Merge branch 'master' into core-updates

14 files changed, 710 insertions, 1244 deletions

diff --git a/gnu/packages/patches/avrdude-fix-libusb.patch b/gnu/packages/patches/avrdude-fix-libusb.patch
deleted file mode 100644
index 13d0eca91c..0000000000
--- a/gnu/packages/patches/avrdude-fix-libusb.patch
+++ /dev/null
@@ -1,256 +0,0 @@
-Avrdude cannot build with our version of libusb. This patch fixes that.
-See http://savannah.nongnu.org/bugs/?41854
-
-diff --git a/dfu.c b/dfu.c
-index 7d349bc..0f80440 100644
---- a/dfu.c
-+++ b/dfu.c
-@@ -36,13 +36,14 @@
- 
- #ifndef HAVE_LIBUSB
- 
--int dfu_open(struct dfu_dev *dfu, char *port_name) {
-+struct dfu_dev * dfu_open(char *port_spec) {
-   fprintf(stderr, "%s: Error: No USB support in this compile of avrdude\n",
-     progname);
--  return -1;
-+  return NULL;
- }
- 
--int dfu_init(struct dfu_dev *dfu, unsigned short usb_pid) {
-+int dfu_init(struct dfu_dev *dfu,
-+  unsigned short vid, unsigned short pid) {
-   return -1;
- }
- 
-diff --git a/flip1.c b/flip1.c
-index b891d80..0959996 100644
---- a/flip1.c
-+++ b/flip1.c
-@@ -164,6 +164,8 @@ static void flip1_setup(PROGRAMMER * pgm);
- static void flip1_teardown(PROGRAMMER * pgm);
- 
- /* INTERNAL PROGRAMMER FUNCTION PROTOTYPES */
-+#ifdef HAVE_LIBUSB
-+// The internal ones are made conditional, as they're not defined further down #ifndef HAVE_LIBUSB
- 
- static void flip1_show_info(struct flip1 *flip1);
- 
-@@ -177,6 +179,8 @@ static const char * flip1_mem_unit_str(enum flip1_mem_unit mem_unit);
- static int flip1_set_mem_page(struct dfu_dev *dfu, unsigned short page_addr);
- static enum flip1_mem_unit flip1_mem_unit(const char *name);
- 
-+#endif /* HAVE_LIBUSB */
-+
- /* THE INITPGM FUNCTION DEFINITIONS */
- 
- void flip1_initpgm(PROGRAMMER *pgm)
-@@ -201,6 +205,7 @@ void flip1_initpgm(PROGRAMMER *pgm)
-   pgm->teardown         = flip1_teardown;
- }
- 
-+#ifdef HAVE_LIBUSB
- /* EXPORTED PROGRAMMER FUNCTION DEFINITIONS */
- 
- int flip1_open(PROGRAMMER *pgm, char *port_spec)
-@@ -876,3 +881,82 @@ enum flip1_mem_unit flip1_mem_unit(const char *name) {
-     return FLIP1_MEM_UNIT_EEPROM;
-   return FLIP1_MEM_UNIT_UNKNOWN;
- }
-+#else /* HAVE_LIBUSB */
-+// Dummy functions
-+int flip1_open(PROGRAMMER *pgm, char *port_spec)
-+{
-+  fprintf(stderr, "%s: Error: No USB support in this compile of avrdude\n",
-+    progname);
-+  return NULL;
-+}
-+
-+int flip1_initialize(PROGRAMMER* pgm, AVRPART *part)
-+{
-+  return -1;
-+}
-+
-+void flip1_close(PROGRAMMER* pgm)
-+{
-+}
-+
-+void flip1_enable(PROGRAMMER* pgm)
-+{
-+}
-+
-+void flip1_disable(PROGRAMMER* pgm)
-+{
-+}
-+
-+void flip1_display(PROGRAMMER* pgm, const char *prefix)
-+{
-+}
-+
-+int flip1_program_enable(PROGRAMMER* pgm, AVRPART *part)
-+{
-+  return -1;
-+}
-+
-+int flip1_chip_erase(PROGRAMMER* pgm, AVRPART *part)
-+{
-+  return -1;
-+}
-+
-+int flip1_read_byte(PROGRAMMER* pgm, AVRPART *part, AVRMEM *mem,
-+  unsigned long addr, unsigned char *value)
-+{
-+  return -1;
-+}
-+
-+int flip1_write_byte(PROGRAMMER* pgm, AVRPART *part, AVRMEM *mem,
-+  unsigned long addr, unsigned char value)
-+{
-+  return -1;
-+}
-+
-+int flip1_paged_load(PROGRAMMER* pgm, AVRPART *part, AVRMEM *mem,
-+  unsigned int page_size, unsigned int addr, unsigned int n_bytes)
-+{
-+  return -1;
-+}
-+
-+int flip1_paged_write(PROGRAMMER* pgm, AVRPART *part, AVRMEM *mem,
-+  unsigned int page_size, unsigned int addr, unsigned int n_bytes)
-+{
-+  return -1;
-+}
-+
-+int flip1_read_sig_bytes(PROGRAMMER* pgm, AVRPART *part, AVRMEM *mem)
-+{
-+  return -1;
-+}
-+
-+void flip1_setup(PROGRAMMER * pgm)
-+{
-+}
-+
-+void flip1_teardown(PROGRAMMER * pgm)
-+{
-+}
-+
-+
-+#endif /* HAVE_LIBUSB */
-\ No newline at end of file
-
-diff --git a/flip2.c b/flip2.c
-index ed8e996..16c4bf8 100644
---- a/flip2.c
-+++ b/flip2.c
-@@ -151,6 +151,8 @@ static void flip2_setup(PROGRAMMER * pgm);
- static void flip2_teardown(PROGRAMMER * pgm);
- 
- /* INTERNAL PROGRAMMER FUNCTION PROTOTYPES */
-+#ifdef HAVE_LIBUSB
-+// The internal ones are made conditional, as they're not defined further down #ifndef HAVE_LIBUSB
- 
- static void flip2_show_info(struct flip2 *flip2);
- 
-@@ -171,6 +173,8 @@ static const char * flip2_status_str(const struct dfu_status *status);
- static const char * flip2_mem_unit_str(enum flip2_mem_unit mem_unit);
- static enum flip2_mem_unit flip2_mem_unit(const char *name);
- 
-+#endif /* HAVE_LIBUSB */
-+
- /* THE INITPGM FUNCTION DEFINITIONS */
- 
- void flip2_initpgm(PROGRAMMER *pgm)
-@@ -195,6 +199,7 @@ void flip2_initpgm(PROGRAMMER *pgm)
-   pgm->teardown         = flip2_teardown;
- }
- 
-+#ifdef HAVE_LIBUSB
- /* EXPORTED PROGRAMMER FUNCTION DEFINITIONS */
- 
- int flip2_open(PROGRAMMER *pgm, char *port_spec)
-@@ -922,3 +927,85 @@ enum flip2_mem_unit flip2_mem_unit(const char *name) {
-     return FLIP2_MEM_UNIT_SIGNATURE;
-   return FLIP2_MEM_UNIT_UNKNOWN;
- }
-+
-+#else /* HAVE_LIBUSB */
-+
-+/* EXPORTED PROGRAMMER FUNCTION DEFINITIONS */
-+
-+int flip2_open(PROGRAMMER *pgm, char *port_spec)
-+{
-+  fprintf(stderr, "%s: Error: No USB support in this compile of avrdude\n",
-+    progname);
-+  return NULL;
-+}
-+
-+int flip2_initialize(PROGRAMMER* pgm, AVRPART *part)
-+{
-+  return -1;
-+}
-+
-+void flip2_close(PROGRAMMER* pgm)
-+{
-+}
-+
-+void flip2_enable(PROGRAMMER* pgm)
-+{
-+}
-+
-+void flip2_disable(PROGRAMMER* pgm)
-+{
-+}
-+
-+void flip2_display(PROGRAMMER* pgm, const char *prefix)
-+{
-+}
-+
-+int flip2_program_enable(PROGRAMMER* pgm, AVRPART *part)
-+{
-+  return -1;
-+}
-+
-+int flip2_chip_erase(PROGRAMMER* pgm, AVRPART *part)
-+{
-+  return -1;
-+}
-+
-+int flip2_read_byte(PROGRAMMER* pgm, AVRPART *part, AVRMEM *mem,
-+  unsigned long addr, unsigned char *value)
-+{
-+  return -1;
-+}
-+
-+int flip2_write_byte(PROGRAMMER* pgm, AVRPART *part, AVRMEM *mem,
-+  unsigned long addr, unsigned char value)
-+{
-+  return -1;
-+}
-+
-+int flip2_paged_load(PROGRAMMER* pgm, AVRPART *part, AVRMEM *mem,
-+  unsigned int page_size, unsigned int addr, unsigned int n_bytes)
-+{
-+  return -1;
-+}
-+
-+int flip2_paged_write(PROGRAMMER* pgm, AVRPART *part, AVRMEM *mem,
-+  unsigned int page_size, unsigned int addr, unsigned int n_bytes)
-+{
-+  return -1;
-+}
-+
-+int flip2_read_sig_bytes(PROGRAMMER* pgm, AVRPART *part, AVRMEM *mem)
-+{
-+  return -1;
-+}
-+
-+void flip2_setup(PROGRAMMER * pgm)
-+{
-+}
-+
-+void flip2_teardown(PROGRAMMER * pgm)
-+{
-+}
-+
-+
-+#endif /* HAVE_LIBUSB */
diff --git a/gnu/packages/patches/clang-3.8-libc-search-path.patch b/gnu/packages/patches/clang-3.8-libc-search-path.patch
new file mode 100644
index 0000000000..0f7d0a4add
--- /dev/null
+++ b/gnu/packages/patches/clang-3.8-libc-search-path.patch
@@ -0,0 +1,69 @@
+Clang attempts to guess file names based on the OS and distro (yes!),
+but unfortunately, that doesn't work for us.
+
+This patch makes it easy to insert libc's $libdir so that Clang passes the
+correct absolute file name of crt1.o etc. to 'ld'.  It also disables all
+the distro-specific stuff and removes the hard-coded FHS directory names
+to make sure Clang also works on non-GuixSD systems.
+
+This patch makes slight adjustments over "clang-libc-search-path.patch" for
+changes in clang 3.8.
+
+--- cfe-3.8.0.src/lib/Driver/ToolChains.cpp
++++ cfe-3.8.0.src/lib/Driver/ToolChains.cpp
+@@ -3661,6 +3661,9 @@
+                          GCCInstallation.getTriple().str() + "/bin")
+                        .str());
+ 
++  // Comment out the distro-specific tweaks so that they don't bite when
++  // using Guix on a foreign distro.
++#if 0
+   Distro Distro = DetectDistro(D, Arch);
+ 
+   if (IsOpenSUSE(Distro) || IsUbuntu(Distro)) {
+@@ -3702,6 +3705,7 @@
+ 
+   if (IsOpenSUSE(Distro))
+     ExtraOpts.push_back("--enable-new-dtags");
++#endif
+ 
+   // The selection of paths to try here is designed to match the patterns which
+   // the GCC driver itself uses, as this is part of the GCC-compatible driver.
+@@ -3771,14 +3775,12 @@
+     addPathIfExists(D, D.Dir + "/../" + OSLibDir, Paths);
+   }
+ 
+-  addPathIfExists(D, SysRoot + "/lib/" + MultiarchTriple, Paths);
+-  addPathIfExists(D, SysRoot + "/lib/../" + OSLibDir, Paths);
+-  addPathIfExists(D, SysRoot + "/usr/lib/" + MultiarchTriple, Paths);
+-  addPathIfExists(D, SysRoot + "/usr/lib/../" + OSLibDir, Paths);
+-
+   // Try walking via the GCC triple path in case of biarch or multiarch GCC
+   // installations with strange symlinks.
