(LZ4) -fm file1-dne file2-dne    && false || true
++	! $(LZ4)     file-does-not-exist
++	! $(LZ4) -f  file-does-not-exist
++	! $(LZ4) -fm file1-dne file2-dne
++	! $(LZ4) -fm file1-dne file2-dne
+ 
+ test-lz4-opt-parser: lz4 datagen
+ 	@echo "\n ---- test opt-parser ----"
+-- 
+2.12.2
+
+From 0dfb0b9dad2a8cb7cc347d2139bf9b84de7e1481 Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@altlinux.org>
+Date: Sun, 5 Mar 2017 23:20:10 +0000
+Subject: [PATCH] Fix test-lz4-basic
+
+When no output filename is specified and stdout is not a terminal,
+lz4 doesn't attempt to guess an output filename and uses stdout for
+output.
+
+This change fixes test-lz4-basic when run without a terminal
+by specifying output filenames.
+---
+ tests/Makefile | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/tests/Makefile b/tests/Makefile
+index ebab278..d68c700 100644
+--- a/tests/Makefile
++++ b/tests/Makefile
+@@ -235,19 +235,19 @@ test-lz4-basic: lz4 datagen unlz4 lz4cat
+ 	./datagen -g33M   | $(LZ4) --no-frame-crc | $(LZ4) -t
+ 	./datagen -g256MB | $(LZ4) -vqB4D | $(LZ4) -t
+ 	@echo "hello world" > tmp
+-	$(LZ4) --rm -f tmp
++	$(LZ4) --rm -f tmp tmp.lz4
+ 	test ! -f tmp                      # must fail (--rm)
+ 	test   -f tmp.lz4
+ 	$(PRGDIR)/lz4cat tmp.lz4           # must display hello world
+ 	test   -f tmp.lz4
+-	$(PRGDIR)/unlz4 --rm tmp.lz4
++	$(PRGDIR)/unlz4 --rm tmp.lz4 tmp
+ 	test   -f tmp
+ 	test ! -f tmp.lz4                  # must fail (--rm)
+ 	test ! -f tmp.lz4.lz4              # must fail (unlz4)
+ 	$(PRGDIR)/lz4cat tmp               # pass-through mode
+ 	test   -f tmp
+ 	test ! -f tmp.lz4                  # must fail (lz4cat)
+-	$(LZ4) tmp                         # creates tmp.lz4
++	$(LZ4) tmp tmp.lz4                 # creates tmp.lz4
+ 	$(PRGDIR)/lz4cat < tmp.lz4 > tmp3  # checks lz4cat works with stdin (#285)
+ 	$(DIFF) -q tmp tmp3
+ 	$(PRGDIR)/lz4cat < tmp > tmp2      # checks lz4cat works with stdin (#285)
+-- 
+2.12.2
+
diff --git a/gnu/packages/patches/mesa-fix-32bit-test-failures.patch b/gnu/packages/patches/mesa-fix-32bit-test-failures.patch
new file mode 100644
index 0000000000..e21e87cef6
--- /dev/null
+++ b/gnu/packages/patches/mesa-fix-32bit-test-failures.patch
@@ -0,0 +1,58 @@
+Fix a test failure when building for 32 bit architectures:
+
+http://lists.gnu.org/archive/html/guix-devel/2017-04/msg00381.html
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/mesa/mesa/commit/?id=61bbb25a080e48a8ca897ba7f6e73cc6a8e9b5b8
+
+From 61bbb25a080e48a8ca897ba7f6e73cc6a8e9b5b8 Mon Sep 17 00:00:00 2001
+From: Grazvydas Ignotas <notasas@gmail.com>
+Date: Thu, 9 Mar 2017 02:54:53 +0200
+Subject: [PATCH] util/disk_cache: fix size subtraction on 32bit
+
+Negating size_t on 32bit produces a 32bit result. This was effectively
+adding values close to UINT_MAX to the cache size (the files are usually
+small) instead of intended subtraction.
+Fixes 'make check' disk_cache failures on 32bit.
+
+Signed-off-by: Grazvydas Ignotas <notasas@gmail.com>
+Reviewed-by: Timothy Arceri <tarceri@itsqueeze.com>
+---
+ src/util/disk_cache.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/util/disk_cache.c b/src/util/disk_cache.c
+index 5470688df3..facdcecf7c 100644
+--- a/src/util/disk_cache.c
++++ b/src/util/disk_cache.c
+@@ -603,7 +603,7 @@ evict_random_item(struct disk_cache *cache)
+    free(dir_path);
+ 
+    if (size) {
+-      p_atomic_add(cache->size, - size);
++      p_atomic_add(cache->size, - (uint64_t)size);
+       return;
+    }
+ 
+@@ -624,7 +624,7 @@ evict_random_item(struct disk_cache *cache)
+    free(dir_path);
+ 
+    if (size)
+-      p_atomic_add(cache->size, - size);
++      p_atomic_add(cache->size, - (uint64_t)size);
+ }
+ 
+ void
+#@@ -646,7 +646,7 @@ disk_cache_remove(struct disk_cache *cache, const cache_key key)
+#    free(filename);
+# 
+#    if (sb.st_size)
+#-      p_atomic_add(cache->size, - sb.st_size);
+#+      p_atomic_add(cache->size, - (uint64_t)sb.st_size);
+# }
+# 
+# /* From the zlib docs:
+-- 
+2.12.2
+
diff --git a/gnu/packages/patches/mesa-skip-disk-cache-test.patch b/gnu/packages/patches/mesa-skip-disk-cache-test.patch
new file mode 100644
index 0000000000..4377110475
--- /dev/null
+++ b/gnu/packages/patches/mesa-skip-disk-cache-test.patch
@@ -0,0 +1,20 @@
+disk_cache_create() here looks up the users home directory from <pwd.h>
+which resolves to "/" in the build environment. I could not find an easy
+way to set the home directory to something else, so we disable this test
+for now.
+
+--- a/src/compiler/glsl/tests/cache_test.c
++++ b/src/compiler/glsl/tests/cache_test.c
+@@ -137,11 +137,6 @@
+    unsetenv("MESA_GLSL_CACHE_DIR");
+    unsetenv("XDG_CACHE_HOME");
+
+-   cache = disk_cache_create();
+-   expect_non_null(cache, "disk_cache_create with no environment variables");
+-
+-   disk_cache_destroy(cache);
+-
+    /* Test with XDG_CACHE_HOME set */
+    setenv("XDG_CACHE_HOME", CACHE_TEST_TMP "/xdg-cache-home", 1);
+    cache = disk_cache_create();
+
diff --git a/gnu/packages/patches/miniupnpc-CVE-2017-8798.patch b/gnu/packages/patches/miniupnpc-CVE-2017-8798.patch
new file mode 100644
index 0000000000..24eed60af9
--- /dev/null
+++ b/gnu/packages/patches/miniupnpc-CVE-2017-8798.patch
@@ -0,0 +1,55 @@
+Fix CVE-2017-8798.
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8798
+http://seclists.org/oss-sec/2017/q2/247
+
+Patch copied from upstream source repository, with Changelog entry removed:
+
+https://github.com/miniupnp/miniupnp/commit/f0f1f4b22d6a98536377a1bb07e7c20e4703d229
+
+diff --git a/miniwget.c b/miniwget.c
+index 37cb47b..1eda57c 100644
+--- a/miniwget.c
++++ b/miniwget.c
+@@ -284,11 +284,12 @@ getHTTPResponse(int s, int * size, int * status_code)
+ 							goto end_of_stream;
+ 						}
+ 					}
+-					bytestocopy = ((int)chunksize < (n - i))?chunksize:(unsigned int)(n - i);
++					/* it is guaranteed that (n >= i) */
++					bytestocopy = (chunksize < (unsigned int)(n - i))?chunksize:(unsigned int)(n - i);
+ 					if((content_buf_used + bytestocopy) > content_buf_len)
+ 					{
+ 						char * tmp;
+-						if(content_length >= (int)(content_buf_used + bytestocopy)) {
++						if((content_length >= 0) && ((unsigned int)content_length >= (content_buf_used + bytestocopy))) {
+ 							content_buf_len = content_length;
+ 						} else {
+ 							content_buf_len = content_buf_used + bytestocopy;
+@@ -313,14 +314,15 @@ getHTTPResponse(int s, int * size, int * status_code)
+ 			{
+ 				/* not chunked */
+ 				if(content_length > 0
+-				   && (int)(content_buf_used + n) > content_length) {
++				   && (content_buf_used + n) > (unsigned int)content_length) {
+ 					/* skipping additional bytes */
+ 					n = content_length - content_buf_used;
+ 				}
+ 				if(content_buf_used + n > content_buf_len)
+ 				{
+ 					char * tmp;
+-					if(content_length >= (int)(content_buf_used + n)) {
++					if(content_length >= 0
++					   && (unsigned int)content_length >= (content_buf_used + n)) {
+ 						content_buf_len = content_length;
+ 					} else {
+ 						content_buf_len = content_buf_used + n;
+@@ -340,7 +342,7 @@ getHTTPResponse(int s, int * size, int * status_code)
+ 			}
+ 		}
+ 		/* use the Content-Length header value if available */
+-		if(content_length > 0 && (int)content_buf_used >= content_length)
++		if(content_length > 0 && content_buf_used >= (unsigned int)content_length)
+ 		{
+ #ifdef DEBUG
+ 			printf("End of HTTP content\n");
diff --git a/gnu/packages/patches/mozjs38-pkg-config-version.patch b/gnu/packages/patches/mozjs38-pkg-config-version.patch
new file mode 100644
index 0000000000..49ff6f6f8d
--- /dev/null
+++ b/gnu/packages/patches/mozjs38-pkg-config-version.patch
@@ -0,0 +1,24 @@
+Taken from https://bug1339931.bmoattachments.org/attachment.cgi?id=8837770.
+
+Add major version to pkg-config filename.
+Author: Rico Tzschichholz <ricotz@ubuntu.com>
+Forwarded: no
+Last-Update: 2015-05-04
+
+Index: b/js/src/Makefile.in
+===================================================================
+--- a/js/src/Makefile.in
++++ b/js/src/Makefile.in
+@@ -214,10 +214,10 @@
+ $(JS_CONFIG_NAME): js-config
+    cp $^ $@
+ 
+-$(LIBRARY_NAME).pc: js.pc
++$(JS_LIBRARY_NAME).pc: js.pc
+ 	cp $^ $@
+ 
+-install:: $(LIBRARY_NAME).pc
++install:: $(JS_LIBRARY_NAME).pc
+ 	$(SYSINSTALL) $^ $(DESTDIR)$(libdir)/pkgconfig
+ 
+ install:: js-config.h
diff --git a/gnu/packages/patches/mozjs38-shell-version.patch b/gnu/packages/patches/mozjs38-shell-version.patch
new file mode 100644
index 0000000000..e7d3d19c85
--- /dev/null
+++ b/gnu/packages/patches/mozjs38-shell-version.patch
@@ -0,0 +1,67 @@
+Taken from https://bug1339931.bmoattachments.org/attachment.cgi?id=8837771.
+
+# HG changeset patch
+# Parent 4732a0e5d22bc7e5c1f1ace7a182d537d9cc2c6a
+Add major version to shell and js-config filenames.
+Author: Rico Tzschichholz <ricotz@ubuntu.com>
+Forwarded: no
+Last-Update: 2014-10-29
+
+---
+diff --git a/js/src/configure b/js/src/configure
+--- a/js/src/configure
++++ b/js/src/configure
+@@ -1696,8 +1696,13 @@
+ MOZJS_PATCH_VERSION=`echo $MOZILLA_VERSION | sed "s|^[0-9]*\.[0-9]*[^0-9]*||"`
+ IS_ALPHA=`echo $MOZILLA_VERSION | grep '[ab]'`
+ 
++if test -n "$JS_STANDALONE"; then
++JS_SHELL_NAME=js$MOZJS_MAJOR_VERSION
++JS_CONFIG_NAME=js$MOZJS_MAJOR_VERSION-config
++else
+ JS_SHELL_NAME=js
+ JS_CONFIG_NAME=js-config
++fi
+ 
+ 
+ if test -n "$IS_ALPHA"; then
+
+diff --git a/js/src/configure.in b/js/src/configure.in
+--- a/js/src/configure.in
++++ b/js/src/configure.in
+@@ -234,16 +234,13 @@ MOZJS_MINOR_VERSION=`echo $MOZILLA_VERSI
+ MOZJS_PATCH_VERSION=`echo $MOZILLA_VERSION | sed "s|^[0-9]*\.[0-9]*[^0-9]*||"`
+ IS_ALPHA=`echo $MOZILLA_VERSION | grep '[ab]'`
+ 
+-dnl XXX in a temporary bid to avoid developer anger at renaming files
+-dnl XXX before "js" symlinks exist, don't change names.
+-dnl
+-dnl if test -n "$JS_STANDALONE"; then
+-dnl JS_SHELL_NAME=js$MOZJS_MAJOR_VERSION
+-dnl JS_CONFIG_NAME=js$MOZJS_MAJOR_VERSION-config
+-dnl else
++if test -n "$JS_STANDALONE"; then
++JS_SHELL_NAME=js$MOZJS_MAJOR_VERSION
++JS_CONFIG_NAME=js$MOZJS_MAJOR_VERSION-config
++else
+ JS_SHELL_NAME=js
+ JS_CONFIG_NAME=js-config
+-dnl fi
++fi
+ 
+ changequote([,])
+ if test -n "$IS_ALPHA"; then
+
+diff -r 80a9e64d75f5 js/src/Makefile.in
+--- a/js/src/Makefile.in        Wed Jun 25 15:11:42 2014 +0200
++++ b/js/src/Makefile.in        Sat Jul 05 14:08:38 2014 +0200
+@@ -273,6 +273,9 @@
+ SCRIPTS = $(JS_CONFIG_NAME)
+ SDK_BINARY = $(JS_CONFIG_NAME)
+ 
++$(JS_CONFIG_NAME): js-config
++	cp $^ $@
++
+ $(JS_LIBRARY_NAME).pc: js.pc
+ 	cp $^ $@
+ 
diff --git a/gnu/packages/patches/mozjs38-tracelogger.patch b/gnu/packages/patches/mozjs38-tracelogger.patch
new file mode 100644
index 0000000000..0375ec36cc
--- /dev/null
+++ b/gnu/packages/patches/mozjs38-tracelogger.patch
@@ -0,0 +1,608 @@
+Squashed version of several commits to fix the tracelogger.
+
+Taken from
+https://github.com/GNOME/jhbuild/blob/master/patches/mozjs38-fix-tracelogger.patch.
+
+# === Fix the SM38 tracelogger ===
+# This patch is a squashed version of several patches that were adapted
+# to fix failing hunks.
+#
+# Applied in the following order, they are:
+# * https://bugzilla.mozilla.org/show_bug.cgi?id=1223767
+#    Assertion failure: i < size_, at js/src/vm/TraceLoggingTypes.h:210 
+#    Also fix stop-information to make reduce.py work correctly.
+# * https://bugzilla.mozilla.org/show_bug.cgi?id=1227914
+#    Limit the memory tracelogger can take.
+#    This causes tracelogger to flush data to the disk regularly and prevents out of 
+#    memory issues if a lot of data gets logged.
+# * https://bugzilla.mozilla.org/show_bug.cgi?id=1155618
+#    Fix tracelogger destructor that touches possibly uninitialised hash table.
+# * https://bugzilla.mozilla.org/show_bug.cgi?id=1223636
+#    Don't treat extraTextId as containing only extra ids.
+#    This fixes an assertion failure: id == nextTextId at js/src/vm/TraceLoggingGraph.cpp
+# * https://bugzilla.mozilla.org/show_bug.cgi?id=1227028
+#    Fix when to keep the payload of a TraceLogger event.
+#    This fixes an assertion failure: textId < uint32_t(1 << 31) at js/src/vm/TraceLoggingGraph.h
+# * https://bugzilla.mozilla.org/show_bug.cgi?id=1266649
+#    Handle failing to add to pointermap gracefully.
+# * https://bugzilla.mozilla.org/show_bug.cgi?id=1280648
+#    Don't cache based on pointers to movable GC things.
+# * https://bugzilla.mozilla.org/show_bug.cgi?id=1224123
+#    Fix the use of LastEntryId in tracelogger.h.
+# * https://bugzilla.mozilla.org/show_bug.cgi?id=1231170
+#    Use size in debugger instead of the current id to track last logged item.
+# * https://bugzilla.mozilla.org/show_bug.cgi?id=1221844
+#    Move TraceLogger_Invalidation to LOG_ITEM.
+#    Add some debug checks to logTimestamp.
+# * https://bugzilla.mozilla.org/show_bug.cgi?id=1255766
+#    Also mark resizing of memory.
+# * https://bugzilla.mozilla.org/show_bug.cgi?id=1259403
+#    Only increase capacity by multiples of 2.
+#    Always make sure there are 3 free slots for events.
+# ===
+
+diff --git a/js/src/jit-test/tests/tracelogger/bug1231170.js b/js/src/jit-test/tests/tracelogger/bug1231170.js
+new file mode 100644
+index 0000000..023e93e
+--- /dev/null
++++ b/js/src/jit-test/tests/tracelogger/bug1231170.js
+@@ -0,0 +1,3 @@
++var du = new Debugger();
++if (typeof du.drainTraceLogger === "function")
++    du.drainTraceLogger();
+diff --git a/js/src/jit-test/tests/tracelogger/bug1266649.js b/js/src/jit-test/tests/tracelogger/bug1266649.js
+new file mode 100644
+index 0000000..81ae7ad
+--- /dev/null
++++ b/js/src/jit-test/tests/tracelogger/bug1266649.js
+@@ -0,0 +1,10 @@
++
++var du = new Debugger();
++if (typeof du.setupTraceLogger === "function" &&
++    typeof oomTest === 'function')
++{
++    du.setupTraceLogger({
++        Scripts: true
++    })
++    oomTest(() => function(){});
++}
+diff --git a/js/src/jit/Ion.cpp b/js/src/jit/Ion.cpp
+index 93e2fda..09049d6 100644
+--- a/js/src/jit/Ion.cpp
++++ b/js/src/jit/Ion.cpp
+@@ -1055,6 +1055,8 @@ IonScript::Destroy(FreeOp* fop, IonScript* script)
+ 
+     script->destroyCaches();
+     script->unlinkFromRuntime(fop);
++    // Frees the potential event we have set.
++    script->traceLoggerScriptEvent_ = TraceLoggerEvent();
+     fop->free_(script);
+ }
+ 
+diff --git a/js/src/vm/Debugger.cpp b/js/src/vm/Debugger.cpp
+index 26262fd..af7f313 100644
+--- a/js/src/vm/Debugger.cpp
++++ b/js/src/vm/Debugger.cpp
+@@ -369,10 +369,10 @@ Debugger::Debugger(JSContext* cx, NativeObject* dbg)
+     objects(cx),
+     environments(cx),
+ #ifdef NIGHTLY_BUILD
+-    traceLoggerLastDrainedId(0),
++    traceLoggerLastDrainedSize(0),
+     traceLoggerLastDrainedIteration(0),
+ #endif
+-    traceLoggerScriptedCallsLastDrainedId(0),
++    traceLoggerScriptedCallsLastDrainedSize(0),
+     traceLoggerScriptedCallsLastDrainedIteration(0)
+ {
+     assertSameCompartment(cx, dbg);
+@@ -3907,9 +3907,9 @@ Debugger::drainTraceLogger(JSContext* cx, unsigned argc, Value* vp)
+     size_t num;
+     TraceLoggerThread* logger = TraceLoggerForMainThread(cx->runtime());
+     bool lostEvents = logger->lostEvents(dbg->traceLoggerLastDrainedIteration,
+-                                         dbg->traceLoggerLastDrainedId);
++                                         dbg->traceLoggerLastDrainedSize);
+     EventEntry* events = logger->getEventsStartingAt(&dbg->traceLoggerLastDrainedIteration,
+-                                                     &dbg->traceLoggerLastDrainedId,
++                                                     &dbg->traceLoggerLastDrainedSize,
+                                                      &num);
+ 
+     RootedObject array(cx, NewDenseEmptyArray(cx));
+@@ -4002,10 +4002,10 @@ Debugger::drainTraceLoggerScriptCalls(JSContext* cx, unsigned argc, Value* vp)
+     size_t num;
+     TraceLoggerThread* logger = TraceLoggerForMainThread(cx->runtime());
+     bool lostEvents = logger->lostEvents(dbg->traceLoggerScriptedCallsLastDrainedIteration,
+-                                         dbg->traceLoggerScriptedCallsLastDrainedId);
++                                         dbg->traceLoggerScriptedCallsLastDrainedSize);
+     EventEntry* events = logger->getEventsStartingAt(
+                                          &dbg->traceLoggerScriptedCallsLastDrainedIteration,
+-                                         &dbg->traceLoggerScriptedCallsLastDrainedId,
++                                         &dbg->traceLoggerScriptedCallsLastDrainedSize,
+                                          &num);
+ 
+     RootedObject array(cx, NewDenseEmptyArray(cx));
+diff --git a/js/src/vm/Debugger.h b/js/src/vm/Debugger.h
+index 8cac36a..c92d685 100644
+--- a/js/src/vm/Debugger.h
++++ b/js/src/vm/Debugger.h
+@@ -314,10 +314,10 @@ class Debugger : private mozilla::LinkedListElement<Debugger>
+      * lost events.
+      */
+ #ifdef NIGHTLY_BUILD
+-    uint32_t traceLoggerLastDrainedId;
++    uint32_t traceLoggerLastDrainedSize;
+     uint32_t traceLoggerLastDrainedIteration;
+ #endif
+-    uint32_t traceLoggerScriptedCallsLastDrainedId;
++    uint32_t traceLoggerScriptedCallsLastDrainedSize;
+     uint32_t traceLoggerScriptedCallsLastDrainedIteration;
+ 
+     class FrameRange;
+diff --git a/js/src/vm/TraceLogging.cpp b/js/src/vm/TraceLogging.cpp
+index 6715b36..9766a6f 100644
+--- a/js/src/vm/TraceLogging.cpp
++++ b/js/src/vm/TraceLogging.cpp
+@@ -131,7 +131,7 @@ TraceLoggerThread::init()
+ {
+     if (!pointerMap.init())
+         return false;
+-    if (!extraTextId.init())
++    if (!textIdPayloads.init())
+         return false;
+     if (!events.init())
+         return false;
+@@ -185,10 +185,10 @@ TraceLoggerThread::~TraceLoggerThread()
+         graph = nullptr;
+     }
+ 
+-    for (TextIdHashMap::Range r = extraTextId.all(); !r.empty(); r.popFront())
+-        js_delete(r.front().value());
+-    extraTextId.finish();
+-    pointerMap.finish();
++    if (textIdPayloads.initialized()) {
++        for (TextIdHashMap::Range r = textIdPayloads.all(); !r.empty(); r.popFront())
++            js_delete(r.front().value());
++    }
+ }
+ 
+ bool
+@@ -287,7 +287,7 @@ TraceLoggerThread::eventText(uint32_t id)
+     if (id < TraceLogger_Last)
+         return TLTextIdString(static_cast<TraceLoggerTextId>(id));
+ 
+-    TextIdHashMap::Ptr p = extraTextId.lookup(id);
++    TextIdHashMap::Ptr p = textIdPayloads.lookup(id);
+     MOZ_ASSERT(p);
+ 
+     return p->value()->string();
+@@ -341,13 +341,15 @@ TraceLoggerThread::extractScriptDetails(uint32_t textId, const char** filename,
+ TraceLoggerEventPayload*
+ TraceLoggerThread::getOrCreateEventPayload(TraceLoggerTextId textId)
+ {
+-    TextIdHashMap::AddPtr p = extraTextId.lookupForAdd(textId);
+-    if (p)
++    TextIdHashMap::AddPtr p = textIdPayloads.lookupForAdd(textId);
++    if (p) {
++        MOZ_ASSERT(p->value()->textId() == textId); // Sanity check.
+         return p->value();
++    }
+ 
+     TraceLoggerEventPayload* payload = js_new<TraceLoggerEventPayload>(textId, (char*)nullptr);
+ 
+-    if (!extraTextId.add(p, textId, payload))
++    if (!textIdPayloads.add(p, textId, payload))
+         return nullptr;
+ 
+     return payload;
+@@ -357,8 +359,10 @@ TraceLoggerEventPayload*
+ TraceLoggerThread::getOrCreateEventPayload(const char* text)
+ {
+     PointerHashMap::AddPtr p = pointerMap.lookupForAdd((const void*)text);
+-    if (p)
++    if (p) {
++        MOZ_ASSERT(p->value()->textId() < nextTextId); // Sanity check.
+         return p->value();
++    }
+ 
+     size_t len = strlen(text);
+     char* str = js_pod_malloc<char>(len + 1);
+@@ -369,7 +373,7 @@ TraceLoggerThread::getOrCreateEventPayload(const char* text)
+     MOZ_ASSERT(ret == len);
+     MOZ_ASSERT(strlen(str) == len);
+ 
+-    uint32_t textId = extraTextId.count() + TraceLogger_Last;
++    uint32_t textId = nextTextId;
+ 
+     TraceLoggerEventPayload* payload = js_new<TraceLoggerEventPayload>(textId, str);
+     if (!payload) {
+@@ -377,17 +381,19 @@ TraceLoggerThread::getOrCreateEventPayload(const char* text)
+         return nullptr;
+     }
+ 
+-    if (!extraTextId.putNew(textId, payload)) {
++    if (!textIdPayloads.putNew(textId, payload)) {
+         js_delete(payload);
+         return nullptr;
+     }
+ 
+-    if (!pointerMap.add(p, text, payload))
+-        return nullptr;
+-
+     if (graph.get())
+         graph->addTextId(textId, str);
+ 
++    nextTextId++;
++
++    if (!pointerMap.add(p, text, payload))
++        return nullptr;
++
+     return payload;
+ }
+ 
+@@ -407,9 +413,14 @@ TraceLoggerThread::getOrCreateEventPayload(TraceLoggerTextId type, const char* f
+     if (!traceLoggerState->isTextIdEnabled(type))
+         return getOrCreateEventPayload(type);
+ 
+-    PointerHashMap::AddPtr p = pointerMap.lookupForAdd(ptr);
+-    if (p)
+-        return p->value();
++    PointerHashMap::AddPtr p;
++    if (ptr) {
++        p = pointerMap.lookupForAdd(ptr);
++        if (p) {
++            MOZ_ASSERT(p->value()->textId() < nextTextId); // Sanity check.
++            return p->value();
++        }
++    }
+ 
+     // Compute the length of the string to create.
+     size_t lenFilename = strlen(filename);
+@@ -428,24 +439,28 @@ TraceLoggerThread::getOrCreateEventPayload(TraceLoggerTextId type, const char* f
+     MOZ_ASSERT(ret == len);
+     MOZ_ASSERT(strlen(str) == len);
+ 
+-    uint32_t textId = extraTextId.count() + TraceLogger_Last;
++    uint32_t textId = nextTextId;
+     TraceLoggerEventPayload* payload = js_new<TraceLoggerEventPayload>(textId, str);
+     if (!payload) {
+         js_free(str);
+         return nullptr;
+     }
+ 
+-    if (!extraTextId.putNew(textId, payload)) {
++    if (!textIdPayloads.putNew(textId, payload)) {
+         js_delete(payload);
+         return nullptr;
+     }
+ 
+-    if (!pointerMap.add(p, ptr, payload))
+-        return nullptr;
+-
+     if (graph.get())
+         graph->addTextId(textId, str);
+ 
++    nextTextId++;
++
++    if (ptr) {
++        if (!pointerMap.add(p, ptr, payload))
++            return nullptr;
++    }
++
+     return payload;
+ }
+ 
+@@ -453,14 +468,14 @@ TraceLoggerEventPayload*
+ TraceLoggerThread::getOrCreateEventPayload(TraceLoggerTextId type, JSScript* script)
+ {
+     return getOrCreateEventPayload(type, script->filename(), script->lineno(), script->column(),
+-                                   script);
++                                   nullptr);
+ }
+ 
+ TraceLoggerEventPayload*
+ TraceLoggerThread::getOrCreateEventPayload(TraceLoggerTextId type,
+                                            const JS::ReadOnlyCompileOptions& script)
+ {
+-    return getOrCreateEventPayload(type, script.filename(), script.lineno, script.column, &script);
++    return getOrCreateEventPayload(type, script.filename(), script.lineno, script.column, nullptr);
+ }
+ 
+ void
+@@ -485,7 +500,7 @@ TraceLoggerThread::startEvent(uint32_t id)
+     if (!traceLoggerState->isTextIdEnabled(id))
+        return;
+ 
+-    logTimestamp(id);
++    log(id);
+ }
+ 
+ void
+@@ -510,7 +525,7 @@ TraceLoggerThread::stopEvent(uint32_t id)
+     if (!traceLoggerState->isTextIdEnabled(id))
+         return;
+ 
+-    logTimestamp(TraceLogger_Stop);
++    log(TraceLogger_Stop);
+ }
+ 
+ void
+@@ -522,23 +537,57 @@ TraceLoggerThread::logTimestamp(TraceLoggerTextId id)
+ void
+ TraceLoggerThread::logTimestamp(uint32_t id)
+ {
++    MOZ_ASSERT(id > TraceLogger_LastTreeItem && id < TraceLogger_Last);
++    log(id);
++}
++
++void
++TraceLoggerThread::log(uint32_t id)
++{
+     if (enabled == 0)
+         return;
+ 
+     MOZ_ASSERT(traceLoggerState);
+-    if (!events.ensureSpaceBeforeAdd()) {
++
++    // We request for 3 items to add, since if we don't have enough room
++    // we record the time it took to make more place. To log this information
++    // we need 2 extra free entries.
++    if (!events.hasSpaceForAdd(3)) {
+         uint64_t start = rdtsc() - traceLoggerState->startupTime;
+ 
+-        if (graph.get())
+-            graph->log(events);
++        if (!events.ensureSpaceBeforeAdd(3)) {
++            if (graph.get())
++                graph->log(events);
++
++            iteration_++;
++            events.clear();
++
++            // Remove the item in the pointerMap for which the payloads
++            // have no uses anymore
++            for (PointerHashMap::Enum e(pointerMap); !e.empty(); e.popFront()) {
++                if (e.front().value()->uses() != 0)
++                    continue;
++
++                TextIdHashMap::Ptr p = textIdPayloads.lookup(e.front().value()->textId());
++                MOZ_ASSERT(p);
++                textIdPayloads.remove(p);
++
++                e.removeFront();
++            }
+ 
+-        iteration_++;
+-        events.clear();
++            // Free all payloads that have no uses anymore.
++            for (TextIdHashMap::Enum e(textIdPayloads); !e.empty(); e.popFront()) {
++                if (e.front().value()->uses() == 0) {
++                    js_delete(e.front().value());
++                    e.removeFront();
++                }
++            }
++        }
+ 
+         // Log the time it took to flush the events as being from the
+         // Tracelogger.
+         if (graph.get()) {
+-            MOZ_ASSERT(events.capacity() > 2);
++            MOZ_ASSERT(events.hasSpaceForAdd(2));
+             EventEntry& entryStart = events.pushUninitialized();
+             entryStart.time = start;
+             entryStart.textId = TraceLogger_Internal;
+@@ -548,13 +597,6 @@ TraceLoggerThread::logTimestamp(uint32_t id)
+             entryStop.textId = TraceLogger_Stop;
+         }
+ 
+-        // Free all TextEvents that have no uses anymore.
+-        for (TextIdHashMap::Enum e(extraTextId); !e.empty(); e.popFront()) {
+-            if (e.front().value()->uses() == 0) {
+-                js_delete(e.front().value());
+-                e.removeFront();
+-            }
+-        }
+     }
+ 
+     uint64_t time = rdtsc() - traceLoggerState->startupTime;
+@@ -956,3 +998,16 @@ TraceLoggerEvent::~TraceLoggerEvent()
+     if (payload_)
+         payload_->release();
+ }
++
++TraceLoggerEvent&
++TraceLoggerEvent::operator=(const TraceLoggerEvent& other)
++{
++    if (hasPayload())
++        payload()->release();
++    if (other.hasPayload())
++        other.payload()->use();
++
++    payload_ = other.payload_;
++
++    return *this;
++}
+diff --git a/js/src/vm/TraceLogging.h b/js/src/vm/TraceLogging.h
+index a124dcb..91a1eb0 100644
+--- a/js/src/vm/TraceLogging.h
++++ b/js/src/vm/TraceLogging.h
+@@ -110,6 +110,9 @@ class TraceLoggerEvent {
+     bool hasPayload() const {
+         return !!payload_;
+     }
++
++    TraceLoggerEvent& operator=(const TraceLoggerEvent& other);
++    TraceLoggerEvent(const TraceLoggerEvent& event) = delete;
+ };
+ 
+ /**
+@@ -130,6 +133,10 @@ class TraceLoggerEventPayload {
+         uses_(0)
+     { }
+ 
++    ~TraceLoggerEventPayload() {
++        MOZ_ASSERT(uses_ == 0);
++    }
++
+     uint32_t textId() {
+         return textId_;
+     }
+@@ -166,7 +173,8 @@ class TraceLoggerThread
+     mozilla::UniquePtr<TraceLoggerGraph> graph;
+ 
+     PointerHashMap pointerMap;
+-    TextIdHashMap extraTextId;
++    TextIdHashMap textIdPayloads;
++    uint32_t nextTextId;
+ 
+     ContinuousSpace<EventEntry> events;
+ 
+@@ -181,6 +189,7 @@ class TraceLoggerThread
+       : enabled(0),
+         failed(false),
+         graph(),
++        nextTextId(TraceLogger_Last),
+         iteration_(0),
+         top(nullptr)
+     { }
+@@ -195,22 +204,22 @@ class TraceLoggerThread
+     bool enable(JSContext* cx);
+     bool disable();
+ 
+-    // Given the previous iteration and lastEntryId, return an array of events
++    // Given the previous iteration and size, return an array of events
+     // (there could be lost events). At the same time update the iteration and
+-    // lastEntry and gives back how many events there are.
+-    EventEntry* getEventsStartingAt(uint32_t* lastIteration, uint32_t* lastEntryId, size_t* num) {
++    // size and gives back how many events there are.
++    EventEntry* getEventsStartingAt(uint32_t* lastIteration, uint32_t* lastSize, size_t* num) {
+         EventEntry* start;
+         if (iteration_ == *lastIteration) {
+-            MOZ_ASSERT(events.lastEntryId() >= *lastEntryId);
+-            *num = events.lastEntryId() - *lastEntryId;
+-            start = events.data() + *lastEntryId + 1;
++            MOZ_ASSERT(*lastSize <= events.size());
++            *num = events.size() - *lastSize;
++            start = events.data() + *lastSize;
