summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/duplicity-piped-password.patch20
-rw-r--r--gnu/packages/patches/duplicity-test_selection-tmp.patch18
-rw-r--r--gnu/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch27
-rw-r--r--gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch40
-rw-r--r--gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch32
-rw-r--r--gnu/packages/patches/httpd-CVE-2016-8740.patch36
-rw-r--r--gnu/packages/patches/khal-disable-failing-tests.patch33
-rw-r--r--gnu/packages/patches/lcms-fix-out-of-bounds-read.patch34
-rw-r--r--gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch35
-rw-r--r--gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch414
-rw-r--r--gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch42
-rw-r--r--gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch40
-rw-r--r--gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch42
-rw-r--r--gnu/packages/patches/libevent-2.1-dns-tests.patch26
-rw-r--r--gnu/packages/patches/libevent-2.1-skip-failing-test.patch24
-rw-r--r--gnu/packages/patches/libtiff-CVE-2017-5225.patch86
-rw-r--r--gnu/packages/patches/libupnp-CVE-2016-6255.patch50
-rw-r--r--gnu/packages/patches/libupnp-CVE-2016-8863.patch72
-rw-r--r--gnu/packages/patches/libvpx-CVE-2016-2818.patch21
-rw-r--r--gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch188
-rw-r--r--gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch36
-rw-r--r--gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch42
-rw-r--r--gnu/packages/patches/omake-fix-non-determinism.patch41
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch233
-rw-r--r--gnu/packages/patches/p7zip-CVE-2016-9296.patch24
-rw-r--r--gnu/packages/patches/qemu-CVE-2016-10155.patch49
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-2615.patch52
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5525.patch55
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5526.patch58
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5552.patch44
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5578.patch39
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5579.patch44
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5667.patch46
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5856.patch68
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5898.patch44
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5931.patch55
-rw-r--r--gnu/packages/patches/screen-CVE-2017-5618.patch40
-rw-r--r--gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch31
-rw-r--r--gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch22
-rw-r--r--gnu/packages/patches/spice-CVE-2016-9577.patch33
-rw-r--r--gnu/packages/patches/spice-CVE-2016-9578-1.patch33
-rw-r--r--gnu/packages/patches/spice-CVE-2016-9578-2.patch38
-rw-r--r--gnu/packages/patches/tipp10-fix-compiling.patch213
-rw-r--r--gnu/packages/patches/tipp10-remove-license-code.patch332
-rw-r--r--gnu/packages/patches/totem-debug-format-fix.patch11
-rw-r--r--gnu/packages/patches/upower-builddir.patch2
-rw-r--r--gnu/packages/patches/vsearch-unbundle-cityhash.patch73
-rw-r--r--gnu/packages/patches/xf86-video-glint-remove-mibstore.patch24
-rw-r--r--gnu/packages/patches/xf86-video-nv-remove-mibstore.patch72
-rw-r--r--gnu/packages/patches/xinetd-CVE-2013-4342.patch36
-rw-r--r--gnu/packages/patches/xinetd-fix-fd-leak.patch26
51 files changed, 2799 insertions, 397 deletions
diff --git a/gnu/packages/patches/duplicity-piped-password.patch b/gnu/packages/patches/duplicity-piped-password.patch
deleted file mode 100644
index db50f5df32..0000000000
--- a/gnu/packages/patches/duplicity-piped-password.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-This test, on three occasions, is failing with the error:
-
-  EOF: End Of File (EOF) in read_nonblocking(). Braindead platform.
-
---- duplicity-0.6.24/testing/functional/test_final.py	2014-09-28 13:14:52.146001614 -0500
-+++ duplicity-0.6.24/testing/functional/test_final.py	2014-09-28 13:13:20.333546342 -0500
-@@ -156,13 +156,6 @@
-         self.run_duplicity(options=["remove-older-than", "50000", "--force", self.backend_url])
-         self.assertEqual(self.get_backend_files(), second_chain)
- 
--    def test_piped_password(self):
--        """Make sure that prompting for a password works"""
--        self.set_environ("PASSPHRASE", None)
--        self.backup("full", "testfiles/empty_dir",
--                    passphrase_input=[self.sign_passphrase, self.sign_passphrase])
--        self.restore(passphrase_input=[self.sign_passphrase])
--
- 
- class OldFilenamesFinalTest(FinalTest):
- 
diff --git a/gnu/packages/patches/duplicity-test_selection-tmp.patch b/gnu/packages/patches/duplicity-test_selection-tmp.patch
deleted file mode 100644
index 8f66be4dcc..0000000000
--- a/gnu/packages/patches/duplicity-test_selection-tmp.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Reported upstream at https://bugs.launchpad.net/duplicity/+bug/1375019
-
---- duplicity-0.6.24/testing/unit/test_selection.py	2014-05-09 08:27:40.000000000 -0500
-+++ duplicity-0.6.24/testing/unit/test_selection.py	2014-09-28 12:28:53.932324380 -0500
-@@ -431,10 +431,10 @@
-                        [(), ('1',), ('1', '1'), ('1', '2'), ('1', '3')])
- 
-         self.root = Path("/")
--        self.ParseTest([("--exclude", "/home/*"),
--                        ("--include", "/home"),
-+        self.ParseTest([("--exclude", "/tmp/*"),
-+                        ("--include", "/tmp"),
-                         ("--exclude", "/")],
--                       [(), ("home",)])
-+                       [(), ("tmp",)])
- 
- if __name__ == "__main__":
-     unittest.main()
diff --git a/gnu/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch b/gnu/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch
new file mode 100644
index 0000000000..40aae7a9d7
--- /dev/null
+++ b/gnu/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch
@@ -0,0 +1,27 @@
+Don’t add linker flags via ‘response files’ since ld-wrapper
+doesn’t handle them.
+See https://github.com/NixOS/nixpkgs/commit/a421e7bd4a28c69bded8b17888325e31554f61a1
+https://gcc.gnu.org/ml/gcc/2016-10/msg00151.html
+
+diff --git a/compiler/main/SysTools.hs.orig b/compiler/main/SysTools.hs
+index 1ab5b13..99270fc 100644
+--- a/compiler/main/SysTools.hs.orig
++++ b/compiler/main/SysTools.hs
+@@ -424,7 +424,7 @@ runCc dflags args =   do
+       args1 = map Option (getOpts dflags opt_c)
+       args2 = args0 ++ args1 ++ args
+   mb_env <- getGccEnv args2
+-  runSomethingResponseFile dflags cc_filter "C Compiler" p args2 mb_env
++  runSomethingFiltered dflags cc_filter "C Compiler" p args2 mb_env
+  where
+   -- discard some harmless warnings from gcc that we can't turn off
+   cc_filter = unlines . doFilter . lines
+@@ -945,7 +945,7 @@ runLink dflags args = do
+       args1     = map Option (getOpts dflags opt_l)
+       args2     = args0 ++ linkargs ++ args1 ++ args
+   mb_env <- getGccEnv args2
+-  runSomethingResponseFile dflags ld_filter "Linker" p args2 mb_env
++  runSomethingFiltered dflags ld_filter "Linker" p args2 mb_env
+   where
+     ld_filter = case (platformOS (targetPlatform dflags)) of
+                   OSSolaris2 -> sunos_ld_filter
diff --git a/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch b/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch
deleted file mode 100644
index 79bb41caaa..0000000000
--- a/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-This fixes a segfault on 32-bit architectures. Upstream discussion:
-
-https://lists.gnupg.org/pipermail/gnupg-devel/2016-December/032364.html
-
-Guix thread: https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00631.html
-
-Patch copied from upstream source repository:
-
-https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=6e96cdd41a0e55b672309431062f37c4a4a9f485
-
-From 6e96cdd41a0e55b672309431062f37c4a4a9f485 Mon Sep 17 00:00:00 2001
-From: Justus Winter <justus@g10code.com>
-Date: Wed, 21 Dec 2016 16:14:45 +0100
-Subject: [PATCH] gpgscm: Guard use of union member.
-
-* tests/gpgscm/scheme.c (opexe_5): Check that we have a file port
-before accessing filename.  Fixes a crash on 32-bit architectures.
-
-Fixes-commit: e7429b1ced0c69fa7901f888f8dc25f00fc346a4
-Signed-off-by: Justus Winter <justus@g10code.com>
----
- tests/gpgscm/scheme.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c
-index a5b7691..2844545 100644
---- a/tests/gpgscm/scheme.c
-+++ b/tests/gpgscm/scheme.c
-@@ -4838,7 +4838,7 @@ static pointer opexe_5(scheme *sc, enum scheme_opcodes op) {
-                } else {
-                     sc->nesting_stack[sc->file_i]++;
- #if USE_TAGS && SHOW_ERROR_LINE
--		    {
-+		    if (sc->load_stack[sc->file_i].kind & port_file) {
- 		      const char *filename =
- 			sc->load_stack[sc->file_i].rep.stdio.filename;
- 		      int lineno =
--- 
-2.8.0.rc3
-
diff --git a/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch b/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch
new file mode 100644
index 0000000000..4c6c7ed06e
--- /dev/null
+++ b/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch
@@ -0,0 +1,32 @@
+This fixes a test failure on i686.
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=5e2e111627871c566ffc6607eda8f4ef4699d040
+
+From 5e2e111627871c566ffc6607eda8f4ef4699d040 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 2 Feb 2017 14:56:39 +0200
+Subject: [PATCH] multifdsink: Make sure to use a 64 bit integer for the
+ units-max property
+
+---
+ tests/check/elements/multifdsink.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/check/elements/multifdsink.c b/tests/check/elements/multifdsink.c
+index af138cc92..951b1b9fa 100644
+--- a/tests/check/elements/multifdsink.c
++++ b/tests/check/elements/multifdsink.c
+@@ -869,7 +869,7 @@ GST_START_TEST (test_client_kick)
+   gint i, initial_buffers = 3, num_buffers = 0;
+ 
+   sink = setup_multifdsink ();
+-  g_object_set (sink, "units-max", initial_buffers, NULL);
++  g_object_set (sink, "units-max", (gint64) initial_buffers, NULL);
+ 
+   fail_if (pipe (pfd1) == -1);
+   fail_if (pipe (pfd2) == -1);
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/httpd-CVE-2016-8740.patch b/gnu/packages/patches/httpd-CVE-2016-8740.patch
deleted file mode 100644
index 17ba323ccf..0000000000
--- a/gnu/packages/patches/httpd-CVE-2016-8740.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-This patch applies against httpd-2.4.23 and shouldn't be needed in later releases
-http://openwall.com/lists/oss-security/2016/12/05/17
-Index: modules/http2/h2_stream.c
-===================================================================
---- modules/http2/h2_stream.c	(revision 1771866)
-+++ modules/http2/h2_stream.c	(working copy)
-@@ -322,18 +322,18 @@
-                                            HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE);
-             }
-         }
--    }
--    
--    if (h2_stream_is_scheduled(stream)) {
--        return h2_request_add_trailer(stream->request, stream->pool,
--                                      name, nlen, value, vlen);
--    }
--    else {
--        if (!input_open(stream)) {
--            return APR_ECONNRESET;
-+        
-+        if (h2_stream_is_scheduled(stream)) {
-+            return h2_request_add_trailer(stream->request, stream->pool,
-+                                          name, nlen, value, vlen);
-         }
--        return h2_request_add_header(stream->request, stream->pool,
--                                     name, nlen, value, vlen);
-+        else {
-+            if (!input_open(stream)) {
-+                return APR_ECONNRESET;
-+            }
-+            return h2_request_add_header(stream->request, stream->pool,
-+                                         name, nlen, value, vlen);
-+        }
-     }
- }
- 
diff --git a/gnu/packages/patches/khal-disable-failing-tests.patch b/gnu/packages/patches/khal-disable-failing-tests.patch
deleted file mode 100644
index e2c65df8ce..0000000000
--- a/gnu/packages/patches/khal-disable-failing-tests.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Disable some tests that are known to fail:
-
-https://github.com/pimutils/khal/issues/546
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844081
-
-diff --git a/tests/khalendar_test.py b/tests/khalendar_test.py
-index fd8dcc6..17732bf 100644
---- a/tests/khalendar_test.py
-+++ b/tests/khalendar_test.py
-@@ -65,6 +65,7 @@ class TestCalendar(object):
-                 else:
-                     mtimes[cal] = mtime
- 
-+    @pytest.mark.xfail
-     def test_db_needs_update(self, coll_vdirs):
-         coll, vdirs = coll_vdirs
- 
-@@ -321,6 +322,7 @@ class TestDbCreation(object):
-             CalendarCollection(calendars, dbpath=dbpath, locale=aux.locale)
- 
- 
-+@pytest.mark.xfail
- def test_default_calendar(coll_vdirs):
-     """test if an update to the vdir is detected by the CalendarCollection"""
-     coll, vdirs = coll_vdirs
-@@ -341,6 +343,7 @@ def test_default_calendar(coll_vdirs):
-     assert len(list(coll.get_events_on(today))) == 0
- 
- 
-+@pytest.mark.xfail
- def test_only_update_old_event(coll_vdirs, monkeypatch):
-     coll, vdirs = coll_vdirs
- 
diff --git a/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch b/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch
new file mode 100644
index 0000000000..d9f7ac6a36
--- /dev/null
+++ b/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch
@@ -0,0 +1,34 @@
+Fix an out-of-bounds heap read in Type_MLU_Read():
+
+http://seclists.org/oss-sec/2016/q3/288
+https://bugzilla.redhat.com/show_bug.cgi?id=1367357
+
+Patch copied from upstream source repository:
+
+https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
+
+From 5ca71a7bc18b6897ab21d815d15e218e204581e2 Mon Sep 17 00:00:00 2001
+From: Marti <marti.maria@tktbrainpower.com>
+Date: Mon, 15 Aug 2016 23:31:39 +0200
+Subject: [PATCH] Added an extra check to MLU bounds
+
+Thanks to Ibrahim el-sayed for spotting the bug
+---
+ src/cmstypes.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/cmstypes.c b/src/cmstypes.c
+index cb61860..c7328b9 100644
+--- a/src/cmstypes.c
++++ b/src/cmstypes.c
+@@ -1460,6 +1460,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU
+ 
+         // Check for overflow
+         if (Offset < (SizeOfHeader + 8)) goto Error;
++        if ((Offset + Len) > SizeOfTag + 8) goto Error;
+ 
+         // True begin of the string
+         BeginOfThisString = Offset - SizeOfHeader - 8;
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch b/gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch
new file mode 100644
index 0000000000..31eb44aefc
--- /dev/null
+++ b/gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch
@@ -0,0 +1,35 @@
+This patch deactivates some tests that fail when ldc is built with the command:
+
+./pre-inst-env guix environment guix --pure -- ./pre-inst-env guix build ldc@1.1.0-beta6
+
+When the --keep-failed flag is added to the build command above, and the tests
+run in the resulting /tmp/guix-build-ldc-1.1.0-beta6.drv-* directory, the tests
+pass.
+
+by Frederick M. Muriithi <fredmanglis@gmail.com>
+
+diff --git a/d_do_test.d b/d_do_test.d
+index aa67169..8173759 100755
+--- a/d_do_test.d
++++ b/d_do_test.d
+@@ -645,8 +645,6 @@ int main(string[] args)
+                     auto gdb_output = execute(fThisRun, command, true, result_path);
+                     if (testArgs.gdbMatch !is null)
+                     {
+-                        enforce(match(gdb_output, regex(testArgs.gdbMatch)),
+-                                "\nGDB regex: '"~testArgs.gdbMatch~"' didn't match output:\n----\n"~gdb_output~"\n----\n");
+                     }
+                 }
+             }
+diff --git a/runnable/gdb15729.sh b/runnable/gdb15729.sh
+index 1d390e0..906b2b6 100755
+--- a/runnable/gdb15729.sh
++++ b/runnable/gdb15729.sh
+@@ -21,7 +21,6 @@ if [ $OS == "linux" ]; then
+        echo RESULT=
+        p s.val
+ EOF
+-    gdb ${dir}${SEP}gdb15729 --batch -x ${dir}${SEP}gdb15729.gdb | grep 'RESULT=.*1234' || exit 1
+ fi
+ 
+ rm -f ${libname} ${dir}${SEP}{gdb15729${OBJ},gdb15729${EXE},gdb15729.gdb}
diff --git a/gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch b/gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch
new file mode 100644
index 0000000000..70dd419455
--- /dev/null
+++ b/gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch
@@ -0,0 +1,414 @@
+This patch deactivates failing tests that depend on network connectivity
+to pass in curl.d and socket.d
+It deactivates tests in path.d that assume /root
+
+A thread was started on the ldc forum to pursue the possibility of a
+version flag to deactivate tests conditionally. The thread is at
+https://forum.dlang.org/post/zmdbdgnzrxyvtpqafvyg@forum.dlang.org
+
+by Frederick M. Muriithi <fredmanglis@gmail.com>
+
+diff --git a/std/datetime.d b/std/datetime.d
+index 4d4afb1..2c91a44 100644
+--- a/std/datetime.d
++++ b/std/datetime.d
+@@ -27306,8 +27306,8 @@ public:
+         // leaving it commented out until I can sort it out.
+         //assert(equal(tzNames, tzNames.uniq()));
+ 
+-        foreach(tzName; tzNames)
+-            assertNotThrown!DateTimeException(testPZSuccess(tzName));
++        //foreach(tzName; tzNames)
++            //assertNotThrown!DateTimeException(testPZSuccess(tzName));
+     }
+ 
+ 
+@@ -29178,8 +29178,8 @@ public:
+ 
+         auto tzNames = getInstalledTZNames();
+ 
+-        foreach(tzName; tzNames)
+-            assertNotThrown!DateTimeException(testPTZSuccess(tzName));
++        //foreach(tzName; tzNames)
++            //assertNotThrown!DateTimeException(testPTZSuccess(tzName));
+ 
+         // No timezone directories on Android, just a single tzdata file
+         version(Android) {} else
+diff --git a/std/net/curl.d b/std/net/curl.d
+index 9c6af66..5fccb38 100644
+--- a/std/net/curl.d
++++ b/std/net/curl.d
+@@ -419,7 +419,7 @@ void download(Conn = AutoProtocol)(const(char)[] url, string saveToPath, Conn co
+ 
+ unittest
+ {
+-    static import std.file;
++    /*static import std.file;
+     foreach (host; [testServer.addr, "http://"~testServer.addr])
+     {
+         testServer.handle((s) {
+@@ -430,7 +430,7 @@ unittest
+         scope (exit) std.file.remove(fn);
+         download(host, fn);
+         assert(std.file.readText(fn) == "Hello world");
+-    }
++    }*/
+ }
+ 
+ /** Upload file from local files system using the HTTP or FTP protocol.
+@@ -483,7 +483,7 @@ void upload(Conn = AutoProtocol)(string loadFromPath, const(char)[] url, Conn co
+ 
+ unittest
+ {
+-    static import std.file;
++    /*static import std.file;
+     foreach (host; [testServer.addr, "http://"~testServer.addr])
+     {
+         auto fn = std.file.deleteme;
+@@ -496,7 +496,7 @@ unittest
+             s.send(httpOK());
+         });
+         upload(fn, host ~ "/path");
+-    }
++    }*/
+ }
+ 
+ /** HTTP/FTP get content.
+@@ -551,7 +551,7 @@ T[] get(Conn = AutoProtocol, T = char)(const(char)[] url, Conn conn = Conn())
+ 
+ unittest
+ {
+-    foreach (host; [testServer.addr, "http://"~testServer.addr])
++    /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+     {
+         testServer.handle((s) {
+             assert(s.recvReq.hdrs.canFind("GET /path"));
+@@ -559,7 +559,7 @@ unittest
+         });
+         auto res = get(host ~ "/path");
+         assert(res == "GETRESPONSE");
+-    }
++    }*/
+ }
+ 
+ 
+@@ -598,7 +598,7 @@ if (is(T == char) || is(T == ubyte))
+ 
+ unittest
+ {
+-    foreach (host; [testServer.addr, "http://"~testServer.addr])
++    /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+     {
+         testServer.handle((s) {
+             auto req = s.recvReq;
+@@ -608,12 +608,12 @@ unittest
+         });
+         auto res = post(host ~ "/path", "POSTBODY");
+         assert(res == "POSTRESPONSE");
+-    }
++    }*/
+ }
+ 
+ unittest
+ {
+-    auto data = new ubyte[](256);
++    /*auto data = new ubyte[](256);
+     foreach (i, ref ub; data)
+         ub = cast(ubyte)i;
+ 
+@@ -624,7 +624,7 @@ unittest
+         s.send(httpOK(cast(ubyte[])[17, 27, 35, 41]));
+     });
+     auto res = post!ubyte(testServer.addr, data);
+-    assert(res == cast(ubyte[])[17, 27, 35, 41]);
++    assert(res == cast(ubyte[])[17, 27, 35, 41]);*/
+ }
+ 
+ 
+@@ -680,7 +680,7 @@ T[] put(Conn = AutoProtocol, T = char, PutUnit)(const(char)[] url, const(PutUnit
+ 
+ unittest
+ {
+-    foreach (host; [testServer.addr, "http://"~testServer.addr])
++    /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+     {
+         testServer.handle((s) {
+             auto req = s.recvReq;
+@@ -690,7 +690,7 @@ unittest
+         });
+         auto res = put(host ~ "/path", "PUTBODY");
+         assert(res == "PUTRESPONSE");
+-    }
++    }*/
+ }
+ 
+ 
+@@ -742,7 +742,7 @@ void del(Conn = AutoProtocol)(const(char)[] url, Conn conn = Conn())
+ 
+ unittest
+ {
+-    foreach (host; [testServer.addr, "http://"~testServer.addr])
++    /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+     {
+         testServer.handle((s) {
+             auto req = s.recvReq;
+@@ -750,7 +750,7 @@ unittest
+             s.send(httpOK());
+         });
+         del(host ~ "/path");
+-    }
++    }*/
+ }
+ 
+ 
+@@ -796,13 +796,13 @@ T[] options(T = char, OptionsUnit)(const(char)[] url,
+ 
+ unittest
+ {
+-    testServer.handle((s) {
++    /*testServer.handle((s) {
+         auto req = s.recvReq;
+         assert(req.hdrs.canFind("OPTIONS /path"));
+         s.send(httpOK("OPTIONSRESPONSE"));
+     });
+     auto res = options(testServer.addr ~ "/path");
+-    assert(res == "OPTIONSRESPONSE");
++    assert(res == "OPTIONSRESPONSE");*/
+ }
+ 
+ 
+@@ -836,13 +836,13 @@ T[] trace(T = char)(const(char)[] url, HTTP conn = HTTP())
+ 
+ unittest
+ {
+-    testServer.handle((s) {
++    /*testServer.handle((s) {
+         auto req = s.recvReq;
+         assert(req.hdrs.canFind("TRACE /path"));
+         s.send(httpOK("TRACERESPONSE"));
+     });
+     auto res = trace(testServer.addr ~ "/path");
+-    assert(res == "TRACERESPONSE");
++    assert(res == "TRACERESPONSE");*/
+ }
+ 
+ 
+@@ -875,13 +875,13 @@ T[] connect(T = char)(const(char)[] url, HTTP conn = HTTP())
+ 
+ unittest
+ {
+-    testServer.handle((s) {
++    /*testServer.handle((s) {
+         auto req = s.recvReq;
+         assert(req.hdrs.canFind("CONNECT /path"));
+         s.send(httpOK("CONNECTRESPONSE"));
+     });
+     auto res = connect(testServer.addr ~ "/path");
+-    assert(res == "CONNECTRESPONSE");
++    assert(res == "CONNECTRESPONSE");*/
+ }
+ 
+ 
+@@ -919,14 +919,14 @@ T[] patch(T = char, PatchUnit)(const(char)[] url, const(PatchUnit)[] patchData,
+ 
+ unittest
+ {
+-    testServer.handle((s) {
++    /*testServer.handle((s) {
+         auto req = s.recvReq;
+         assert(req.hdrs.canFind("PATCH /path"));
+         assert(req.bdy.canFind("PATCHBODY"));
+         s.send(httpOK("PATCHRESPONSE"));
+     });
+     auto res = patch(testServer.addr ~ "/path", "PATCHBODY");
+-    assert(res == "PATCHRESPONSE");
++    assert(res == "PATCHRESPONSE");*/
+ }
+ 
+ 
+@@ -1031,19 +1031,19 @@ private auto _basicHTTP(T)(const(char)[] url, const(void)[] sendData, HTTP clien
+ 
+ unittest
+ {
+-    testServer.handle((s) {
++    /*testServer.handle((s) {
+         auto req = s.recvReq;
+         assert(req.hdrs.canFind("GET /path"));
+         s.send(httpNotFound());
+     });
+     auto e = collectException!CurlException(get(testServer.addr ~ "/path"));
+-    assert(e.msg == "HTTP request returned status code 404 (Not Found)");
++    assert(e.msg == "HTTP request returned status code 404 (Not Found)");*/
+ }
+ 
+ // Bugzilla 14760 - content length must be reset after post
+ unittest
+ {
+-    testServer.handle((s) {
++    /*testServer.handle((s) {
+         auto req = s.recvReq;
+         assert(req.hdrs.canFind("POST /"));
+         assert(req.bdy.canFind("POSTBODY"));
+@@ -1061,7 +1061,7 @@ unittest
+     auto res = post(testServer.addr, "POSTBODY", http);
+     assert(res == "POSTRESPONSE");
+     res = trace(testServer.addr, http);
+-    assert(res == "TRACERESPONSE");
++    assert(res == "TRACERESPONSE");*/
+ }
+ 
+ /*
+@@ -1265,14 +1265,14 @@ if (isCurlConn!Conn && isSomeChar!Char && isSomeChar!Terminator)
+ 
+ unittest
+ {
+-    foreach (host; [testServer.addr, "http://"~testServer.addr])
++    /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+     {
+         testServer.handle((s) {
+             auto req = s.recvReq;
+             s.send(httpOK("Line1\nLine2\nLine3"));
+         });
+         assert(byLine(host).equal(["Line1", "Line2", "Line3"]));
+-    }
++    }*/
+ }
+ 
+ /** HTTP/FTP fetch content as a range of chunks.
+@@ -1337,14 +1337,14 @@ auto byChunk(Conn = AutoProtocol)
+ 
+ unittest
+ {
+-    foreach (host; [testServer.addr, "http://"~testServer.addr])
++    /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+     {
+         testServer.handle((s) {
+             auto req = s.recvReq;
+             s.send(httpOK(cast(ubyte[])[0, 1, 2, 3, 4, 5]));
+         });
+         assert(byChunk(host, 2).equal([[0, 1], [2, 3], [4, 5]]));
+-    }
++    }*/
+ }
+ 
+ private T[] _getForRange(T,Conn)(const(char)[] url, Conn conn)
+@@ -1629,14 +1629,14 @@ auto byLineAsync(Conn = AutoProtocol, Terminator = char, Char = char)
+ 
+ unittest
+ {
+-    foreach (host; [testServer.addr, "http://"~testServer.addr])
++    /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+     {
+         testServer.handle((s) {
+             auto req = s.recvReq;
+             s.send(httpOK("Line1\nLine2\nLine3"));
+         });
+         assert(byLineAsync(host).equal(["Line1", "Line2", "Line3"]));
+-    }
++    }*/
+ }
+ 
+ 
+@@ -1778,14 +1778,14 @@ auto byChunkAsync(Conn = AutoProtocol)
+ 
+ unittest
+ {
+-    foreach (host; [testServer.addr, "http://"~testServer.addr])
++    /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+     {
+         testServer.handle((s) {
+             auto req = s.recvReq;
+             s.send(httpOK(cast(ubyte[])[0, 1, 2, 3, 4, 5]));
+         });
+         assert(byChunkAsync(host, 2).equal([[0, 1], [2, 3], [4, 5]]));
+-    }
++    }*/
+ }
+ 
+ 
+@@ -2041,7 +2041,7 @@ private mixin template Protocol()
+ 
+     unittest
+     {
+-        testServer.handle((s) {
++        /*testServer.handle((s) {
+             auto req = s.recvReq;
+             assert(req.hdrs.canFind("GET /"));
+             assert(req.hdrs.canFind("Basic dXNlcjpwYXNz"));
+@@ -2051,7 +2051,7 @@ private mixin template Protocol()
+         auto http = HTTP(testServer.addr);
+         http.onReceive = (ubyte[] data) { return data.length; };
+         http.setAuthentication("user", "pass");
+-        http.perform();
++        http.perform();*/
+     }
+ 
+     /**
+@@ -2959,7 +2959,7 @@ struct HTTP
+ 
+     unittest
+     {
+-        testServer.handle((s) {
++        /*testServer.handle((s) {
+             auto req = s.recvReq!ubyte;
+             assert(req.hdrs.canFind("POST /path"));
+             assert(req.bdy.canFind(cast(ubyte[])[0, 1, 2, 3, 4]));
+@@ -2975,7 +2975,7 @@ struct HTTP
+         ubyte[] res;
+         http.onReceive = (data) { res ~= data; return data.length; };
+         http.perform();
+-        assert(res == cast(ubyte[])[17, 27, 35, 41]);
++        assert(res == cast(ubyte[])[17, 27, 35, 41]);*/
+     }
+ 
+     /**
+diff --git a/std/path.d b/std/path.d
+index 60c844f..0598104 100644
+--- a/std/path.d
++++ b/std/path.d
+@@ -3953,8 +3953,10 @@ unittest
+         }
+         else
+         {
++/*
+             assert(expandTilde("~root") == "/root", expandTilde("~root"));
+             assert(expandTilde("~root/") == "/root/", expandTilde("~root/"));
++*/
+         }
+         assert(expandTilde("~Idontexist/hey") == "~Idontexist/hey");
+     }
+diff --git a/std/socket.d b/std/socket.d
+index 7f5a3c3..e68b881 100644
+--- a/std/socket.d
++++ b/std/socket.d
+@@ -481,15 +481,15 @@ unittest
+ {
+     softUnittest({
+         Protocol proto = new Protocol;
+-        assert(proto.getProtocolByType(ProtocolType.TCP));
++        //assert(proto.getProtocolByType(ProtocolType.TCP));
+         //writeln("About protocol TCP:");
+         //writefln("\tName: %s", proto.name);
+         // foreach(string s; proto.aliases)
+         // {
+         //      writefln("\tAlias: %s", s);
+         // }
+-        assert(proto.name == "tcp");
+-        assert(proto.aliases.length == 1 && proto.aliases[0] == "TCP");
++        //assert(proto.name == "tcp");
++        //assert(proto.aliases.length == 1 && proto.aliases[0] == "TCP");
+     });
+ }
+ 
+@@ -832,9 +832,9 @@ unittest
+     InternetHost ih = new InternetHost;
+ 
+     ih.getHostByAddr(0x7F_00_00_01);
+-    assert(ih.addrList[0] == 0x7F_00_00_01);
++    //assert(ih.addrList[0] == 0x7F_00_00_01);
+     ih.getHostByAddr("127.0.0.1");
+-    assert(ih.addrList[0] == 0x7F_00_00_01);
++    //assert(ih.addrList[0] == 0x7F_00_00_01);
+ 
+     softUnittest({
+         if (!ih.getHostByName("www.digitalmars.com"))
diff --git a/gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch b/gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch
new file mode 100644
index 0000000000..f1907d53e2
--- /dev/null
+++ b/gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch
@@ -0,0 +1,42 @@
+Fix buffer overread in libevents DNS code.
+
+Upstream bug report:
+
+https://github.com/libevent/libevent/issues/317
+
+Patch copied from upstream source repository:
+
+https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d
+
+From 3c570970516f48da35f42fef98276531fcc0abaa Mon Sep 17 00:00:00 2001
+From: Azat Khuzhin <a3at.mail@gmail.com>
+Date: Mon, 1 Feb 2016 17:32:09 +0300
+Subject: [PATCH] evdns: name_parse(): fix remote stack overread
+
+---
+ evdns.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/evdns.c b/evdns.c
+index 60b10485..137c24ea 100644
+--- a/evdns.c
++++ b/evdns.c
+@@ -960,7 +960,6 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) {
+ 
+ 	for (;;) {
+ 		u8 label_len;
+-		if (j >= length) return -1;
+ 		GET8(label_len);
+ 		if (!label_len) break;
+ 		if (label_len & 0xc0) {
+@@ -981,6 +980,7 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) {
+ 			*cp++ = '.';
+ 		}
+ 		if (cp + label_len >= end) return -1;
++		if (j + label_len > length) return -1;
+ 		memcpy(cp, packet + j, label_len);
+ 		cp += label_len;
+ 		j += label_len;
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch b/gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch
new file mode 100644
index 0000000000..c4ad0a1a4a
--- /dev/null
+++ b/gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch
@@ -0,0 +1,40 @@
+Fix OOB read on empty hostnames in evdns.
+
+Upstream bug report:
+
+https://github.com/libevent/libevent/issues/332
+
+Patch copied from upstream source repository:
+
+https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e
+
+From a0305cec166a5bc89f1eb362510cc4cd25ecc0bc Mon Sep 17 00:00:00 2001
+From: Azat Khuzhin <a3at.mail@gmail.com>
+Date: Fri, 25 Mar 2016 00:33:47 +0300
+Subject: [PATCH] evdns: fix searching empty hostnames
+
+---
+ evdns.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/evdns.c b/evdns.c
+index 137c24ea..6191c677 100644
+--- a/evdns.c
++++ b/evdns.c
+@@ -3122,9 +3122,12 @@ search_set_from_hostname(struct evdns_base *base) {
+ static char *
+ search_make_new(const struct search_state *const state, int n, const char *const base_name) {
+ 	const size_t base_len = strlen(base_name);
+-	const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1;
++	char need_to_append_dot;
+ 	struct search_domain *dom;
+ 
++	if (!base_len) return NULL;
++	need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1;
++
+ 	for (dom = state->head; dom; dom = dom->next) {
+ 		if (!n--) {
+ 			/* this is the postfix we want */
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch b/gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch
new file mode 100644
index 0000000000..4d16a4b917
--- /dev/null
+++ b/gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch
@@ -0,0 +1,42 @@
+Fix buffer overflow in evutil.
+
+Upstream bug report:
+
+https://github.com/libevent/libevent/issues/318
+
+Patch copied from upstream source repository:
+
+https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5
+
+From 28bdc2f3f62259d21ccaf7be2b60ef0a53e6f342 Mon Sep 17 00:00:00 2001
+From: Azat Khuzhin <a3at.mail@gmail.com>
+Date: Sun, 31 Jan 2016 00:57:16 +0300
+Subject: [PATCH] evutil_parse_sockaddr_port(): fix buffer overflow
+
+---
+ evutil.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/evutil.c b/evutil.c
+index 33445170..e2dfe6e4 100644
+--- a/evutil.c
++++ b/evutil.c
+@@ -1808,12 +1808,12 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int *
+ 
+ 	cp = strchr(ip_as_string, ':');
+ 	if (*ip_as_string == '[') {
+-		int len;
++		size_t len;
+ 		if (!(cp = strchr(ip_as_string, ']'))) {
+ 			return -1;
+ 		}
+-		len = (int) ( cp-(ip_as_string + 1) );
+-		if (len > (int)sizeof(buf)-1) {
++		len = ( cp-(ip_as_string + 1) );
++		if (len > sizeof(buf)-1) {
+ 			return -1;
+ 		}
+ 		memcpy(buf, ip_as_string+1, len);
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/libevent-2.1-dns-tests.patch b/gnu/packages/patches/libevent-2.1-dns-tests.patch
new file mode 100644
index 0000000000..091752a49d
--- /dev/null
+++ b/gnu/packages/patches/libevent-2.1-dns-tests.patch
@@ -0,0 +1,26 @@
+Disable tests that rely on usable DNS lookups, which aren't available
+in build chroots.
+
+--- libevent-2.0.21-stable/test/regress_dns.c	2013-01-20 22:32:09.000000000 +0100
++++ libevent-2.0.21-stable/test/regress_dns.c	2013-01-20 22:32:30.000000000 +0100
+@@ -2120,10 +2120,6 @@
+ 
+ struct testcase_t dns_testcases[] = {
+ 	DNS_LEGACY(server, TT_FORK|TT_NEED_BASE),
+-	DNS_LEGACY(gethostbyname, TT_FORK|TT_NEED_BASE|TT_NEED_DNS|TT_OFF_BY_DEFAULT),
+-	DNS_LEGACY(gethostbyname6, TT_FORK|TT_NEED_BASE|TT_NEED_DNS|TT_OFF_BY_DEFAULT),
+-	DNS_LEGACY(gethostbyaddr, TT_FORK|TT_NEED_BASE|TT_NEED_DNS|TT_OFF_BY_DEFAULT),
+-	{ "resolve_reverse", dns_resolve_reverse, TT_FORK|TT_OFF_BY_DEFAULT, NULL, NULL },
+ 	{ "search_empty", dns_search_empty_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
+ 	{ "search", dns_search_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
+ 	{ "search_lower", dns_search_lower_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
+@@ -2163,9 +2159,6 @@
+ 
+ 	{ "client_fail_requests", dns_client_fail_requests_test,
+ 	  TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
+-	{ "client_fail_requests_getaddrinfo",
+-	  dns_client_fail_requests_getaddrinfo_test,
+-	  TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
+ 
+ 	END_OF_TESTCASES
+ };
diff --git a/gnu/packages/patches/libevent-2.1-skip-failing-test.patch b/gnu/packages/patches/libevent-2.1-skip-failing-test.patch
new file mode 100644
index 0000000000..d9ea1d422d
--- /dev/null
+++ b/gnu/packages/patches/libevent-2.1-skip-failing-test.patch
@@ -0,0 +1,24 @@
+These fail on 32-bit due to an overflow bug in the test program.
+
+See test/regress_util.c:1448.
+
+Upstream bug URL:
+
+https://github.com/libevent/libevent/issues/452
+
+diff --git a/test/regress_util.c b/test/regress_util.c
+index ef6a1487..4de501fc 100644
+--- a/test/regress_util.c
++++ b/test/regress_util.c
+@@ -1413,9 +1413,9 @@ static struct date_rfc1123_case {
+ 	{  1323648000, "Mon, 12 Dec 2011 00:00:00 GMT"},
+ #ifndef _WIN32
+ 	/** In win32 case we have max   "23:59:59 January 18, 2038, UTC" for time32 */
+-	{  4294967296, "Sun, 07 Feb 2106 06:28:16 GMT"} /* 2^32 */,
++	//{  4294967296, "Sun, 07 Feb 2106 06:28:16 GMT"} /* 2^32 */,
+ 	/** In win32 case we have max "23:59:59, December 31, 3000, UTC" for time64 */
+-	{253402300799, "Fri, 31 Dec 9999 23:59:59 GMT"} /* long long future no one can imagine */,
++	//{253402300799, "Fri, 31 Dec 9999 23:59:59 GMT"} /* long long future no one can imagine */,
+ 	{  1456704000, "Mon, 29 Feb 2016 00:00:00 GMT"} /* leap year */,
+ #endif
+ 	{  1435708800, "Wed, 01 Jul 2015 00:00:00 GMT"} /* leap second */,
diff --git a/gnu/packages/patches/libtiff-CVE-2017-5225.patch b/gnu/packages/patches/libtiff-CVE-2017-5225.patch
new file mode 100644
index 0000000000..3158b49360
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2017-5225.patch
@@ -0,0 +1,86 @@
+Fix CVE-2017-5225 (Heap based buffer overflow in tools/tiffcp):
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2656
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5225
+https://security-tracker.debian.org/tracker/CVE-2017-5225
+
+2017-01-11 Even Rouault <even.rouault at spatialys.com>
+
+        * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow and
+        cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based
+overflow.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and
+        http://bugzilla.maptools.org/show_bug.cgi?id=2657
+
+
+less C/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1210; previous revision: 1.1209
+/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
+new revision: 1.61; previous revision: 1.60
+
+Index: libtiff/tools/tiffcp.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
+retrieving revision 1.60
+retrieving revision 1.61
+diff -u -r1.60 -r1.61
+--- libtiff/tools/tiffcp.c	3 Dec 2016 16:50:02 -0000	1.60
++++ libtiff/tools/tiffcp.c	11 Jan 2017 19:26:14 -0000	1.61
+#@@ -1,4 +1,4 @@
+#-/* $Id: tiffcp.c,v 1.60 2016-12-03 16:50:02 erouault Exp $ */
+#+/* $Id: tiffcp.c,v 1.61 2017-01-11 19:26:14 erouault Exp $ */
+# 
+# /*
+#  * Copyright (c) 1988-1997 Sam Leffler
+@@ -591,7 +591,7 @@
+ static int
+ tiffcp(TIFF* in, TIFF* out)
+ {
+-	uint16 bitspersample, samplesperpixel = 1;
++	uint16 bitspersample = 1, samplesperpixel = 1;
+ 	uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK;
+ 	copyFunc cf;
+ 	uint32 width, length;
+@@ -1067,6 +1067,16 @@
+ 	register uint32 n;
+ 	uint32 row;
+ 	tsample_t s;
++        uint16 bps = 0;
++
++        (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
++        if( bps != 8 )
++        {
++            TIFFError(TIFFFileName(in),
++                      "Error, can only handle BitsPerSample=8 in %s",
++                      "cpContig2SeparateByRow");
++            return 0;
++        }
+ 
+ 	inbuf = _TIFFmalloc(scanlinesizein);
+ 	outbuf = _TIFFmalloc(scanlinesizeout);
+@@ -1120,6 +1130,16 @@
+ 	register uint32 n;
+ 	uint32 row;
+ 	tsample_t s;
++        uint16 bps = 0;
++
++        (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
++        if( bps != 8 )
++        {
++            TIFFError(TIFFFileName(in),
++                      "Error, can only handle BitsPerSample=8 in %s",
++                      "cpSeparate2ContigByRow");
++            return 0;
++        }
+ 
+ 	inbuf = _TIFFmalloc(scanlinesizein);
+ 	outbuf = _TIFFmalloc(scanlinesizeout);
+@@ -1784,7 +1804,7 @@
+ 	uint32 w, l, tw, tl;
+ 	int bychunk;
+ 
+-	(void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv);
++	(void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv);
+ 	if (shortv != config && bitspersample != 8 && samplesperpixel > 1) {
+ 		fprintf(stderr,
+ 		    "%s: Cannot handle different planar configuration w/ bits/sample != 8\n",
diff --git a/gnu/packages/patches/libupnp-CVE-2016-6255.patch b/gnu/packages/patches/libupnp-CVE-2016-6255.patch
deleted file mode 100644
index c9a3fa284c..0000000000
--- a/gnu/packages/patches/libupnp-CVE-2016-6255.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-Fix CVE-2016-6255:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6255
-http://www.openwall.com/lists/oss-security/2016/07/18/13
-
-Patch adapted from upstream commit:
-
-https://github.com/mrjimenez/pupnp/commit/d64d6a44906b5aa5306bdf1708531d698654dda5
-
-The upstream change is simplified to unconditionally disable the HTTP
-POST feature.
-
-From d64d6a44906b5aa5306bdf1708531d698654dda5 Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <mjg59@srcf.ucam.org>
-Date: Tue, 23 Feb 2016 13:53:20 -0800
-Subject: [PATCH] Don't allow unhandled POSTs to write to the filesystem by
- default
-
-If there's no registered handler for a POST request, the default behaviour
-is to write it to the filesystem. Several million deployed devices appear
-to have this behaviour, making it possible to (at least) store arbitrary
-data on them. Add a configure option that enables this behaviour, and change
-the default to just drop POSTs that aren't directly handled.
-
-Signed-off-by: Marcelo Roberto Jimenez <mroberto@users.sourceforge.net>
-(cherry picked from commit c91a8a3903367e1163765b73eb4d43be7d7927fa)
----
- configure.ac                         | 9 +++++++++
- upnp/inc/upnpconfig.h.in             | 9 +++++++++
- upnp/src/genlib/net/http/webserver.c | 4 ++++
- 3 files changed, 22 insertions(+)
-
-diff --git a/upnp/src/genlib/net/http/webserver.c b/upnp/src/genlib/net/http/webserver.c
-index 26bf0f7..7ae8c1e 100644
---- a/upnp/src/genlib/net/http/webserver.c
-+++ b/upnp/src/genlib/net/http/webserver.c
-@@ -1367,9 +1367,13 @@ static int http_RecvPostMessage(
- 		if (Fp == NULL)
- 			return HTTP_INTERNAL_SERVER_ERROR;
- 	} else {
-+#if 0
- 		Fp = fopen(filename, "wb");
- 		if (Fp == NULL)
- 			return HTTP_UNAUTHORIZED;
-+#else
-+		return HTTP_NOT_FOUND;
-+#endif
- 	}
- 	parser->position = POS_ENTITY;
- 	do {
diff --git a/gnu/packages/patches/libupnp-CVE-2016-8863.patch b/gnu/packages/patches/libupnp-CVE-2016-8863.patch
deleted file mode 100644
index 9978b39487..0000000000
--- a/gnu/packages/patches/libupnp-CVE-2016-8863.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-Fix CVE-2016-8863:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863
-https://sourceforge.net/p/pupnp/bugs/133/
-
-Patch copied from upstream source repository:
-
-https://sourceforge.net/p/pupnp/code/ci/9c099c2923ab4d98530ab5204af1738be5bddba7/
-
-From 9c099c2923ab4d98530ab5204af1738be5bddba7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <ukleinek@debian.org>
-Date: Thu, 8 Dec 2016 17:11:53 +0100
-Subject: [PATCH] Fix out-of-bound access in create_url_list() (CVE-2016-8863)
-
-If there is an invalid URL in URLS->buf after a valid one, uri_parse is
-called with out pointing after the allocated memory. As uri_parse writes
-to *out before returning an error the loop in create_url_list must be
-stopped early to prevent an out-of-bound access
-
-Bug: https://sourceforge.net/p/pupnp/bugs/133/
-Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863
-Bug-Debian: https://bugs.debian.org/842093
-Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=1388771
-(cherry picked from commit a0f6e719bc03c4d2fe6a4a42ef6b8761446f520b)
----
- upnp/src/gena/gena_device.c | 17 ++++++++++++-----
- 1 file changed, 12 insertions(+), 5 deletions(-)
-
-diff --git a/upnp/src/gena/gena_device.c b/upnp/src/gena/gena_device.c
-index fb04a29..245c56b 100644
---- a/upnp/src/gena/gena_device.c
-+++ b/upnp/src/gena/gena_device.c
-@@ -1113,7 +1113,7 @@ static int create_url_list(
- 	/*! [out] . */
- 	URL_list *out)
- {
--    size_t URLcount = 0;
-+    size_t URLcount = 0, URLcount2 = 0;
-     size_t i;
-     int return_code = 0;
-     uri_type temp;
-@@ -1155,16 +1155,23 @@ static int create_url_list(
-         }
-         memcpy( out->URLs, URLS->buff, URLS->size );
-         out->URLs[URLS->size] = 0;
--        URLcount = 0;
-         for( i = 0; i < URLS->size; i++ ) {
-             if( ( URLS->buff[i] == '<' ) && ( i + 1 < URLS->size ) ) {
-                 if( ( ( return_code =
-                         parse_uri( &out->URLs[i + 1], URLS->size - i + 1,
--                                   &out->parsedURLs[URLcount] ) ) ==
-+                                   &out->parsedURLs[URLcount2] ) ) ==
-                       HTTP_SUCCESS )
--                    && ( out->parsedURLs[URLcount].hostport.text.size !=
-+                    && ( out->parsedURLs[URLcount2].hostport.text.size !=
-                          0 ) ) {
--                    URLcount++;
-+                    URLcount2++;
-+                    if (URLcount2 >= URLcount)
-+                        /*
-+                         * break early here in case there is a bogus URL that
-+                         * was skipped above. This prevents to access
-+                         * out->parsedURLs[URLcount] which is beyond the
-+                         * allocation.
-+                         */
-+                        break;
-                 } else {
-                     if( return_code == UPNP_E_OUTOF_MEMORY ) {
-                         free( out->URLs );
--- 
-2.11.0
-
diff --git a/gnu/packages/patches/libvpx-CVE-2016-2818.patch b/gnu/packages/patches/libvpx-CVE-2016-2818.patch
index 1fdf01cbca..bef3448b81 100644
--- a/gnu/packages/patches/libvpx-CVE-2016-2818.patch
+++ b/gnu/packages/patches/libvpx-CVE-2016-2818.patch
@@ -9,15 +9,15 @@ Patch contents copied from Mozilla esr45 changeset 312077:7ebfe49f001c
 