+   if (GCCInstallation.isValid()) {
++    // The following code would end up adding things like
++    // "/usr/lib/x86_64-unknown-linux-gnu/../../lib64" to the search path.
++#if 0
+     addPathIfExists(D,
+                     SysRoot + "/usr/lib/" + GCCInstallation.getTriple().str() +
+                         "/../../" + OSLibDir,
+@@ -3791,6 +3793,7 @@
+                              BiarchSibling.gccSuffix(),
+                       Paths);
+     }
++#endif
+ 
+     // See comments above on the multilib variant for details of why this is
+     // included even from outside the sysroot.
+@@ -3815,8 +3818,9 @@
+   if (StringRef(D.Dir).startswith(SysRoot))
+     addPathIfExists(D, D.Dir + "/../lib", Paths);
+ 
+-  addPathIfExists(D, SysRoot + "/lib", Paths);
+-  addPathIfExists(D, SysRoot + "/usr/lib", Paths);
++  // Add libc's lib/ directory to the search path, so that crt1.o, crti.o,
++  // and friends can be found.
++  addPathIfExists(D, "@GLIBC_LIBDIR@", Paths);
+ }
+ 
+ bool Linux::HasNativeLLVMSupport() const { return true; }
diff --git a/gnu/packages/patches/gd-CVE-2016-5766.patch b/gnu/packages/patches/gd-CVE-2016-5766.patch
new file mode 100644
index 0000000000..400cb0ab48
--- /dev/null
+++ b/gnu/packages/patches/gd-CVE-2016-5766.patch
@@ -0,0 +1,81 @@
+Fix CVE-2016-5766 (Integer Overflow in _gd2GetHeader() resulting in heap
+overflow).
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766
+
+Adapted from upstream commits:
+https://github.com/libgd/libgd/commit/aba3db8ba159465ecec1089027a24835a6da9cc0
+https://github.com/libgd/libgd/commit/a6a0e7feabb2a9738086a5dc96348f233c87fa79
+
+Since `patch` cannot apply Git binary diffs, we omit the addition of
+'tests/gd2/php_bug_72339.c' and its associated binary data.
+
+From aba3db8ba159465ecec1089027a24835a6da9cc0 Mon Sep 17 00:00:00 2001
+From: Pierre Joye <pierre.php@gmail.com>
+Date: Tue, 28 Jun 2016 16:23:42 +0700
+Subject: [PATCH] fix php bug 72339 (CVE-2016-5766), Integer Overflow in
+ _gd2GetHeader() resulting in heap overflow
+
+---
+ src/gd_gd2.c                    |   5 ++++-
+ tests/gd2/CMakeLists.txt        |   1 +
+ tests/gd2/Makemodule.am         |   6 ++++--
+ tests/gd2/php_bug_72339.c       |  21 +++++++++++++++++++++
+ tests/gd2/php_bug_72339_exp.gd2 | Bin 0 -> 67108882 bytes
+ 5 files changed, 30 insertions(+), 3 deletions(-)
+ create mode 100644 tests/gd2/php_bug_72339.c
+ create mode 100644 tests/gd2/php_bug_72339_exp.gd2
+
+diff --git a/src/gd_gd2.c b/src/gd_gd2.c
+index fd1e0c9..bdbbecf 100644
+--- a/src/gd_gd2.c
++++ b/src/gd_gd2.c
+@@ -154,8 +154,11 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, int *sy,
+ 		nc = (*ncx) * (*ncy);
+ 		GD2_DBG (printf ("Reading %d chunk index entries\n", nc));
+ 		sidx = sizeof (t_chunk_info) * nc;
++		if (overflow2(sidx, nc)) {
++			goto fail1;
++		}
+ 		cidx = gdCalloc (sidx, 1);
+-		if (!cidx) {
++		if (cidx == NULL) {
+ 			goto fail1;
+ 		}
+ 		for (i = 0; i < nc; i++) {
+From a6a0e7feabb2a9738086a5dc96348f233c87fa79 Mon Sep 17 00:00:00 2001
+From: Pierre Joye <pierre.php@gmail.com>
+Date: Wed, 29 Jun 2016 09:36:26 +0700
+Subject: [PATCH] fix php bug 72339 (CVE-2016-5766), Integer Overflow in
+ _gd2GetHeader() resulting in heap overflow. Sync with php's sync
+
+---
+ src/gd_gd2.c              | 7 ++++++-
+ tests/gd2/php_bug_72339.c | 2 +-
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/gd_gd2.c b/src/gd_gd2.c
+index bdbbecf..2837456 100644
+--- a/src/gd_gd2.c
++++ b/src/gd_gd2.c
+@@ -152,11 +152,16 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, int *sy,
+ 
+ 	if (gd2_compressed (*fmt)) {
+ 		nc = (*ncx) * (*ncy);
++
+ 		GD2_DBG (printf ("Reading %d chunk index entries\n", nc));
++		if (overflow2(sizeof(t_chunk_info), nc)) {
++			goto fail1;
++		}
+ 		sidx = sizeof (t_chunk_info) * nc;
+-		if (overflow2(sidx, nc)) {
++		if (sidx <= 0) {
+ 			goto fail1;
+ 		}
++
+ 		cidx = gdCalloc (sidx, 1);
+ 		if (cidx == NULL) {
+ 			goto fail1;
+-- 
+2.9.1
+
diff --git a/gnu/packages/patches/gd-CVE-2016-6128.patch b/gnu/packages/patches/gd-CVE-2016-6128.patch
new file mode 100644
index 0000000000..45ee6b0cfa
--- /dev/null
+++ b/gnu/packages/patches/gd-CVE-2016-6128.patch
@@ -0,0 +1,253 @@
+Fix CVE-2016-6128 (invalid color index is not properly handled leading
+to denial of service).
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6128
+
+Copied from upstream commits:
+https://github.com/libgd/libgd/compare/3fe0a7128bac5000fdcfab888bd2a75ec0c9447d...fd623025505e87bba7ec8555eeb72dae4fb0afd
+
+From 1ccfe21e14c4d18336f9da8515cd17db88c3de61 Mon Sep 17 00:00:00 2001
+From: Pierre Joye <pierre.php@gmail.com>
+Date: Mon, 27 Jun 2016 11:17:39 +0700
+Subject: [PATCH 1/8] fix php 72494, invalid color index not handled, can lead
+ to crash
+
+---
+ src/gd_crop.c        | 4 ++++
+ tests/CMakeLists.txt | 1 +
+ tests/Makefile.am    | 1 +
+ 3 files changed, 6 insertions(+)
+
+diff --git a/src/gd_crop.c b/src/gd_crop.c
+index 0296633..532b49b 100644
+--- a/src/gd_crop.c
++++ b/src/gd_crop.c
+@@ -136,6 +136,10 @@ BGD_DECLARE(gdImagePtr) gdImageCropThreshold(gdImagePtr im, const unsigned int c
+ 		return NULL;
+ 	}
+ 
++	if (color < 0 || (!gdImageTrueColor(im) && color >= gdImageColorsTotal(im))) {
++		return NULL;
++	}
++
+ 	/* TODO: Add gdImageGetRowPtr and works with ptr at the row level
+ 	 * for the true color and palette images
+ 	 * new formats will simply work with ptr
+diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
+index 6f5c786..5093d52 100644
+--- a/tests/CMakeLists.txt
++++ b/tests/CMakeLists.txt
+@@ -31,6 +31,7 @@ if (BUILD_TEST)
+ 		gdimagecolortransparent
+ 		gdimagecopy
+ 		gdimagecopyrotated
++        gdimagecrop
+ 		gdimagefile
+ 		gdimagefill
+ 		gdimagefilledellipse
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 4f6e756..5a0ebe8 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -25,6 +25,7 @@ include gdimagecolorresolve/Makemodule.am
+ include gdimagecolortransparent/Makemodule.am
+ include gdimagecopy/Makemodule.am
+ include gdimagecopyrotated/Makemodule.am
++include gdimagecrop/Makemodule.am
+ include gdimagefile/Makemodule.am
+ include gdimagefill/Makemodule.am
+ include gdimagefilledellipse/Makemodule.am
+-- 
+2.9.1
+
+From 8c9f39c7cb1f62ea00bc7a48aff64d3811c2d6d0 Mon Sep 17 00:00:00 2001
+From: Pierre Joye <pierre.php@gmail.com>
+Date: Mon, 27 Jun 2016 11:20:07 +0700
+Subject: [PATCH 2/8] fix php 72494, invalid color index not handled, can lead
+ to crash
+
+---
+ tests/gdimagecrop/.gitignore | 1 +
+ 1 file changed, 1 insertion(+)
+ create mode 100644 tests/gdimagecrop/.gitignore
+
+diff --git a/tests/gdimagecrop/.gitignore b/tests/gdimagecrop/.gitignore
+new file mode 100644
+index 0000000..8e8c9c3
+--- /dev/null
++++ b/tests/gdimagecrop/.gitignore
+@@ -0,0 +1 @@
++/php_bug_72494
+-- 
+2.9.1
+
+From 8de370b7b6263a02268037a7cd13ddd991b43ea9 Mon Sep 17 00:00:00 2001
+From: Pierre Joye <pierre.php@gmail.com>
+Date: Mon, 27 Jun 2016 11:24:50 +0700
+Subject: [PATCH 3/8] fix php 72494, invalid color index not handled, can lead
+ to crash
+
+---
+ tests/gdimagecrop/CMakeLists.txt | 5 +++++
+ 1 file changed, 5 insertions(+)
+ create mode 100644 tests/gdimagecrop/CMakeLists.txt
+
+diff --git a/tests/gdimagecrop/CMakeLists.txt b/tests/gdimagecrop/CMakeLists.txt
+new file mode 100644
+index 0000000..f7e4c7e
+--- /dev/null
++++ b/tests/gdimagecrop/CMakeLists.txt
+@@ -0,0 +1,5 @@
++SET(TESTS_FILES
++	php_bug_72494
++)
++
++ADD_GD_TESTS()
+-- 
+2.9.1
+
+From bca12e4e11ecda8a0ea719472700ad5c2b36a0d6 Mon Sep 17 00:00:00 2001
+From: Pierre Joye <pierre.php@gmail.com>
+Date: Mon, 27 Jun 2016 11:25:12 +0700
+Subject: [PATCH 4/8] fix php 72494, invalid color index not handled, can lead
+ to crash
+
+---
+ tests/gdimagecrop/Makemodule.am | 5 +++++
+ 1 file changed, 5 insertions(+)
+ create mode 100644 tests/gdimagecrop/Makemodule.am
+
+diff --git a/tests/gdimagecrop/Makemodule.am b/tests/gdimagecrop/Makemodule.am
+new file mode 100644
+index 0000000..210888b
+--- /dev/null
++++ b/tests/gdimagecrop/Makemodule.am
+@@ -0,0 +1,5 @@
++libgd_test_programs += \
++	gdimagecrop/php_bug_72494
++
++EXTRA_DIST += \
++	gdimagecrop/CMakeLists.txt
+-- 
+2.9.1
+
+From 6ff72ae40c7c20ece939afb362d98cc37f4a1c96 Mon Sep 17 00:00:00 2001
+From: Pierre Joye <pierre.php@gmail.com>
+Date: Mon, 27 Jun 2016 11:25:40 +0700
+Subject: [PATCH 5/8] fix php 72494, invalid color index not handled, can lead
+ to crash
+
+---
+ tests/gdimagecrop/php_bug_72494.c | 23 +++++++++++++++++++++++
+ 1 file changed, 23 insertions(+)
+ create mode 100644 tests/gdimagecrop/php_bug_72494.c
+
+diff --git a/tests/gdimagecrop/php_bug_72494.c b/tests/gdimagecrop/php_bug_72494.c
+new file mode 100644
+index 0000000..adaa379
+--- /dev/null
++++ b/tests/gdimagecrop/php_bug_72494.c
+@@ -0,0 +1,23 @@
++#include <stdio.h>
++#include <stdlib.h>
++#include "gd.h"
++
++#include "gdtest.h"
++
++int main()
++{
++	gdImagePtr im, exp;
++	int error = 0;
++
++	im = gdImageCreate(50, 50);
++
++	if (!im) {
