summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/cairo-CVE-2016-9082.patch122
-rw-r--r--gnu/packages/patches/cairo-setjmp-wrapper.patch78
-rw-r--r--gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch130
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2018-16509.patch193
-rw-r--r--gnu/packages/patches/ghostscript-bug-699708.patch160
-rw-r--r--gnu/packages/patches/glib-networking-ssl-cert-file.patch29
-rw-r--r--gnu/packages/patches/gnutls-skip-pkgconfig-test.patch24
-rw-r--r--gnu/packages/patches/inkscape-poppler-compat3.patch499
-rw-r--r--gnu/packages/patches/json-glib-fix-tests-32bit.patch174
-rw-r--r--gnu/packages/patches/libtiff-CVE-2017-18013.patch45
-rw-r--r--gnu/packages/patches/libtiff-CVE-2017-9935.patch162
-rw-r--r--gnu/packages/patches/libtiff-CVE-2018-10963.patch40
-rw-r--r--gnu/packages/patches/libtiff-CVE-2018-8905.patch61
-rw-r--r--gnu/packages/patches/poppler-CVE-2018-19149.patch80
-rw-r--r--gnu/packages/patches/postgresql-disable-resolve_symlinks.patch25
-rw-r--r--gnu/packages/patches/texlive-bin-luatex-poppler-compat.patch318
-rw-r--r--gnu/packages/patches/texlive-bin-pdftex-poppler-compat.patch188
-rw-r--r--gnu/packages/patches/texlive-bin-xetex-poppler-compat.patch31
18 files changed, 1061 insertions, 1298 deletions
diff --git a/gnu/packages/patches/cairo-CVE-2016-9082.patch b/gnu/packages/patches/cairo-CVE-2016-9082.patch
deleted file mode 100644
index ad83404194..0000000000
--- a/gnu/packages/patches/cairo-CVE-2016-9082.patch
+++ /dev/null
@@ -1,122 +0,0 @@
-From: Adrian Johnson <ajohnson@redneon.com>
-Date: Thu, 20 Oct 2016 21:12:30 +1030
-Subject: [PATCH] image: prevent invalid ptr access for > 4GB images
-
-Image data is often accessed using:
-
-  image->data + y * image->stride
-
-On 64-bit achitectures if the image data is > 4GB, this computation
-will overflow since both y and stride are 32-bit types.
-
-bug report: https://bugs.freedesktop.org/show_bug.cgi?id=98165
-patch: https://bugs.freedesktop.org/attachment.cgi?id=127421
----
- boilerplate/cairo-boilerplate.c     | 4 +++-
- src/cairo-image-compositor.c        | 4 ++--
- src/cairo-image-surface-private.h   | 2 +-
- src/cairo-mesh-pattern-rasterizer.c | 2 +-
- src/cairo-png.c                     | 2 +-
- src/cairo-script-surface.c          | 3 ++-
- 6 files changed, 10 insertions(+), 7 deletions(-)
-
-diff --git a/boilerplate/cairo-boilerplate.c b/boilerplate/cairo-boilerplate.c
-index 7fdbf79..4804dea 100644
---- a/boilerplate/cairo-boilerplate.c
-+++ b/boilerplate/cairo-boilerplate.c
-@@ -42,6 +42,7 @@
- #undef CAIRO_VERSION_H
- #include "../cairo-version.h"
- 
-+#include <stddef.h>
- #include <stdlib.h>
- #include <ctype.h>
- #include <assert.h>
-@@ -976,7 +977,8 @@ cairo_surface_t *
- cairo_boilerplate_image_surface_create_from_ppm_stream (FILE *file)
- {
-     char format;
--    int width, height, stride;
-+    int width, height;
-+    ptrdiff_t stride;
-     int x, y;
-     unsigned char *data;
-     cairo_surface_t *image = NULL;
-diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c
-index 48072f8..3ca0006 100644
---- a/src/cairo-image-compositor.c
-+++ b/src/cairo-image-compositor.c
-@@ -1575,7 +1575,7 @@ typedef struct _cairo_image_span_renderer {
-     pixman_image_t *src, *mask;
-     union {
- 	struct fill {
--	    int stride;
-+	    ptrdiff_t stride;
- 	    uint8_t *data;
- 	    uint32_t pixel;
- 	} fill;
-@@ -1594,7 +1594,7 @@ typedef struct _cairo_image_span_renderer {
- 	struct finish {
- 	    cairo_rectangle_int_t extents;
- 	    int src_x, src_y;
--	    int stride;
-+	    ptrdiff_t stride;
- 	    uint8_t *data;
- 	} mask;
-     } u;
-diff --git a/src/cairo-image-surface-private.h b/src/cairo-image-surface-private.h
-index 8ca694c..7e78d61 100644
---- a/src/cairo-image-surface-private.h
-+++ b/src/cairo-image-surface-private.h
-@@ -71,7 +71,7 @@ struct _cairo_image_surface {
- 
-     int width;
-     int height;
--    int stride;
-+    ptrdiff_t stride;
-     int depth;
- 
-     unsigned owns_data : 1;
-diff --git a/src/cairo-mesh-pattern-rasterizer.c b/src/cairo-mesh-pattern-rasterizer.c
-index 1b63ca8..e7f0db6 100644
---- a/src/cairo-mesh-pattern-rasterizer.c
-+++ b/src/cairo-mesh-pattern-rasterizer.c
-@@ -470,7 +470,7 @@ draw_pixel (unsigned char *data, int width, int height, int stride,
- 	tg += tg >> 16;
- 	tb += tb >> 16;
- 
--	*((uint32_t*) (data + y*stride + 4*x)) = ((ta << 16) & 0xff000000) |
-+	*((uint32_t*) (data + y*(ptrdiff_t)stride + 4*x)) = ((ta << 16) & 0xff000000) |
- 	    ((tr >> 8) & 0xff0000) | ((tg >> 16) & 0xff00) | (tb >> 24);
-     }
- }
-diff --git a/src/cairo-png.c b/src/cairo-png.c
-index 562b743..aa8c227 100644
---- a/src/cairo-png.c
-+++ b/src/cairo-png.c
-@@ -673,7 +673,7 @@ read_png (struct png_read_closure_t *png_closure)
-     }
- 
-     for (i = 0; i < png_height; i++)
--        row_pointers[i] = &data[i * stride];
-+        row_pointers[i] = &data[i * (ptrdiff_t)stride];
- 
-     png_read_image (png, row_pointers);
-     png_read_end (png, info);
-diff --git a/src/cairo-script-surface.c b/src/cairo-script-surface.c
-index ea0117d..91e4baa 100644
---- a/src/cairo-script-surface.c
-+++ b/src/cairo-script-surface.c
-@@ -1202,7 +1202,8 @@ static cairo_status_t
- _write_image_surface (cairo_output_stream_t *output,
- 		      const cairo_image_surface_t *image)
- {
--    int stride, row, width;
-+    int row, width;
-+    ptrdiff_t stride;
-     uint8_t row_stack[CAIRO_STACK_BUFFER_SIZE];
-     uint8_t *rowdata;
-     uint8_t *data;
--- 
-2.1.4
-
diff --git a/gnu/packages/patches/cairo-setjmp-wrapper.patch b/gnu/packages/patches/cairo-setjmp-wrapper.patch
deleted file mode 100644
index bffac6e041..0000000000
--- a/gnu/packages/patches/cairo-setjmp-wrapper.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-Revert faulty commit to avoid undefined behaviour:
-https://bugs.freedesktop.org/show_bug.cgi?id=104325
-
-Taken from this upstream commit:
-https://cgit.freedesktop.org/cairo/commit/?h=1.14&id=2acc4382c54bd8239361ceed14423412a343d311
-
-diff --git a/src/cairo-bentley-ottmann-rectangular.c b/src/cairo-bentley-ottmann-rectangular.c
-index cb2e30c..5541bdc 100644
---- a/src/cairo-bentley-ottmann-rectangular.c
-+++ b/src/cairo-bentley-ottmann-rectangular.c
-@@ -593,12 +593,6 @@ sweep_line_insert (sweep_line_t	*sweep, rectangle_t *rectangle)
-     pqueue_push (sweep, rectangle);
- }
- 
--static int
--sweep_line_setjmp (sweep_line_t *sweep_line)
--{
--    return setjmp (sweep_line->unwind);
--}
--
- static cairo_status_t
- _cairo_bentley_ottmann_tessellate_rectangular (rectangle_t	**rectangles,
- 					       int			  num_rectangles,
-@@ -615,7 +609,7 @@ _cairo_bentley_ottmann_tessellate_rectangular (rectangle_t	**rectangles,
- 		     rectangles, num_rectangles,
- 		     fill_rule,
- 		     do_traps, container);
--    if ((status = sweep_line_setjmp (&sweep_line)))
-+    if ((status = setjmp (sweep_line.unwind)))
- 	return status;
- 
-     rectangle = rectangle_pop_start (&sweep_line);
-diff --git a/src/cairo-png.c b/src/cairo-png.c
-index e64b14a..068617d 100644
---- a/src/cairo-png.c
-+++ b/src/cairo-png.c
-@@ -158,14 +158,6 @@ png_simple_warning_callback (png_structp png,
-      */
- }
- 
--static int
--png_setjmp (png_struct *png)
--{
--#ifdef PNG_SETJMP_SUPPORTED
--    return setjmp (png_jmpbuf (png));
--#endif
--    return 0;
--}
- 
- /* Starting with libpng-1.2.30, we must explicitly specify an output_flush_fn.
-  * Otherwise, we will segfault if we are writing to a stream. */
-@@ -237,8 +229,10 @@ write_png (cairo_surface_t	*surface,
- 	goto BAIL4;
-     }
- 
--    if (png_setjmp (png))
-+#ifdef PNG_SETJMP_SUPPORTED
-+    if (setjmp (png_jmpbuf (png)))
- 	goto BAIL4;
-+#endif
- 
-     png_set_write_fn (png, closure, write_func, png_simple_output_flush_fn);
- 
-@@ -577,11 +571,12 @@ read_png (struct png_read_closure_t *png_closure)
-     png_set_read_fn (png, png_closure, stream_read_func);
- 
-     status = CAIRO_STATUS_SUCCESS;
--
--    if (png_setjmp (png)) {
-+#ifdef PNG_SETJMP_SUPPORTED
-+    if (setjmp (png_jmpbuf (png))) {
- 	surface = _cairo_surface_create_in_error (status);
- 	goto BAIL;
-     }
-+#endif
- 
-     png_read_info (png, info);
- 
diff --git a/gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch b/gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch
deleted file mode 100644
index fc72e42e03..0000000000
--- a/gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch
+++ /dev/null
@@ -1,130 +0,0 @@
-Fix CVE-2013-4122.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4122
-
-Patch copied from upstream source repository:
-https://github.com/cyrusimap/cyrus-sasl/commit/dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d
-
-From dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d Mon Sep 17 00:00:00 2001
-From: mancha <mancha1@hush.com>
-Date: Thu, 11 Jul 2013 10:08:07 +0100
-Subject: Handle NULL returns from glibc 2.17+ crypt()
-
-Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
-(w/ NULL return) if the salt violates specifications. Additionally,
-on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
-passed to crypt() fail with EPERM (w/ NULL return).
-
-When using glibc's crypt(), check return value to avoid a possible
-NULL pointer dereference.
-
-Patch by mancha1@hush.com.
----
- pwcheck/pwcheck_getpwnam.c | 3 ++-
- pwcheck/pwcheck_getspnam.c | 4 +++-
- saslauthd/auth_getpwent.c  | 4 +++-
- saslauthd/auth_shadow.c    | 8 +++-----
- 4 files changed, 11 insertions(+), 8 deletions(-)
-
-diff --git a/pwcheck/pwcheck_getpwnam.c b/pwcheck/pwcheck_getpwnam.c
-index 4b34222..400289c 100644
---- a/pwcheck/pwcheck_getpwnam.c
-+++ b/pwcheck/pwcheck_getpwnam.c
-@@ -32,6 +32,7 @@ char *userid;
- char *password;
- {
-     char* r;
-+    char* crpt_passwd;
-     struct passwd *pwd;
- 
-     pwd = getpwnam(userid);
-@@ -41,7 +42,7 @@ char *password;
-     else if (pwd->pw_passwd[0] == '*') {
- 	r = "Account disabled";
-     }
--    else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
-+    else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
- 	r = "Incorrect password";
-     }
-     else {
-diff --git a/pwcheck/pwcheck_getspnam.c b/pwcheck/pwcheck_getspnam.c
-index 2b11286..6d607bb 100644
---- a/pwcheck/pwcheck_getspnam.c
-+++ b/pwcheck/pwcheck_getspnam.c
-@@ -32,13 +32,15 @@ char *userid;
- char *password;
- {
-     struct spwd *pwd;
-+    char *crpt_passwd;
- 
-     pwd = getspnam(userid);
-     if (!pwd) {
- 	return "Userid not found";
-     }
-     
--    if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
-+    crpt_passwd = crypt(password, pwd->sp_pwdp);
-+    if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
- 	return "Incorrect password";
-     }
-     else {
-diff --git a/saslauthd/auth_getpwent.c b/saslauthd/auth_getpwent.c
-index fc8029d..d4ebe54 100644
---- a/saslauthd/auth_getpwent.c
-+++ b/saslauthd/auth_getpwent.c
-@@ -77,6 +77,7 @@ auth_getpwent (
- {
-     /* VARIABLES */
-     struct passwd *pw;			/* pointer to passwd file entry */
-+    char *crpt_passwd;			/* encrypted password */
-     int errnum;
-     /* END VARIABLES */
-   
-@@ -105,7 +106,8 @@ auth_getpwent (
- 	}
-     }
- 
--    if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
-+    crpt_passwd = crypt(password, pw->pw_passwd);
-+    if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
- 	if (flags & VERBOSE) {
- 	    syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login);
- 	}
-diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c
-index 677131b..1988afd 100644
---- a/saslauthd/auth_shadow.c
-+++ b/saslauthd/auth_shadow.c
-@@ -210,8 +210,8 @@ auth_shadow (
- 	RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)");
-     }
- 
--    cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
--    if (strcmp(sp->sp_pwdp, cpw)) {
-+    cpw = crypt(password, sp->sp_pwdp);
-+    if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) {
- 	if (flags & VERBOSE) {
- 	    /*
- 	     * This _should_ reveal the SHADOW_PW_LOCKED prefix to an
-@@ -221,10 +221,8 @@ auth_shadow (
- 	    syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
- 		   sp->sp_pwdp, cpw);
- 	}
--	free(cpw);
- 	RETURN("NO Incorrect password");
-     }
--    free(cpw);
- 
-     /*
-      * The following fields will be set to -1 if:
-@@ -286,7 +284,7 @@ auth_shadow (
- 	RETURN("NO Invalid username");
-     }
-   
--    if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
-+    if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
- 	if (flags & VERBOSE) {
- 	    syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
- 		   password, upw->upw_passwd);
--- 
-cgit v0.12
-
diff --git a/gnu/packages/patches/ghostscript-CVE-2018-16509.patch b/gnu/packages/patches/ghostscript-CVE-2018-16509.patch
deleted file mode 100644
index 50ffa3cb98..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2018-16509.patch
+++ /dev/null
@@ -1,193 +0,0 @@
-Ghostscript 9.24 was released with an incomplete fix for CVE-2018-16509:
-https://nvd.nist.gov/vuln/detail/CVE-2018-16509
-https://bugs.chromium.org/p/project-zero/issues/detail?id=1640#c19
-https://bugs.ghostscript.com/show_bug.cgi?id=699718
-
-The reproducers no longer work after applying these commits:
-
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e914f1da46e33decc534486598dc3eadf69e6efb
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=643b24dbd002fb9c131313253c307cf3951b3d47
-
-This patch is a "squashed" version of those.