 --- libvpx-1.5.0/vp8/vp8_cx_iface.c.orig	2015-11-09 17:12:38.000000000 -0500
 +++ libvpx-1.5.0/vp8/vp8_cx_iface.c	2016-06-08 08:48:46.037213092 -0400
-@@ -925,11 +925,19 @@
-         {
-             res = image2yuvconfig(img, &sd);
+@@ -860,11 +860,20 @@
+     if (img != NULL) {
+       res = image2yuvconfig(img, &sd);
  
--            if (vp8_receive_raw_frame(ctx->cpi, ctx->next_frame_flag | lib_flags,
--                                      &sd, dst_time_stamp, dst_end_time_stamp))
--            {
--                VP8_COMP *cpi = (VP8_COMP *)ctx->cpi;
--                res = update_error_state(ctx, &cpi->common.error);
+-      if (vp8_receive_raw_frame(ctx->cpi, ctx->next_frame_flag | lib_flags, &sd,
+-                                dst_time_stamp, dst_end_time_stamp)) {
+-        VP8_COMP *cpi = (VP8_COMP *)ctx->cpi;
+-        res = update_error_state(ctx, &cpi->common.error);
+-      }
 +            if (sd.y_width != ctx->cfg.g_w || sd.y_height != ctx->cfg.g_h) {
 +                /* from vp8_encoder.h for g_w/g_h:
 +                   "Note that the frames passed as input to the encoder must have this resolution"
@@ -31,6 +31,7 @@ Patch contents copied from Mozilla esr45 changeset 312077:7ebfe49f001c
 +                    VP8_COMP *cpi = (VP8_COMP *)ctx->cpi;
 +                    res = update_error_state(ctx, &cpi->common.error);
 +                }
-             }
++            }
  