++		gdTestErrorMsg("gdImageCreate failed.\n");
++		return 1;
++	}
++
++	gdImageCropThreshold(im, 1337, 0);
++	gdImageDestroy(im);
++	/* this bug tests a crash, it never reaches this point if the bug exists*/
++	return 0;
++}
+-- 
+2.9.1
+
+From a0f9f8f7bd0d3a6c6afd6d180b8e75d93aadddfa Mon Sep 17 00:00:00 2001
+From: Pierre Joye <pierre.php@gmail.com>
+Date: Mon, 27 Jun 2016 11:38:07 +0700
+Subject: [PATCH 6/8] fix php 72494, CID 149753, color is unsigned int, remove
+ useless <0 comparison
+
+---
+ src/gd_crop.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/gd_crop.c b/src/gd_crop.c
+index 532b49b..d51ad67 100644
+--- a/src/gd_crop.c
++++ b/src/gd_crop.c
+@@ -136,7 +136,7 @@ BGD_DECLARE(gdImagePtr) gdImageCropThreshold(gdImagePtr im, const unsigned int c
+ 		return NULL;
+ 	}
+ 
+-	if (color < 0 || (!gdImageTrueColor(im) && color >= gdImageColorsTotal(im))) {
++	if (!gdImageTrueColor(im) && color >= gdImageColorsTotal(im)) {
+ 		return NULL;
+ 	}
+ 
+-- 
+2.9.1
+
+From 907115fbb980862934d0de91af4977a216745039 Mon Sep 17 00:00:00 2001
+From: Pierre Joye <pierre.php@gmail.com>
+Date: Mon, 27 Jun 2016 11:51:40 +0700
+Subject: [PATCH 7/8] fix php 72494, CID 149753, color is unsigned int, remove
+ useless <0 comparison
+
+---
+ tests/gdimagecrop/php_bug_72494.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/gdimagecrop/php_bug_72494.c b/tests/gdimagecrop/php_bug_72494.c
+index adaa379..5cb589b 100644
+--- a/tests/gdimagecrop/php_bug_72494.c
++++ b/tests/gdimagecrop/php_bug_72494.c
+@@ -6,7 +6,7 @@
+ 
+ int main()
+ {
+-	gdImagePtr im, exp;
++	gdImagePtr im;
+ 	int error = 0;
+ 
+ 	im = gdImageCreate(50, 50);
+-- 
+2.9.1
+
+From fd623025505e87bba7ec8555eeb72dae4fb0afdc Mon Sep 17 00:00:00 2001
+From: Pierre Joye <pierre.php@gmail.com>
+Date: Mon, 27 Jun 2016 12:04:25 +0700
+Subject: [PATCH 8/8] fix php 72494, CID 149753, color is unsigned int, remove
+ useless <0 comparison
+
+---
+ tests/gdimagecrop/php_bug_72494.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/tests/gdimagecrop/php_bug_72494.c b/tests/gdimagecrop/php_bug_72494.c
+index 5cb589b..3bd19be 100644
+--- a/tests/gdimagecrop/php_bug_72494.c
++++ b/tests/gdimagecrop/php_bug_72494.c
+@@ -7,7 +7,6 @@
+ int main()
+ {
+ 	gdImagePtr im;
+-	int error = 0;
+ 
+ 	im = gdImageCreate(50, 50);
+ 
+-- 
+2.9.1
+
diff --git a/gnu/packages/patches/gd-CVE-2016-6132.patch b/gnu/packages/patches/gd-CVE-2016-6132.patch
new file mode 100644
index 0000000000..4c475b71b2
--- /dev/null
+++ b/gnu/packages/patches/gd-CVE-2016-6132.patch
@@ -0,0 +1,55 @@
+Fix CVE-2016-6132 (read out-of-bounds when parsing TGA files).
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6132
+
+Copied from upstream commit:
+https://github.com/libgd/libgd/commit/ead349e99868303b37f5e6e9d9d680c9dc71ff8d
+
+From ead349e99868303b37f5e6e9d9d680c9dc71ff8d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
+Date: Tue, 12 Jul 2016 11:24:09 +0200
+Subject: [PATCH] Fix #247, A read out-of-bands was found in the parsing of TGA
+ files (CVE-2016-6132)
+
+---
+ src/gd_tga.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/src/gd_tga.c b/src/gd_tga.c
+index ef20f86..20fe2d2 100644
+--- a/src/gd_tga.c
++++ b/src/gd_tga.c
+@@ -237,7 +237,11 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga )
+ 			return -1;
+ 		}
+ 
+-		gdGetBuf(conversion_buffer, image_block_size, ctx);
++		if (gdGetBuf(conversion_buffer, image_block_size, ctx) != image_block_size) {
++			gd_error("gd-tga: premature end of image data\n");
++			gdFree(conversion_buffer);
++			return -1;
++		}
+ 
+ 		while (buffer_caret < image_block_size) {
+ 			tga->bitmap[buffer_caret] = (int) conversion_buffer[buffer_caret];
+@@ -257,11 +261,16 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga )
+ 		}
+ 		conversion_buffer = (unsigned char *) gdMalloc(image_block_size * sizeof(unsigned char));
+ 		if (conversion_buffer == NULL) {
++			gd_error("gd-tga: premature end of image data\n");
+ 			gdFree( decompression_buffer );
+ 			return -1;
+ 		}
+ 
+-		gdGetBuf( conversion_buffer, image_block_size, ctx );
++		if (gdGetBuf(conversion_buffer, image_block_size, ctx) != image_block_size) {
++			gdFree(conversion_buffer);
++			gdFree(decompression_buffer);
++			return -1;
++		}
+ 
+ 		buffer_caret = 0;
+ 
+-- 
+2.9.1
+
diff --git a/gnu/packages/patches/gd-CVE-2016-6214.patch b/gnu/packages/patches/gd-CVE-2016-6214.patch
new file mode 100644
index 0000000000..7894a32bb1
--- /dev/null
+++ b/gnu/packages/patches/gd-CVE-2016-6214.patch
@@ -0,0 +1,66 @@
+Fix CVE-2016-6214 (read out-of-bounds when parsing TGA files).
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214
+
+Adapted from upstream commit:
+https://github.com/libgd/libgd/commit/341aa68843ceceae9ba6e083431f14a07bd92308
+
+Since `patch` cannot apply Git binary diffs, we omit the addition of
+'tests/tga/bug00247a.c' and its associated binary data.
+
+From 341aa68843ceceae9ba6e083431f14a07bd92308 Mon Sep 17 00:00:00 2001
+From: "Christoph M. Becker" <cmbecker69@gmx.de>
+Date: Tue, 12 Jul 2016 19:23:13 +0200
+Subject: [PATCH] Unsupported TGA bpp/alphabit combinations should error
+ gracefully
+
+Currently, only 24bpp without alphabits and 32bpp with 8 alphabits are
+really supported. All other combinations will be rejected with a warning.
+
+(cherry picked from commit cb1a0b7e54e9aa118270c23a4a6fe560e4590dc9)
+---
+ src/gd_tga.c             |  16 ++++++----------
+ tests/tga/.gitignore     |   1 +
+ tests/tga/CMakeLists.txt |   1 +
+ tests/tga/Makemodule.am  |   4 +++-
+ tests/tga/bug00247a.c    |  19 +++++++++++++++++++
+ tests/tga/bug00247a.tga  | Bin 0 -> 36 bytes
+ 6 files changed, 30 insertions(+), 11 deletions(-)
+ create mode 100644 tests/tga/bug00247a.c
+ create mode 100644 tests/tga/bug00247a.tga
+
+diff --git a/src/gd_tga.c b/src/gd_tga.c
+index 20fe2d2..b4f8fa6 100644
+--- a/src/gd_tga.c
++++ b/src/gd_tga.c
+@@ -99,7 +99,7 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromTgaCtx(gdIOCtx* ctx)
+ 			if (tga->bits == TGA_BPP_24) {
+ 				*tpix = gdTrueColor(tga->bitmap[bitmap_caret + 2], tga->bitmap[bitmap_caret + 1], tga->bitmap[bitmap_caret]);
+ 				bitmap_caret += 3;
+-			} else if (tga->bits == TGA_BPP_32 || tga->alphabits) {
++			} else if (tga->bits == TGA_BPP_32 && tga->alphabits) {
+ 				register int a = tga->bitmap[bitmap_caret + 3];
+ 
+ 				*tpix = gdTrueColorAlpha(tga->bitmap[bitmap_caret + 2], tga->bitmap[bitmap_caret + 1], tga->bitmap[bitmap_caret], gdAlphaMax - (a >> 1));
+@@ -159,16 +159,12 @@ int read_header_tga(gdIOCtx *ctx, oTga *tga)
+ 	printf("wxh: %i %i\n", tga->width, tga->height);
+ #endif
+ 
+-	switch(tga->bits) {
+-	case 8:
+-	case 16:
+-	case 24:
+-	case 32:
+-		break;
+-	default:
+-		gd_error("bps %i not supported", tga->bits);
++	if (!((tga->bits == TGA_BPP_24 && tga->alphabits == 0)
++		|| (tga->bits == TGA_BPP_32 && tga->alphabits == 8)))
++	{
++		gd_error_ex(GD_WARNING, "gd-tga: %u bits per pixel with %u alpha bits not supported\n",
++			tga->bits, tga->alphabits);
+ 		return -1;
+-		break;
+ 	}
+ 
+ 	tga->ident = NULL;
diff --git a/gnu/packages/patches/gd-fix-test-on-i686.patch b/gnu/packages/patches/gd-fix-test-on-i686.patch
new file mode 100644
index 0000000000..6dd2e0fb03
--- /dev/null
+++ b/gnu/packages/patches/gd-fix-test-on-i686.patch
@@ -0,0 +1,34 @@
+Disable part of the gdimagerotate test on architectures such as i686
+where intermediate floating-point operations are done with 80-bit long
+doubles, and typically later rounded to 64-bit doubles.  This double
+rounding causes small differences in the resulting pixel values
+compared with other architectures, causing the image comparison to
+fail.
+
+Patch by Mark H Weaver <mhw@netris.org>.
+
+--- libgd-2.2.2/tests/gdimagerotate/bug00067.c	1969-12-31 19:00:00.000000000 -0500
++++ libgd-2.2.2/tests/gdimagerotate/bug00067.c	2016-07-18 12:19:19.885423132 -0400
+@@ -1,5 +1,6 @@
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <float.h>
+ #include "gd.h"
+ 
+ #include "gdtest.h"
+@@ -41,6 +42,7 @@
+ 			return 1;
+ 		}
+ 
++#if FLT_EVAL_METHOD != 2
+ 		sprintf(filename, "bug00067_%03d_exp.png", angle);
+ 		path = gdTestFilePath2("gdimagerotate", filename);
+ 		if (!gdAssertImageEqualsToFile(path, exp)) {
+@@ -48,6 +50,7 @@
+ 			error += 1;
+ 		}
+ 		free(path);
++#endif
+ 
+ 		gdImageDestroy(exp);
+ 	}
diff --git a/gnu/packages/patches/gimp-CVE-2016-4994.patch b/gnu/packages/patches/gimp-CVE-2016-4994.patch
new file mode 100644
index 0000000000..6c81c63386
--- /dev/null
+++ b/gnu/packages/patches/gimp-CVE-2016-4994.patch
@@ -0,0 +1,96 @@
+Fix CVE-2016-4994:
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4994
+
+Copied from upstream repository:
+https://git.gnome.org/browse/gimp/patch/?id=e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f
+
+From e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f Mon Sep 17 00:00:00 2001
+From: Shmuel H <shmuelgimp@gmail.com>
+Date: Mon, 20 Jun 2016 17:14:41 +0300
+Subject: Bug 767873 - (CVE-2016-4994) Multiple Use-After-Free when parsing...
