summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorEfraim Flashner <efraim@flashner.co.il>2017-02-20 12:56:14 +0200
committerEfraim Flashner <efraim@flashner.co.il>2017-02-20 12:56:14 +0200
commitd15432ca9e9359b865aac63ae47863e94bbce0e4 (patch)
treebe4e6f52cb8e31f5b5fad637c95c0a730ea76081 /gnu/packages/patches
parentdef971689052ebc3e0a68684328c28cac35b8596 (diff)
parent3b254d76132627ff62ac5571f4175669164624c5 (diff)
downloadguix-d15432ca9e9359b865aac63ae47863e94bbce0e4.tar.gz
Merge remote-tracking branch 'origin/master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/hubbub-sort-entities.patch13
-rw-r--r--gnu/packages/patches/netsurf-about.patch26
-rw-r--r--gnu/packages/patches/netsurf-longer-test-timeout.patch20
-rw-r--r--gnu/packages/patches/netsurf-system-utf8proc.patch64
-rw-r--r--gnu/packages/patches/netsurf-y2038-tests.patch25
-rw-r--r--gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch33
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5667.patch46
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5898.patch44
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5931.patch55
-rw-r--r--gnu/packages/patches/screen-CVE-2017-5618.patch40
-rw-r--r--gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch31
-rw-r--r--gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch22
-rw-r--r--gnu/packages/patches/spice-CVE-2016-9577.patch33
-rw-r--r--gnu/packages/patches/spice-CVE-2016-9578-1.patch33
-rw-r--r--gnu/packages/patches/spice-CVE-2016-9578-2.patch38
-rw-r--r--gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch42
-rw-r--r--gnu/packages/patches/vim-CVE-2017-5953.patch24
17 files changed, 537 insertions, 52 deletions
diff --git a/gnu/packages/patches/hubbub-sort-entities.patch b/gnu/packages/patches/hubbub-sort-entities.patch
new file mode 100644
index 0000000000..012e3c3022
--- /dev/null
+++ b/gnu/packages/patches/hubbub-sort-entities.patch
@@ -0,0 +1,13 @@
+Traverse the entities hash's keys in sorted order to ensure reproducibility.
+
+--- libhubbub-0.3.3/build/make-entities.pl
++++ libhubbub-0.3.3/build/make-entities.pl
+@@ -86,7 +86,7 @@
+ 
+ my $trie;
+ 
+-foreach my $key (keys %entities) {
++foreach my $key (sort keys %entities) {
+    $trie = insert_node($trie, $key, $entities{$key});
+ }
+ 
diff --git a/gnu/packages/patches/netsurf-about.patch b/gnu/packages/patches/netsurf-about.patch
deleted file mode 100644
index 1fb8eae824..0000000000
--- a/gnu/packages/patches/netsurf-about.patch
+++ /dev/null
@@ -1,26 +0,0 @@
---- netsurf-all-3.5/netsurf/gtk/about.c
-+++ netsurf-all-3.5/netsurf/gtk/about.c
-@@ -79,11 +79,11 @@
- 	switch (response_id) {
- 
- 	case ABOUT_RESPONSE_ID_LICENCE:
--		about_open("about:credits");
-+		about_open("about:licence");
- 		break;
- 
- 	case ABOUT_RESPONSE_ID_CREDITS:
--		about_open("about:licence");
-+		about_open("about:credits");
- 		break;
- 	}
- 
---- netsurf-all-3.5/netsurf/desktop/version.c
-+++ netsurf-all-3.5/netsurf/desktop/version.c
-@@ -20,6 +20,6 @@
- 
- #include "desktop/version.h"
- 
--const char * const netsurf_version = "3.5 (6th April 1016)";
-+const char * const netsurf_version = "3.5 (6th April 2016)";
- const int netsurf_version_major = 3;
- const int netsurf_version_minor = 5;
diff --git a/gnu/packages/patches/netsurf-longer-test-timeout.patch b/gnu/packages/patches/netsurf-longer-test-timeout.patch
new file mode 100644
index 0000000000..4dd5a8539f
--- /dev/null
+++ b/gnu/packages/patches/netsurf-longer-test-timeout.patch
@@ -0,0 +1,20 @@
+Increase the timeout on dictionary tests to accommodate slower machines.