-             /* reset for next frame */
+       /* reset for next frame */
+       ctx->next_frame_flag = 0;
diff --git a/gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch b/gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch
new file mode 100644
index 0000000000..e752e57ec5
--- /dev/null
+++ b/gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch
@@ -0,0 +1,188 @@
+Fix CVE-2016-10132:
+
+https://bugs.ghostscript.com/show_bug.cgi?id=697381
+http://seclists.org/oss-sec/2017/q1/74
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10132
+
+Patch lifted from upstream source repository:
+
+http://git.ghostscript.com/?p=mujs.git;h=fd003eceda531e13fbdd1aeb6e9c73156496e569
+
+From fd003eceda531e13fbdd1aeb6e9c73156496e569 Mon Sep 17 00:00:00 2001
+From: Tor Andersson <tor@ccxvii.net>
+Date: Fri, 2 Dec 2016 14:56:20 -0500
+Subject: [PATCH] Fix 697381: check allocation when compiling regular
+ expressions.
+
+Also use allocator callback function.
+---
+ thirdparty/mujs/jsgc.c     |  2 +-
+ thirdparty/mujs/jsregexp.c |  2 +-
+ thirdparty/mujs/jsstate.c  |  6 ------
+ thirdparty/mujs/regexp.c   | 45 +++++++++++++++++++++++++++++++++++----------
+ thirdparty/mujs/regexp.h   |  7 +++++++
+ 5 files changed, 44 insertions(+), 18 deletions(-)
+
+diff --git a/thirdparty/mujs/jsgc.c b/thirdparty/mujs/jsgc.c
+index 4f7e7dc..f80111e 100644
+--- a/thirdparty/mujs/jsgc.c
++++ b/thirdparty/mujs/jsgc.c
+@@ -46,7 +46,7 @@ static void jsG_freeobject(js_State *J, js_Object *obj)
+ 		jsG_freeproperty(J, obj->head);
+ 	if (obj->type == JS_CREGEXP) {
+ 		js_free(J, obj->u.r.source);
+-		js_regfree(obj->u.r.prog);
++		js_regfreex(J->alloc, J->actx, obj->u.r.prog);
+ 	}
+ 	if (obj->type == JS_CITERATOR)
+ 		jsG_freeiterator(J, obj->u.iter.head);
+diff --git a/thirdparty/mujs/jsregexp.c b/thirdparty/mujs/jsregexp.c
+index a2d5156..7b09c06 100644
+--- a/thirdparty/mujs/jsregexp.c
++++ b/thirdparty/mujs/jsregexp.c
+@@ -16,7 +16,7 @@ void js_newregexp(js_State *J, const char *pattern, int flags)
+ 	if (flags & JS_REGEXP_I) opts |= REG_ICASE;
+ 	if (flags & JS_REGEXP_M) opts |= REG_NEWLINE;
+ 
+-	prog = js_regcomp(pattern, opts, &error);
++	prog = js_regcompx(J->alloc, J->actx, pattern, opts, &error);
+ 	if (!prog)
+ 		js_syntaxerror(J, "regular expression: %s", error);
+ 
+diff --git a/thirdparty/mujs/jsstate.c b/thirdparty/mujs/jsstate.c
+index 638cab3..fd5bcf6 100644
+--- a/thirdparty/mujs/jsstate.c
++++ b/thirdparty/mujs/jsstate.c
+@@ -9,12 +9,6 @@
+ 
+ static void *js_defaultalloc(void *actx, void *ptr, int size)
+ {
+-	if (size == 0) {
+-		free(ptr);
+-		return NULL;
+-	}
+-	if (!ptr)
+-		return malloc((size_t)size);
+ 	return realloc(ptr, (size_t)size);
+ }
+ 
+diff --git a/thirdparty/mujs/regexp.c b/thirdparty/mujs/regexp.c
+index 9852be2..01c18a3 100644
+--- a/thirdparty/mujs/regexp.c
++++ b/thirdparty/mujs/regexp.c
+@@ -807,23 +807,31 @@ static void dumpprog(Reprog *prog)
+ }
+ #endif
+ 
+-Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
++Reprog *regcompx(void *(*alloc)(void *ctx, void *p, int n), void *ctx,
++	const char *pattern, int cflags, const char **errorp)
+ {
+ 	struct cstate g;
+ 	Renode *node;
+ 	Reinst *split, *jump;
+ 	int i;
+ 
+-	g.prog = malloc(sizeof (Reprog));
+-	g.pstart = g.pend = malloc(sizeof (Renode) * strlen(pattern) * 2);
++	g.pstart = NULL;
++	g.prog = NULL;
+ 
+ 	if (setjmp(g.kaboom)) {
+ 		if (errorp) *errorp = g.error;
+-		free(g.pstart);
+-		free(g.prog);
++		alloc(ctx, g.pstart, 0);
++		alloc(ctx, g.prog, 0);
+ 		return NULL;
+ 	}
+ 
++	g.prog = alloc(ctx, NULL, sizeof (Reprog));
++	if (!g.prog)
++		die(&g, "cannot allocate regular expression");
++	g.pstart = g.pend = alloc(ctx, NULL, sizeof (Renode) * strlen(pattern) * 2);
++	if (!g.pstart)
++		die(&g, "cannot allocate regular expression parse list");
++
+ 	g.source = pattern;
+ 	g.ncclass = 0;
+ 	g.nsub = 1;
+@@ -840,7 +848,9 @@ Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
+ 		die(&g, "syntax error");
+ 
+ 	g.prog->nsub = g.nsub;
+-	g.prog->start = g.prog->end = malloc((count(node) + 6) * sizeof (Reinst));
++	g.prog->start = g.prog->end = alloc(ctx, NULL, (count(node) + 6) * sizeof (Reinst));
++	if (!g.prog->start)
++		die(&g, "cannot allocate regular expression instruction list");
+ 
+ 	split = emit(g.prog, I_SPLIT);
+ 	split->x = split + 3;
+@@ -859,20 +869,35 @@ Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
+ 	dumpprog(g.prog);
+ #endif
+ 
+-	free(g.pstart);
++	alloc(ctx, g.pstart, 0);
+ 
+ 	if (errorp) *errorp = NULL;
+ 	return g.prog;
+ }
+ 
+-void regfree(Reprog *prog)
++void regfreex(void *(*alloc)(void *ctx, void *p, int n), void *ctx, Reprog *prog)
+ {
+ 	if (prog) {
+-		free(prog->start);
+-		free(prog);
++		alloc(ctx, prog->start, 0);
++		alloc(ctx, prog, 0);
+ 	}
+ }
+ 
++static void *default_alloc(void *ctx, void *p, int n)
++{
++	return realloc(p, (size_t)n);
++}
++
++Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
++{
++	return regcompx(default_alloc, NULL, pattern, cflags, errorp);
++}
++
++void regfree(Reprog *prog)
++{
++	regfreex(default_alloc, NULL, prog);
++}
++
+ /* Match */
+ 
+ static int isnewline(int c)
+diff --git a/thirdparty/mujs/regexp.h b/thirdparty/mujs/regexp.h
+index 4bb4615..6bb73e8 100644
+--- a/thirdparty/mujs/regexp.h
++++ b/thirdparty/mujs/regexp.h
+@@ -1,6 +1,8 @@
+ #ifndef regexp_h
+ #define regexp_h
+ 
++#define regcompx js_regcompx
++#define regfreex js_regfreex
+ #define regcomp js_regcomp
+ #define regexec js_regexec
+ #define regfree js_regfree
+@@ -8,6 +10,11 @@
+ typedef struct Reprog Reprog;
+ typedef struct Resub Resub;
+ 
++Reprog *regcompx(void *(*alloc)(void *ctx, void *p, int n), void *ctx,
++	const char *pattern, int cflags, const char **errorp);
++void regfreex(void *(*alloc)(void *ctx, void *p, int n), void *ctx,
++	Reprog *prog);
++
+ Reprog *regcomp(const char *pattern, int cflags, const char **errorp);
+ int regexec(Reprog *prog, const char *string, Resub *sub, int eflags);
+ void regfree(Reprog *prog);
+-- 
+2.9.1
+
diff --git a/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch b/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch
new file mode 100644
index 0000000000..d73849262c
--- /dev/null
+++ b/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch
@@ -0,0 +1,36 @@
+Fix CVE-2016-10133:
+
+https://bugs.ghostscript.com/show_bug.cgi?id=697401
+http://seclists.org/oss-sec/2017/q1/74
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10133
+
+Patch lifted from upstream source repository:
+
+https://git.ghostscript.com/?p=mujs.git;h=77ab465f1c394bb77f00966cd950650f3f53cb24
+
+From 77ab465f1c394bb77f00966cd950650f3f53cb24 Mon Sep 17 00:00:00 2001
+From: Tor Andersson <tor.andersson@gmail.com>
+Date: Thu, 12 Jan 2017 14:47:01 +0100
+Subject: [PATCH] Fix 697401: Error when dropping extra arguments to
+ lightweight functions.
+
+---
+ thirdparty/mujs/jsrun.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/thirdparty/mujs/jsrun.c b/thirdparty/mujs/jsrun.c
+index ee80845..782a6f9 100644
+--- a/thirdparty/mujs/jsrun.c
++++ b/thirdparty/mujs/jsrun.c
+@@ -937,7 +937,7 @@ static void jsR_calllwfunction(js_State *J, int n, js_Function *F, js_Environmen
+ 	jsR_savescope(J, scope);
+ 
+ 	if (n > F->numparams) {
+-		js_pop(J, F->numparams - n);
++		js_pop(J, n - F->numparams);
+ 		n = F->numparams;
+ 	}
+ 	for (i = n; i < F->varlen; ++i)
+-- 
+2.9.1
+
diff --git a/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch
new file mode 100644
index 0000000000..6edd676e38
--- /dev/null
+++ b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch
@@ -0,0 +1,42 @@
+Fix CVE-2017-0358:
+http://seclists.org/oss-sec/2017/q1/259
+This patch was copied from the above URL.
+
+diff -ur ntfs-3g.old/src/lowntfs-3g.c ntfs-3g/src/lowntfs-3g.c
+--- ntfs-3g.old/src/lowntfs-3g.c	2017-02-09 15:01:04.074331542 -0500
++++ ntfs-3g/src/lowntfs-3g.c	2017-02-09 15:06:35.757580937 -0500
+@@ -3827,13 +3827,14 @@
+	struct stat st;
+	pid_t pid;
+	const char *cmd = "/sbin/modprobe";
++	char *env = (char*)NULL;
+	struct timespec req = { 0, 100000000 };   /* 100 msec */
+	fuse_fstype fstype;
+        
+	if (!stat(cmd, &st) && !geteuid()) {
+		pid = fork();
+		if (!pid) {
+-			execl(cmd, cmd, "fuse", NULL);
++			execle(cmd, cmd, "fuse", NULL, &env);
+			_exit(1);
+		} else if (pid != -1)
+			waitpid(pid, NULL, 0);
+diff -ur ntfs-3g.old/src/ntfs-3g.c ntfs-3g/src/ntfs-3g.c
+--- ntfs-3g.old/src/ntfs-3g.c	2017-02-09 15:01:04.074331542 -0500
++++ ntfs-3g/src/ntfs-3g.c	2017-02-09 15:06:26.077252571 -0500
+@@ -3612,13 +3612,14 @@
+	struct stat st;
+	pid_t pid;
+	const char *cmd = "/sbin/modprobe";
++	char *env = (char*)NULL;
+	struct timespec req = { 0, 100000000 };   /* 100 msec */
+	fuse_fstype fstype;
+	
+	if (!stat(cmd, &st) && !geteuid()) {
+		pid = fork();
+		if (!pid) {
+-			execl(cmd, cmd, "fuse", NULL);
++			execle(cmd, cmd, "fuse", NULL, &env);
+			_exit(1);
+		} else if (pid != -1)
+			waitpid(pid, NULL, 0);
diff --git a/gnu/packages/patches/omake-fix-non-determinism.patch b/gnu/packages/patches/omake-fix-non-determinism.patch
new file mode 100644
index 0000000000..813ce3cd7d
--- /dev/null
+++ b/gnu/packages/patches/omake-fix-non-determinism.patch
@@ -0,0 +1,41 @@
+From 2e7e254160506dc00f1beabf170512a8e932934b Mon Sep 17 00:00:00 2001
+From: Julien Lepiller <julien@lepiller.eu>
+Date: Sat, 31 Dec 2016 15:43:38 +0100
+Subject: [PATCH] fix build date in binary
+
+---
+ src/magic/omake_gen_magic.ml | 12 ++----------
+ 1 file changed, 2 insertions(+), 10 deletions(-)
+
+diff --git a/src/magic/omake_gen_magic.ml b/src/magic/omake_gen_magic.ml
+index b2419ba..fad52f5 100644
+--- a/src/magic/omake_gen_magic.ml
++++ b/src/magic/omake_gen_magic.ml
+@@ -150,7 +150,7 @@ let ir_magic = "%s"
+ let obj_magic = "%s"
+ let lib_dir = "%s"
+ let version = "%s"
+-let version_message = "OMake %s:\\n\\tbuild [%s %s %d %02d:%02d:%02d %d]\\n\\ton %s"
++let version_message = "OMake %s"
+ |}
+        default_save_interval
+        digest_len
+@@ -160,15 +160,7 @@ let version_message = "OMake %s:\\n\\tbuild [%s %s %d %02d:%02d:%02d %d]\\n\\ton
+        (digest_files ".omo.magic" ".omo" omo_files)
+        (String.escaped libdir)
+        (String.escaped (shorten_version version))
+-       (String.escaped version)
+-       [|"Sun"; "Mon"; "Tue"; "Wed"; "Thu"; "Fri"; "Sat"|].(tm.tm_wday)
+-       [|"Jan"; "Feb"; "Mar"; "Apr"; "May"; "Jun"; "Jul"; "Aug"; "Sep"; "Oct"; "Nov"; "Dec"|].(tm.tm_mon)
+-       tm.tm_mday
+-       tm.tm_hour
+-       tm.tm_min
+-       tm.tm_sec
+-       (tm.tm_year + 1900)
+-       (String.escaped (Unix.gethostname ()));
++       (String.escaped version);
+   List.iter
+     (fun (name,value) ->
+        Printf.fprintf buf "let %s = %S\n" name value
+--
+2.11.0
diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch b/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch
new file mode 100644
index 0000000000..545b5d0a71
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch
@@ -0,0 +1,233 @@
+Fix CVE-2016-9572 and CVE-2016-9573:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573
+
+Patch copied from 3rd-party repository:
+
+https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d
+
+From 7b28bd2b723df6be09fe7791eba33147c1c47d0d Mon Sep 17 00:00:00 2001
+From: szukw000 <szukw000@arcor.de>
+Date: Mon, 28 Nov 2016 21:57:20 +0100
+Subject: [PATCH] Changes for issues #863 and #862
+
+---
+ src/bin/jp2/convert.c        | 59 +++++++++++++++++++++++++++++++++++++++-----
+ src/bin/jp2/convertbmp.c     | 29 +++++++++++++++++++++-
+ src/bin/jp2/opj_decompress.c |  2 +-
+ src/lib/openjp2/j2k.c        | 11 ++++++---
+ 4 files changed, 90 insertions(+), 11 deletions(-)
+
+diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
+index deee4f6..6a3f65b 100644
+--- a/src/bin/jp2/convert.c
++++ b/src/bin/jp2/convert.c
+@@ -906,7 +906,8 @@ int imagetotga(opj_image_t * image, const char *outfile) {
+     for (i = 0; i < image->numcomps-1; i++)	{
+         if ((image->comps[0].dx != image->comps[i+1].dx)
+                 ||(image->comps[0].dy != image->comps[i+1].dy)
+-                ||(image->comps[0].prec != image->comps[i+1].prec))	{
++                ||(image->comps[0].prec != image->comps[i+1].prec)
++				||(image->comps[0].sgnd != image->comps[i+1].sgnd))	{
+             fclose(fdest);
+             fprintf(stderr, "Unable to create a tga file with such J2K image charateristics.");
+             return 1;
+@@ -1743,7 +1744,7 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
+     int *red, *green, *blue, *alpha;
+     int wr, hr, max;
+     int i;
+-    unsigned int compno, ncomp;
++    unsigned int compno, ncomp, ui;
+     int adjustR, adjustG, adjustB, adjustA;
+     int fails, two, want_gray, has_alpha, triple;
+     int prec, v;
+@@ -1768,6 +1769,27 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
+ 
+     if(want_gray) ncomp = 1;
+ 
++    for (ui = 1; ui < ncomp; ++ui) {
++        if (image->comps[0].dx != image->comps[ui].dx) {
++            break;
++        }
++        if (image->comps[0].dy != image->comps[ui].dy) {
++            break;
++        }
++        if (image->comps[0].prec != image->comps[ui].prec) {
++            break;
++        }
++        if (image->comps[0].sgnd != image->comps[ui].sgnd) {
++            break;
++        }
++    }
++    if (ui != ncomp) {
++        fprintf(stderr,"imagetopnm: All components\n    shall have "
++         "the same subsampling, same bit depth, same sign.\n"
++         "    Aborting\n");
++        return 1;
++    }
++
+     if ((force_split == 0) &&
+ 				(ncomp == 2 /* GRAYA */
+             || (ncomp > 2 /* RGB, RGBA */
+@@ -2126,7 +2148,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
+ {
+     FILE *rawFile = NULL;
+     size_t res;
+-    unsigned int compno;
++    unsigned int compno, numcomps;
+     int w, h, fails;
+     int line, row, curr, mask;
+     int *ptr;
+@@ -2139,6 +2161,31 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
+         return 1;
+     }
+ 
++    numcomps = image->numcomps;
++
++    if (numcomps > 4) {
++        numcomps = 4;
++    }
++    for (compno = 1; compno < numcomps; ++compno) {
++        if (image->comps[0].dx != image->comps[compno].dx) {
++            break;
++        }
++        if (image->comps[0].dy != image->comps[compno].dy) {
++            break;
++        }
++        if (image->comps[0].prec != image->comps[compno].prec) {
++            break;
++        }
++        if (image->comps[0].sgnd != image->comps[compno].sgnd) {
++            break;
++        }
++    }
++    if (compno != numcomps) {
++        fprintf(stderr,"imagetoraw_common: All components shall have the same subsampling, same bit depth, same sign.\n");
++        fprintf(stderr,"\tAborting\n");
++        return 1;
++    }
++
+     rawFile = fopen(outfile, "wb");
+     if (!rawFile) {
+         fprintf(stderr, "Failed to open %s for writing !!\n", outfile);
+@@ -2146,9 +2193,9 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
+     }
+ 
+     fails = 1;
+-    fprintf(stdout,"Raw image characteristics: %d components\n", image->numcomps);
++    fprintf(stdout,"Raw image characteristics: %d components\n", numcomps);
+ 
+-    for(compno = 0; compno < image->numcomps; compno++)
++    for(compno = 0; compno < numcomps; compno++)
+     {
+         fprintf(stdout,"Component %u characteristics: %dx%dx%d %s\n", compno, image->comps[compno].w,
+                 image->comps[compno].h, image->comps[compno].prec, image->comps[compno].sgnd==1 ? "signed": "unsigned");
+@@ -2238,7 +2285,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
+         }
+         else if (image->comps[compno].prec <= 32)
+         {
+-            fprintf(stderr,"More than 16 bits per component no handled yet\n");
++            fprintf(stderr,"More than 16 bits per component not handled yet\n");
+             goto fin;
+         }
+         else
+diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
+index ae83077..8017ba8 100644
+--- a/src/bin/jp2/convertbmp.c
++++ b/src/bin/jp2/convertbmp.c
+@@ -806,8 +806,35 @@ int imagetobmp(opj_image_t * image, const char *outfile) {
+     FILE *fdest = NULL;
+     int adjustR, adjustG, adjustB;
+ 
++   {
++    unsigned int ui, ncomp = image->numcomps;
++
++    if (ncomp > 4) { /* RGBA in bmpmask32toimage */
++        ncomp = 4;
++    }
++    for (ui = 1; ui < ncomp; ++ui) {
++        if (image->comps[0].dx != image->comps[ui].dx) {
++            break;
++        }
++        if (image->comps[0].dy != image->comps[ui].dy) {
++            break;
++        }
++        if (image->comps[0].prec != image->comps[ui].prec) {
++            break;
++        }
++        if (image->comps[0].sgnd != image->comps[ui].sgnd) {
++            break;
++        }
++    }
++    if (ui != ncomp) {
++        fprintf(stderr,"imagetobmp: All components shall have the same subsampling, same bit depth, same sign.\n");
++        fprintf(stderr,"\tAborting\n");
++        return 1;
++    }
++
++   }
+     if (image->comps[0].prec < 8) {
+-        fprintf(stderr, "Unsupported number of components: %d\n", image->comps[0].prec);
++        fprintf(stderr, "imagetobmp: Unsupported precision: %d\n", image->comps[0].prec);
+         return 1;
+     }
+     if (image->numcomps >= 3 && image->comps[0].dx == image->comps[1].dx
+diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
+index 83160c3..c30079b 100644
+--- a/src/bin/jp2/opj_decompress.c
++++ b/src/bin/jp2/opj_decompress.c
+@@ -1607,7 +1607,7 @@ int main(int argc, char **argv)
+ 		if(dirptr->filename_buf) free(dirptr->filename_buf);
+ 		free(dirptr);
+ 	}
+-	if (numDecompressedImages) {
++	if (numDecompressedImages && !failed) {
+ 		fprintf(stdout, "decode time: %d ms\n", (int)( (tCumulative * 1000.0) / (OPJ_FLOAT64)numDecompressedImages));
+ 	}
+ 	return failed ? EXIT_FAILURE : EXIT_SUCCESS;
+diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
+index 66802bb..b6daa32 100644
+--- a/src/lib/openjp2/j2k.c
++++ b/src/lib/openjp2/j2k.c
+@@ -2158,7 +2158,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
+                                   i, l_img_comp->dx, l_img_comp->dy);
+                     return OPJ_FALSE;
+                 }
+-                if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */
++                if( l_img_comp->prec < 1 || l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */
+                     opj_event_msg(p_manager, EVT_ERROR,
+                                   "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n",
+                                   i, l_img_comp->prec);
+@@ -10029,7 +10029,11 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k,
+         /* Move data and copy one information from codec to output image*/
+         for (compno = 0; compno < p_image->numcomps; compno++) {
+                 p_image->comps[compno].resno_decoded = p_j2k->m_output_image->comps[compno].resno_decoded;
+-                p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
++		p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
++
++		if(p_image->comps[compno].data == NULL) return OPJ_FALSE;
++
++                p_j2k->m_output_image->comps[compno].data = NULL;
+ #if 0
+                 char fn[256];
+                 sprintf( fn, "/tmp/%d.raw", compno );
+@@ -10037,7 +10041,6 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k,
+                 fwrite( p_image->comps[compno].data, sizeof(OPJ_INT32), p_image->comps[compno].w * p_image->comps[compno].h, debug );
+                 fclose( debug );
+ #endif
+-                p_j2k->m_output_image->comps[compno].data = NULL;
+         }
+ 
+         return OPJ_TRUE;
+@@ -10131,6 +10134,8 @@ OPJ_BOOL opj_j2k_get_tile(      opj_j2k_t *p_j2k,
+ 
+                 p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
+ 
++				if (p_image->comps[compno].data == NULL) return OPJ_FALSE;
++
+                 p_j2k->m_output_image->comps[compno].data = NULL;
+         }
+ 
diff --git a/gnu/packages/patches/p7zip-CVE-2016-9296.patch b/gnu/packages/patches/p7zip-CVE-2016-9296.patch
new file mode 100644
index 0000000000..3fa80377ad
--- /dev/null
+++ b/gnu/packages/patches/p7zip-CVE-2016-9296.patch
@@ -0,0 +1,24 @@
+From: Robert Luberda <robert@debian.org>
+Date: Sat, 19 Nov 2016 08:48:08 +0100
+Subject: Fix nullptr dereference (CVE-2016-9296)
+
+Patch taken from https://sourceforge.net/p/p7zip/bugs/185/
+This patch file taken from Debian's patch set for p7zip
+---
+ CPP/7zip/Archive/7z/7zIn.cpp | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/CPP/7zip/Archive/7z/7zIn.cpp b/CPP/7zip/Archive/7z/7zIn.cpp
+index b0c6b98..7c6dde2 100644
+--- a/CPP/7zip/Archive/7z/7zIn.cpp
++++ b/CPP/7zip/Archive/7z/7zIn.cpp
+@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedStreams(
+       if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
+         ThrowIncorrect();
+   }
+-  HeadersSize += folders.PackPositions[folders.NumPackStreams];
++  if (folders.PackPositions)
++      HeadersSize += folders.PackPositions[folders.NumPackStreams];
+   return S_OK;
+ }
+ 
diff --git a/gnu/packages/patches/qemu-CVE-2016-10155.patch b/gnu/packages/patches/qemu-CVE-2016-10155.patch
new file mode 100644
index 0000000000..825edaa815
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2016-10155.patch
@@ -0,0 +1,49 @@
+From eb7a20a3616085d46aa6b4b4224e15587ec67e6e Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Mon, 28 Nov 2016 17:49:04 -0800
+Subject: [PATCH] watchdog: 6300esb: add exit function
+
+When the Intel 6300ESB watchdog is hot unplug. The timer allocated
+in realize isn't freed thus leaking memory leak. This patch avoid
+this through adding the exit function.
+
+http://git.qemu.org/?p=qemu.git;a=patch;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e
+this patch is from qemu-git.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Message-Id: <583cde9c.3223ed0a.7f0c2.886e@mx.google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/watchdog/wdt_i6300esb.c |    9 +++++++++
+ 1 files changed, 9 insertions(+), 0 deletions(-)
+
+diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c
+index a83d951..49b3cd1 100644
+--- a/hw/watchdog/wdt_i6300esb.c
++++ b/hw/watchdog/wdt_i6300esb.c
+@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp)
+     /* qemu_register_coalesced_mmio (addr, 0x10); ? */
+ }
+ 
++static void i6300esb_exit(PCIDevice *dev)
++{
++    I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev);
++
++    timer_del(d->timer);
++    timer_free(d->timer);
++}
++
+ static WatchdogTimerModel model = {
+     .wdt_name = "i6300esb",
+     .wdt_description = "Intel 6300ESB",
+@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data)
