summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/bluez-CVE-2017-1000250.patch42
-rw-r--r--gnu/packages/patches/calibre-drop-unrar.patch49
-rw-r--r--gnu/packages/patches/csound-header-ordering.patch20
-rw-r--r--gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch85
-rw-r--r--gnu/packages/patches/file-CVE-2017-1000249.patch27
-rw-r--r--gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch14
-rw-r--r--gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch13
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch137
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch80
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch72
-rw-r--r--gnu/packages/patches/httpd-CVE-2017-9798.patch22
-rw-r--r--gnu/packages/patches/libarchive-CVE-2017-14166.patch45
-rw-r--r--gnu/packages/patches/libzip-CVE-2017-12858.patch45
-rw-r--r--gnu/packages/patches/meson-for-build-rpath.patch24
-rw-r--r--gnu/packages/patches/newsbeuter-CVE-2017-14500.patch43
-rw-r--r--gnu/packages/patches/openfoam-4.1-cleanup.patch243
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-14151.patch46
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-14152.patch38
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-14164.patch89
-rw-r--r--gnu/packages/patches/perl-text-markdown-discount-use-system-markdown.patch32
-rw-r--r--gnu/packages/patches/python-acme-dont-use-openssl-rand.patch28
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-13711.patch89
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-14167.patch69
-rw-r--r--gnu/packages/patches/ruby-2.2.7-rubygems-2613-ruby22.patch355
-rw-r--r--gnu/packages/patches/ruby-2.3.4-rubygems-2613-ruby23.patch355
-rw-r--r--gnu/packages/patches/ruby-rubygems-2612-ruby24.patch437
-rw-r--r--gnu/packages/patches/ruby-rubygems-2613-ruby24.patch355
27 files changed, 1238 insertions, 1616 deletions
diff --git a/gnu/packages/patches/bluez-CVE-2017-1000250.patch b/gnu/packages/patches/bluez-CVE-2017-1000250.patch
new file mode 100644
index 0000000000..81f209d7b2
--- /dev/null
+++ b/gnu/packages/patches/bluez-CVE-2017-1000250.patch
@@ -0,0 +1,42 @@
+Description: CVE-2017-1000250: information disclosure vulnerability in service_search_attr_req
+Origin: vendor
+Bug-Debian: https://bugs.debian.org/875633
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1489446
+Bug-SuSE: https://bugzilla.suse.com/show_bug.cgi?id=1057342
+Forwarded: no
+Author: Armis Security <security@armis.com>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2017-09-13
+
+--- a/src/sdpd-request.c
++++ b/src/sdpd-request.c
+@@ -918,15 +918,20 @@ static int service_search_attr_req(sdp_r
+ 		/* continuation State exists -> get from cache */
+ 		sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);
+ 		if (pCache) {
+-			uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
+-			pResponse = pCache->data;
+-			memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
+-			buf->data_size += sent;
+-			cstate->cStateValue.maxBytesSent += sent;
+-			if (cstate->cStateValue.maxBytesSent == pCache->data_size)
+-				cstate_size = sdp_set_cstate_pdu(buf, NULL);
+-			else
+-				cstate_size = sdp_set_cstate_pdu(buf, cstate);
++			if (cstate->cStateValue.maxBytesSent >= pCache->data_size) {
++				status = SDP_INVALID_CSTATE;
++				SDPDBG("Got bad cstate with invalid size");
++			} else {
++				uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
++				pResponse = pCache->data;
++				memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
++				buf->data_size += sent;
++				cstate->cStateValue.maxBytesSent += sent;
++				if (cstate->cStateValue.maxBytesSent == pCache->data_size)
++					cstate_size = sdp_set_cstate_pdu(buf, NULL);
++				else
++					cstate_size = sdp_set_cstate_pdu(buf, cstate);
++			}
+ 		} else {
+ 			status = SDP_INVALID_CSTATE;
+ 			SDPDBG("Non-null continuation state, but null cache buffer");
diff --git a/gnu/packages/patches/calibre-drop-unrar.patch b/gnu/packages/patches/calibre-drop-unrar.patch
deleted file mode 100644
index adf977b183..0000000000
--- a/gnu/packages/patches/calibre-drop-unrar.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-Recreated old debian patch on the latest calibre version
-
-From 6764e4c211e50d4f4633dbabfba7cbc3089c51dc Mon Sep 17 00:00:00 2001
-From: Brendan Tildesley <brendan.tildesley@openmailbox.org>
-Date: Sat, 13 May 2017 21:12:12 +1000
-Subject: [PATCH] Remove unrar extension
-
----
- setup/extensions.json                  | 11 -----------
- src/calibre/ebooks/metadata/archive.py |  2 +-
- 2 files changed, 1 insertion(+), 12 deletions(-)
-
-diff --git a/setup/extensions.json b/setup/extensions.json
-index 1f6d1fb5fd..127390450f 100644
---- a/setup/extensions.json
-+++ b/setup/extensions.json
-@@ -211,16 +211,5 @@
-         "sources": "calibre/devices/mtp/unix/devices.c calibre/devices/mtp/unix/libmtp.c",
-         "headers": "calibre/devices/mtp/unix/devices.h calibre/devices/mtp/unix/upstream/music-players.h calibre/devices/mtp/unix/upstream/device-flags.h",
-         "libraries": "mtp"
--    },
--    {
--        "name": "unrar",
--        "sources": "unrar/rar.cpp unrar/strlist.cpp unrar/strfn.cpp unrar/pathfn.cpp unrar/savepos.cpp unrar/smallfn.cpp unrar/global.cpp unrar/file.cpp unrar/filefn.cpp unrar/filcreat.cpp unrar/archive.cpp unrar/arcread.cpp unrar/unicode.cpp unrar/system.cpp unrar/isnt.cpp unrar/crypt.cpp unrar/crc.cpp unrar/rawread.cpp unrar/encname.cpp unrar/resource.cpp unrar/match.cpp unrar/timefn.cpp unrar/rdwrfn.cpp unrar/consio.cpp unrar/options.cpp unrar/ulinks.cpp unrar/errhnd.cpp unrar/rarvm.cpp unrar/secpassword.cpp unrar/rijndael.cpp unrar/getbits.cpp unrar/sha1.cpp unrar/extinfo.cpp unrar/extract.cpp unrar/volume.cpp unrar/list.cpp unrar/find.cpp unrar/unpack.cpp unrar/cmddata.cpp unrar/filestr.cpp unrar/scantree.cpp calibre/utils/unrar.cpp",
--        "inc_dirs": "unrar",
--        "defines": "SILENT RARDLL UNRAR _FILE_OFFSET_BITS=64 _LARGEFILE_SOURCE",
--        "windows_defines": "SILENT RARDLL UNRAR",
--        "haiku_defines": "LITTLE_ENDIAN SILENT RARDLL UNRAR _FILE_OFFSET_BITS=64 _LARGEFILE_SOURCE _BSD_SOURCE",
--        "haiku_libraries": "bsd",
--        "optimize_level": 2,
--        "windows_libraries": "User32 Advapi32 kernel32 Shell32"
-     }
- ]
-diff --git a/src/calibre/ebooks/metadata/archive.py b/src/calibre/ebooks/metadata/archive.py
-index f5c0b7bed3..32257dcdae 100644
---- a/src/calibre/ebooks/metadata/archive.py
-+++ b/src/calibre/ebooks/metadata/archive.py
-@@ -44,7 +44,7 @@ class ArchiveExtract(FileTypePlugin):
-     description = _('Extract common e-book formats from archive files '
-         '(ZIP/RAR). Also try to autodetect if they are actually '
-         'CBZ/CBR files.')
--    file_types = set(['zip', 'rar'])
-+    file_types = set(['zip'])
-     supported_platforms = ['windows', 'osx', 'linux']
-     on_import = True
- 
--- 
-2.12.2
-
diff --git a/gnu/packages/patches/csound-header-ordering.patch b/gnu/packages/patches/csound-header-ordering.patch
deleted file mode 100644
index 3640d123dd..0000000000
--- a/gnu/packages/patches/csound-header-ordering.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Prevent compilation issues with boost-1.60.0.
-
-Reported upstream at https://github.com/csound/csound/issues/570
-
---- Csound6.05/Opcodes/chua/ChuaOscillator.cpp	2015-04-25 14:06:22.995646234 -0500
-+++ Csound6.05/Opcodes/chua/ChuaOscillator.cpp	2015-12-21 10:31:58.182362640 -0600
-@@ -117,11 +117,12 @@
- //     d = sys_variables(12);
- //     gnor = a*(x.^3) + b*(x.^2) + c*x + d;
- 
--#include <OpcodeBase.hpp>
- #include <boost/numeric/ublas/vector.hpp>
- using namespace boost::numeric;
- #include <cmath>
- 
-+#include <OpcodeBase.hpp>
-+
- #undef CS_KSMPS
- #define CS_KSMPS     (opds.insdshead->ksmps)
- 
diff --git a/gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch b/gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch
new file mode 100644
index 0000000000..7e45d30129
--- /dev/null
+++ b/gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch
@@ -0,0 +1,85 @@
+This patch fixes a remote code execution vulnerability reported here:
+
+  https://bugs.gnu.org/28350
+  http://www.openwall.com/lists/oss-security/2017/09/11/1
+
+From 9ad0fcc54442a9a01d41be19880250783426db70 Mon Sep 17 00:00:00 2001
+From: Lars Ingebrigtsen <larsi@gnus.org>
+Date: Fri, 8 Sep 2017 20:23:31 -0700
+Subject: Remove unsafe enriched mode translations
+
+* lisp/gnus/mm-view.el (mm-inline-text):
+Do not worry about enriched or richtext type.
+* lisp/textmodes/enriched.el (enriched-translations):
+Remove translations for FUNCTION, display (Bug#28350).
+(enriched-handle-display-prop, enriched-decode-display-prop): Remove.
+---
+ lisp/gnus/mm-view.el       |  4 ----
+ lisp/textmodes/enriched.el | 32 --------------------------------
+ 2 files changed, 36 deletions(-)
+
+diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el
+index e5859d0..77ad271 100644
+--- a/lisp/gnus/mm-view.el
++++ b/lisp/gnus/mm-view.el
+@@ -383,10 +383,6 @@
+ 	(goto-char (point-max))))
+     (save-restriction
+       (narrow-to-region b (point))
+-      (when (member type '("enriched" "richtext"))
+-        (set-text-properties (point-min) (point-max) nil)
+-	(ignore-errors
+-	  (enriched-decode (point-min) (point-max))))
+       (mm-handle-set-undisplayer
+        handle
+        `(lambda ()
+diff --git a/lisp/textmodes/enriched.el b/lisp/textmodes/enriched.el
+index beb6c6d..a8f0d38 100644
+--- a/lisp/textmodes/enriched.el
++++ b/lisp/textmodes/enriched.el
+@@ -117,12 +117,7 @@ expression, which is evaluated to get the string to insert.")
+ 		   (full        "flushboth")
+ 		   (center      "center"))
+     (PARAMETER     (t           "param")) ; Argument of preceding annotation
+-    ;; The following are not part of the standard:
+-    (FUNCTION      (enriched-decode-foreground "x-color")
+-		   (enriched-decode-background "x-bg-color")
+-		   (enriched-decode-display-prop "x-display"))
+     (read-only     (t           "x-read-only"))
+-    (display	   (nil		enriched-handle-display-prop))
+     (unknown       (nil         format-annotate-value))
+ ;   (font-size     (2           "bigger")       ; unimplemented
+ ;		   (-2          "smaller"))
+@@ -477,32 +472,5 @@ Return value is \(begin end name positive-p), or nil if none was found."
+     (message "Warning: no color specified for <x-bg-color>")
+     nil))
+ 
+-;;; Handling the `display' property.
+-
+-
+-(defun enriched-handle-display-prop (old new)
+-  "Return a list of annotations for a change in the `display' property.
+-OLD is the old value of the property, NEW is the new value.  Value
+-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to
+-close and OPEN a list of annotations to open.  Each of these lists
+-has the form `(ANNOTATION PARAM ...)'."
+-  (let ((annotation "x-display")
+-	(param (prin1-to-string (or old new))))
+-    (if (null old)
+-        (cons nil (list (list annotation param)))
+-      (cons (list (list annotation param)) nil))))
+-
+-(defun enriched-decode-display-prop (start end &optional param)
+-  "Decode a `display' property for text between START and END.
+-PARAM is a `<param>' found for the property.
+-Value is a list `(START END SYMBOL VALUE)' with START and END denoting
+-the range of text to assign text property SYMBOL with value VALUE."
+-  (let ((prop (when (stringp param)
+-		(condition-case ()
+-		    (car (read-from-string param))
+-		  (error nil)))))
+-    (unless prop
+-      (message "Warning: invalid <x-display> parameter %s" param))
+-    (list start end 'display prop)))
+ 
+ ;;; enriched.el ends here
diff --git a/gnu/packages/patches/file-CVE-2017-1000249.patch b/gnu/packages/patches/file-CVE-2017-1000249.patch
new file mode 100644
index 0000000000..505acf1592
--- /dev/null
+++ b/gnu/packages/patches/file-CVE-2017-1000249.patch
@@ -0,0 +1,27 @@
+https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793.patch
+http://openwall.com/lists/oss-security/2017/09/05/3
+
+The patch is minorly modified to apply to file-5.30
+
+From 35c94dc6acc418f1ad7f6241a6680e5327495793 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Sun, 27 Aug 2017 07:55:02 +0000
+Subject: [PATCH] Fix always true condition (Thomas Jarosch)
+
+---
+ src/readelf.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/readelf.c b/src/readelf.c
+index 81451827..5f425c97 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -511,7 +511,7 @@ do_bid_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
+     size_t noff, size_t doff, int *flags)
+ {
+ 	if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 &&
+-	    type == NT_GNU_BUILD_ID && (descsz >= 4 || descsz <= 20)) {
++	    type == NT_GNU_BUILD_ID && (descsz >= 4 && descsz <= 20)) {
+ 		uint8_t desc[20];
+ 		const char *btype;
+ 		uint32_t i;
diff --git a/gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch b/gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch
new file mode 100644
index 0000000000..d9f0cc1212
--- /dev/null
+++ b/gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch
@@ -0,0 +1,14 @@
+Fix for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2015-8327>.
+
+--- a/util.c	2014-06-20 19:26:18 +0000
++++ b/util.c	2015-10-30 15:45:03 +0000
+@@ -31,7 +31,7 @@
+ #include <assert.h>
+ 
+ 
+-const char* shellescapes = "|<>&!$\'\"#*?()[]{}";
++const char* shellescapes = "|<>&!$\'\"`#*?()[]{}";
+ 
+ const char * temp_dir()
+ {
+
diff --git a/gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch b/gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch
new file mode 100644
index 0000000000..d3c3024220
--- /dev/null
+++ b/gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch
@@ -0,0 +1,13 @@
+Fix for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2015-8560>.
+
+--- a/util.c	2015-10-30 15:45:03 +0000
++++ b/util.c	2015-12-12 23:27:21 +0000
+@@ -31,7 +31,7 @@
+ #include <assert.h>
+ 
+ 
+-const char* shellescapes = "|<>&!$\'\"`#*?()[]{}";
++const char* shellescapes = "|;<>&!$\'\"`#*?()[]{}";
+ 
+ const char * temp_dir()
+ {
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch
new file mode 100644
index 0000000000..dbcaea1343
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch
@@ -0,0 +1,137 @@
+http://www.openwall.com/lists/oss-security/2017/09/01/6
+
+CVE-2017-11403:
+http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37
+
+CVE-2017-14103:
+http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f
+
+some changes were made to make the patch apply
+
+# HG changeset patch
+# User Glenn Randers-Pehrson <glennrp+bmo@gmail.com>
+# Date 1503875721 14400
+# Node ID 98721124e51fd5ec0c6fba64bce2e218869632d2
+# Parent  f0f2ea85a2930f3b6dcd72352719adb9660f2aad
+Attempt to fix Issue 440.