+         } else {
+-            *num = events.lastEntryId() + 1;
++            *num = events.size();
+             start = events.data();
+         }
+ 
+         *lastIteration = iteration_;
+-        *lastEntryId = events.lastEntryId();
++        *lastSize = events.size();
+         return start;
+     }
+ 
+@@ -220,16 +229,16 @@ class TraceLoggerThread
+                               const char** lineno, size_t* lineno_len, const char** colno,
+                               size_t* colno_len);
+ 
+-    bool lostEvents(uint32_t lastIteration, uint32_t lastEntryId) {
++    bool lostEvents(uint32_t lastIteration, uint32_t lastSize) {
+         // If still logging in the same iteration, there are no lost events.
+         if (lastIteration == iteration_) {
+-            MOZ_ASSERT(lastEntryId <= events.lastEntryId());
++            MOZ_ASSERT(lastSize <= events.size());
+             return false;
+         }
+ 
+-        // When proceeded to the next iteration and lastEntryId points to
+-        // the maximum capacity there are no logs that are lost.
+-        if (lastIteration + 1 == iteration_ && lastEntryId == events.capacity())
++        // If we are in a consecutive iteration we are only sure we didn't lose any events,
++        // when the lastSize equals the maximum size 'events' can get.
++        if (lastIteration == iteration_ - 1 && lastSize == events.maxSize())
+             return false;
+ 
+         return true;
+@@ -268,6 +277,7 @@ class TraceLoggerThread
+     void stopEvent(uint32_t id);
+   private:
+     void stopEvent();
++    void log(uint32_t id);
+ 
+   public:
+     static unsigned offsetOfEnabled() {
+diff --git a/js/src/vm/TraceLoggingGraph.cpp b/js/src/vm/TraceLoggingGraph.cpp
+index d1b7f2e..a4eb273 100644
+--- a/js/src/vm/TraceLoggingGraph.cpp
++++ b/js/src/vm/TraceLoggingGraph.cpp
+@@ -276,7 +276,7 @@ TraceLoggerGraph::flush()
+         if (bytesWritten < tree.size())
+             return false;
+ 
+-        treeOffset += tree.lastEntryId();
++        treeOffset += tree.size();
+         tree.clear();
+     }
+ 
+@@ -359,7 +359,7 @@ TraceLoggerGraph::startEventInternal(uint32_t id, uint64_t timestamp)
+ 
+     if (parent.lastChildId() == 0) {
+         MOZ_ASSERT(!entry.hasChildren());
+-        MOZ_ASSERT(parent.treeId() == tree.lastEntryId() + treeOffset);
++        MOZ_ASSERT(parent.treeId() == treeOffset + tree.size() - 1);
+ 
+         if (!updateHasChildren(parent.treeId()))
+             return false;
+diff --git a/js/src/vm/TraceLoggingTypes.h b/js/src/vm/TraceLoggingTypes.h
+index f1c9d0c..10b76d6 100644
+--- a/js/src/vm/TraceLoggingTypes.h
++++ b/js/src/vm/TraceLoggingTypes.h
+@@ -21,7 +21,6 @@
+     _(Internal)                                       \
+     _(Interpreter)                                    \
+     _(InlinedScripts)                                 \
+-    _(Invalidation)                                   \
+     _(IonCompilation)                                 \
+     _(IonCompilationPaused)                           \
+     _(IonLinking)                                     \
+@@ -60,6 +59,7 @@
+ 
+ #define TRACELOGGER_LOG_ITEMS(_)                      \
+     _(Bailout)                                        \
++    _(Invalidation)                                   \
+     _(Disable)                                        \
+     _(Enable)                                         \
+     _(Stop)
+@@ -130,6 +130,9 @@ class ContinuousSpace {
+     uint32_t size_;
+     uint32_t capacity_;
+ 
++    // The maximum amount of ram memory a continuous space structure can take (in bytes).
++    static const uint32_t LIMIT = 200 * 1024 * 1024;
++
+   public:
+     ContinuousSpace ()
+      : data_(nullptr)
+@@ -151,6 +154,10 @@ class ContinuousSpace {
+         data_ = nullptr;
+     }
+ 
++    static uint32_t maxSize() {
++        return LIMIT / sizeof(T);
++    }
++
+     T* data() {
+         return data_;
+     }
+@@ -187,11 +194,14 @@ class ContinuousSpace {
+         if (hasSpaceForAdd(count))
+             return true;
+ 
++        // Limit the size of a continuous buffer.
++        if (size_ + count > maxSize())
++            return false;
++
+         uint32_t nCapacity = capacity_ * 2;
+-        if (size_ + count > nCapacity)
+-            nCapacity = size_ + count;
+-        T* entries = (T*) js_realloc(data_, nCapacity * sizeof(T));
++        nCapacity = (nCapacity < maxSize()) ? nCapacity : maxSize();
+ 
++        T* entries = (T*) js_realloc(data_, nCapacity * sizeof(T));
+         if (!entries)
+             return false;
+ 
diff --git a/gnu/packages/patches/mozjs38-version-detection.patch b/gnu/packages/patches/mozjs38-version-detection.patch
new file mode 100644
index 0000000000..ec2d264ccc
--- /dev/null
+++ b/gnu/packages/patches/mozjs38-version-detection.patch
@@ -0,0 +1,180 @@
+Taken from
+https://trac.wildfiregames.com/export/18656/ps/trunk/libraries/source/spidermonkey/FixVersionDetectionConfigure.diff.
+
+Fixes a version detection issue in 0ad.  See
+https://lists.gnu.org/archive/html/guix-devel/2017-01/msg00625.html.
+
+diff --git a/js/src/configure b/js/src/configure
+--- a/js/src/configure
++++ b/js/src/configure
+@@ -1662,70 +1662,6 @@ esac
+ 
+ fi
+ 
+-MOZILLA_VERSION=`$PYTHON $srcdir/python/mozbuild/mozbuild/milestone.py --topsrcdir $srcdir`
+-MOZILLA_UAVERSION=`$PYTHON $srcdir/python/mozbuild/mozbuild/milestone.py --topsrcdir $srcdir --uaversion`
+-MOZILLA_SYMBOLVERSION=`$PYTHON $srcdir/python/mozbuild/mozbuild/milestone.py --topsrcdir $srcdir --symbolversion`
+-
+-cat >> confdefs.pytmp <<EOF
+-    (''' MOZILLA_VERSION ''', r''' "$MOZILLA_VERSION" ''')
+-EOF
+-cat >> confdefs.h <<EOF
+-#define MOZILLA_VERSION "$MOZILLA_VERSION"
+-EOF
+-
+-cat >> confdefs.pytmp <<EOF
+-    (''' MOZILLA_VERSION_U ''', r''' $MOZILLA_VERSION ''')
+-EOF
+-cat >> confdefs.h <<EOF
+-#define MOZILLA_VERSION_U $MOZILLA_VERSION
+-EOF
+-
+-cat >> confdefs.pytmp <<EOF
+-    (''' MOZILLA_UAVERSION ''', r''' "$MOZILLA_UAVERSION" ''')
+-EOF
+-cat >> confdefs.h <<EOF
+-#define MOZILLA_UAVERSION "$MOZILLA_UAVERSION"
+-EOF
+-
+-
+-
+-# Separate version into components for use in shared object naming etc
+-
+-MOZJS_MAJOR_VERSION=`echo $MOZILLA_VERSION | sed "s|\(^[0-9]*\)\.[0-9]*.*|\1|"`
+-MOZJS_MINOR_VERSION=`echo $MOZILLA_VERSION | sed "s|^[0-9]*\.\([0-9]*\).*|\1|"`
+-MOZJS_PATCH_VERSION=`echo $MOZILLA_VERSION | sed "s|^[0-9]*\.[0-9]*[^0-9]*||"`
+-IS_ALPHA=`echo $MOZILLA_VERSION | grep '[ab]'`
+-
+-JS_SHELL_NAME=js
+-JS_CONFIG_NAME=js-config
+-
+-
+-if test -n "$IS_ALPHA"; then
+-  
+-  MOZJS_ALPHA=`echo $MOZILLA_VERSION | sed "s|^[0-9]*\.[0-9\.]*\([^0-9]\).*|\1|"`
+-  
+-fi
+-cat >> confdefs.pytmp <<EOF
+-    (''' MOZJS_MAJOR_VERSION ''', r''' $MOZJS_MAJOR_VERSION ''')
+-EOF
+-cat >> confdefs.h <<EOF
+-#define MOZJS_MAJOR_VERSION $MOZJS_MAJOR_VERSION
+-EOF
+-
+-cat >> confdefs.pytmp <<EOF
+-    (''' MOZJS_MINOR_VERSION ''', r''' $MOZJS_MINOR_VERSION ''')
+-EOF
+-cat >> confdefs.h <<EOF
+-#define MOZJS_MINOR_VERSION $MOZJS_MINOR_VERSION
+-EOF
+-
+-
+-
+-
+-
+-
+-
+-
+ 
+ AR_FLAGS='crs $@'
+ 
+@@ -5731,6 +5565,71 @@ XCFLAGS="$X_CFLAGS"
+ 
+ fi # COMPILE_ENVIRONMENT
+ 
++MOZILLA_VERSION=`$PYTHON $srcdir/python/mozbuild/mozbuild/milestone.py --topsrcdir $srcdir`
++MOZILLA_UAVERSION=`$PYTHON $srcdir/python/mozbuild/mozbuild/milestone.py --topsrcdir $srcdir --uaversion`
++MOZILLA_SYMBOLVERSION=`$PYTHON $srcdir/python/mozbuild/mozbuild/milestone.py --topsrcdir $srcdir --symbolversion`
++
++cat >> confdefs.pytmp <<EOF
++    (''' MOZILLA_VERSION ''', r''' "$MOZILLA_VERSION" ''')
++EOF
++cat >> confdefs.h <<EOF
++#define MOZILLA_VERSION "$MOZILLA_VERSION"
++EOF
++
++cat >> confdefs.pytmp <<EOF
++    (''' MOZILLA_VERSION_U ''', r''' $MOZILLA_VERSION ''')
++EOF
++cat >> confdefs.h <<EOF
++#define MOZILLA_VERSION_U $MOZILLA_VERSION
++EOF
++
++cat >> confdefs.pytmp <<EOF
++    (''' MOZILLA_UAVERSION ''', r''' "$MOZILLA_UAVERSION" ''')
++EOF
++cat >> confdefs.h <<EOF
++#define MOZILLA_UAVERSION "$MOZILLA_UAVERSION"
++EOF
++
++
++
++# Separate version into components for use in shared object naming etc
++
++MOZJS_MAJOR_VERSION=`echo $MOZILLA_VERSION | sed "s|\(^[0-9]*\)\.[0-9]*.*|\1|"`
++MOZJS_MINOR_VERSION=`echo $MOZILLA_VERSION | sed "s|^[0-9]*\.\([0-9]*\).*|\1|"`
++MOZJS_PATCH_VERSION=`echo $MOZILLA_VERSION | sed "s|^[0-9]*\.[0-9]*[^0-9]*||"`
++IS_ALPHA=`echo $MOZILLA_VERSION | grep '[ab]'`
++
++JS_SHELL_NAME=js
++JS_CONFIG_NAME=js-config
++
++
++if test -n "$IS_ALPHA"; then
++  
++  MOZJS_ALPHA=`echo $MOZILLA_VERSION | sed "s|^[0-9]*\.[0-9\.]*\([^0-9]\).*|\1|"`
++  
++fi
++cat >> confdefs.pytmp <<EOF
++    (''' MOZJS_MAJOR_VERSION ''', r''' $MOZJS_MAJOR_VERSION ''')
++EOF
++cat >> confdefs.h <<EOF
++#define MOZJS_MAJOR_VERSION $MOZJS_MAJOR_VERSION
++EOF
++
++cat >> confdefs.pytmp <<EOF
++    (''' MOZJS_MINOR_VERSION ''', r''' $MOZJS_MINOR_VERSION ''')
++EOF
++cat >> confdefs.h <<EOF
++#define MOZJS_MINOR_VERSION $MOZJS_MINOR_VERSION
++EOF
++
++
++
++
++
++
++
++
++
+ AS_BIN=$AS
+ AR_LIST='$(AR) t'
+ AR_EXTRACT='$(AR) x'
+@@ -16003,13 +15908,6 @@ sed 's/$/,/' >> $CONFIG_STATUS <<EOF
+     (''' ANDROID_NDK ''', r''' $ANDROID_NDK ''')
+     (''' ANDROID_TOOLCHAIN ''', r''' $ANDROID_TOOLCHAIN ''')
+     (''' ANDROID_PLATFORM ''', r''' $ANDROID_PLATFORM ''')
+-    (''' MOZILLA_SYMBOLVERSION ''', r''' $MOZILLA_SYMBOLVERSION ''')
+-    (''' JS_SHELL_NAME ''', r''' $JS_SHELL_NAME ''')
+-    (''' JS_CONFIG_NAME ''', r''' $JS_CONFIG_NAME ''')
+-    (''' MOZJS_MAJOR_VERSION ''', r''' $MOZJS_MAJOR_VERSION ''')
+-    (''' MOZJS_MINOR_VERSION ''', r''' $MOZJS_MINOR_VERSION ''')
+-    (''' MOZJS_PATCH_VERSION ''', r''' $MOZJS_PATCH_VERSION ''')
+-    (''' MOZJS_ALPHA ''', r''' $MOZJS_ALPHA ''')
+     (''' HOST_CC ''', r''' $HOST_CC ''')
+     (''' HOST_CXX ''', r''' $HOST_CXX ''')
+     (''' HOST_RANLIB ''', r''' $HOST_RANLIB ''')
+@@ -16061,6 +15959,13 @@ sed 's/$/,/' >> $CONFIG_STATUS <<EOF
+     (''' X_PRE_LIBS ''', r''' $X_PRE_LIBS ''')
+     (''' X_LIBS ''', r''' $X_LIBS ''')
+     (''' X_EXTRA_LIBS ''', r''' $X_EXTRA_LIBS ''')
++    (''' MOZILLA_SYMBOLVERSION ''', r''' $MOZILLA_SYMBOLVERSION ''')
++    (''' JS_SHELL_NAME ''', r''' $JS_SHELL_NAME ''')
++    (''' JS_CONFIG_NAME ''', r''' $JS_CONFIG_NAME ''')
++    (''' MOZJS_MAJOR_VERSION ''', r''' $MOZJS_MAJOR_VERSION ''')
++    (''' MOZJS_MINOR_VERSION ''', r''' $MOZJS_MINOR_VERSION ''')
++    (''' MOZJS_PATCH_VERSION ''', r''' $MOZJS_PATCH_VERSION ''')
++    (''' MOZJS_ALPHA ''', r''' $MOZJS_ALPHA ''')
+     (''' SOLARIS_SUNPRO_CC ''', r''' $SOLARIS_SUNPRO_CC ''')
+     (''' SOLARIS_SUNPRO_CXX ''', r''' $SOLARIS_SUNPRO_CXX ''')
+     (''' MOZ_THUMB2 ''', r''' $MOZ_THUMB2 ''')
diff --git a/gnu/packages/patches/mplayer2-theora-fix.patch b/gnu/packages/patches/mplayer2-theora-fix.patch
deleted file mode 100644
index 982db5f57c..0000000000
--- a/gnu/packages/patches/mplayer2-theora-fix.patch
+++ /dev/null
@@ -1,286 +0,0 @@
-Fix libtheora linking issue with modern theora versions.
-
-Adapted from:
-http://git.buildroot.net/buildroot/commit/?id=46b71cb0be27c0e6b7c93afb49fc80779bf310e3
-
---- a/libmpcodecs/vd_theora.c
-+++ b/libmpcodecs/vd_theora.c
-@@ -39,22 +39,23 @@
- 
- LIBVD_EXTERN(theora)
- 
--#include <theora/theora.h>
-+#include <theora/theoradec.h>
- 
- #define THEORA_NUM_HEADER_PACKETS 3
- 
- typedef struct theora_struct_st {
--    theora_state st;
--    theora_comment cc;
--    theora_info inf;
-+    th_setup_info *tsi;
-+    th_dec_ctx    *tctx;
-+    th_comment     tc;
-+    th_info        ti;
- } theora_struct_t;
- 
- /** Convert Theora pixelformat to the corresponding IMGFMT_ */
--static uint32_t theora_pixelformat2imgfmt(theora_pixelformat fmt){
-+static uint32_t theora_pixelformat2imgfmt(th_pixel_fmt fmt){
-     switch(fmt) {
--       case OC_PF_420: return IMGFMT_YV12;
--       case OC_PF_422: return IMGFMT_422P;
--       case OC_PF_444: return IMGFMT_444P;
-+       case TH_PF_420: return IMGFMT_YV12;
-+       case TH_PF_422: return IMGFMT_422P;
-+       case TH_PF_444: return IMGFMT_444P;
-     }
-     return 0;
- }
-@@ -64,7 +65,7 @@
-     theora_struct_t *context = sh->context;
-     switch(cmd) {
-     case VDCTRL_QUERY_FORMAT:
--        if (*(int*)arg == theora_pixelformat2imgfmt(context->inf.pixelformat))
-+        if (*(int*)arg == theora_pixelformat2imgfmt(context->ti.pixel_fmt))
- 	    return CONTROL_TRUE;
- 	return CONTROL_FALSE;
-     }
-@@ -88,8 +89,9 @@
-     if (!context)
-         goto err_out;
- 
--    theora_info_init(&context->inf);
--    theora_comment_init(&context->cc);
-+    th_info_init(&context->ti);
-+    th_comment_init(&context->tc);
-+    context->tsi = NULL;
- 
-     /* Read all header packets, pass them to theora_decode_header. */
-     for (i = 0; i < THEORA_NUM_HEADER_PACKETS; i++)
-@@ -109,7 +111,7 @@
-             op.b_o_s = 1;
-         }
- 
--        if ( (errorCode = theora_decode_header (&context->inf, &context->cc, &op)) )
-+        if ( (errorCode = th_decode_headerin (&context->ti, &context->tc, &context->tsi, &op)) < 0)
-         {
-             mp_msg(MSGT_DECVIDEO, MSGL_ERR, "Broken Theora header; errorCode=%i!\n", errorCode);
-             goto err_out;
-@@ -117,23 +119,25 @@
-     }
- 
-     /* now init codec */
--    errorCode = theora_decode_init (&context->st, &context->inf);
--    if (errorCode)
-+    context->tctx = th_decode_alloc (&context->ti, context->tsi);
-+    if (!context->tctx)
-     {
--        mp_msg(MSGT_DECVIDEO,MSGL_ERR,"Theora decode init failed: %i \n", errorCode);
-+        mp_msg(MSGT_DECVIDEO,MSGL_ERR,"Theora decode init failed\n");
-         goto err_out;
-     }
-+    /* free memory used for decoder setup information */
-+    th_setup_free(context->tsi);
- 
--    if(sh->aspect==0.0 && context->inf.aspect_denominator!=0)
-+    if(sh->aspect==0.0 && context->ti.aspect_denominator!=0)
-     {
--       sh->aspect = ((double)context->inf.aspect_numerator * context->inf.width)/
--          ((double)context->inf.aspect_denominator * context->inf.height);
-+       sh->aspect = ((double)context->ti.aspect_numerator * context->ti.frame_width)/
-+          ((double)context->ti.aspect_denominator * context->ti.frame_height);
-     }
- 
-     mp_msg(MSGT_DECVIDEO,MSGL_V,"INFO: Theora video init ok!\n");
--    mp_msg(MSGT_DECVIDEO,MSGL_INFO,"Frame: %dx%d, Picture %dx%d, Offset [%d,%d]\n", context->inf.width, context->inf.height, context->inf.frame_width, context->inf.frame_height, context->inf.offset_x, context->inf.offset_y);
-+    mp_msg(MSGT_DECVIDEO,MSGL_INFO,"Frame: %dx%d, Picture %dx%d, Offset [%d,%d]\n", context->ti.frame_width, context->ti.frame_height, context->ti.pic_width, context->ti.pic_height, context->ti.pic_x, context->ti.pic_y);
- 
--    return mpcodecs_config_vo (sh,context->inf.width,context->inf.height,theora_pixelformat2imgfmt(context->inf.pixelformat));
-+    return mpcodecs_config_vo (sh,context->ti.frame_width,context->ti.frame_height,theora_pixelformat2imgfmt(context->ti.pixel_fmt));
- 
- err_out:
-     free(context);
-@@ -150,9 +154,9 @@
- 
-    if (context)
-    {
--      theora_info_clear(&context->inf);
--      theora_comment_clear(&context->cc);
--      theora_clear (&context->st);
-+      th_info_clear(&context->ti);
-+      th_comment_clear(&context->tc);
-+      th_decode_free (context->tctx);
-       free (context);
-    }
- }
-@@ -165,7 +169,7 @@
-    theora_struct_t *context = sh->context;
-    int errorCode = 0;
-    ogg_packet op;
--   yuv_buffer yuv;
-+   th_ycbcr_buffer ycbcrbuf;
-    mp_image_t* mpi;
- 
-    // no delayed frames
-@@ -177,31 +181,31 @@
-    op.packet = data;
-    op.granulepos = -1;
- 
--   errorCode = theora_decode_packetin (&context->st, &op);
--   if (errorCode)
-+   errorCode = th_decode_packetin (context->tctx, &op, NULL);
-+   if (errorCode < 0)
-    {
-       mp_msg(MSGT_DECVIDEO,MSGL_ERR,"Theora decode packetin failed: %i \n",
- 	     errorCode);
-       return NULL;
-    }
- 
--   errorCode = theora_decode_YUVout (&context->st, &yuv);
--   if (errorCode)
-+   errorCode = th_decode_ycbcr_out (context->tctx, ycbcrbuf);
-+   if (errorCode < 0)
-    {
-       mp_msg(MSGT_DECVIDEO,MSGL_ERR,"Theora decode YUVout failed: %i \n",
- 	     errorCode);
-       return NULL;
-    }
- 
--    mpi = mpcodecs_get_image(sh, MP_IMGTYPE_EXPORT, 0, yuv.y_width, yuv.y_height);
-+    mpi = mpcodecs_get_image(sh, MP_IMGTYPE_EXPORT, 0, ycbcrbuf[0].width, ycbcrbuf[0].height);
-     if(!mpi) return NULL;
- 
--    mpi->planes[0]=yuv.y;
--    mpi->stride[0]=yuv.y_stride;
--    mpi->planes[1]=yuv.u;
--    mpi->stride[1]=yuv.uv_stride;
--    mpi->planes[2]=yuv.v;
--    mpi->stride[2]=yuv.uv_stride;
-+    mpi->planes[0]=ycbcrbuf[0].data;
-+    mpi->stride[0]=ycbcrbuf[0].stride;
-+    mpi->planes[1]=ycbcrbuf[1].data;
-+    mpi->stride[1]=ycbcrbuf[1].stride;
-+    mpi->planes[2]=ycbcrbuf[2].data;
-+    mpi->stride[2]=ycbcrbuf[2].stride;
- 
-     return mpi;
- }
---- a/libmpdemux/demux_ogg.c
-+++ b/libmpdemux/demux_ogg.c
-@@ -49,21 +49,21 @@
- #endif
- 
- #ifdef CONFIG_OGGTHEORA
--#include <theora/theora.h>
--int _ilog (unsigned int); /* defined in many places in theora/lib/ */
-+#include <theora/theoradec.h>
- #endif
- 
- #define BLOCK_SIZE 4096
- 
- /* Theora decoder context : we won't be able to interpret granule positions
-- * without using theora_granule_time with the theora_state of the stream.
-+ * without using th_granule_time with the th_dec_ctx of the stream.
-  * This is duplicated in `vd_theora.c'; put this in a common header?
-  */
- #ifdef CONFIG_OGGTHEORA
- typedef struct theora_struct_st {
--    theora_state   st;
--    theora_comment cc;
--    theora_info    inf;
-+    th_setup_info *tsi;
-+    th_dec_ctx    *tctx;
-+    th_comment     tc;
-+    th_info        ti;
- } theora_struct_t;
- #endif
- 
-@@ -116,7 +116,7 @@
-     float   samplerate; /// granulpos 2 time
-     int64_t lastpos;
-     int32_t lastsize;
--    int     keyframe_frequency_force;
-+    int     keyframe_granule_shift;
- 
-     // Logical stream state
-     ogg_stream_state stream;
-@@ -299,11 +299,10 @@
-            have theora_state st, until all header packets were passed to the
-            decoder. */
-         if (!pack->bytes || !(*data&0x80)) {
--            int keyframe_granule_shift = _ilog(os->keyframe_frequency_force - 1);
--            int64_t iframemask = (1 << keyframe_granule_shift) - 1;
-+            int64_t iframemask = (1 << os->keyframe_granule_shift) - 1;
- 
-             if (pack->granulepos >= 0) {
--                os->lastpos  = pack->granulepos >> keyframe_granule_shift;
-+                os->lastpos  = pack->granulepos >> os->keyframe_granule_shift;
-                 os->lastpos += pack->granulepos & iframemask;
-                 *flags = (pack->granulepos & iframemask) == 0;
-             } else {
-@@ -892,14 +891,15 @@
- #ifdef CONFIG_OGGTHEORA
-         } else if (pack.bytes >= 7 && !strncmp (&pack.packet[1], "theora", 6)) {
-             int errorCode = 0;
--            theora_info inf;
--            theora_comment cc;
-+            th_info ti;
-+            th_comment tc;
-+            th_setup_info *tsi = NULL;
- 
--            theora_info_init (&inf);
--            theora_comment_init (&cc);
-+            th_info_init (&ti);
-+            th_comment_init (&tc);
- 
--            errorCode = theora_decode_header (&inf, &cc, &pack);
--            if (errorCode) {
-+            errorCode = th_decode_headerin(&ti, &tc, &tsi, &pack);
-+            if (errorCode < 0) {
-                 mp_msg(MSGT_DEMUX, MSGL_ERR,
-                        "Theora header parsing failed: %i \n", errorCode);
-             } else {
-@@ -908,30 +908,32 @@
-                 sh_v->bih = calloc(1, sizeof(*sh_v->bih));
-                 sh_v->bih->biSize        = sizeof(*sh_v->bih);
-                 sh_v->bih->biCompression = sh_v->format = FOURCC_THEORA;
--                sh_v->fps = ((double)inf.fps_numerator) / (double)inf.fps_denominator;
--                sh_v->frametime = ((double)inf.fps_denominator) / (double)inf.fps_numerator;
--                sh_v->disp_w = sh_v->bih->biWidth  = inf.frame_width;
--                sh_v->disp_h = sh_v->bih->biHeight = inf.frame_height;
-+                sh_v->fps = ((double)ti.fps_numerator) / (double)ti.fps_denominator;
-+                sh_v->frametime = ((double)ti.fps_denominator) / (double)ti.fps_numerator;
-+                sh_v->i_bps  = ti.target_bitrate / 8;
-+                sh_v->disp_w = sh_v->bih->biWidth  = ti.frame_width;
-+                sh_v->disp_h = sh_v->bih->biHeight = ti.frame_height;
-                 sh_v->bih->biBitCount  = 24;
-                 sh_v->bih->biPlanes    = 3;
-                 sh_v->bih->biSizeImage = ((sh_v->bih->biBitCount / 8) * sh_v->bih->biWidth * sh_v->bih->biHeight);
-                 ogg_d->subs[ogg_d->num_sub].samplerate               = sh_v->fps;
-                 ogg_d->subs[ogg_d->num_sub].theora                   = 1;
--                ogg_d->subs[ogg_d->num_sub].keyframe_frequency_force = inf.keyframe_frequency_force;
-+                ogg_d->subs[ogg_d->num_sub].keyframe_granule_shift   = ti.keyframe_granule_shift;
-                 ogg_d->subs[ogg_d->num_sub].id                       = n_video;
-                 n_video++;
-                 mp_msg(MSGT_DEMUX, MSGL_INFO,
-                        "[Ogg] stream %d: video (Theora v%d.%d.%d), -vid %d\n",
-                        ogg_d->num_sub,
--                       (int)inf.version_major,
--                       (int)inf.version_minor,
--                       (int)inf.version_subminor,
-+                       (int)ti.version_major,
-+                       (int)ti.version_minor,
-+                       (int)ti.version_subminor,
-                        n_video - 1);
-                 if (mp_msg_test(MSGT_HEADER, MSGL_V))
-                     print_video_header(sh_v->bih, MSGL_V);
-             }
--            theora_comment_clear(&cc);
--            theora_info_clear(&inf);
-+            th_comment_clear(&tc);
-+            th_info_clear(&ti);
-+            th_setup_free(tsi);
- #endif /* CONFIG_OGGTHEORA */
-         } else if (pack.bytes >= 4 && !strncmp (&pack.packet[0], "fLaC", 4)) {
-             sh_a = new_sh_audio_aid(demuxer, ogg_d->num_sub, n_audio, NULL);
diff --git a/gnu/packages/patches/mupdf-CVE-2017-5896.patch b/gnu/packages/patches/mupdf-CVE-2017-5896.patch
deleted file mode 100644
index 1537ecc896..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2017-5896.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-Fix CVE-2017-5896:
-
-https://bugs.ghostscript.com/show_bug.cgi?id=697515
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5896
-http://www.openwall.com/lists/oss-security/2017/02/10/1
-https://security-tracker.debian.org/tracker/CVE-2017-5896
-https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/
-
-Patch lifted from upstream source repository:
-
-http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27
-
-From 2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 Mon Sep 17 00:00:00 2001
-From: Robin Watts <Robin.Watts@artifex.com>
-Date: Thu, 9 Feb 2017 07:12:16 -0800
-Subject: [PATCH] bug 697515: Fix out of bounds read in fz_subsample_pixmap
-
-Pointer arithmetic for final special case was going wrong.
----
- source/fitz/pixmap.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/source/fitz/pixmap.c b/source/fitz/pixmap.c
-index a8317127..f1291dc2 100644
---- a/source/fitz/pixmap.c
-+++ b/source/fitz/pixmap.c
-@@ -1104,6 +1104,7 @@ fz_subsample_pixmap_ARM(unsigned char *ptr, int w, int h, int f, int factor,
- 	"@STACK:r1,<9>,factor,n,fwd,back,back2,fwd2,divX,back4,fwd4,fwd3,divY,back5,divXY\n"
- 	"ldr	r4, [r13,#4*22]		@ r4 = divXY			\n"
- 	"ldr	r5, [r13,#4*11]		@ for (nn = n; nn > 0; n--) {	\n"
-+	"ldr	r8, [r13,#4*17]		@ r8 = back4			\n"
- 	"18:				@				\n"
- 	"mov	r14,#0			@ r14= v = 0			\n"
- 	"sub	r5, r5, r1, LSL #8	@ for (xx = x; xx > 0; x--) {	\n"
-@@ -1120,7 +1121,7 @@ fz_subsample_pixmap_ARM(unsigned char *ptr, int w, int h, int f, int factor,
- 	"mul	r14,r4, r14		@ r14= v *= divX		\n"
- 	"mov	r14,r14,LSR #16		@ r14= v >>= 16			\n"
- 	"strb	r14,[r9], #1		@ *d++ = r14			\n"
--	"sub	r0, r0, r8		@ s -= back2			\n"
-+	"sub	r0, r0, r8		@ s -= back4			\n"
- 	"subs	r5, r5, #1		@ n--				\n"
- 	"bgt	18b			@ }				\n"
- 	"21:				@				\n"
-@@ -1249,6 +1250,7 @@ fz_subsample_pixmap(fz_context *ctx, fz_pixmap *tile, int factor)
- 		x += f;
- 		if (x > 0)
- 		{
-+			int back4 = x * n - 1;
- 			div = x * y;
- 			for (nn = n; nn > 0; nn--)
- 			{
-@@ -1263,7 +1265,7 @@ fz_subsample_pixmap(fz_context *ctx, fz_pixmap *tile, int factor)
- 					s -= back5;
- 				}
- 				*d++ = v / div;
--				s -= back2;
-+				s -= back4;
- 			}
- 		}
- 	}
--- 
-2.12.0
-
diff --git a/gnu/packages/patches/mupdf-CVE-2017-5991.patch b/gnu/packages/patches/mupdf-CVE-2017-5991.patch
deleted file mode 100644
index 1fa6dc3466..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2017-5991.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-Fix CVE-2017-5991:
-
-https://bugs.ghostscript.com/show_bug.cgi?id=697500
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5991
-https://security-tracker.debian.org/tracker/CVE-2017-5991
-
-Patch lifted from upstream source repository:
-
-http://git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465
-
-From 1912de5f08e90af1d9d0a9791f58ba3afdb9d465 Mon Sep 17 00:00:00 2001
-From: Robin Watts <robin.watts@artifex.com>
-Date: Thu, 9 Feb 2017 15:49:15 +0000
-Subject: [PATCH] Bug 697500: Fix NULL ptr access.
-
-Cope better with errors during rendering - avoid letting the
-gstate stack get out of sync.
-
-This avoids us ever getting into the situation of popping
-a clip when we should be popping a mask or a group. This was
-causing an unexpected case in the painting.
----
- source/pdf/pdf-op-run.c | 26 ++++++++++++++++++--------
- 1 file changed, 18 insertions(+), 8 deletions(-)
-
-diff --git a/source/pdf/pdf-op-run.c b/source/pdf/pdf-op-run.c
-index a3ea895d..f1eac8d3 100644
---- a/source/pdf/pdf-op-run.c
-+++ b/source/pdf/pdf-op-run.c
-@@ -1213,6 +1213,7 @@ pdf_run_xobject(fz_context *ctx, pdf_run_processor *proc, pdf_xobject *xobj, pdf
- 	pdf_run_processor *pr = (pdf_run_processor *)proc;
- 	pdf_gstate *gstate = NULL;
- 	int oldtop = 0;
-+	int oldbot = -1;
- 	fz_matrix local_transform = *transform;
- 	softmask_save softmask = { NULL };
- 	int gparent_save;
-@@ -1232,16 +1233,17 @@ pdf_run_xobject(fz_context *ctx, pdf_run_processor *proc, pdf_xobject *xobj, pdf
- 	fz_var(cleanup_state);
- 	fz_var(gstate);
- 	fz_var(oldtop);
-+	fz_var(oldbot);
- 
- 	gparent_save = pr->gparent;
- 	pr->gparent = pr->gtop;
-+	oldtop = pr->gtop;
- 
- 	fz_try(ctx)
- 	{
- 		pdf_gsave(ctx, pr);
- 
- 		gstate = pr->gstate + pr->gtop;
--		oldtop = pr->gtop;
- 
- 		pdf_xobject_bbox(ctx, xobj, &xobj_bbox);
- 		pdf_xobject_matrix(ctx, xobj, &xobj_matrix);
-@@ -1302,12 +1304,25 @@ pdf_run_xobject(fz_context *ctx, pdf_run_processor *proc, pdf_xobject *xobj, pdf
- 
- 		doc = pdf_get_bound_document(ctx, xobj->obj);
- 
-+		oldbot = pr->gbot;
-+		pr->gbot = pr->gtop;
-+
- 		pdf_process_contents(ctx, (pdf_processor*)pr, doc, resources, xobj->obj, NULL);
- 	}
- 	fz_always(ctx)
- 	{
-+		/* Undo any gstate mismatches due to the pdf_process_contents call */
-+		if (oldbot != -1)
-+		{
-+			while (pr->gtop > pr->gbot)
-+			{
-+				pdf_grestore(ctx, pr);
-+			}
-+			pr->gbot = oldbot;
-+		}
-+
- 		if (cleanup_state >= 3)
--			pdf_grestore(ctx, pr); /* Remove the clippath */
-+			pdf_grestore(ctx, pr); /* Remove the state we pushed for the clippath */
- 
- 		/* wrap up transparency stacks */
- 		if (transparency)
-@@ -1341,13 +1356,8 @@ pdf_run_xobject(fz_context *ctx, pdf_run_processor *proc, pdf_xobject *xobj, pdf
- 		pr->gstate[pr->gparent].ctm = gparent_save_ctm;
- 		pr->gparent = gparent_save;
- 
--		if (gstate)
--		{
--			while (oldtop < pr->gtop)
--				pdf_grestore(ctx, pr);
--
-+		while (oldtop < pr->gtop)
- 			pdf_grestore(ctx, pr);
--		}
- 
- 		pdf_unmark_obj(ctx, xobj->obj);
- 	}
--- 
-2.12.0
-
diff --git a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch b/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch
index d97c1cb348..0b5b735ff3 100644
--- a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch
+++ b/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch
@@ -13,17 +13,15 @@ diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c
 index 6b92e5c..72dea50 100644
 --- a/source/fitz/load-jpx.c
 +++ b/source/fitz/load-jpx.c
-@@ -1,13 +1,5 @@
- #include "mupdf/fitz.h"
+@@ -444,11 +444,6 @@
+ 
+ #else /* HAVE_LURATECH */
  