+     k->config_read = i6300esb_config_read;
+     k->config_write = i6300esb_config_write;
+     k->realize = i6300esb_realize;
++    k->exit = i6300esb_exit;
+     k->vendor_id = PCI_VENDOR_ID_INTEL;
+     k->device_id = PCI_DEVICE_ID_INTEL_ESB_9;
+     k->class_id = PCI_CLASS_SYSTEM_OTHER;
+-- 
+1.7.0.4
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-2615.patch b/gnu/packages/patches/qemu-CVE-2017-2615.patch
new file mode 100644
index 0000000000..ede1f8c89d
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-2615.patch
@@ -0,0 +1,52 @@
+http://git.qemu.org/?p=qemu.git;a=patch;h=62d4c6bd5263bb8413a06c80144fc678df6dfb64
+this patch is from qemu-git.
+
+
+From 62d4c6bd5263bb8413a06c80144fc678df6dfb64 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 1 Feb 2017 09:35:01 +0100
+Subject: [PATCH] cirrus: fix oob access issue (CVE-2017-2615)
+
+When doing bitblt copy in backward mode, we should minus the
+blt width first just like the adding in the forward mode. This
+can avoid the oob access of the front of vga's vram.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+
+{ kraxel: with backward blits (negative pitch) addr is the topmost
+          address, so check it as-is against vram size ]
+
+Cc: qemu-stable@nongnu.org
+Cc: P J P <ppandit@redhat.com>
+Cc: Laszlo Ersek <lersek@redhat.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106)
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-id: 1485938101-26602-1-git-send-email-kraxel@redhat.com
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+---
+ hw/display/cirrus_vga.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
+index 7db6409dc5..16f27e8ac5 100644
+--- a/hw/display/cirrus_vga.c
++++ b/hw/display/cirrus_vga.c
+@@ -274,10 +274,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
+ {
+     if (pitch < 0) {
+         int64_t min = addr
+-            + ((int64_t)s->cirrus_blt_height-1) * pitch;
+-        int32_t max = addr
+-            + s->cirrus_blt_width;
+-        if (min < 0 || max > s->vga.vram_size) {
++            + ((int64_t)s->cirrus_blt_height - 1) * pitch
++            - s->cirrus_blt_width;
++        if (min < -1 || addr >= s->vga.vram_size) {
+             return true;
+         }
+     } else {
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5525.patch b/gnu/packages/patches/qemu-CVE-2017-5525.patch
new file mode 100644
index 0000000000..d0c0c82a4a
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5525.patch
@@ -0,0 +1,55 @@
+From 12351a91da97b414eec8cdb09f1d9f41e535a401 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 14 Dec 2016 18:30:21 -0800
+Subject: [PATCH] audio: ac97: add exit function
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+http://git.qemu.org/?p=qemu.git;a=patch;h=12351a91da97b414eec8cdb09f1d9f41e535a401
+this patch is from qemu-git
+
+Currently the ac97 device emulation doesn't have a exit function,
+hot unplug this device will leak some memory. Add a exit function to
+avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Message-id: 58520052.4825ed0a.27a71.6cae@mx.google.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/audio/ac97.c |   11 +++++++++++
+ 1 files changed, 11 insertions(+), 0 deletions(-)
+
+diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c
+index cbd959e..c306575 100644
+--- a/hw/audio/ac97.c
++++ b/hw/audio/ac97.c
+@@ -1387,6 +1387,16 @@ static void ac97_realize(PCIDevice *dev, Error **errp)
+     ac97_on_reset (&s->dev.qdev);
+ }
+ 
++static void ac97_exit(PCIDevice *dev)
++{
++    AC97LinkState *s = DO_UPCAST(AC97LinkState, dev, dev);
++
++    AUD_close_in(&s->card, s->voice_pi);
++    AUD_close_out(&s->card, s->voice_po);
++    AUD_close_in(&s->card, s->voice_mc);
++    AUD_remove_card(&s->card);
++}
++
+ static int ac97_init (PCIBus *bus)
+ {
+     pci_create_simple (bus, -1, "AC97");
+@@ -1404,6 +1414,7 @@ static void ac97_class_init (ObjectClass *klass, void *data)
+     PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
+ 
+     k->realize = ac97_realize;
++    k->exit = ac97_exit;
+     k->vendor_id = PCI_VENDOR_ID_INTEL;
+     k->device_id = PCI_DEVICE_ID_INTEL_82801AA_5;
+     k->revision = 0x01;
+-- 
+1.7.0.4
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5526.patch b/gnu/packages/patches/qemu-CVE-2017-5526.patch
new file mode 100644
index 0000000000..5a6d796458
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5526.patch
@@ -0,0 +1,58 @@
+From 069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 14 Dec 2016 18:32:22 -0800
+Subject: [PATCH] audio: es1370: add exit function
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+http://git.qemu.org/?p=qemu.git;a=patch;h=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da
+this patch is from qemu-git.
+
+Currently the es1370 device emulation doesn't have a exit function,
+hot unplug this device will leak some memory. Add a exit function to
+avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Message-id: 585200c9.a968ca0a.1ab80.4c98@mx.google.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/audio/es1370.c |   14 ++++++++++++++
+ 1 files changed, 14 insertions(+), 0 deletions(-)
+
+diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c
+index 8449b5f..883ec69 100644
+--- a/hw/audio/es1370.c
++++ b/hw/audio/es1370.c
+@@ -1041,6 +1041,19 @@ static void es1370_realize(PCIDevice *dev, Error **errp)
+     es1370_reset (s);
+ }
+ 
++static void es1370_exit(PCIDevice *dev)
++{
++    ES1370State *s = ES1370(dev);
++    int i;
++
++    for (i = 0; i < 2; ++i) {
++        AUD_close_out(&s->card, s->dac_voice[i]);
++    }
++
++    AUD_close_in(&s->card, s->adc_voice);
++    AUD_remove_card(&s->card);
++}
++
+ static int es1370_init (PCIBus *bus)
+ {
+     pci_create_simple (bus, -1, TYPE_ES1370);
+@@ -1053,6 +1066,7 @@ static void es1370_class_init (ObjectClass *klass, void *data)
+     PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
+ 
+     k->realize = es1370_realize;
++    k->exit = es1370_exit;
+     k->vendor_id = PCI_VENDOR_ID_ENSONIQ;
+     k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370;
+     k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;
+-- 
+1.7.0.4
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5552.patch b/gnu/packages/patches/qemu-CVE-2017-5552.patch
new file mode 100644
index 0000000000..50911f4f36
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5552.patch
@@ -0,0 +1,44 @@
+From 33243031dad02d161225ba99d782616da133f689 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liq3ea@gmail.com>
+Date: Thu, 29 Dec 2016 03:11:26 -0500
+Subject: [PATCH] virtio-gpu-3d: fix memory leak in resource attach backing
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+If the virgl_renderer_resource_attach_iov function fails the
+'res_iovs' will be leaked. Add check of the return value to
+free the 'res_iovs' when failing.
+
+http://git.qemu.org/?p=qemu.git;a=patch;h=33243031dad02d161225ba99d782616da133f689
+this patch is from qemu-git.
+
+Signed-off-by: Li Qiang <liq3ea@gmail.com>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Message-id: 1482999086-59795-1-git-send-email-liq3ea@gmail.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/display/virtio-gpu-3d.c |    7 +++++--
+ 1 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
+index e29f099..b13ced3 100644
+--- a/hw/display/virtio-gpu-3d.c
++++ b/hw/display/virtio-gpu-3d.c
+@@ -291,8 +291,11 @@ static void virgl_resource_attach_backing(VirtIOGPU *g,
+         return;
+     }
+ 
+-    virgl_renderer_resource_attach_iov(att_rb.resource_id,
+-                                       res_iovs, att_rb.nr_entries);
++    ret = virgl_renderer_resource_attach_iov(att_rb.resource_id,
++                                             res_iovs, att_rb.nr_entries);
++
++    if (ret != 0)
++        virtio_gpu_cleanup_mapping_iov(res_iovs, att_rb.nr_entries);
+ }
+ 
+ static void virgl_resource_detach_backing(VirtIOGPU *g,
+-- 
+1.7.0.4
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5578.patch b/gnu/packages/patches/qemu-CVE-2017-5578.patch
new file mode 100644
index 0000000000..05655bcd98
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5578.patch
@@ -0,0 +1,39 @@
+http://git.qemu.org/?p=qemu.git;a=patch;h=204f01b30975923c64006f8067f0937b91eea68b
+this patch is from qemu-git.
+
+
+From 204f01b30975923c64006f8067f0937b91eea68b Mon Sep 17 00:00:00 2001
+From: Li Qiang <liq3ea@gmail.com>
+Date: Thu, 29 Dec 2016 04:28:41 -0500
+Subject: [PATCH] virtio-gpu: fix memory leak in resource attach backing
+
+In the resource attach backing function, everytime it will
+allocate 'res->iov' thus can leading a memory leak. This
+patch avoid this.
+
+Signed-off-by: Li Qiang <liq3ea@gmail.com>
+Message-id: 1483003721-65360-1-git-send-email-liq3ea@gmail.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/display/virtio-gpu.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
+index 6a26258cac..ca88cf478d 100644
+--- a/hw/display/virtio-gpu.c
++++ b/hw/display/virtio-gpu.c
+@@ -714,6 +714,11 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g,
+         return;
+     }
+ 
++    if (res->iov) {
++        cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
++        return;
++    }
++
+     ret = virtio_gpu_create_mapping_iov(&ab, cmd, &res->addrs, &res->iov);
+     if (ret != 0) {
+         cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5579.patch b/gnu/packages/patches/qemu-CVE-2017-5579.patch
new file mode 100644
index 0000000000..7630012d54
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5579.patch
@@ -0,0 +1,44 @@
+http://git.qemu.org/?p=qemu.git;a=patch;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b
+this patch is from qemu-git.
+
+
+From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 4 Jan 2017 00:43:16 -0800
+Subject: [PATCH] serial: fix memory leak in serial exit
+
+The serial_exit_core function doesn't free some resources.
+This can lead memory leak when hotplug and unplug. This
+patch avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@mx.google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/char/serial.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/hw/char/serial.c b/hw/char/serial.c
+index ffbacd8227..67b18eda12 100644
+--- a/hw/char/serial.c
++++ b/hw/char/serial.c
+@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp)
+ void serial_exit_core(SerialState *s)
+ {
+     qemu_chr_fe_deinit(&s->chr);
++
++    timer_del(s->modem_status_poll);
++    timer_free(s->modem_status_poll);
++
++    timer_del(s->fifo_timeout_timer);
++    timer_free(s->fifo_timeout_timer);
++
++    fifo8_destroy(&s->recv_fifo);
++    fifo8_destroy(&s->xmit_fifo);
++
+     qemu_unregister_reset(serial_reset, s);
+ }
+ 
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5667.patch b/gnu/packages/patches/qemu-CVE-2017-5667.patch
new file mode 100644
index 0000000000..5adea0d278
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5667.patch
@@ -0,0 +1,46 @@
+Fix CVE-2017-5667 (sdhci OOB access during multi block SDMA transfer):
+
+http://seclists.org/oss-sec/2017/q1/243
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5667
+
+Patch copied from upstream source repository:
+
+http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=42922105beb14c2fc58185ea022b9f72fb5465e9
+
+From 42922105beb14c2fc58185ea022b9f72fb5465e9 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Tue, 7 Feb 2017 18:29:59 +0000
+Subject: [PATCH] sd: sdhci: check data length during dma_memory_read
+
+While doing multi block SDMA transfer in routine
+'sdhci_sdma_transfer_multi_blocks', the 's->fifo_buffer' starting
+index 'begin' and data length 's->data_count' could end up to be same.
+This could lead to an OOB access issue. Correct transfer data length
+to avoid it.
+
+Cc: qemu-stable@nongnu.org
+Reported-by: Jiang Xin <jiangxin1@huawei.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20170130064736.9236-1-ppandit@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ hw/sd/sdhci.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
+index 01fbf228be..5bd5ab6319 100644
+--- a/hw/sd/sdhci.c
++++ b/hw/sd/sdhci.c
+@@ -536,7 +536,7 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
+                 boundary_count -= block_size - begin;
+             }
+             dma_memory_read(&address_space_memory, s->sdmasysad,
+-                            &s->fifo_buffer[begin], s->data_count);
++                            &s->fifo_buffer[begin], s->data_count - begin);
+             s->sdmasysad += s->data_count - begin;
+             if (s->data_count == block_size) {
+                 for (n = 0; n < block_size; n++) {
+-- 
+2.11.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5856.patch b/gnu/packages/patches/qemu-CVE-2017-5856.patch
new file mode 100644
index 0000000000..bee0824c0a
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5856.patch
@@ -0,0 +1,68 @@
+http://git.qemu.org/?p=qemu.git;a=patch;h=765a707000e838c30b18d712fe6cb3dd8e0435f3
+this patch is from qemu-git.
+
+
+From 765a707000e838c30b18d712fe6cb3dd8e0435f3 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Mon, 2 Jan 2017 11:03:33 +0100
+Subject: [PATCH] megasas: fix guest-triggered memory leak
+
+If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd
+will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory.
+Avoid this by returning only the status from map_dcmd, and loading
+cmd->iov_size in the caller.
+
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/scsi/megasas.c |   11 ++++++-----
+ 1 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
+index 67fc1e7..6233865 100644
+--- a/hw/scsi/megasas.c
++++ b/hw/scsi/megasas.c
+@@ -683,14 +683,14 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd)
+         trace_megasas_dcmd_invalid_sge(cmd->index,
+                                        cmd->frame->header.sge_count);
+         cmd->iov_size = 0;
+-        return -1;
++        return -EINVAL;
+     }
+     iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
+     iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
+     pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1);
+     qemu_sglist_add(&cmd->qsg, iov_pa, iov_size);
+     cmd->iov_size = iov_size;
+-    return cmd->iov_size;
++    return 0;
+ }
+ 
+ static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size)
+@@ -1559,19 +1559,20 @@ static const struct dcmd_cmd_tbl_t {
+ 
+ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
+ {
+-    int opcode, len;
++    int opcode;
+     int retval = 0;
++    size_t len;
+     const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
+ 
+     opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+     trace_megasas_handle_dcmd(cmd->index, opcode);
+-    len = megasas_map_dcmd(s, cmd);
+-    if (len < 0) {
++    if (megasas_map_dcmd(s, cmd) < 0) {
+         return MFI_STAT_MEMORY_NOT_AVAILABLE;
+     }
+     while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
+         cmdptr++;
+     }
++    len = cmd->iov_size;
+     if (cmdptr->opcode == -1) {
+         trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
+         retval = megasas_dcmd_dummy(s, cmd);
+-- 
+1.7.0.4
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5898.patch b/gnu/packages/patches/qemu-CVE-2017-5898.patch
new file mode 100644
index 0000000000..5a94bb1ae4
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5898.patch
@@ -0,0 +1,44 @@
+Fix CVE-2017-5898 (integer overflow in emulated_apdu_from_guest):
+
+http://seclists.org/oss-sec/2017/q1/328
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5898
+
+Patch copied from upstream source repository:
+
+http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a
+
+From c7dfbf322595ded4e70b626bf83158a9f3807c6a Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Fri, 3 Feb 2017 00:52:28 +0530
+Subject: [PATCH] usb: ccid: check ccid apdu length
+
+CCID device emulator uses Application Protocol Data Units(APDU)
+to exchange command and responses to and from the host.
+The length in these units couldn't be greater than 65536. Add
+check to ensure the same. It'd also avoid potential integer
+overflow in emulated_apdu_from_guest.
+
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 20170202192228.10847-1-ppandit@redhat.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/dev-smartcard-reader.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
+index 89e11b68c4..1325ea1659 100644
+--- a/hw/usb/dev-smartcard-reader.c
++++ b/hw/usb/dev-smartcard-reader.c
+@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv)
+     DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__,
+                 recv->hdr.bSeq, len);
+     ccid_add_pending_answer(s, (CCID_Header *)recv);
+-    if (s->card) {
++    if (s->card && len <= BULK_OUT_DATA_SIZE) {
+         ccid_card_apdu_from_guest(s->card, recv->abData, len);
+     } else {
+         DPRINTF(s, D_WARN, "warning: discarded apdu\n");
+-- 
+2.11.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5931.patch b/gnu/packages/patches/qemu-CVE-2017-5931.patch
new file mode 100644
index 0000000000..08910e5fac
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5931.patch
@@ -0,0 +1,55 @@
+Fix CVE-2017-5931 (integer overflow in handling virtio-crypto requests):
+
+http://seclists.org/oss-sec/2017/q1/337
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5931
+
+Patch copied from upstream source repository:
+
+http://git.qemu-project.org/?p=qemu.git;a=commit;h=a08aaff811fb194950f79711d2afe5a892ae03a4
+
+From a08aaff811fb194950f79711d2afe5a892ae03a4 Mon Sep 17 00:00:00 2001
+From: Gonglei <arei.gonglei@huawei.com>
+Date: Tue, 3 Jan 2017 14:50:03 +0800
+Subject: [PATCH] virtio-crypto: fix possible integer and heap overflow
+
+Because the 'size_t' type is 4 bytes in 32-bit platform, which
+is the same with 'int'. It's easy to make 'max_len' to zero when
+integer overflow and then cause heap overflow if 'max_len' is zero.
+
+Using uint_64 instead of size_t to avoid the integer overflow.
+
+Cc: qemu-stable@nongnu.org
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Gonglei <arei.gonglei@huawei.com>
+Tested-by: Li Qiang <liqiang6-s@360.cn>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ hw/virtio/virtio-crypto.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
+index 2f2467e859..c23e1ad458 100644
+--- a/hw/virtio/virtio-crypto.c
++++ b/hw/virtio/virtio-crypto.c
+@@ -416,7 +416,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
+     uint32_t hash_start_src_offset = 0, len_to_hash = 0;
+     uint32_t cipher_start_src_offset = 0, len_to_cipher = 0;
+ 
+-    size_t max_len, curr_size = 0;
++    uint64_t max_len, curr_size = 0;
+     size_t s;
+ 
+     /* Plain cipher */
+@@ -441,7 +441,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
+         return NULL;
+     }
+ 
+-    max_len = iv_len + aad_len + src_len + dst_len + hash_result_len;
++    max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len;
+     if (unlikely(max_len > vcrypto->conf.max_size)) {
+         virtio_error(vdev, "virtio-crypto too big length");
+         return NULL;
+-- 
+2.11.1
+
diff --git a/gnu/packages/patches/screen-CVE-2017-5618.patch b/gnu/packages/patches/screen-CVE-2017-5618.patch
new file mode 100644
index 0000000000..1b95e428c8
--- /dev/null
+++ b/gnu/packages/patches/screen-CVE-2017-5618.patch
@@ -0,0 +1,40 @@
+Fixes CVE-2017-5618 (privilege escalation via opening the logfile when
+screen is installed setuid root):
+
+https://savannah.gnu.org/bugs/?50142
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5618
+
+This patch reverts the upstream commit that introduced the bug:
+
+https://git.savannah.gnu.org/cgit/screen.git/commit/?id=5460f5d28c01a9a58e021eb1dffef2965e629d58
+
+From f55b0cc29a0ac2a1c54e8a5e886b7393edd4a76c Mon Sep 17 00:00:00 2001
+From: Leo Famulari <leo@famulari.name>
+Date: Sat, 11 Feb 2017 22:40:24 -0500
+Subject: [PATCH] Revert "adding permissions check for the logfile name"
+
+This reverts commit 5460f5d28c01a9a58e021eb1dffef2965e629d58.
+---
+ src/screen.c | 6 ------
+ 1 file changed, 6 deletions(-)
+
+diff --git a/src/screen.c b/src/screen.c
+index 64650e9..283c305 100644
+--- a/src/screen.c
++++ b/src/screen.c
+@@ -673,12 +673,6 @@ int main(int ac, char** av)
+                 Panic(0, "-L: logfile name can not start with \"-\" symbol");
+               if (strlen(screenlogfile) > PATH_MAX)
+                 Panic(0, "-L: logfile name too long. (max. %d char)", PATH_MAX);
+-
+-              FILE *w_check;
+-              if ((w_check = fopen(screenlogfile, "w")) == NULL)
+-                Panic(0, "-L: logfile name access problem");
+-              else
+-                fclose(w_check);
+             }
+             nwin_options.Lflag = 1;
+             break;
+-- 
+2.11.1
+
diff --git a/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch b/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch
new file mode 100644
index 0000000000..3f357c4924
--- /dev/null
+++ b/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch
@@ -0,0 +1,31 @@
+Patch copied from upstream source repository:
+
+https://github.com/shadow-maint/shadow/commit/67d2bb6e0a5ac124ce1f026dd5723217b1493194
+
+From 67d2bb6e0a5ac124ce1f026dd5723217b1493194 Mon Sep 17 00:00:00 2001
+From: Serge Hallyn <serge@hallyn.com>
+Date: Sun, 18 Sep 2016 21:31:18 -0500
+Subject: [PATCH] su.c: fix missing length argument to snprintf
+
+---
+ src/su.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/su.c b/src/su.c
+index 0c50a9456afd..93ffd2fbe2b4 100644
+--- a/src/su.c
++++ b/src/su.c
+@@ -373,8 +373,8 @@ static void prepare_pam_close_session (void)
+ 		              stderr);
+ 		(void) kill (-pid_child, caught);
+ 
+-		snprintf (kill_msg, _(" ...killed.\n"));
+-		snprintf (wait_msg, _(" ...waiting for child to terminate.\n"));
++		snprintf (kill_msg, 256, _(" ...killed.\n"));
++		snprintf (wait_msg, 256, _(" ...waiting for child to terminate.\n"));
+ 
+ 		(void) signal (SIGALRM, kill_child);
+ 		(void) alarm (2);
+-- 
+2.11.0.rc2
+
diff --git a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch b/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch
index b63d5bb018..4092261f75 100644
--- a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch
+++ b/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch
@@ -1,19 +1,19 @@
-From 53eda9102b969a4be2882cea4befee03591a7436 Mon Sep 17 00:00:00 2001
-From: Pjotr Prins <pjotr.public01@thebird.nl>
-Date: Fri, 12 Feb 2016 12:43:33 +0100
-Subject: [PATCH] Remove contribs
+From 49d83e24a8e66977056fc9920812265c16806500 Mon Sep 17 00:00:00 2001
+From: carolili <carolili@iki.fi>
+Date: Thu, 9 Feb 2017 19:24:49 +0000
+Subject: [PATCH] Removing contribs
 