+
+diff -ru a/coders/png.c b/coders/png.c
+--- a/coders/png.c	1969-12-31 19:00:00.000000000 -0500
++++ b/coders/png.c	2017-09-10 11:31:56.543194173 -0400
+@@ -3106,7 +3106,9 @@
+       if (length > PNG_MAX_UINT || count == 0)
+         {
+           DestroyJNGInfo(color_image_info,alpha_image_info);
+-          ThrowReaderException(CorruptImageError,CorruptImage,image);
++          (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++              "chunk length (%lu) > PNG_MAX_UINT",length);
++          return ((Image*)NULL);
+         }
+
+       chunk=(unsigned char *) NULL;
+@@ -3117,13 +3119,16 @@
+           if (chunk == (unsigned char *) NULL)
+             {
+               DestroyJNGInfo(color_image_info,alpha_image_info);
+-              ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,
+-                                   image);
++              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                  "    Could not allocate chunk memory");
++              return ((Image*)NULL);
+             }
+           if (ReadBlob(image,length,chunk) < length)
+             {
+               DestroyJNGInfo(color_image_info,alpha_image_info);
+-              ThrowReaderException(CorruptImageError,CorruptImage,image);
++              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                  "    chunk reading was incomplete");
++              return ((Image*)NULL);
+             }
+           p=chunk;
+         }
+@@ -3198,7 +3203,7 @@
+                   jng_width, jng_height);
+               MagickFreeMemory(chunk);
+               DestroyJNGInfo(color_image_info,alpha_image_info);
+-              ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
++              return ((Image *)NULL);
+             }
+
+           /* Temporarily set width and height resources to match JHDR */
+@@ -3233,8 +3238,9 @@
+           if (color_image == (Image *) NULL)
+             {
+               DestroyJNGInfo(color_image_info,alpha_image_info);
+-              ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,
+-                                   image);
++              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                  "    could not open color_image blob");
++              return ((Image *)NULL);
+             }
+           if (logging)
+             (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+@@ -3245,7 +3251,9 @@
+           if (status == MagickFalse)
+             {
+               DestroyJNGInfo(color_image_info,alpha_image_info);
+-              ThrowReaderException(CoderError,UnableToOpenBlob,color_image);
++              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                  "    could not open color_image blob");
++              return ((Image *)NULL);
+             }
+
+           if (!image_info->ping && jng_color_type >= 12)
+@@ -3255,17 +3263,18 @@
+               if (alpha_image_info == (ImageInfo *) NULL)
+                 {
+                   DestroyJNGInfo(color_image_info,alpha_image_info);
+-                  ThrowReaderException(ResourceLimitError,
+-                                       MemoryAllocationFailed, image);
++                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                      "    could not allocate alpha_image_info",length);
++                  return ((Image *)NULL);
+                 }
+               GetImageInfo(alpha_image_info);
+               alpha_image=AllocateImage(alpha_image_info);
+               if (alpha_image == (Image *) NULL)
+                 {
+                   DestroyJNGInfo(color_image_info,alpha_image_info);
+-                  ThrowReaderException(ResourceLimitError,
+-                                       MemoryAllocationFailed,
+-                                       alpha_image);
++                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                      "    could not allocate alpha_image");
++                  return ((Image *)NULL);
+                 }
+               if (logging)
+                 (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+@@ -3277,7 +3286,9 @@
+                 {
+                   DestroyJNGInfo(color_image_info,alpha_image_info);
+                   DestroyImage(alpha_image);
+-                  ThrowReaderException(CoderError,UnableToOpenBlob,image);
++                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                      "    could not allocate alpha_image blob");
++                  return ((Image *)NULL);
+                 }
+               if (jng_alpha_compression_method == 0)
+                 {
+@@ -3613,6 +3624,8 @@
+               alpha_image = (Image *)NULL;
+               DestroyImageInfo(alpha_image_info);
+               alpha_image_info = (ImageInfo *)NULL;
++              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                  " Destroy the JNG image");
+               DestroyImage(jng_image);
+               jng_image = (Image *)NULL;
+             }
+@@ -5146,8 +5159,8 @@
+
+       if (image == (Image *) NULL)
+         {
+-          DestroyImageList(previous);
+           CloseBlob(previous);
++          DestroyImageList(previous);
+           MngInfoFreeStruct(mng_info,&have_mng_structure);
+           return((Image *) NULL);
+         }
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch
new file mode 100644
index 0000000000..46f6b032c7
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch
@@ -0,0 +1,80 @@
+http://openwall.com/lists/oss-security/2017/08/28/5
+http://hg.code.sf.net/p/graphicsmagick/code/rev/3bbf7a13643d
+
+some changes were made to make the patch apply
+
+# HG changeset patch
+# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
+# Date 1503268616 18000
+# Node ID 3bbf7a13643df3be76b0e19088a6cc632eea2072
+# Parent  83a5b946180835f260bcb91e3d06327a8e2577e3
+PNM: For binary formats, verify sufficient backing file data before memory request.
+
+diff -r 83a5b9461808 -r 3bbf7a13643d coders/pnm.c
+--- a/coders/pnm.c	Sun Aug 20 17:31:35 2017 -0500
++++ b/coders/pnm.c	Sun Aug 20 17:36:56 2017 -0500
+@@ -569,7 +569,7 @@
+           (void) LogMagickEvent(CoderEvent,GetMagickModule(),"Colors: %u",
+                                 image->colors);
+         }
+-      number_pixels=image->columns*image->rows;
++      number_pixels=MagickArraySize(image->columns,image->rows);
+       if (number_pixels == 0)
+         ThrowReaderException(CorruptImageError,NegativeOrZeroImageSize,image);
+       if (image->storage_class == PseudoClass)
+@@ -858,14 +858,14 @@
+		if (1 == bits_per_sample)
+		  {
+		    /* PBM */
+-		    bytes_per_row=((image->columns+7) >> 3);
++		    bytes_per_row=((image->columns+7U) >> 3);
+		    import_options.grayscale_miniswhite=MagickTrue;
+		    quantum_type=GrayQuantum;
+		  }
+		else
+		  {
+		    /* PGM & XV_332 */
+-		    bytes_per_row=((bits_per_sample+7)/8)*image->columns;
++		    bytes_per_row=MagickArraySize(((bits_per_sample+7U)/8U),image->columns);
+		    if (XV_332_Format == format)
+		      {
+			quantum_type=IndexQuantum;
+@@ -878,7 +878,8 @@
+	      }
+	    else
+	      {
+-		bytes_per_row=(((bits_per_sample+7)/8)*samples_per_pixel)*image->columns;
++		bytes_per_row=MagickArraySize((((bits_per_sample+7)/8)*samples_per_pixel),
++                                              image->columns);
+		if (3 == samples_per_pixel)
+		  {
+		    /* PPM */
+@@ -915,6 +916,28 @@
+		    is_monochrome=MagickFalse;
+		  }
+	      }
++
++            /* Validate file size before allocating memory */
++            if (BlobIsSeekable(image))
++              {
++                const magick_off_t file_size = GetBlobSize(image);
++                const magick_off_t current_offset = TellBlob(image);
++                if ((file_size > 0) &&
++                    (current_offset > 0) &&
++                    (file_size > current_offset))
++                  {
++                    const magick_off_t remaining = file_size-current_offset;
++                    const magick_off_t needed = (magick_off_t) image->rows *
++                      (magick_off_t) bytes_per_row;
++                    if ((remaining < (magick_off_t) bytes_per_row) ||
++                        (remaining < needed))
++                      {
++                        ThrowException(exception,CorruptImageError,UnexpectedEndOfFile,
++                                       image->filename);
++                        break;
++                      }
++                  }
++              }
+
+             scanline_set=AllocateThreadViewDataArray(image,exception,bytes_per_row,1);
+             if (scanline_set == (ThreadViewDataSet *) NULL)
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch
new file mode 100644
index 0000000000..1f55d90d38
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch
@@ -0,0 +1,72 @@
+http://hg.code.sf.net/p/graphicsmagick/code/raw-rev/493da54370aa
+http://openwall.com/lists/oss-security/2017/09/06/4
+
+some changes were made to make the patch apply
+
+# HG changeset patch
+# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
+# Date 1503257388 18000
+# Node ID 493da54370aa42cb430c52a69eb75db0001a5589
+# Parent  f8724674907902b7bc37c04f252fe30fbdd88e6f
+SUN: Verify that file header data length, and file length are sufficient for claimed image dimensions.
+
+diff -r f87246749079 -r 493da54370aa coders/sun.c
+--- a/coders/sun.c	Sun Aug 20 12:21:03 2017 +0200
++++ b/coders/sun.c	Sun Aug 20 14:29:48 2017 -0500
+@@ -498,6 +498,12 @@
+     if (sun_info.depth < 8)
+       image->depth=sun_info.depth;
+ 
++    if (image_info->ping)
++      {
++        CloseBlob(image);
++        return(image);
++      }
++
+     /*
+       Compute bytes per line and bytes per image for an unencoded
+       image.
+@@ -522,15 +528,37 @@
+       if (bytes_per_image > sun_info.length)
+         ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
+ 
+-    if (image_info->ping)
+-      {
+-        CloseBlob(image);
+-        return(image);
+-      }
+     if (sun_info.type == RT_ENCODED)
+       sun_data_length=(size_t) sun_info.length;
+     else
+       sun_data_length=bytes_per_image;
++
++    /*
++      Verify that data length claimed by header is supported by file size
++    */
++    if (sun_info.type == RT_ENCODED)
++      {
++        if (sun_data_length < bytes_per_image/255U)
++          {
++            ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
++          }
++      }
++    if (BlobIsSeekable(image))
++      {
++        const magick_off_t file_size = GetBlobSize(image);
++        const magick_off_t current_offset = TellBlob(image);
++        if ((file_size > 0) &&
++            (current_offset > 0) &&
++            (file_size > current_offset))
++        {
++          const magick_off_t remaining = file_size-current_offset;
++          if (remaining < (magick_off_t) sun_data_length)
++            {
++              ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
++            }
++        }
++      }
++
+     sun_data=MagickAllocateMemory(unsigned char *,sun_data_length);
+     if (sun_data == (unsigned char *) NULL)
+       ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image);
+
diff --git a/gnu/packages/patches/httpd-CVE-2017-9798.patch b/gnu/packages/patches/httpd-CVE-2017-9798.patch
new file mode 100644
index 0000000000..8391a3db4a
--- /dev/null
+++ b/gnu/packages/patches/httpd-CVE-2017-9798.patch
@@ -0,0 +1,22 @@
+Fixes "options bleed", aka. CVE-2017-9798:
+
+  https://nvd.nist.gov/vuln/detail/CVE-2017-9798
+  https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
+
+From <https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch>.
+
+--- a/server/core.c	2017/08/16 16:50:29	1805223
++++ b/server/core.c	2017/09/08 13:13:11	1807754
+@@ -2266,6 +2266,12 @@
+             /* method has not been registered yet, but resource restriction
+              * is always checked before method handling, so register it.
+              */
++            if (cmd->pool == cmd->temp_pool) {
++                /* In .htaccess, we can't globally register new methods. */
++                return apr_psprintf(cmd->pool, "Could not register method '%s' "
++                                   "for %s from .htaccess configuration",
++                                    method, cmd->cmd->name);
++            }
+             methnum = ap_method_register(cmd->pool,
+                                          apr_pstrdup(cmd->pool, method));
+         }
diff --git a/gnu/packages/patches/libarchive-CVE-2017-14166.patch b/gnu/packages/patches/libarchive-CVE-2017-14166.patch
new file mode 100644
index 0000000000..a122848440
--- /dev/null
+++ b/gnu/packages/patches/libarchive-CVE-2017-14166.patch
@@ -0,0 +1,45 @@
+Fix CVE-2017-14166:
+
+https://github.com/libarchive/libarchive/issues/935
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166
+
+Patch copied from upstream source repository:
+
+https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71
+
+From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001
+From: Joerg Sonnenberger <joerg@bec.de>
+Date: Tue, 5 Sep 2017 18:12:19 +0200
+Subject: [PATCH] Do something sensible for empty strings to make fuzzers
+ happy.
+
+---
+ libarchive/archive_read_support_format_xar.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
+index 7a22beb9d..93eeacc5e 100644
+--- a/libarchive/archive_read_support_format_xar.c
++++ b/libarchive/archive_read_support_format_xar.c
+@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
+ 	uint64_t l;
+ 	int digit;
+ 
++	if (char_cnt == 0)
++		return (0);
++
+ 	l = 0;
+ 	digit = *p - '0';
+ 	while (digit >= 0 && digit < 10  && char_cnt-- > 0) {
+@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
+ {
+ 	int64_t l;
+ 	int digit;
+-        
++
++	if (char_cnt == 0)
++		return (0);
++
+ 	l = 0;
+ 	while (char_cnt-- > 0) {
+ 		if (*p >= '0' && *p <= '7')
diff --git a/gnu/packages/patches/libzip-CVE-2017-12858.patch b/gnu/packages/patches/libzip-CVE-2017-12858.patch
deleted file mode 100644
index 8125173f95..0000000000
--- a/gnu/packages/patches/libzip-CVE-2017-12858.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Fix CVE-2017-12858:
-
-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12858
-
-Patch copied from upstream source repository:
-
-https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796
-
-From 2217022b7d1142738656d891e00b3d2d9179b796 Mon Sep 17 00:00:00 2001
-From: Thomas Klausner <tk@giga.or.at>
-Date: Mon, 14 Aug 2017 10:55:44 +0200
-Subject: [PATCH] Fix double free().
-
-Found by Brian 'geeknik' Carpenter using AFL.
----
- THANKS           | 1 +
- lib/zip_dirent.c | 3 ---
- 2 files changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/THANKS b/THANKS
-index be0cca9..a80ee1d 100644
---- a/THANKS
-+++ b/THANKS
-@@ -12,6 +12,7 @@ BALATON Zoltan <balaton@eik.bme.hu>
- Benjamin Gilbert <bgilbert@backtick.net>
- Boaz Stolk <bstolk@aweta.nl>
- Bogdan <bogiebog@gmail.com>
-+Brian 'geeknik' Carpenter <geeknik@protonmail.ch>
- Chris Nehren <cnehren+libzip@pobox.com>
- Coverity <info@coverity.com>
- Dane Springmeyer <dane.springmeyer@gmail.com>
-diff --git a/lib/zip_dirent.c b/lib/zip_dirent.c
-index a369900..e5a7cc9 100644
---- a/lib/zip_dirent.c
-+++ b/lib/zip_dirent.c
-@@ -579,9 +579,6 @@ _zip_dirent_read(zip_dirent_t *zde, zip_source_t *src, zip_buffer_t *buffer, boo
-     }
- 
-     if (!_zip_dirent_process_winzip_aes(zde, error)) {
--	if (!from_buffer) {
--	    _zip_buffer_free(buffer);
--	}
- 	return -1;
-     }
- 
diff --git a/gnu/packages/patches/meson-for-build-rpath.patch b/gnu/packages/patches/meson-for-build-rpath.patch
new file mode 100644
index 0000000000..4e20c9aed3
--- /dev/null
+++ b/gnu/packages/patches/meson-for-build-rpath.patch
@@ -0,0 +1,24 @@
+This patch removes a part of meson that clears the rpath upon installation.
+This will only be applied to a special version of meson, used for the
+meson-build-system.
+
+Patch by Peter Mikkelsen <petermikkelsen10@gmail.com>
+
+--- meson-0.42.0/mesonbuild/scripts/meson_install.py.orig	2017-09-09 01:49:39.147374148 +0200
++++ meson-0.42.0/mesonbuild/scripts/meson_install.py	2017-09-09 01:51:01.209134717 +0200
+@@ -345,15 +345,6 @@
+                     print("Symlink creation does not work on this platform. "
+                           "Skipping all symlinking.")