--/* Without the definition of OPJ_STATIC, compilation fails on windows
-- * due to the use of __stdcall. We believe it is required on some
-- * linux toolchains too. */
 -#define OPJ_STATIC
--#ifndef _MSC_VER
+-#define OPJ_HAVE_INTTYPES_H
+-#if !defined(_WIN32) && !defined(_WIN64)
 -#define OPJ_HAVE_STDINT_H
 -#endif
--
- #include <openjpeg.h>
+ #define USE_JPIP
  
- static void fz_opj_error_callback(const char *msg, void *client_data)
+ #include <openjpeg.h>
diff --git a/gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch b/gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch
deleted file mode 100644
index e752e57ec5..0000000000
--- a/gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch
+++ /dev/null
@@ -1,188 +0,0 @@
-Fix CVE-2016-10132:
-
-https://bugs.ghostscript.com/show_bug.cgi?id=697381
-http://seclists.org/oss-sec/2017/q1/74
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10132
-
-Patch lifted from upstream source repository:
-
-http://git.ghostscript.com/?p=mujs.git;h=fd003eceda531e13fbdd1aeb6e9c73156496e569
-
-From fd003eceda531e13fbdd1aeb6e9c73156496e569 Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor@ccxvii.net>
-Date: Fri, 2 Dec 2016 14:56:20 -0500
-Subject: [PATCH] Fix 697381: check allocation when compiling regular
- expressions.
-
-Also use allocator callback function.
----
- thirdparty/mujs/jsgc.c     |  2 +-
- thirdparty/mujs/jsregexp.c |  2 +-
- thirdparty/mujs/jsstate.c  |  6 ------
- thirdparty/mujs/regexp.c   | 45 +++++++++++++++++++++++++++++++++++----------
- thirdparty/mujs/regexp.h   |  7 +++++++
- 5 files changed, 44 insertions(+), 18 deletions(-)
-
-diff --git a/thirdparty/mujs/jsgc.c b/thirdparty/mujs/jsgc.c
-index 4f7e7dc..f80111e 100644
---- a/thirdparty/mujs/jsgc.c
-+++ b/thirdparty/mujs/jsgc.c
-@@ -46,7 +46,7 @@ static void jsG_freeobject(js_State *J, js_Object *obj)
- 		jsG_freeproperty(J, obj->head);
- 	if (obj->type == JS_CREGEXP) {
- 		js_free(J, obj->u.r.source);
--		js_regfree(obj->u.r.prog);
-+		js_regfreex(J->alloc, J->actx, obj->u.r.prog);
- 	}
- 	if (obj->type == JS_CITERATOR)
- 		jsG_freeiterator(J, obj->u.iter.head);
-diff --git a/thirdparty/mujs/jsregexp.c b/thirdparty/mujs/jsregexp.c
-index a2d5156..7b09c06 100644
---- a/thirdparty/mujs/jsregexp.c
-+++ b/thirdparty/mujs/jsregexp.c
-@@ -16,7 +16,7 @@ void js_newregexp(js_State *J, const char *pattern, int flags)
- 	if (flags & JS_REGEXP_I) opts |= REG_ICASE;
- 	if (flags & JS_REGEXP_M) opts |= REG_NEWLINE;
- 
--	prog = js_regcomp(pattern, opts, &error);
-+	prog = js_regcompx(J->alloc, J->actx, pattern, opts, &error);
- 	if (!prog)
- 		js_syntaxerror(J, "regular expression: %s", error);
- 
-diff --git a/thirdparty/mujs/jsstate.c b/thirdparty/mujs/jsstate.c
-index 638cab3..fd5bcf6 100644
---- a/thirdparty/mujs/jsstate.c
-+++ b/thirdparty/mujs/jsstate.c
-@@ -9,12 +9,6 @@
- 
- static void *js_defaultalloc(void *actx, void *ptr, int size)
- {
--	if (size == 0) {
--		free(ptr);
--		return NULL;
--	}
--	if (!ptr)
--		return malloc((size_t)size);
- 	return realloc(ptr, (size_t)size);
- }
- 
-diff --git a/thirdparty/mujs/regexp.c b/thirdparty/mujs/regexp.c
-index 9852be2..01c18a3 100644
---- a/thirdparty/mujs/regexp.c
-+++ b/thirdparty/mujs/regexp.c
-@@ -807,23 +807,31 @@ static void dumpprog(Reprog *prog)
- }
- #endif
- 
--Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
-+Reprog *regcompx(void *(*alloc)(void *ctx, void *p, int n), void *ctx,
-+	const char *pattern, int cflags, const char **errorp)
- {
- 	struct cstate g;
- 	Renode *node;
- 	Reinst *split, *jump;
- 	int i;
- 
--	g.prog = malloc(sizeof (Reprog));
--	g.pstart = g.pend = malloc(sizeof (Renode) * strlen(pattern) * 2);
-+	g.pstart = NULL;
-+	g.prog = NULL;
- 
- 	if (setjmp(g.kaboom)) {
- 		if (errorp) *errorp = g.error;
--		free(g.pstart);
--		free(g.prog);
-+		alloc(ctx, g.pstart, 0);
-+		alloc(ctx, g.prog, 0);
- 		return NULL;
- 	}
- 
-+	g.prog = alloc(ctx, NULL, sizeof (Reprog));
-+	if (!g.prog)
-+		die(&g, "cannot allocate regular expression");
-+	g.pstart = g.pend = alloc(ctx, NULL, sizeof (Renode) * strlen(pattern) * 2);
-+	if (!g.pstart)
-+		die(&g, "cannot allocate regular expression parse list");
-+
- 	g.source = pattern;
- 	g.ncclass = 0;
- 	g.nsub = 1;
-@@ -840,7 +848,9 @@ Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
- 		die(&g, "syntax error");
- 
- 	g.prog->nsub = g.nsub;
--	g.prog->start = g.prog->end = malloc((count(node) + 6) * sizeof (Reinst));
-+	g.prog->start = g.prog->end = alloc(ctx, NULL, (count(node) + 6) * sizeof (Reinst));
-+	if (!g.prog->start)
-+		die(&g, "cannot allocate regular expression instruction list");
- 
- 	split = emit(g.prog, I_SPLIT);
- 	split->x = split + 3;
-@@ -859,20 +869,35 @@ Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
- 	dumpprog(g.prog);
- #endif
- 
--	free(g.pstart);
-+	alloc(ctx, g.pstart, 0);
- 
- 	if (errorp) *errorp = NULL;
- 	return g.prog;
- }
- 
--void regfree(Reprog *prog)
-+void regfreex(void *(*alloc)(void *ctx, void *p, int n), void *ctx, Reprog *prog)
- {
- 	if (prog) {
--		free(prog->start);
--		free(prog);
-+		alloc(ctx, prog->start, 0);
-+		alloc(ctx, prog, 0);
- 	}
- }
- 
-+static void *default_alloc(void *ctx, void *p, int n)
-+{
-+	return realloc(p, (size_t)n);
-+}
-+
-+Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
-+{
-+	return regcompx(default_alloc, NULL, pattern, cflags, errorp);
-+}
-+
-+void regfree(Reprog *prog)
-+{
-+	regfreex(default_alloc, NULL, prog);
-+}
-+
- /* Match */
- 
- static int isnewline(int c)
-diff --git a/thirdparty/mujs/regexp.h b/thirdparty/mujs/regexp.h
-index 4bb4615..6bb73e8 100644
---- a/thirdparty/mujs/regexp.h
-+++ b/thirdparty/mujs/regexp.h
-@@ -1,6 +1,8 @@
- #ifndef regexp_h
- #define regexp_h
- 
-+#define regcompx js_regcompx
-+#define regfreex js_regfreex
- #define regcomp js_regcomp
- #define regexec js_regexec
- #define regfree js_regfree
-@@ -8,6 +10,11 @@
- typedef struct Reprog Reprog;
- typedef struct Resub Resub;
- 
-+Reprog *regcompx(void *(*alloc)(void *ctx, void *p, int n), void *ctx,
-+	const char *pattern, int cflags, const char **errorp);
-+void regfreex(void *(*alloc)(void *ctx, void *p, int n), void *ctx,
-+	Reprog *prog);
-+
- Reprog *regcomp(const char *pattern, int cflags, const char **errorp);
- int regexec(Reprog *prog, const char *string, Resub *sub, int eflags);
- void regfree(Reprog *prog);
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch b/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch
deleted file mode 100644
index d73849262c..0000000000
--- a/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix CVE-2016-10133:
-
-https://bugs.ghostscript.com/show_bug.cgi?id=697401
-http://seclists.org/oss-sec/2017/q1/74
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10133
-
-Patch lifted from upstream source repository:
-
-https://git.ghostscript.com/?p=mujs.git;h=77ab465f1c394bb77f00966cd950650f3f53cb24
-
-From 77ab465f1c394bb77f00966cd950650f3f53cb24 Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor.andersson@gmail.com>
-Date: Thu, 12 Jan 2017 14:47:01 +0100
-Subject: [PATCH] Fix 697401: Error when dropping extra arguments to
- lightweight functions.
-
----
- thirdparty/mujs/jsrun.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/thirdparty/mujs/jsrun.c b/thirdparty/mujs/jsrun.c
-index ee80845..782a6f9 100644
---- a/thirdparty/mujs/jsrun.c
-+++ b/thirdparty/mujs/jsrun.c
-@@ -937,7 +937,7 @@ static void jsR_calllwfunction(js_State *J, int n, js_Function *F, js_Environmen
- 	jsR_savescope(J, scope);
- 
- 	if (n > F->numparams) {
--		js_pop(J, F->numparams - n);
-+		js_pop(J, n - F->numparams);
- 		n = F->numparams;
- 	}
- 	for (i = n; i < F->varlen; ++i)
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/node-9077.patch b/gnu/packages/patches/node-9077.patch
index e57f5caac7..6b71d48c0e 100644
--- a/gnu/packages/patches/node-9077.patch
+++ b/gnu/packages/patches/node-9077.patch
@@ -12,19 +12,20 @@ zlib. Using a shared zlib results in build breakage:
                ^ ~~~~~~~~~~~~~~~~~
 1 error generated.
 ---
- node.gyp | 2 ++
- 1 file changed, 2 insertions(+)
+ node.gyp | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/node.gyp b/node.gyp
-index fa98547..d799ba1 100644
+index 272dc98..667c260 100644
 --- a/node.gyp
 +++ b/node.gyp
-@@ -480,6 +480,8 @@
-         }],
-         [ 'node_shared_zlib=="false"', {
-           'dependencies': [ 'deps/zlib/zlib.gyp:zlib' ],
-+        }, {
-+          'defines': [ 'ZLIB_CONST' ],
-         }],
- 
-         [ 'node_shared_http_parser=="false"', {
+@@ -653,7 +653,8 @@
+             [ 'node_shared_zlib=="false"', {
+               'dependencies': [
+                 'deps/zlib/zlib.gyp:zlib',
+-              ]
++              ]}, {
++              'defines': [ 'ZLIB_CONST' ],
+             }],
+             [ 'node_shared_openssl=="false"', {
+               'dependencies': [
diff --git a/gnu/packages/patches/nss-disable-long-b64-tests.patch b/gnu/packages/patches/nss-disable-long-b64-tests.patch
new file mode 100644
index 0000000000..612d94128d
--- /dev/null
+++ b/gnu/packages/patches/nss-disable-long-b64-tests.patch
@@ -0,0 +1,34 @@
+Disable long b64 tests, which consistently fail on armhf.
+This is based on an excerpt of the following upstream patch:
+
+  https://hg.mozilla.org/projects/nss/rev/00b2cc2b33c7
+
+(we exclude the part of the upstream patch that reverts
+an earlier failed attempt, and adapt the file names)
+
+diff --git a/gtests/util_gtest/util_b64_unittest.cc b/gtests/util_gtest/util_b64_unittest.cc
+--- a/nss/gtests/util_gtest/util_b64_unittest.cc
++++ b/nss/gtests/util_gtest/util_b64_unittest.cc
+@@ -63,17 +63,19 @@ TEST_F(B64EncodeDecodeTest, EncDecTest) 
+ 
+ TEST_F(B64EncodeDecodeTest, FakeDecTest) { EXPECT_TRUE(TestFakeDecode(100)); }
+ 
+ TEST_F(B64EncodeDecodeTest, FakeEncDecTest) {
+   EXPECT_TRUE(TestFakeEncode(100));
+ }
+ 
+ // These takes a while ...
+-TEST_F(B64EncodeDecodeTest, LongFakeDecTest1) {
++TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeDecTest1) {
+   EXPECT_TRUE(TestFakeDecode(0x66666666));
+ }
+-TEST_F(B64EncodeDecodeTest, LongFakeEncDecTest1) { TestFakeEncode(0x3fffffff); }
+-TEST_F(B64EncodeDecodeTest, LongFakeEncDecTest2) {
++TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeEncDecTest1) {
++  TestFakeEncode(0x3fffffff);
++}
++TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeEncDecTest2) {
+   EXPECT_FALSE(TestFakeEncode(0x40000000));
+ }
+ 
+ }  // namespace nss_test
diff --git a/gnu/packages/patches/nss-increase-test-timeout.patch b/gnu/packages/patches/nss-increase-test-timeout.patch
index c6aac6ac00..1e24940322 100644
--- a/gnu/packages/patches/nss-increase-test-timeout.patch
+++ b/gnu/packages/patches/nss-increase-test-timeout.patch
@@ -14,12 +14,12 @@ Increase timeouts to increase chances of a successful build.
  }
  