 ---
- configure.ac | 20 --------------------
- 1 file changed, 20 deletions(-)
+ configure.ac | 22 ----------------------
+ 1 file changed, 22 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index fedf354..e010732 100644
+index 1cf1051..5d76b44 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -438,26 +438,6 @@ dnl All slurm Makefiles:
+@@ -435,28 +435,6 @@ dnl All slurm Makefiles:
+ 
  AC_CONFIG_FILES([Makefile
- 		 config.xml
  		 auxdir/Makefile
 -		 contribs/Makefile
 -		 contribs/cray/Makefile
@@ -27,7 +27,9 @@ index fedf354..e010732 100644
 -		 contribs/perlapi/libslurm/perl/Makefile.PL
 -		 contribs/perlapi/libslurmdb/Makefile
 -		 contribs/perlapi/libslurmdb/perl/Makefile.PL
+-		 contribs/seff/Makefile
 -		 contribs/torque/Makefile
+-		 contribs/openlava/Makefile
 -		 contribs/phpext/Makefile
 -		 contribs/phpext/slurm_php/config.m4
 -		 contribs/sgather/Makefile
@@ -39,5 +41,5 @@ index fedf354..e010732 100644
  		 doc/man/Makefile
  		 doc/man/man1/Makefile
 -- 
-2.1.4
+2.11.0
 