-
-diff --git a/Resource/Init/gs_setpd.ps b/Resource/Init/gs_setpd.ps
-index bba3c8c0e..8fa7c51df 100644
---- a/Resource/Init/gs_setpd.ps
-+++ b/Resource/Init/gs_setpd.ps
-@@ -95,27 +95,41 @@ level2dict begin
-  {	% Since setpagedevice doesn't create new device objects,
-         % we must (carefully) reinstall the old parameters in
-         % the same device.
--   .currentpagedevice pop //null currentdevice //null .trysetparams
-+   .currentpagedevice pop //null currentdevice //null
-+   { .trysetparams } .internalstopped
-+   {
-+     //null
-+   } if
-    dup type /booleantype eq
-     { pop pop }
--    {		% This should never happen!
-+    {
-       SETPDDEBUG { (Error in .trysetparams!) = pstack flush } if
--      cleartomark pop pop pop
-+      {cleartomark pop pop pop} .internalstopped pop
-+      % if resetting the entire device state failed, at least put back the
-+      % security related key
-+      currentdevice //null //false mark /.LockSafetyParams
-+      currentpagedevice /.LockSafetyParams .knownget not
-+      {systemdict /SAFER .knownget not {//false} } if
-+      .putdeviceparamsonly
-       /.installpagedevice cvx /rangecheck signalerror
-     }
-    ifelse pop pop
-         % A careful reading of the Red Book reveals that an erasepage
-         % should occur, but *not* an initgraphics.
-    erasepage .beginpage
-- } bind def
-+ } bind executeonly def
- 
- /.uninstallpagedevice
-- { 2 .endpage { .currentnumcopies //false .outputpage } if
-+ {
-+   {2 .endpage { .currentnumcopies //false .outputpage } if} .internalstopped pop
-    nulldevice
-  } bind def
- 
- (%grestorepagedevice) cvn
-- { .uninstallpagedevice grestore .installpagedevice
-+ {
-+ .uninstallpagedevice
-+ grestore
-+ .installpagedevice
-  } bind def
- 
- (%grestoreallpagedevice) cvn
-diff --git a/psi/zdevice2.c b/psi/zdevice2.c
-index 0c7080d57..159a0c0d9 100644
---- a/psi/zdevice2.c
-+++ b/psi/zdevice2.c
-@@ -251,8 +251,8 @@ z2currentgstate(i_ctx_t *i_ctx_p)
- /* ------ Wrappers for operators that reset the graphics state. ------ */
- 
- /* Check whether we need to call out to restore the page device. */
--static bool
--restore_page_device(const gs_gstate * pgs_old, const gs_gstate * pgs_new)
-+static int
-+restore_page_device(i_ctx_t *i_ctx_p, const gs_gstate * pgs_old, const gs_gstate * pgs_new)
- {
-     gx_device *dev_old = gs_currentdevice(pgs_old);
-     gx_device *dev_new;
-@@ -260,9 +260,10 @@ restore_page_device(const gs_gstate * pgs_old, const gs_gstate * pgs_new)
-     gx_device *dev_t2;
-     bool samepagedevice = obj_eq(dev_old->memory, &gs_int_gstate(pgs_old)->pagedevice,
-         &gs_int_gstate(pgs_new)->pagedevice);
-+    bool LockSafetyParams = dev_old->LockSafetyParams;
- 
-     if ((dev_t1 = (*dev_proc(dev_old, get_page_device)) (dev_old)) == 0)
--        return false;
-+        return 0;
-     /* If we are going to putdeviceparams in a callout, we need to */
-     /* unlock temporarily.  The device will be re-locked as needed */
-     /* by putdeviceparams from the pgs_old->pagedevice dict state. */
-@@ -271,23 +272,51 @@ restore_page_device(const gs_gstate * pgs_old, const gs_gstate * pgs_new)
-     dev_new = gs_currentdevice(pgs_new);
-     if (dev_old != dev_new) {
-         if ((dev_t2 = (*dev_proc(dev_new, get_page_device)) (dev_new)) == 0)
--            return false;
--        if (dev_t1 != dev_t2)
--            return true;
-+            samepagedevice = true;
-+        else if (dev_t1 != dev_t2)
-+            samepagedevice = false;
-+    }
-+
-+    if (LockSafetyParams && !samepagedevice) {
-+        const int required_ops = 512;
-+        const int required_es = 32;
-+
-+        /* The %grestorepagedevice must complete: the biggest danger
-+           is operand stack overflow. As we use get/putdeviceparams
-+           that means pushing all the device params onto the stack,
-+           pdfwrite having by far the largest number of parameters
-+           at (currently) 212 key/value pairs - thus needing (currently)
-+           424 entries on the op stack. Allowing for working stack
-+           space, and safety margin.....
-+         */
-+        if (required_ops + ref_stack_count(&o_stack) >= ref_stack_max_count(&o_stack)) {
-+           gs_currentdevice(pgs_old)->LockSafetyParams = LockSafetyParams;
-+           return_error(gs_error_stackoverflow);
-+        }
-+        /* We also want enough exec stack space - 32 is an overestimate of
-+           what we need to complete the Postscript call out.
-+         */
-+        if (required_es + ref_stack_count(&e_stack) >= ref_stack_max_count(&e_stack)) {
-+           gs_currentdevice(pgs_old)->LockSafetyParams = LockSafetyParams;
-+           return_error(gs_error_execstackoverflow);
-+        }
-     }
-     /*
-      * The current implementation of setpagedevice just sets new
-      * parameters in the same device object, so we have to check
-      * whether the page device dictionaries are the same.
-      */
--    return !samepagedevice;
-+    return samepagedevice ? 0 : 1;
- }
- 
- /* - grestore - */
- static int
- z2grestore(i_ctx_t *i_ctx_p)
- {
--    if (!restore_page_device(igs, gs_gstate_saved(igs)))
-+    int code = restore_page_device(i_ctx_p, igs, gs_gstate_saved(igs));
-+    if (code < 0) return code;
-+
-+    if (code == 0)
-         return gs_grestore(igs);
-     return push_callout(i_ctx_p, "%grestorepagedevice");
- }
-@@ -297,7 +326,9 @@ static int
- z2grestoreall(i_ctx_t *i_ctx_p)
- {
-     for (;;) {
--        if (!restore_page_device(igs, gs_gstate_saved(igs))) {
-+        int code = restore_page_device(i_ctx_p, igs, gs_gstate_saved(igs));
-+        if (code < 0) return code;
-+        if (code == 0) {
-             bool done = !gs_gstate_saved(gs_gstate_saved(igs));
- 
-             gs_grestore(igs);
-@@ -328,11 +359,15 @@ z2restore(i_ctx_t *i_ctx_p)
-     if (code < 0) return code;
- 
-     while (gs_gstate_saved(gs_gstate_saved(igs))) {
--        if (restore_page_device(igs, gs_gstate_saved(igs)))
-+        code = restore_page_device(i_ctx_p, igs, gs_gstate_saved(igs));
-+        if (code < 0) return code;
-+        if (code > 0)
-             return push_callout(i_ctx_p, "%restore1pagedevice");
-         gs_grestore(igs);
-     }
--    if (restore_page_device(igs, gs_gstate_saved(igs)))
-+    code = restore_page_device(i_ctx_p, igs, gs_gstate_saved(igs));
-+    if (code < 0) return code;
-+    if (code > 0)
-         return push_callout(i_ctx_p, "%restorepagedevice");
- 
-     code = dorestore(i_ctx_p, asave);
-@@ -355,9 +390,12 @@ static int
- z2setgstate(i_ctx_t *i_ctx_p)
- {
-     os_ptr op = osp;
-+    int code;
- 
-     check_stype(*op, st_igstate_obj);
--    if (!restore_page_device(igs, igstate_ptr(op)))
-+    code = restore_page_device(i_ctx_p, igs, igstate_ptr(op));
-+    if (code < 0) return code;
-+    if (code == 0)
-         return zsetgstate(i_ctx_p);
-     return push_callout(i_ctx_p, "%setgstatepagedevice");
- }
diff --git a/gnu/packages/patches/ghostscript-bug-699708.patch b/gnu/packages/patches/ghostscript-bug-699708.patch
deleted file mode 100644
index 1567be1c6f..0000000000
--- a/gnu/packages/patches/ghostscript-bug-699708.patch
+++ /dev/null
@@ -1,160 +0,0 @@
-Additional security fix that missed 9.24.
-
-Taken from upstream:
-http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624
-
-From fb713b3818b52d8a6cf62c951eba2e1795ff9624 Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Thu, 6 Sep 2018 09:16:22 +0100
-Subject: [PATCH] Bug 699708 (part 1): 'Hide' non-replaceable error handlers
- for SAFER
-
-We already had a 'private' dictionary for non-standard errors: gserrordict.
-
-This now includes all the default error handlers, the dictionary is made
-noaccess and all the prodedures are bound and executeonly.
-
-When running with -dSAFER, in the event of a Postscript error, instead of
-pulling the handler from errordict, we'll pull it from gserrordict - thus
-malicious input cannot trigger problems by the use of custom error handlers.
-
-errordict remains open and writeable, so files such as the Quality Logic tests
-that install their own handlers will still 'work', with the exception that the
-custom error handlers will not be called.
-
-This is a 'first pass', 'sledgehammer' approach: a nice addition would to allow
-an integrator to specify a list of errors that are not to be replaced (for
-example, embedded applications would probably want to ensure that VMerror is
-always handled as they intend).
----
- Resource/Init/gs_init.ps | 29 ++++++++++++++++++-----------
- psi/interp.c             | 30 +++++++++++++++++++++---------
- 2 files changed, 39 insertions(+), 20 deletions(-)
-
-diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
-index 071c39205..bc8b7951c 100644
---- a/Resource/Init/gs_init.ps
-+++ b/Resource/Init/gs_init.ps
-@@ -881,7 +881,7 @@ userdict /.currentresourcefile //null put
-        { not exch pop exit } { pop } ifelse
-     }
-    for exch pop .quit
-- } bind def
-+ } bind executeonly def
- /.errorhandler		% <command> <errorname> .errorhandler -
-   {		% Detect an internal 'stopped'.
-     1 .instopped { //null eq { pop pop stop } if } if
-@@ -926,7 +926,7 @@ userdict /.currentresourcefile //null put
-     $error /globalmode get $error /.nosetlocal get and .setglobal
-     $error /.inerror //false put
-     stop
--  } bind def
-+  } bind executeonly def
- % Define the standard handleerror.  We break out the printing procedure
- % (.printerror) so that it can be extended for binary output
- % if the Level 2 facilities are present.
-@@ -976,7 +976,7 @@ userdict /.currentresourcefile //null put
-      ifelse	% newerror
-      end
-      flush
--    } bind def
-+    } bind executeonly def
-   /.printerror_long			% long error printout,
-                                         % $error is on the dict stack
-    {	% Push the (anonymous) stack printing procedure.
-@@ -1053,14 +1053,14 @@ userdict /.currentresourcefile //null put
-         { (Current file position is ) print position = }
-        if
- 
--   } bind def
-+   } bind executeonly def
- % Define a procedure for clearing the error indication.
- /.clearerror
-  { $error /newerror //false put
-    $error /errorname //null put
-    $error /errorinfo //null put
-    0 .setoserrno
-- } bind def
-+ } bind executeonly def
- 
- % Define $error.  This must be in local VM.
- .currentglobal //false .setglobal
-@@ -1086,11 +1086,15 @@ end
- /errordict ErrorNames length 3 add dict
- .forcedef		% errordict is local, systemdict is global
- .setglobal		% back to global VM
--% For greater Adobe compatibility, we put all non-standard errors in a
--%   separate dictionary, gserrordict.  It does not need to be in local VM,
--%   because PostScript programs do not access it.
-+%  gserrordict contains all the default error handling methods, but unlike
-+%  errordict it is noaccess after creation (also it is in global VM).