  void TlsConnectTestBase::EnableExtendedMasterSecret() {
-@@ -387,7 +387,7 @@
-   } else {
-     fail_agent = server_;
+@@ -385,7 +385,7 @@
+   if (failing_side == TlsAgent::CLIENT) {
+     failing_agent = client_;
    }
--  ASSERT_TRUE_WAIT(fail_agent->state() == TlsAgent::STATE_ERROR, 5000);
-+  ASSERT_TRUE_WAIT(fail_agent->state() == TlsAgent::STATE_ERROR, 25000);
+-  ASSERT_TRUE_WAIT(failing_agent->state() == TlsAgent::STATE_ERROR, 5000);
++  ASSERT_TRUE_WAIT(failing_agent->state() == TlsAgent::STATE_ERROR, 25000);
  }
  
  void TlsConnectTestBase::ConfigureVersion(uint16_t version) {
diff --git a/gnu/packages/patches/password-store-gnupg-compat.patch b/gnu/packages/patches/password-store-gnupg-compat.patch
deleted file mode 100644
index c314ba6647..0000000000
--- a/gnu/packages/patches/password-store-gnupg-compat.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-Copied from upstream mailing list:
-https://lists.zx2c4.com/pipermail/password-store/2017-March/002844.html.
-
-The patch actually restores compatibility with GnuPG 2.1.19, the '2.2.19' in
-the commit message is a typo.
-
-From 8723d8e8192683891904aff321446b0fac37d1ad Mon Sep 17 00:00:00 2001
-From: Andreas Stieger <astieger@suse.com>
-Date: Fri, 10 Mar 2017 15:43:26 +0100
-Subject: [PATCH] Fix compatibility with GnuPG 2.2.19
-
-GnuPG 2.2.19 added a warning when no command was given.
-
-* src/password-store.sh (reencrypt_path): Add --decrypt to --list-only
-* tests/t0300-reencryption.sh (gpg_keys_from_encrypted_file): same
-
-https://bugs.gnupg.org/gnupg/msg9873
-http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=810adfd47801fc01e45fb71af9f05c91f7890cdb
-https://bugzilla.suse.com/show_bug.cgi?id=1028867
----
- src/password-store.sh       | 2 +-
- tests/t0300-reencryption.sh | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/password-store.sh b/src/password-store.sh
-index 1ab6fb5..bad8d4f 100755
---- a/src/password-store.sh
-+++ b/src/password-store.sh
-@@ -125,7 +125,7 @@ reencrypt_path() {
- 			done
- 			gpg_keys="$($GPG $PASSWORD_STORE_GPG_OPTS --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)"
- 		fi
--		current_keys="$($GPG $PASSWORD_STORE_GPG_OPTS -v --no-secmem-warning --no-permission-warning --list-only --keyid-format long "$passfile" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u)"
-+		current_keys="$($GPG $PASSWORD_STORE_GPG_OPTS -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$passfile" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u)"
- 
- 		if [[ $gpg_keys != "$current_keys" ]]; then
- 			echo "$passfile_display: reencrypting to ${gpg_keys//$'\n'/ }"
-diff --git a/tests/t0300-reencryption.sh b/tests/t0300-reencryption.sh
-index 9d46580..6d5811d 100755
---- a/tests/t0300-reencryption.sh
-+++ b/tests/t0300-reencryption.sh
-@@ -10,7 +10,7 @@ canonicalize_gpg_keys() {
- 	$GPG --list-keys --with-colons "$@" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u
- }
- gpg_keys_from_encrypted_file() {
--	$GPG -v --no-secmem-warning --no-permission-warning --list-only --keyid-format long "$1" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u
-+	$GPG -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$1" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u
- }
- gpg_keys_from_group() {
- 	local output="$($GPG --list-config --with-colons | sed -n "s/^cfg:group:$1:\\(.*\\)/\\1/p" | head -n 1)"
--- 
-2.12.0
-
diff --git a/gnu/packages/patches/pcre-CVE-2017-7186.patch b/gnu/packages/patches/pcre-CVE-2017-7186.patch
new file mode 100644
index 0000000000..d23aa10374
--- /dev/null
+++ b/gnu/packages/patches/pcre-CVE-2017-7186.patch
@@ -0,0 +1,56 @@
+Patch for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-7186>
+from <https://vcs.pcre.org/pcre?view=revision&revision=1688>.
+
+--- trunk/pcre_internal.h	2016/05/21 13:34:44	1649
++++ trunk/pcre_internal.h	2017/02/24 17:30:30	1688
+@@ -2772,6 +2772,9 @@
+ extern const pcre_uint16 PRIV(ucd_stage2)[];
+ extern const pcre_uint32 PRIV(ucp_gentype)[];
+ extern const pcre_uint32 PRIV(ucp_gbtable)[];
++#ifdef COMPILE_PCRE32
++extern const ucd_record  PRIV(dummy_ucd_record)[];
++#endif
+ #ifdef SUPPORT_JIT
+ extern const int         PRIV(ucp_typerange)[];
+ #endif
+@@ -2780,9 +2783,15 @@
+ /* UCD access macros */
+ 
+ #define UCD_BLOCK_SIZE 128
+-#define GET_UCD(ch) (PRIV(ucd_records) + \
++#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \
+         PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \
+         UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE])
++        
++#ifdef COMPILE_PCRE32
++#define GET_UCD(ch) ((ch > 0x10ffff)? PRIV(dummy_ucd_record) : REAL_GET_UCD(ch))
++#else
++#define GET_UCD(ch) REAL_GET_UCD(ch)
++#endif 
+ 
+ #define UCD_CHARTYPE(ch)    GET_UCD(ch)->chartype
+ #define UCD_SCRIPT(ch)      GET_UCD(ch)->script
+
+--- trunk/pcre_ucd.c	2014/06/19 07:51:39	1490
++++ trunk/pcre_ucd.c	2017/02/24 17:30:30	1688
+@@ -38,6 +38,20 @@
+ const pcre_uint32 PRIV(ucd_caseless_sets)[] = {0};
+ #else
+ 
++/* If the 32-bit library is run in non-32-bit mode, character values
++greater than 0x10ffff may be encountered. For these we set up a
++special record. */
++
++#ifdef COMPILE_PCRE32
++const ucd_record PRIV(dummy_ucd_record)[] = {{
++  ucp_Common,    /* script */
++  ucp_Cn,        /* type unassigned */
++  ucp_gbOther,   /* grapheme break property */
++  0,             /* case set */
++  0,             /* other case */
++  }};
++#endif
++
+ /* When recompiling tables with a new Unicode version, please check the
+ types in this structure definition from pcre_internal.h (the actual
+ field names will be different):
diff --git a/gnu/packages/patches/pcre2-CVE-2017-7186.patch b/gnu/packages/patches/pcre2-CVE-2017-7186.patch
new file mode 100644
index 0000000000..5c16955aaa
--- /dev/null
+++ b/gnu/packages/patches/pcre2-CVE-2017-7186.patch
@@ -0,0 +1,68 @@
+Patch for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-7186>
+taken from <https://vcs.pcre.org/pcre2?view=revision&revision=670>.
+
+--- trunk/src/pcre2_internal.h	2016/11/19 12:46:24	600
++++ trunk/src/pcre2_internal.h	2017/02/24 18:25:32	670
+@@ -1774,10 +1774,17 @@
+ /* UCD access macros */
+ 
+ #define UCD_BLOCK_SIZE 128
+-#define GET_UCD(ch) (PRIV(ucd_records) + \
++#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \
+         PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \
+         UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE])
+ 
++#if PCRE2_CODE_UNIT_WIDTH == 32
++#define GET_UCD(ch) ((ch > MAX_UTF_CODE_POINT)? \
++  PRIV(dummy_ucd_record) : REAL_GET_UCD(ch))
++#else
++#define GET_UCD(ch) REAL_GET_UCD(ch)
++#endif
++
+ #define UCD_CHARTYPE(ch)    GET_UCD(ch)->chartype
+ #define UCD_SCRIPT(ch)      GET_UCD(ch)->script
+ #define UCD_CATEGORY(ch)    PRIV(ucp_gentype)[UCD_CHARTYPE(ch)]
+@@ -1834,6 +1841,9 @@
+ #define _pcre2_default_compile_context PCRE2_SUFFIX(_pcre2_default_compile_context_)
+ #define _pcre2_default_match_context   PCRE2_SUFFIX(_pcre2_default_match_context_)
+ #define _pcre2_default_tables          PCRE2_SUFFIX(_pcre2_default_tables_)
++#if PCRE2_CODE_UNIT_WIDTH == 32
++#define _pcre2_dummy_ucd_record        PCRE2_SUFFIX(_pcre2_dummy_ucd_record_)
++#endif
+ #define _pcre2_hspace_list             PCRE2_SUFFIX(_pcre2_hspace_list_)
+ #define _pcre2_vspace_list             PCRE2_SUFFIX(_pcre2_vspace_list_)
+ #define _pcre2_ucd_caseless_sets       PCRE2_SUFFIX(_pcre2_ucd_caseless_sets_)
+@@ -1858,6 +1868,9 @@
+ extern const uint32_t                  PRIV(vspace_list)[];
+ extern const uint32_t                  PRIV(ucd_caseless_sets)[];
+ extern const ucd_record                PRIV(ucd_records)[];
++#if PCRE2_CODE_UNIT_WIDTH == 32
++extern const ucd_record                PRIV(dummy_ucd_record)[];
++#endif
+ extern const uint8_t                   PRIV(ucd_stage1)[];
+ extern const uint16_t                  PRIV(ucd_stage2)[];
+ extern const uint32_t                  PRIV(ucp_gbtable)[];
+
+--- trunk/src/pcre2_ucd.c	2015/07/17 15:44:51	316
++++ trunk/src/pcre2_ucd.c	2017/02/24 18:25:32	670
+@@ -41,6 +41,20 @@
+ 
+ const char *PRIV(unicode_version) = "8.0.0";
+ 
++/* If the 32-bit library is run in non-32-bit mode, character values
++greater than 0x10ffff may be encountered. For these we set up a
++special record. */
++
++#if PCRE2_CODE_UNIT_WIDTH == 32
++const ucd_record PRIV(dummy_ucd_record)[] = {{
++  ucp_Common,    /* script */
++  ucp_Cn,        /* type unassigned */
++  ucp_gbOther,   /* grapheme break property */
++  0,             /* case set */
++  0,             /* other case */
++  }};
++#endif
++
+ /* When recompiling tables with a new Unicode version, please check the
+ types in this structure definition from pcre2_internal.h (the actual
+ field names will be different):
diff --git a/gnu/packages/patches/pcre2-CVE-2017-8786.patch b/gnu/packages/patches/pcre2-CVE-2017-8786.patch
new file mode 100644
index 0000000000..6071d58f07
--- /dev/null
+++ b/gnu/packages/patches/pcre2-CVE-2017-8786.patch
@@ -0,0 +1,155 @@
+Fix CVE-2017-8786:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8786
+https://bugs.exim.org/show_bug.cgi?id=2079
+https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/
+
+Patch copied from upstream source repository:
+
+https://vcs.pcre.org/pcre2?view=revision&revision=696
+https://vcs.pcre.org/pcre2?view=revision&revision=697
+
+--- trunk/doc/pcre2api.3	2017/03/21 16:48:40	695
++++ trunk/doc/pcre2api.3	2017/03/21 17:46:21	696
+@@ -1,4 +1,4 @@
+-.TH PCRE2API 3 "24 December 2016" "PCRE2 10.23"
++.TH PCRE2API 3 "21 March 2017" "PCRE2 10.30"
+ .SH NAME
+ PCRE2 - Perl-compatible regular expressions (revised API)
+ .sp
+@@ -2633,8 +2633,8 @@
+ A text message for an error code from any PCRE2 function (compile, match, or
+ auxiliary) can be obtained by calling \fBpcre2_get_error_message()\fP. The code
+ is passed as the first argument, with the remaining two arguments specifying a
+-code unit buffer and its length, into which the text message is placed. Note
+-that the message is returned in code units of the appropriate width for the
++code unit buffer and its length in code units, into which the text message is
++placed. The message is returned in code units of the appropriate width for the
+ library that is being used.
+ .P
+ The returned message is terminated with a trailing zero, and the function
+@@ -3321,6 +3321,6 @@
+ .rs
+ .sp
+ .nf
+-Last updated: 23 December 2016
+-Copyright (c) 1997-2016 University of Cambridge.
++Last updated: 21 March 2017
++Copyright (c) 1997-2017 University of Cambridge.
+ .fi
+--- trunk/src/pcre2_error.c	2017/03/21 16:48:40	695
++++ trunk/src/pcre2_error.c	2017/03/21 17:46:21	696
+@@ -271,7 +271,7 @@
+ Arguments:
+   enumber       error number
+   buffer        where to put the message (zero terminated)
+-  size          size of the buffer
++  size          size of the buffer in code units
+ 
+ Returns:        length of message if all is well
+                 negative on error
+--- trunk/src/pcre2test.c	2017/03/21 17:46:21	696
++++ trunk/src/pcre2test.c	2017/03/21 18:36:13	697
+@@ -1017,9 +1017,9 @@
+   if (test_mode == PCRE8_MODE) \
+     r = pcre2_get_error_message_8(a,G(b,8),G(G(b,8),_size)); \
+   else if (test_mode == PCRE16_MODE) \
+-    r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size)); \
++    r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size/2)); \
+   else \
+-    r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size))
++    r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size/4))
+ 
+ #define PCRE2_GET_OVECTOR_COUNT(a,b) \
+   if (test_mode == PCRE8_MODE) \
+@@ -1399,6 +1399,9 @@
+ 
+ /* ----- Common macros for two-mode cases ----- */
+ 
++#define BYTEONE (BITONE/8)
++#define BYTETWO (BITTWO/8)
++
+ #define CASTFLD(t,a,b) \
+   ((test_mode == G(G(PCRE,BITONE),_MODE))? (t)(G(a,BITONE)->b) : \
+     (t)(G(a,BITTWO)->b))
+@@ -1481,9 +1484,9 @@
+ 
+ #define PCRE2_GET_ERROR_MESSAGE(r,a,b) \
+   if (test_mode == G(G(PCRE,BITONE),_MODE)) \
+-    r = G(pcre2_get_error_message_,BITONE)(a,G(b,BITONE),G(G(b,BITONE),_size)); \
++    r = G(pcre2_get_error_message_,BITONE)(a,G(b,BITONE),G(G(b,BITONE),_size/BYTEONE)); \
+   else \
+-    r = G(pcre2_get_error_message_,BITTWO)(a,G(b,BITTWO),G(G(b,BITTWO),_size))
++    r = G(pcre2_get_error_message_,BITTWO)(a,G(b,BITTWO),G(G(b,BITTWO),_size/BYTETWO))
+ 
+ #define PCRE2_GET_OVECTOR_COUNT(a,b) \
+   if (test_mode == G(G(PCRE,BITONE),_MODE)) \
+@@ -1904,7 +1907,7 @@
+ #define PCRE2_DFA_MATCH(a,b,c,d,e,f,g,h,i,j) \
+   a = pcre2_dfa_match_16(G(b,16),(PCRE2_SPTR16)c,d,e,f,G(g,16),h,i,j)
+ #define PCRE2_GET_ERROR_MESSAGE(r,a,b) \
+-  r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size))
++  r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size/2))
+ #define PCRE2_GET_OVECTOR_COUNT(a,b) a = pcre2_get_ovector_count_16(G(b,16))
+ #define PCRE2_GET_STARTCHAR(a,b) a = pcre2_get_startchar_16(G(b,16))
+ #define PCRE2_JIT_COMPILE(r,a,b) r = pcre2_jit_compile_16(G(a,16),b)
+@@ -2000,7 +2003,7 @@
+ #define PCRE2_DFA_MATCH(a,b,c,d,e,f,g,h,i,j) \
+   a = pcre2_dfa_match_32(G(b,32),(PCRE2_SPTR32)c,d,e,f,G(g,32),h,i,j)
+ #define PCRE2_GET_ERROR_MESSAGE(r,a,b) \
+-  r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size))
++  r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size/4))
+ #define PCRE2_GET_OVECTOR_COUNT(a,b) a = pcre2_get_ovector_count_32(G(b,32))
+ #define PCRE2_GET_STARTCHAR(a,b) a = pcre2_get_startchar_32(G(b,32))
+ #define PCRE2_JIT_COMPILE(r,a,b) r = pcre2_jit_compile_32(G(a,32),b)
+--- trunk/src/pcre2test.c	2017/03/21 16:48:40	695
++++ trunk/src/pcre2test.c	2017/03/21 17:46:21	696
+@@ -2889,7 +2889,7 @@
+   {
+   if (pbuffer32 != NULL) free(pbuffer32);
+   pbuffer32_size = 4*len + 4;
+-  if (pbuffer32_size < 256) pbuffer32_size = 256;
++  if (pbuffer32_size < 512) pbuffer32_size = 512;
+   pbuffer32 = (uint32_t *)malloc(pbuffer32_size);
+   if (pbuffer32 == NULL)
+     {
+@@ -7600,7 +7600,8 @@
+   int errcode;
+   char *endptr;
+ 
+-/* Ensure the relevant non-8-bit buffer is available. */
++/* Ensure the relevant non-8-bit buffer is available. Ensure that it is at 
++least 128 code units, because it is used for retrieving error messages. */
+ 
+ #ifdef SUPPORT_PCRE2_16
+   if (test_mode == PCRE16_MODE)
+@@ -7620,7 +7621,7 @@
+ #ifdef SUPPORT_PCRE2_32
+   if (test_mode == PCRE32_MODE)
+     {
+-    pbuffer32_size = 256;
++    pbuffer32_size = 512;
+     pbuffer32 = (uint32_t *)malloc(pbuffer32_size);
+     if (pbuffer32 == NULL)
+       {
+--- trunk/testdata/testinput2	2017/03/21 16:48:40	695
++++ trunk/testdata/testinput2	2017/03/21 17:46:21	696
+@@ -5017,4 +5017,6 @@
+ 
+ /(?<!\1((?U)1((?U))))(*F)/never_backslash_c,alt_bsux,anchored,extended
+ 
++/\g{3/
++
+ # End of testinput2 
+--- trunk/testdata/testoutput2	2017/03/21 16:48:40	695
++++ trunk/testdata/testoutput2	2017/03/21 17:46:21	696
+@@ -15570,6 +15570,9 @@
+ 
+ /(?<!\1((?U)1((?U))))(*F)/never_backslash_c,alt_bsux,anchored,extended
+ 
++/\g{3/
++Failed: error 157 at offset 2: \g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number
++
+ # End of testinput2 
+ Error -63: PCRE2_ERROR_BADDATA (unknown error number)
+ Error -62: bad serialized data
diff --git a/gnu/packages/patches/perl-net-dns-resolver-programmable-Fix-broken-interface.patch b/gnu/packages/patches/perl-net-dns-resolver-programmable-fix.patch
index 371693dca1..371693dca1 100644
--- a/gnu/packages/patches/perl-net-dns-resolver-programmable-Fix-broken-interface.patch
+++ b/gnu/packages/patches/perl-net-dns-resolver-programmable-fix.patch
diff --git a/gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch b/gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch
new file mode 100644
index 0000000000..befe9fbb2a
--- /dev/null
+++ b/gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch
@@ -0,0 +1,335 @@
+Downloaded from https://anonscm.debian.org/cgit/selinux/policycoreutils.git/plain/debian/patches/policycoreutils-Make-sepolicy-work-with-python3.patch
+
+From 2d7ca0b862a35196d562f59bd098df011fd7f0e6 Mon Sep 17 00:00:00 2001
+From: Laurent Bigonville <bigon@bigon.be>
+Date: Mon, 7 Nov 2016 10:51:08 +0100
+Subject: [PATCH] policycoreutils: Make sepolicy work with python3
+
+Add python3 support for sepolicy
+
+Signed-off-by: Laurent Bigonville <bigon@bigon.be>
+---
+ policycoreutils/sepolicy/selinux_client.py       |  6 ++--
+ policycoreutils/sepolicy/sepolicy.py             | 38 ++++++++++++------------
+ policycoreutils/sepolicy/sepolicy/__init__.py    | 16 ++++++----
+ policycoreutils/sepolicy/sepolicy/communicate.py |  4 +--
+ policycoreutils/sepolicy/sepolicy/generate.py    | 30 +++++++++----------
+ policycoreutils/sepolicy/sepolicy/interface.py   | 14 ++++++---
+ policycoreutils/sepolicy/sepolicy/manpage.py     |  7 +++--
+ 7 files changed, 65 insertions(+), 50 deletions(-)
+
+diff --git a/policycoreutils/sepolicy/selinux_client.py b/policycoreutils/sepolicy/selinux_client.py
+index 7f4a91c..dc29f28 100644
+--- a/sepolicy/selinux_client.py
++++ b/sepolicy/selinux_client.py
+@@ -39,6 +39,6 @@ if __name__ == "__main__":
+     try:
+         dbus_proxy = SELinuxDBus()
+         resp = dbus_proxy.customized()
+-        print convert_customization(resp)
+-    except dbus.DBusException, e:
+-        print e
++        print(convert_customization(resp))
++    except dbus.DBusException as e:
++        print(e)
+diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
+index 3e502a7..5bf9b52 100755
+--- a/sepolicy/sepolicy.py
++++ b/sepolicy/sepolicy.py
+@@ -262,7 +262,7 @@ def _print_net(src, protocol, perm):
+     if len(portdict) > 0:
+         bold_start = "\033[1m"
+         bold_end = "\033[0;0m"
+-        print "\n" + bold_start + "%s: %s %s" % (src, protocol, perm) + bold_end
++        print("\n" + bold_start + "%s: %s %s" % (src, protocol, perm) + bold_end)
+         port_strings = []
+         boolean_text = ""
+         for p in portdict:
+@@ -275,7 +275,7 @@ def _print_net(src, protocol, perm):
+                     port_strings.append("%s (%s)" % (", ".join(recs), t))
+         port_strings.sort(numcmp)
+         for p in port_strings:
+-            print "\t" + p
++            print("\t" + p)
+ 
+ 
+ def network(args):
+@@ -286,7 +286,7 @@ def network(args):
+             if i[0] not in all_ports:
+                 all_ports.append(i[0])
+         all_ports.sort()
+-        print "\n".join(all_ports)
++        print("\n".join(all_ports))
+ 
+     for port in args.port:
+         found = False
+@@ -297,18 +297,18 @@ def network(args):
+                 else:
+                     range = "%s-%s" % (i[0], i[1])
+                 found = True
+-                print "%d: %s %s %s" % (port, i[2], portrecsbynum[i][0], range)
++                print("%d: %s %s %s" % (port, i[2], portrecsbynum[i][0], range))
+         if not found:
+             if port < 500:
+-                print "Undefined reserved port type"
++                print("Undefined reserved port type")
+             else:
+-                print "Undefined port type"
++                print("Undefined port type")
+ 
+     for t in args.type:
+         if (t, 'tcp') in portrecs.keys():
+-            print "%s: tcp: %s" % (t, ",".join(portrecs[t, 'tcp']))
++            print("%s: tcp: %s" % (t, ",".join(portrecs[t, 'tcp'])))
+         if (t, 'udp') in portrecs.keys():
+-            print "%s: udp: %s" % (t, ",".join(portrecs[t, 'udp']))
++            print( "%s: udp: %s" % (t, ",".join(portrecs[t, 'udp'])))
+ 
+     for a in args.applications:
+         d = sepolicy.get_init_transtype(a)
+@@ -357,7 +357,7 @@ def manpage(args):
+ 
+     for domain in test_domains:
+         m = ManPage(domain, path, args.root, args.source_files, args.web)
+-        print m.get_man_page_path()
++        print(m.get_man_page_path())
+ 
+     if args.web:
+         HTMLManPages(manpage_roles, manpage_domains, path, args.os)
+@@ -418,7 +418,7 @@ def communicate(args):
+     out = list(set(writable) & set(readable))
+ 
+     for t in out:
+-        print t
++        print(t)
+ 
+ 
+ def gen_communicate_args(parser):
+@@ -445,7 +445,7 @@ def booleans(args):
+     args.booleans.sort()
+ 
+     for b in args.booleans:
+-        print "%s=_(\"%s\")" % (b, boolean_desc(b))
++        print("%s=_(\"%s\")" % (b, boolean_desc(b)))
+ 
+ 
+ def gen_booleans_args(parser):
+@@ -484,16 +484,16 @@ def print_interfaces(interfaces, args, append=""):
+     for i in interfaces:
+         if args.verbose:
+             try:
+-                print get_interface_format_text(i + append)
++                print(get_interface_format_text(i + append))
+             except KeyError:
+-                print i
++                print(i)
+         if args.compile:
+             try:
+                 interface_compile_test(i)
+             except KeyError:
+-                print i
++                print(i)
+         else:
+-            print i
++            print(i)
+ 
+ 
+ def interface(args):
+@@ -565,7 +565,7 @@ def generate(args):
+     if args.policytype in APPLICATIONS:
+         mypolicy.gen_writeable()
+         mypolicy.gen_symbols()
+-    print mypolicy.generate(args.path)
++    print(mypolicy.generate(args.path))
+ 
+ 
+ def gen_interface_args(parser):
+@@ -698,12 +698,12 @@ if __name__ == '__main__':
+         args = parser.parse_args(args=parser_args)
+         args.func(args)
+         sys.exit(0)
+-    except ValueError, e:
++    except ValueError as e:
+         sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e)))
+         sys.exit(1)
+-    except IOError, e:
++    except IOError as e:
+         sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e)))
+         sys.exit(1)
+     except KeyboardInterrupt:
+-        print "Out"
++        print("Out")
+         sys.exit(0)
+diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
+index 8fbd5b4..fee6438 100644
+--- a/sepolicy/sepolicy/__init__.py
++++ b/sepolicy/sepolicy/__init__.py
+@@ -695,7 +695,7 @@ def get_methods():
+     # List of per_role_template interfaces
+         ifs = interfaces.InterfaceSet()
+         ifs.from_file(fd)
+-        methods = ifs.interfaces.keys()
++        methods = list(ifs.interfaces.keys())
+         fd.close()
+     except:
+         sys.stderr.write("could not open interface info [%s]\n" % fn)
+@@ -752,7 +752,10 @@ def get_all_entrypoint_domains():
+ 
+ 
+ def gen_interfaces():
+-    import commands
++    try:
++        from commands import getstatusoutput
++    except ImportError:
++        from subprocess import getstatusoutput
+     ifile = defaults.interface_info()
+     headers = defaults.headers()
+     try:
+@@ -763,7 +766,7 @@ def gen_interfaces():
+ 
+     if os.getuid() != 0:
+         raise ValueError(_("You must regenerate interface info by running /usr/bin/sepolgen-ifgen"))
+-    print(commands.getstatusoutput("/usr/bin/sepolgen-ifgen")[1])
++    print(getstatusoutput("/usr/bin/sepolgen-ifgen")[1])
+ 
+ 
+ def gen_port_dict():
+@@ -1085,8 +1088,11 @@ def get_os_version():
+     os_version = ""
+     pkg_name = "selinux-policy"
+     try:
+-        import commands
+-        rc, output = commands.getstatusoutput("rpm -q '%s'" % pkg_name)
++        try:
++            from commands import getstatusoutput
++        except ImportError:
++            from subprocess import getstatusoutput
++        rc, output = getstatusoutput("rpm -q '%s'" % pkg_name)
+         if rc == 0:
+             os_version = output.split(".")[-2]
+     except:
+diff --git a/policycoreutils/sepolicy/sepolicy/communicate.py b/policycoreutils/sepolicy/sepolicy/communicate.py
+index b96c4b9..299316e 100755
+--- a/sepolicy/sepolicy/communicate.py
++++ b/sepolicy/sepolicy/communicate.py
+@@ -34,8 +34,8 @@ def usage(parser, msg):
+ 
+ def expand_attribute(attribute):
+     try:
+-        return sepolicy.info(sepolicy.ATTRIBUTE, attribute)[0]["types"]
+-    except RuntimeError:
++        return list(next(sepolicy.info(sepolicy.ATTRIBUTE, attribute))["types"])
++    except StopIteration:
+         return [attribute]
+ 
+ 
+diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
+index 65b33b6..5696110 100644
+--- a/sepolicy/sepolicy/generate.py
++++ b/sepolicy/sepolicy/generate.py
+@@ -31,21 +31,21 @@ import time
+ import types
+ import platform
+ 
+-from templates import executable
+-from templates import boolean
+-from templates import etc_rw
+-from templates import unit_file
+-from templates import var_cache
+-from templates import var_spool
+-from templates import var_lib
+-from templates import var_log
+-from templates import var_run
+-from templates import tmp
+-from templates import rw
+-from templates import network
+-from templates import script
+-from templates import spec
+-from templates import user
++from .templates import executable
++from .templates import boolean
++from .templates import etc_rw
++from .templates import unit_file
++from .templates import var_cache
++from .templates import var_spool
++from .templates import var_lib
++from .templates import var_log
++from .templates import var_run
++from .templates import tmp
++from .templates import rw
++from .templates import network
++from .templates import script
++from .templates import spec
++from .templates import user
+ import sepolgen.interfaces as interfaces
+ import sepolgen.defaults as defaults
+ 
+diff --git a/policycoreutils/sepolicy/sepolicy/interface.py b/policycoreutils/sepolicy/sepolicy/interface.py
+index c2cb971..8956f39 100644
+--- a/sepolicy/sepolicy/interface.py
++++ b/sepolicy/sepolicy/interface.py
+@@ -192,10 +192,13 @@ def generate_compile_te(interface, idict, name="compiletest"):
+ def get_xml_file(if_file):
+     """ Returns xml format of interfaces for given .if policy file"""
+     import os
+-    import commands
++    try:
++            from commands import getstatusoutput
++    except ImportError:
++            from subprocess import getstatusoutput
+     basedir = os.path.dirname(if_file) + "/"
+     filename = os.path.basename(if_file).split(".")[0]
+-    rc, output = commands.getstatusoutput("python /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % basedir + filename)
++    rc, output = getstatusoutput("python /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % basedir + filename)
+     if rc != 0:
+         sys.stderr.write("\n Could not proceed selected interface file.\n")
+         sys.stderr.write("\n%s" % output)
+@@ -208,7 +211,10 @@ def interface_compile_test(interface, path="/usr/share/selinux/devel/policy.xml"
+     exclude_interfaces = ["userdom", "kernel", "corenet", "files", "dev"]
+     exclude_interface_type = ["template"]
+ 
+-    import commands
++    try:
++            from commands import getstatusoutput
++    except ImportError:
++            from subprocess import getstatusoutput
+     import os
+     policy_files = {'pp': "compiletest.pp", 'te': "compiletest.te", 'fc': "compiletest.fc", 'if': "compiletest.if"}
+     idict = get_interface_dict(path)
+@@ -219,7 +225,7 @@ def interface_compile_test(interface, path="/usr/share/selinux/devel/policy.xml"
+             fd = open(policy_files['te'], "w")
+             fd.write(generate_compile_te(interface, idict))
+             fd.close()
+-            rc, output = commands.getstatusoutput("make -f /usr/share/selinux/devel/Makefile %s" % policy_files['pp'])
++            rc, output = getstatusoutput("make -f /usr/share/selinux/devel/Makefile %s" % policy_files['pp'])
+             if rc != 0:
+                 sys.stderr.write(output)
+                 sys.stderr.write(_("\nCompile test for %s failed.\n") % interface)
+diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
+index 7365f93..773a9ab 100755
+--- a/sepolicy/sepolicy/manpage.py
++++ b/sepolicy/sepolicy/manpage.py
+@@ -27,7 +27,6 @@ __all__ = ['ManPage', 'HTMLManPages', 'manpage_domains', 'manpage_roles', 'gen_d
+ import string
+ import selinux
+ import sepolicy
+-import commands
+ import os
+ import time
+ 
+@@ -162,7 +161,11 @@ def get_alphabet_manpages(manpage_list):
+ 
+ 
+ def convert_manpage_to_html(html_manpage, manpage):
+-    rc, output = commands.getstatusoutput("/usr/bin/groff -man -Thtml %s 2>/dev/null" % manpage)
++    try:
++            from commands import getstatusoutput
++    except ImportError:
++            from subprocess import getstatusoutput
++    rc, output = getstatusoutput("/usr/bin/groff -man -Thtml %s 2>/dev/null" % manpage)
+     if rc == 0:
+         print(html_manpage, "has been created")
+         fd = open(html_manpage, 'w')
+-- 
+2.10.2
+
diff --git a/gnu/packages/patches/portaudio-audacity-compat.patch b/gnu/packages/patches/portaudio-audacity-compat.patch
index 9f239ada35..513d08bcea 100644
--- a/gnu/packages/patches/portaudio-audacity-compat.patch
+++ b/gnu/packages/patches/portaudio-audacity-compat.patch
@@ -7,27 +7,27 @@ See <http://music.columbia.edu/pipermail/portaudio/2015-March/016611.html>.
 --- a/include/pa_win_ds.h
 +++ b/include/pa_win_ds.h
 @@ -89,6 +89,21 @@
- 

- }PaWinDirectSoundStreamInfo;

- 

-+/** Retrieve the GUID of the input device.

-+

-+ @param stream The stream to query.

-+

-+ @return A pointer to the GUID, or NULL if none.

-+*/

-+LPGUID PaWinDS_GetStreamInputGUID( PaStream* s );

-+

-+/** Retrieve the GUID of the output device.

-+

-+ @param stream The stream to query.

-+

-+ @return A pointer to the GUID, or NULL if none.

-+*/

-+LPGUID PaWinDS_GetStreamOutputGUID( PaStream* s );

- 

- 

- #ifdef __cplusplus

+
+ }PaWinDirectSoundStreamInfo;
+
++/** Retrieve the GUID of the input device.
++
++ @param stream The stream to query.
++
++ @return A pointer to the GUID, or NULL if none.
++*/
++LPGUID PaWinDS_GetStreamInputGUID( PaStream* s );
++
++/** Retrieve the GUID of the output device.
++
++ @param stream The stream to query.
++
++ @return A pointer to the GUID, or NULL if none.
++*/
++LPGUID PaWinDS_GetStreamOutputGUID( PaStream* s );
+
+
+ #ifdef __cplusplus
 --- a/include/portaudio.h
 +++ b/include/portaudio.h
 @@ -1146,6 +1146,15 @@
@@ -224,15 +224,15 @@ See <http://music.columbia.edu/pipermail/portaudio/2015-March/016611.html>.
 --- a/src/hostapi/coreaudio/pa_mac_core_blocking.c
 +++ b/src/hostapi/coreaudio/pa_mac_core_blocking.c
 @@ -66,6 +66,9 @@
- #ifdef MOSX_USE_NON_ATOMIC_FLAG_BITS

- # define OSAtomicOr32( a, b ) ( (*(b)) |= (a) )

- # define OSAtomicAnd32( a, b ) ( (*(b)) &= (a) )

-+#elif MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_3

-+# define OSAtomicOr32( a, b ) BitOrAtomic( a, (UInt32 *) b )

-+# define OSAtomicAnd32( a, b ) BitAndAtomic( a, (UInt32 *) b )