diff --git a/gnu/packages/patches/spice-CVE-2016-9577.patch b/gnu/packages/patches/spice-CVE-2016-9577.patch
new file mode 100644
index 0000000000..a2cb558cd3
--- /dev/null
+++ b/gnu/packages/patches/spice-CVE-2016-9577.patch
@@ -0,0 +1,33 @@
+Prevent buffer overflow when reading large messages.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1401603
+https://access.redhat.com/security/cve/CVE-2016-9577
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9577
+https://security-tracker.debian.org/tracker/CVE-2016-9577
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3
+
+From 5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3 Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Tue, 29 Nov 2016 16:46:56 +0000
+Subject: main-channel: Prevent overflow reading messages from client
+
+diff --git a/server/main_channel.c b/server/main_channel.c
+index 0ecc9df..1fc3915 100644
+--- a/server/main_channel.c
++++ b/server/main_channel.c
+@@ -1026,6 +1026,9 @@ static uint8_t *main_channel_alloc_msg_rcv_buf(RedChannelClient *rcc,
+ 
+     if (type == SPICE_MSGC_MAIN_AGENT_DATA) {
+         return reds_get_agent_data_buffer(mcc, size);
++    } else if (size > sizeof(main_chan->recv_buf)) {
++        /* message too large, caller will log a message and close the connection */
++        return NULL;
+     } else {
+         return main_chan->recv_buf;
+     }
+-- 
+cgit v0.10.2
+
diff --git a/gnu/packages/patches/spice-CVE-2016-9578-1.patch b/gnu/packages/patches/spice-CVE-2016-9578-1.patch
new file mode 100644
index 0000000000..f86cdb4eb1
--- /dev/null
+++ b/gnu/packages/patches/spice-CVE-2016-9578-1.patch
@@ -0,0 +1,33 @@
+Prevent possible DoS during protocol handshake.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1399566
+https://access.redhat.com/security/cve/CVE-2016-9578
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578
+https://security-tracker.debian.org/tracker/CVE-2016-9578
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a
+
+From 1c6517973095a67c8cb57f3550fc1298404ab556 Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Tue, 13 Dec 2016 14:39:48 +0000
+Subject: Prevent possible DoS attempts during protocol handshake
+
+diff --git a/server/reds.c b/server/reds.c
+index f40b65c..86a33d5 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -2202,7 +2202,8 @@ static void reds_handle_read_header_done(void *opaque)
+ 
+     reds->peer_minor_version = header->minor_version;
+ 
+-    if (header->size < sizeof(SpiceLinkMess)) {
++    /* the check for 4096 is to avoid clients to cause arbitrary big memory allocations */
++    if (header->size < sizeof(SpiceLinkMess) || header->size > 4096) {
+         reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
+         spice_warning("bad size %u", header->size);
+         reds_link_free(link);
+-- 
+cgit v0.10.2
+
diff --git a/gnu/packages/patches/spice-CVE-2016-9578-2.patch b/gnu/packages/patches/spice-CVE-2016-9578-2.patch
new file mode 100644
index 0000000000..76f7ec7ffb
--- /dev/null
+++ b/gnu/packages/patches/spice-CVE-2016-9578-2.patch
@@ -0,0 +1,38 @@
+Fixes a potential buffer overflow in the protocol handling.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1399566
+https://access.redhat.com/security/cve/CVE-2016-9578
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578
+https://security-tracker.debian.org/tracker/CVE-2016-9578
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a
+
+From f66dc643635518e53dfbe5262f814a64eec54e4a Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Tue, 13 Dec 2016 14:40:10 +0000
+Subject: Prevent integer overflows in capability checks
+
+diff --git a/server/reds.c b/server/reds.c
+index 86a33d5..9150454 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -2110,6 +2110,14 @@ static void reds_handle_read_link_done(void *opaque)
+     link_mess->num_channel_caps = GUINT32_FROM_LE(link_mess->num_channel_caps);
+     link_mess->num_common_caps = GUINT32_FROM_LE(link_mess->num_common_caps);
+ 
++    /* Prevent DoS. Currently we defined only 13 capabilities,
++     * I expect 1024 to be valid for quite a lot time */
++    if (link_mess->num_channel_caps > 1024 || link_mess->num_common_caps > 1024) {
++        reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
++        reds_link_free(link);
++        return;
++    }
++
+     num_caps = link_mess->num_common_caps + link_mess->num_channel_caps;
+     caps = (uint32_t *)((uint8_t *)link_mess + link_mess->caps_offset);
+ 
+-- 
+cgit v0.10.2
+
diff --git a/gnu/packages/patches/tipp10-fix-compiling.patch b/gnu/packages/patches/tipp10-fix-compiling.patch
new file mode 100644
index 0000000000..4c206d4d83
--- /dev/null
+++ b/gnu/packages/patches/tipp10-fix-compiling.patch
@@ -0,0 +1,213 @@
+Description: Debian patches to make tipp10 compile
+Author: Christoph Martin <chrism@debian.org>
+Last-Update: 2016-07-20
+
+https://sources.debian.net/data/main/t/tipp10/2.1.0-2/debian/patches/0001-FixCompiling
+
+--- a/widget/tickerboard.cpp
++++ b/widget/tickerboard.cpp
+@@ -97,7 +97,8 @@ void TickerBoard::startTicker(bool wasPa
+ 