+
+...XCF channel and layer properties
+
+The properties PROP_ACTIVE_LAYER, PROP_FLOATING_SELECTION,
+PROP_ACTIVE_CHANNEL saves the current object pointer the @info
+structure. Others like PROP_SELECTION (for channel) and
+PROP_GROUP_ITEM (for layer) will delete the current object and create
+a new object, leaving the pointers in @info invalid (dangling).
+
+Therefore, if a property from the first type will come before the
+second, the result will be an UaF in the last lines of xcf_load_image
+(when it actually using the pointers from @info).
+
+I wasn't able to exploit this bug because that
+g_object_instance->c_class gets cleared by the last g_object_unref and
+GIMP_IS_{LAYER,CHANNEL} detects that and return FALSE.
+
+(cherry picked from commit 6d804bf9ae77bc86a0a97f9b944a129844df9395)
+---
+ app/xcf/xcf-load.c | 29 +++++++++++++++++++++++++++++
+ 1 file changed, 29 insertions(+)
+
+diff --git a/app/xcf/xcf-load.c b/app/xcf/xcf-load.c
+index b180377..67cc6d4 100644
+--- a/app/xcf/xcf-load.c
++++ b/app/xcf/xcf-load.c
+@@ -904,6 +904,18 @@ xcf_load_layer_props (XcfInfo    *info,
+         case PROP_GROUP_ITEM:
+           {
+             GimpLayer *group;
++            gboolean   is_active_layer;
++
++            /* We're going to delete *layer, Don't leave its pointers
++             * in @info.  After that, we'll restore them back with the
++             * new pointer. See bug #767873.
++             */
++            is_active_layer = (*layer == info->active_layer);
++            if (is_active_layer)
++              info->active_layer = NULL;
++
++            if (*layer == info->floating_sel)
++              info->floating_sel = NULL;
+ 
+             group = gimp_group_layer_new (image);
+ 
+@@ -916,6 +928,13 @@ xcf_load_layer_props (XcfInfo    *info,
+             g_object_ref_sink (*layer);
+             g_object_unref (*layer);
+             *layer = group;
++
++            if (is_active_layer)
++              info->active_layer = *layer;
++
++            /* Don't restore info->floating_sel because group layers
++             * can't be floating selections
++             */
+           }
+           break;
+ 
+@@ -986,6 +1005,12 @@ xcf_load_channel_props (XcfInfo      *info,
+           {
+             GimpChannel *mask;
+ 
++            /* We're going to delete *channel, Don't leave its pointer
++             * in @info. See bug #767873.
++             */
++            if (*channel == info->active_channel)
++              info->active_channel = NULL;
++
+             mask =
+               gimp_selection_new (image,
+                                   gimp_item_get_width  (GIMP_ITEM (*channel)),
+@@ -1000,6 +1025,10 @@ xcf_load_channel_props (XcfInfo      *info,
+             *channel = mask;
+             (*channel)->boundary_known = FALSE;
+             (*channel)->bounds_known   = FALSE;
++
++            /* Don't restore info->active_channel because the
++             * selection can't be the active channel
++             */
+           }
+           break;
+ 
+-- 
+cgit v0.12
+
diff --git a/gnu/packages/patches/khmer-use-libraries.patch b/gnu/packages/patches/khmer-use-libraries.patch
new file mode 100644
index 0000000000..47d163a99a
--- /dev/null
+++ b/gnu/packages/patches/khmer-use-libraries.patch
@@ -0,0 +1,16 @@
+Change setup.cfg so that the bundled zlib and bzip2 are not used.  This cannot
+currently be achieved using "--library z,bz2" as instructed in the setup.py.
+
+diff --git a/setup.cfg b/setup.cfg
+index c054092..080992e 100644
+--- a/setup.cfg
++++ b/setup.cfg
+@@ -1,7 +1,7 @@
+ [build_ext]
+ define = SEQAN_HAS_BZIP2,SEQAN_HAS_ZLIB
+ undef = NO_UNIQUE_RC
+-# libraries = z,bz2
++libraries = z,bz2
+ ## if using system libraries
+ include-dirs = lib:third-party/zlib:third-party/bzip2:third-party/seqan/core/include:third-party/smhasher
+ # include-dirs = lib
diff --git a/gnu/packages/patches/libmtp-devices.patch b/gnu/packages/patches/libmtp-devices.patch
deleted file mode 100644
index 9b985e526d..0000000000
--- a/gnu/packages/patches/libmtp-devices.patch
+++ /dev/null
@@ -1,554 +0,0 @@
-Add additional devices; the patched file corresponds to git commit 8e471b,
-to which one additional device has been added as reported at
-   http://sourceforge.net/p/libmtp/bugs/1422/
-
-diff -u -r libmtp-1.1.9.orig/src/music-players.h libmtp-1.1.9/src/music-players.h
---- libmtp-1.1.9.orig/src/music-players.h	2015-09-19 22:54:24.537330594 +0200
-+++ libmtp-1.1.9/src/music-players.h	2015-09-19 23:16:41.079206331 +0200
-@@ -47,82 +47,61 @@
-    * and properties.
-    */
-   { "Creative", 0x041e, "ZEN Vision", 0x411f,
--      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL |
--      DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL },
-+      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL },
-   { "Creative", 0x041e, "Portable Media Center", 0x4123,
--      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL |
--      DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL },
-+      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL },
-   { "Creative", 0x041e, "ZEN Xtra (MTP mode)", 0x4128,
--      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL |
--      DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL },
-+      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL },
-   { "Dell", 0x041e, "DJ (2nd generation)", 0x412f,
--      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL |
--      DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL },
-+      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL },
-   { "Creative", 0x041e, "ZEN Micro (MTP mode)", 0x4130,
--      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL |
--      DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL },
-+      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL },
-   { "Creative", 0x041e, "ZEN Touch (MTP mode)", 0x4131,
--      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL |
--      DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL },
-+      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL },
-   { "Dell", 0x041e, "Dell Pocket DJ (MTP mode)", 0x4132,
--      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL |
--      DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL },
-- { "Creative", 0x041e, "ZEN MicroPhoto (alternate version)", 0x4133,
--      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL |
--      DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL },
-+      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL },
-+  { "Creative", 0x041e, "ZEN MicroPhoto (alternate version)", 0x4133,
-+      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL },
-   { "Creative", 0x041e, "ZEN Sleek (MTP mode)", 0x4137,
--      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL |
--      DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL },
-+      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL },
-   { "Creative", 0x041e, "ZEN MicroPhoto", 0x413c,
--      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL |
--      DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL },
-+      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL },
-   { "Creative", 0x041e, "ZEN Sleek Photo", 0x413d,
--      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL |
--      DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL },
-+      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL },
-   { "Creative", 0x041e, "ZEN Vision:M", 0x413e,
--      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL |
--      DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL },
-+      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL },
-   // Reported by marazm@o2.pl
-   { "Creative", 0x041e, "ZEN V", 0x4150,
--      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL |
--      DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL },
-+      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL },
-   // Reported by danielw@iinet.net.au
-   // This version of the Vision:M needs the no release interface flag,
-   // unclear whether the other version above need it too or not.
-   { "Creative", 0x041e, "ZEN Vision:M (DVP-HD0004)", 0x4151,
-       DEVICE_FLAG_NO_RELEASE_INTERFACE |
--      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL |
--      DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL },
-+      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL },
-   // Reported by Darel on the XNJB forums
-   { "Creative", 0x041e, "ZEN V Plus", 0x4152,
--      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL |
--      DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL },
-+      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL },
-   { "Creative", 0x041e, "ZEN Vision W", 0x4153,
--      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL |
--      DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL },
-+      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL },
-   // Don't add 0x4155: this is a Zen Stone device which is not MTP
-   // Reported by Paul Kurczaba <paul@kurczaba.com>
-   { "Creative", 0x041e, "ZEN", 0x4157,
-       DEVICE_FLAG_IGNORE_HEADER_ERRORS |
-       DEVICE_FLAG_BROKEN_SET_SAMPLE_DIMENSIONS |
--      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL |
--      DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL },
-+      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL },
-   // Reported by Ringofan <mcroman@users.sourceforge.net>
-   { "Creative", 0x041e, "ZEN V 2GB", 0x4158,
--      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL |
--      DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL },
-+      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL },
-   // Reported by j norment <stormzen@gmail.com>
-   { "Creative", 0x041e, "ZEN Mozaic", 0x4161,
--      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL |
--      DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL },
-+      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL },
-   // Reported by Aaron F. Gonzalez <sub_tex@users.sourceforge.net>
-   { "Creative", 0x041e, "ZEN X-Fi", 0x4162,
--      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL |
--      DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL },
-+      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL },
-   // Reported by farmerstimuli <farmerstimuli@users.sourceforge.net>
-   { "Creative", 0x041e, "ZEN X-Fi 3", 0x4169,
--      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL |
--      DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL },
-+      DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL },
-   // Reported by Todor Gyumyushev <yodor1@users.sourceforge.net>
-   { "ZiiLABS", 0x041e, "Zii EGG", 0x6000,
-       DEVICE_FLAG_UNLOAD_DRIVER |
-@@ -607,8 +586,17 @@
-   /* https://sourceforge.net/p/libmtp/bugs/1251/ */
-   { "Acer", 0x0502, "E39", 0x3643,
-       DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1369/ */
-+  { "Acer", 0x0502, "liquid e700", 0x3644,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-   { "Acer", 0x0502, "One 7", 0x3657,
-       DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/support-requests/183/ */
-+  { "Acer", 0x0502, "Z200", 0x3683,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1341/ */
-+  { "Acer", 0x0502, "Liquid S56", 0x3725,
-+      DEVICE_FLAGS_ANDROID_BUGS },
- 
-   /*
-    * SanDisk
-@@ -952,6 +940,7 @@
-   { "Archos", 0x0e79, "SPOD (MTP mode)", 0x1341, DEVICE_FLAG_UNLOAD_DRIVER },
-   { "Archos", 0x0e79, "5S IT (MTP mode)", 0x1351, DEVICE_FLAG_UNLOAD_DRIVER },
-   { "Archos", 0x0e79, "5H IT (MTP mode)", 0x1357, DEVICE_FLAG_UNLOAD_DRIVER },
-+  { "Archos", 0x0e79, "48 (MTP mode)", 0x1421, DEVICE_FLAGS_ANDROID_BUGS },
-   { "Archos", 0x0e79, "Arnova Childpad", 0x1458, DEVICE_FLAGS_ANDROID_BUGS },
-   { "Archos", 0x0e79, "Arnova 8c G3", 0x145e, DEVICE_FLAGS_ANDROID_BUGS },
-   { "Archos", 0x0e79, "Arnova 10bG3 Tablet", 0x146b, DEVICE_FLAGS_ANDROID_BUGS },
-@@ -973,9 +962,17 @@
-   { "Archos", 0x0e79, "70it2 (ID 2)", 0x1569, DEVICE_FLAGS_ANDROID_BUGS },
-   { "Archos", 0x0e79, "50c", 0x2008, DEVICE_FLAGS_ANDROID_BUGS },
-   { "Archos", 0x0e79, "C40", 0x31ab, DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1393/ */
-+  { "Archos", 0x0e79, "Phone", 0x31e1, DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1325/ */
-+  { "Archos", 0x0e79, "45 Neon", 0x31f3, DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1352/ */
-+  { "Archos", 0x0e79, "50 Diamond", 0x3229, DEVICE_FLAGS_ANDROID_BUGS },
-   { "Archos", 0x0e79, "101 G4", 0x4002, DEVICE_FLAGS_ANDROID_BUGS },
-   { "Archos (for Tesco)", 0x0e79, "Hudl (ID1)", 0x5008, DEVICE_FLAGS_ANDROID_BUGS },
-   { "Archos (for Tesco)", 0x0e79, "Hudl (ID2)", 0x5009, DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1404/ */
-+  { "Archos", 0x0e79, "AC40DTI", 0x5217, DEVICE_FLAGS_ANDROID_BUGS },
- 
-   /*
-    * Dunlop (OEM of EGOMAN ltd?) reported by Nanomad
-@@ -1181,6 +1178,10 @@
-   { "Qualcomm (for OnePlus)", 0x05c6, "One (MTP+ADB)",
-       0x6765, DEVICE_FLAGS_ANDROID_BUGS },
- 
-+  /* https://sourceforge.net/p/libmtp/bugs/1377/ */
-+  { "Qualcomm (for Xolo)", 0x901b, "Xolo Black (MTP)",
-+      0x9039, DEVICE_FLAGS_ANDROID_BUGS },
-+
-   { "Qualcomm (for PhiComm)", 0x05c6, "C230w (MTP)",
-       0x9039, DEVICE_FLAGS_ANDROID_BUGS },
- 
-@@ -1221,6 +1222,9 @@
-   // Reported by Thomas Bretthauer
-   { "Fujitsu, Ltd", 0x04c5, "STYLISTIC M532", 0x133b,
-       DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/feature-requests/137/ */
-+  { "Fujitsu, Ltd", 0x04c5, "F02-E", 0x1378,
-+      DEVICE_FLAGS_ANDROID_BUGS },
- 
-   /*
-    * Palm device userland program named Pocket Tunes
-@@ -1247,6 +1251,9 @@
-   // Reported by anonymous SourceForge user
-   { "Medion", 0x066f, "MD8333 (ID2)", 0x8588,
-     DEVICE_FLAG_UNLOAD_DRIVER | DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST },
-+  /* https://sourceforge.net/p/libmtp/bugs/1359/ */
-+  { "Verizon", 0x0408, "Ellipsis 7", 0x3899,
-+    DEVICE_FLAGS_ANDROID_BUGS },
-   // The vendor ID is "Quanta Computer, Inc."