- #else

- # include <libkern/OSAtomic.h>

- #endif

+ #ifdef MOSX_USE_NON_ATOMIC_FLAG_BITS
+ # define OSAtomicOr32( a, b ) ( (*(b)) |= (a) )
+ # define OSAtomicAnd32( a, b ) ( (*(b)) &= (a) )
++#elif MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_3
++# define OSAtomicOr32( a, b ) BitOrAtomic( a, (UInt32 *) b )
++# define OSAtomicAnd32( a, b ) BitAndAtomic( a, (UInt32 *) b )
+ #else
+ # include <libkern/OSAtomic.h>
+ #endif
 --- a/src/hostapi/alsa/pa_linux_alsa.c
 +++ b/src/hostapi/alsa/pa_linux_alsa.c
 @@ -611,6 +611,7 @@
diff --git a/gnu/packages/patches/proot-test-fhs.patch b/gnu/packages/patches/proot-test-fhs.patch
new file mode 100644
index 0000000000..d3896addd6
--- /dev/null
+++ b/gnu/packages/patches/proot-test-fhs.patch
@@ -0,0 +1,98 @@
+The test suite of PRoot makes many FHS assumptions, such as assuming
+that /bin, /bin/true, and /usr exist.  This patch fixes these assumptions.
+
+--- source/tests/GNUmakefile	2017-05-11 15:26:36.899115484 +0200
++++ source/tests/GNUmakefile	2017-05-11 15:26:46.143063166 +0200
+@@ -121,7 +121,7 @@ $(ROOTFS_DIR):
+ setup: $(ROOTFS_BIN)
+ 
+ $(ROOTFS)/bin/abs-true:
+-	@ln -fs /bin/true $@
++	@ln -fs `which true`  $@
+ 
+ $(ROOTFS)/bin/rel-true:
+ 	@ln -fs ./true $@
+
+--- source/tests/test-d2175fc3.sh	2017-05-11 15:36:53.727617010 +0200
++++ source/tests/test-d2175fc3.sh	2017-05-11 15:37:10.155523637 +0200
+@@ -2,8 +2,8 @@ if [ ! -x  ${ROOTFS}/bin/readlink ] || [
+     exit 125;
+ fi
+ 
+-${PROOT} -r ${ROOTFS} /bin/readlink /bin/abs-true | grep '^/bin/true$'
++${PROOT} -r ${ROOTFS} /bin/readlink /bin/abs-true | grep "`which true`"
+ ${PROOT} -r ${ROOTFS} /bin/readlink /bin/rel-true | grep '^\./true$'
+ 
+-${PROOT} -b /:/host-rootfs -r ${ROOTFS} /bin/readlink /bin/abs-true | grep '^/bin/true$'
++${PROOT} -b /:/host-rootfs -r ${ROOTFS} /bin/readlink /bin/abs-true | grep "`which true`"
+ ${PROOT} -b /:/host-rootfs -r ${ROOTFS} /bin/readlink /bin/rel-true | grep '^./true$'
+
+--- source/tests/test-d1be631a.sh	2017-05-11 15:41:36.458008715 +0200
++++ source/tests/test-d1be631a.sh	2017-05-11 15:41:38.921994686 +0200
+@@ -1,4 +1,4 @@
+-if [ -z `which mknod`] || [ `id -u` -eq 0 ]; then
++if [ -z `which mknod` ] || [ `id -u` -eq 0 ]; then
+     exit 125;
+ fi
+ 
+--- source/tests/test-5bed7141.c	2017-05-11 15:34:23.088472743 +0200
++++ source/tests/test-5bed7141.c	2017-05-11 15:34:27.052450235 +0200
+@@ -80,7 +80,7 @@ int main(int argc, char *argv[])
+ 		exit(EXIT_FAILURE);
+ 
+ 	case 0: /* child */
+-		status = chdir("/usr");
++		status = chdir("/gnu");
+ 		if (status < 0) {
+ 			perror("chdir");
+ 			exit(EXIT_FAILURE);
+
+--- a/tests/test-092c5e26.sh
++++ b/tests/test-092c5e26.sh
+@@ -24,7 +24,7 @@ fi
+ 
+ unset LD_LIBRARY_PATH
+ 
+-env PROOT_FORCE_FOREIGN_BINARY=1 PATH=/tmp:/bin:/usr/bin ${PROOT} -r ${ROOTFS} -q echo ${TMP} | grep "^-U LD_LIBRARY_PATH ${EXTRA}-0 /bin/argv0 /bin/argv0 ${TMP_ABS}$"
++env PROOT_FORCE_FOREIGN_BINARY=1 PATH=/tmp:/bin:/usr/bin:$(dirname $(which echo)) ${PROOT} -r ${ROOTFS} -q echo ${TMP} | grep "^-U LD_LIBRARY_PATH ${EXTRA}-0 /bin/argv0 /bin/argv0 ${TMP_ABS}$"
+ env PROOT_FORCE_FOREIGN_BINARY=1 ${PROOT} -r ${ROOTFS} -q echo ${TMP_ABS} | grep "^-U LD_LIBRARY_PATH ${EXTRA}-0 /bin/argv0 /bin/argv0 ${TMP_ABS}$"
+ 
+ cat > ${ROOTFS}/${TMP_ABS} <<EOF
+@@ -34,7 +34,7 @@ chmod +x ${ROOTFS}/${TMP_ABS}
+ 
+ # Valgrind prepends "/bin/sh" in front of foreign binaries.
+ if ! $(echo ${PROOT} | grep -q valgrind); then
+-    env PATH=/tmp:/bin:/usr/bin ${PROOT} -r ${ROOTFS} -q echo ${TMP} | grep "^-U LD_LIBRARY_PATH -0 ${TMP} ${TMP_ABS}$"
++    env PATH=/tmp:/bin:/usr/bin:$(dirname $(which echo)) ${PROOT} -r ${ROOTFS} -q echo ${TMP} | grep "^-U LD_LIBRARY_PATH -0 ${TMP} ${TMP_ABS}$"
+     ${PROOT} -r ${ROOTFS} -q echo ${TMP_ABS}                | grep "^-U LD_LIBRARY_PATH -0 ${TMP_ABS} ${TMP_ABS}$"
+ fi
+ 
+diff --git a/tests/test-5467b986.sh b/tests/test-5467b986.sh
+index c6ac71a..f616f1e 100644
+--- a/tests/test-5467b986.sh
++++ b/tests/test-5467b986.sh
+@@ -30,8 +30,8 @@ ${PROOT} -v -1 -b /tmp:/b -b /tmp:/a -r ${ROOTFS} fchdir_getcwd /b | grep '^/[ab
+ ! ${PROOT} -w /bin -r ${ROOTFS} fchdir_getcwd true
+ [ $? -eq 0 ]
+ 
+-${PROOT} -v -1 -w /usr -r / ${ROOTFS}/bin/chdir_getcwd share  | grep '^/usr/share$'
+-${PROOT} -v -1 -w /usr -r / ${ROOTFS}/bin/fchdir_getcwd share | grep '^/usr/share$'
++${PROOT} -v -1 -w /gnu -r / ${ROOTFS}/bin/chdir_getcwd store  | grep '^/gnu/store$'
++${PROOT} -v -1 -w /gnu -r / ${ROOTFS}/bin/fchdir_getcwd store | grep '^/gnu/store$'
+ 
+-(cd /; ${PROOT} -v -1 -w usr -r / ${ROOTFS}/bin/chdir_getcwd share  | grep '^/usr/share$')
+-(cd /; ${PROOT} -v -1 -w usr -r / ${ROOTFS}/bin/fchdir_getcwd share | grep '^/usr/share$')
++(cd /; ${PROOT} -v -1 -w gnu -r / ${ROOTFS}/bin/chdir_getcwd store  | grep '^/gnu/store$')
++(cd /; ${PROOT} -v -1 -w gnu -r / ${ROOTFS}/bin/fchdir_getcwd store | grep '^/gnu/store$')
+
+--- a/tests/test-c15999f9.sh
++++ b/tests/test-c15999f9.sh
+@@ -5,7 +5,7 @@ fi
+ TMP=/tmp/$(mcookie)
+ mkdir ${TMP}
+ 
+-${PROOT} -b /bin/true:${TMP}/true /bin/true
++${PROOT} -b `which true`:${TMP}/true `which true`
+ ! test -e ${TMP}/true
+ [ $? -eq 0 ]
+ 
diff --git a/gnu/packages/patches/python-cython-fix-tests-32bit.patch b/gnu/packages/patches/python-cython-fix-tests-32bit.patch
new file mode 100644
index 0000000000..7ccc11dd4c
--- /dev/null
+++ b/gnu/packages/patches/python-cython-fix-tests-32bit.patch
@@ -0,0 +1,27 @@
+This fixes a test failure on 32-bit platforms.
+
+Upstream bug URL: https://github.com/cython/cython/issues/1548
+
+Patch copied from upstream source repository:
+
+https://github.com/cython/cython/commit/d92a718a26c9354fbf35f31a17de5c069865a447
+
+From d92a718a26c9354fbf35f31a17de5c069865a447 Mon Sep 17 00:00:00 2001
+From: Robert Bradshaw <robertwb@gmail.com>
+Date: Tue, 24 Jan 2017 16:57:00 -0800
+Subject: [PATCH] Normalize possible L suffix.
+
+---
+ tests/run/cpdef_enums.pyx | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/run/cpdef_enums.pyx b/tests/run/cpdef_enums.pyx
+index 167c762..c264ec5 100644
+--- a/tests/run/cpdef_enums.pyx
++++ b/tests/run/cpdef_enums.pyx
+@@ -93,4 +93,4 @@ def verify_resolution_GH1533():
+     3
+     """
+     THREE = 100
+-    return PyxEnum.THREE
++    return int(PyxEnum.THREE)
diff --git a/gnu/packages/patches/python-pyopenssl-skip-network-test.patch b/gnu/packages/patches/python-pyopenssl-skip-network-test.patch
index a24eaf69a0..1ac7324c8b 100644
--- a/gnu/packages/patches/python-pyopenssl-skip-network-test.patch
+++ b/gnu/packages/patches/python-pyopenssl-skip-network-test.patch
@@ -7,20 +7,14 @@ diff --git a/tests/test_ssl.py b/tests/test_ssl.py
 index ee849fd..60048b8 100644
 --- a/tests/test_ssl.py
 +++ b/tests/test_ssl.py
-@@ -1180,40 +1180,6 @@ class ContextTests(TestCase, _LoopbackMixin):
-             TypeError, context.load_verify_locations, None, None, None
-         )
- 
--    @pytest.mark.skipif(
--        platform == "win32",
--        reason="set_default_verify_paths appears not to work on Windows.  "
--        "See LP#404343 and LP#404344."
--    )
+@@ -1113,33 +1113,6 @@ class TestContext(object):
+         reason="set_default_verify_paths appears not to work on Windows.  "
+         "See LP#404343 and LP#404344."
+     )
 -    def test_set_default_verify_paths(self):
 -        """
--        :py:obj:`Context.set_default_verify_paths` causes the
--        platform-specific CA certificate locations to be used for
--        verification purposes.
+-        `Context.set_default_verify_paths` causes the platform-specific CA
+-        certificate locations to be used for verification purposes.
 -        """
 -        # Testing this requires a server with a certificate signed by one
 -        # of the CAs in the platform CA location.  Getting one of those
@@ -43,8 +37,7 @@ index ee849fd..60048b8 100644
 -        clientSSL.set_connect_state()
 -        clientSSL.do_handshake()
 -        clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")
--        self.assertTrue(clientSSL.recv(1024))
--
-     def test_set_default_verify_paths_signature(self):
+-        assert clientSSL.recv(1024)
+ 
+     def test_add_extra_chain_cert_invalid_cert(self):
          """
-         :py:obj:`Context.set_default_verify_paths` takes no arguments and
diff --git a/gnu/packages/patches/qemu-CVE-2016-10155.patch b/gnu/packages/patches/qemu-CVE-2016-10155.patch
deleted file mode 100644
index 825edaa815..0000000000
--- a/gnu/packages/patches/qemu-CVE-2016-10155.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From eb7a20a3616085d46aa6b4b4224e15587ec67e6e Mon Sep 17 00:00:00 2001
-From: Li Qiang <liqiang6-s@360.cn>
-Date: Mon, 28 Nov 2016 17:49:04 -0800
-Subject: [PATCH] watchdog: 6300esb: add exit function
-
-When the Intel 6300ESB watchdog is hot unplug. The timer allocated
-in realize isn't freed thus leaking memory leak. This patch avoid
-this through adding the exit function.
-
-http://git.qemu.org/?p=qemu.git;a=patch;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e
-this patch is from qemu-git.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-Message-Id: <583cde9c.3223ed0a.7f0c2.886e@mx.google.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/watchdog/wdt_i6300esb.c |    9 +++++++++
- 1 files changed, 9 insertions(+), 0 deletions(-)
-
-diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c
-index a83d951..49b3cd1 100644
---- a/hw/watchdog/wdt_i6300esb.c
-+++ b/hw/watchdog/wdt_i6300esb.c
-@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp)
-     /* qemu_register_coalesced_mmio (addr, 0x10); ? */
- }
- 
-+static void i6300esb_exit(PCIDevice *dev)
-+{
-+    I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev);
-+
-+    timer_del(d->timer);
-+    timer_free(d->timer);
-+}
-+
- static WatchdogTimerModel model = {
-     .wdt_name = "i6300esb",
-     .wdt_description = "Intel 6300ESB",
-@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data)
-     k->config_read = i6300esb_config_read;
-     k->config_write = i6300esb_config_write;
-     k->realize = i6300esb_realize;
-+    k->exit = i6300esb_exit;
-     k->vendor_id = PCI_VENDOR_ID_INTEL;
-     k->device_id = PCI_DEVICE_ID_INTEL_ESB_9;
-     k->class_id = PCI_CLASS_SYSTEM_OTHER;
--- 
-1.7.0.4
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-2615.patch b/gnu/packages/patches/qemu-CVE-2017-2615.patch
deleted file mode 100644
index ede1f8c89d..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-2615.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-http://git.qemu.org/?p=qemu.git;a=patch;h=62d4c6bd5263bb8413a06c80144fc678df6dfb64
-this patch is from qemu-git.
-
-
-From 62d4c6bd5263bb8413a06c80144fc678df6dfb64 Mon Sep 17 00:00:00 2001
-From: Li Qiang <liqiang6-s@360.cn>
-Date: Wed, 1 Feb 2017 09:35:01 +0100
-Subject: [PATCH] cirrus: fix oob access issue (CVE-2017-2615)
-
-When doing bitblt copy in backward mode, we should minus the
-blt width first just like the adding in the forward mode. This
-can avoid the oob access of the front of vga's vram.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-
-{ kraxel: with backward blits (negative pitch) addr is the topmost
-          address, so check it as-is against vram size ]
-
-Cc: qemu-stable@nongnu.org
-Cc: P J P <ppandit@redhat.com>
-Cc: Laszlo Ersek <lersek@redhat.com>
-Cc: Paolo Bonzini <pbonzini@redhat.com>
-Cc: Wolfgang Bumiller <w.bumiller@proxmox.com>
-Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106)
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Message-id: 1485938101-26602-1-git-send-email-kraxel@redhat.com
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
----
- hw/display/cirrus_vga.c | 7 +++----
- 1 file changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
-index 7db6409dc5..16f27e8ac5 100644
---- a/hw/display/cirrus_vga.c
-+++ b/hw/display/cirrus_vga.c
-@@ -274,10 +274,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
- {
-     if (pitch < 0) {
-         int64_t min = addr
--            + ((int64_t)s->cirrus_blt_height-1) * pitch;
--        int32_t max = addr
--            + s->cirrus_blt_width;
--        if (min < 0 || max > s->vga.vram_size) {
-+            + ((int64_t)s->cirrus_blt_height - 1) * pitch
-+            - s->cirrus_blt_width;
-+        if (min < -1 || addr >= s->vga.vram_size) {
-             return true;
-         }
-     } else {
--- 
-2.11.0
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-2620.patch b/gnu/packages/patches/qemu-CVE-2017-2620.patch
deleted file mode 100644
index d3111827b7..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-2620.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-Fix CVE-2017-2620:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2620
-https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html
-
-Both patches copied from upstream source repository:
-
-Fixes CVE-2017-2620:
-http://git.qemu-project.org/?p=qemu.git;a=commit;h=92f2b88cea48c6aeba8de568a45f2ed958f3c298
-
-The CVE-2017-2620 bug-fix depends on this earlier patch:
-http://git.qemu-project.org/?p=qemu.git;a=commit;h=913a87885f589d263e682c2eb6637c6e14538061
-
-From 92f2b88cea48c6aeba8de568a45f2ed958f3c298 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Wed, 8 Feb 2017 11:18:36 +0100
-Subject: [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo
- (CVE-2017-2620)
-
-CIRRUS_BLTMODE_MEMSYSSRC blits do NOT check blit destination
-and blit width, at all.  Oops.  Fix it.
-
-Security impact: high.
-
-The missing blit destination check allows to write to host memory.
-Basically same as CVE-2014-8106 for the other blit variants.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/display/cirrus_vga.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
-index 1deb52070a..b9e7cb1df1 100644
---- a/hw/display/cirrus_vga.c
-+++ b/hw/display/cirrus_vga.c
-@@ -900,6 +900,10 @@ static int cirrus_bitblt_cputovideo(CirrusVGAState * s)
- {
-     int w;
- 
-+    if (blit_is_unsafe(s, true)) {
-+        return 0;
-+    }
-+
-     s->cirrus_blt_mode &= ~CIRRUS_BLTMODE_MEMSYSSRC;
-     s->cirrus_srcptr = &s->cirrus_bltbuf[0];
-     s->cirrus_srcptr_end = &s->cirrus_bltbuf[0];
-@@ -925,6 +929,10 @@ static int cirrus_bitblt_cputovideo(CirrusVGAState * s)
- 	}
-         s->cirrus_srccounter = s->cirrus_blt_srcpitch * s->cirrus_blt_height;
-     }
-+
-+    /* the blit_is_unsafe call above should catch this */
-+    assert(s->cirrus_blt_srcpitch <= CIRRUS_BLTBUFSIZE);
-+
-     s->cirrus_srcptr = s->cirrus_bltbuf;
-     s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
-     cirrus_update_memory_access(s);
--- 
-2.12.0
-
-From 913a87885f589d263e682c2eb6637c6e14538061 Mon Sep 17 00:00:00 2001
-From: Bruce Rogers <brogers@suse.com>
-Date: Mon, 9 Jan 2017 13:35:20 -0700
-Subject: [PATCH] display: cirrus: ignore source pitch value as needed in
- blit_is_unsafe
-
-Commit 4299b90 added a check which is too broad, given that the source
-pitch value is not required to be initialized for solid fill operations.
-This patch refines the blit_is_unsafe() check to ignore source pitch in
-that case. After applying the above commit as a security patch, we
-noticed the SLES 11 SP4 guest gui failed to initialize properly.
-
-Signed-off-by: Bruce Rogers <brogers@suse.com>
-Message-id: 20170109203520.5619-1-brogers@suse.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/display/cirrus_vga.c | 11 +++++++----
- 1 file changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
-index bdb092ee9d..379910db2d 100644
---- a/hw/display/cirrus_vga.c
-+++ b/hw/display/cirrus_vga.c
-@@ -294,7 +294,7 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
-     return false;
- }
- 
--static bool blit_is_unsafe(struct CirrusVGAState *s)
-+static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only)
- {
-     /* should be the case, see cirrus_bitblt_start */
-     assert(s->cirrus_blt_width > 0);
-@@ -308,6 +308,9 @@ static bool blit_is_unsafe(struct CirrusVGAState *s)
-                               s->cirrus_blt_dstaddr & s->cirrus_addr_mask)) {
-         return true;
-     }
-+    if (dst_only) {
-+        return false;
-+    }
-     if (blit_region_is_unsafe(s, s->cirrus_blt_srcpitch,
-                               s->cirrus_blt_srcaddr & s->cirrus_addr_mask)) {
-         return true;
-@@ -673,7 +676,7 @@ static int cirrus_bitblt_common_patterncopy(CirrusVGAState * s,
- 
-     dst = s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask);
- 
--    if (blit_is_unsafe(s))
-+    if (blit_is_unsafe(s, false))
-         return 0;
- 
-     (*s->cirrus_rop) (s, dst, src,
-@@ -691,7 +694,7 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
- {
-     cirrus_fill_t rop_func;
- 
--    if (blit_is_unsafe(s)) {
-+    if (blit_is_unsafe(s, true)) {
-         return 0;
-     }
-     rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
-@@ -795,7 +798,7 @@ static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
- 
- static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
- {
--    if (blit_is_unsafe(s))
-+    if (blit_is_unsafe(s, false))
-         return 0;
- 
-     return cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr,
--- 
-2.12.0
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-2630.patch b/gnu/packages/patches/qemu-CVE-2017-2630.patch
deleted file mode 100644
index b154d171f1..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-2630.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Fix CVE-2017-2630:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2630
-https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html
-
-Patch copied from upstream source repository:
-
-http://git.qemu-project.org/?p=qemu.git;a=commit;h=2563c9c6b8670400c48e562034b321a7cf3d9a85
-
-From 2563c9c6b8670400c48e562034b321a7cf3d9a85 Mon Sep 17 00:00:00 2001
-From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Date: Tue, 7 Mar 2017 09:16:27 -0600
-Subject: [PATCH] nbd/client: fix drop_sync [CVE-2017-2630]
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Comparison symbol is misused. It may lead to memory corruption.
-Introduced in commit 7d3123e.
-
-Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Message-Id: <20170203154757.36140-6-vsementsov@virtuozzo.com>
-[eblake: add CVE details, update conditional]
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Message-Id: <20170307151627.27212-1-eblake@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- nbd/client.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/nbd/client.c b/nbd/client.c
-index 5c9dee37fa..3dc2564cd0 100644
---- a/nbd/client.c
-+++ b/nbd/client.c
-@@ -94,7 +94,7 @@ static ssize_t drop_sync(QIOChannel *ioc, size_t size)
-     char small[1024];
-     char *buffer;
- 
--    buffer = sizeof(small) < size ? small : g_malloc(MIN(65536, size));
-+    buffer = sizeof(small) >= size ? small : g_malloc(MIN(65536, size));
-     while (size > 0) {
-         ssize_t count = read_sync(ioc, buffer, MIN(65536, size));
- 
--- 
-2.12.0
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-5525.patch b/gnu/packages/patches/qemu-CVE-2017-5525.patch
deleted file mode 100644
index d0c0c82a4a..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-5525.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 12351a91da97b414eec8cdb09f1d9f41e535a401 Mon Sep 17 00:00:00 2001
-From: Li Qiang <liqiang6-s@360.cn>
-Date: Wed, 14 Dec 2016 18:30:21 -0800
-Subject: [PATCH] audio: ac97: add exit function
-MIME-Version: 1.0
-Content-Type: text/plain; charset=utf8
-Content-Transfer-Encoding: 8bit
-
-http://git.qemu.org/?p=qemu.git;a=patch;h=12351a91da97b414eec8cdb09f1d9f41e535a401
-this patch is from qemu-git
-
-Currently the ac97 device emulation doesn't have a exit function,
-hot unplug this device will leak some memory. Add a exit function to
-avoid this.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Message-id: 58520052.4825ed0a.27a71.6cae@mx.google.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/audio/ac97.c |   11 +++++++++++
- 1 files changed, 11 insertions(+), 0 deletions(-)
-
-diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c
-index cbd959e..c306575 100644
---- a/hw/audio/ac97.c
-+++ b/hw/audio/ac97.c
-@@ -1387,6 +1387,16 @@ static void ac97_realize(PCIDevice *dev, Error **errp)
-     ac97_on_reset (&s->dev.qdev);
- }
- 
-+static void ac97_exit(PCIDevice *dev)
-+{
-+    AC97LinkState *s = DO_UPCAST(AC97LinkState, dev, dev);
-+
-+    AUD_close_in(&s->card, s->voice_pi);
-+    AUD_close_out(&s->card, s->voice_po);
-+    AUD_close_in(&s->card, s->voice_mc);
-+    AUD_remove_card(&s->card);
-+}
-+
- static int ac97_init (PCIBus *bus)
- {
-     pci_create_simple (bus, -1, "AC97");
-@@ -1404,6 +1414,7 @@ static void ac97_class_init (ObjectClass *klass, void *data)
-     PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
- 
-     k->realize = ac97_realize;
-+    k->exit = ac97_exit;
-     k->vendor_id = PCI_VENDOR_ID_INTEL;
-     k->device_id = PCI_DEVICE_ID_INTEL_82801AA_5;
-     k->revision = 0x01;
--- 
-1.7.0.4
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-5526.patch b/gnu/packages/patches/qemu-CVE-2017-5526.patch
deleted file mode 100644
index 5a6d796458..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-5526.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da Mon Sep 17 00:00:00 2001
-From: Li Qiang <liqiang6-s@360.cn>
-Date: Wed, 14 Dec 2016 18:32:22 -0800
-Subject: [PATCH] audio: es1370: add exit function
-MIME-Version: 1.0
-Content-Type: text/plain; charset=utf8
-Content-Transfer-Encoding: 8bit
-
-http://git.qemu.org/?p=qemu.git;a=patch;h=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da
-this patch is from qemu-git.
-
-Currently the es1370 device emulation doesn't have a exit function,
-hot unplug this device will leak some memory. Add a exit function to
-avoid this.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Message-id: 585200c9.a968ca0a.1ab80.4c98@mx.google.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/audio/es1370.c |   14 ++++++++++++++
- 1 files changed, 14 insertions(+), 0 deletions(-)
-
-diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c
-index 8449b5f..883ec69 100644
---- a/hw/audio/es1370.c
-+++ b/hw/audio/es1370.c
-@@ -1041,6 +1041,19 @@ static void es1370_realize(PCIDevice *dev, Error **errp)
-     es1370_reset (s);
- }
- 
-+static void es1370_exit(PCIDevice *dev)
-+{
-+    ES1370State *s = ES1370(dev);
-+    int i;
-+
-+    for (i = 0; i < 2; ++i) {
-+        AUD_close_out(&s->card, s->dac_voice[i]);
-+    }
-+
-+    AUD_close_in(&s->card, s->adc_voice);
-+    AUD_remove_card(&s->card);
-+}
-+
- static int es1370_init (PCIBus *bus)
- {
-     pci_create_simple (bus, -1, TYPE_ES1370);
-@@ -1053,6 +1066,7 @@ static void es1370_class_init (ObjectClass *klass, void *data)
-     PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
- 
-     k->realize = es1370_realize;
-+    k->exit = es1370_exit;
-     k->vendor_id = PCI_VENDOR_ID_ENSONIQ;
-     k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370;
-     k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;
--- 
-1.7.0.4
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-5552.patch b/gnu/packages/patches/qemu-CVE-2017-5552.patch
deleted file mode 100644
index 50911f4f36..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-5552.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 33243031dad02d161225ba99d782616da133f689 Mon Sep 17 00:00:00 2001
-From: Li Qiang <liq3ea@gmail.com>
-Date: Thu, 29 Dec 2016 03:11:26 -0500
-Subject: [PATCH] virtio-gpu-3d: fix memory leak in resource attach backing
-MIME-Version: 1.0
-Content-Type: text/plain; charset=utf8
-Content-Transfer-Encoding: 8bit
-
-If the virgl_renderer_resource_attach_iov function fails the
-'res_iovs' will be leaked. Add check of the return value to
-free the 'res_iovs' when failing.
-
-http://git.qemu.org/?p=qemu.git;a=patch;h=33243031dad02d161225ba99d782616da133f689
-this patch is from qemu-git.
-