-+%  When running 'SAFER', we'll ignore the contents of errordict, which
-+%  may have been tampered with by the running job, and always use gserrordict
-+%  gserrordict also contains any non-standard errors, for better compatibility
-+%  with Adobe.
-+%
- %   NOTE: the name gserrordict is known to the interpreter.
--/gserrordict 5 dict def
-+/gserrordict ErrorNames length 3 add dict def
- % Register an error in errordict.  We make this a procedure because we only
- % register the Level 1 errors here: the rest are registered by "feature"
- % files.  However, ErrorNames contains all of the error names regardless of
-@@ -1119,8 +1123,11 @@ errordict begin
-  } bind def
- end		% errordict
- 
--% Put non-standard errors in gserrordict.
--gserrordict /unknownerror errordict /unknownerror get put
-+% Put all the default handlers in gserrordict
-+gserrordict
-+errordict {2 index 3 1 roll put} forall
-+noaccess pop
-+% remove the non-standard errors from errordict
- errordict /unknownerror .undef
- % Define a stable private copy of handleerror that we will always use under
- % JOBSERVER mode.
-diff --git a/psi/interp.c b/psi/interp.c
-index c27b70dca..d41a9d3f5 100644
---- a/psi/interp.c
-+++ b/psi/interp.c
-@@ -661,16 +661,28 @@ again:
-         return code;
-     if (gs_errorname(i_ctx_p, code, &error_name) < 0)
-         return code;            /* out-of-range error code! */
--    /*
--     * For greater Adobe compatibility, only the standard PostScript errors
--     * are defined in errordict; the rest are in gserrordict.
-+
-+    /*  If LockFilePermissions is true, we only refer to gserrordict, which
-+     *  is not accessible to Postcript jobs
-      */
--    if (dict_find_string(systemdict, "errordict", &perrordict) <= 0 ||
--        (dict_find(perrordict, &error_name, &epref) <= 0 &&
--         (dict_find_string(systemdict, "gserrordict", &perrordict) <= 0 ||
--          dict_find(perrordict, &error_name, &epref) <= 0))
--        )
--        return code;            /* error name not in errordict??? */
-+    if (i_ctx_p->LockFilePermissions) {
-+        if (((dict_find_string(systemdict, "gserrordict", &perrordict) <= 0 ||
-+              dict_find(perrordict, &error_name, &epref) <= 0))
-+            )
-+            return code;            /* error name not in errordict??? */
-+    }
-+    else {
-+        /*
-+         * For greater Adobe compatibility, only the standard PostScript errors
-+         * are defined in errordict; the rest are in gserrordict.
-+         */
-+        if (dict_find_string(systemdict, "errordict", &perrordict) <= 0 ||
-+            (dict_find(perrordict, &error_name, &epref) <= 0 &&
-+             (dict_find_string(systemdict, "gserrordict", &perrordict) <= 0 ||
-+              dict_find(perrordict, &error_name, &epref) <= 0))
-+            )
-+            return code;            /* error name not in errordict??? */
-+    }
-     doref = *epref;
-     epref = &doref;
-     /* Push the error object on the operand stack if appropriate. */
--- 
-2.18.0
-
diff --git a/gnu/packages/patches/glib-networking-ssl-cert-file.patch b/gnu/packages/patches/glib-networking-ssl-cert-file.patch
deleted file mode 100644
index 32bdd0790f..0000000000
--- a/gnu/packages/patches/glib-networking-ssl-cert-file.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From b010e41346d418220582c20ab8d7f3971e4fb78a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= <iyzsong@gmail.com>
-Date: Fri, 14 Aug 2015 17:28:36 +0800
-Subject: [PATCH] gnutls: Allow overriding the anchor file location by
- 'SSL_CERT_FILE'
-
----
- tls/gnutls/gtlsbackend-gnutls.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/tls/gnutls/gtlsbackend-gnutls.c b/tls/gnutls/gtlsbackend-gnutls.c
-index 55ec1a5..217d3c8 100644
---- a/tls/gnutls/gtlsbackend-gnutls.c
-+++ b/tls/gnutls/gtlsbackend-gnutls.c
-@@ -101,8 +101,10 @@ g_tls_backend_gnutls_real_create_database (GTlsBackendGnutls  *self,
-                                            GError            **error)
- {
-   const gchar *anchor_file = NULL;
-+  anchor_file = g_getenv ("SSL_CERT_FILE");
- #ifdef GTLS_SYSTEM_CA_FILE
--  anchor_file = GTLS_SYSTEM_CA_FILE;
-+  if (!anchor_file)
-+    anchor_file = GTLS_SYSTEM_CA_FILE;
- #endif
-   return g_tls_file_database_new (anchor_file, error);
- }
--- 
-2.4.3
-
diff --git a/gnu/packages/patches/gnutls-skip-pkgconfig-test.patch b/gnu/packages/patches/gnutls-skip-pkgconfig-test.patch
deleted file mode 100644
index 1fad7c14e3..0000000000
--- a/gnu/packages/patches/gnutls-skip-pkgconfig-test.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-FIXME: The static test fails with an error such as:
-
-/tmp/guix-build-gnutls-3.5.13.drv-0/ccOnGPmc.o: In function `main':
-c.29617.tmp.c:(.text+0x5): undefined reference to `gnutls_global_init'
-collect2: error: ld returned 1 exit status
-FAIL pkgconfig.sh (exit status: 1)
-
-diff --git a/tests/pkgconfig.sh b/tests/pkgconfig.sh
-index 6bd4e62f9..05aab8278 100755
---- a/tests/pkgconfig.sh
-+++ b/tests/pkgconfig.sh
-@@ -57,11 +57,7 @@ echo "Trying dynamic linking with:"
- echo "  * flags: $(${PKGCONFIG} --libs gnutls)"
- echo "  * common: ${COMMON}"
- echo "  * lib: ${CFLAGS}"
--cc ${TMPFILE} -o ${TMPFILE_O} $(${PKGCONFIG} --libs gnutls) $(${PKGCONFIG} --cflags gnutls) ${COMMON}
--
--echo ""
--echo "Trying static linking with $(${PKGCONFIG} --libs --static gnutls)"
--cc ${TMPFILE} -o ${TMPFILE_O} $(${PKGCONFIG} --static --libs gnutls) $(${PKGCONFIG} --cflags gnutls) ${COMMON}
-+gcc ${TMPFILE} -o ${TMPFILE_O} $(${PKGCONFIG} --libs gnutls) $(${PKGCONFIG} --cflags gnutls) ${COMMON}
- 
- rm -f ${TMPFILE} ${TMPFILE_O}
- 
diff --git a/gnu/packages/patches/inkscape-poppler-compat3.patch b/gnu/packages/patches/inkscape-poppler-compat3.patch
new file mode 100644
index 0000000000..eaaf7d93f1
--- /dev/null
+++ b/gnu/packages/patches/inkscape-poppler-compat3.patch
@@ -0,0 +1,499 @@
+Fix compatibility with Poppler >= 0.69.
+
+This is a combination of these upstream commits:
+https://gitlab.com/inkscape/inkscape/commit/722e121361d0f784083d10e897155b7d4e44e515
+https://gitlab.com/inkscape/inkscape/commit/402c0274420fe39fd2f3393bc7d8d8879d436358
+
+...with slight adjustments for the 0.92.3 release tarball.
+
+diff --git a/CMakeScripts/DefineDependsandFlags.cmake b/CMakeScripts/DefineDependsandFlags.cmake
+--- a/CMakeScripts/DefineDependsandFlags.cmake
++++ b/CMakeScripts/DefineDependsandFlags.cmake
+@@ -116,18 +116,6 @@ if(ENABLE_POPPLER)
+ 		set(HAVE_POPPLER_GLIB ON)
+ 	    endif()
+ 	endif()
+-	if(POPPLER_VERSION VERSION_GREATER "0.26.0" OR
+-		POPPLER_VERSION VERSION_EQUAL   "0.26.0")
+-	    set(POPPLER_EVEN_NEWER_COLOR_SPACE_API ON)
+-	endif()
+-	if(POPPLER_VERSION VERSION_GREATER "0.29.0" OR
+-		POPPLER_VERSION VERSION_EQUAL   "0.29.0")
+-	    set(POPPLER_EVEN_NEWER_NEW_COLOR_SPACE_API ON)
+-	endif()
+-	if(POPPLER_VERSION VERSION_GREATER "0.58.0" OR
+-		POPPLER_VERSION VERSION_EQUAL   "0.58.0")
+-            set(POPPLER_NEW_OBJECT_API ON)
+-	endif()
+     else()
+ 	set(ENABLE_POPPLER_CAIRO OFF)
+     endif()
+diff --git a/src/extension/internal/pdfinput/pdf-input.cpp b/src/extension/internal/pdfinput/pdf-input.cpp
+--- a/src/extension/internal/pdfinput/pdf-input.cpp
++++ b/src/extension/internal/pdfinput/pdf-input.cpp
+@@ -793,7 +793,7 @@ PdfInput::open(::Inkscape::Extension::Input * /*mod*/, const gchar * uri) {
+             dlg->getImportSettings(prefs);
+ 
+         // Apply crop settings
+-        PDFRectangle *clipToBox = NULL;
++        _POPPLER_CONST PDFRectangle *clipToBox = NULL;
+         double crop_setting;
+         sp_repr_get_double(prefs, "cropTo", &crop_setting);
+ 
+diff --git a/src/extension/internal/pdfinput/pdf-input.h b/src/extension/internal/pdfinput/pdf-input.h
+--- a/src/extension/internal/pdfinput/pdf-input.h
++++ b/src/extension/internal/pdfinput/pdf-input.h
+@@ -15,6 +15,7 @@
+ #endif
+ 
+ #ifdef HAVE_POPPLER
++#include "poppler-transition-api.h"
+ 
+ #include <gtkmm/dialog.h>
+ 
+diff --git a/src/extension/internal/pdfinput/pdf-parser.cpp b/src/extension/internal/pdfinput/pdf-parser.cpp
+--- a/src/extension/internal/pdfinput/pdf-parser.cpp
++++ b/src/extension/internal/pdfinput/pdf-parser.cpp
+@@ -36,6 +36,7 @@ extern "C" {
+ #include "pdf-parser.h"
+ #include "util/units.h"
+ 
++#include "glib/poppler-features.h"
+ #include "goo/gmem.h"
+ #include "goo/GooString.h"
+ #include "GlobalParams.h"
+@@ -294,8 +295,8 @@ PdfParser::PdfParser(XRef *xrefA,
+                      int /*pageNum*/,
+ 		     int rotate,
+ 		     Dict *resDict,
+-                     PDFRectangle *box,
+-		     PDFRectangle *cropBox) :
++                     _POPPLER_CONST PDFRectangle *box,
++                     _POPPLER_CONST PDFRectangle *cropBox) :
+     xref(xrefA),
+     builder(builderA),
+     subPage(gFalse),
+@@ -317,7 +318,7 @@ PdfParser::PdfParser(XRef *xrefA,
+   builder->setDocumentSize(Inkscape::Util::Quantity::convert(state->getPageWidth(), "pt", "px"),
+                            Inkscape::Util::Quantity::convert(state->getPageHeight(), "pt", "px"));
+ 
+-  double *ctm = state->getCTM();
++  const double *ctm = state->getCTM();
+   double scaledCTM[6];
+   for (int i = 0; i < 6; ++i) {
+     baseMatrix[i] = ctm[i];
+@@ -352,7 +353,7 @@ PdfParser::PdfParser(XRef *xrefA,
+ PdfParser::PdfParser(XRef *xrefA,
+ 		     Inkscape::Extension::Internal::SvgBuilder *builderA,
+                      Dict *resDict,
+-		     PDFRectangle *box) :
++		     _POPPLER_CONST PDFRectangle *box) :
+     xref(xrefA),
+     builder(builderA),
+     subPage(gTrue),
+@@ -571,7 +572,7 @@ const char *PdfParser::getPreviousOperator(unsigned int look_back) {
+ 
+ void PdfParser::execOp(Object *cmd, Object args[], int numArgs) {
+   PdfOperator *op;
+-  char *name;
++  const char *name;
+   Object *argPtr;
+   int i;
+ 
+@@ -619,7 +620,7 @@ void PdfParser::execOp(Object *cmd, Object args[], int numArgs) {
+   (this->*op->func)(argPtr, numArgs);
+ }
+ 
+-PdfOperator* PdfParser::findOp(char *name) {
++PdfOperator* PdfParser::findOp(const char *name) {
+   int a = -1;
+   int b = numOps;
+   int cmp = -1;
+@@ -1751,7 +1752,7 @@ void PdfParser::doShadingPatternFillFallback(GfxShadingPattern *sPat,
+                                              GBool stroke, GBool eoFill) {
+   GfxShading *shading;
+   GfxPath *savedPath;
+-  double *ctm, *btm, *ptm;
++  const double *ctm, *btm, *ptm;
+   double m[6], ictm[6], m1[6];
+   double xMin, yMin, xMax, yMax;
+   double det;
+@@ -1993,7 +1994,7 @@ void PdfParser::doFunctionShFill1(GfxFunctionShading *shading,
+   GfxColor color0M, color1M, colorM0, colorM1, colorMM;
+   GfxColor colors2[4];
+   double functionColorDelta = colorDeltas[pdfFunctionShading-1];
+-  double *matrix;
++  const double *matrix;
+   double xM, yM;
+   int nComps, i, j;
+ 
+@@ -2173,7 +2174,7 @@ void PdfParser::doPatchMeshShFill(GfxPatchMeshShading *shading) {
+   }
+ }
+ 
+-void PdfParser::fillPatch(GfxPatch *patch, int nComps, int depth) {
++void PdfParser::fillPatch(_POPPLER_CONST GfxPatch *patch, int nComps, int depth) {
+   GfxPatch patch00 = blankPatch();
+   GfxPatch patch01 = blankPatch();
+   GfxPatch patch10 = blankPatch();
+@@ -2581,7 +2582,11 @@ void PdfParser::opShowSpaceText(Object args[], int /*numArgs*/)
+   }
+ }
+ 
++#if POPPLER_CHECK_VERSION(0,64,0)
+ void PdfParser::doShowText(const GooString *s) {
++#else
++void PdfParser::doShowText(GooString *s) {
++#endif
+   GfxFont *font;
+   int wMode;
+   double riseX, riseY;