+                     printed_symlink_error = True
+-        if is_elf_platform() and os.path.isfile(outname):
+-            try:
+-                e = depfixer.Elf(outname, False)
+-                e.fix_rpath(install_rpath)
+-            except SystemExit as e:
+-                if isinstance(e.code, int) and e.code == 0:
+-                    pass
+-                else:
+-                    raise
+
+ def run(args):
+     global install_log_file
diff --git a/gnu/packages/patches/newsbeuter-CVE-2017-14500.patch b/gnu/packages/patches/newsbeuter-CVE-2017-14500.patch
new file mode 100644
index 0000000000..449105e42a
--- /dev/null
+++ b/gnu/packages/patches/newsbeuter-CVE-2017-14500.patch
@@ -0,0 +1,43 @@
+https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333.patch
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14500
+
+From 26f5a4350f3ab5507bb8727051c87bb04660f333 Mon Sep 17 00:00:00 2001
+From: Alexander Batischev <eual.jp@gmail.com>
+Date: Sat, 16 Sep 2017 19:31:43 +0300
+Subject: [PATCH] Work around shell code in podcast names (#598)
+
+---
+ src/pb_controller.cpp | 6 +++---
+ src/queueloader.cpp   | 2 +-
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/pb_controller.cpp b/src/pb_controller.cpp
+index 09b5e897..213216cd 100644
+--- a/src/pb_controller.cpp
++++ b/src/pb_controller.cpp
+@@ -306,9 +306,9 @@ void pb_controller::play_file(const std::string& file) {
+ 	if (player == "")
+ 		return;
+ 	cmdline.append(player);
+-	cmdline.append(" \"");
+-	cmdline.append(utils::replace_all(file,"\"", "\\\""));
+-	cmdline.append("\"");
++	cmdline.append(" \'");
++	cmdline.append(utils::replace_all(file,"'", "%27"));
++	cmdline.append("\'");
+ 	stfl::reset();
+ 	LOG(LOG_DEBUG, "pb_controller::play_file: running `%s'", cmdline.c_str());
+ 	::system(cmdline.c_str());
+diff --git a/src/queueloader.cpp b/src/queueloader.cpp
+index c1dabdd8..ae725e04 100644
+--- a/src/queueloader.cpp
++++ b/src/queueloader.cpp
+@@ -130,7 +130,7 @@ std::string queueloader::get_filename(const std::string& str) {
+ 		strftime(lbuf, sizeof(lbuf), "%Y-%b-%d-%H%M%S.unknown", localtime(&t));
+ 		fn.append(lbuf);
+ 	} else {
+-		fn.append(base);
++		fn.append(utils::replace_all(base, "'", "%27"));
+ 	}
+ 	return fn;
+ }
diff --git a/gnu/packages/patches/openfoam-4.1-cleanup.patch b/gnu/packages/patches/openfoam-4.1-cleanup.patch
new file mode 100644
index 0000000000..37effa5c9c
--- /dev/null
+++ b/gnu/packages/patches/openfoam-4.1-cleanup.patch
@@ -0,0 +1,243 @@
+# This patch removes all need for the ThirdParty files of OpenFOAM.
+
+# Derived from EasyBuild patch by Ward Poelmans <wpoely86@gmail.com>.
+# Modified for GNU Guix by Paul Garlick <pgarlick@tourbillion-technology.com>.
+
+diff -ur OpenFOAM-4.x-version-4.1.org/applications/utilities/mesh/manipulation/setSet/Allwmake OpenFOAM-4.x-version-4.1/applications/utilities/mesh/manipulation/setSet/Allwmake
+--- OpenFOAM-4.x-version-4.1.org/applications/utilities/mesh/manipulation/setSet/Allwmake
++++ OpenFOAM-4.x-version-4.1/applications/utilities/mesh/manipulation/setSet/Allwmake
+@@ -9,7 +9,7 @@
+ #
+ # use readline if available
+ #
+-if [ -f /usr/include/readline/readline.h ]
++if true
+ then
+     echo "Found <readline/readline.h>  --  enabling readline support."
+     export COMP_FLAGS="-DHAS_READLINE"
+diff -ur OpenFOAM-4.x-version-4.1.org/etc/bashrc OpenFOAM-4.x-version-4.1/etc/bashrc
+--- OpenFOAM-4.x-version-4.1.org/etc/bashrc
++++ OpenFOAM-4.x-version-4.1/etc/bashrc
+@@ -43,8 +43,10 @@
+ # Please set to the appropriate path if the default is not correct.
+ #
+ [ $BASH_SOURCE ] && \
+-export FOAM_INST_DIR=$(cd ${BASH_SOURCE%/*/*/*} && pwd -P) || \
++export FOAM_INST_DIR=$(cd $(dirname $BASH_SOURCE)/../.. && pwd -P) || \
+ export FOAM_INST_DIR=$HOME/$WM_PROJECT
++# For GNU Guix: set initially for build then re-set at runtime
++#
+ # export FOAM_INST_DIR=~$WM_PROJECT
+ # export FOAM_INST_DIR=/opt/$WM_PROJECT
+ # export FOAM_INST_DIR=/usr/local/$WM_PROJECT
+diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/CGAL OpenFOAM-4.x-version-4.1/etc/config.sh/CGAL
+--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/CGAL
++++ OpenFOAM-4.x-version-4.1/etc/config.sh/CGAL
+@@ -36,37 +36,7 @@
+ #
+ #------------------------------------------------------------------------------
+
+-boost_version=boost-system
+-cgal_version=cgal-system
+-#cgal_version=CGAL-4.8
+-
+-if [ -z "$SOURCE_CGAL_VERSIONS_ONLY" ]
+-then
+-
+-    common_path=$WM_THIRD_PARTY_DIR/platforms/$WM_ARCH$WM_COMPILER
+-
+-    export BOOST_ARCH_PATH=$common_path/$boost_version
+-    export CGAL_ARCH_PATH=$common_path/$cgal_version
+-
+-    if [ "$FOAM_VERBOSE" -a "$PS1" ]
+-    then
+-        echo "Using CGAL and boost" 1>&2
+-        echo "    $cgal_version at $CGAL_ARCH_PATH" 1>&2
+-        echo "    $boost_version at $BOOST_ARCH_PATH" 1>&2
+-    fi
+-
+-    if [ -d "$CGAL_ARCH_PATH" -a "$cgal_version" != "cgal-system" ]
+-    then
+-        _foamAddLib $CGAL_ARCH_PATH/lib
+-    fi
+-
+-    if [ -d "$BOOST_ARCH_PATH" -a "$boost_version" != "boost-system" ]
+-    then
+-        _foamAddLib $BOOST_ARCH_PATH/lib
+-    fi
+-
+-    unset boost_version cgal_version common_path
+-
+-fi
++export CGAL_ARCH_PATH=$CGAL_ROOT
++export BOOST_ARCH_PATH=$BOOST_ROOT
+
+ #------------------------------------------------------------------------------
+diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/gperftools OpenFOAM-4.x-version-4.1/etc/config.sh/gperftools
+--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/gperftools
++++ OpenFOAM-4.x-version-4.1/etc/config.sh/gperftools
+@@ -29,13 +29,5 @@
+ #
+ #------------------------------------------------------------------------------
+
+-version=svn
+-gperftools_install=$WM_THIRD_PARTY_DIR/platforms/$WM_ARCH$WM_COMPILER
+-
+-GPERFTOOLS_VERSION=gperftools-$version
+-GPERFTOOLS_ARCH_PATH=$gperftools_install/$GPERFTOOLS_VERSION
+-
+-export PATH=$GPERFTOOLS_ARCH_PATH/bin:$PATH
+-export LD_LIBRARY_PATH=$GPERFTOOLS_ARCH_PATH/lib:$LD_LIBRARY_PATH
+
+ #------------------------------------------------------------------------------
+diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/metis OpenFOAM-4.x-version-4.1/etc/config.sh/metis
+--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/metis
++++ OpenFOAM-4.x-version-4.1/etc/config.sh/metis
+@@ -34,7 +34,7 @@
+ #
+ #------------------------------------------------------------------------------
+
+-export METIS_VERSION=metis-5.1.0
+-export METIS_ARCH_PATH=$WM_THIRD_PARTY_DIR/platforms/$WM_ARCH$WM_COMPILER$WM_PRECISION_OPTION$WM_LABEL_OPTION/$METIS_VERSION
++export METIS_VERSION=metis-$METISVERSION
++export METIS_ARCH_PATH=$METIS_ROOT
+
+ #------------------------------------------------------------------------------
+diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/scotch OpenFOAM-4.x-version-4.1/etc/config.sh/scotch
+--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/scotch
++++ OpenFOAM-4.x-version-4.1/etc/config.sh/scotch
+@@ -37,7 +37,7 @@
+ #
+ #------------------------------------------------------------------------------
+
+-export SCOTCH_VERSION=scotch_6.0.3
+-export SCOTCH_ARCH_PATH=$WM_THIRD_PARTY_DIR/platforms/$WM_ARCH$WM_COMPILER$WM_PRECISION_OPTION$WM_LABEL_OPTION/$SCOTCH_VERSION
++export SCOTCH_VERSION=scotch_$SCOTCHVERSION
++export SCOTCH_ARCH_PATH=$SCOTCH_ROOT
+
+ #------------------------------------------------------------------------------
+diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/settings OpenFOAM-4.x-version-4.1/etc/config.sh/settings
+--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/settings
++++ OpenFOAM-4.x-version-4.1/etc/config.sh/settings
+@@ -279,6 +279,9 @@
+     ;;
+ system)
+     # Use system compiler
++    # Use system GMP and MPFR packages
++    export GMP_ARCH_PATH=$GMP_ROOT
++    export MPFR_ARCH_PATH=$MPFR_ROOT
+     ;;
+ *)
+     echo "Warn: WM_COMPILER_TYPE='$WM_COMPILER_TYPE' is unsupported" 1>&2
+diff -ur OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/ptscotchDecomp/Make/options OpenFOAM-4.x-version-4.1/src/parallel/decompose/ptscotchDecomp/Make/options
+--- OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/ptscotchDecomp/Make/options
++++ OpenFOAM-4.x-version-4.1/src/parallel/decompose/ptscotchDecomp/Make/options
+@@ -5,8 +5,7 @@
+     $(PFLAGS) $(PINC) \
+     -I$(SCOTCH_ROOT)/include \
+     -I$(SCOTCH_ARCH_PATH)/include/$(FOAM_MPI) \
+-    -I/usr/include/scotch \
+     -I../decompositionMethods/lnInclude
+
+ LIB_LIBS = \
+-    -L$(SCOTCH_ROOT)/lib -L$(FOAM_EXT_LIBBIN)/$(FOAM_MPI) -lptscotch -lptscotcherrexit -lscotch ${LINK_FLAGS} -lrt
++    -L$(SCOTCH_ROOT)/lib -L$(MPI_ARCH_PATH)/lib -lptscotch -lptscotcherrexit -lscotch ${LINK_FLAGS} -lrt
+diff -ur OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/scotchDecomp/Make/options OpenFOAM-4.x-version-4.1/src/parallel/decompose/scotchDecomp/Make/options
+--- OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/scotchDecomp/Make/options
++++ OpenFOAM-4.x-version-4.1/src/parallel/decompose/scotchDecomp/Make/options
+@@ -9,8 +9,7 @@
+     $(PFLAGS) $(PINC) \
+     -I$(SCOTCH_ROOT)/include \
+     -I$(SCOTCH_ARCH_PATH)/include \
+-    -I/usr/include/scotch \
+     -I../decompositionMethods/lnInclude
+
+ LIB_LIBS = \
+-    -L$(SCOTCH_ROOT)/lib -L$(FOAM_EXT_LIBBIN) -lscotch -lscotcherrexit -lrt
++    -L$(SCOTCH_ROOT)/lib -lscotch -lscotcherrexit -lrt
+diff -ur OpenFOAM-4.x-version-4.1.org/wmake/makefiles/general OpenFOAM-4.x-version-4.1/wmake/makefiles/general
+--- OpenFOAM-4.x-version-4.1.org/wmake/makefiles/general
++++ OpenFOAM-4.x-version-4.1/wmake/makefiles/general
+@@ -33,7 +33,6 @@
+ # The Makefile uses a POSIX shell
+ #------------------------------------------------------------------------------
+ 
+-SHELL           = /bin/sh
+ 
+ 
+ #------------------------------------------------------------------------------
+diff -ur OpenFOAM-4.x-version-4.1.org/wmake/wmake OpenFOAM-4.x-version-4.1/wmake/wmake
+--- OpenFOAM-4.x-version-4.1.org/wmake/wmake
++++ OpenFOAM-4.x-version-4.1/wmake/wmake
+@@ -163,7 +163,7 @@
+ then
+     if [ "$WM_NCOMPPROCS" -gt 1 -a ! "$MAKEFLAGS" ]
+     then
+-        lockDir=$HOME/.$WM_PROJECT/.wmake
++        lockDir=$(cd $(dirname $BASH_SOURCE)/../.. && pwd -P)/.$WM_PROJECT/.wmake
+ 
+         if [ -d $lockDir ]
+         then
+diff -ur OpenFOAM-4.x-version-4.1.org/wmake/wmakeScheduler OpenFOAM-4.x-version-4.1/wmake/wmakeScheduler
+--- OpenFOAM-4.x-version-4.1.org/wmake/wmakeScheduler
++++ OpenFOAM-4.x-version-4.1/wmake/wmakeScheduler
+@@ -53,7 +53,7 @@
+ # csh sets HOST, bash sets HOSTNAME
+ : ${HOST:=$HOSTNAME}
+ 
+-lockDir=$HOME/.$WM_PROJECT/.wmake
++lockDir=$(cd $(dirname $BASH_SOURCE)/../.. && pwd -P)/.$WM_PROJECT/.wmake
+ 
+ # Fallback - 1 core on current host
+ : ${WM_HOSTS:=$HOST:1}
+diff -ur OpenFOAM-4.x-version-4.1.org/wmake/wmakeSchedulerUptime OpenFOAM-4.x-version-4.1/wmake/wmakeSchedulerUptime
+--- OpenFOAM-4.x-version-4.1.org/wmake/wmakeSchedulerUptime
++++ OpenFOAM-4.x-version-4.1/wmake/wmakeSchedulerUptime
+@@ -53,7 +53,7 @@
+ # csh sets HOST, bash sets HOSTNAME
+ : ${HOST:=$HOSTNAME}
+ 
+-lockDir=$HOME/.$WM_PROJECT/.wmake
++lockDir=$(cd $(dirname $BASH_SOURCE)/../.. && pwd -P)/.$WM_PROJECT/.wmake
+ # Fallback - 1 core on current host
+ : ${WM_HOSTS:=$HOST:1}
+ 
+diff -ur OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/metisDecomp/metisDecomp.C OpenFOAM-4.x-version-4.1/src/parallel/decompose/metisDecomp/metisDecomp.C
+--- OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/metisDecomp/metisDecomp.C
++++ OpenFOAM-4.x-version-4.1/src/parallel/decompose/metisDecomp/metisDecomp.C
+@@ -67,7 +67,7 @@
+ 
+     // Processor weights initialised with no size, only used if specified in
+     // a file
+-    Field<scalar> processorWeights;
++    Field<floatScalar> processorWeights;
+ 
+     // Cell weights (so on the vertices of the dual)
+     List<label> cellWeights;
+diff -ur OpenFOAM-4.x-version-4.1.org/wmake/rules/General/CGAL OpenFOAM-4.x-version-4.1/wmake/rules/General/CGAL
+--- OpenFOAM-4.x-version-4.1.org/wmake/rules/General/CGAL
++++ OpenFOAM-4.x-version-4.1/wmake/rules/General/CGAL
+@@ -6,9 +6,10 @@
+     -I/usr/include
+ 
+ CGAL_LIBS = \
+-    -L$(MPFR_ARCH_PATH)/lib$(WM_COMPILER_LIB_ARCH) \
+-    -L$(GMP_ARCH_PATH)/lib$(WM_COMPILER_LIB_ARCH) \
++    -L$(MPFR_ARCH_PATH)/lib \
++    -L$(GMP_ARCH_PATH)/lib \
+     -L$(BOOST_ARCH_PATH)/lib \
+     -L$(CGAL_ARCH_PATH)/lib \
+     -lCGAL \
++    -lgmp \
+     -lmpfr
+diff -ur OpenFOAM-4.x-version-4.1.org/wmake/rules/linux64Gcc/c++ OpenFOAM-4.x-version-4.1/wmake/rules/linux64Gcc/c++
+--- OpenFOAM-4.x-version-4.1.org/wmake/rules/linux64Gcc/c++
++++ OpenFOAM-4.x-version-4.1/wmake/rules/linux64Gcc/c++
+@@ -20,5 +20,5 @@
+
+ LINK_LIBS   = $(c++DBUG)
+
+-LINKLIBSO   = $(CC) $(c++FLAGS) -shared -Xlinker --add-needed -Xlinker --no-as-needed
+-LINKEXE     = $(CC) $(c++FLAGS) -Xlinker --add-needed -Xlinker --no-as-needed
++LINKLIBSO   = $(CC) $(c++FLAGS) $(LDFLAGS) -shared -Xlinker --add-needed -Xlinker --no-as-needed
++LINKEXE     = $(CC) $(c++FLAGS) $(LDFLAGS) -Xlinker --add-needed -Xlinker --no-as-needed
diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14151.patch b/gnu/packages/patches/openjpeg-CVE-2017-14151.patch
new file mode 100644
index 0000000000..4fcf6af6db
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2017-14151.patch
@@ -0,0 +1,46 @@
+https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9.patch
+http://openwall.com/lists/oss-security/2017/09/06/1
+
+From afb308b9ccbe129608c9205cf3bb39bbefad90b9 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Mon, 14 Aug 2017 17:20:37 +0200
+Subject: [PATCH] Encoder: grow buffer size in