-Signed-off-by: Li Qiang <liq3ea@gmail.com>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Message-id: 1482999086-59795-1-git-send-email-liq3ea@gmail.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/display/virtio-gpu-3d.c |    7 +++++--
- 1 files changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
-index e29f099..b13ced3 100644
---- a/hw/display/virtio-gpu-3d.c
-+++ b/hw/display/virtio-gpu-3d.c
-@@ -291,8 +291,11 @@ static void virgl_resource_attach_backing(VirtIOGPU *g,
-         return;
-     }
- 
--    virgl_renderer_resource_attach_iov(att_rb.resource_id,
--                                       res_iovs, att_rb.nr_entries);
-+    ret = virgl_renderer_resource_attach_iov(att_rb.resource_id,
-+                                             res_iovs, att_rb.nr_entries);
-+
-+    if (ret != 0)
-+        virtio_gpu_cleanup_mapping_iov(res_iovs, att_rb.nr_entries);
- }
- 
- static void virgl_resource_detach_backing(VirtIOGPU *g,
--- 
-1.7.0.4
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-5578.patch b/gnu/packages/patches/qemu-CVE-2017-5578.patch
deleted file mode 100644
index 05655bcd98..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-5578.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-http://git.qemu.org/?p=qemu.git;a=patch;h=204f01b30975923c64006f8067f0937b91eea68b
-this patch is from qemu-git.
-
-
-From 204f01b30975923c64006f8067f0937b91eea68b Mon Sep 17 00:00:00 2001
-From: Li Qiang <liq3ea@gmail.com>
-Date: Thu, 29 Dec 2016 04:28:41 -0500
-Subject: [PATCH] virtio-gpu: fix memory leak in resource attach backing
-
-In the resource attach backing function, everytime it will
-allocate 'res->iov' thus can leading a memory leak. This
-patch avoid this.
-
-Signed-off-by: Li Qiang <liq3ea@gmail.com>
-Message-id: 1483003721-65360-1-git-send-email-liq3ea@gmail.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/display/virtio-gpu.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
-index 6a26258cac..ca88cf478d 100644
---- a/hw/display/virtio-gpu.c
-+++ b/hw/display/virtio-gpu.c
-@@ -714,6 +714,11 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g,
-         return;
-     }
- 
-+    if (res->iov) {
-+        cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
-+        return;
-+    }
-+
-     ret = virtio_gpu_create_mapping_iov(&ab, cmd, &res->addrs, &res->iov);
-     if (ret != 0) {
-         cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
--- 
-2.11.0
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-5579.patch b/gnu/packages/patches/qemu-CVE-2017-5579.patch
deleted file mode 100644
index 7630012d54..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-5579.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-http://git.qemu.org/?p=qemu.git;a=patch;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b
-this patch is from qemu-git.
-
-
-From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001
-From: Li Qiang <liqiang6-s@360.cn>
-Date: Wed, 4 Jan 2017 00:43:16 -0800
-Subject: [PATCH] serial: fix memory leak in serial exit
-
-The serial_exit_core function doesn't free some resources.
-This can lead memory leak when hotplug and unplug. This
-patch avoid this.
-
-Signed-off-by: Li Qiang <liqiang6-s@360.cn>
-Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@mx.google.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/char/serial.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/hw/char/serial.c b/hw/char/serial.c
-index ffbacd8227..67b18eda12 100644
---- a/hw/char/serial.c
-+++ b/hw/char/serial.c
-@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp)
- void serial_exit_core(SerialState *s)
- {
-     qemu_chr_fe_deinit(&s->chr);
-+
-+    timer_del(s->modem_status_poll);
-+    timer_free(s->modem_status_poll);
-+
-+    timer_del(s->fifo_timeout_timer);
-+    timer_free(s->fifo_timeout_timer);
-+
-+    fifo8_destroy(&s->recv_fifo);
-+    fifo8_destroy(&s->xmit_fifo);
-+
-     qemu_unregister_reset(serial_reset, s);
- }
- 
--- 
-2.11.0
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-5667.patch b/gnu/packages/patches/qemu-CVE-2017-5667.patch
deleted file mode 100644
index 5adea0d278..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-5667.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-Fix CVE-2017-5667 (sdhci OOB access during multi block SDMA transfer):
-
-http://seclists.org/oss-sec/2017/q1/243
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5667
-
-Patch copied from upstream source repository:
-
-http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=42922105beb14c2fc58185ea022b9f72fb5465e9
-
-From 42922105beb14c2fc58185ea022b9f72fb5465e9 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Tue, 7 Feb 2017 18:29:59 +0000
-Subject: [PATCH] sd: sdhci: check data length during dma_memory_read
-
-While doing multi block SDMA transfer in routine
-'sdhci_sdma_transfer_multi_blocks', the 's->fifo_buffer' starting
-index 'begin' and data length 's->data_count' could end up to be same.
-This could lead to an OOB access issue. Correct transfer data length
-to avoid it.
-
-Cc: qemu-stable@nongnu.org
-Reported-by: Jiang Xin <jiangxin1@huawei.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Message-id: 20170130064736.9236-1-ppandit@redhat.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- hw/sd/sdhci.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
-index 01fbf228be..5bd5ab6319 100644
---- a/hw/sd/sdhci.c
-+++ b/hw/sd/sdhci.c
-@@ -536,7 +536,7 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
-                 boundary_count -= block_size - begin;
-             }
-             dma_memory_read(&address_space_memory, s->sdmasysad,
--                            &s->fifo_buffer[begin], s->data_count);
-+                            &s->fifo_buffer[begin], s->data_count - begin);
-             s->sdmasysad += s->data_count - begin;
-             if (s->data_count == block_size) {
-                 for (n = 0; n < block_size; n++) {
--- 
-2.11.1
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-5856.patch b/gnu/packages/patches/qemu-CVE-2017-5856.patch
deleted file mode 100644
index bee0824c0a..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-5856.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-http://git.qemu.org/?p=qemu.git;a=patch;h=765a707000e838c30b18d712fe6cb3dd8e0435f3
-this patch is from qemu-git.
-
-
-From 765a707000e838c30b18d712fe6cb3dd8e0435f3 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Mon, 2 Jan 2017 11:03:33 +0100
-Subject: [PATCH] megasas: fix guest-triggered memory leak
-
-If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd
-will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory.
-Avoid this by returning only the status from map_dcmd, and loading
-cmd->iov_size in the caller.
-
-Reported-by: Li Qiang <liqiang6-s@360.cn>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/scsi/megasas.c |   11 ++++++-----
- 1 files changed, 6 insertions(+), 5 deletions(-)
-
-diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
-index 67fc1e7..6233865 100644
---- a/hw/scsi/megasas.c
-+++ b/hw/scsi/megasas.c
-@@ -683,14 +683,14 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd)
-         trace_megasas_dcmd_invalid_sge(cmd->index,
-                                        cmd->frame->header.sge_count);
-         cmd->iov_size = 0;
--        return -1;
-+        return -EINVAL;
-     }
-     iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
-     iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
-     pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1);
-     qemu_sglist_add(&cmd->qsg, iov_pa, iov_size);
-     cmd->iov_size = iov_size;
--    return cmd->iov_size;
-+    return 0;
- }
- 
- static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size)
-@@ -1559,19 +1559,20 @@ static const struct dcmd_cmd_tbl_t {
- 
- static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
- {
--    int opcode, len;
-+    int opcode;
-     int retval = 0;
-+    size_t len;
-     const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
- 
-     opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
-     trace_megasas_handle_dcmd(cmd->index, opcode);
--    len = megasas_map_dcmd(s, cmd);
--    if (len < 0) {
-+    if (megasas_map_dcmd(s, cmd) < 0) {
-         return MFI_STAT_MEMORY_NOT_AVAILABLE;
-     }
-     while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
-         cmdptr++;
-     }
-+    len = cmd->iov_size;
-     if (cmdptr->opcode == -1) {
-         trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
-         retval = megasas_dcmd_dummy(s, cmd);
--- 
-1.7.0.4
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-5898.patch b/gnu/packages/patches/qemu-CVE-2017-5898.patch
deleted file mode 100644
index 5a94bb1ae4..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-5898.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-Fix CVE-2017-5898 (integer overflow in emulated_apdu_from_guest):
-
-http://seclists.org/oss-sec/2017/q1/328
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5898
-
-Patch copied from upstream source repository:
-
-http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a
-
-From c7dfbf322595ded4e70b626bf83158a9f3807c6a Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Fri, 3 Feb 2017 00:52:28 +0530
-Subject: [PATCH] usb: ccid: check ccid apdu length
-
-CCID device emulator uses Application Protocol Data Units(APDU)
-to exchange command and responses to and from the host.
-The length in these units couldn't be greater than 65536. Add
-check to ensure the same. It'd also avoid potential integer
-overflow in emulated_apdu_from_guest.
-
-Reported-by: Li Qiang <liqiang6-s@360.cn>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-id: 20170202192228.10847-1-ppandit@redhat.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/dev-smartcard-reader.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
-index 89e11b68c4..1325ea1659 100644
---- a/hw/usb/dev-smartcard-reader.c
-+++ b/hw/usb/dev-smartcard-reader.c
-@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv)
-     DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__,
-                 recv->hdr.bSeq, len);
-     ccid_add_pending_answer(s, (CCID_Header *)recv);
--    if (s->card) {
-+    if (s->card && len <= BULK_OUT_DATA_SIZE) {
-         ccid_card_apdu_from_guest(s->card, recv->abData, len);
-     } else {
-         DPRINTF(s, D_WARN, "warning: discarded apdu\n");
--- 
-2.11.1
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-5931.patch b/gnu/packages/patches/qemu-CVE-2017-5931.patch
deleted file mode 100644
index 08910e5fac..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-5931.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-Fix CVE-2017-5931 (integer overflow in handling virtio-crypto requests):
-
-http://seclists.org/oss-sec/2017/q1/337
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5931
-
-Patch copied from upstream source repository:
-
-http://git.qemu-project.org/?p=qemu.git;a=commit;h=a08aaff811fb194950f79711d2afe5a892ae03a4
-
-From a08aaff811fb194950f79711d2afe5a892ae03a4 Mon Sep 17 00:00:00 2001
-From: Gonglei <arei.gonglei@huawei.com>
-Date: Tue, 3 Jan 2017 14:50:03 +0800
-Subject: [PATCH] virtio-crypto: fix possible integer and heap overflow
-
-Because the 'size_t' type is 4 bytes in 32-bit platform, which
-is the same with 'int'. It's easy to make 'max_len' to zero when
-integer overflow and then cause heap overflow if 'max_len' is zero.
-
-Using uint_64 instead of size_t to avoid the integer overflow.
-
-Cc: qemu-stable@nongnu.org
-Reported-by: Li Qiang <liqiang6-s@360.cn>
-Signed-off-by: Gonglei <arei.gonglei@huawei.com>
-Tested-by: Li Qiang <liqiang6-s@360.cn>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
----
- hw/virtio/virtio-crypto.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
-index 2f2467e859..c23e1ad458 100644
---- a/hw/virtio/virtio-crypto.c
-+++ b/hw/virtio/virtio-crypto.c
-@@ -416,7 +416,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
-     uint32_t hash_start_src_offset = 0, len_to_hash = 0;
-     uint32_t cipher_start_src_offset = 0, len_to_cipher = 0;
- 
--    size_t max_len, curr_size = 0;
-+    uint64_t max_len, curr_size = 0;
-     size_t s;
- 
-     /* Plain cipher */
-@@ -441,7 +441,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
-         return NULL;
-     }
- 
--    max_len = iv_len + aad_len + src_len + dst_len + hash_result_len;
-+    max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len;
-     if (unlikely(max_len > vcrypto->conf.max_size)) {
-         virtio_error(vdev, "virtio-crypto too big length");
-         return NULL;
--- 
-2.11.1
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-7493.patch b/gnu/packages/patches/qemu-CVE-2017-7493.patch
new file mode 100644
index 0000000000..67b26fad81
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-7493.patch
@@ -0,0 +1,182 @@
+Fix CVE-2017-7493:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7493
+
+Patch copied from upstream source repository:
+
+http://git.qemu.org/?p=qemu.git;a=commit;h=7a95434e0ca8a037fd8aa1a2e2461f92585eb77b
+
+From 7a95434e0ca8a037fd8aa1a2e2461f92585eb77b Mon Sep 17 00:00:00 2001
+From: Greg Kurz <groug@kaod.org>
+Date: Fri, 5 May 2017 14:48:08 +0200
+Subject: [PATCH] 9pfs: local: forbid client access to metadata (CVE-2017-7493)
+
+When using the mapped-file security mode, we shouldn't let the client mess
+with the metadata. The current code already tries to hide the metadata dir
+from the client by skipping it in local_readdir(). But the client can still
+access or modify it through several other operations. This can be used to
+escalate privileges in the guest.
+
+Affected backend operations are:
+- local_mknod()
+- local_mkdir()
+- local_open2()
+- local_symlink()
+- local_link()
+- local_unlinkat()
+- local_renameat()
+- local_rename()
+- local_name_to_path()
+
+Other operations are safe because they are only passed a fid path, which
+is computed internally in local_name_to_path().
+
+This patch converts all the functions listed above to fail and return
+EINVAL when being passed the name of the metadata dir. This may look
+like a poor choice for errno, but there's no such thing as an illegal
+path name on Linux and I could not think of anything better.
+
+This fixes CVE-2017-7493.
+
+Reported-by: Leo Gaspard <leo@gaspard.io>
+Signed-off-by: Greg Kurz <groug@kaod.org>
+Reviewed-by: Eric Blake <eblake@redhat.com>
+---
+ hw/9pfs/9p-local.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 56 insertions(+), 2 deletions(-)
+
+diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
+index f3ebca4f7a..a2486566af 100644
+--- a/hw/9pfs/9p-local.c
++++ b/hw/9pfs/9p-local.c
+@@ -452,6 +452,11 @@ static off_t local_telldir(FsContext *ctx, V9fsFidOpenState *fs)
+     return telldir(fs->dir.stream);
+ }
+ 
++static bool local_is_mapped_file_metadata(FsContext *fs_ctx, const char *name)
++{
++    return !strcmp(name, VIRTFS_META_DIR);
++}
++
+ static struct dirent *local_readdir(FsContext *ctx, V9fsFidOpenState *fs)
+ {
+     struct dirent *entry;
+@@ -465,8 +470,8 @@ again:
+     if (ctx->export_flags & V9FS_SM_MAPPED) {
+         entry->d_type = DT_UNKNOWN;
+     } else if (ctx->export_flags & V9FS_SM_MAPPED_FILE) {
+-        if (!strcmp(entry->d_name, VIRTFS_META_DIR)) {
+-            /* skp the meta data directory */
++        if (local_is_mapped_file_metadata(ctx, entry->d_name)) {
++            /* skip the meta data directory */
+             goto again;
+         }
+         entry->d_type = DT_UNKNOWN;
+@@ -559,6 +564,12 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
+     int err = -1;
+     int dirfd;
+ 
++    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        local_is_mapped_file_metadata(fs_ctx, name)) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
+     if (dirfd == -1) {
+         return -1;
+@@ -605,6 +616,12 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
+     int err = -1;
+     int dirfd;
+ 
++    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        local_is_mapped_file_metadata(fs_ctx, name)) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
+     if (dirfd == -1) {
+         return -1;
+@@ -694,6 +711,12 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
+     int err = -1;
+     int dirfd;
+ 
++    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        local_is_mapped_file_metadata(fs_ctx, name)) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     /*
+      * Mark all the open to not follow symlinks
+      */
+@@ -752,6 +775,12 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
+     int err = -1;
+     int dirfd;
+ 
++    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        local_is_mapped_file_metadata(fs_ctx, name)) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
+     if (dirfd == -1) {
+         return -1;
+@@ -826,6 +855,12 @@ static int local_link(FsContext *ctx, V9fsPath *oldpath,
+     int ret = -1;
+     int odirfd, ndirfd;
+ 
++    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        local_is_mapped_file_metadata(ctx, name)) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     odirfd = local_opendir_nofollow(ctx, odirpath);
+     if (odirfd == -1) {
+         goto out;
+@@ -1096,6 +1131,12 @@ static int local_lremovexattr(FsContext *ctx, V9fsPath *fs_path,
+ static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path,
+                               const char *name, V9fsPath *target)
+ {
++    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        local_is_mapped_file_metadata(ctx, name)) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     if (dir_path) {
+         v9fs_path_sprintf(target, "%s/%s", dir_path->data, name);
+     } else if (strcmp(name, "/")) {
+@@ -1116,6 +1157,13 @@ static int local_renameat(FsContext *ctx, V9fsPath *olddir,
+     int ret;
+     int odirfd, ndirfd;
+ 
++    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        (local_is_mapped_file_metadata(ctx, old_name) ||
++         local_is_mapped_file_metadata(ctx, new_name))) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     odirfd = local_opendir_nofollow(ctx, olddir->data);
+     if (odirfd == -1) {
+         return -1;
+@@ -1206,6 +1254,12 @@ static int local_unlinkat(FsContext *ctx, V9fsPath *dir,
+     int ret;
+     int dirfd;
+ 
++    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
++        local_is_mapped_file_metadata(ctx, name)) {
++        errno = EINVAL;
++        return -1;
++    }
++
+     dirfd = local_opendir_nofollow(ctx, dir->data);
+     if (dirfd == -1) {
+         return -1;
+-- 
+2.13.0
+
diff --git a/gnu/packages/patches/qtscript-disable-tests.patch b/gnu/packages/patches/qtscript-disable-tests.patch
new file mode 100644
index 0000000000..41a017d864
--- /dev/null
+++ b/gnu/packages/patches/qtscript-disable-tests.patch
@@ -0,0 +1,64 @@
+In all of these tests the result wraps around and comes out the negative of the exptected value.
+
+---
+ tests/auto/qscriptjstestsuite/tests/ecma/Expressions/11.4.7-02.js  | 2 +-
+ tests/auto/qscriptjstestsuite/tests/ecma/TypeConversion/9.3.1-3.js | 5 ++++-
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/tests/auto/qscriptjstestsuite/tests/ecma/Expressions/11.4.7-02.js b/tests/auto/qscriptjstestsuite/tests/ecma/Expressions/11.4.7-02.js
+index 43bd923..103f251 100644
+--- a/tests/auto/qscriptjstestsuite/tests/ecma/Expressions/11.4.7-02.js
++++ b/tests/auto/qscriptjstestsuite/tests/ecma/Expressions/11.4.7-02.js
+@@ -74,7 +74,7 @@ test_negation(-1073741823, 1073741823);
+ 
+ //2147483648 == (1 << 31)
+ test_negation(2147483648, -2147483648);
+-test_negation(-2147483648, 2147483648);
++//test_negation(-2147483648, 2147483648);
+ 
+ //2147483648 == (1 << 31) - 1
+ test_negation(2147483647, -2147483647);
+diff --git a/tests/auto/qscriptjstestsuite/tests/ecma/TypeConversion/9.3.1-3.js b/tests/auto/qscriptjstestsuite/tests/ecma/TypeConversion/9.3.1-3.js
+index dc56427..c1a4bf3 100644
+--- a/tests/auto/qscriptjstestsuite/tests/ecma/TypeConversion/9.3.1-3.js
++++ b/tests/auto/qscriptjstestsuite/tests/ecma/TypeConversion/9.3.1-3.js
+@@ -86,11 +86,12 @@ new TestCase(
+ // test cases from bug http://scopus.mcom.com/bugsplat/show_bug.cgi?id=122882
+ 
+ 
+-
++/*
+ new TestCase( SECTION,
+ 	      '- -"0x80000000"',
+ 	      2147483648,
+ 	      - -"0x80000000" );
++*/
+ 
+ new TestCase( SECTION,
+ 	      '- -"0x100000000"',
+@@ -280,10 +281,12 @@ new TestCase( SECTION,
+ 	      305419896,
+ 	      0x12345678 );
+ 
++/*
+ new TestCase( SECTION,
+ 	      "0x80000000",
+ 	      2147483648,
+ 	      0x80000000 );
++*/
+ 
+ new TestCase( SECTION,
+ 	      "0xffffffff",
+@@ -681,10 +681,12 @@ new TestCase( SECTION,
+          NaN,
+          -"+Infiniti" );
+
++/*
+ new TestCase( SECTION,
+ 	      "- -\"0x80000000\"",
+ 	      2147483648,
+ 	      - -"0x80000000" );
++*/
+
+ new TestCase( SECTION,
+          "- -\"0x100000000\"",
diff --git a/gnu/packages/patches/reptyr-fix-gcc-7.patch b/gnu/packages/patches/reptyr-fix-gcc-7.patch
new file mode 100644
index 0000000000..5e0e581218
--- /dev/null
+++ b/gnu/packages/patches/reptyr-fix-gcc-7.patch
@@ -0,0 +1,38 @@
+This patch allows reptyr to build with gcc 7. It is taken from reptyr mainline patches
+fa0d63f and b45fd92.
+
+https://github.com/nelhage/reptyr/commit/fa0d63ff8c488be15976e5353580b565e85586a1
+https://github.com/nelhage/reptyr/commit/b45fd9238958fcf2d8f3d6fc23e6d491febea2ac
+
+Patch by Nelson Elhage <nelhage@nelhage.com>.
+
+diff --git a/attach.c b/attach.c
+index bd8ef8c..8d9cbf8 100644
+--- a/attach.c
++++ b/attach.c
+@@ -389,8 +389,11 @@ int setup_steal_socket(struct steal_pty_state *steal) {
+         return errno;
+ 
+     steal->addr_un.sun_family = AF_UNIX;
+-    snprintf(steal->addr_un.sun_path, sizeof(steal->addr_un.sun_path),
+-             "%s/reptyr.sock", steal->tmpdir);
++    if (snprintf(steal->addr_un.sun_path, sizeof(steal->addr_un.sun_path),
++                 "%s/reptyr.sock", steal->tmpdir) >= sizeof(steal->addr_un.sun_path)) {
++        error("tmpdir path too long!");
++        return ENAMETOOLONG;
++    }
+ 
+     if ((steal->sockfd = socket(AF_UNIX, SOCK_DGRAM, 0)) < 0)
+         return errno;
+diff --git a/platform/linux/linux.h b/platform/linux/linux.h
+index 9e6b78a..3ec5a99 100644
+--- a/platform/linux/linux.h
++++ b/platform/linux/linux.h
+@@ -40,6 +40,7 @@
+ #include <sys/ptrace.h>
+ #include <asm/ptrace.h>
+ #include <sys/types.h>
++#include <sys/sysmacros.h>
+ #include <sys/user.h>
+ #include <unistd.h>
+ #include <stdlib.h>
diff --git a/gnu/packages/patches/rpcbind-CVE-2017-8779.patch b/gnu/packages/patches/rpcbind-CVE-2017-8779.patch
new file mode 100644
index 0000000000..6ca93ff12b
--- /dev/null
+++ b/gnu/packages/patches/rpcbind-CVE-2017-8779.patch
@@ -0,0 +1,29 @@
+Fix CVE-2017-8779:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8779
+
+Patch copied from the bug reporter's 3rd-party repository:
+
+https://github.com/guidovranken/rpcbomb/blob/master/rpcbind_patch.txt
+
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index 5862c26..e11f61b 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -48,6 +48,7 @@
+ #include <rpc/rpc.h>
+ #include <rpc/rpcb_prot.h>
+ #include <rpc/svc_dg.h>
++#include <rpc/rpc_com.h>
+ #include <netconfig.h>
+ #include <errno.h>
+ #include <syslog.h>
+@@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp /*__unused*/,
+ static bool_t
+ xdr_encap_parms(XDR *xdrs, struct encap_parms *epp)
+ {
+-	return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0));
++	return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE));
+ }
+ 
+ /*
diff --git a/gnu/packages/patches/ruby-concurrent-test-arm.patch b/gnu/packages/patches/ruby-concurrent-test-arm.patch
index 75e6365565..06d5657814 100644
--- a/gnu/packages/patches/ruby-concurrent-test-arm.patch
+++ b/gnu/packages/patches/ruby-concurrent-test-arm.patch
@@ -5,27 +5,27 @@ Work around two test suite failures on ARM:
 The regexps here assume addresses like "0x1234" but on ARM (32-bit)
 we get something like "0x-7db1e810" (notice the dash).
 