+ 		if (tickerSpeed == 50) {

+ 			scrollOffset = 290;

+-			scroll(-290, 0, QRect::QRect(10, 15, 590, 35)); //contentsRect());

++			const QRect qr = QRect(10, 15, 590, 35);

++			scroll(-290, 0, qr); //contentsRect());

+ 		}

+ 

+ 		startFlag = true;

+@@ -153,7 +154,8 @@ void TickerBoard::changeChar() {
+ 			scrollOffset = 0;

+ 		} else {

+ 			scrollOffset = 290;

+-			scroll(-290, 0, QRect::QRect(10, 15, 590, 35)); //contentsRect());

++			const QRect qr = QRect(10, 15, 590, 35);

++			scroll(-290, 0, qr); //contentsRect());

+ 		}

+ 		splitLesson();

+ 	}

+@@ -242,7 +244,8 @@ void TickerBoard::progress() {
+ 

+ 				// Move ticker 1 pixel to left

+ 				scrollOffset++;

+-				scroll(-1, 0, QRect::QRect(10, 15, 590, 35)); //contentsRect());

++				const QRect qr = QRect(10, 15, 590, 35);

++				scroll(-1, 0, qr); //contentsRect());

+ 

+ 				if ((lessonOffset - scrollOffset) <= 30) {

+ 					setSpeed(tickerSpeed);

+@@ -265,14 +268,16 @@ void TickerBoard::progress() {
+ 			// 160 pixels overage (because the user must see at least the next word)

+ 			if ((lessonOffset - scrollOffset) > 200) {

+ 				scrollOffset += (lessonOffset - scrollOffset) - 200;

+-				scroll(-((lessonOffset - scrollOffset) - 200), 0, QRect::QRect(10, 15, 590, 35)); //contentsRect());

++				const QRect qr = QRect(10, 15, 590, 35);

++				scroll(-((lessonOffset - scrollOffset) - 200), 0, qr); //contentsRect());

+ 			}

+ 		} else {

+ 			// If the user types faster than the ticker, move ticker faster after

+ 			// 160 pixels overage (because the user must see at least the next word)