+ opj_tcd_code_block_enc_allocate_data() to avoid write heap buffer overflow in
+ opj_mqc_flush (#982)
+
+---
+ src/lib/openjp2/tcd.c                   | 7 +++++--
+ tests/nonregression/test_suite.ctest.in | 2 ++
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c
+index 301c7213e..53cdcf64d 100644
+--- a/src/lib/openjp2/tcd.c
++++ b/src/lib/openjp2/tcd.c
+@@ -1187,8 +1187,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_allocate_data(opj_tcd_cblk_enc_t *
+ {
+     OPJ_UINT32 l_data_size;
+ 
+-    /* The +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */
+-    l_data_size = 1 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
++    /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */
++    /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */
++    /* TODO: is there a theoretical upper-bound for the compressed code */
++    /* block size ? */
++    l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
+                                    (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32));
+ 
+     if (l_data_size > p_code_block->data_size) {
+diff --git a/tests/nonregression/test_suite.ctest.in b/tests/nonregression/test_suite.ctest.in
+index aaf40d7d0..ffd964c2a 100644
+--- a/tests/nonregression/test_suite.ctest.in
++++ b/tests/nonregression/test_suite.ctest.in
+@@ -169,6 +169,8 @@ opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_ban
+ # Same rate as Bretagne2_4.j2k
+ opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_band_r800.j2k -t 2591,1943 -n 2 -r 800
+ 
++opj_compress -i @INPUT_NR_PATH@/issue982.bmp -o @TEMP_PATH@/issue982.j2k -n 1
++
+ # DECODER TEST SUITE
+ opj_decompress -i  @INPUT_NR_PATH@/Bretagne2.j2k -o @TEMP_PATH@/Bretagne2.j2k.pgx
+ opj_decompress -i  @INPUT_NR_PATH@/_00042.j2k -o @TEMP_PATH@/_00042.j2k.pgx
diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14152.patch b/gnu/packages/patches/openjpeg-CVE-2017-14152.patch
new file mode 100644
index 0000000000..6c083be123
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2017-14152.patch
@@ -0,0 +1,38 @@
+https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154.patch
+http://openwall.com/lists/oss-security/2017/09/06/2
+
+From 4241ae6fbbf1de9658764a80944dc8108f2b4154 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Tue, 15 Aug 2017 11:55:58 +0200
+Subject: [PATCH] Fix assertion in debug mode / heap-based buffer overflow in
+ opj_write_bytes_LE for Cinema profiles with numresolutions = 1 (#985)
+
+---
+ src/lib/openjp2/j2k.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
+index a2521ebbc..54b490a8c 100644
+--- a/src/lib/openjp2/j2k.c
++++ b/src/lib/openjp2/j2k.c
+@@ -6573,10 +6573,16 @@ static void opj_j2k_set_cinema_parameters(opj_cparameters_t *parameters,
+ 
+     /* Precincts */
+     parameters->csty |= 0x01;
+-    parameters->res_spec = parameters->numresolution - 1;
+-    for (i = 0; i < parameters->res_spec; i++) {
+-        parameters->prcw_init[i] = 256;
+-        parameters->prch_init[i] = 256;
++    if (parameters->numresolution == 1) {
++        parameters->res_spec = 1;
++        parameters->prcw_init[0] = 128;
++        parameters->prch_init[0] = 128;
++    } else {
++        parameters->res_spec = parameters->numresolution - 1;
++        for (i = 0; i < parameters->res_spec; i++) {
++            parameters->prcw_init[i] = 256;
++            parameters->prch_init[i] = 256;
++        }
+     }
+ 
+     /* The progression order shall be CPRL */
diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14164.patch b/gnu/packages/patches/openjpeg-CVE-2017-14164.patch
new file mode 100644
index 0000000000..2bfc5a6a85
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2017-14164.patch
@@ -0,0 +1,89 @@
+https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a.patch
+http://openwall.com/lists/oss-security/2017/09/06/3
+
+From dcac91b8c72f743bda7dbfa9032356bc8110098a Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Wed, 16 Aug 2017 17:09:10 +0200
+Subject: [PATCH] opj_j2k_write_sot(): fix potential write heap buffer overflow
+ (#991)
+
+---
+ src/lib/openjp2/j2k.c | 25 ++++++++++++++++++++-----
+ 1 file changed, 20 insertions(+), 5 deletions(-)
+
+diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
+index 54b490a8c..16915452e 100644
+--- a/src/lib/openjp2/j2k.c
++++ b/src/lib/openjp2/j2k.c
+@@ -832,13 +832,15 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k,
+  * Writes the SOT marker (Start of tile-part)
+  *
+  * @param       p_j2k            J2K codec.
+- * @param       p_data           FIXME DOC
+- * @param       p_data_written   FIXME DOC
++ * @param       p_data           Output buffer
++ * @param       p_total_data_size Output buffer size
++ * @param       p_data_written   Number of bytes written into stream
+  * @param       p_stream         the stream to write data to.
+  * @param       p_manager        the user event manager.
+ */
+ static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k,
+                                   OPJ_BYTE * p_data,
++                                  OPJ_UINT32 p_total_data_size,
+                                   OPJ_UINT32 * p_data_written,
+                                   const opj_stream_private_t *p_stream,
+                                   opj_event_mgr_t * p_manager);
+@@ -4201,6 +4203,7 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k,
+ 
+ static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k,
+                                   OPJ_BYTE * p_data,
++                                  OPJ_UINT32 p_total_data_size,
+                                   OPJ_UINT32 * p_data_written,
+                                   const opj_stream_private_t *p_stream,
+                                   opj_event_mgr_t * p_manager
+@@ -4214,6 +4217,12 @@ static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k,
+     OPJ_UNUSED(p_stream);
+     OPJ_UNUSED(p_manager);
+ 
++    if (p_total_data_size < 12) {
++        opj_event_msg(p_manager, EVT_ERROR,
++                      "Not enough bytes in output buffer to write SOT marker\n");
++        return OPJ_FALSE;
++    }
++
+     opj_write_bytes(p_data, J2K_MS_SOT,
+                     2);                                 /* SOT */
+     p_data += 2;
+@@ -11480,7 +11489,8 @@ static OPJ_BOOL opj_j2k_write_first_tile_part(opj_j2k_t *p_j2k,
+ 
+     l_current_nb_bytes_written = 0;
+     l_begin_data = p_data;
+-    if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream,
++    if (! opj_j2k_write_sot(p_j2k, p_data, p_total_data_size,
++                            &l_current_nb_bytes_written, p_stream,
+                             p_manager)) {
+         return OPJ_FALSE;
+     }
+@@ -11572,7 +11582,10 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k,
+         l_part_tile_size = 0;
+         l_begin_data = p_data;
+ 
+-        if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream,
++        if (! opj_j2k_write_sot(p_j2k, p_data,
++                                p_total_data_size,
++                                &l_current_nb_bytes_written,
++                                p_stream,
+                                 p_manager)) {
+             return OPJ_FALSE;
+         }
+@@ -11615,7 +11628,9 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k,
+             l_part_tile_size = 0;
+             l_begin_data = p_data;
+ 
+-            if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream,
++            if (! opj_j2k_write_sot(p_j2k, p_data,
++                                    p_total_data_size,
++                                    &l_current_nb_bytes_written, p_stream,
+                                     p_manager)) {
+                 return OPJ_FALSE;
+             }
diff --git a/gnu/packages/patches/perl-text-markdown-discount-use-system-markdown.patch b/gnu/packages/patches/perl-text-markdown-discount-use-system-markdown.patch
new file mode 100644
index 0000000000..e0df632a04
--- /dev/null
+++ b/gnu/packages/patches/perl-text-markdown-discount-use-system-markdown.patch
@@ -0,0 +1,32 @@
+Description: Use the markdown library provided by the libmarkdown2 package.
+Author: Alessandro Ghedini <al3xbio@gmail.com>
+Origin: vendor
+Forwarded: not-needed
+Last-Update: 2012-01-01
+
+--- a/Makefile.PL
++++ b/Makefile.PL
+@@ -57,12 +57,6 @@
+ 
+ 
+ 
+-sub MY::postamble {
+-    return sprintf('
+-$(MYEXTLIB):
+-	%s
+-', qq{( cd $extdir; CC='cc -fPIC' sh configure.sh; make )\n});
+-}
+ 
+ WriteMakefile(
+     NAME              => 'Text::Markdown::Discount',
+@@ -71,8 +65,6 @@
+     ($] >= 5.005 ?
+       (ABSTRACT_FROM  => 'lib/Text/Markdown/Discount.pm',
+        AUTHOR         => 'Masayoshi Sekimura <sekimura@cpan.org>') : ()),
+-    LIBS               => '-L' . $extdir,
+-    INC               => '-I. -I' . $extdir,
+-    MYEXTLIB          => $myextlib,
+-    clean             => { FILES => $clean_files },
++    LIBS               => '-lmarkdown',
++    INC               => '-I.',
+ );
diff --git a/gnu/packages/patches/python-acme-dont-use-openssl-rand.patch b/gnu/packages/patches/python-acme-dont-use-openssl-rand.patch
new file mode 100644
index 0000000000..78920629c0
--- /dev/null
+++ b/gnu/packages/patches/python-acme-dont-use-openssl-rand.patch
@@ -0,0 +1,28 @@
+Fix build with PyOpenSSL > 17.2.0.
+
+See <https://github.com/certbot/certbot/issues/5111>.
+
+Patch copied from upstream source repository:
+https://github.com/certbot/certbot/commit/f6be07da74c664b57ac8c053585f919c79f9af44
+
+diff --git a/acme/crypto_util.py b/acme/crypto_util.py
+index de15284c03..b8fba03488 100644
+--- a/acme/crypto_util.py
++++ b/acme/crypto_util.py
+@@ -2,6 +2,7 @@
+ import binascii
+ import contextlib
+ import logging
++import os
+ import re
+ import socket
+ import sys
+@@ -243,7 +244,7 @@ def gen_ss_cert(key, domains, not_before=None,
+     """
+     assert domains, "Must provide one or more hostnames for the cert."
+     cert = OpenSSL.crypto.X509()
+-    cert.set_serial_number(int(binascii.hexlify(OpenSSL.rand.bytes(16)), 16))
++    cert.set_serial_number(int(binascii.hexlify(os.urandom(16)), 16))
+     cert.set_version(2)
+ 
+     extensions = [
diff --git a/gnu/packages/patches/qemu-CVE-2017-13711.patch b/gnu/packages/patches/qemu-CVE-2017-13711.patch
new file mode 100644
index 0000000000..4070115419
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-13711.patch
@@ -0,0 +1,89 @@
+Fix CVE-2017-13711:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13711
+
+Patch copied from upstream source repository:
+
+https://git.qemu.org/?p=qemu.git;a=commitdiff;h=1201d308519f1e915866d7583d5136d03cc1d384
+
+From 1201d308519f1e915866d7583d5136d03cc1d384 Mon Sep 17 00:00:00 2001
+From: Samuel Thibault <samuel.thibault@ens-lyon.org>
+Date: Fri, 25 Aug 2017 01:35:53 +0200
+Subject: [PATCH] slirp: fix clearing ifq_so from pending packets
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The if_fastq and if_batchq contain not only packets, but queues of packets
+for the same socket. When sofree frees a socket, it thus has to clear ifq_so
+from all the packets from the queues, not only the first.
+
+Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
+Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ slirp/socket.c | 39 +++++++++++++++++++++++----------------
+ 1 file changed, 23 insertions(+), 16 deletions(-)
+
+diff --git a/slirp/socket.c b/slirp/socket.c
+index ecec0295a9..cb7b5b608d 100644
+--- a/slirp/socket.c
++++ b/slirp/socket.c
+@@ -59,6 +59,27 @@ socreate(Slirp *slirp)
+   return(so);
+ }
+ 
++/*
++ * Remove references to so from the given message queue.
++ */
++static void
++soqfree(struct socket *so, struct quehead *qh)
++{
++    struct mbuf *ifq;
++
++    for (ifq = (struct mbuf *) qh->qh_link;
++             (struct quehead *) ifq != qh;
++             ifq = ifq->ifq_next) {
++        if (ifq->ifq_so == so) {
++            struct mbuf *ifm;
++            ifq->ifq_so = NULL;
++            for (ifm = ifq->ifs_next; ifm != ifq; ifm = ifm->ifs_next) {
++                ifm->ifq_so = NULL;
++            }
++        }
++    }
++}
++
+ /*
+  * remque and free a socket, clobber cache
+  */
+@@ -66,23 +87,9 @@ void
+ sofree(struct socket *so)
+ {
+   Slirp *slirp = so->slirp;
+-  struct mbuf *ifm;
+ 
+-  for (ifm = (struct mbuf *) slirp->if_fastq.qh_link;
+-       (struct quehead *) ifm != &slirp->if_fastq;
+-       ifm = ifm->ifq_next) {
+-    if (ifm->ifq_so == so) {
+-      ifm->ifq_so = NULL;
+-    }
+-  }
+-
+-  for (ifm = (struct mbuf *) slirp->if_batchq.qh_link;
+-       (struct quehead *) ifm != &slirp->if_batchq;
+-       ifm = ifm->ifq_next) {
+-    if (ifm->ifq_so == so) {
+-      ifm->ifq_so = NULL;
+-    }
+-  }
++  soqfree(so, &slirp->if_fastq);
++  soqfree(so, &slirp->if_batchq);
+ 
+   if (so->so_emu==EMU_RSH && so->extra) {
+ 	sofree(so->extra);
+-- 
+2.14.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-14167.patch b/gnu/packages/patches/qemu-CVE-2017-14167.patch
new file mode 100644
index 0000000000..a6007ac082
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-14167.patch
@@ -0,0 +1,69 @@
+Fix CVE-2017-14167:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14167
+http://seclists.org/oss-sec/2017/q3/407
+
+Patch copied from upstream development mailing list:
+
+https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01483.html
+
+From: Prasad J Pandit <address@hidden>
+
+While loading kernel via multiboot-v1 image, (flags & 0x00010000)
+indicates that multiboot header contains valid addresses to load
+the kernel image. These addresses are used to compute kernel
+size and kernel text offset in the OS image. Validate these
+address values to avoid an OOB access issue.