+@@ -2590,11 +2595,15 @@ void PdfParser::doShowText(const GooString *s) {
+   double x, y, dx, dy, tdx, tdy;
+   double originX, originY, tOriginX, tOriginY;
+   double oldCTM[6], newCTM[6];
+-  double *mat;
++  const double *mat;
+   Object charProc;
+   Dict *resDict;
+   Parser *oldParser;
++#if POPPLER_CHECK_VERSION(0,64,0)
++  const char *p;
++#else
+   char *p;
++#endif
+   int len, n, uLen;
+ 
+   font = state->getFont();
+@@ -2630,7 +2639,7 @@ void PdfParser::doShowText(const GooString *s) {
+     double lineX = state->getLineX();
+     double lineY = state->getLineY();
+     oldParser = parser;
+-    p = g_strdup(s->getCString());
++    p = s->getCString();
+     len = s->getLength();
+     while (len > 0) {
+       n = font->getNextChar(p, len, &code,
+@@ -2685,7 +2694,7 @@ void PdfParser::doShowText(const GooString *s) {
+ 
+   } else {
+     state->textTransformDelta(0, state->getRise(), &riseX, &riseY);
+-    p = g_strdup(s->getCString());
++    p = s->getCString();
+     len = s->getLength();
+     while (len > 0) {
+       n = font->getNextChar(p, len, &code,
+@@ -2731,7 +2740,11 @@ void PdfParser::opXObject(Object args[], int /*numArgs*/)
+ {
+   Object obj1, obj2, obj3, refObj;
+ 
+-  char *name = g_strdup(args[0].getName());
++#if POPPLER_CHECK_VERSION(0,64,0)
++  const char *name = args[0].getName();
++#else
++  char *name = args[0].getName();
++#endif
+ #if defined(POPPLER_NEW_OBJECT_API)
+   if ((obj1 = res->lookupXObject(name)).isNull()) {
+ #else
+@@ -3656,7 +3669,6 @@ void PdfParser::opBeginImage(Object /*args*/[], int /*numArgs*/)
+ Stream *PdfParser::buildImageStream() {
+   Object dict;
+   Object obj;
+-  char *key;
+   Stream *str;
+ 
+   // build dictionary
+@@ -3674,26 +3686,17 @@ Stream *PdfParser::buildImageStream() {
+       obj.free();
+ #endif
+     } else {
+-      key = copyString(obj.getName());
+-#if defined(POPPLER_NEW_OBJECT_API)
+-      obj = parser->getObj();
+-#else
+-      obj.free();
+-      parser->getObj(&obj);
+-#endif
+-      if (obj.isEOF() || obj.isError()) {
+-	gfree(key);
++      Object obj2;
++      _POPPLER_CALL(obj2, parser->getObj);
++      if (obj2.isEOF() || obj2.isError()) {
++        _POPPLER_FREE(obj);
+ 	break;
+       }
+-#if defined(POPPLER_NEW_OBJECT_API)
+-      dict.dictAdd(key, std::move(obj));
+-    }
+-    obj = parser->getObj();
+-#else
+-      dict.dictAdd(key, &obj);
++      _POPPLER_DICTADD(dict, obj.getName(), obj2);
++      _POPPLER_FREE(obj);
++      _POPPLER_FREE(obj2);
+     }
+-    parser->getObj(&obj);
+-#endif
++    _POPPLER_CALL(obj, parser->getObj);
+   }
+   if (obj.isEOF()) {
+     error(errSyntaxError, getPos(), "End of file in inline image");
+diff --git a/src/extension/internal/pdfinput/pdf-parser.h b/src/extension/internal/pdfinput/pdf-parser.h
+--- a/src/extension/internal/pdfinput/pdf-parser.h
++++ b/src/extension/internal/pdfinput/pdf-parser.h
+@@ -9,6 +9,7 @@
+ #define PDF_PARSER_H
+ 
+ #ifdef HAVE_POPPLER
++#include "poppler-transition-api.h"
+ 
+ #ifdef USE_GCC_PRAGMAS
+ #pragma interface
+@@ -25,6 +26,7 @@ namespace Inkscape {
+ // TODO clean up and remove using:
+ using Inkscape::Extension::Internal::SvgBuilder;
+ 
++#include "glib/poppler-features.h"
+ #include "goo/gtypes.h"
+ #include "Object.h"
+ 
+@@ -127,11 +129,14 @@ public:
+ 
+   // Constructor for regular output.
+   PdfParser(XRef *xrefA, SvgBuilder *builderA, int pageNum, int rotate,
+-            Dict *resDict, PDFRectangle *box, PDFRectangle *cropBox);
++            Dict *resDict,
++            _POPPLER_CONST PDFRectangle *box,
++            _POPPLER_CONST PDFRectangle *cropBox);
+ 
+   // Constructor for a sub-page object.
+   PdfParser(XRef *xrefA, Inkscape::Extension::Internal::SvgBuilder *builderA,
+-            Dict *resDict, PDFRectangle *box);
++            Dict *resDict,
++            _POPPLER_CONST PDFRectangle *box);
+ 
+   virtual ~PdfParser();
+ 
+@@ -185,7 +190,7 @@ private:
+ 
+   void go(GBool topLevel);
+   void execOp(Object *cmd, Object args[], int numArgs);
+-  PdfOperator *findOp(char *name);
++  PdfOperator *findOp(const char *name);
+   GBool checkArg(Object *arg, TchkType type);
+   int getPos();
+ 
+@@ -256,7 +261,7 @@ private:
+ 			   double x2, double y2, GfxColor *color2,
+ 			   int nComps, int depth);
+   void doPatchMeshShFill(GfxPatchMeshShading *shading);
+-  void fillPatch(GfxPatch *patch, int nComps, int depth);
++  void fillPatch(_POPPLER_CONST GfxPatch *patch, int nComps, int depth);
+   void doEndPath();
+ 
+   // path clipping operators
+@@ -287,7 +292,12 @@ private:
+   void opMoveShowText(Object args[], int numArgs);
+   void opMoveSetShowText(Object args[], int numArgs);
+   void opShowSpaceText(Object args[], int numArgs);
++#if POPPLER_CHECK_VERSION(0,64,0)
+   void doShowText(const GooString *s);
++#else
++  void doShowText(GooString *s);
++#endif
++  
+ 
+   // XObject operators
+   void opXObject(Object args[], int numArgs);
+diff --git a/src/extension/internal/pdfinput/poppler-transition-api.h b/src/extension/internal/pdfinput/poppler-transition-api.h
+new file mode 100644
+--- /dev/null
++++ b/src/extension/internal/pdfinput/poppler-transition-api.h
+@@ -0,0 +1,39 @@
++#ifndef SEEN_POPPLER_TRANSITION_API_H
++#define SEEN_POPPLER_TRANSITION_API_H
++
++#include <glib/poppler-features.h>
++
++#if POPPLER_CHECK_VERSION(0,70,0)
++#define _POPPLER_CONST const
++#else
++#define _POPPLER_CONST
++#endif
++
++#if POPPLER_CHECK_VERSION(0,69,0)
++#define _POPPLER_DICTADD(dict, key, obj) (dict).dictAdd(key, std::move(obj))
++#elif POPPLER_CHECK_VERSION(0,58,0)
++#define _POPPLER_DICTADD(dict, key, obj) (dict).dictAdd(copyString(key), std::move(obj))
++#else
++#define _POPPLER_DICTADD(dict, key, obj) (dict).dictAdd(copyString(key), &obj)
++#endif
++
++#if POPPLER_CHECK_VERSION(0,58,0)
++#define POPPLER_NEW_OBJECT_API
++#define _POPPLER_FREE(obj)
++#define _POPPLER_CALL(ret, func) (ret = func())
++#define _POPPLER_CALL_ARGS(ret, func, ...) (ret = func(__VA_ARGS__))
++#else
++#define _POPPLER_FREE(obj) (obj).free()
++#define _POPPLER_CALL(ret, func) (*func(&ret))
++#define _POPPLER_CALL_ARGS(ret, func, ...) (*func(__VA_ARGS__, &ret))
++#endif
++
++#if POPPLER_CHECK_VERSION(0, 29, 0)
++#define POPPLER_EVEN_NEWER_NEW_COLOR_SPACE_API
++#endif
++
++#if POPPLER_CHECK_VERSION(0, 25, 0)
++#define POPPLER_EVEN_NEWER_COLOR_SPACE_API
++#endif
++
++#endif
+diff --git a/src/extension/internal/pdfinput/svg-builder.cpp b/src/extension/internal/pdfinput/svg-builder.cpp
+--- a/src/extension/internal/pdfinput/svg-builder.cpp
++++ b/src/extension/internal/pdfinput/svg-builder.cpp
+@@ -625,7 +625,7 @@ gchar *SvgBuilder::_createPattern(GfxPattern *pattern, GfxState *state, bool is_
+     if ( pattern != NULL ) {
+         if ( pattern->getType() == 2 ) {  // Shading pattern
+             GfxShadingPattern *shading_pattern = static_cast<GfxShadingPattern *>(pattern);
+-            double *ptm;
++            const double *ptm;
+             double m[6] = {1, 0, 0, 1, 0, 0};
+             double det;
+ 
+@@ -672,7 +672,7 @@ gchar *SvgBuilder::_createTilingPattern(GfxTilingPattern *tiling_pattern,
+ 
+     Inkscape::XML::Node *pattern_node = _xml_doc->createElement("svg:pattern");
+     // Set pattern transform matrix
+-    double *p2u = tiling_pattern->getMatrix();
++    const double *p2u = tiling_pattern->getMatrix();
+     double m[6] = {1, 0, 0, 1, 0, 0};
+     double det;
+     det = _ttm[0] * _ttm[3] - _ttm[1] * _ttm[2];    // see LP Bug 1168908
+@@ -698,7 +698,7 @@ gchar *SvgBuilder::_createTilingPattern(GfxTilingPattern *tiling_pattern,
+     pattern_node->setAttribute("patternUnits", "userSpaceOnUse");
+     // Set pattern tiling
+     // FIXME: don't ignore XStep and YStep
+-    double *bbox = tiling_pattern->getBBox();
++    const double *bbox = tiling_pattern->getBBox();
+     sp_repr_set_svg_double(pattern_node, "x", 0.0);
+     sp_repr_set_svg_double(pattern_node, "y", 0.0);
+     sp_repr_set_svg_double(pattern_node, "width", bbox[2] - bbox[0]);
+@@ -751,7 +751,7 @@ gchar *SvgBuilder::_createTilingPattern(GfxTilingPattern *tiling_pattern,
+  */
+ gchar *SvgBuilder::_createGradient(GfxShading *shading, double *matrix, bool for_shading) {
+     Inkscape::XML::Node *gradient;
+-    Function *func;
++    _POPPLER_CONST Function *func;
+     int num_funcs;
+     bool extend0, extend1;
+ 
+@@ -865,7 +865,7 @@ static bool svgGetShadingColorRGB(GfxShading *shading, double offset, GfxRGB *re
+ 
+ #define INT_EPSILON 8
+ bool SvgBuilder::_addGradientStops(Inkscape::XML::Node *gradient, GfxShading *shading,
+-                                   Function *func) {
++                                   _POPPLER_CONST Function *func) {
+     int type = func->getType();
+     if ( type == 0 || type == 2 ) {  // Sampled or exponential function
+         GfxRGB stop1, stop2;
+@@ -877,9 +877,9 @@ bool SvgBuilder::_addGradientStops(Inkscape::XML::Node *gradient, GfxShading *sh
+             _addStopToGradient(gradient, 1.0, &stop2, 1.0);
+         }
+     } else if ( type == 3 ) { // Stitching
+-        StitchingFunction *stitchingFunc = static_cast<StitchingFunction*>(func);
+-        double *bounds = stitchingFunc->getBounds();
+-        double *encode = stitchingFunc->getEncode();
++        auto stitchingFunc = static_cast<_POPPLER_CONST StitchingFunction*>(func);
++        const double *bounds = stitchingFunc->getBounds();
++        const double *encode = stitchingFunc->getEncode();
+         int num_funcs = stitchingFunc->getNumFuncs();
+ 
+         // Add stops from all the stitched functions
+@@ -890,7 +890,7 @@ bool SvgBuilder::_addGradientStops(Inkscape::XML::Node *gradient, GfxShading *sh
+             svgGetShadingColorRGB(shading, bounds[i + 1], &color);
+             // Add stops
+             if (stitchingFunc->getFunc(i)->getType() == 2) {    // process exponential fxn
+-                double expE = (static_cast<ExponentialFunction*>(stitchingFunc->getFunc(i)))->getE();
++                double expE = (static_cast<_POPPLER_CONST ExponentialFunction*>(stitchingFunc->getFunc(i)))->getE();
+                 if (expE > 1.0) {
+                     expE = (bounds[i + 1] - bounds[i])/expE;    // approximate exponential as a single straight line at x=1
+                     if (encode[2*i] == 0) {    // normal sequence
+@@ -1020,9 +1020,9 @@ void SvgBuilder::updateFont(GfxState *state) {
+     GfxFont *font = state->getFont();
+     // Store original name
+     if (font->getName()) {
+-        _font_specification = g_strdup(font->getName()->getCString());
++        _font_specification = font->getName()->getCString();
+     } else {
+-        _font_specification = (char*) "Arial";
++        _font_specification = "Arial";
+     }
+ 
+     // Prune the font name to get the correct font family name
+@@ -1030,7 +1030,7 @@ void SvgBuilder::updateFont(GfxState *state) {
+     char *font_family = NULL;
+     char *font_style = NULL;
+     char *font_style_lowercase = NULL;
+-    char *plus_sign = strstr(_font_specification, "+");
++    const char *plus_sign = strstr(_font_specification, "+");
+     if (plus_sign) {
+         font_family = g_strdup(plus_sign + 1);
+         _font_specification = plus_sign + 1;
+@@ -1148,7 +1148,7 @@ void SvgBuilder::updateFont(GfxState *state) {
+     Inkscape::CSSOStringStream os_font_size;
+     double css_font_size = _font_scaling * state->getFontSize();
+     if ( font->getType() == fontType3 ) {
+-        double *font_matrix = font->getFontMatrix();