+
+--- netsurf-3.6/test/hashtable.c
++++ netsurf-3.6/test/hashtable.c
+@@ -286,6 +286,7 @@
+ 	tcase_add_checked_fixture(tc_dict_s,
+ 				  dicts_hashtable_create,
+ 				  dict_hashtable_teardown);
++	tcase_set_timeout(tc_dict_s, 30);
+ 
+ 	tcase_add_test(tc_dict_s, hashtable_dict_test);
+ 
+@@ -297,6 +298,7 @@
+ 	tcase_add_checked_fixture(tc_dict_l,
+ 				  dictl_hashtable_create,
+ 				  dict_hashtable_teardown);
++	tcase_set_timeout(tc_dict_l, 30);
+ 
+ 	tcase_add_test(tc_dict_l, hashtable_dict_test);
+ 
diff --git a/gnu/packages/patches/netsurf-system-utf8proc.patch b/gnu/packages/patches/netsurf-system-utf8proc.patch
new file mode 100644
index 0000000000..254bf52c93
--- /dev/null
+++ b/gnu/packages/patches/netsurf-system-utf8proc.patch
@@ -0,0 +1,64 @@
+Use upstream utf8proc package, as suggested in
+http://source.netsurf-browser.org/libutf8proc.git/commit/?id=770e329cceaf0620c7b482589a9b17ed1d19c16d
+
+Work around upstream's lack of a pkg-config file and update API.
+
+--- netsurf-3.6/Makefile
++++ netsurf-3.6/Makefile
+@@ -527,10 +527,9 @@
+ $(eval $(call pkg_config_find_and_add,libcss,CSS))
+ $(eval $(call pkg_config_find_and_add,libdom,DOM))
+ $(eval $(call pkg_config_find_and_add,libnsutils,nsutils))
+-$(eval $(call pkg_config_find_and_add,libutf8proc,utf8proc))
+ 
+ # Common libraries without pkg-config support
+-LDFLAGS += -lz
++LDFLAGS += -lz -lutf8proc
+ 
+ # Optional libraries with pkgconfig
+ 
+--- netsurf-3.6/utils/idna.c
++++ netsurf-3.6/utils/idna.c
+@@ -26,7 +26,7 @@
+ #include <stdint.h>
+ #include <stdlib.h>
+ #include <string.h>
+-#include <libutf8proc/utf8proc.h>
++#include <utf8proc.h>
+ 
+ #include "utils/errors.h"
+ #include "utils/idna.h"
+@@ -250,7 +250,7 @@
+ 		return NSERROR_NOMEM;
+ 	}
+ 
+-	nfc_size = utf8proc_normalise(nfc_label, nfc_size,
++	nfc_size = utf8proc_normalize_utf32(nfc_label, nfc_size,
+ 		UTF8PROC_STABLE | UTF8PROC_COMPOSE);
+ 	if (nfc_size < 0) {
+ 		return NSERROR_NOMEM;
+@@ -565,7 +565,7 @@
+ 	}
+ 
+ 	/* Perform NFC normalisation */
+-	ucs4_len = utf8proc_normalise(ucs4, u_ucs4_len,
++	ucs4_len = utf8proc_normalize_utf32(ucs4, u_ucs4_len,
+ 		UTF8PROC_STABLE | UTF8PROC_COMPOSE);
+ 	if (ucs4_len < 0) {
+ 		free(ucs4);
+--- netsurf-3.6/test/Makefile
++++ netsurf-3.6/test/Makefile
+@@ -112,11 +112,11 @@
+ 		-D_XOPEN_SOURCE=600 \
+ 		-Itest -Iinclude -Icontent/handlers -Ifrontends -I. -I.. \
+ 		-Dnsgtk \
+-		$(shell pkg-config --cflags libcurl libparserutils libwapcaplet libdom libnsutils libutf8proc libidn) \
++		$(shell pkg-config --cflags libcurl libparserutils libwapcaplet libdom libnsutils libidn) \
+ 		$(LIB_CFLAGS) \
+ 		$(COV_CFLAGS)
+ 
+-TESTLDFLAGS := $(shell pkg-config --libs libcurl libparserutils libwapcaplet libdom libnsutils libutf8proc libidn) -lz \
++TESTLDFLAGS := $(shell pkg-config --libs libcurl libparserutils libwapcaplet libdom libnsutils libidn) -lz -lutf8proc \
+ 		$(LIB_LDFLAGS)\
+ 		$(COV_LDFLAGS)
+ 
diff --git a/gnu/packages/patches/netsurf-y2038-tests.patch b/gnu/packages/patches/netsurf-y2038-tests.patch
new file mode 100644
index 0000000000..407a5277c8
--- /dev/null
+++ b/gnu/packages/patches/netsurf-y2038-tests.patch
@@ -0,0 +1,25 @@
+These two test cases fail for us on i686.