+
+This is CVE-2017-14167.
+
+Reported-by: Thomas Garnier <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/i386/multiboot.c | 19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+
+Update: add CVE-ID to the commit message.
+
+diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c
+index 6001f4caa2..c7b70c91d5 100644
+--- a/hw/i386/multiboot.c
++++ b/hw/i386/multiboot.c
+@@ -221,15 +221,34 @@ int load_multiboot(FWCfgState *fw_cfg,
+         uint32_t mh_header_addr = ldl_p(header+i+12);
+         uint32_t mh_load_end_addr = ldl_p(header+i+20);
+         uint32_t mh_bss_end_addr = ldl_p(header+i+24);
++
+         mh_load_addr = ldl_p(header+i+16);
++        if (mh_header_addr < mh_load_addr) {
++            fprintf(stderr, "invalid mh_load_addr address\n");
++            exit(1);
++        }
++
+         uint32_t mb_kernel_text_offset = i - (mh_header_addr - mh_load_addr);
+         uint32_t mb_load_size = 0;
+         mh_entry_addr = ldl_p(header+i+28);
+ 
+         if (mh_load_end_addr) {
++            if (mh_bss_end_addr < mh_load_addr) {
++                fprintf(stderr, "invalid mh_bss_end_addr address\n");
++                exit(1);
++            }
+             mb_kernel_size = mh_bss_end_addr - mh_load_addr;
++
++            if (mh_load_end_addr < mh_load_addr) {
++                fprintf(stderr, "invalid mh_load_end_addr address\n");
++                exit(1);
++            }
+             mb_load_size = mh_load_end_addr - mh_load_addr;
+         } else {
++            if (kernel_file_size < mb_kernel_text_offset) {
++                fprintf(stderr, "invalid kernel_file_size\n");
++                exit(1);
++            }
+             mb_kernel_size = kernel_file_size - mb_kernel_text_offset;
+             mb_load_size = mb_kernel_size;
+         }
+-- 
+2.13.5
+
diff --git a/gnu/packages/patches/ruby-2.2.7-rubygems-2613-ruby22.patch b/gnu/packages/patches/ruby-2.2.7-rubygems-2613-ruby22.patch
deleted file mode 100644
index d68b836c71..0000000000
--- a/gnu/packages/patches/ruby-2.2.7-rubygems-2613-ruby22.patch
+++ /dev/null
@@ -1,355 +0,0 @@
-diff --git lib/rubygems.rb lib/rubygems.rb
-index f48496aa31..0e1855b148 100644
---- ruby-2.2.7/lib/rubygems.rb
-+++ ruby-2.2.7/lib/rubygems.rb
-@@ -9,7 +9,7 @@ require 'rbconfig'
- require 'thread'
- 
- module Gem
--  VERSION = '2.4.5.2'
-+  VERSION = '2.4.5.3'
- end
- 
- # Must be first since it unloads the prelude from 1.9.2
-diff --git lib/rubygems/commands/query_command.rb lib/rubygems/commands/query_command.rb
-index 432250e033..44364cfab2 100644
---- ruby-2.2.7/lib/rubygems/commands/query_command.rb
-+++ ruby-2.2.7/lib/rubygems/commands/query_command.rb
-@@ -218,7 +218,7 @@ is too hard to use.
-         end
-       end
- 
--      output << make_entry(matching_tuples, platforms)
-+      output << clean_text(make_entry(matching_tuples, platforms))
-     end
-   end
- 
-@@ -336,7 +336,8 @@ is too hard to use.
-   end
- 
-   def spec_summary entry, spec
--    entry << "\n\n" << format_text(spec.summary, 68, 4)
-+    summary = truncate_text(spec.summary, "the summary for #{spec.full_name}")
-+    entry << "\n\n" << format_text(summary, 68, 4)
-   end
- 
- end
-diff --git lib/rubygems/installer.rb lib/rubygems/installer.rb
-index 10fc1a34a5..a27569fe2e 100644
---- ruby-2.2.7/lib/rubygems/installer.rb
-+++ ruby-2.2.7/lib/rubygems/installer.rb
-@@ -646,6 +646,11 @@ class Gem::Installer
-       unpack or File.writable?(gem_home)
-   end
- 
-+  def verify_spec_name
-+    return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN
-+    raise Gem::InstallError, "#{spec} has an invalid name"
-+  end
-+
-   ##
-   # Return the text for an application file.
- 
-@@ -771,6 +776,8 @@ TEXT
- 
-     ensure_loadable_spec
- 
-+    verify_spec_name
-+
-     if options[:install_as_default]
-       Gem.ensure_default_gem_subdirectories gem_home
-     else
-diff --git lib/rubygems/remote_fetcher.rb lib/rubygems/remote_fetcher.rb
-index b1f6dd17fc..2b9d61c0a1 100644
---- ruby-2.2.7/lib/rubygems/remote_fetcher.rb
-+++ ruby-2.2.7/lib/rubygems/remote_fetcher.rb
-@@ -96,7 +96,7 @@ class Gem::RemoteFetcher
-     else
-       target = res.target.to_s.strip
- 
--      if /\.#{Regexp.quote(host)}\z/ =~ target
-+      if URI("http://" + target).host.end_with?(".#{host}")
-         return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
-       end
- 
-diff --git lib/rubygems/specification.rb lib/rubygems/specification.rb
-index ab1cd92270..faca837128 100644
---- ruby-2.2.7/lib/rubygems/specification.rb
-+++ ruby-2.2.7/lib/rubygems/specification.rb
-@@ -106,6 +106,8 @@ class Gem::Specification < Gem::BasicSpecification
- 
-   private_constant :LOAD_CACHE if defined? private_constant
- 
-+  VALID_NAME_PATTERN = /\A[a-zA-Z0-9\.\-\_]+\z/ # :nodoc:
-+
-   # :startdoc:
- 
-   ##
-@@ -2477,9 +2479,15 @@ class Gem::Specification < Gem::BasicSpecification
-       end
-     end
- 
--    unless String === name then
-+    if !name.is_a?(String) then
-       raise Gem::InvalidSpecificationException,
--            "invalid value for attribute name: \"#{name.inspect}\""
-+            "invalid value for attribute name: \"#{name.inspect}\" must be a string"
-+    elsif name !~ /[a-zA-Z]/ then
-+      raise Gem::InvalidSpecificationException,
-+            "invalid value for attribute name: #{name.dump} must include at least one letter"
-+    elsif name !~ VALID_NAME_PATTERN then
-+      raise Gem::InvalidSpecificationException,
-+            "invalid value for attribute name: #{name.dump} can only include letters, numbers, dashes, and underscores"
-     end
- 
-     if raw_require_paths.empty? then
-diff --git lib/rubygems/text.rb lib/rubygems/text.rb
-index 5c9287ad2e..86a722ffc0 100644
---- ruby-2.2.7/lib/rubygems/text.rb
-+++ ruby-2.2.7/lib/rubygems/text.rb
-@@ -5,13 +5,26 @@ require 'rubygems'
- 
- module Gem::Text
- 
-+  ##
-+  # Remove any non-printable characters and make the text suitable for
-+  # printing.
-+  def clean_text(text)
-+    text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze)
-+  end
-+
-+  def truncate_text(text, description, max_length = 100_000)
-+    raise ArgumentError, "max_length must be positive" unless max_length > 0
-+    return text if text.size <= max_length
-+    "Truncating #{description} to #{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" + text[0, max_length]
-+  end
-+
-   ##
-   # Wraps +text+ to +wrap+ characters and optionally indents by +indent+
-   # characters
- 
-   def format_text(text, wrap, indent=0)
-     result = []
--    work = text.dup
-+    work = clean_text(text)
- 
-     while work.length > wrap do
-       if work =~ /^(.{0,#{wrap}})[ \n]/ then
-diff --git test/rubygems/test_gem_commands_query_command.rb test/rubygems/test_gem_commands_query_command.rb
-index 43fa82571d..ccd2621874 100644
---- ruby-2.2.7/test/rubygems/test_gem_commands_query_command.rb
-+++ ruby-2.2.7/test/rubygems/test_gem_commands_query_command.rb
-@@ -147,6 +147,86 @@ a (2)
-     This is a lot of text. This is a lot of text. This is a lot of text.
-     This is a lot of text.
- 
-+pl (1)
-+    Platform: i386-linux
-+    Author: A User
-+    Homepage: http://example.com
-+
-+    this is a summary
-+    EOF
-+
-+    assert_equal expected, @ui.output
-+    assert_equal '', @ui.error
-+  end
-+
-+  def test_execute_details_cleans_text
-+    spec_fetcher do |fetcher|
-+      fetcher.spec 'a', 2 do |s|
-+        s.summary = 'This is a lot of text. ' * 4
-+        s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"]
-+        s.homepage = "http://a.example.com/\x03"
-+      end
-+
-+      fetcher.legacy_platform
-+    end
-+
-+    @cmd.handle_options %w[-r -d]
-+
-+    use_ui @ui do
-+      @cmd.execute
-+    end
-+
-+    expected = <<-EOF
-+
-+*** REMOTE GEMS ***
-+
-+a (2)
-+    Authors: Abraham Lincoln ., . Hirohito
-+    Homepage: http://a.example.com/.
-+
-+    This is a lot of text. This is a lot of text. This is a lot of text.
-+    This is a lot of text.
-+
-+pl (1)
-+    Platform: i386-linux
-+    Author: A User
-+    Homepage: http://example.com
-+
-+    this is a summary
-+    EOF
-+
-+    assert_equal expected, @ui.output
-+    assert_equal '', @ui.error
-+  end
-+
-+  def test_execute_details_truncates_summary
-+    spec_fetcher do |fetcher|
-+      fetcher.spec 'a', 2 do |s|
-+        s.summary = 'This is a lot of text. ' * 10_000
-+        s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"]
-+        s.homepage = "http://a.example.com/\x03"
-+      end
-+
-+      fetcher.legacy_platform
-+    end
-+
-+    @cmd.handle_options %w[-r -d]
-+
-+    use_ui @ui do
-+      @cmd.execute
-+    end
-+
-+    expected = <<-EOF
-+
-+*** REMOTE GEMS ***
-+
-+a (2)
-+    Authors: Abraham Lincoln ., . Hirohito
-+    Homepage: http://a.example.com/.
-+
-+    Truncating the summary for a-2 to 100,000 characters:
-+#{"    This is a lot of text. This is a lot of text. This is a lot of text.\n" * 1449}    This is a lot of te
-+
- pl (1)
-     Platform: i386-linux
-     Author: A User
-diff --git test/rubygems/test_gem_installer.rb test/rubygems/test_gem_installer.rb
-index 6f8012feb8..aba73af181 100644
---- ruby-2.2.7/test/rubygems/test_gem_installer.rb
-+++ ruby-2.2.7/test/rubygems/test_gem_installer.rb
-@@ -1214,6 +1214,26 @@ gem 'other', version
-     end
-   end
- 
-+  def test_pre_install_checks_malicious_name
-+    spec = util_spec '../malicious', '1'
-+    def spec.full_name # so the spec is buildable
-+      "malicious-1"
-+    end
-+    def spec.validate; end
-+
-+    util_build_gem spec
-+
-+    gem = File.join(@gemhome, 'cache', spec.file_name)
-+
-+    use_ui @ui do
-+      @installer = Gem::Installer.at gem
-+      e = assert_raises Gem::InstallError do
-+        @installer.pre_install_checks
-+      end
-+      assert_equal '#<Gem::Specification name=../malicious version=1> has an invalid name', e.message
-+    end
-+  end
-+
-   def test_shebang
-     util_make_exec @spec, "#!/usr/bin/ruby"
- 
-diff --git test/rubygems/test_gem_remote_fetcher.rb test/rubygems/test_gem_remote_fetcher.rb
-index 63dd8feb38..ca4627810b 100644
---- ruby-2.2.7/test/rubygems/test_gem_remote_fetcher.rb
-+++ ruby-2.2.7/test/rubygems/test_gem_remote_fetcher.rb
-@@ -181,6 +181,21 @@ gems:
-     dns.verify
-   end
- 
-+  def test_api_endpoint_ignores_trans_domain_values_that_end_with_original_in_path
-+    uri = URI.parse "http://example.com/foo"
-+    target = MiniTest::Mock.new
-+    target.expect :target, "evil.com/a.example.com"
-+
-+    dns = MiniTest::Mock.new
-+    dns.expect :getresource, target, [String, Object]
-+
-+    fetch = Gem::RemoteFetcher.new nil, dns
-+    assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri)
-+
-+    target.verify
-+    dns.verify
-+  end
-+
-   def test_api_endpoint_ignores_trans_domain_values
-     uri = URI.parse "http://gems.example.com/foo"
-     target = MiniTest::Mock.new
-diff --git test/rubygems/test_gem_specification.rb test/rubygems/test_gem_specification.rb
-index 3cadc55d5d..4f7076a03a 100644
---- ruby-2.2.7/test/rubygems/test_gem_specification.rb
-+++ ruby-2.2.7/test/rubygems/test_gem_specification.rb
-@@ -2610,7 +2610,37 @@ http://opensource.org/licenses/alphabetical
-       @a1.validate
-     end
- 
--    assert_equal 'invalid value for attribute name: ":json"', e.message
-+    assert_equal 'invalid value for attribute name: ":json" must be a string', e.message
-+
-+    @a1.name = []
-+    e = assert_raises Gem::InvalidSpecificationException do
-+      @a1.validate
-+    end
-+    assert_equal "invalid value for attribute name: \"[]\" must be a string", e.message
-+
-+    @a1.name = ""
-+    e = assert_raises Gem::InvalidSpecificationException do
-+      @a1.validate
-+    end
-+    assert_equal "invalid value for attribute name: \"\" must include at least one letter", e.message
-+
-+    @a1.name = "12345"
-+    e = assert_raises Gem::InvalidSpecificationException do
-+      @a1.validate
-+    end
-+    assert_equal "invalid value for attribute name: \"12345\" must include at least one letter", e.message
-+
-+    @a1.name = "../malicious"
-+    e = assert_raises Gem::InvalidSpecificationException do
-+      @a1.validate
-+    end
-+    assert_equal "invalid value for attribute name: \"../malicious\" can only include letters, numbers, dashes, and underscores", e.message
-+
-+    @a1.name = "\ba\t"
-+    e = assert_raises Gem::InvalidSpecificationException do
-+      @a1.validate
-+    end
-+    assert_equal "invalid value for attribute name: \"\\ba\\t\" can only include letters, numbers, dashes, and underscores", e.message
-   end
- 
-   def test_validate_non_nil
-diff --git test/rubygems/test_gem_text.rb test/rubygems/test_gem_text.rb
-index e5cfc41e61..9b270b481b 100644
---- ruby-2.2.7/test/rubygems/test_gem_text.rb
-+++ ruby-2.2.7/test/rubygems/test_gem_text.rb
-@@ -35,6 +35,10 @@ Without the wrapping, the text might not look good in the RSS feed.
-     assert_equal expected, format_text(text, 78)
-   end
- 
-+  def test_format_removes_nonprintable_characters
-+    assert_equal "text with weird .. stuff .", format_text("text with weird \x1b\x02 stuff \x7f", 40)
-+  end
-+
-   def test_min3
-     assert_equal 1, min3(1, 1, 1)
-     assert_equal 1, min3(1, 1, 2)
-@@ -71,4 +75,11 @@ Without the wrapping, the text might not look good in the RSS feed.