-   // same as Olivetti Olipad 110
-   // Guessing on device flags
-@@ -1403,6 +1410,9 @@
-       DEVICE_FLAGS_ANDROID_BUGS },
-   { "LG Electronics Inc.", 0x1004, "LG2 Optimus", 0x6225,
-       DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1386/ */
-+  { "LG Electronics Inc.", 0x1004, "LG VS950", 0x622a,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-   { "LG Electronics Inc.", 0x1004, "LG VS870", 0x6239,
-       DEVICE_FLAGS_ANDROID_BUGS },
-   /* https://sourceforge.net/p/libmtp/bugs/992/ */
-@@ -1410,6 +1420,8 @@
-       DEVICE_FLAGS_ANDROID_BUGS },
-   { "LG Electronics Inc.", 0x1004, "VK810", 0x6265,
-       DEVICE_FLAGS_ANDROID_BUGS },
-+  { "LG Electronics Inc.", 0x1004, "G3", 0x627f,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-   /* https://sourceforge.net/p/libmtp/support-requests/134/ */
-   { "LG Electronics Inc.", 0x1004, "G3 (VS985)", 0x626e,
-       DEVICE_FLAGS_ANDROID_BUGS },
-@@ -1723,8 +1735,12 @@
-       DEVICE_FLAG_NONE },
-   { "SONY", 0x0fce, "Xperia M2 MTP", 0x01aa,
-       DEVICE_FLAG_NONE },
-+  { "SONY", 0x0fce, "Xperia M2 Dual MTP", 0x01ab,
-+      DEVICE_FLAG_NONE },
-   { "SONY", 0x0fce, "Xperia Z2 MTP", 0x01af,
-       DEVICE_FLAG_NONE },
-+  { "SONY", 0x0fce, "Xperia Z2 Tablet MTP", 0x01b1,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-   { "SONY", 0x0fce, "Xperia Z Ultra MTP", 0x01b6,
-       DEVICE_FLAGS_ANDROID_BUGS },
-   { "SONY", 0x0fce, "Xperia Z3 MTP", 0x01ba,
-@@ -1733,6 +1749,10 @@
-       DEVICE_FLAG_NONE },
-   { "SONY", 0x0fce, "Xperia E3 MTP", 0x01bc,
-       DEVICE_FLAG_NONE },
-+  { "SONY", 0x0fce, "XPeria Z3+ MTP", 0x01c9,
-+      DEVICE_FLAG_NONE },
-+  { "SONY", 0x0fce, "XPeria E4g MTP", 0x01cb,
-+      DEVICE_FLAG_NONE },
- 
- 
-   /*
-@@ -1788,6 +1808,8 @@
-       DEVICE_FLAG_NONE },
-   { "SONY", 0x0fce, "Xperia M MTP+CDROM", 0x419b,
-       DEVICE_FLAG_NONE },
-+  { "SONY", 0x0fce, "Xperia Z Ultra MTP+CDROM (ID3)", 0x419c,
-+      DEVICE_FLAG_NONE },
-   { "SONY", 0x0fce, "Xperia Z1 MTP+CDROM", 0x419e,
-       DEVICE_FLAG_NONE },
-   { "SONY", 0x0fce, "Xperia C MTP+CDROM", 0x41a3,
-@@ -1796,10 +1818,20 @@
-       DEVICE_FLAG_NONE },
-   { "SONY", 0x0fce, "Xperia M2 MTP+CDROM", 0x41aa,
-       DEVICE_FLAG_NONE },
-+  { "SONY", 0x0fce, "Xperia M2 Dual MTP+CDROM", 0x41ab,
-+      DEVICE_FLAG_NONE },
-   { "SONY", 0x0fce, "Xperia Z2 MTP+CDROM", 0x41af,
-       DEVICE_FLAG_NONE },
-   { "SONY", 0x0fce, "Xperia Z3 MTP+CDROM", 0x41ba,
-       DEVICE_FLAG_NONE },
-+  { "SONY", 0x0fce, "Xperia Z3 Compact MTP+CDROM", 0x41bb,
-+      DEVICE_FLAG_NONE },
-+  { "SONY", 0x0fce, "Xperia E3 MTP+CDROM", 0x01bc,
-+      DEVICE_FLAG_NONE },
-+  { "SONY", 0x0fce, "XPeria Z3+ MTP+CDROM", 0x41c9,
-+      DEVICE_FLAG_NONE },
-+  { "SONY", 0x0fce, "XPeria E4g MTP+CDROM", 0x41cb,
-+      DEVICE_FLAG_NONE },
- 
-   /*
-    * MTP+ADB personalities of MTP devices (see above)
-@@ -1888,6 +1920,8 @@
-       DEVICE_FLAG_NONE },
-   { "SONY", 0x0fce, "Xperia M2 MTP+ADB", 0x51aa,
-       DEVICE_FLAG_NONE },
-+  { "SONY", 0x0fce, "Xperia M2 Dual MTP+ADB", 0x51ab,
-+      DEVICE_FLAG_NONE },
-   { "SONY", 0x0fce, "Xperia Z2 MTP+ADB", 0x51af,
-       DEVICE_FLAG_NONE },
-   { "SONY", 0x0fce, "Xperia Z Ultra MTP+ADB", 0x51b6,
-@@ -1898,6 +1932,10 @@
-       DEVICE_FLAG_NONE },
-   { "SONY", 0x0fce, "Xperia E3 MTP+ADB", 0x51bc,
-       DEVICE_FLAG_NONE },
-+  { "SONY", 0x0fce, "XPeria Z3+ MTP+ADB", 0x51c9,
-+      DEVICE_FLAG_NONE },
-+  { "SONY", 0x0fce,  "XPeria E4g MTP+ADB", 0x51cb,
-+      DEVICE_FLAG_NONE },
- 
-   /*
-    * MTP+UMS modes
-@@ -1936,6 +1974,9 @@
-    * Motorola
-    * Assume DEVICE_FLAG_BROKEN_SET_OBJECT_PROPLIST on all of these.