+
+See https://en.wikipedia.org/wiki/Year_2038_problem
+
+--- netsurf-3.6/test/time.c
++++ netsurf-3.6/test/time.c
+@@ -77,18 +77,10 @@
+ 		.expected = "Tue, 12 Jun 2001 12:12:12 GMT"
+ 	},
+ 	{
+-		.test     = "Thu, 16 Jul 2207 12:45:12 GMT",
+-		.expected = "Thu, 16 Jul 2207 12:45:12 GMT"
+-	},
+-	{
+ 		.test     = "Thu, 16 Aug 2007 19:45:12 GMT",
+ 		.expected = "Thu, 16 Aug 2007 19:45:12 GMT"
+ 	},
+ 	{
+-		.test     = "Tue, 16 Sep 3456 00:45:12 GMT",
+-		.expected = "Tue, 16 Sep 3456 00:45:12 GMT"
+-	},
+-	{
+ 		.test     = "Sun, 16 Oct 1988 19:45:59 GMT",
+ 		.expected = "Sun, 16 Oct 1988 19:45:59 GMT"
+ 	},
diff --git a/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch
index 6edd676e38..83c9dbb3d4 100644
--- a/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch
+++ b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch
@@ -2,25 +2,26 @@ Fix CVE-2017-0358:
 http://seclists.org/oss-sec/2017/q1/259
 This patch was copied from the above URL.
 
-diff -ur ntfs-3g.old/src/lowntfs-3g.c ntfs-3g/src/lowntfs-3g.c
---- ntfs-3g.old/src/lowntfs-3g.c	2017-02-09 15:01:04.074331542 -0500
-+++ ntfs-3g/src/lowntfs-3g.c	2017-02-09 15:06:35.757580937 -0500
-@@ -3827,13 +3827,14 @@
-	struct stat st;
-	pid_t pid;
-	const char *cmd = "/sbin/modprobe";
+diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c
+index 0bb38f9..c6d1dad 100644
+--- a/src/lowntfs-3g.c
++++ b/src/lowntfs-3g.c
+@@ -3827,13 +3827,14 @@ static fuse_fstype load_fuse_module(void)
+ 	struct stat st;
+ 	pid_t pid;
+ 	const char *cmd = "/sbin/modprobe";
 +	char *env = (char*)NULL;
-	struct timespec req = { 0, 100000000 };   /* 100 msec */
-	fuse_fstype fstype;
-        
-	if (!stat(cmd, &st) && !geteuid()) {
-		pid = fork();
-		if (!pid) {
+ 	struct timespec req = { 0, 100000000 };   /* 100 msec */
+ 	fuse_fstype fstype;
+         
+ 	if (!stat(cmd, &st) && !geteuid()) {
+ 		pid = fork();
+ 		if (!pid) {
 -			execl(cmd, cmd, "fuse", NULL);
 +			execle(cmd, cmd, "fuse", NULL, &env);
-			_exit(1);
-		} else if (pid != -1)
-			waitpid(pid, NULL, 0);
+ 			_exit(1);
+ 		} else if (pid != -1)
+ 			waitpid(pid, NULL, 0);
 diff -ur ntfs-3g.old/src/ntfs-3g.c ntfs-3g/src/ntfs-3g.c
 --- ntfs-3g.old/src/ntfs-3g.c	2017-02-09 15:01:04.074331542 -0500
 +++ ntfs-3g/src/ntfs-3g.c	2017-02-09 15:06:26.077252571 -0500
diff --git a/gnu/packages/patches/qemu-CVE-2017-5667.patch b/gnu/packages/patches/qemu-CVE-2017-5667.patch
new file mode 100644
index 0000000000..5adea0d278
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5667.patch
@@ -0,0 +1,46 @@
+Fix CVE-2017-5667 (sdhci OOB access during multi block SDMA transfer):