++        const double *font_matrix = font->getFontMatrix();
+         if ( font_matrix[0] != 0.0 ) {
+             css_font_size *= font_matrix[3] / font_matrix[0];
+         }
+@@ -1193,7 +1193,7 @@ void SvgBuilder::updateTextPosition(double tx, double ty) {
+ void SvgBuilder::updateTextMatrix(GfxState *state) {
+     _flushText();
+     // Update text matrix
+-    double *text_matrix = state->getTextMat();
++    const double *text_matrix = state->getTextMat();
+     double w_scale = sqrt( text_matrix[0] * text_matrix[0] + text_matrix[2] * text_matrix[2] );
+     double h_scale = sqrt( text_matrix[1] * text_matrix[1] + text_matrix[3] * text_matrix[3] );
+     double max_scale;
+diff --git a/src/extension/internal/pdfinput/svg-builder.h b/src/extension/internal/pdfinput/svg-builder.h
+--- a/src/extension/internal/pdfinput/svg-builder.h
++++ b/src/extension/internal/pdfinput/svg-builder.h
+@@ -15,6 +15,7 @@
+ #endif
+ 
+ #ifdef HAVE_POPPLER
++#include "poppler-transition-api.h"
+ 
+ class SPDocument;
+ namespace Inkscape {
+@@ -80,7 +81,7 @@ struct SvgGlyph {
+     bool style_changed;  // Set to true if style has to be reset
+     SPCSSAttr *style;
+     int render_mode;    // Text render mode
+-    char *font_specification;   // Pointer to current font specification
++    const char *font_specification;   // Pointer to current font specification
+ };
+ 
+ /**
+@@ -174,7 +175,7 @@ private:
+     void _addStopToGradient(Inkscape::XML::Node *gradient, double offset,
+                             GfxRGB *color, double opacity);
+     bool _addGradientStops(Inkscape::XML::Node *gradient, GfxShading *shading,
+-                           Function *func);
++                           _POPPLER_CONST Function *func);
+     gchar *_createTilingPattern(GfxTilingPattern *tiling_pattern, GfxState *state,
+                                 bool is_stroke=false);
+     // Image/mask creation
+@@ -202,7 +203,7 @@ private:
+ 
+     SPCSSAttr *_font_style;          // Current font style
+     GfxFont *_current_font;
+-    char *_font_specification;
++    const char *_font_specification;
+     double _font_scaling;
+     bool _need_font_update;
+     Geom::Affine _text_matrix;
diff --git a/gnu/packages/patches/json-glib-fix-tests-32bit.patch b/gnu/packages/patches/json-glib-fix-tests-32bit.patch
deleted file mode 100644
index 77ea134915..0000000000
--- a/gnu/packages/patches/json-glib-fix-tests-32bit.patch
+++ /dev/null
@@ -1,174 +0,0 @@
-Fix floating point issues on 32-bit platforms:
-
-https://gitlab.gnome.org/GNOME/json-glib/issues/27
-
-This is an amalgamation of the following upstream commits:
-https://gitlab.gnome.org/GNOME/json-glib/commit/70e2648e02232c1a439a7418388f18fee9afb3fe
-https://gitlab.gnome.org/GNOME/json-glib/commit/675e27505776a1d77fa1ffd1974284890caec1f4
-
-diff --git a/json-glib/tests/json-test-utils.h b/json-glib/tests/json-test-utils.h
-new file mode 100644
-index 0000000..83a02c6
---- /dev/null
-+++ b/json-glib/tests/json-test-utils.h
-@@ -0,0 +1,21 @@
-+#include <string.h>
-+#include <math.h>
-+#include <float.h>
-+#include <glib.h>
-+#include <json-glib/json-glib.h>
-+
-+#define json_fuzzy_equals(n1,n2,epsilon) \
-+  (((n1) > (n2) ? ((n1) - (n2)) : ((n2) - (n1))) < (epsilon))
-+
-+#define json_assert_fuzzy_equals(n1,n2,epsilon) \
-+  G_STMT_START { \
-+    double __n1 = (n1), __n2 = (n2), __epsilon = (epsilon); \
-+    if (json_fuzzy_equals (__n1, __n2, __epsilon)) ; else { \
-+      g_assertion_message_cmpnum (G_LOG_DOMAIN, __FILE__, __LINE__, G_STRFUNC, \
-+                                  #n1 " == " #n2 " (+/- " #epsilon ")", \
-+                                  __n1, "==", __n2, 'f'); \
-+    } \
-+  } G_STMT_END
-+
-+#define json_assert_almost_equals(n1,n2) \
-+  json_assert_fuzzy_equals (n1, n2, DBL_EPSILON)
-diff --git a/json-glib/tests/array.c b/json-glib/tests/array.c
-index 98afeab..426cd72 100644
---- a/json-glib/tests/array.c
-+++ b/json-glib/tests/array.c
-@@ -1,9 +1,4 @@
--#include <stdio.h>
--#include <stdlib.h>
--#include <string.h>
--
--#include <glib.h>
--#include <json-glib/json-glib.h>
-+#include "json-test-utils.h"
- 
- static void
- test_empty_array (void)
-@@ -37,7 +32,7 @@ test_add_element (void)
- 
-   json_array_add_double_element (array, 3.14);
-   g_assert_cmpint (json_array_get_length (array), ==, 3);
--  g_assert_cmpfloat (json_array_get_double_element (array, 2), ==, 3.14);
-+  json_assert_fuzzy_equals (json_array_get_double_element (array, 2), 3.14, 0.001);
- 
-   json_array_add_boolean_element (array, TRUE);
-   g_assert_cmpint (json_array_get_length (array), ==, 4);
-diff --git a/json-glib/tests/node.c b/json-glib/tests/node.c
-index 23bda63..80beb78 100644
---- a/json-glib/tests/node.c
-+++ b/json-glib/tests/node.c
-@@ -1,6 +1,4 @@
--#include <glib.h>
--#include <json-glib/json-glib.h>
--#include <string.h>
-+#include "json-test-utils.h"
- 
- static void
- test_init_int (void)
-@@ -19,7 +17,7 @@ test_init_double (void)
-   JsonNode *node = json_node_new (JSON_NODE_VALUE);
- 
-   json_node_set_double (node, 3.14159);
--  g_assert_cmpfloat (json_node_get_double (node), ==, 3.14159);
-+  json_assert_fuzzy_equals (json_node_get_double (node), 3.14159, 0.00001);
- 
-   json_node_free (node);
- }
-@@ -119,13 +117,13 @@ test_get_int (void)
- 
-   json_node_set_int (node, 0);
-   g_assert_cmpint (json_node_get_int (node), ==, 0);
--  g_assert_cmpfloat (json_node_get_double (node), ==, 0.0);
-+  json_assert_almost_equals (json_node_get_double (node), 0.0);
-   g_assert (!json_node_get_boolean (node));
-   g_assert (!json_node_is_null (node));
- 
-   json_node_set_int (node, 42);
-   g_assert_cmpint (json_node_get_int (node), ==, 42);
--  g_assert_cmpfloat (json_node_get_double (node), ==, 42.0);
-+  json_assert_almost_equals (json_node_get_double (node), 42.0);
-   g_assert (json_node_get_boolean (node));
-   g_assert (!json_node_is_null (node));
- 
-@@ -138,7 +136,7 @@ test_get_double (void)
-   JsonNode *node = json_node_new (JSON_NODE_VALUE);
- 
-   json_node_set_double (node, 3.14);
--  g_assert_cmpfloat (json_node_get_double (node), ==, 3.14);
-+  json_assert_fuzzy_equals (json_node_get_double (node), 3.14, 0.001);
-   g_assert_cmpint (json_node_get_int (node), ==, 3);
-   g_assert (json_node_get_boolean (node));
- 
-@@ -232,9 +230,9 @@ test_gvalue_autopromotion (void)
-     g_print ("Expecting a gdouble, got a %s\n", g_type_name (G_VALUE_TYPE (&check))); 
- 
-   g_assert_cmpint (G_VALUE_TYPE (&check), ==, G_TYPE_DOUBLE);
--  g_assert_cmpfloat ((float) g_value_get_double (&check), ==, 3.14159f);
-+  json_assert_fuzzy_equals (g_value_get_double (&check), 3.14159, 0.00001);
-   g_assert_cmpint (G_VALUE_TYPE (&value), !=, G_VALUE_TYPE (&check));
--  g_assert_cmpfloat ((gdouble) g_value_get_float (&value), ==, g_value_get_double (&check));
-+  json_assert_almost_equals (g_value_get_float (&value), g_value_get_double (&check));
- 
-   g_value_unset (&value);
-   g_value_unset (&check);
-diff --git a/json-glib/tests/parser.c b/json-glib/tests/parser.c
-index f71584a..8c52a1d 100644
---- a/json-glib/tests/parser.c
-+++ b/json-glib/tests/parser.c
-@@ -1,11 +1,5 @@
--#include "config.h"
--
-+#include "json-test-utils.h"
- #include <stdlib.h>
--#include <stdio.h>
--
--#include <glib.h>
--
--#include <json-glib/json-glib.h>
- 
- static const gchar *test_empty_string = "";
- static const gchar *test_empty_array_string = "[ ]";
-@@ -38,13 +32,13 @@ verify_string_value (JsonNode *node)
- static void
- verify_double_value (JsonNode *node)
- {
--  g_assert_cmpfloat (10.2e3, ==, json_node_get_double (node));
-+  json_assert_fuzzy_equals (10.2e3, json_node_get_double (node), 0.1);
- }
- 
- static void
- verify_negative_double_value (JsonNode *node)
- {
--  g_assert_cmpfloat (-3.14, ==, json_node_get_double (node));
-+  json_assert_fuzzy_equals (-3.14, json_node_get_double (node), 0.01);
- }
- 
- static const struct {
-diff --git a/json-glib/tests/reader.c b/json-glib/tests/reader.c
-index 43a6aac..9bab312 100644
---- a/json-glib/tests/reader.c
-+++ b/json-glib/tests/reader.c
-@@ -1,9 +1,4 @@
--#include <stdlib.h>
--#include <stdio.h>
--
--#include <glib.h>
--
--#include <json-glib/json-glib.h>
-+#include "json-test-utils.h"
- 
- static const gchar *test_base_array_data =
- "[ 0, true, null, \"foo\", 3.14, [ false ], { \"bar\" : 42 } ]";
-@@ -78,7 +73,7 @@ test_base_object (void)
-   g_assert (json_reader_get_error (reader) == NULL);
- 
-   json_reader_read_member (reader, "double");
--  g_assert_cmpfloat (json_reader_get_double_value (reader), ==, 42.47);
-+  json_assert_fuzzy_equals (json_reader_get_double_value (reader), 42.47, 0.01);
-   json_reader_end_element (reader);
- 
-   g_object_unref (reader);
diff --git a/gnu/packages/patches/libtiff-CVE-2017-18013.patch b/gnu/packages/patches/libtiff-CVE-2017-18013.patch
deleted file mode 100644
index ba03c83847..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2017-18013.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Fix CVE-2017-18013:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2770
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013
-
-Patch copied from upstream source repository:
-
-https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01
-
-From c6f41df7b581402dfba3c19a1e3df4454c551a01 Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Sun, 31 Dec 2017 15:09:41 +0100
-Subject: [PATCH] libtiff/tif_print.c: TIFFPrintDirectory(): fix null pointer
- dereference on corrupted file. Fixes
- http://bugzilla.maptools.org/show_bug.cgi?id=2770
-
----
- libtiff/tif_print.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c
-index 9959d353..8deceb2b 100644
---- a/libtiff/tif_print.c
-+++ b/libtiff/tif_print.c
-@@ -665,13 +665,13 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags)
- #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
- 			fprintf(fd, "    %3lu: [%8I64u, %8I64u]\n",
- 			    (unsigned long) s,
--			    (unsigned __int64) td->td_stripoffset[s],
--			    (unsigned __int64) td->td_stripbytecount[s]);
-+			    td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0,
-+			    td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0);
- #else
- 			fprintf(fd, "    %3lu: [%8llu, %8llu]\n",
- 			    (unsigned long) s,
--			    (unsigned long long) td->td_stripoffset[s],
--			    (unsigned long long) td->td_stripbytecount[s]);
-+			    td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0,
-+			    td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0);
- #endif
- 	}
- }
--- 
-2.16.1
-
diff --git a/gnu/packages/patches/libtiff-CVE-2017-9935.patch b/gnu/packages/patches/libtiff-CVE-2017-9935.patch
deleted file mode 100644
index 5685d81f68..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2017-9935.patch
+++ /dev/null
@@ -1,162 +0,0 @@
-Fix CVE-2017-9935
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935
-http://bugzilla.maptools.org/show_bug.cgi?id=2704
-
-Patch copied from upstream source repository:
-
-https://gitlab.com/libtiff/libtiff/commit/3dd8f6a357981a4090f126ab9025056c938b6940
-
-From 3dd8f6a357981a4090f126ab9025056c938b6940 Mon Sep 17 00:00:00 2001
-From: Brian May <brian@linuxpenguins.xyz>
-Date: Thu, 7 Dec 2017 07:46:47 +1100
-Subject: [PATCH] tiff2pdf: Fix CVE-2017-9935
-
-Fix for http://bugzilla.maptools.org/show_bug.cgi?id=2704
-
-This vulnerability - at least for the supplied test case - is because we
-assume that a tiff will only have one transfer function that is the same
-for all pages. This is not required by the TIFF standards.