-    */
-+  /* https://sourceforge.net/p/libmtp/feature-requests/136/ */
-+  { "Motorola", 0x22b8, "XT1524 (MTP)", 0x002e,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-   // Reported by David Boyd <tiggrdave@users.sourceforge.net>
-   { "Motorola", 0x22b8, "V3m/V750 verizon", 0x2a65,
-       DEVICE_FLAG_BROKEN_SET_OBJECT_PROPLIST |
-@@ -1952,6 +1993,9 @@
-       DEVICE_FLAGS_ANDROID_BUGS },
-   { "Motorola", 0x22b8, "Moto X (XT1058)", 0x2e63,
-       DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1323/ */
-+  { "Motorola", 0x22b8, "Moto X (XT1080)", 0x2e66,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-   { "Motorola", 0x22b8, "Droid Maxx (XT1080)", 0x2e67,
-       DEVICE_FLAGS_ANDROID_BUGS },
-   { "Motorola", 0x22b8, "Droid Ultra", 0x2e68,
-@@ -2345,6 +2389,14 @@
-   /* https://sourceforge.net/p/libmtp/bugs/1244/ */
-   { "Asus", 0x0b05, "MemoPad 8 ME181 CX (MTP)", 0x5561,
-       DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1406/ */
-+  { "Asus", 0x0b05, "Zenfone 2 (MTP)", 0x5600,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1364/ */
-+  { "Asus", 0x0b05, "Z00AD (MTP)", 0x5601,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-+  { "Asus", 0x0b05, "TX201LA (MTP)", 0x561f,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-   /* https://sourceforge.net/p/libmtp/bugs/1271/ */
-   { "Asus", 0x0b05, "ZenFone 4 (MTP)", 0x580f,
-       DEVICE_FLAGS_ANDROID_BUGS },
-@@ -2354,9 +2406,20 @@
-   /* https://sourceforge.net/p/libmtp/bugs/1258/ */
-   { "Asus", 0x0b05, "A450CG (MTP)", 0x5a0f,
-       DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1350/ */
-+  { "Asus", 0x0b05, "Zenfone 2 ZE550ML (MTP)", 0x5f02,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1364/ */
-+  { "Asus", 0x0b05, "Zenfone 2 ZE551ML (MTP)", 0x5f03,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-   /* https://sourceforge.net/p/libmtp/bugs/1232/ */
-   { "Asus", 0x0b05, "MemoPad 7 (ME572CL)", 0x7772,
-       DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1351/ */
-+  { "Asus", 0x0b05, "Fonepad 7 (FE375CXG)", 0x7773,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-+  { "Asus", 0x0b05, "ZenFone 5 A500KL (MTP)", 0x7780,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-   /* https://sourceforge.net/p/libmtp/bugs/1247/ */
-   { "Asus", 0x0b05, "ZenFone 5 A500KL (MTP+ADB)", 0x7781,
-       DEVICE_FLAGS_ANDROID_BUGS },
-@@ -2365,6 +2428,12 @@
-   /*
-    * Lenovo
-    */
-+  /* https://sourceforge.net/p/libmtp/support-requests/178/ */
-+  { "Lenovo", 0x17ef, "P70-A", 0x0c02,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1415/ */
-+  { "Lenovo", 0x17ef, "P70", 0x2008,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-   // Reported by Richard Körber <shredzone@users.sourceforge.net>
-   { "Lenovo", 0x17ef, "K1", 0x740a,
-       DEVICE_FLAGS_ANDROID_BUGS },
-@@ -2407,6 +2476,9 @@
-       DEVICE_FLAGS_ANDROID_BUGS },
-   { "Lenovo", 0x17ef, "Toga Tablet B6000-F", 0x76f2,
-       DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1122/ */
-+  { "Lenovo", 0x17ef, "S930", 0x7718,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-   /* https://sourceforge.net/p/libmtp/bugs/1250/ */
-   { "Lenovo", 0x17ef, "A5500-F", 0x772b,
-       DEVICE_FLAGS_ANDROID_BUGS },
-@@ -2417,15 +2489,24 @@
-   /* https://sourceforge.net/p/libmtp/bugs/1155/ */
-   { "Lenovo", 0x17ef, "Yoga Tablet 10 B8000-H", 0x76ff,
-       DEVICE_FLAGS_ANDROID_BUGS },
-+  /*  https://sourceforge.net/p/libmtp/bugs/1391/ */
-+  { "Lenovo", 0x17ef, "A7600-F", 0x7731,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-   /* https://sourceforge.net/p/libmtp/bugs/1291/ */
-   { "Lenovo", 0x17ef, "A3500-F", 0x7737,
-       DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/support-requests/186/ */
-+  { "Lenovo", 0x17ef, "Yoga Tablet 2 - 1050F", 0x77a4,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-   /* https://sourceforge.net/p/libmtp/support-requests/168/ */
-   { "Lenovo", 0x17ef, "Yoga Tablet 2 Pro", 0x77b1,
-       DEVICE_FLAGS_ANDROID_BUGS },
-   /* https://sourceforge.net/p/libmtp/feature-requests/125/ */
-   { "Lenovo", 0x17ef, "Vibe Z2", 0x77ea,
-       DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1360/ */
-+  { "Lenovo", 0x17ef, "K3 Note", 0x7883,
-+      DEVICE_FLAGS_ANDROID_BUGS },
- 
-   /*
-    * Huawei
-@@ -2435,6 +2516,15 @@
-       DEVICE_FLAGS_ANDROID_BUGS },
-   { "Huawei", 0x12d1, "MTP device (ID2)", 0x1052,
-       DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1381/ */
-+  { "Huawei", 0x12d1, "H60-L11", 0x1079,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1361/ */
-+  { "Huawei", 0x12d1, "Ascend P8 ", 0x1082,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1418/ */
-+  { "Huawei", 0x12d1, "Honor 3C ", 0x2012,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-   { "Huawei", 0x12d1, "Mediapad (mode 0)", 0x360f,
-       DEVICE_FLAGS_ANDROID_BUGS },
-   // Reported by Bearsh <bearsh@users.sourceforge.net>
-@@ -2452,6 +2542,8 @@
-   /* https://sourceforge.net/p/libmtp/bugs/672/ */
-   { "ZTE", 0x19d2, "Grand X In", 0x0343, DEVICE_FLAGS_ANDROID_BUGS },
-   { "ZTE", 0x19d2, "V985", 0x0383, DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1328/ */
-+  { "ZTE", 0x19d2, "V5", 0xffce, DEVICE_FLAGS_ANDROID_BUGS },
- 
-   /*
-    * HTC (High Tech Computer Corp)
-@@ -2459,6 +2551,12 @@
-    * Steven Eastland <grassmonk@users.sourceforge.net>
-    * Kevin Cheng <kache@users.sf.net>
-    */
-+  /* https://sourceforge.net/p/libmtp/support-requests/181/ */
-+  { "HTC", 0x0bb4, "HTC One M9 (MTP)", 0x040b,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1398/ */
-+  { "HTC", 0x0bb4, "Spreadtrum SH57MYZ03342 (MTP)", 0x05e3,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-   /* reported by Mikkel Oscar Lyderik <mikkeloscar@gmail.com> */
-   { "HTC", 0x0bb4, "HTC Desire 510 (MTP+ADB)", 0x05fd,
-       DEVICE_FLAGS_ANDROID_BUGS },
-@@ -2545,6 +2643,9 @@
-   /* https://sourceforge.net/p/libmtp/bugs/1182/ */
-   { "HTC", 0x0bb4, "Desire 310 (MTP)", 0x0ec6,
-       DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1420/ */
-+  { "HTC", 0x0bb4, "Desire 816G (MTP)", 0x0edb,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-   { "HTC", 0x0bb4, "HTC One (MTP+ADB+CDC)", 0x0f5f,
-       DEVICE_FLAGS_ANDROID_BUGS },
-   { "HTC", 0x0bb4, "HTC One (MTP+CDC)", 0x0f60,
-@@ -2658,6 +2759,9 @@
-       DEVICE_FLAGS_ANDROID_BUGS },
-   { "Amazon", 0x1949, "Kindle Fire (ID5)", 0x0012,
-       DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1353/ */
-+  { "Amazon", 0x1949, "Kindle Fire HD6", 0x00f2,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-   { "Amazon", 0x1949, "Fire Phone", 0x0800,
-       DEVICE_FLAGS_ANDROID_BUGS },
- 
-@@ -2677,6 +2781,9 @@
-       DEVICE_FLAGS_ANDROID_BUGS },
-   { "YiFang", 0x2207, "BQ Tesla", 0x0006,
-       DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1354/ */
-+  { "Various", 0x2207, "Viewpia DR/bq Kepler Debugging", 0x0011,
-+      DEVICE_FLAGS_ANDROID_BUGS },
- 
-   /*
-    * Kobo
-@@ -2708,6 +2815,8 @@
-   { "Intel", 0x8087, "Foxconn iView i700", 0x0a15, DEVICE_FLAGS_ANDROID_BUGS },
-   /* https://sourceforge.net/p/libmtp/bugs/1237/ */
-   { "Intel", 0x8087, "Telcast Air 3G", 0x0a5e, DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1338/ */
-+  { "Intel", 0x8087, "Chuwi vi8", 0x0a5f, DEVICE_FLAGS_ANDROID_BUGS },
- 
-   /*
-    * Xiaomi
-@@ -2738,6 +2847,15 @@
-       DEVICE_FLAGS_ANDROID_BUGS },
-   { "Xiaomi", 0x2717, "Mi-2 (MTP)", 0xf003,
-       DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1397/ */
-+  { "Xiaomi", 0x2717, "Mi-2s (id2) (MTP)", 0xff40,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1339/ */
-+  { "Xiaomi", 0x2717, "Mi-2s (MTP)", 0xff48,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1402/ */
-+  { "Xiaomi", 0x2717, "Redmi 2 (MTP)", 0xff60,
-+      DEVICE_FLAGS_ANDROID_BUGS },
- 
-   /*
-    * XO Learning Tablet
-@@ -2774,6 +2892,9 @@
-   /* https://sourceforge.net/p/libmtp/bugs/1304/ */
-   { "Alcatel", 0x1bbb, "OneTouch 5042D (MTP)", 0xa00e,
-       DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1401/ */
-+  { "Alcatel", 0x1bbb, "OneTouch Idol 3 (MTP)", 0xaf2b,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-   /* https://sourceforge.net/p/libmtp/feature-requests/114/ */
-   { "Alcatel", 0x1bbb, "OneTouch 6034R", 0xf003,
-       DEVICE_FLAGS_ANDROID_BUGS },
-@@ -2782,8 +2903,12 @@
-    * Kyocera
-    */
-   { "Kyocera", 0x0482, "Rise", 0x0571, DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/feature-requests/134/ */
-+  { "Kyocera", 0x0482, "Torque Model E6715", 0x0059a, DEVICE_FLAGS_ANDROID_BUGS },
-   /* https://sourceforge.net/p/libmtp/discussion/535190/thread/6270f5ce/ */
-   { "Kyocera", 0x0482, "KYL22", 0x0810, DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1345/ */
-+  { "Kyocera", 0x0482, "DuraForce", 0x0979, DEVICE_FLAGS_ANDROID_BUGS },
- 
-   /*
-    * HiSense
-@@ -2798,12 +2923,20 @@
-       DEVICE_FLAGS_ANDROID_BUGS },
-   { "Hewlett-Packard", 0x03f0, "Slate 7 2800", 0x5d1d,
-       DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/bugs/1366/ */
-+  { "Hewlett-Packard", 0x03f0, "Slate 10 HD", 0x7e1d,
-+      DEVICE_FLAGS_ANDROID_BUGS },
- 
-   /*
-    * MediaTek Inc.
-    */
-   { "MediaTek Inc", 0x0e8d, "MT5xx and MT6xx SoCs", 0x0050,
-       DEVICE_FLAGS_ANDROID_BUGS },
-+  { "MediaTek Inc", 0x0e8d, "MT65xx", 0x2008,
-+      DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/feature-requests/79/ */
-+  { "MediaTek Inc", 0x0e8d, "Elephone P8000", 0x201d,
-+      DEVICE_FLAGS_ANDROID_BUGS },
- 
-   /*
-    * Jolla
-@@ -2860,6 +2993,8 @@
-   { "Prestigio", 0x29e4, "5505 DUO ", 0x1103, DEVICE_FLAGS_ANDROID_BUGS },
-   /* https://sourceforge.net/p/libmtp/bugs/1243/ */
-   { "Prestigio", 0x29e4, "5504 DUO ", 0x1203, DEVICE_FLAGS_ANDROID_BUGS },
-+  /* https://sourceforge.net/p/libmtp/feature-requests/141/ */
-+  { "Prestigio", 0x29e4, "3405 DUO ", 0x3201, DEVICE_FLAGS_ANDROID_BUGS },
- 
-   /* https://sourceforge.net/p/libmtp/bugs/1283/ */
-   { "Megafon", 0x201e, "MFLogin3T", 0x42ab, DEVICE_FLAGS_ANDROID_BUGS },
-@@ -2867,6 +3002,8 @@
-   /* https://sourceforge.net/p/libmtp/bugs/1287/ */
-   { "Gensis", 0x040d, "GT-7305 ", 0x885c, DEVICE_FLAGS_ANDROID_BUGS },
- 
-+  /* https://sourceforge.net/p/libmtp/support-requests/182/ */
-+  { "Oppo", 0x22d9, "Find 5", 0x2764, DEVICE_FLAGS_ANDROID_BUGS },
-   /* https://sourceforge.net/p/libmtp/bugs/1207/ */
-   { "Oppo", 0x22d9, "Find 7 (ID 1)", 0x2765, DEVICE_FLAGS_ANDROID_BUGS },
-   /* https://sourceforge.net/p/libmtp/bugs/1277/ */
-@@ -2916,6 +3053,14 @@
-   /* https://sourceforge.net/p/libmtp/bugs/1314/ */
-   { "BenQ", 0x1d45, "F5", 0x459d, DEVICE_FLAGS_ANDROID_BUGS },
- 
-+  /* https://sourceforge.net/p/libmtp/bugs/1362/ */
-+  { "TomTom", 0x1390, "Rider 40", 0x5455, DEVICE_FLAGS_ANDROID_BUGS },
-+
-+  /* https://sourceforge.net/p/libmtp/feature-requests/135/. guessed android. */
-+  { "OUYA", 0x2836, "Videogame Console", 0x0010, DEVICE_FLAGS_ANDROID_BUGS },
-+
-+  /* https://sourceforge.net/p/libmtp/bugs/1383/ */
-+  { "BLU", 0x0e8d, "Studio HD", 0x2008, DEVICE_FLAGS_ANDROID_BUGS },
-   /*
-    * Other strange stuff.