+
+http://seclists.org/oss-sec/2017/q1/243
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5667
+
+Patch copied from upstream source repository:
+
+http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=42922105beb14c2fc58185ea022b9f72fb5465e9
+
+From 42922105beb14c2fc58185ea022b9f72fb5465e9 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Tue, 7 Feb 2017 18:29:59 +0000
+Subject: [PATCH] sd: sdhci: check data length during dma_memory_read
+
+While doing multi block SDMA transfer in routine
+'sdhci_sdma_transfer_multi_blocks', the 's->fifo_buffer' starting
+index 'begin' and data length 's->data_count' could end up to be same.
+This could lead to an OOB access issue. Correct transfer data length
+to avoid it.
+
+Cc: qemu-stable@nongnu.org
+Reported-by: Jiang Xin <jiangxin1@huawei.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20170130064736.9236-1-ppandit@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ hw/sd/sdhci.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
+index 01fbf228be..5bd5ab6319 100644
+--- a/hw/sd/sdhci.c
++++ b/hw/sd/sdhci.c
+@@ -536,7 +536,7 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
+                 boundary_count -= block_size - begin;
+             }
+             dma_memory_read(&address_space_memory, s->sdmasysad,
+-                            &s->fifo_buffer[begin], s->data_count);
++                            &s->fifo_buffer[begin], s->data_count - begin);
+             s->sdmasysad += s->data_count - begin;
+             if (s->data_count == block_size) {
+                 for (n = 0; n < block_size; n++) {
+-- 
+2.11.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5898.patch b/gnu/packages/patches/qemu-CVE-2017-5898.patch
new file mode 100644
index 0000000000..5a94bb1ae4
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5898.patch
@@ -0,0 +1,44 @@
+Fix CVE-2017-5898 (integer overflow in emulated_apdu_from_guest):
+
+http://seclists.org/oss-sec/2017/q1/328
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5898
+
+Patch copied from upstream source repository:
+
+http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a
+
+From c7dfbf322595ded4e70b626bf83158a9f3807c6a Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Fri, 3 Feb 2017 00:52:28 +0530
+Subject: [PATCH] usb: ccid: check ccid apdu length
+
+CCID device emulator uses Application Protocol Data Units(APDU)
+to exchange command and responses to and from the host.
+The length in these units couldn't be greater than 65536. Add
+check to ensure the same. It'd also avoid potential integer
+overflow in emulated_apdu_from_guest.