-diff --git a/spec/concurrent/edge/future_spec.rb b/spec/concurrent/edge/future_spec.rb
-index a48fd29..4344d7e 100644
---- b/spec/concurrent/edge/future_spec.rb
-+++ a/spec/concurrent/edge/future_spec.rb
-@@ -322,9 +322,9 @@
+diff --git a/spec/concurrent/edge/promises_spec.rb b/spec/concurrent/edge/promises_spec.rb
+index 727210f..149f7cd 100644
+--- a/spec/concurrent/edge/promises_spec.rb
++++ b/spec/concurrent/edge/promises_spec.rb
+@@ -371,9 +371,9 @@ describe 'Concurrent::Promises' do
        four  = three.delay.then(&:succ)
  
        # meaningful to_s and inspect defined for Future and Promise
--      expect(head.to_s).to match /<#Concurrent::Edge::Future:0x[\da-f]+ pending>/
-+      expect(head.to_s).to match /<#Concurrent::Edge::Future:0x-?[\da-f]+ pending>/
+-      expect(head.to_s).to match /<#Concurrent::Promises::Future:0x[\da-f]+ pending>/
++      expect(head.to_s).to match /<#Concurrent::Promises::Future:0x-?[\da-f]+ pending>/
        expect(head.inspect).to(
--          match(/<#Concurrent::Edge::Future:0x[\da-f]+ pending blocks:\[<#Concurrent::Edge::ThenPromise:0x[\da-f]+ pending>\]>/))
-+          match(/<#Concurrent::Edge::Future:0x-?[\da-f]+ pending blocks:\[<#Concurrent::Edge::ThenPromise:0x-?[\da-f]+ pending>\]>/))
+-          match(/<#Concurrent::Promises::Future:0x[\da-f]+ pending>/))
++          match(/<#Concurrent::Promises::Future:0x-?[\da-f]+ pending>/))
  