-    */
diff --git a/gnu/packages/patches/ninja-tests.patch b/gnu/packages/patches/ninja-tests.patch
index 3436b6314d..f9b0d9f910 100644
--- a/gnu/packages/patches/ninja-tests.patch
+++ b/gnu/packages/patches/ninja-tests.patch
@@ -1,16 +1,17 @@
-SubprocessTest.SetWithLots fails with:
-  Raise [ulimit -n] well above 1025 to make this test go.
-Skip it.
+From 67d6b9262efad99f8aad63ab81efc8e689748766 Mon Sep 17 00:00:00 2001
+From: Efraim Flashner <efraim@flashner.co.il>
+Date: Sun, 3 Jul 2016 11:55:43 +0300
+Subject: [PATCH] patch
 
-SubprocessTest.InterruptChild fails when using 'system*':
-  *** Failure in src/subprocess_test.cc:83
-  ExitInterrupted == subproc->Finish()
-I can pass it by using 'system' instead of 'system*' when building locally,
-but it still failed on Hydra.  Skip it.
+---
+ src/subprocess_test.cc | 4 ++++
+ 1 file changed, 4 insertions(+)
 
---- ninja-1.5.3.orig/src/subprocess_test.cc	2015-01-15 10:34:28.859522176 +0800
-+++ ninja-1.5.3/src/subprocess_test.cc	2015-01-15 10:37:52.969572075 +0800
-@@ -72,6 +72,7 @@
+diff --git a/src/subprocess_test.cc b/src/subprocess_test.cc
+index ee16190..a537c11 100644
+--- a/src/subprocess_test.cc
++++ b/src/subprocess_test.cc
+@@ -72,6 +72,7 @@ TEST_F(SubprocessTest, NoSuchCommand) {
  
  #ifndef _WIN32
  
@@ -18,7 +19,7 @@ but it still failed on Hydra.  Skip it.
  TEST_F(SubprocessTest, InterruptChild) {
    Subprocess* subproc = subprocs_.Add("kill -INT $$");
    ASSERT_NE((Subprocess *) 0, subproc);
-@@ -82,6 +83,7 @@
+@@ -82,6 +83,7 @@ TEST_F(SubprocessTest, InterruptChild) {
  
    EXPECT_EQ(ExitInterrupted, subproc->Finish());
  }
@@ -26,7 +27,7 @@ but it still failed on Hydra.  Skip it.
  
  TEST_F(SubprocessTest, InterruptParent) {
    Subprocess* subproc = subprocs_.Add("kill -INT $PPID ; sleep 1");
-@@ -169,6 +171,7 @@
+@@ -217,6 +219,7 @@ TEST_F(SubprocessTest, SetWithMulti) {
  // OS X's process limit is less than 1025 by default
  // (|sysctl kern.maxprocperuid| is 709 on 10.7 and 10.8 and less prior to that).
  #if !defined(__APPLE__) && !defined(_WIN32)
@@ -34,11 +35,14 @@ but it still failed on Hydra.  Skip it.
  TEST_F(SubprocessTest, SetWithLots) {
    // Arbitrary big number; needs to be over 1024 to confirm we're no longer
    // hostage to pselect.
-@@ -196,6 +199,7 @@
+@@ -245,6 +248,7 @@ TEST_F(SubprocessTest, SetWithLots) {
    }
    ASSERT_EQ(kNumProcs, subprocs_.finished_.size());
  }
 +#endif
- #endif  // !__APPLE__ && !_WIN32 
+ #endif  // !__APPLE__ && !_WIN32
  
  // TODO: this test could work on Windows, just not sure how to simply
+-- 
+2.9.0
+
diff --git a/gnu/packages/patches/openimageio-boost-1.60.patch b/gnu/packages/patches/openimageio-boost-1.60.patch
deleted file mode 100644
index 92fc3237bb..0000000000
--- a/gnu/packages/patches/openimageio-boost-1.60.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 875fbbd92695397bfc83d1cd5fdd4094e1d50199 Mon Sep 17 00:00:00 2001
-From: Larry Gritz <lg@larrygritz.com>
-Date: Mon, 28 Dec 2015 11:46:07 -0800
-Subject: [PATCH] Python ImageCache binding fixes -- disable broken calls
-
-Some of these calls (thankfully undocumented and presumably unused)
-are horribly broken. They compiled before, but with new Boost 1.60
-they don't even compile properly. So just comment them out on this
-obsolete branch. They are fully fixed in RB-1.6 and beyond.
-
---- a/src/python/py_imagecache.cpp
-+++ b/src/python/py_imagecache.cpp
-@@ -199,23 +199,24 @@ void declare_imagecache()
-         .def("destroy", &ImageCacheWrap::destroy)
-         .staticmethod("destroy")
-         .def("clear", &ImageCacheWrap::clear)
--        .def("attribute", &ImageCacheWrap::attribute)
-+        // .def("attribute", &ImageCacheWrap::attribute)
-         .def("attribute", &ImageCacheWrap::attribute_int)
-         .def("attribute", &ImageCacheWrap::attribute_float)
--        .def("attribute", &ImageCacheWrap::attribute_double)
--        .def("attribute", &ImageCacheWrap::attribute_char)
-+        // .def("attribute", &ImageCacheWrap::attribute_double)
-+        // .def("attribute", &ImageCacheWrap::attribute_char)
-         .def("attribute", &ImageCacheWrap::attribute_string)
--        .def("getattribute", &ImageCacheWrap::attribute)
-+        // .def("getattribute", &ImageCacheWrap::attribute)
-         .def("getattribute", &ImageCacheWrap::getattribute_int)
-         .def("getattribute", &ImageCacheWrap::getattribute_float)
--        .def("getattribute", &ImageCacheWrap::getattribute_double)
--        .def("getattribute", &ImageCacheWrap::getattribute_char)
-+        // .def("getattribute", &ImageCacheWrap::getattribute_double)
-+        // .def("getattribute", &ImageCacheWrap::getattribute_char)
-         .def("getattribute", &ImageCacheWrap::getattribute_string)
--        .def("resolve_filename", &ImageCacheWrap::resolve_filename)
--        .def("get_image_info", &ImageCacheWrap::get_image_info)
--        .def("get_image_info", &ImageCacheWrap::get_image_info_old)
-+        // .def("get_image_info", &ImageCacheWrap::get_image_info)
-+        // .def("get_image_info", &ImageCacheWrap::get_image_info_old)
-         .def("get_imagespec", &ImageCacheWrap::get_imagespec)
--        .def("get_pixels", &ImageCacheWrap::get_pixels)
-+        // .def("get_pixels", &ImageCacheWrap::get_pixels)
-+        .def("resolve_filename", &ImageCacheWrap::resolve_filename)
-+
- //      .def("get_tile", &ImageCacheWrap::get_tile)
- //      .def("release_tile", &ImageCacheWrap::release_tile)
- //      .def("tile_pixels", &ImageCacheWrap::tile_pixels)
diff --git a/gnu/packages/patches/python-dendropy-exclude-failing-tests.patch b/gnu/packages/patches/python-dendropy-exclude-failing-tests.patch
new file mode 100644
index 0000000000..288a58b06f
--- /dev/null
+++ b/gnu/packages/patches/python-dendropy-exclude-failing-tests.patch
@@ -0,0 +1,21 @@
+diff --git a/dendropy/test/test_phylogenetic_distance_matrix.py b/dendropy/test/test_phylogenetic_distance_matrix.py
+index 10c05f5..a18ba52 100644
+--- a/dendropy/test/test_phylogenetic_distance_matrix.py
++++ b/dendropy/test/test_phylogenetic_distance_matrix.py
+@@ -793,7 +793,7 @@ class PdmUpgmaTree(PdmTreeChecker, unittest.TestCase):
+                     expected_tree=expected_tree)
+ 
+ class NodeToNodeDistancesTest(unittest.TestCase):
+-
++    @unittest.expectedFailure
+     def test_distances(self):
+         ## get distances from ape
+         # library(ape)
+@@ -825,6 +825,7 @@ class NodeToNodeDistancesTest(unittest.TestCase):
+                     e = reference_table[nd1.label, nd2.label]
+                     self.assertAlmostEqual(d, e)
+ 
++    @unittest.expectedFailure
+     def test_mrca(self):
+         test_runs = [
+                 "hiv1.newick",
diff --git a/gnu/packages/patches/sudo-CVE-2015-5602.patch b/gnu/packages/patches/sudo-CVE-2015-5602.patch
deleted file mode 100644
index 36c90fbee7..0000000000
--- a/gnu/packages/patches/sudo-CVE-2015-5602.patch
+++ /dev/null
@@ -1,372 +0,0 @@
-Based on the patch from https://www.sudo.ws/repos/sudo/raw-rev/c2e36a80a279
-Backported to 1.8.15 by Mark H Weaver <mhw@netris.org>
-
-# HG changeset patch
-# User Todd C. Miller <Todd.Miller@courtesan.com>
-# Date 1452475889 25200
-# Node ID c2e36a80a27927c32cba55afae78b8dc830cddc3
-# Parent  94ffd6b18431fa4b9ed0a0c3f0b7b9582a4f6bde
-Rewritten sudoedit_checkdir support that checks all the dirs in the
-path and refuses to follow symlinks in writable directories.
-This is a better fix for CVE-2015-5602.
-Adapted from a diff by Ben Hutchings.  Bug #707
-
-diff -r 94ffd6b18431 -r c2e36a80a279 doc/CONTRIBUTORS
---- a/doc/CONTRIBUTORS	Mon Jan 04 10:47:11 2016 -0700
-+++ b/doc/CONTRIBUTORS	Sun Jan 10 18:31:29 2016 -0700
-@@ -58,6 +58,7 @@
-     Holloway, Nick
-     Hoover, Adam
-     Hunter, Michael T.
-+    Hutchings, Ben
-     Irrgang, Eric
-     Jackson, Brian
-     Jackson, John R.
-diff -r 94ffd6b18431 -r c2e36a80a279 doc/UPGRADE
---- a/doc/UPGRADE	Mon Jan 04 10:47:11 2016 -0700
-+++ b/doc/UPGRADE	Sun Jan 10 18:31:29 2016 -0700
-@@ -1,6 +1,15 @@
- Notes on upgrading from an older release
- ========================================
- 
-+o Upgrading from a version prior to the post-1.8.15 fix for CVE-2015-5602.
-+
-+    The meaning of the sudoedit_checkdir sudoers option has changed.
-+    Previously, it would only check the parent directory
-+    of the file to be edited.  After the CVE fix, all directories
-+    in the path to be edited are checked and sudoedit will refuse
-+    to follow a symbolic link in a directory that is writable by
-+    the invoking user.
-+
- o Upgrading from a version prior to 1.8.15:
- 
-     Prior to version 1.8.15, when env_reset was enabled (the default)
-diff -r 94ffd6b18431 -r c2e36a80a279 doc/sudoers.cat
---- a/doc/sudoers.cat	Mon Jan 04 10:47:11 2016 -0700
-+++ b/doc/sudoers.cat	Sun Jan 10 18:31:29 2016 -0700
-@@ -1275,12 +1275,15 @@
-                        system call.  This flag is _o_f_f by default.
- 
-      sudoedit_checkdir
--                       If set, ssuuddooeeddiitt will refuse to edit files located in a
--                       directory that is writable by the invoking user unless
--                       it is run by root.  On many systems, this option
--                       requires that the parent directory of the file to be
--                       edited be readable by the target user.  This flag is
--                       _o_f_f by default.
-+                       If set, ssuuddooeeddiitt will check directories in the path to
-+                       be edited for writability by the invoking user.