+
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 20170202192228.10847-1-ppandit@redhat.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/dev-smartcard-reader.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
+index 89e11b68c4..1325ea1659 100644
+--- a/hw/usb/dev-smartcard-reader.c
++++ b/hw/usb/dev-smartcard-reader.c
+@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv)
+     DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__,
+                 recv->hdr.bSeq, len);
+     ccid_add_pending_answer(s, (CCID_Header *)recv);
+-    if (s->card) {
++    if (s->card && len <= BULK_OUT_DATA_SIZE) {
+         ccid_card_apdu_from_guest(s->card, recv->abData, len);
+     } else {
+         DPRINTF(s, D_WARN, "warning: discarded apdu\n");
+-- 
+2.11.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5931.patch b/gnu/packages/patches/qemu-CVE-2017-5931.patch
new file mode 100644
index 0000000000..08910e5fac
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5931.patch
@@ -0,0 +1,55 @@
+Fix CVE-2017-5931 (integer overflow in handling virtio-crypto requests):
+
+http://seclists.org/oss-sec/2017/q1/337
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5931
+
+Patch copied from upstream source repository:
+
+http://git.qemu-project.org/?p=qemu.git;a=commit;h=a08aaff811fb194950f79711d2afe5a892ae03a4
+
+From a08aaff811fb194950f79711d2afe5a892ae03a4 Mon Sep 17 00:00:00 2001
+From: Gonglei <arei.gonglei@huawei.com>
+Date: Tue, 3 Jan 2017 14:50:03 +0800
+Subject: [PATCH] virtio-crypto: fix possible integer and heap overflow
+
+Because the 'size_t' type is 4 bytes in 32-bit platform, which
+is the same with 'int'. It's easy to make 'max_len' to zero when
+integer overflow and then cause heap overflow if 'max_len' is zero.
+
+Using uint_64 instead of size_t to avoid the integer overflow.
+
+Cc: qemu-stable@nongnu.org
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Gonglei <arei.gonglei@huawei.com>
+Tested-by: Li Qiang <liqiang6-s@360.cn>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ hw/virtio/virtio-crypto.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
+index 2f2467e859..c23e1ad458 100644
+--- a/hw/virtio/virtio-crypto.c
++++ b/hw/virtio/virtio-crypto.c
+@@ -416,7 +416,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
+     uint32_t hash_start_src_offset = 0, len_to_hash = 0;
+     uint32_t cipher_start_src_offset = 0, len_to_cipher = 0;
+ 
+-    size_t max_len, curr_size = 0;
++    uint64_t max_len, curr_size = 0;
+     size_t s;
+ 
+     /* Plain cipher */
+@@ -441,7 +441,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
+         return NULL;
+     }
+ 
+-    max_len = iv_len + aad_len + src_len + dst_len + hash_result_len;
++    max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len;
+     if (unlikely(max_len > vcrypto->conf.max_size)) {
+         virtio_error(vdev, "virtio-crypto too big length");
+         return NULL;
+-- 
+2.11.1
+
diff --git a/gnu/packages/patches/screen-CVE-2017-5618.patch b/gnu/packages/patches/screen-CVE-2017-5618.patch
new file mode 100644
index 0000000000..1b95e428c8
--- /dev/null
+++ b/gnu/packages/patches/screen-CVE-2017-5618.patch
@@ -0,0 +1,40 @@
+Fixes CVE-2017-5618 (privilege escalation via opening the logfile when
+screen is installed setuid root):
+
+https://savannah.gnu.org/bugs/?50142
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5618
+
+This patch reverts the upstream commit that introduced the bug:
+
+https://git.savannah.gnu.org/cgit/screen.git/commit/?id=5460f5d28c01a9a58e021eb1dffef2965e629d58
+
+From f55b0cc29a0ac2a1c54e8a5e886b7393edd4a76c Mon Sep 17 00:00:00 2001
+From: Leo Famulari <leo@famulari.name>
+Date: Sat, 11 Feb 2017 22:40:24 -0500
+Subject: [PATCH] Revert "adding permissions check for the logfile name"
+
+This reverts commit 5460f5d28c01a9a58e021eb1dffef2965e629d58.