        # evaluates only up to three, four is left unevaluated
        expect(three.value!).to eq 3
 diff --git a/spec/concurrent/map_spec.rb b/spec/concurrent/map_spec.rb
-index 13fd5b7..1c82ebe 100644
---- b/spec/concurrent/map_spec.rb
-+++ a/spec/concurrent/map_spec.rb
-@@ -827,7 +827,7 @@
+index c4050be..0a9095d 100644
+--- a/spec/concurrent/map_spec.rb
++++ b/spec/concurrent/map_spec.rb
+@@ -794,7 +794,7 @@ module Concurrent
      end
  
      it '#inspect' do
diff --git a/gnu/packages/patches/screen-fix-info-syntax-error.patch b/gnu/packages/patches/screen-fix-info-syntax-error.patch
new file mode 100644
index 0000000000..6ee9091daa
--- /dev/null
+++ b/gnu/packages/patches/screen-fix-info-syntax-error.patch
@@ -0,0 +1,47 @@
+Fix errors when building the info manual:
+
+[...]
+./screen.texinfo:5799: unknown command `suse'
+./screen.texinfo:5800: unknown command `deuxchevaux'
+make[2]: *** [Makefile:31: screen.info] Error 1
+[...]
+
+Patch copied from upstream source repository:
+
+http://git.savannah.gnu.org/cgit/screen.git/commit/?id=a7d2f9e6ecfa794dd0bd3dbeaf6780c88a6f3152
+
+From a7d2f9e6ecfa794dd0bd3dbeaf6780c88a6f3152 Mon Sep 17 00:00:00 2001
+From: Andreas Stieger <astieger@suse.com>
+Date: Tue, 28 Feb 2017 19:23:01 +0100
+Subject: [PATCH] fix texinfo syntax errors
+
+thanks to Andreas Stieger <astieger@suse.com>
+---
+ src/doc/screen.texinfo | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/doc/screen.texinfo b/src/doc/screen.texinfo
+index bc4cbae..aadad33 100644
+--- a/doc/screen.texinfo
++++ b/doc/screen.texinfo
+@@ -5795,7 +5795,7 @@ and Alexander Naumov <alexander_naumov@@opensuse.org>.
+ Contributors @*
+ ============
+ 
+-@example
++@verbatim
+      Thomas Renninger <treen@suse.com>,
+      Axel Beckert <abe@deuxchevaux.org>,
+      Ken Beal <kbeal@@amber.ssd.csd.harris.com>,
+@@ -5826,7 +5826,7 @@ Contributors @*
+      Jason Merrill <jason@@jarthur.Claremont.EDU>,
+      Johannes Zellner <johannes@@zellner.org>,
+      Pablo Averbuj <pablo@@averbuj.com>.
+-@end example
++@end verbatim
+ 
+ @noindent
+ Version @*
+-- 
+cgit v1.0-41-gc330
+
diff --git a/gnu/packages/patches/serf-comment-style-fix.patch b/gnu/packages/patches/serf-comment-style-fix.patch
deleted file mode 100644
index 5d336fb3c8..0000000000
--- a/gnu/packages/patches/serf-comment-style-fix.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-r2443 | andreas.stieger@gmx.de | 2014-10-21 17:42:56 -0400 (Tue, 21 Oct 2014) | 7 lines
-
-Follow-up to r2419: Correct comment style
-
-* test/test_buckets.c
-  (deflate_compress): Correct comment style not supported by strict
-  compilers, fails on /branches/1.3.x
-
-Index: test/test_buckets.c
-===================================================================
---- test/test_buckets.c	(revision 2442)
-+++ test/test_buckets.c	(revision 2443)
-@@ -1323,9 +1323,9 @@
- 
-     /* The largest buffer we should need is 0.1% larger than the
-        uncompressed data, + 12 bytes. This info comes from zlib.h.
-+       buf_size = orig_len + (orig_len / 1000) + 12;
-        Note: This isn't sufficient when using Z_NO_FLUSH and extremely compressed
-        data. Use a buffer bigger than what we need. */
--//    buf_size = orig_len + (orig_len / 1000) + 12;
-     buf_size = 100000;
- 
-     write_buf = apr_palloc(pool, buf_size);
diff --git a/gnu/packages/patches/serf-deflate-buckets-test-fix.patch b/gnu/packages/patches/serf-deflate-buckets-test-fix.patch
deleted file mode 100644
index be8be1b1e8..0000000000
--- a/gnu/packages/patches/serf-deflate-buckets-test-fix.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-r2445 | chemodax | 2014-10-23 12:15:22 -0400 (Thu, 23 Oct 2014) | 6 lines
-
-Reduce memory usage by deflate buckets test.
-
-* test/test_buckets.c
-  (deflate_buckets): Add POOL argument and use it instead of tb->pool.
-  (test_deflate_buckets): Use iterpool for deflate_buckets() call.
-
-Index: test/test_buckets.c
-===================================================================
---- test/test_buckets.c	(revision 2444)
-+++ test/test_buckets.c	(revision 2445)
-@@ -1400,12 +1400,12 @@
-                           expected_len);
- }
- 
--static void deflate_buckets(CuTest *tc, int nr_of_loops)
-+static void deflate_buckets(CuTest *tc, int nr_of_loops, apr_pool_t *pool)
- {
-     const char *msg = "12345678901234567890123456789012345678901234567890";
- 
-     test_baton_t *tb = tc->testBaton;
--    serf_bucket_alloc_t *alloc = serf_bucket_allocator_create(tb->pool, NULL,
-+    serf_bucket_alloc_t *alloc = serf_bucket_allocator_create(pool, NULL,
-                                                               NULL);
-     z_stream zdestr;
-     int i;
-@@ -1424,8 +1424,8 @@
-     {
-         serf_config_t *config;
- 
--        serf_context_t *ctx = serf_context_create(tb->pool);
--        /* status = */ serf__config_store_get_config(ctx, NULL, &config, tb->pool);
-+        serf_context_t *ctx = serf_context_create(pool);
-+        /* status = */ serf__config_store_get_config(ctx, NULL, &config, pool);
- 
-         serf_bucket_set_config(defbkt, config);
-     }
-@@ -1447,11 +1447,11 @@
-         if (i == nr_of_loops - 1) {
-             CuAssertIntEquals(tc, APR_SUCCESS,
-                               deflate_compress(&data, &len, &zdestr, msg,
--                                               strlen(msg), 1, tb->pool));
-+                                               strlen(msg), 1, pool));
-         } else {
-             CuAssertIntEquals(tc, APR_SUCCESS,
-                               deflate_compress(&data, &len, &zdestr, msg,
--                                               strlen(msg), 0, tb->pool));
-+                                               strlen(msg), 0, pool));
-         }
- 
-         if (len == 0)
-@@ -1469,10 +1469,15 @@
- static void test_deflate_buckets(CuTest *tc)
- {
-     int i;
-+    apr_pool_t *iterpool;
-+    test_baton_t *tb = tc->testBaton;
- 
-+    apr_pool_create(&iterpool, tb->pool);
-     for (i = 1; i < 1000; i++) {
--        deflate_buckets(tc, i);
-+        apr_pool_clear(iterpool);
-+        deflate_buckets(tc, i, iterpool);
-     }
-+    apr_pool_destroy(iterpool);
- }
- 
- static apr_status_t discard_data(serf_bucket_t *bkt,
diff --git a/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch b/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch
deleted file mode 100644
index 3f357c4924..0000000000
--- a/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-Patch copied from upstream source repository:
-
-https://github.com/shadow-maint/shadow/commit/67d2bb6e0a5ac124ce1f026dd5723217b1493194
-
-From 67d2bb6e0a5ac124ce1f026dd5723217b1493194 Mon Sep 17 00:00:00 2001
-From: Serge Hallyn <serge@hallyn.com>
-Date: Sun, 18 Sep 2016 21:31:18 -0500
-Subject: [PATCH] su.c: fix missing length argument to snprintf
-
----
- src/su.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/su.c b/src/su.c
-index 0c50a9456afd..93ffd2fbe2b4 100644
---- a/src/su.c
-+++ b/src/su.c
-@@ -373,8 +373,8 @@ static void prepare_pam_close_session (void)
- 		              stderr);
- 		(void) kill (-pid_child, caught);
- 
--		snprintf (kill_msg, _(" ...killed.\n"));
--		snprintf (wait_msg, _(" ...waiting for child to terminate.\n"));
-+		snprintf (kill_msg, 256, _(" ...killed.\n"));
-+		snprintf (wait_msg, 256, _(" ...waiting for child to terminate.\n"));
- 
- 		(void) signal (SIGALRM, kill_child);
- 		(void) alarm (2);
--- 
-2.11.0.rc2
-
diff --git a/gnu/packages/patches/shadow-CVE-2017-2616.patch b/gnu/packages/patches/shadow-CVE-2017-2616.patch
deleted file mode 100644
index f88aac40bc..0000000000
--- a/gnu/packages/patches/shadow-CVE-2017-2616.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-Fix CVE-2017-2616:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616
-http://seclists.org/oss-sec/2017/q1/490
-http://seclists.org/oss-sec/2017/q1/474
-
-Patch copied from upstream source repository:
-
-https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686
-
-From 08fd4b69e84364677a10e519ccb25b71710ee686 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Thu, 23 Feb 2017 09:47:29 -0600
-Subject: [PATCH] su: properly clear child PID
-
-If su is compiled with PAM support, it is possible for any local user
-to send SIGKILL to other processes with root privileges. There are
-only two conditions. First, the user must be able to perform su with
-a successful login. This does NOT have to be the root user, even using
-su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL
-can only be sent to processes which were executed after the su process.
-It is not possible to send SIGKILL to processes which were already
-running. I consider this as a security vulnerability, because I was
-able to write a proof of concept which unlocked a screen saver of
-another user this way.
----
- src/su.c | 19 +++++++++++++++++--
- 1 file changed, 17 insertions(+), 2 deletions(-)
-
-diff --git a/src/su.c b/src/su.c
-index f20d230..d86aa86 100644
---- a/src/su.c
-+++ b/src/su.c
-@@ -379,11 +379,13 @@ static void prepare_pam_close_session (void)
- 				/* wake child when resumed */
- 				kill (pid, SIGCONT);
- 				stop = false;
-+			} else {
-+				pid_child = 0;
- 			}
- 		} while (!stop);
- 	}
- 
--	if (0 != caught) {
-+	if (0 != caught && 0 != pid_child) {
- 		(void) fputs ("\n", stderr);
- 		(void) fputs (_("Session terminated, terminating shell..."),
- 		              stderr);
-@@ -393,9 +395,22 @@ static void prepare_pam_close_session (void)
- 		snprintf (wait_msg, sizeof wait_msg, _(" ...waiting for child to terminate.\n"));
- 
- 		(void) signal (SIGALRM, kill_child);
-+		(void) signal (SIGCHLD, catch_signals);
- 		(void) alarm (2);
- 
--		(void) wait (&status);
-+		sigemptyset (&ourset);
-+		if ((sigaddset (&ourset, SIGALRM) != 0)
-+		    || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) {
-+			fprintf (stderr, _("%s: signal masking malfunction\n"), Prog);
-+			kill_child (0);
-+		} else {
-+			while (0 == waitpid (pid_child, &status, WNOHANG)) {
-+				sigsuspend (&ourset);
-+			}
-+			pid_child = 0;
-+			(void) sigprocmask (SIG_UNBLOCK, &ourset, NULL);
-+		}
-+
- 		(void) fputs (_(" ...terminated.\n"), stderr);
- 	}
- 
diff --git a/gnu/packages/patches/soprano-find-clucene.patch b/gnu/packages/patches/soprano-find-clucene.patch
deleted file mode 100644
index cc2707853a..0000000000
--- a/gnu/packages/patches/soprano-find-clucene.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Search for clucene include file in the clucene include directory.
-
-diff -u -r soprano-2.9.4.orig/cmake/modules/FindCLucene.cmake soprano-2.9.4/cmake/modules/FindCLucene.cmake
---- soprano-2.9.4.orig/cmake/modules/FindCLucene.cmake	2013-10-09 19:22:28.000000000 +0200
-+++ soprano-2.9.4/cmake/modules/FindCLucene.cmake	2014-04-28 20:08:11.000000000 +0200
-@@ -77,7 +77,8 @@
- 
- get_filename_component(TRIAL_LIBRARY_DIR ${CLUCENE_LIBRARY} PATH)
- find_path(CLUCENE_LIBRARY_DIR
--  NAMES CLucene/clucene-config.h PATHS ${TRIAL_LIBRARY_DIR} ${TRIAL_LIBRARY_PATHS} ${TRIAL_INCLUDE_PATHS} NO_DEFAULT_PATH)
-+  NAMES CLucene/clucene-config.h PATHS ${TRIAL_LIBRARY_DIR} ${TRIAL_LIBRARY_PATHS} ${TRIAL_INCLUDE_PATHS} ${CLUCENE_INCLUDE_DIR} NO_DEFAULT_PATH)
-+message (STATUS "XXX ${CLUCENE_LIBRARY_DIR}")
- if(CLUCENE_LIBRARY_DIR)
-   message(STATUS "Found CLucene library dir: ${CLUCENE_LIBRARY_DIR}")
-   file(READ ${CLUCENE_LIBRARY_DIR}/CLucene/clucene-config.h CLCONTENT)
diff --git a/gnu/packages/patches/teeworlds-use-latest-wavpack.patch b/gnu/packages/patches/teeworlds-use-latest-wavpack.patch
new file mode 100644
index 0000000000..e9fd991087
--- /dev/null
+++ b/gnu/packages/patches/teeworlds-use-latest-wavpack.patch
@@ -0,0 +1,84 @@
+Downloaded from https://anonscm.debian.org/cgit/pkg-games/teeworlds.git/plain/debian/patches/new-wavpack.patch.
+
+This patch lets us build teeworlds with wavpack 5.1.0.
+
+--- a/src/engine/client/sound.cpp
++++ b/src/engine/client/sound.cpp
+@@ -328,17 +328,14 @@ void CSound::RateConvert(int SampleID)
+ 	pSample->m_NumFrames = NumFrames;
+ }
+ 
+-int CSound::ReadData(void *pBuffer, int Size)
+-{
+-	return io_read(ms_File, pBuffer, Size);
+-}
+-
+ int CSound::LoadWV(const char *pFilename)
+ {
+ 	CSample *pSample;
+ 	int SampleID = -1;
+ 	char aError[100];
+ 	WavpackContext *pContext;
++	char aWholePath[1024];
++	IOHANDLE File;
+ 
+ 	// don't waste memory on sound when we are stress testing
+ 	if(g_Config.m_DbgStress)
+@@ -351,19 +348,23 @@ int CSound::LoadWV(const char *pFilename
+ 	if(!m_pStorage)
+ 		return -1;
+ 
+-	ms_File = m_pStorage->OpenFile(pFilename, IOFLAG_READ, IStorage::TYPE_ALL);
+-	if(!ms_File)
++	File = m_pStorage->OpenFile(pFilename, IOFLAG_READ, IStorage::TYPE_ALL, aWholePath, sizeof(aWholePath));
++	if(!File)
+ 	{
+ 		dbg_msg("sound/wv", "failed to open file. filename='%s'", pFilename);
+ 		return -1;
+ 	}
++	else
++	{
++		io_close(File);
++	}
+ 
+ 	SampleID = AllocID();
+ 	if(SampleID < 0)
+ 		return -1;
+ 	pSample = &m_aSamples[SampleID];
+ 
+-	pContext = WavpackOpenFileInput(ReadData, aError);
++	pContext = WavpackOpenFileInput(aWholePath, aError, OPEN_2CH_MAX, 0);
+ 	if (pContext)
+ 	{
+ 		int m_aSamples = WavpackGetNumSamples(pContext);
+@@ -419,9 +420,6 @@ int CSound::LoadWV(const char *pFilename
+ 		dbg_msg("sound/wv", "failed to open %s: %s", pFilename, aError);
+ 	}
+ 
+-	io_close(ms_File);
+-	ms_File = NULL;
+-
+ 	if(g_Config.m_Debug)
+ 		dbg_msg("sound/wv", "loaded %s", pFilename);
+ 
+@@ -527,7 +525,5 @@ void CSound::StopAll()
+ 	lock_unlock(m_SoundLock);
+ }
+ 
+-IOHANDLE CSound::ms_File = 0;
+-
+ IEngineSound *CreateEngineSound() { return new CSound; }
+ 
+--- a/src/engine/client/sound.h
++++ b/src/engine/client/sound.h
+@@ -21,10 +21,6 @@ public:
+ 
+ 	static void RateConvert(int SampleID);
+ 
+-	// TODO: Refactor: clean this mess up
+-	static IOHANDLE ms_File;
+-	static int ReadData(void *pBuffer, int Size);
+-
+ 	virtual bool IsSoundEnabled() { return m_SoundEnabled != 0; }
+ 
+ 	virtual int LoadWV(const char *pFilename);
diff --git a/gnu/packages/patches/util-linux-CVE-2017-2616.patch b/gnu/packages/patches/util-linux-CVE-2017-2616.patch
deleted file mode 100644
index 2c82fb06d2..0000000000
--- a/gnu/packages/patches/util-linux-CVE-2017-2616.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-Fix CVE-2017-2616:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616
-http://seclists.org/oss-sec/2017/q1/474
-
-Patch copied from upstream source repository:
-
-https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=dffab154d29a288aa171ff50263ecc8f2e14a891
-
-From b018571132cb8c9fece3d75ed240cc74cdb5f0f7 Mon Sep 17 00:00:00 2001
-From: Karel Zak <kzak@redhat.com>
-Date: Wed, 1 Feb 2017 11:58:09 +0100
-Subject: [PATCH] su: properly clear child PID
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Reported-by: Tobias Stöckmann <tobias@stoeckmann.org>
-Signed-off-by: Karel Zak <kzak@redhat.com>
----
- login-utils/su-common.c | 14 ++++++++++----
- 1 file changed, 10 insertions(+), 4 deletions(-)
-
-diff --git a/login-utils/su-common.c b/login-utils/su-common.c
-index 0ea4e40bd..b1720f037 100644
---- a/login-utils/su-common.c
-+++ b/login-utils/su-common.c
-@@ -376,6 +376,9 @@ create_watching_parent (void)
-             }
-           else
-             status = WEXITSTATUS (status);
-+
-+	  /* child is gone, don't use the PID anymore */
-+	  child = (pid_t) -1;
-         }
-       else if (caught_signal)
-         status = caught_signal + 128;
-@@ -385,7 +388,7 @@ create_watching_parent (void)
-   else
-     status = 1;
- 
--  if (caught_signal)
-+  if (caught_signal && child != (pid_t)-1)
-     {
-       fprintf (stderr, _("\nSession terminated, killing shell..."));
-       kill (child, SIGTERM);
-@@ -395,9 +398,12 @@ create_watching_parent (void)
- 
-   if (caught_signal)
-     {
--      sleep (2);
--      kill (child, SIGKILL);
--      fprintf (stderr, _(" ...killed.\n"));
-+      if (child != (pid_t)-1)
-+	{
-+	  sleep (2);
-+	  kill (child, SIGKILL);
-+	  fprintf (stderr, _(" ...killed.\n"));
-+	}
- 
-       /* Let's terminate itself with the received signal.
-        *
--- 
-2.11.1
-
diff --git a/gnu/packages/patches/wmfire-update-for-new-gdk-versions.patch b/gnu/packages/patches/wmfire-update-for-new-gdk-versions.patch
new file mode 100644
index 0000000000..51d6c3e791
--- /dev/null
+++ b/gnu/packages/patches/wmfire-update-for-new-gdk-versions.patch
@@ -0,0 +1,144 @@
+This patch comes from Debian and was modified by Kei Kebreau <kei@openmailbox.org>.
+Link: https://anonscm.debian.org/cgit/pkg-wmaker/wmfire.git/plain/debian/patches/gdk_updates.patch?h=debian/1.2.4-2&id=a272234fc5eecdbfc469adb12133196bc62f3059
+
+Description: Update for newer versions of GDK.
+ In particular, the icon window was not receiving enter and leave events from
+ the pointer.  To fix this, we get rid of the second GdkWindow iconwin entirely
+ and set win to be its own icon.
+ .
+ This also removes the need for the "broken window manager" fix, so we remove it
+ and all references to it.
+Author: Doug Torrance <dtorrance@piedmont.edu>
+
+diff -ur wmfire-1.2.4.old/src/wmfire.c wmfire-1.2.4/src/wmfire.c
+--- wmfire-1.2.4.old/src/wmfire.c	2017-04-23 14:26:58.449487117 -0400
++++ wmfire-1.2.4/src/wmfire.c	2017-04-23 14:32:10.785238671 -0400
+@@ -77,7 +77,6 @@
+ typedef struct {
+ 	Display *display;	/* X11 display */
+ 	GdkWindow *win;		/* Main window */
+-	GdkWindow *iconwin;	/* Icon window */
+ 	GdkGC *gc;		/* Drawing GC */
+ 	GdkPixmap *pixmap;	/* Main pixmap */
+ 	GdkBitmap *mask;	/* Dockapp mask */
+@@ -141,7 +140,6 @@
+ int cmap = 0;
+ int lock = 0;
+ int proximity = 0;
+-int broken_wm = 0;
+ 
+ /******************************************/
+ /* Main                                   */
+@@ -262,12 +260,8 @@
+ 		usleep(REFRESH);
+ 
+ 		/* Draw the rgb buffer to screen */
+-		if (!broken_wm)
+-			gdk_draw_rgb_image(bm.iconwin, bm.gc, 4, 4, XMAX, YMAX, GDK_RGB_DITHER_NONE, bm.rgb, XMAX * 3);
+-		else
+-			gdk_draw_rgb_image(bm.win, bm.gc, 4, 4, XMAX, YMAX, GDK_RGB_DITHER_NONE, bm.rgb, XMAX * 3);
++                gdk_draw_rgb_image(bm.win, bm.gc, 4, 4, XMAX, YMAX, GDK_RGB_DITHER_NONE, bm.rgb, XMAX * 3);
+ 	}
+-
+ 	return 0;
+ }
+ 
+@@ -556,9 +550,7 @@
+ #define MASK GDK_BUTTON_PRESS_MASK | GDK_ENTER_NOTIFY_MASK | GDK_LEAVE_NOTIFY_MASK | GDK_POINTER_MOTION_HINT_MASK
+ 
+ 	GdkWindowAttr attr;
+-	GdkWindowAttr attri;
+ 	Window win;
+-	Window iconwin;
+ 
+ 	GdkPixmap *icon;
+ 
+@@ -578,10 +570,6 @@
+ 	attr.wmclass_class = "wmfire";
+ 	attr.window_type = GDK_WINDOW_TOPLEVEL;
+ 
+-	/* Make a copy for the iconwin - parameters are the same */
+-	memcpy(&attri, &attr, sizeof (GdkWindowAttr));
+-	attri.window_type = GDK_WINDOW_CHILD;
+-
+ 	sizehints.flags = USSize;
+ 	sizehints.width = 64;
+ 	sizehints.height = 64;
+@@ -592,18 +580,11 @@
+ 		exit(1);
+ 	}
+ 
+-	bm.iconwin = gdk_window_new(bm.win, &attri, GDK_WA_TITLE | GDK_WA_WMCLASS);
+-	if (!bm.iconwin) {
+-		fprintf(stderr, "FATAL: Cannot make icon window\n");
+-		exit(1);
+-	}
+-
+ 	win = GDK_WINDOW_XWINDOW(bm.win);
+-	iconwin = GDK_WINDOW_XWINDOW(bm.iconwin);
+ 	XSetWMNormalHints(GDK_WINDOW_XDISPLAY(bm.win), win, &sizehints);
+ 
+ 	wmhints.initial_state = WithdrawnState;
+-	wmhints.icon_window = iconwin;
++	wmhints.icon_window = win;
+ 	wmhints.icon_x = 0;
+ 	wmhints.icon_y = 0;
+ 	wmhints.window_group = win;
+@@ -613,10 +594,8 @@
+ 
+ 	bm.pixmap = gdk_pixmap_create_from_xpm_d(bm.win, &(bm.mask), NULL, master_xpm);
+ 	gdk_window_shape_combine_mask(bm.win, bm.mask, 0, 0);
+-	gdk_window_shape_combine_mask(bm.iconwin, bm.mask, 0, 0);
+ 
+ 	gdk_window_set_back_pixmap(bm.win, bm.pixmap, False);
+-	gdk_window_set_back_pixmap(bm.iconwin, bm.pixmap, False);
+ 
+ #if 0
+         gdk_window_set_type_hint(bm.win, GDK_WINDOW_TYPE_HINT_DOCK);
+@@ -626,7 +605,6 @@
+ #endif
+ 
+ 	icon = gdk_pixmap_create_from_xpm_d(bm.win, NULL, NULL, icon_xpm);
+-	gdk_window_set_icon(bm.win, bm.iconwin, icon, NULL);
+ 
+ 	gdk_window_show(bm.win);
+ 
+@@ -721,9 +699,6 @@
+ 		case 'l':
+ 			lock = 1;
+ 			break;
+-		case 'b':
+-			broken_wm = 1;
+-			break;
+ 		case 'h':
+ 		default:
+ 			do_help();
+@@ -766,6 +741,5 @@
+ 	for (i = 0; i < NFLAMES; i++)
+ 		fprintf(stderr, "%d:%s ", i + 1, fire[i].text);
+ 	fprintf(stderr, "\n\t-l\t\t\tlock flame colour and monitor\n");
+-	fprintf(stderr, "\t-b\t\t\tactivate broken window manager fix\n");
+ 	fprintf(stderr, "\t-h\t\t\tprints this help\n");
+ }
+Only in wmfire-1.2.4/src: wmfire.c~
+diff -ur wmfire-1.2.4.old/wmfire.1 wmfire-1.2.4/wmfire.1
+--- wmfire-1.2.4.old/wmfire.1	2017-04-23 14:26:58.449487117 -0400
++++ wmfire-1.2.4/wmfire.1	2017-04-23 14:41:20.697186114 -0400
+@@ -8,7 +8,6 @@
+ 
+ .SH SYNOPSIS
+ .B wmfire
+-[-b]
+ [-c CPU]
+ [-f COLOUR]
+ [-F FILE]
+@@ -54,9 +53,6 @@
+ 
+ .SH OPTIONS
+ .TP
+-.B -b
+-Activate broken window manager fix (if grey box diplayed)
+-.TP
+ .B -c [0..3]
+ .br
+ Monitor SMP CPU number X
diff --git a/gnu/packages/patches/xf86-video-intel-compat-api.patch b/gnu/packages/patches/xf86-video-intel-compat-api.patch
deleted file mode 100644
index 786de5c45d..0000000000
--- a/gnu/packages/patches/xf86-video-intel-compat-api.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-This patch was copied from Debian.
-
---- xserver-xorg-video-intel-2.21.15.orig/src/compat-api.h
-+++ xserver-xorg-video-intel-2.21.15/src/compat-api.h
-@@ -158,4 +158,8 @@
- 	if ((d)->pScreen->SourceValidate) (d)->pScreen->SourceValidate(d, x, y, w, h)
- #endif
- 
-+#if XORG_VERSION_CURRENT >= XORG_VERSION_NUMERIC(1,14,99,2,0)
-+#define DamageUnregister(d, dd) DamageUnregister(dd)
-+#endif
-+
- #endif
diff --git a/gnu/packages/patches/xf86-video-intel-glibc-2.20.patch b/gnu/packages/patches/xf86-video-intel-glibc-2.20.patch
deleted file mode 100644
index aeebfacdcd..0000000000
--- a/gnu/packages/patches/xf86-video-intel-glibc-2.20.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Allow builds with glibc 2.20.
-Based on a patch by Peter Hutterer <peter.hutterer@who-t.net>.
-See <https://raw.githubusercontent.com/openembedded/oe-core/master/meta/recipes-graphics/xorg-driver/xf86-input-synaptics/always_include_xorg_server.h.patch>.
-
---- xf86-video-intel-2.21.15/src/intel_device.c.~1~	2013-08-09 16:58:48.000000000 -0400
-+++ xf86-video-intel-2.21.15/src/intel_device.c	2014-12-18 00:03:54.700759577 -0500
-@@ -33,6 +33,8 @@
- 
- #include <sys/ioctl.h>
- 
-+#include <xorg-server.h>
-+
- #include <pciaccess.h>
- #include <xf86.h>
- #include <xf86drm.h>