-+                       Symbolic links will not be followed in writable
-+                       directories and ssuuddooeeddiitt will also refuse to edit a
-+                       file located in a writable directory.  Theses
-+                       restrictions are not enforced when ssuuddooeeddiitt is invoked
-+                       as root.  On many systems, this option requires that
-+                       all directories in the path to be edited be readable by
-+                       the target user.  This flag is _o_f_f by default.
- 
-      sudoedit_follow   By default, ssuuddooeeddiitt will not follow symbolic links
-                        when opening files.  The _s_u_d_o_e_d_i_t___f_o_l_l_o_w option can be
-diff -r 94ffd6b18431 -r c2e36a80a279 doc/sudoers.man.in
---- a/doc/sudoers.man.in	Mon Jan 04 10:47:11 2016 -0700
-+++ b/doc/sudoers.man.in	Sun Jan 10 18:31:29 2016 -0700
-@@ -2715,10 +2715,16 @@
- .br
- If set,
- \fBsudoedit\fR
--will refuse to edit files located in a directory that is writable
--by the invoking user unless it is run by root.
--On many systems, this option requires that the parent directory
--of the file to be edited be readable by the target user.
-+will check directories in the path to be edited for writability
-+by the invoking user.
-+Symbolic links will not be followed in writable directories and
-+\fBsudoedit\fR
-+will also refuse to edit a file located in a writable directory.
-+Theses restrictions are not enforced when
-+\fBsudoedit\fR
-+is invoked as root.
-+On many systems, this option requires that all directories
-+in the path to be edited be readable by the target user.
- This flag is
- \fIoff\fR
- by default.
-diff -r 94ffd6b18431 -r c2e36a80a279 doc/sudoers.mdoc.in
---- a/doc/sudoers.mdoc.in	Mon Jan 04 10:47:11 2016 -0700
-+++ b/doc/sudoers.mdoc.in	Sun Jan 10 18:31:29 2016 -0700
-@@ -2549,10 +2549,16 @@
- .It sudoedit_checkdir
- If set,
- .Nm sudoedit
--will refuse to edit files located in a directory that is writable
--by the invoking user unless it is run by root.
--On many systems, this option requires that the parent directory
--of the file to be edited be readable by the target user.
-+will check directories in the path to be edited for writability
-+by the invoking user.
-+Symbolic links will not be followed in writable directories and
-+.Nm sudoedit
-+will also refuse to edit a file located in a writable directory.
-+Theses restrictions are not enforced when
-+.Nm sudoedit
-+is invoked as root.
-+On many systems, this option requires that all directories
-+in the path to be edited be readable by the target user.
- This flag is
- .Em off
- by default.
-diff -r 94ffd6b18431 -r c2e36a80a279 include/sudo_compat.h
---- a/include/sudo_compat.h	Mon Jan 04 10:47:11 2016 -0700
-+++ b/include/sudo_compat.h	Sun Jan 10 18:31:29 2016 -0700
-@@ -182,6 +182,8 @@
- # ifndef UTIME_NOW
- #  define UTIME_NOW	-2L
- # endif
-+#endif
-+#if !defined(HAVE_OPENAT) || (!defined(HAVE_FUTIMENS) && !defined(HAVE_UTIMENSAT))
- # ifndef AT_FDCWD
- #  define AT_FDCWD	-100
- # endif
-diff -r 94ffd6b18431 -r c2e36a80a279 src/sudo_edit.c
---- a/src/sudo_edit.c	Mon Jan 04 10:47:11 2016 -0700
-+++ b/src/sudo_edit.c	Sun Jan 10 18:31:29 2016 -0700
-@@ -179,13 +179,15 @@
- }
- 
- #ifndef HAVE_OPENAT
--/* This does not support AT_FDCWD... */
- static int
- sudo_openat(int dfd, const char *path, int flags, mode_t mode)
- {
-     int fd, odfd;
-     debug_decl(sudo_openat, SUDO_DEBUG_EDIT)
- 
-+    if (dfd == AT_FDCWD)
-+	debug_return_int(open(path, flags, mode));
-+
-     /* Save cwd */
-     if ((odfd = open(".", O_RDONLY)) == -1)
- 	debug_return_int(-1);
-@@ -207,6 +209,64 @@
- #define openat sudo_openat
- #endif /* HAVE_OPENAT */
- 
-+#ifdef O_NOFOLLOW
-+static int
-+sudo_edit_openat_nofollow(int dfd, char *path, int oflags, mode_t mode)
-+{
-+    debug_decl(sudo_edit_open_nofollow, SUDO_DEBUG_EDIT)
-+
-+    debug_return_int(openat(dfd, path, oflags|O_NOFOLLOW, mode));
-+}
-+#else
-+/*
-+ * Returns true if fd and path don't match or path is a symlink.
-+ * Used on older systems without O_NOFOLLOW.
-+ */
-+static bool
-+sudo_edit_is_symlink(int fd, char *path)
-+{
-+    struct stat sb1, sb2;
-+    debug_decl(sudo_edit_is_symlink, SUDO_DEBUG_EDIT)
-+
-+    /*
-+     * Treat [fl]stat() failure like there was a symlink.
-+     */
-+    if (fstat(fd, &sb1) == -1 || lstat(path, &sb2) == -1)
-+	debug_return_bool(true);
-+
-+    /*
-+     * Make sure we did not open a link and that what we opened
-+     * matches what is currently on the file system.
-+     */
-+    if (S_ISLNK(sb2.st_mode) ||
-+	sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) {
-+	debug_return_bool(true);
-+    }
-+
-+    debug_return_bool(false);
-+}
-+
-+static int
-+sudo_edit_openat_nofollow(char *path, int oflags, mode_t mode)
-+{
-+    struct stat sb1, sb2;
-+    int fd;
-+    debug_decl(sudo_edit_openat_nofollow, SUDO_DEBUG_EDIT)
-+
-+    fd = openat(dfd, path, oflags, mode);
-+    if (fd == -1)
-+	debug_return_int(-1);
-+
-+    if (sudo_edit_is_symlink(fd, path)) {
-+	close(fd);
-+	fd = -1;
-+	errno = ELOOP;
-+    }
-+
-+    debug_return_int(fd);
-+}
-+#endif /* O_NOFOLLOW */
-+
- /*
-  * Returns true if the directory described by sb is writable
-  * by the user.  We treat directories with the sticky bit as
-@@ -245,49 +305,94 @@
-     debug_return_bool(false);
- }
- 
-+/*
-+ * Directory open flags for use with openat(2) and fstat(2).
-+ * Use O_PATH and O_DIRECTORY where possible.
-+ */
-+#if defined(O_PATH) && defined(O_DIRECTORY)
-+# define DIR_OPEN_FLAGS	(O_PATH|O_DIRECTORY)
-+#elif defined(O_PATH) && !defined(O_DIRECTORY)
-+# define DIR_OPEN_FLAGS	O_PATH
-+#elif !defined(O_PATH) && defined(O_DIRECTORY)
-+# define DIR_OPEN_FLAGS	(O_RDONLY|O_DIRECTORY)
-+#else
-+# define DIR_OPEN_FLAGS	(O_RDONLY|O_NONBLOCK)
-+#endif
-+
- static int
- sudo_edit_open_nonwritable(char *path, int oflags, mode_t mode)
- {
--    char *base, *dir;
-+    int dfd, fd, dflags = DIR_OPEN_FLAGS;
-+#if defined(__linux__) && defined(O_PATH)
-+    char *opath = path;
-+#endif
-+    bool is_writable;
-     struct stat sb;
--    int dfd, fd;
-     debug_decl(sudo_edit_open_nonwritable, SUDO_DEBUG_EDIT)
- 
--    base = strrchr(path, '/');
--    if (base != NULL) {
--	*base++ = '\0';
--	dir = path;
-+#if defined(__linux__) && defined(O_PATH)
-+restart:
-+#endif
-+    if (path[0] == '/') {
-+	dfd = open("/", dflags);
-+	path++;
-     } else {
--	base = path;
--	dir = ".";
-+	dfd = open(".", dflags);
-+	if (path[0] == '.' && path[1] == '/')
-+	    path += 2;
-     }
--#ifdef O_PATH
--    if ((dfd = open(dir, O_PATH)) != -1) {
--	/* Linux kernels < 3.6 can't do fstat on O_PATH fds. */
--	if (fstat(dfd, &sb) == -1) {
--	    close(dfd);
--	    dfd = open(dir, O_RDONLY);
--	    if (fstat(dfd, &sb) == -1) {
--		close(dfd);
--		dfd = -1;
--	    }
--	}
--    }
--#else
--    if ((dfd = open(dir, O_RDONLY)) != -1) {
--	if (fstat(dfd, &sb) == -1) {
--	    close(dfd);
--	    dfd = -1;
--	}
--    }
--#endif
--    if (base != path)
--	base[-1] = '/';			/* restore path */
-     if (dfd == -1)
- 	debug_return_int(-1);
- 
--    if (dir_is_writable(&sb, user_details.uid, user_details.gid,
--	user_details.ngroups, user_details.groups)) {
-+    for (;;) {
-+	char *slash;
-+	int subdfd;
-+
-+	/*
-+	 * Look up one component at a time, avoiding symbolic links in
-+	 * writable directories.
-+	 */
-+	if (fstat(dfd, &sb) == -1) {
-+	    close(dfd);
-+#if defined(__linux__) && defined(O_PATH)
-+	    /* Linux prior to 3.6 can't fstat an O_PATH fd */
-+	    if (ISSET(dflags, O_PATH)) {
-+		CLR(dflags, O_PATH);
-+		path = opath;
-+		goto restart;
-+	    }
-+#endif
-+	    debug_return_int(-1);
-+	}
-+#ifndef O_DIRECTORY
-+	if (!S_ISDIR(sb.st_mode)) {
-+	    close(dfd);
-+	    errno = ENOTDIR;
-+	    debug_return_int(-1);
-+	}
-+#endif
-+	is_writable = dir_is_writable(&sb, user_details.uid, user_details.gid,
-+	    user_details.ngroups, user_details.groups);
-+
-+	while (path[0] == '/')
-+	    path++;
-+	slash = strchr(path, '/');
-+	if (slash == NULL)
-+	    break;
-+	*slash = '\0';
-+	if (is_writable)
-+	    subdfd = sudo_edit_openat_nofollow(dfd, path, dflags, 0);
-+	else
-+	    subdfd = openat(dfd, path, dflags, 0);
-+	*slash = '/';			/* restore path */
-+	close(dfd);
-+	if (subdfd == -1)
-+	    debug_return_int(-1);
-+	path = slash + 1;
-+	dfd = subdfd;
-+    }
-+
-+    if (is_writable) {
- 	close(dfd);
- 	errno = EISDIR;
- 	debug_return_int(-1);
-@@ -332,27 +437,10 @@
-     if (!ISSET(oflags, O_NONBLOCK))
- 	(void) fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
- 
--    /*
--     * Treat [fl]stat() failure like an open() failure.
--     */
--    if (fstat(fd, &sb1) == -1 || lstat(path, &sb2) == -1) {
--	const int serrno = errno;
-+    if (!ISSET(sflags, CD_SUDOEDIT_FOLLOW) && sudo_edit_is_symlink(fd, path)) {
- 	close(fd);
--	errno = serrno;
--	debug_return_int(-1);
--    }
--
--    /*
--     * Make sure we did not open a link and that what we opened
--     * matches what is currently on the file system.
--     */
--    if (!ISSET(sflags, CD_SUDOEDIT_FOLLOW)) {
--	if (S_ISLNK(sb2.st_mode) ||
--	    sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) {
--	    close(fd);
--	    errno = ELOOP;
--	    debug_return_int(-1);
--	}
-+	fd = -1;
-+	errno = ELOOP;
-     }
- 
-     debug_return_int(fd);
-