-
-We than read the transfer function for every page.  Depending on the
-transfer function, we allocate either 2 or 4 bytes to the XREF buffer.
-We allocate this memory after we read in the transfer function for the
-page.
-
-For the first exploit - POC1, this file has 3 pages. For the first page
-we allocate 2 extra extra XREF entries. Then for the next page 2 more
-entries. Then for the last page the transfer function changes and we
-allocate 4 more entries.
-
-When we read the file into memory, we assume we have 4 bytes extra for
-each and every page (as per the last transfer function we read). Which
-is not correct, we only have 2 bytes extra for the first 2 pages. As a
-result, we end up writing past the end of the buffer.
-
-There are also some related issues that this also fixes. For example,
-TIFFGetField can return uninitalized pointer values, and the logic to
-detect a N=3 vs N=1 transfer function seemed rather strange.
-
-It is also strange that we declare the transfer functions to be of type
-float, when the standard says they are unsigned 16 bit values. This is
-fixed in another patch.
-
-This patch will check to ensure that the N value for every transfer
-function is the same for every page. If this changes, we abort with an
-error. In theory, we should perhaps check that the transfer function
-itself is identical for every page, however we don't do that due to the
-confusion of the type of the data in the transfer function.
----
- libtiff/tif_dir.c |  3 +++
- tools/tiff2pdf.c  | 65 +++++++++++++++++++++++++++++++++++++------------------
- 2 files changed, 47 insertions(+), 21 deletions(-)
-
-diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
-index 2ccaf448..cbf2b693 100644
---- a/libtiff/tif_dir.c
-+++ b/libtiff/tif_dir.c
-@@ -1065,6 +1065,9 @@ _TIFFVGetField(TIFF* tif, uint32 tag, va_list ap)
- 			if (td->td_samplesperpixel - td->td_extrasamples > 1) {
- 				*va_arg(ap, uint16**) = td->td_transferfunction[1];
- 				*va_arg(ap, uint16**) = td->td_transferfunction[2];
-+			} else {
-+				*va_arg(ap, uint16**) = NULL;
-+				*va_arg(ap, uint16**) = NULL;
- 			}
- 			break;
- 		case TIFFTAG_REFERENCEBLACKWHITE:
-diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
-index d1a9b095..c3ec0746 100644
---- a/tools/tiff2pdf.c
-+++ b/tools/tiff2pdf.c
-@@ -1047,6 +1047,8 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){
- 	uint16 pagen=0;
- 	uint16 paged=0;
- 	uint16 xuint16=0;
-+	uint16 tiff_transferfunctioncount=0;
-+	float* tiff_transferfunction[3];
- 
- 	directorycount=TIFFNumberOfDirectories(input);
- 	t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE)));
-@@ -1147,26 +1149,48 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){
-                 }
- #endif
- 		if (TIFFGetField(input, TIFFTAG_TRANSFERFUNCTION,
--                                 &(t2p->tiff_transferfunction[0]),
--                                 &(t2p->tiff_transferfunction[1]),
--                                 &(t2p->tiff_transferfunction[2]))) {
--			if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
--                           (t2p->tiff_transferfunction[2] != (float*) NULL) &&
--                           (t2p->tiff_transferfunction[1] !=
--                            t2p->tiff_transferfunction[0])) {
--				t2p->tiff_transferfunctioncount = 3;
--				t2p->tiff_pages[i].page_extra += 4;
--				t2p->pdf_xrefcount += 4;
--			} else {
--				t2p->tiff_transferfunctioncount = 1;
--				t2p->tiff_pages[i].page_extra += 2;
--				t2p->pdf_xrefcount += 2;
--			}
--			if(t2p->pdf_minorversion < 2)
--				t2p->pdf_minorversion = 2;
-+                                 &(tiff_transferfunction[0]),
-+                                 &(tiff_transferfunction[1]),
-+                                 &(tiff_transferfunction[2]))) {
-+
-+                        if((tiff_transferfunction[1] != (float*) NULL) &&
-+                           (tiff_transferfunction[2] != (float*) NULL)
-+                          ) {
-+                            tiff_transferfunctioncount=3;
-+                        } else {
-+                            tiff_transferfunctioncount=1;
-+                        }
-                 } else {
--			t2p->tiff_transferfunctioncount=0;
-+			tiff_transferfunctioncount=0;
- 		}
-+
-+                if (i > 0){
-+                    if (tiff_transferfunctioncount != t2p->tiff_transferfunctioncount){
-+                        TIFFError(
-+                            TIFF2PDF_MODULE,
-+                            "Different transfer function on page %d",
-+                            i);
-+                        t2p->t2p_error = T2P_ERR_ERROR;
-+                        return;
-+                    }
-+                }
-+
-+                t2p->tiff_transferfunctioncount = tiff_transferfunctioncount;
-+                t2p->tiff_transferfunction[0] = tiff_transferfunction[0];
-+                t2p->tiff_transferfunction[1] = tiff_transferfunction[1];
-+                t2p->tiff_transferfunction[2] = tiff_transferfunction[2];
-+                if(tiff_transferfunctioncount == 3){
-+                        t2p->tiff_pages[i].page_extra += 4;
-+                        t2p->pdf_xrefcount += 4;
-+                        if(t2p->pdf_minorversion < 2)
-+                                t2p->pdf_minorversion = 2;
-+                } else if (tiff_transferfunctioncount == 1){
-+                        t2p->tiff_pages[i].page_extra += 2;
-+                        t2p->pdf_xrefcount += 2;
-+                        if(t2p->pdf_minorversion < 2)
-+                                t2p->pdf_minorversion = 2;
-+                }
-+
- 		if( TIFFGetField(
- 			input, 
- 			TIFFTAG_ICCPROFILE, 
-@@ -1828,9 +1852,8 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){
- 			 &(t2p->tiff_transferfunction[1]),
- 			 &(t2p->tiff_transferfunction[2]))) {
- 		if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
--                   (t2p->tiff_transferfunction[2] != (float*) NULL) &&
--                   (t2p->tiff_transferfunction[1] !=
--                    t2p->tiff_transferfunction[0])) {
-+                   (t2p->tiff_transferfunction[2] != (float*) NULL)
-+                  ) {
- 			t2p->tiff_transferfunctioncount=3;
- 		} else {
- 			t2p->tiff_transferfunctioncount=1;
--- 
-2.16.1
-
diff --git a/gnu/packages/patches/libtiff-CVE-2018-10963.patch b/gnu/packages/patches/libtiff-CVE-2018-10963.patch
deleted file mode 100644
index d31c12399d..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2018-10963.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Fix CVE-2018-10963:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2795
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963
-
-Patch copied from upstream source repository:
-
-https://gitlab.com/libtiff/libtiff/commit/de144fd228e4be8aa484c3caf3d814b6fa88c6d9
-
-From de144fd228e4be8aa484c3caf3d814b6fa88c6d9 Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Sat, 12 May 2018 14:24:15 +0200
-Subject: [PATCH] TIFFWriteDirectorySec: avoid assertion. Fixes
- http://bugzilla.maptools.org/show_bug.cgi?id=2795. CVE-2018-10963
-
----
- libtiff/tif_dirwrite.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
-index 2430de6d..c15a28db 100644
---- a/libtiff/tif_dirwrite.c
-+++ b/libtiff/tif_dirwrite.c
-@@ -695,8 +695,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
- 								}
- 								break;
- 							default:
--								assert(0);   /* we should never get here */
--								break;
-+								TIFFErrorExt(tif->tif_clientdata,module,
-+								            "Cannot write tag %d (%s)",
-+								            TIFFFieldTag(o),
-+                                                                            o->field_name ? o->field_name : "unknown");
-+								goto bad;
- 						}
- 					}
- 				}
--- 
-2.17.0
-
diff --git a/gnu/packages/patches/libtiff-CVE-2018-8905.patch b/gnu/packages/patches/libtiff-CVE-2018-8905.patch
deleted file mode 100644
index f49815789e..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2018-8905.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-Fix CVE-2018-8095:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2780
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905
-
-Patch copied from upstream source repository:
-
-https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d
-
-From 58a898cb4459055bb488ca815c23b880c242a27d Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Sat, 12 May 2018 15:32:31 +0200
-Subject: [PATCH] LZWDecodeCompat(): fix potential index-out-of-bounds write.
- Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2780 / CVE-2018-8905
-
-The fix consists in using the similar code LZWDecode() to validate we
-don't write outside of the output buffer.
----
- libtiff/tif_lzw.c | 18 ++++++++++++------
- 1 file changed, 12 insertions(+), 6 deletions(-)
-
-diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
-index 4ccb443c..94d85e38 100644
---- a/libtiff/tif_lzw.c
-+++ b/libtiff/tif_lzw.c
-@@ -602,6 +602,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
- 	char *tp;
- 	unsigned char *bp;
- 	int code, nbits;
-+	int len;
- 	long nextbits, nextdata, nbitsmask;
- 	code_t *codep, *free_entp, *maxcodep, *oldcodep;
- 
-@@ -753,13 +754,18 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
- 				}  while (--occ);
- 				break;
- 			}
--			assert(occ >= codep->length);
--			op += codep->length;
--			occ -= codep->length;
--			tp = op;
-+			len = codep->length;
-+			tp = op + len;
- 			do {
--				*--tp = codep->value;
--			} while( (codep = codep->next) != NULL );
-+				int t;
-+				--tp;
-+				t = codep->value;
-+				codep = codep->next;
-+				*tp = (char)t;
-+			} while (codep && tp > op);
-+			assert(occ >= len);
-+			op += len;
-+			occ -= len;
- 		} else {
- 			*op++ = (char)code;
- 			occ--;
--- 
-2.17.0
-
diff --git a/gnu/packages/patches/poppler-CVE-2018-19149.patch b/gnu/packages/patches/poppler-CVE-2018-19149.patch
deleted file mode 100644
index 3641f5f078..0000000000
--- a/gnu/packages/patches/poppler-CVE-2018-19149.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-Fix CVE-2018-19149:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19149
-https://gitlab.freedesktop.org/poppler/poppler/issues/664
-
-Patch copied from upstream source repository:
-
-https://gitlab.freedesktop.org/poppler/poppler/commit/f162ecdea0dda5dbbdb45503c1d55d9afaa41d44
-
-From f162ecdea0dda5dbbdb45503c1d55d9afaa41d44 Mon Sep 17 00:00:00 2001
-From: Marek Kasik <mkasik@redhat.com>
-Date: Fri, 20 Apr 2018 11:38:13 +0200
-Subject: [PATCH] Fix crash on missing embedded file
-
-Check whether an embedded file is actually present in the PDF
-and show warning in that case.
-
-https://bugs.freedesktop.org/show_bug.cgi?id=106137
-https://gitlab.freedesktop.org/poppler/poppler/issues/236
----
- glib/poppler-attachment.cc | 26 +++++++++++++++++---------
- glib/poppler-document.cc   |  3 ++-
- 2 files changed, 19 insertions(+), 10 deletions(-)
-
-diff --git a/glib/poppler-attachment.cc b/glib/poppler-attachment.cc
-index c6502e9d..11ba5bb5 100644
---- a/glib/poppler-attachment.cc
-+++ b/glib/poppler-attachment.cc
-@@ -111,17 +111,25 @@ _poppler_attachment_new (FileSpec *emb_file)
-     attachment->description = _poppler_goo_string_to_utf8 (emb_file->getDescription ());
- 
-   embFile = emb_file->getEmbeddedFile();
--  attachment->size = embFile->size ();
-+  if (embFile != NULL && embFile->streamObject()->isStream())
-+    {
-+      attachment->size = embFile->size ();
- 
--  if (embFile->createDate ())
--    _poppler_convert_pdf_date_to_gtime (embFile->createDate (), (time_t *)&attachment->ctime);
--  if (embFile->modDate ())
--    _poppler_convert_pdf_date_to_gtime (embFile->modDate (), (time_t *)&attachment->mtime);
-+      if (embFile->createDate ())
-+        _poppler_convert_pdf_date_to_gtime (embFile->createDate (), (time_t *)&attachment->ctime);
-+      if (embFile->modDate ())
-+        _poppler_convert_pdf_date_to_gtime (embFile->modDate (), (time_t *)&attachment->mtime);
- 
--  if (embFile->checksum () && embFile->checksum ()->getLength () > 0)
--    attachment->checksum = g_string_new_len (embFile->checksum ()->getCString (),
--                                             embFile->checksum ()->getLength ());
--  priv->obj_stream = embFile->streamObject()->copy();
-+      if (embFile->checksum () && embFile->checksum ()->getLength () > 0)
-+        attachment->checksum = g_string_new_len (embFile->checksum ()->getCString (),
-+                                                 embFile->checksum ()->getLength ());
-+      priv->obj_stream = embFile->streamObject()->copy();
-+    }
-+  else
-+    {
-+      g_warning ("Missing stream object for embedded file");
-+      g_clear_object (&attachment);
-+    }
- 
-   return attachment;
- }
-diff --git a/glib/poppler-document.cc b/glib/poppler-document.cc
-index 83f6aea6..ea319344 100644
---- a/glib/poppler-document.cc
-+++ b/glib/poppler-document.cc
-@@ -670,7 +670,8 @@ poppler_document_get_attachments (PopplerDocument *document)
-       attachment = _poppler_attachment_new (emb_file);
-       delete emb_file;
- 
--      retval = g_list_prepend (retval, attachment);
-+      if (attachment != NULL)
-+        retval = g_list_prepend (retval, attachment);
-     }
-   return g_list_reverse (retval);
- }
--- 
-2.19.1
-
diff --git a/gnu/packages/patches/postgresql-disable-resolve_symlinks.patch b/gnu/packages/patches/postgresql-disable-resolve_symlinks.patch
new file mode 100644
index 0000000000..97ef6928fe
--- /dev/null
+++ b/gnu/packages/patches/postgresql-disable-resolve_symlinks.patch
@@ -0,0 +1,25 @@
+From 223c82d1d6ed1f29f26307249827ff679e09c780 Mon Sep 17 00:00:00 2001
+From: Julien Lepiller <julien@lepiller.eu>
+Date: Sat, 28 Jul 2018 12:22:12 +0200
+Subject: [PATCH] disable resolve_symlink
+
+---
+ src/common/exec.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/common/exec.c b/src/common/exec.c
+index 878fc29..6b3e283 100644
+--- a/src/common/exec.c
++++ b/src/common/exec.c
+@@ -218,6 +218,8 @@ find_my_exec(const char *argv0, char *retpath)
+ static int
+ resolve_symlinks(char *path)
+ {
++	// On GuixSD we *want* stuff relative to symlinks.