+---
+ src/screen.c | 6 ------
+ 1 file changed, 6 deletions(-)
+
+diff --git a/src/screen.c b/src/screen.c
+index 64650e9..283c305 100644
+--- a/src/screen.c
++++ b/src/screen.c
+@@ -673,12 +673,6 @@ int main(int ac, char** av)
+                 Panic(0, "-L: logfile name can not start with \"-\" symbol");
+               if (strlen(screenlogfile) > PATH_MAX)
+                 Panic(0, "-L: logfile name too long. (max. %d char)", PATH_MAX);
+-
+-              FILE *w_check;
+-              if ((w_check = fopen(screenlogfile, "w")) == NULL)
+-                Panic(0, "-L: logfile name access problem");
+-              else
+-                fclose(w_check);
+             }
+             nwin_options.Lflag = 1;
+             break;
+-- 
+2.11.1
+
diff --git a/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch b/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch
new file mode 100644
index 0000000000..3f357c4924
--- /dev/null
+++ b/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch
@@ -0,0 +1,31 @@
+Patch copied from upstream source repository:
+
+https://github.com/shadow-maint/shadow/commit/67d2bb6e0a5ac124ce1f026dd5723217b1493194
+
+From 67d2bb6e0a5ac124ce1f026dd5723217b1493194 Mon Sep 17 00:00:00 2001
+From: Serge Hallyn <serge@hallyn.com>
+Date: Sun, 18 Sep 2016 21:31:18 -0500
+Subject: [PATCH] su.c: fix missing length argument to snprintf
+
+---
+ src/su.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/su.c b/src/su.c
+index 0c50a9456afd..93ffd2fbe2b4 100644
+--- a/src/su.c
++++ b/src/su.c
+@@ -373,8 +373,8 @@ static void prepare_pam_close_session (void)
+ 		              stderr);
+ 		(void) kill (-pid_child, caught);
+ 
+-		snprintf (kill_msg, _(" ...killed.\n"));
+-		snprintf (wait_msg, _(" ...waiting for child to terminate.\n"));
++		snprintf (kill_msg, 256, _(" ...killed.\n"));
++		snprintf (wait_msg, 256, _(" ...waiting for child to terminate.\n"));
+ 
+ 		(void) signal (SIGALRM, kill_child);
+ 		(void) alarm (2);
+-- 
+2.11.0.rc2
+
diff --git a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch b/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch
index b63d5bb018..4092261f75 100644
--- a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch
+++ b/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch
@@ -1,19 +1,19 @@
-From 53eda9102b969a4be2882cea4befee03591a7436 Mon Sep 17 00:00:00 2001
-From: Pjotr Prins <pjotr.public01@thebird.nl>
-Date: Fri, 12 Feb 2016 12:43:33 +0100
-Subject: [PATCH] Remove contribs
+From 49d83e24a8e66977056fc9920812265c16806500 Mon Sep 17 00:00:00 2001
+From: carolili <carolili@iki.fi>
+Date: Thu, 9 Feb 2017 19:24:49 +0000
+Subject: [PATCH] Removing contribs
 
 ---
- configure.ac | 20 --------------------
- 1 file changed, 20 deletions(-)
+ configure.ac | 22 ----------------------
+ 1 file changed, 22 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index fedf354..e010732 100644
+index 1cf1051..5d76b44 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -438,26 +438,6 @@ dnl All slurm Makefiles:
+@@ -435,28 +435,6 @@ dnl All slurm Makefiles:
+ 
  AC_CONFIG_FILES([Makefile
- 		 config.xml
  		 auxdir/Makefile
 -		 contribs/Makefile
 -		 contribs/cray/Makefile
@@ -27,7 +27,9 @@ index fedf354..e010732 100644
 -		 contribs/perlapi/libslurm/perl/Makefile.PL
 -		 contribs/perlapi/libslurmdb/Makefile
 -		 contribs/perlapi/libslurmdb/perl/Makefile.PL
+-		 contribs/seff/Makefile
 -		 contribs/torque/Makefile
+-		 contribs/openlava/Makefile
 -		 contribs/phpext/Makefile
 -		 contribs/phpext/slurm_php/config.m4
 -		 contribs/sgather/Makefile
@@ -39,5 +41,5 @@ index fedf354..e010732 100644
  		 doc/man/Makefile
  		 doc/man/man1/Makefile
 -- 
-2.1.4
+2.11.0
 