-     assert_equal 7, levenshtein_distance("xxxxxxx", "ZenTest")
-     assert_equal 7, levenshtein_distance("zentest", "xxxxxxx")
-   end
-+
-+  def test_truncate_text
-+    assert_equal "abc", truncate_text("abc", "desc")
-+    assert_equal "Truncating desc to 2 characters:\nab", truncate_text("abc", "desc", 2)
-+    s = "ab" * 500_001
-+    assert_equal "Truncating desc to 1,000,000 characters:\n#{s[0, 1_000_000]}", truncate_text(s, "desc", 1_000_000)
-+  end
- end
diff --git a/gnu/packages/patches/ruby-2.3.4-rubygems-2613-ruby23.patch b/gnu/packages/patches/ruby-2.3.4-rubygems-2613-ruby23.patch
deleted file mode 100644
index 8f4758293e..0000000000
--- a/gnu/packages/patches/ruby-2.3.4-rubygems-2613-ruby23.patch
+++ /dev/null
@@ -1,355 +0,0 @@
-diff --git lib/rubygems.rb lib/rubygems.rb
-index 04031c765c..9c0219ce06 100644
---- ruby-2.3.4/lib/rubygems.rb
-+++ ruby-2.3.4/lib/rubygems.rb
-@@ -10,7 +10,7 @@
- require 'thread'
- 
- module Gem
--  VERSION = '2.5.2'
-+  VERSION = '2.5.2.1'
- end
- 
- # Must be first since it unloads the prelude from 1.9.2
-diff --git lib/rubygems/commands/query_command.rb lib/rubygems/commands/query_command.rb
-index d6196b44ed..61e9808860 100644
---- ruby-2.3.4/lib/rubygems/commands/query_command.rb
-+++ ruby-2.3.4/lib/rubygems/commands/query_command.rb
-@@ -226,7 +226,7 @@ def output_versions output, versions
-         end
-       end
- 
--      output << make_entry(matching_tuples, platforms)
-+      output << clean_text(make_entry(matching_tuples, platforms))
-     end
-   end
- 
-@@ -344,7 +344,8 @@ def spec_platforms entry, platforms
-   end
- 
-   def spec_summary entry, spec
--    entry << "\n\n" << format_text(spec.summary, 68, 4)
-+    summary = truncate_text(spec.summary, "the summary for #{spec.full_name}")
-+    entry << "\n\n" << format_text(summary, 68, 4)
-   end
- 
- end
-diff --git lib/rubygems/installer.rb lib/rubygems/installer.rb
-index 85358e0d1a..709b77d126 100644
---- ruby-2.3.4/lib/rubygems/installer.rb
-+++ ruby-2.3.4/lib/rubygems/installer.rb
-@@ -693,6 +693,11 @@ def verify_gem_home(unpack = false) # :nodoc:
-       unpack or File.writable?(gem_home)
-   end
- 
-+  def verify_spec_name
-+    return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN
-+    raise Gem::InstallError, "#{spec} has an invalid name"
-+  end
-+
-   ##
-   # Return the text for an application file.
- 
-@@ -812,6 +817,8 @@ def pre_install_checks
- 
-     ensure_loadable_spec
- 
-+    verify_spec_name
-+
-     if options[:install_as_default]
-       Gem.ensure_default_gem_subdirectories gem_home
-     else
-diff --git lib/rubygems/remote_fetcher.rb lib/rubygems/remote_fetcher.rb
-index fda1e067ef..254bebfadf 100644
---- ruby-2.3.4/lib/rubygems/remote_fetcher.rb
-+++ ruby-2.3.4/lib/rubygems/remote_fetcher.rb
-@@ -104,7 +104,7 @@ def api_endpoint(uri)
-     else
-       target = res.target.to_s.strip
- 
--      if /\.#{Regexp.quote(host)}\z/ =~ target
-+      if URI("http://" + target).host.end_with?(".#{host}")
-         return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
-       end
- 
-diff --git lib/rubygems/specification.rb lib/rubygems/specification.rb
-index 8e2557cdb2..dd4fde1776 100644
---- ruby-2.3.4/lib/rubygems/specification.rb
-+++ ruby-2.3.4/lib/rubygems/specification.rb
-@@ -108,6 +108,8 @@ class Gem::Specification < Gem::BasicSpecification
- 
-   private_constant :LOAD_CACHE if defined? private_constant
- 
-+  VALID_NAME_PATTERN = /\A[a-zA-Z0-9\.\-\_]+\z/ # :nodoc:
-+
-   # :startdoc:
- 
-   ##
-@@ -2665,9 +2667,15 @@ def validate packaging = true
-       end
-     end
- 
--    unless String === name then
-+    if !name.is_a?(String) then
-       raise Gem::InvalidSpecificationException,
--            "invalid value for attribute name: \"#{name.inspect}\""
-+            "invalid value for attribute name: \"#{name.inspect}\" must be a string"
-+    elsif name !~ /[a-zA-Z]/ then
-+      raise Gem::InvalidSpecificationException,
-+            "invalid value for attribute name: #{name.dump} must include at least one letter"
-+    elsif name !~ VALID_NAME_PATTERN then
-+      raise Gem::InvalidSpecificationException,
-+            "invalid value for attribute name: #{name.dump} can only include letters, numbers, dashes, and underscores"
-     end
- 
-     if raw_require_paths.empty? then
-diff --git lib/rubygems/text.rb lib/rubygems/text.rb
-index 732f1b99f2..b944b62c27 100644
---- ruby-2.3.4/lib/rubygems/text.rb
-+++ ruby-2.3.4/lib/rubygems/text.rb
-@@ -6,13 +6,26 @@
- 
- module Gem::Text
- 
-+  ##
-+  # Remove any non-printable characters and make the text suitable for
-+  # printing.
-+  def clean_text(text)
-+    text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze)
-+  end
-+
-+  def truncate_text(text, description, max_length = 100_000)
-+    raise ArgumentError, "max_length must be positive" unless max_length > 0
-+    return text if text.size <= max_length
-+    "Truncating #{description} to #{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" + text[0, max_length]
-+  end
-+
-   ##
-   # Wraps +text+ to +wrap+ characters and optionally indents by +indent+
-   # characters
- 
-   def format_text(text, wrap, indent=0)
-     result = []
--    work = text.dup
-+    work = clean_text(text)
- 
-     while work.length > wrap do
-       if work =~ /^(.{0,#{wrap}})[ \n]/ then
-diff --git test/rubygems/test_gem_commands_query_command.rb test/rubygems/test_gem_commands_query_command.rb
-index 78c15a1770..9ec715492f 100644
---- ruby-2.3.4/test/rubygems/test_gem_commands_query_command.rb
-+++ ruby-2.3.4/test/rubygems/test_gem_commands_query_command.rb
-@@ -116,6 +116,86 @@ def test_execute_details
-     This is a lot of text. This is a lot of text. This is a lot of text.
-     This is a lot of text.
- 
-+pl (1)
-+    Platform: i386-linux
-+    Author: A User
-+    Homepage: http://example.com
-+
-+    this is a summary
-+    EOF
-+
-+    assert_equal expected, @ui.output
-+    assert_equal '', @ui.error
-+  end
-+
-+  def test_execute_details_cleans_text
-+    spec_fetcher do |fetcher|
-+      fetcher.spec 'a', 2 do |s|
-+        s.summary = 'This is a lot of text. ' * 4
-+        s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"]
-+        s.homepage = "http://a.example.com/\x03"
-+      end
-+
-+      fetcher.legacy_platform
-+    end
-+
-+    @cmd.handle_options %w[-r -d]
-+
-+    use_ui @ui do
-+      @cmd.execute
-+    end
-+
-+    expected = <<-EOF
-+
-+*** REMOTE GEMS ***
-+
-+a (2)
-+    Authors: Abraham Lincoln ., . Hirohito
-+    Homepage: http://a.example.com/.
-+
-+    This is a lot of text. This is a lot of text. This is a lot of text.
-+    This is a lot of text.
-+
-+pl (1)
-+    Platform: i386-linux
-+    Author: A User
-+    Homepage: http://example.com
-+
-+    this is a summary
-+    EOF
-+
-+    assert_equal expected, @ui.output
-+    assert_equal '', @ui.error
-+  end
-+
-+  def test_execute_details_truncates_summary
-+    spec_fetcher do |fetcher|
-+      fetcher.spec 'a', 2 do |s|
-+        s.summary = 'This is a lot of text. ' * 10_000
-+        s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"]
-+        s.homepage = "http://a.example.com/\x03"
-+      end
-+
-+      fetcher.legacy_platform
-+    end
-+
-+    @cmd.handle_options %w[-r -d]
-+
-+    use_ui @ui do
-+      @cmd.execute
-+    end
-+
-+    expected = <<-EOF
-+
-+*** REMOTE GEMS ***
-+
-+a (2)
-+    Authors: Abraham Lincoln ., . Hirohito
-+    Homepage: http://a.example.com/.
-+
-+    Truncating the summary for a-2 to 100,000 characters:
-+#{"    This is a lot of text. This is a lot of text. This is a lot of text.\n" * 1449}    This is a lot of te
-+
- pl (1)
-     Platform: i386-linux
-     Author: A User
-diff --git test/rubygems/test_gem_installer.rb test/rubygems/test_gem_installer.rb
-index 5ec71d0a01..1092a0c68f 100644
---- ruby-2.3.4/test/rubygems/test_gem_installer.rb
-+++ ruby-2.3.4/test/rubygems/test_gem_installer.rb
-@@ -1227,6 +1227,26 @@ def test_pre_install_checks_wrong_rubygems_version
-     end
-   end
- 
-+  def test_pre_install_checks_malicious_name
-+    spec = util_spec '../malicious', '1'
-+    def spec.full_name # so the spec is buildable
-+      "malicious-1"
-+    end
-+    def spec.validate; end
-+
-+    util_build_gem spec
-+
-+    gem = File.join(@gemhome, 'cache', spec.file_name)
-+
-+    use_ui @ui do
-+      @installer = Gem::Installer.at gem
-+      e = assert_raises Gem::InstallError do
-+        @installer.pre_install_checks
-+      end
-+      assert_equal '#<Gem::Specification name=../malicious version=1> has an invalid name', e.message
-+    end
-+  end
-+
-   def test_shebang
-     util_make_exec @spec, "#!/usr/bin/ruby"
- 
-diff --git test/rubygems/test_gem_remote_fetcher.rb test/rubygems/test_gem_remote_fetcher.rb
-index 49b6b6656c..a3919c8ef2 100644
---- ruby-2.3.4/test/rubygems/test_gem_remote_fetcher.rb
-+++ ruby-2.3.4/test/rubygems/test_gem_remote_fetcher.rb
-@@ -253,6 +253,21 @@ def test_api_endpoint_ignores_trans_domain_values_that_end_with_original
-     dns.verify
-   end
- 
-+  def test_api_endpoint_ignores_trans_domain_values_that_end_with_original_in_path
-+    uri = URI.parse "http://example.com/foo"
-+    target = MiniTest::Mock.new
-+    target.expect :target, "evil.com/a.example.com"
-+
-+    dns = MiniTest::Mock.new
-+    dns.expect :getresource, target, [String, Object]
-+
-+    fetch = Gem::RemoteFetcher.new nil, dns
-+    assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri)
-+
-+    target.verify
-+    dns.verify
-+  end
-+
-   def test_api_endpoint_timeout_warning
-     uri = URI.parse "http://gems.example.com/foo"
- 
-diff --git test/rubygems/test_gem_specification.rb test/rubygems/test_gem_specification.rb
-index bc1c8d2ca7..9a49bbbf59 100644
---- ruby-2.3.4/test/rubygems/test_gem_specification.rb
-+++ ruby-2.3.4/test/rubygems/test_gem_specification.rb
-@@ -2974,7 +2974,37 @@ def test_validate_name
-       @a1.validate
-     end
- 
--    assert_equal 'invalid value for attribute name: ":json"', e.message
-+    assert_equal 'invalid value for attribute name: ":json" must be a string', e.message
-+
-+    @a1.name = []
-+    e = assert_raises Gem::InvalidSpecificationException do
-+      @a1.validate
-+    end
-+    assert_equal "invalid value for attribute name: \"[]\" must be a string", e.message
-+
-+    @a1.name = ""
-+    e = assert_raises Gem::InvalidSpecificationException do
-+      @a1.validate
-+    end
-+    assert_equal "invalid value for attribute name: \"\" must include at least one letter", e.message
-+
-+    @a1.name = "12345"
-+    e = assert_raises Gem::InvalidSpecificationException do
-+      @a1.validate
-+    end
-+    assert_equal "invalid value for attribute name: \"12345\" must include at least one letter", e.message
-+
-+    @a1.name = "../malicious"
-+    e = assert_raises Gem::InvalidSpecificationException do
-+      @a1.validate
-+    end
-+    assert_equal "invalid value for attribute name: \"../malicious\" can only include letters, numbers, dashes, and underscores", e.message
-+
-+    @a1.name = "\ba\t"
-+    e = assert_raises Gem::InvalidSpecificationException do
-+      @a1.validate
-+    end
-+    assert_equal "invalid value for attribute name: \"\\ba\\t\" can only include letters, numbers, dashes, and underscores", e.message
-   end
- 
-   def test_validate_non_nil
-diff --git test/rubygems/test_gem_text.rb test/rubygems/test_gem_text.rb
-index a6e22e04da..04f3f605e8 100644
---- ruby-2.3.4/test/rubygems/test_gem_text.rb
-+++ ruby-2.3.4/test/rubygems/test_gem_text.rb
-@@ -36,6 +36,10 @@ def test_format_text_trailing # for two spaces after .