++	return 0;
+ #ifdef HAVE_READLINK
+ 	struct stat buf;
+ 	char		orig_wd[MAXPGPATH],
+--
+2.18.0
+
diff --git a/gnu/packages/patches/texlive-bin-luatex-poppler-compat.patch b/gnu/packages/patches/texlive-bin-luatex-poppler-compat.patch
new file mode 100644
index 0000000000..d8b9bf172a
--- /dev/null
+++ b/gnu/packages/patches/texlive-bin-luatex-poppler-compat.patch
@@ -0,0 +1,318 @@
+Fix LuaTeX compatibility with Poppler 0.72.
+
+Upstream LuaTeX have moved from Poppler to "pplib" and thus upstream
+fixes are unavailable.  This is based on Arch Linux patches, with minor
+changes for Poppler 0.72:
+https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/texlive-bin&id=f1b424435c8fa31d9296c7a6dc17f939a8332780
+
+diff --git a/texk/web2c/luatexdir/image/pdftoepdf.w b/texk/web2c/luatexdir/image/pdftoepdf.w
+--- a/texk/web2c/luatexdir/image/pdftoepdf.w
++++ b/texk/web2c/luatexdir/image/pdftoepdf.w
+@@ -35,7 +35,7 @@
+ 
+ extern void md5(Guchar *msg, int msgLen, Guchar *digest);
+ 
+-static GBool isInit = gFalse;
++static bool isInit = false;
+ 
+ /* Maintain AVL tree of all PDF files for embedding */
+ 
+@@ -363,10 +363,10 @@ void copyReal(PDF pdf, double d)
+ 
+ static void copyString(PDF pdf, GooString * string)
+ {
+-    char *p;
++    const char *p;
+     unsigned char c;
+     size_t i, l;
+-    p = string->getCString();
++    p = string->c_str();
+     l = (size_t) string->getLength();
+     if (pdf->cave)
+         pdf_out(pdf, ' ');
+@@ -393,7 +393,7 @@ static void copyString(PDF pdf, GooString * string)
+     pdf->cave = true;
+ }
+ 
+-static void copyName(PDF pdf, char *s)
++static void copyName(PDF pdf, const char *s)
+ {
+     pdf_out(pdf, '/');
+     for (; *s != 0; s++) {
+@@ -468,14 +468,14 @@ static void copyObject(PDF pdf, PdfDocument * pdf_doc, Object * obj)
+         break;
+     /*
+     case objNum:
+-        GBool isNum() { return type == objInt || type == objReal; }
++        bool isNum() { return type == objInt || type == objReal; }
+         break;
+     */
+     case objString:
+         copyString(pdf, (GooString *)obj->getString());
+         break;
+     case objName:
+-        copyName(pdf, (char *)obj->getName());
++        copyName(pdf, obj->getName());
+         break;
+     case objNull:
+         pdf_add_null(pdf);
+@@ -531,22 +531,22 @@ static PDFRectangle *get_pagebox(Page * page, int pagebox_spec)
+ {
+     switch (pagebox_spec) {
+         case PDF_BOX_SPEC_MEDIA:
+-            return page->getMediaBox();
++            return (PDFRectangle *) page->getMediaBox();
+             break;
+         case PDF_BOX_SPEC_CROP:
+-            return page->getCropBox();
++            return (PDFRectangle *) page->getCropBox();
+             break;
+         case PDF_BOX_SPEC_BLEED:
+-            return page->getBleedBox();
++            return (PDFRectangle *) page->getBleedBox();
+             break;
+         case PDF_BOX_SPEC_TRIM:
+-            return page->getTrimBox();
++            return (PDFRectangle *) page->getTrimBox();
+             break;
+         case PDF_BOX_SPEC_ART:
+-            return page->getArtBox();
++            return (PDFRectangle *) page->getArtBox();
+             break;
+         default:
+-            return page->getMediaBox();
++            return (PDFRectangle *) page->getMediaBox();
+             break;
+     }
+ }
+@@ -587,11 +587,11 @@ void read_pdf_info(image_dict * idict)
+     PDFRectangle *pagebox;
+     int pdf_major_version_found, pdf_minor_version_found;
+     float xsize, ysize, xorig, yorig;
+-    if (isInit == gFalse) {
++    if (isInit == false) {
+         if (!(globalParams))
+             globalParams = new GlobalParams();
+-        globalParams->setErrQuiet(gFalse);
+-        isInit = gTrue;
++        globalParams->setErrQuiet(false);
++        isInit = true;
+     }
+     if (img_type(idict) == IMG_TYPE_PDF)
+         pdf_doc = refPdfDocument(img_filepath(idict), FE_FAIL);
+@@ -966,7 +966,7 @@ void epdf_free()
+     if (PdfDocumentTree != NULL)
+         avl_destroy(PdfDocumentTree, destroyPdfDocument);
+     PdfDocumentTree = NULL;
+-    if (isInit == gTrue)
++    if (isInit == true)
+         delete globalParams;
+-    isInit = gFalse;
++    isInit = false;
+ }
+diff --git a/texk/web2c/luatexdir/lua/lepdflib.cc b/texk/web2c/luatexdir/lua/lepdflib.cc
+--- a/texk/web2c/luatexdir/lua/lepdflib.cc
++++ b/texk/web2c/luatexdir/lua/lepdflib.cc
+@@ -240,7 +240,7 @@ static int l_new_Attribute(lua_State * L)
+        if (uobj->pd != NULL && uobj->pd->pc != uobj->pc)
+           pdfdoc_changed_error(L);
+        uout = new_Attribute_userdata(L);
+-       uout->d = new Attribute(n, nlen, (Object *)uobj->d);
++       uout->d = new Attribute((GooString)n, (Object *)uobj->d);
+        uout->atype = ALLOC_LEPDF;
+        uout->pc = uobj->pc;
+        uout->pd = uobj->pd;
+@@ -439,7 +439,7 @@ static int l_new_Object(lua_State * L)
+       break;
+     case 1:
+       if (lua_isboolean (L,1)) {
+-	uout->d = new Object(lua_toboolean(L, 1)? gTrue : gFalse);
++	uout->d = new Object(lua_toboolean(L, 1)? true : false);
+ 	uout->atype = ALLOC_LEPDF;
+ 	uout->pc = 0;
+ 	uout->pd = NULL;
+@@ -596,7 +596,7 @@ static int m_##in##_##function(lua_State * L)                  \
+     uin = (udstruct *) luaL_checkudata(L, 1, M_##in);          \
+     if (uin->pd != NULL && uin->pd->pc != uin->pc)             \
+         pdfdoc_changed_error(L);                               \
+-    o = ((in *) uin->d)->function();                           \
++    o = (out *) ((in *) uin->d)->function();                           \
+     if (o != NULL) {                                           \
+         uout = new_##out##_userdata(L);                        \
+         uout->d = o;                                           \
+@@ -676,7 +676,7 @@ static int m_##in##_##function(lua_State * L)                  \
+         pdfdoc_changed_error(L);                               \
+     gs = (GooString *)((in *) uin->d)->function();             \
+     if (gs != NULL)                                            \
+-        lua_pushlstring(L, gs->getCString(), gs->getLength()); \
++        lua_pushlstring(L, gs->c_str(), gs->getLength()); \
+     else                                                       \
+         lua_pushnil(L);                                        \
+     return 1;                                                  \
+@@ -911,7 +911,7 @@ static int m_Array_getString(lua_State * L)
+     if (i > 0 && i <= len) {
+         gs = new GooString();
+         if (((Array *) uin->d)->getString(i - 1, gs))
+-            lua_pushlstring(L, gs->getCString(), gs->getLength());
++            lua_pushlstring(L, gs->c_str(), gs->getLength());
+         else
+             lua_pushnil(L);
+         delete gs;
+@@ -1063,7 +1063,7 @@ static int m_Catalog_getJS(lua_State * L)
+     if (i > 0 && i <= len) {
+         gs = ((Catalog *) uin->d)->getJS(i - 1);
+         if (gs != NULL)
+-            lua_pushlstring(L, gs->getCString(), gs->getLength());
++            lua_pushlstring(L, gs->c_str(), gs->getLength());
+         else
+             lua_pushnil(L);
+         delete gs;
+@@ -1125,12 +1125,12 @@ m_poppler_get_INT(Dict, getLength);
+ 
+ static int m_Dict_add(lua_State * L)
+ {
+-    char *s;
++    const char *s;
+     udstruct *uin, *uobj;
+     uin = (udstruct *) luaL_checkudata(L, 1, M_Dict);
+     if (uin->pd != NULL && uin->pd->pc != uin->pc)
+         pdfdoc_changed_error(L);
+-    s = copyString(luaL_checkstring(L, 2));
++    s = luaL_checkstring(L, 2);
+     uobj = (udstruct *) luaL_checkudata(L, 3, M_Object);
+     ((Dict *) uin->d)->add(s, std::move(*((Object *) uobj->d)));
+     return 0;
+@@ -1378,7 +1378,7 @@ static int m_GooString__tostring(lua_State * L)
+     uin = (udstruct *) luaL_checkudata(L, 1, M_GooString);
+     if (uin->pd != NULL && uin->pd->pc != uin->pc)
+         pdfdoc_changed_error(L);
+-    lua_pushlstring(L, ((GooString *) uin->d)->getCString(),
++    lua_pushlstring(L, ((GooString *) uin->d)->c_str(),
+                     ((GooString *) uin->d)->getLength());
+     return 1;
+ }
+@@ -1527,9 +1527,9 @@ static int m_Object_initBool(lua_State * L)
+         pdfdoc_changed_error(L);
+     luaL_checktype(L, 2, LUA_TBOOLEAN);
+     if (lua_toboolean(L, 2) != 0)
+-        *((Object *) uin->d) = Object(gTrue);
++        *((Object *) uin->d) = Object(true);
+     else
+-        *((Object *) uin->d) = Object(gFalse);
++        *((Object *) uin->d) = Object(false);
+     return 0;
+ }
+ 
+@@ -1814,7 +1814,7 @@ static int m_Object_getString(lua_State * L)
+         pdfdoc_changed_error(L);
+     if (((Object *) uin->d)->isString()) {
+         gs = (GooString *)((Object *) uin->d)->getString();
+-        lua_pushlstring(L, gs->getCString(), gs->getLength());
++        lua_pushlstring(L, gs->c_str(), gs->getLength());
+     } else
+         lua_pushnil(L);
+     return 1;
+@@ -2051,7 +2051,7 @@ static int m_Object_dictAdd(lua_State * L)
+         pdfdoc_changed_error(L);
+     if (!((Object *) uin->d)->isDict())
+         luaL_error(L, "Object is not a Dict");
+-    ((Object *) uin->d)->dictAdd(copyString(s), std::move(*((Object *) uobj->d)));
++    ((Object *) uin->d)->dictAdd(s, std::move(*((Object *) uobj->d)));
+     return 0;
+ }
+ 
+@@ -2470,9 +2470,9 @@ static int m_PDFDoc_getFileName(lua_State * L)
+     uin = (udstruct *) luaL_checkudata(L, 1, M_PDFDoc);
+     if (uin->pd != NULL && uin->pd->pc != uin->pc)
+         pdfdoc_changed_error(L);
+-    gs = ((PdfDocument *) uin->d)->doc->getFileName();
++    gs = (GooString *) ((PdfDocument *) uin->d)->doc->getFileName();
+     if (gs != NULL)
+-        lua_pushlstring(L, gs->getCString(), gs->getLength());
++        lua_pushlstring(L, gs->c_str(), gs->getLength());
+     else
+         lua_pushnil(L);
+     return 1;
+@@ -2559,9 +2559,9 @@ static int m_PDFDoc_readMetadata(lua_State * L)
+     if (uin->pd != NULL && uin->pd->pc != uin->pc)
+         pdfdoc_changed_error(L);
+     if (((PdfDocument *) uin->d)->doc->getCatalog()->isOk()) {
+-        gs = ((PdfDocument *) uin->d)->doc->readMetadata();
++        gs = (GooString *) ((PdfDocument *) uin->d)->doc->readMetadata();
+         if (gs != NULL)
+-            lua_pushlstring(L, gs->getCString(), gs->getLength());
++            lua_pushlstring(L, gs->c_str(), gs->getLength());
+         else
+             lua_pushnil(L);
+     } else
+@@ -2577,7 +2577,7 @@ static int m_PDFDoc_getStructTreeRoot(lua_State * L)
+     if (uin->pd != NULL && uin->pd->pc != uin->pc)
+         pdfdoc_changed_error(L);
+     if (((PdfDocument *) uin->d)->doc->getCatalog()->isOk()) {
+-        obj = ((PdfDocument *) uin->d)->doc->getStructTreeRoot();
++        obj = (StructTreeRoot *) ((PdfDocument *) uin->d)->doc->getStructTreeRoot();
+         uout = new_StructTreeRoot_userdata(L);
+         uout->d = obj;
+         uout->pc = uin->pc;
+@@ -3038,12 +3038,12 @@ m_poppler_get_BOOL(Attribute, isHidden);
+ 
+ static int m_Attribute_setHidden(lua_State * L)
+ {
+-    GBool i;
++    bool i;
+     udstruct *uin;
+     uin = (udstruct *) luaL_checkudata(L, 1, M_Attribute);
+     if (uin->pd != NULL && uin->pd->pc != uin->pc)
+         pdfdoc_changed_error(L);
+-    i = (GBool) lua_toboolean(L, 2);
++    i = (bool) lua_toboolean(L, 2);
+     ((Attribute *) uin->d)->setHidden(i);
+     return 0;
+ }
+@@ -3180,7 +3180,7 @@ static int m_StructElement_getParentRef(lua_State * L)
+ // Ref is false if the C++ functione return false
+ static int m_StructElement_getPageRef(lua_State * L)
+ {
+-    GBool b;
++    bool b;
+     Ref *r;
+     udstruct *uin, *uout;
+     uin = (udstruct *) luaL_checkudata(L, 1, M_StructElement);
+@@ -3226,16 +3226,16 @@ static int m_StructElement_setRevision(lua_State * L)
+ 
+ static int m_StructElement_getText(lua_State * L)
+ {
+-    GBool i;
++    bool i;
+     GooString *gs;
+     udstruct *uin;
+     uin = (udstruct *) luaL_checkudata(L, 1, M_StructElement);
+     if (uin->pd != NULL && uin->pd->pc != uin->pc)
+         pdfdoc_changed_error(L);
+-    i = (GBool) lua_toboolean(L, 2);
++    i = (bool) lua_toboolean(L, 2);
+     gs =  ((StructElement *) uin->d)->getText(i);
+     if (gs != NULL)
+-        lua_pushlstring(L, gs->getCString(), gs->getLength());
++        lua_pushlstring(L, gs->c_str(), gs->getLength());
+     else
+         lua_pushnil(L);
+     return 1;
+@@ -3321,7 +3321,7 @@ static int m_StructElement_findAttribute(lua_State * L)
+ {
+     Attribute::Type t;
+     Attribute::Owner o;
+-    GBool g;
++    bool g;
+     udstruct *uin, *uout;
+     const Attribute *a;
+     uin = (udstruct *) luaL_checkudata(L, 1, M_StructElement);
+@@ -3329,7 +3329,7 @@ static int m_StructElement_findAttribute(lua_State * L)
+         pdfdoc_changed_error(L);
+     t = (Attribute::Type) luaL_checkint(L,1);
+     o = (Attribute::Owner) luaL_checkint(L,2);
+-    g = (GBool) lua_toboolean(L, 3);
++    g = (bool) lua_toboolean(L, 3);
+     a = ((StructElement *) uin->d)->findAttribute(t,g,o);
+ 
+     if (a!=NULL){
diff --git a/gnu/packages/patches/texlive-bin-pdftex-poppler-compat.patch b/gnu/packages/patches/texlive-bin-pdftex-poppler-compat.patch
new file mode 100644
index 0000000000..eba4733f32
--- /dev/null
+++ b/gnu/packages/patches/texlive-bin-pdftex-poppler-compat.patch
@@ -0,0 +1,188 @@
+Fix compatibility with Poppler 0.72.