diff --git a/gnu/packages/patches/spice-CVE-2016-9577.patch b/gnu/packages/patches/spice-CVE-2016-9577.patch
new file mode 100644
index 0000000000..a2cb558cd3
--- /dev/null
+++ b/gnu/packages/patches/spice-CVE-2016-9577.patch
@@ -0,0 +1,33 @@
+Prevent buffer overflow when reading large messages.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1401603
+https://access.redhat.com/security/cve/CVE-2016-9577
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9577
+https://security-tracker.debian.org/tracker/CVE-2016-9577
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3
+
+From 5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3 Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Tue, 29 Nov 2016 16:46:56 +0000
+Subject: main-channel: Prevent overflow reading messages from client
+
+diff --git a/server/main_channel.c b/server/main_channel.c
+index 0ecc9df..1fc3915 100644
+--- a/server/main_channel.c
++++ b/server/main_channel.c
+@@ -1026,6 +1026,9 @@ static uint8_t *main_channel_alloc_msg_rcv_buf(RedChannelClient *rcc,
+ 
+     if (type == SPICE_MSGC_MAIN_AGENT_DATA) {
+         return reds_get_agent_data_buffer(mcc, size);
++    } else if (size > sizeof(main_chan->recv_buf)) {
++        /* message too large, caller will log a message and close the connection */
++        return NULL;
+     } else {
+         return main_chan->recv_buf;
+     }
+-- 
+cgit v0.10.2
+
diff --git a/gnu/packages/patches/spice-CVE-2016-9578-1.patch b/gnu/packages/patches/spice-CVE-2016-9578-1.patch
new file mode 100644
index 0000000000..f86cdb4eb1
--- /dev/null
+++ b/gnu/packages/patches/spice-CVE-2016-9578-1.patch
@@ -0,0 +1,33 @@
+Prevent possible DoS during protocol handshake.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1399566
+https://access.redhat.com/security/cve/CVE-2016-9578
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578
+https://security-tracker.debian.org/tracker/CVE-2016-9578
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a
+
+From 1c6517973095a67c8cb57f3550fc1298404ab556 Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Tue, 13 Dec 2016 14:39:48 +0000
+Subject: Prevent possible DoS attempts during protocol handshake
+
+diff --git a/server/reds.c b/server/reds.c
+index f40b65c..86a33d5 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -2202,7 +2202,8 @@ static void reds_handle_read_header_done(void *opaque)
+ 
+     reds->peer_minor_version = header->minor_version;
+ 
+-    if (header->size < sizeof(SpiceLinkMess)) {
++    /* the check for 4096 is to avoid clients to cause arbitrary big memory allocations */
++    if (header->size < sizeof(SpiceLinkMess) || header->size > 4096) {
+         reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
+         spice_warning("bad size %u", header->size);
+         reds_link_free(link);
+-- 
+cgit v0.10.2
+
diff --git a/gnu/packages/patches/spice-CVE-2016-9578-2.patch b/gnu/packages/patches/spice-CVE-2016-9578-2.patch
new file mode 100644
index 0000000000..76f7ec7ffb
--- /dev/null
+++ b/gnu/packages/patches/spice-CVE-2016-9578-2.patch
@@ -0,0 +1,38 @@
+Fixes a potential buffer overflow in the protocol handling.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1399566
+https://access.redhat.com/security/cve/CVE-2016-9578
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578
+https://security-tracker.debian.org/tracker/CVE-2016-9578
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a
+
+From f66dc643635518e53dfbe5262f814a64eec54e4a Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Tue, 13 Dec 2016 14:40:10 +0000
+Subject: Prevent integer overflows in capability checks
+
+diff --git a/server/reds.c b/server/reds.c
+index 86a33d5..9150454 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -2110,6 +2110,14 @@ static void reds_handle_read_link_done(void *opaque)