-     assert_equal expected, format_text(text, 78)
-   end
- 
-+  def test_format_removes_nonprintable_characters
-+    assert_equal "text with weird .. stuff .", format_text("text with weird \x1b\x02 stuff \x7f", 40)
-+  end
-+
-   def test_min3
-     assert_equal 1, min3(1, 1, 1)
-     assert_equal 1, min3(1, 1, 2)
-@@ -74,4 +78,11 @@ def test_levenshtein_distance_replace
-     assert_equal 7, levenshtein_distance("xxxxxxx", "ZenTest")
-     assert_equal 7, levenshtein_distance("zentest", "xxxxxxx")
-   end
-+
-+  def test_truncate_text
-+    assert_equal "abc", truncate_text("abc", "desc")
-+    assert_equal "Truncating desc to 2 characters:\nab", truncate_text("abc", "desc", 2)
-+    s = "ab" * 500_001
-+    assert_equal "Truncating desc to 1,000,000 characters:\n#{s[0, 1_000_000]}", truncate_text(s, "desc", 1_000_000)
-+  end
- end
diff --git a/gnu/packages/patches/ruby-rubygems-2612-ruby24.patch b/gnu/packages/patches/ruby-rubygems-2612-ruby24.patch
deleted file mode 100644
index 8ee32c0c6e..0000000000
--- a/gnu/packages/patches/ruby-rubygems-2612-ruby24.patch
+++ /dev/null
@@ -1,437 +0,0 @@
-diff --git lib/rubygems.rb lib/rubygems.rb
-index 5cd1a4c47a..bc5bf9b4c2 100644
---- ruby-2.4.1/lib/rubygems.rb
-+++ ruby-2.4.1/lib/rubygems.rb
-@@ -10,7 +10,7 @@
- require 'thread'
- 
- module Gem
--  VERSION = "2.6.11"
-+  VERSION = "2.6.12"
- end
- 
- # Must be first since it unloads the prelude from 1.9.2
-@@ -234,6 +234,7 @@ def self.needs
- 
-   def self.finish_resolve(request_set=Gem::RequestSet.new)
-     request_set.import Gem::Specification.unresolved_deps.values
-+    request_set.import Gem.loaded_specs.values.map {|s| Gem::Dependency.new(s.name, s.version) }
- 
-     request_set.resolve_current.each do |s|
-       s.full_spec.activate
-diff --git lib/rubygems/commands/open_command.rb lib/rubygems/commands/open_command.rb
-index a89b7421e3..059635e835 100644
---- ruby-2.4.1/lib/rubygems/commands/open_command.rb
-+++ ruby-2.4.1/lib/rubygems/commands/open_command.rb
-@@ -72,7 +72,7 @@ def open_editor path
-   end
- 
-   def spec_for name
--    spec = Gem::Specification.find_all_by_name(name, @version).last
-+    spec = Gem::Specification.find_all_by_name(name, @version).first
- 
-     return spec if spec
- 
-diff --git lib/rubygems/commands/query_command.rb lib/rubygems/commands/query_command.rb
-index f25d120b88..70f8127292 100644
---- ruby-2.4.1/lib/rubygems/commands/query_command.rb
-+++ ruby-2.4.1/lib/rubygems/commands/query_command.rb
-@@ -86,7 +86,7 @@ def execute
-       name = Array(options[:name])
-     else
-       args = options[:args].to_a
--      name = options[:exact] ? args : args.map{|arg| /#{arg}/i }
-+      name = options[:exact] ? args.map{|arg| /\A#{Regexp.escape(arg)}\Z/ } : args.map{|arg| /#{arg}/i }
-     end
- 
-     prerelease = options[:prerelease]
-diff --git lib/rubygems/commands/sources_command.rb lib/rubygems/commands/sources_command.rb
-index 9832afd214..7e46963a4c 100644
---- ruby-2.4.1/lib/rubygems/commands/sources_command.rb
-+++ ruby-2.4.1/lib/rubygems/commands/sources_command.rb
-@@ -44,7 +44,7 @@ def add_source source_uri # :nodoc:
-     source = Gem::Source.new source_uri
- 
-     begin
--      if Gem.sources.include? source_uri then
-+      if Gem.sources.include? source then
-         say "source #{source_uri} already present in the cache"
-       else
-         source.load_specs :released
-diff --git lib/rubygems/dependency_list.rb lib/rubygems/dependency_list.rb
-index 35fe7c4c1a..d8314eaf60 100644
---- ruby-2.4.1/lib/rubygems/dependency_list.rb
-+++ ruby-2.4.1/lib/rubygems/dependency_list.rb
-@@ -104,7 +104,7 @@ def find_name(full_name)
-   end
- 
-   def inspect # :nodoc:
--    "#<%s:0x%x %p>" % [self.class, object_id, map { |s| s.full_name }]
-+    "%s %p>" % [super[0..-2], map { |s| s.full_name }]
-   end
- 
-   ##
-diff --git lib/rubygems/installer.rb lib/rubygems/installer.rb
-index f4d3e728de..967543c2d1 100644
---- ruby-2.4.1/lib/rubygems/installer.rb
-+++ ruby-2.4.1/lib/rubygems/installer.rb
-@@ -214,7 +214,7 @@ def check_executable_overwrite filename # :nodoc:
- 
-       ruby_executable = true
-       existing = io.read.slice(%r{
--          ^(
-+          ^\s*(
-             gem \s |
-             load \s Gem\.bin_path\( |
-             load \s Gem\.activate_bin_path\(
-@@ -701,6 +701,8 @@ def verify_gem_home(unpack = false) # :nodoc:
-   # Return the text for an application file.
- 
-   def app_script_text(bin_file_name)
-+    # note that the `load` lines cannot be indented, as old RG versions match
-+    # against the beginning of the line
-     return <<-TEXT
- #{shebang bin_file_name}
- #
-@@ -723,7 +725,12 @@ def app_script_text(bin_file_name)
-   end
- end
- 
-+if Gem.respond_to?(:activate_bin_path)
- load Gem.activate_bin_path('#{spec.name}', '#{bin_file_name}', version)
-+else
-+gem #{spec.name.dump}, version
-+load Gem.bin_path(#{spec.name.dump}, #{bin_file_name.dump}, version)
-+end
- TEXT
-   end
- 
-diff --git lib/rubygems/platform.rb lib/rubygems/platform.rb
-index d22d91ae54..2dd9ed5782 100644
---- ruby-2.4.1/lib/rubygems/platform.rb
-+++ ruby-2.4.1/lib/rubygems/platform.rb
-@@ -112,7 +112,7 @@ def initialize(arch)
-   end
- 
-   def inspect
--    "#<%s:0x%x @cpu=%p, @os=%p, @version=%p>" % [self.class, object_id, *to_a]
-+    "%s @cpu=%p, @os=%p, @version=%p>" % [super[0..-2], *to_a]
-   end
- 
-   def to_a
-diff --git lib/rubygems/security.rb lib/rubygems/security.rb
-index 119d6d56f7..6963ca156f 100644
---- ruby-2.4.1/lib/rubygems/security.rb
-+++ ruby-2.4.1/lib/rubygems/security.rb
-@@ -455,7 +455,7 @@ def self.create_cert_self_signed subject, key, age = ONE_YEAR,
- 
-   ##
-   # Creates a new key pair of the specified +length+ and +algorithm+.  The
--  # default is a 2048 bit RSA key.
-+  # default is a 3072 bit RSA key.
- 
-   def self.create_key length = KEY_LENGTH, algorithm = KEY_ALGORITHM
-     algorithm.new length
-diff --git lib/rubygems/server.rb lib/rubygems/server.rb
-index 81df0e608e..df4eb566d3 100644
---- ruby-2.4.1/lib/rubygems/server.rb
-+++ ruby-2.4.1/lib/rubygems/server.rb
-@@ -657,7 +657,7 @@ def root(req, res)
-       "only_one_executable" => true,
-       "full_name" => "rubygems-#{Gem::VERSION}",
-       "has_deps" => false,
--      "homepage" => "http://docs.rubygems.org/",
-+      "homepage" => "http://guides.rubygems.org/",
-       "name" => 'rubygems',
-       "ri_installed" => true,
-       "summary" => "RubyGems itself",
-diff --git lib/rubygems/specification.rb lib/rubygems/specification.rb
-index a2f289d162..500f0af768 100644
---- ruby-2.4.1/lib/rubygems/specification.rb
-+++ ruby-2.4.1/lib/rubygems/specification.rb
-@@ -2105,7 +2105,7 @@ def inspect # :nodoc:
-     if $DEBUG
-       super
-     else
--      "#<#{self.class}:0x#{__id__.to_s(16)} #{full_name}>"
-+      "#{super[0..-2]} #{full_name}>"
-     end
-   end
- 
-diff --git lib/rubygems/test_case.rb lib/rubygems/test_case.rb
-index 86b68e1efb..4e48f1eb4c 100644
---- ruby-2.4.1/lib/rubygems/test_case.rb
-+++ ruby-2.4.1/lib/rubygems/test_case.rb
-@@ -484,7 +484,7 @@ def git_gem name = 'a', version = 1
- 
-       system @git, 'add', gemspec
-       system @git, 'commit', '-a', '-m', 'a non-empty commit message', '--quiet'
--      head = Gem::Util.popen('git', 'rev-parse', 'master').strip
-+      head = Gem::Util.popen(@git, 'rev-parse', 'master').strip
-     end
- 
-     return name, git_spec.version, directory, head
-@@ -1498,6 +1498,8 @@ def self.key_path key_name
- begin
-   gem 'rdoc'
-   require 'rdoc'
-+
-+  require 'rubygems/rdoc'
- rescue LoadError, Gem::LoadError
- end
- 
-@@ -1514,3 +1516,4 @@ def self.key_path key_name
- pid = $$
- END {tmpdirs.each {|dir| Dir.rmdir(dir)} if $$ == pid}
- Gem.clear_paths
-+Gem.loaded_specs.clear
-diff --git test/rubygems/test_gem.rb test/rubygems/test_gem.rb
-index a605f9cdfe..62b36dfd41 100644
---- ruby-2.4.1/test/rubygems/test_gem.rb
-+++ ruby-2.4.1/test/rubygems/test_gem.rb
-@@ -75,6 +75,29 @@ def test_self_finish_resolve_wtf
-     end
-   end
- 
-+  def test_self_finish_resolve_respects_loaded_specs
-+    save_loaded_features do
-+      a1 = new_spec "a", "1", "b" => "> 0"
-+      b1 = new_spec "b", "1", "c" => ">= 1"
-+      b2 = new_spec "b", "2", "c" => ">= 2"
-+      c1 = new_spec "c", "1"
-+      c2 = new_spec "c", "2"
-+
-+      install_specs c1, c2, b1, b2, a1
-+
-+      a1.activate
-+      c1.activate
-+
-+      assert_equal %w(a-1 c-1), loaded_spec_names
-+      assert_equal ["b (> 0)"], unresolved_names
-+
-+      Gem.finish_resolve
-+
-+      assert_equal %w(a-1 b-1 c-1), loaded_spec_names
-+      assert_equal [], unresolved_names
-+    end
-+  end
-+
-   def test_self_install
-     spec_fetcher do |f|
-       f.gem  'a', 1
-@@ -492,7 +515,7 @@ def test_self_find_files_with_gemfile
-     skip if RUBY_VERSION <= "1.8.7"
- 
-     cwd = File.expand_path("test/rubygems", @@project_dir)
--    $LOAD_PATH.unshift cwd
-+    actual_load_path = $LOAD_PATH.unshift(cwd).dup
- 
-     discover_path = File.join 'lib', 'sff', 'discover.rb'
- 
-@@ -518,12 +541,12 @@ def test_self_find_files_with_gemfile
-     expected = [
-       File.expand_path('test/rubygems/sff/discover.rb', @@project_dir),
-       File.join(foo1.full_gem_path, discover_path)
--    ]
-+    ].sort
- 
--    assert_equal expected, Gem.find_files('sff/discover')
--    assert_equal expected, Gem.find_files('sff/**.rb'), '[ruby-core:31730]'
-+    assert_equal expected, Gem.find_files('sff/discover').sort
-+    assert_equal expected, Gem.find_files('sff/**.rb').sort, '[ruby-core:31730]'
-   ensure
--    assert_equal cwd, $LOAD_PATH.shift unless RUBY_VERSION <= "1.8.7"
-+    assert_equal cwd, actual_load_path.shift unless RUBY_VERSION <= "1.8.7"
-   end
- 
-   def test_self_find_latest_files
-diff --git test/rubygems/test_gem_commands_open_command.rb test/rubygems/test_gem_commands_open_command.rb
-index 3ec38972e6..a96fa6ea23 100644
---- ruby-2.4.1/test/rubygems/test_gem_commands_open_command.rb
-+++ ruby-2.4.1/test/rubygems/test_gem_commands_open_command.rb
-@@ -24,7 +24,8 @@ def test_execute
-     @cmd.options[:args] = %w[foo]
-     @cmd.options[:editor] = "#{Gem.ruby} -e0 --"
- 
--    spec = gem 'foo'
-+    gem 'foo', '1.0.0'
-+    spec = gem 'foo', '1.0.1'
-     mock = MiniTest::Mock.new
-     mock.expect(:call, true, [spec.full_gem_path])
- 
-diff --git test/rubygems/test_gem_commands_query_command.rb test/rubygems/test_gem_commands_query_command.rb
-index 223f205b2d..d8d682b136 100644
---- ruby-2.4.1/test/rubygems/test_gem_commands_query_command.rb
-+++ ruby-2.4.1/test/rubygems/test_gem_commands_query_command.rb
-@@ -642,7 +642,7 @@ def test_execute_local_details
-     assert_equal expected, @ui.output
-   end
- 
--  def test_execute_exact
-+  def test_execute_exact_remote
-     spec_fetcher do |fetcher|
-       fetcher.spec 'coolgem-omg', 3
-       fetcher.spec 'coolgem', '4.2.1'
-@@ -665,6 +665,60 @@ def test_execute_exact
-     assert_equal expected, @ui.output
-   end
- 
-+  def test_execute_exact_local
-+    spec_fetcher do |fetcher|
-+      fetcher.spec 'coolgem-omg', 3
-+      fetcher.spec 'coolgem', '4.2.1'
-+      fetcher.spec 'wow_coolgem', 1
-+    end
-+
-+    @cmd.handle_options %w[--exact coolgem]
-+
-+    use_ui @ui do
-+      @cmd.execute
-+    end
-+
-+    expected = <<-EOF
-+
-+*** LOCAL GEMS ***
-+
-+coolgem (4.2.1)
-+    EOF
-+
-+    assert_equal expected, @ui.output
-+  end
-+
-+  def test_execute_exact_multiple
-+    spec_fetcher do |fetcher|
-+      fetcher.spec 'coolgem-omg', 3
-+      fetcher.spec 'coolgem', '4.2.1'
-+      fetcher.spec 'wow_coolgem', 1
-+
-+      fetcher.spec 'othergem-omg', 3
-+      fetcher.spec 'othergem', '1.2.3'
-+      fetcher.spec 'wow_othergem', 1
-+    end
-+
-+    @cmd.handle_options %w[--exact coolgem othergem]
-+
-+    use_ui @ui do
-+      @cmd.execute
-+    end
-+
-+    expected = <<-EOF
-+
-+*** LOCAL GEMS ***
-+
-+coolgem (4.2.1)
-+
-+*** LOCAL GEMS ***
-+
-+othergem (1.2.3)
-+    EOF
-+
-+    assert_equal expected, @ui.output
-+  end
-+
-   private
- 
-   def add_gems_to_fetcher
-diff --git test/rubygems/test_gem_commands_sources_command.rb test/rubygems/test_gem_commands_sources_command.rb
-index 014b4b4c12..d5b6d99419 100644
---- ruby-2.4.1/test/rubygems/test_gem_commands_sources_command.rb
-+++ ruby-2.4.1/test/rubygems/test_gem_commands_sources_command.rb
-@@ -108,6 +108,58 @@ def test_execute_add_redundant_source
-     assert_equal '', @ui.error
-   end
- 
-+  def test_execute_add_redundant_source_trailing_slash
-+    # Remove pre-existing gem source (w/ slash)
-+    repo_with_slash = "http://gems.example.com/"
-+    @cmd.handle_options %W[--remove #{repo_with_slash}]
-+    use_ui @ui do
-+      @cmd.execute
-+    end
-+    source = Gem::Source.new repo_with_slash
-+    assert_equal false, Gem.sources.include?(source)
-+
-+    expected = <<-EOF
-+#{repo_with_slash} removed from sources
-+    EOF
-+
-+    assert_equal expected, @ui.output
-+    assert_equal '', @ui.error
-+
-+    # Re-add pre-existing gem source (w/o slash)
-+    repo_without_slash = "http://gems.example.com"
-+    @cmd.handle_options %W[--add #{repo_without_slash}]
-+    use_ui @ui do
-+      @cmd.execute
-+    end
-+    source = Gem::Source.new repo_without_slash
-+    assert_equal true, Gem.sources.include?(source)
-+
-+    expected = <<-EOF
-+http://gems.example.com/ removed from sources
-+http://gems.example.com added to sources
-+    EOF
-+
-+    assert_equal expected, @ui.output
-+    assert_equal '', @ui.error
-+
-+    # Re-add original gem source (w/ slash)
-+    @cmd.handle_options %W[--add #{repo_with_slash}]
-+    use_ui @ui do
-+      @cmd.execute
-+    end
-+    source = Gem::Source.new repo_with_slash
-+    assert_equal true, Gem.sources.include?(source)
-+
-+    expected = <<-EOF
-+http://gems.example.com/ removed from sources
-+http://gems.example.com added to sources
-+source http://gems.example.com/ already present in the cache
-+    EOF
-+
-+    assert_equal expected, @ui.output
-+    assert_equal '', @ui.error 
-+  end
-+
-   def test_execute_add_http_rubygems_org
-     http_rubygems_org = 'http://rubygems.org'
- 
-diff --git test/rubygems/test_gem_installer.rb test/rubygems/test_gem_installer.rb
-index 6ceb2c6dfc..882981d344 100644
---- ruby-2.4.1/test/rubygems/test_gem_installer.rb
-+++ ruby-2.4.1/test/rubygems/test_gem_installer.rb
-@@ -62,7 +62,12 @@ def test_app_script_text
-   end
- end
- 
-+if Gem.respond_to?(:activate_bin_path)
- load Gem.activate_bin_path('a', 'executable', version)
-+else
-+gem "a", version
-+load Gem.bin_path("a", "executable", version)
-+end
-     EOF
- 
-     wrapper = @installer.app_script_text 'executable'
-diff --git test/rubygems/test_require.rb test/rubygems/test_require.rb
-index dd606e44d4..936f78fb2a 100644
---- ruby-2.4.1/test/rubygems/test_require.rb
-+++ ruby-2.4.1/test/rubygems/test_require.rb
-@@ -301,6 +301,17 @@ def test_default_gem_only
-     assert_equal %w(default-2.0.0.0), loaded_spec_names
-   end
- 
-+  def test_realworld_default_gem
-+    skip "no default gems on ruby < 2.0" unless RUBY_VERSION >= "2"
-+    cmd = <<-RUBY
-+      $stderr = $stdout
-+      require "json"
-+      puts Gem.loaded_specs["json"].default_gem?