+
+These files are taken from the upstream "poppler0.72.0.cc" variants and
+diffed against the "newpoppler" files from the 20180414 distribution.
+
+See revision 49336:
+https://tug.org/svn/texlive/trunk/Build/source/texk/web2c/pdftexdir/
+
+--- a/texk/web2c/pdftexdir/pdftoepdf-newpoppler.cc	1970-01-01 01:00:00.000000000 +0100
++++ b/texk/web2c/pdftexdir/pdftoepdf-newpoppler.cc	2018-12-09 21:14:58.479732695 +0100
+@@ -22,7 +22,7 @@
+ https://git.archlinux.org/svntogit/packages.git/plain/texlive-bin/trunk
+ by Arch Linux. A little modifications are made to avoid a crash for
+ some kind of pdf images, such as figure_missing.pdf in gnuplot.
+-The poppler should be 0.59.0 or newer versions.
++The poppler should be 0.72.0 or newer versions.
+ POPPLER_VERSION should be defined.
+ */
+ 
+@@ -120,7 +120,7 @@
+ 
+ static InObj *inObjList;
+ static UsedEncoding *encodingList;
+-static GBool isInit = gFalse;
++static bool isInit = false;
+ 
+ // --------------------------------------------------------------------
+ // Maintain list of open embedded PDF files
+@@ -317,7 +317,7 @@
+     pdf_puts("<<\n");
+     assert(r->type == objFont); // FontDescriptor is in fd_tree
+     for (i = 0, l = obj->dictGetLength(); i < l; ++i) {
+-        key = obj->dictGetKey(i);
++        key = (char *)obj->dictGetKey(i);
+         if (strncmp("FontDescriptor", key, strlen("FontDescriptor")) == 0
+             || strncmp("BaseFont", key, strlen("BaseFont")) == 0
+             || strncmp("Encoding", key, strlen("Encoding")) == 0)
+@@ -427,7 +427,7 @@
+         charset = fontdesc.dictLookup("CharSet");
+         if (!charset.isNull() &&
+             charset.isString() && is_subsetable(fontmap))
+-            epdf_mark_glyphs(fd, (char *)charset.getString()->getCString());
++            epdf_mark_glyphs(fd, (char *)charset.getString()->c_str());
+         else
+             embed_whole_font(fd);
+         addFontDesc(fontdescRef.getRef(), fd);
+@@ -454,7 +454,7 @@
+     for (i = 0, l = obj->dictGetLength(); i < l; ++i) {
+         fontRef = obj->dictGetValNF(i);
+         if (fontRef.isRef())
+-            copyFont(obj->dictGetKey(i), &fontRef);
++            copyFont((char *)obj->dictGetKey(i), &fontRef);
+         else if (fontRef.isDict()) {   // some programs generate pdf with embedded font object
+             copyName((char *)obj->dictGetKey(i));
+             pdf_puts(" ");
+@@ -566,7 +566,7 @@
+         pdf_printf("%s", convertNumToPDF(obj->getNum()));
+     } else if (obj->isString()) {
+         s = (GooString *)obj->getString();
+-        p = s->getCString();
++        p = (char *)s->c_str();
+         l = s->getLength();
+         if (strlen(p) == (unsigned int) l) {
+             pdf_puts("(");
+@@ -664,7 +664,7 @@
+                     ("PDF inclusion: CID fonts are not supported"
+                      " (try to disable font replacement to fix this)");
+             }
+-            if ((s = ((Gfx8BitFont *) r->font)->getCharName(i)) != 0)
++            if ((s = (char *)((Gfx8BitFont *) r->font)->getCharName(i)) != 0)
+                 glyphNames[i] = s;
+             else
+                 glyphNames[i] = notdef;
+@@ -683,7 +683,7 @@
+ }
+ 
+ // get the pagebox according to the pagebox_spec
+-static PDFRectangle *get_pagebox(Page * page, int pagebox_spec)
++static const PDFRectangle *get_pagebox(Page * page, int pagebox_spec)
+ {
+     if (pagebox_spec == pdfboxspecmedia)
+         return page->getMediaBox();
+@@ -715,7 +715,7 @@
+ {
+     PdfDocument *pdf_doc;
+     Page *page;
+-    PDFRectangle *pagebox;
++    const PDFRectangle *pagebox;
+ #ifdef POPPLER_VERSION
+     int pdf_major_version_found, pdf_minor_version_found;
+ #else
+@@ -724,8 +724,8 @@
+     // initialize
+     if (!isInit) {
+         globalParams = new GlobalParams();
+-        globalParams->setErrQuiet(gFalse);
+-        isInit = gTrue;
++        globalParams->setErrQuiet(false);
++        isInit = true;
+     }
+     // open PDF file
+     pdf_doc = find_add_document(image_name);
+@@ -849,7 +849,7 @@
+     pageObj = xref->fetch(pageRef->num, pageRef->gen);
+     pageDict = pageObj.getDict();
+     rotate = page->getRotate();
+-    PDFRectangle *pagebox;
++    const PDFRectangle *pagebox;
+     // write the Page header
+     pdf_puts("/Type /XObject\n");
+     pdf_puts("/Subtype /Form\n");
+@@ -977,7 +977,7 @@
+             }
+             l = dic1.getLength();
+             for (i = 0; i < l; i++) {
+-                groupDict.dictAdd(copyString(dic1.getKey(i)),
++                groupDict.dictAdd((const char *)copyString(dic1.getKey(i)),
+                                   dic1.getValNF(i));
+             }
+ // end modification
+@@ -1001,14 +1001,14 @@
+         pdf_puts("/Resources <<\n");
+         for (i = 0, l = obj1->dictGetLength(); i < l; ++i) {
+             obj2 = obj1->dictGetVal(i);
+-            key = obj1->dictGetKey(i);
++            key = (char *)obj1->dictGetKey(i);
+             if (strcmp("Font", key) == 0)
+                 copyFontResources(&obj2);
+             else if (strcmp("ProcSet", key) == 0)
+                 copyProcSet(&obj2);
+             else
+-                copyOtherResources(&obj2, key);
++                copyOtherResources(&obj2, (char *)key);
+         }
+         pdf_puts(">>\n");
+     }
+
+--- a/texk/web2c/pdftexdir/pdftosrc-newpoppler.cc	1970-01-01 01:00:00.000000000 +0100
++++ b/texk/web2c/pdftexdir/pdftosrc-newpoppler.cc	2018-12-09 21:14:58.479732695 +0100
+@@ -20,7 +20,7 @@
+ /*
+ This is based on the patch texlive-poppler-0.59.patch <2017-09-19> at
+ https://git.archlinux.org/svntogit/packages.git/plain/texlive-bin/trunk
+-by Arch Linux. The poppler should be 0.59.0 or newer versions.
++by Arch Linux. The poppler should be 0.72.0 or newer versions.
+ POPPLER_VERSION should be defined.
+ */
+ 
+@@ -109,7 +109,7 @@
+             fprintf(stderr, "No SourceName found\n");
+             exit(1);
+         }
+-        outname = (char *)srcName.getString()->getCString();
++        outname = (char *)srcName.getString()->c_str();
+         // We cannot free srcName, as objname shares its string.
+         // srcName.free();
+     } else if (objnum > 0) {
+@@ -118,7 +118,7 @@
+             fprintf(stderr, "Not a Stream object\n");
+             exit(1);
+         }
+-        sprintf(buf, "%s", fileName->getCString());
++        sprintf(buf, "%s", fileName->c_str());
+         if ((p = strrchr(buf, '.')) == 0)
+             p = strchr(buf, 0);
+         if (objgen == 0)
+@@ -128,7 +128,7 @@
+         outname = buf;
+     } else {                    // objnum < 0 means we are extracting the XRef table
+         extract_xref_table = true;
+-        sprintf(buf, "%s", fileName->getCString());
++        sprintf(buf, "%s", fileName->c_str());
+         if ((p = strrchr(buf, '.')) == 0)
+             p = strchr(buf, 0);
+         sprintf(p, ".xref");
+@@ -173,9 +173,9 @@
+ 
+                 // parse the header: object numbers and offsets
+                 objStr.streamReset();
+-                str = new EmbedStream(objStr.getStream(), Object(objNull), gTrue, first);
++                str = new EmbedStream(objStr.getStream(), Object(objNull), true, first);
+                 lexer = new Lexer(xref, str);
+-                parser = new Parser(xref, lexer, gFalse);
++                parser = new Parser(xref, lexer, false);
+                 for (n = 0; n < nObjects; ++n) {
+                     obj1 = parser->getObj();
+                     obj2 = parser->getObj();
+
diff --git a/gnu/packages/patches/texlive-bin-xetex-poppler-compat.patch b/gnu/packages/patches/texlive-bin-xetex-poppler-compat.patch
new file mode 100644
index 0000000000..cac716cc59
--- /dev/null
+++ b/gnu/packages/patches/texlive-bin-xetex-poppler-compat.patch
@@ -0,0 +1,31 @@
+Fix compatibility with Poppler 0.72.
+
+Patch taken from upstream:
+https://tug.org/svn/texlive/trunk/Build/source/texk/web2c/xetexdir/pdfimage.cpp?r1=44964&r2=48969&diff_format=u
+
+--- a/texk/web2c/xetexdir/pdfimage.cpp	2017/08/06 07:12:02	44964
++++ b/texk/web2c/xetexdir/pdfimage.cpp	2018/10/22 04:01:42	48969
+@@ -82,19 +82,19 @@
+ 	switch (pdf_box) {
+ 		default:
+ 		case pdfbox_crop:
+-			r = page->getCropBox();
++			r = (PDFRectangle *)page->getCropBox();
+ 			break;
+ 		case pdfbox_media:
+-			r = page->getMediaBox();
++			r = (PDFRectangle *)page->getMediaBox();
+ 			break;
+ 		case pdfbox_bleed:
+-			r = page->getBleedBox();
++			r = (PDFRectangle *)page->getBleedBox();
+ 			break;
+ 		case pdfbox_trim:
+-			r = page->getTrimBox();
++			r = (PDFRectangle *)page->getTrimBox();
+ 			break;
+ 		case pdfbox_art:
+-			r = page->getArtBox();
++			r = (PDFRectangle *)page->getArtBox();
+ 			break;
+ 	}