+     link_mess->num_channel_caps = GUINT32_FROM_LE(link_mess->num_channel_caps);
+     link_mess->num_common_caps = GUINT32_FROM_LE(link_mess->num_common_caps);
+ 
++    /* Prevent DoS. Currently we defined only 13 capabilities,
++     * I expect 1024 to be valid for quite a lot time */
++    if (link_mess->num_channel_caps > 1024 || link_mess->num_common_caps > 1024) {
++        reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
++        reds_link_free(link);
++        return;
++    }
++
+     num_caps = link_mess->num_common_caps + link_mess->num_channel_caps;
+     caps = (uint32_t *)((uint8_t *)link_mess + link_mess->caps_offset);
+ 
+-- 
+cgit v0.10.2
+
diff --git a/gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch b/gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch
new file mode 100644
index 0000000000..03093e8330
--- /dev/null
+++ b/gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch
@@ -0,0 +1,42 @@
+Fix test failures caused by some build machines running more slowly than
+expected, which manifest like this:
+
+------
+>       raise FailedHealthCheck(message)
+E       hypothesis.errors.FailedHealthCheck: Data generation is extremely slow: Only produced 4 valid examples in 1.08 seconds (1 invalid ones and 0 exceeded maximum size). Try decreasing size of the data you're generating (with e.g.average_size or max_leaves parameters).
+E       See http://hypothesis.readthedocs.org/en/latest/healthchecks.html for more information about this. If you want to disable just this health check, add HealthCheck.too_slowto the suppress_health_check settings for this test.
+
+/gnu/store/b8d1r8bilvm3jkncgrpvmg3dni9cgcr1-python-hypothesis-3.1.0/lib/python3.5/site-packages/hypothesis/core.py:296: FailedHealthCheck
+------
+
+Patch copied from upstream source repository:
+
+https://github.com/pimutils/vdirsyncer/commit/10490a12f13f03495e0945eb9d45d7aed9ab0a6c
+
+From 10490a12f13f03495e0945eb9d45d7aed9ab0a6c Mon Sep 17 00:00:00 2001
+From: Markus Unterwaditzer <markus@unterwaditzer.net>
+Date: Sat, 18 Feb 2017 15:45:06 +0100
+Subject: [PATCH] Unconditionally disable HealthCheck.too_slow
+
+---
+ tests/conftest.py | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/tests/conftest.py b/tests/conftest.py
+index e0a07d5..3afd7cd 100644
+--- a/tests/conftest.py
++++ b/tests/conftest.py
+@@ -26,10 +26,12 @@ def benchmark():
+ else:
+     del pytest_benchmark
+ 
++
++settings.suppress_health_check = [HealthCheck.too_slow]
++
+ settings.register_profile("ci", settings(
+     max_examples=1000,
+     verbosity=Verbosity.verbose,
+-    suppress_health_check=[HealthCheck.too_slow]
+ ))
+ settings.register_profile("deterministic", settings(
+     derandomize=True,
diff --git a/gnu/packages/patches/vim-CVE-2017-5953.patch b/gnu/packages/patches/vim-CVE-2017-5953.patch
new file mode 100644
index 0000000000..7b66f1bf16
--- /dev/null
+++ b/gnu/packages/patches/vim-CVE-2017-5953.patch
@@ -0,0 +1,24 @@
+Fix CVE-2017-5953:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953
+https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY
+
+Patch adapted from upstream commit, correcting the transcription error
+in the bounds check:
+
+https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d
+
+diff --git a/src/spellfile.c b/src/spellfile.c
+index c7d87c6..8b1a3a6 100644
+--- a/src/spellfile.c
++++ b/src/spellfile.c
+@@ -1595,6 +1595,9 @@ spell_read_tree(
+     len = get4c(fd);
+     if (len < 0)
+ 	return SP_TRUNCERROR;
++    if (len >= 0x3fffffff)
++	/* Invalid length, multiply with sizeof(int) would overflow. */
++	return SP_FORMERROR;
+     if (len > 0)
+     {
+ 	/* Allocate the byte array. */