-+    RUBY
-+    output = Gem::Util.popen(Gem.ruby, "-e", cmd).strip
-+    assert_equal "true", output
-+  end
-+
-   def test_default_gem_and_normal_gem
-     default_gem_spec = new_default_spec("default", "2.0.0.0",
-                                         nil, "default/gem.rb")
diff --git a/gnu/packages/patches/ruby-rubygems-2613-ruby24.patch b/gnu/packages/patches/ruby-rubygems-2613-ruby24.patch
deleted file mode 100644
index c253cc912d..0000000000
--- a/gnu/packages/patches/ruby-rubygems-2613-ruby24.patch
+++ /dev/null
@@ -1,355 +0,0 @@
-diff --git lib/rubygems.rb lib/rubygems.rb
-index bc5bf9b4c2..55aa85b8b2 100644
---- ruby-2.4.1/lib/rubygems.rb
-+++ ruby-2.4.1/lib/rubygems.rb
-@@ -10,7 +10,7 @@
- require 'thread'
- 
- module Gem
--  VERSION = "2.6.12"
-+  VERSION = "2.6.13"
- end
- 
- # Must be first since it unloads the prelude from 1.9.2
-diff --git lib/rubygems/commands/query_command.rb lib/rubygems/commands/query_command.rb
-index 70f8127292..44144203e0 100644
---- ruby-2.4.1/lib/rubygems/commands/query_command.rb
-+++ ruby-2.4.1/lib/rubygems/commands/query_command.rb
-@@ -226,7 +226,7 @@ def output_versions output, versions
-         end
-       end
- 
--      output << make_entry(matching_tuples, platforms)
-+      output << clean_text(make_entry(matching_tuples, platforms))
-     end
-   end
- 
-@@ -353,7 +353,8 @@ def spec_platforms entry, platforms
-   end
- 
-   def spec_summary entry, spec
--    entry << "\n\n" << format_text(spec.summary, 68, 4)
-+    summary = truncate_text(spec.summary, "the summary for #{spec.full_name}")
-+    entry << "\n\n" << format_text(summary, 68, 4)
-   end
- 
- end
-diff --git lib/rubygems/installer.rb lib/rubygems/installer.rb
-index 967543c2d1..6fd3399dd4 100644
---- ruby-2.4.1/lib/rubygems/installer.rb
-+++ ruby-2.4.1/lib/rubygems/installer.rb
-@@ -697,6 +697,11 @@ def verify_gem_home(unpack = false) # :nodoc:
-       unpack or File.writable?(gem_home)
-   end
- 
-+  def verify_spec_name
-+    return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN
-+    raise Gem::InstallError, "#{spec} has an invalid name"
-+  end
-+
-   ##
-   # Return the text for an application file.
- 
-@@ -823,6 +828,8 @@ def pre_install_checks
- 
-     ensure_loadable_spec
- 
-+    verify_spec_name
-+
-     if options[:install_as_default]
-       Gem.ensure_default_gem_subdirectories gem_home
-     else
-diff --git lib/rubygems/remote_fetcher.rb lib/rubygems/remote_fetcher.rb
-index e6a13d4b8c..8f0cf0b402 100644
---- ruby-2.4.1/lib/rubygems/remote_fetcher.rb
-+++ ruby-2.4.1/lib/rubygems/remote_fetcher.rb
-@@ -110,7 +110,7 @@ def api_endpoint(uri)
-     else
-       target = res.target.to_s.strip
- 
--      if /\.#{Regexp.quote(host)}\z/ =~ target
-+      if URI("http://" + target).host.end_with?(".#{host}")
-         return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
-       end
- 
-diff --git lib/rubygems/specification.rb lib/rubygems/specification.rb
-index 500f0af768..88e320c05a 100644
---- ruby-2.4.1/lib/rubygems/specification.rb
-+++ ruby-2.4.1/lib/rubygems/specification.rb
-@@ -108,6 +108,8 @@ class Gem::Specification < Gem::BasicSpecification
- 
-   private_constant :LOAD_CACHE if defined? private_constant
- 
-+  VALID_NAME_PATTERN = /\A[a-zA-Z0-9\.\-\_]+\z/ # :nodoc:
-+
-   # :startdoc:
- 
-   ##
-@@ -2671,9 +2673,15 @@ def validate packaging = true
-       end
-     end
- 
--    unless String === name then
-+    if !name.is_a?(String) then
-       raise Gem::InvalidSpecificationException,
--            "invalid value for attribute name: \"#{name.inspect}\""
-+            "invalid value for attribute name: \"#{name.inspect}\" must be a string"
-+    elsif name !~ /[a-zA-Z]/ then
-+      raise Gem::InvalidSpecificationException,
-+            "invalid value for attribute name: #{name.dump} must include at least one letter"
-+    elsif name !~ VALID_NAME_PATTERN then
-+      raise Gem::InvalidSpecificationException,
-+            "invalid value for attribute name: #{name.dump} can only include letters, numbers, dashes, and underscores"
-     end
- 
-     if raw_require_paths.empty? then
-diff --git lib/rubygems/text.rb lib/rubygems/text.rb
-index 732f1b99f2..b944b62c27 100644
---- ruby-2.4.1/lib/rubygems/text.rb
-+++ ruby-2.4.1/lib/rubygems/text.rb
-@@ -6,13 +6,26 @@
- 
- module Gem::Text
- 
-+  ##
-+  # Remove any non-printable characters and make the text suitable for
-+  # printing.
-+  def clean_text(text)
-+    text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze)
-+  end
-+
-+  def truncate_text(text, description, max_length = 100_000)
-+    raise ArgumentError, "max_length must be positive" unless max_length > 0
-+    return text if text.size <= max_length
-+    "Truncating #{description} to #{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" + text[0, max_length]
-+  end
-+
-   ##
-   # Wraps +text+ to +wrap+ characters and optionally indents by +indent+
-   # characters
- 
-   def format_text(text, wrap, indent=0)
-     result = []
--    work = text.dup
-+    work = clean_text(text)
- 
-     while work.length > wrap do
-       if work =~ /^(.{0,#{wrap}})[ \n]/ then
-diff --git test/rubygems/test_gem_commands_query_command.rb test/rubygems/test_gem_commands_query_command.rb
-index d8d682b136..469223c6c0 100644
---- ruby-2.4.1/test/rubygems/test_gem_commands_query_command.rb
-+++ ruby-2.4.1/test/rubygems/test_gem_commands_query_command.rb
-@@ -116,6 +116,86 @@ def test_execute_details
-     This is a lot of text. This is a lot of text. This is a lot of text.
-     This is a lot of text.
- 
-+pl (1)
-+    Platform: i386-linux
-+    Author: A User
-+    Homepage: http://example.com
-+
-+    this is a summary
-+    EOF
-+
-+    assert_equal expected, @ui.output
-+    assert_equal '', @ui.error
-+  end
-+
-+  def test_execute_details_cleans_text
-+    spec_fetcher do |fetcher|
-+      fetcher.spec 'a', 2 do |s|
-+        s.summary = 'This is a lot of text. ' * 4
-+        s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"]
-+        s.homepage = "http://a.example.com/\x03"
-+      end
-+
-+      fetcher.legacy_platform
-+    end
-+
-+    @cmd.handle_options %w[-r -d]
-+
-+    use_ui @ui do
-+      @cmd.execute
-+    end
-+
-+    expected = <<-EOF
-+
-+*** REMOTE GEMS ***
-+
-+a (2)
-+    Authors: Abraham Lincoln ., . Hirohito
-+    Homepage: http://a.example.com/.
-+
-+    This is a lot of text. This is a lot of text. This is a lot of text.
-+    This is a lot of text.
-+
-+pl (1)
-+    Platform: i386-linux
-+    Author: A User
-+    Homepage: http://example.com
-+
-+    this is a summary
-+    EOF
-+
-+    assert_equal expected, @ui.output
-+    assert_equal '', @ui.error
-+  end
-+
-+  def test_execute_details_truncates_summary
-+    spec_fetcher do |fetcher|
-+      fetcher.spec 'a', 2 do |s|
-+        s.summary = 'This is a lot of text. ' * 10_000
-+        s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"]
-+        s.homepage = "http://a.example.com/\x03"
-+      end
-+
-+      fetcher.legacy_platform
-+    end
-+
-+    @cmd.handle_options %w[-r -d]
-+
-+    use_ui @ui do
-+      @cmd.execute
-+    end
-+
-+    expected = <<-EOF
-+
-+*** REMOTE GEMS ***
-+
-+a (2)
-+    Authors: Abraham Lincoln ., . Hirohito
-+    Homepage: http://a.example.com/.
-+
-+    Truncating the summary for a-2 to 100,000 characters:
-+#{"    This is a lot of text. This is a lot of text. This is a lot of text.\n" * 1449}    This is a lot of te
-+
- pl (1)
-     Platform: i386-linux
-     Author: A User
-diff --git test/rubygems/test_gem_installer.rb test/rubygems/test_gem_installer.rb
-index 882981d344..dd049214fb 100644
---- ruby-2.4.1/test/rubygems/test_gem_installer.rb
-+++ ruby-2.4.1/test/rubygems/test_gem_installer.rb
-@@ -1448,6 +1448,26 @@ def test_pre_install_checks_wrong_rubygems_version
-     end
-   end
- 
-+  def test_pre_install_checks_malicious_name
-+    spec = util_spec '../malicious', '1'
-+    def spec.full_name # so the spec is buildable
-+      "malicious-1"
-+    end
-+    def spec.validate; end
-+
-+    util_build_gem spec
-+
-+    gem = File.join(@gemhome, 'cache', spec.file_name)
-+
-+    use_ui @ui do
-+      @installer = Gem::Installer.at gem
-+      e = assert_raises Gem::InstallError do
-+        @installer.pre_install_checks
-+      end
-+      assert_equal '#<Gem::Specification name=../malicious version=1> has an invalid name', e.message
-+    end
-+  end
-+
-   def test_shebang
-     util_make_exec @spec, "#!/usr/bin/ruby"
- 
-diff --git test/rubygems/test_gem_remote_fetcher.rb test/rubygems/test_gem_remote_fetcher.rb
-index cb994462cd..fbb7d89019 100644
---- ruby-2.4.1/test/rubygems/test_gem_remote_fetcher.rb
-+++ ruby-2.4.1/test/rubygems/test_gem_remote_fetcher.rb
-@@ -241,6 +241,21 @@ def test_api_endpoint_ignores_trans_domain_values_that_end_with_original
-     dns.verify
-   end
- 
-+  def test_api_endpoint_ignores_trans_domain_values_that_end_with_original_in_path
-+    uri = URI.parse "http://example.com/foo"
-+    target = MiniTest::Mock.new
-+    target.expect :target, "evil.com/a.example.com"
-+
-+    dns = MiniTest::Mock.new
-+    dns.expect :getresource, target, [String, Object]
-+
-+    fetch = Gem::RemoteFetcher.new nil, dns
-+    assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri)
-+
-+    target.verify
-+    dns.verify
-+  end
-+
-   def test_api_endpoint_timeout_warning
-     uri = URI.parse "http://gems.example.com/foo"
- 
-diff --git test/rubygems/test_gem_specification.rb test/rubygems/test_gem_specification.rb
-index d43289d745..0fcc11e78f 100644
---- ruby-2.4.1/test/rubygems/test_gem_specification.rb
-+++ ruby-2.4.1/test/rubygems/test_gem_specification.rb
-@@ -2985,7 +2985,37 @@ def test_validate_name
-       @a1.validate
-     end
- 
--    assert_equal 'invalid value for attribute name: ":json"', e.message
-+    assert_equal 'invalid value for attribute name: ":json" must be a string', e.message
-+
-+    @a1.name = []
-+    e = assert_raises Gem::InvalidSpecificationException do
-+      @a1.validate
-+    end
-+    assert_equal "invalid value for attribute name: \"[]\" must be a string", e.message
-+
-+    @a1.name = ""
-+    e = assert_raises Gem::InvalidSpecificationException do
-+      @a1.validate
-+    end
-+    assert_equal "invalid value for attribute name: \"\" must include at least one letter", e.message
-+
-+    @a1.name = "12345"
-+    e = assert_raises Gem::InvalidSpecificationException do
-+      @a1.validate
-+    end
-+    assert_equal "invalid value for attribute name: \"12345\" must include at least one letter", e.message
-+
-+    @a1.name = "../malicious"
-+    e = assert_raises Gem::InvalidSpecificationException do
-+      @a1.validate
-+    end
-+    assert_equal "invalid value for attribute name: \"../malicious\" can only include letters, numbers, dashes, and underscores", e.message
-+
-+    @a1.name = "\ba\t"
-+    e = assert_raises Gem::InvalidSpecificationException do
-+      @a1.validate
-+    end
-+    assert_equal "invalid value for attribute name: \"\\ba\\t\" can only include letters, numbers, dashes, and underscores", e.message
-   end
- 
-   def test_validate_non_nil
-diff --git test/rubygems/test_gem_text.rb test/rubygems/test_gem_text.rb
-index a6e22e04da..04f3f605e8 100644
---- ruby-2.4.1/test/rubygems/test_gem_text.rb
-+++ ruby-2.4.1/test/rubygems/test_gem_text.rb
-@@ -36,6 +36,10 @@ def test_format_text_trailing # for two spaces after .
-     assert_equal expected, format_text(text, 78)
-   end
- 
-+  def test_format_removes_nonprintable_characters
-+    assert_equal "text with weird .. stuff .", format_text("text with weird \x1b\x02 stuff \x7f", 40)
-+  end
-+
-   def test_min3
-     assert_equal 1, min3(1, 1, 1)
-     assert_equal 1, min3(1, 1, 2)
-@@ -74,4 +78,11 @@ def test_levenshtein_distance_replace
-     assert_equal 7, levenshtein_distance("xxxxxxx", "ZenTest")
-     assert_equal 7, levenshtein_distance("zentest", "xxxxxxx")
-   end
-+
-+  def test_truncate_text
-+    assert_equal "abc", truncate_text("abc", "desc")
-+    assert_equal "Truncating desc to 2 characters:\nab", truncate_text("abc", "desc", 2)
-+    s = "ab" * 500_001
-+    assert_equal "Truncating desc to 1,000,000 characters:\n#{s[0, 1_000_000]}", truncate_text(s, "desc", 1_000_000)
-+  end
- end