+ 			if ((lessonOffset - scrollOffset) > 280) {

+ 				scrollOffset += 570;

+-				scroll(-570, 0, QRect::QRect(10, 15, 590, 35)); //contentsRect());

++				const QRect qr = QRect(10, 15, 590, 35);

++				scroll(-570, 0, qr); //contentsRect());

+ 			}

+ 

+ 		}

+--- a/widget/settingspages.cpp
++++ b/widget/settingspages.cpp
+@@ -501,7 +501,7 @@ void DatabasePage::writeSettings() {
+ 	QSettings settings;

+ 	#endif

+ 	settings.beginGroup("database");

+-	settings.setValue("pathpro", lineDatabasePath->text() + "/" + QString::QString(APP_USER_DB));

++	settings.setValue("pathpro", lineDatabasePath->text() + "/" + QString(APP_USER_DB));

+ 	settings.endGroup();

+ }

+ 

+--- a/widget/lessondialog.cpp
++++ b/widget/lessondialog.cpp
+@@ -89,7 +89,7 @@ void LessonDialog::updateContent() {
+ 			*lessonData = lineLessonContent->toPlainText().split("\n", QString::SkipEmptyParts);

+ 			// Delete empty lines

+ 			for (int i = 0; i < lessonData->size(); i++) {

+-				if (QString::QString(lessonData->at(i).toLocal8Bit().constData()).simplified() == "") {

++				if (QString(lessonData->at(i).toLocal8Bit().constData()).simplified() == "") {

+ 					lessonData->removeAt(i);

+ 				}

+ 			}

+@@ -259,7 +259,7 @@ void LessonDialog::clickSave() {
+ 	contentList = lineLessonContent->toPlainText().split("\n", QString::SkipEmptyParts);

+ 	// Delete empty lines

+ 	for (i = 0; i < contentList.size(); i++) {

+-		if (QString::QString(contentList.at(i).toLocal8Bit().constData()).simplified() == "") {

++		if (QString(contentList.at(i).toLocal8Bit().constData()).simplified() == "") {

+ 			contentList.removeAt(i);

+ 		}

+ 	}

+--- a/sql/chartablesql.cpp
++++ b/sql/chartablesql.cpp
+@@ -57,7 +57,7 @@ QVariant CharSqlModel::data(const QModel
+ 			// Read the unicode value

+ 			unicode = value.toInt();

+ 			// Convert unicode to a char

+-			unicodeToChar = QString::QString(QChar(unicode)); //"\'" + QString::QString(QChar(unicode)) + "\'";

++			unicodeToChar = QString(QChar(unicode)); //"\'" + QString::QString(QChar(unicode)) + "\'";

+ 			return unicodeToChar;

+ 		} else {

+ 			// Last column (error weight)

+--- a/sql/startsql.cpp
++++ b/sql/startsql.cpp
+@@ -344,7 +344,7 @@ bool StartSql::updateOwnLesson(QString l
+ 		for (i = 0; i < content.size(); i++) {

+ 			//simplifiedContent = QString::QString(

+ 			//	content.at(i)).replace(QChar(0x27), "''", Qt::CaseSensitive).simplified();

+-			simplifiedContent = trim(QString::QString(

++			simplifiedContent = trim(QString(

+ 				content.at(i)).replace(QChar(0x27), "''", Qt::CaseSensitive));

+ 

+ 			if (!query.exec("INSERT INTO own_content VALUES(NULL,'" +

+--- a/def/defines.h
++++ b/def/defines.h
+@@ -27,9 +27,9 @@ Foundation, Inc., 51 Franklin Street, Fi
+ #define DEFINES_H

+ 

+ // OS constants

+-#define APP_WIN						true

++#define APP_WIN						false

+ #define APP_MAC						false

+-#define APP_X11						false

++#define APP_X11						true

+ #define APP_PORTABLE				false //at least one of the 3 OS must be true too!

+ 

+ // Languages

+@@ -47,6 +47,7 @@ Foundation, Inc., 51 Franklin Street, Fi
+ #define APP_URL 					"http://www.tipp10.com"

+ #define APP_DB 						"tipp10v2.template"

+ #define APP_USER_DB					"tipp10v2.db"

++#define APP_SHARE_DIR					"/usr/share/tipp10"

+ 

+ // Update constants

+ #define UPDATE_URL 					"www.tipp10.com"

+--- a/tipp10.pro
++++ b/tipp10.pro
+@@ -88,3 +88,15 @@ SOURCES         += 	main.cpp \
+                     sql/startsql.cpp \

+                     games/abcrainwidget.cpp \

+                     games/charball.cpp

++

++target.path = /usr/bin/

++INSTALLS += target

++share.path = /usr/share/tipp10/

++share.files = release/* *wav

++INSTALLS += share

++desktop.path = /usr/share/applications/

++desktop.files = tipp10.desktop

++INSTALLS += desktop

++pixmap.path = /usr/share/pixmaps/

++pixmap.files = tipp10.png

++INSTALLS += pixmap

+--- a/sql/connection.h
++++ b/sql/connection.h
+@@ -179,11 +179,13 @@ static bool createConnection() {
+ 				CANCEL_NO, "Betroffener Pfad:\n" + dbPath);*/

+ 			// Try to create new databae in user path

+ 			// Exist a database in the program dir?

+-			if (QFile::exists(QCoreApplication::applicationDirPath() + "/" + dbNameTemplate)) {

++			// if (QFile::exists(QCoreApplication::applicationDirPath() + "/" + dbNameTemplate)) {

++		  	if (QFile::exists(QString(APP_SHARE_DIR) + "/" + dbNameTemplate)) {

+ 			//if (QFile::exists(":/" + dbNameTemplate)) {

+ 				// A database exist in the program dir

+ 				// -> copy database to user home dir

+-				QFile file(QCoreApplication::applicationDirPath() + "/" + dbNameTemplate);

++				// QFile file(QCoreApplication::applicationDirPath() + "/" + dbNameTemplate);

++			  	QFile file(QString(APP_SHARE_DIR) + "/" + dbNameTemplate);

+ 				//QFile file(":/" + dbNameTemplate);

+ 				if (file.copy(dbPath)) {

+ 					QFile::setPermissions(dbPath, QFile::permissions(dbPath) | QFile::WriteUser);

+@@ -229,7 +231,8 @@ static bool createConnection() {
+ 		// Exist a database in user's home dir?

+ 		if (!QFile::exists(dbPath)) {

+ 			// Exist a database template in the program dir?

+-			dbPath = QCoreApplication::applicationDirPath() + "/" + dbNameTemplate;

++			// dbPath = QCoreApplication::applicationDirPath() + "/" + dbNameTemplate;

++		  	dbPath = QString(APP_SHARE_DIR) + "/" + dbNameTemplate;

+ 			//dbPath = ":/" + dbNameTemplate;

+ 			if (QFile::exists(dbPath)) {

+ 				// A database template exist in the program dir

+--- a/widget/helpbrowser.cpp
++++ b/widget/helpbrowser.cpp
+@@ -52,13 +52,15 @@ HelpBrowser::HelpBrowser(QString link, Q
+     textBrowser->setOpenExternalLinks(true);

+ 	

+     textBrowser->setSource(QString("file:///") + 

+-    	QCoreApplication::applicationDirPath() + 

++	// QCoreApplication::applicationDirPath() + 

++    	APP_SHARE_DIR + 

+     	QString("/help/") + language + QString("/index.html"));

+     	

+     if (link != "") {

+     

+ 		textBrowser->setSource(QString("file:///") + 

+-			QCoreApplication::applicationDirPath() + 

++			// QCoreApplication::applicationDirPath() + 

++			APP_SHARE_DIR + 

+ 			QString("/help/") + language + QString("/content/") + link);

+ 			

+ 	}

+--- a/tipp10.desktop
++++ b/tipp10.desktop
+@@ -1,10 +1,10 @@
+ [Desktop Entry]
+-Encoding=UTF-8
+ Name=TIPP10
+ Comment=Touch Typing Tutor
+ Comment[de]=10-Finger-Schreibtrainer
+-Exec=tipp10
++Exec=/usr/bin/tipp10
+ Icon=tipp10.png
+ Terminal=false
+ Type=Application
+ Categories=Education;
++Keywords=learning;touchtyping
diff --git a/gnu/packages/patches/tipp10-remove-license-code.patch b/gnu/packages/patches/tipp10-remove-license-code.patch
new file mode 100644
index 0000000000..4b7487e726
--- /dev/null
+++ b/gnu/packages/patches/tipp10-remove-license-code.patch
@@ -0,0 +1,332 @@
+Description: Remove license dialog and license key checking
+
+https://sources.debian.net/data/main/t/tipp10/2.1.0-2/debian/patches/0002-RemoveLicenseCode
+
+--- a/main.cpp
++++ b/main.cpp
+@@ -33,7 +33,6 @@ Foundation, Inc., 51 Franklin Street, Fi
+ #include "def/defines.h"

+ #include "sql/connection.h"

+ #include "widget/mainwindow.h"

+-#include "widget/licensedialog.h"

+ #include "widget/illustrationdialog.h"

+ 

+ int main(int argc, char *argv[]) {

+@@ -59,7 +58,7 @@ int main(int argc, char *argv[]) {
+ 	QSettings settings;

+ 	#endif

+ 

+-	// Read/write language, license key and show illustration flag

++	// Read/write language and show illustration flag

+ 	settings.beginGroup("general");

+ 	QString languageGui = settings.value("language_gui",

+ 		QLocale::system().name()).toString();

+@@ -101,7 +100,6 @@ int main(int argc, char *argv[]) {
+ 	QString languageLesson = settings.value("language_lesson",

+ 		"").toString();

+ 

+-	QString licenseKey = settings.value("licensekey", "").toString();

+ 	bool showIllustration = settings.value("check_illustration", true).toBool();

+ 	bool useNativeStyle = settings.value("check_native_style", false).toBool();

+ 	settings.endGroup();

+--- a/tipp10.pro
++++ b/tipp10.pro
+@@ -43,7 +43,6 @@ HEADERS         += 	def/defines.h \
+                     widget/helpbrowser.h \

+                     widget/companylogo.h \

+                     widget/errormessage.h \

+-                    widget/licensedialog.h \

+                     widget/txtmessagedialog.h \

+                     widget/checkversion.h \

+                     sql/connection.h \

+@@ -78,7 +77,6 @@ SOURCES         += 	main.cpp \
+                     widget/helpbrowser.cpp \

+                     widget/companylogo.cpp \

+                     widget/errormessage.cpp \

+-                    widget/licensedialog.cpp \

+                     widget/txtmessagedialog.cpp \

+                     widget/checkversion.cpp \

+                     sql/lessontablesql.cpp \

+--- a/widget/licensedialog.cpp
++++ /dev/null
+@@ -1,168 +0,0 @@
+-/*

+-Copyright (c) 2006-2009, Tom Thielicke IT Solutions

+-

+-This program is free software; you can redistribute it and/or

+-modify it under the terms of the GNU General Public License

+-as published by the Free Software Foundation; either version 2

+-of the License.

+-

+-This program is distributed in the hope that it will be useful,

+-but WITHOUT ANY WARRANTY; without even the implied warranty of

+-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+-GNU General Public License for more details.

+-

+-You should have received a copy of the GNU General Public License

+-along with this program; if not, write to the Free Software

+-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

+-02110-1301, USA.

+-*/

+-

+-/****************************************************************

+-**

+-** Implementation of the LicenseDialog class

+-** File name: licensedialog.cpp

+-**

+-****************************************************************/

+-

+-#include <QHBoxLayout>

+-#include <QVBoxLayout>

+-#include <QMessageBox>

+-#include <QSettings>

+-#include <QCoreApplication>

+-

+-#include "licensedialog.h"

+-#include "def/defines.h"

+-

+-LicenseDialog::LicenseDialog(QWidget *parent) : QDialog(parent) {

+-

+-	setWindowFlags(windowFlags() ^ Qt::WindowContextHelpButtonHint);

+-

+-	setWindowTitle(tr("Lizenznummer"));

+-	setWindowIcon(QIcon(":/img/" + QString(ICON_FILENAME)));

+-

+-	// Create texbox

+-    createLineEdit();

+-

+-	// Create buttons

+-    createButtons();

+-

+-	// Set the layout of all widgets created above

+-	createLayout();

+-

+-	lineLicensing->setFocus();

+-}

+-

+-void LicenseDialog::createButtons() {

+-	//Buttons

+-	buttonOk = new QPushButton(this);

+-	buttonDemo = new QPushButton(this);

+-

+-	buttonOk->setText(tr("&Ok"));

+-	buttonDemo->setText(tr("&Demo starten"));

+-	buttonDemo->setToolTip(tr("Im Demo-Modus koennen pro Lektion nur\n"

+-		"10 Schriftzeichen eingegeben werden"));

+-

+-	buttonOk->setDefault(true);

+-	// Widget connections

+-    connect(buttonOk, SIGNAL(clicked()), this, SLOT(clickOk()));

+-    connect(buttonDemo, SIGNAL(clicked()), this, SLOT(clickDemo()));

+-}

+-

+-void LicenseDialog::createLineEdit() {

+-

+-	lineLicensing = new QLineEdit();

+-	lineLicensing->setInputMask(">NNNNNNNNNNNNNN");

+-

+-	labelLicensing = new QLabel(tr("Bitte geben Sie Ihre Lizenznummer "

+-		"(ohne Leerzeichen) ein, "

+-		"die Sie im Arbeitsbuch (Schulbuch) auf Seite 3 finden:"));

+-

+-	labelLicensing->setWordWrap(true);

+-}

+-

+-void LicenseDialog::createLayout() {

+-	// Button layout horizontal

+-	QHBoxLayout *buttonLayoutHorizontal = new QHBoxLayout;

+-    buttonLayoutHorizontal->addStretch(1);

+-    buttonLayoutHorizontal->addWidget(buttonDemo);

+-    buttonLayoutHorizontal->addWidget(buttonOk);

+-	// Full layout of all widgets vertical

+-	QVBoxLayout *mainLayout = new QVBoxLayout;

+-    mainLayout->addSpacing(1);

+-    mainLayout->addWidget(labelLicensing);

+-    mainLayout->addSpacing(1);

+-    mainLayout->addWidget(lineLicensing);

+-    mainLayout->addSpacing(1);

+-    mainLayout->addLayout(buttonLayoutHorizontal);

+-    mainLayout->setMargin(15);

+-    mainLayout->setSpacing(15);

+-    // Pass layout to parent widget (this)

+-	this->setLayout(mainLayout);

+-}

+-

+-void LicenseDialog::clickOk() {

+-

+-	// Check license key

+-	if (!checkLicenseKey(lineLicensing->text())) {

+-

+-		// License key is wrong

+-

+-		// Message to the user

+-		QMessageBox::information(0, APP_NAME,

+-			tr("Die eingegebene Lizenznummer ist leider nicht "

+-			"korrekt.\nBitte ueberpruefen Sie die Schreibweise."));

+-

+-		lineLicensing->setFocus();

+-

+-	} else {

+-

+-		// License key is ok

+-		writeSettings();

+-		accept();

+-	}

+-}

+-

+-void LicenseDialog::clickDemo() {

+-	accept();

+-}

+-

+-bool LicenseDialog::checkLicenseKey(QString licenseKey) {

+-	if (licenseKey.size() == 14 &&

+-		licenseKey[0].isLetter() &&

+-		licenseKey[1].isLetter() &&

+-		(licenseKey.mid(2, 2) == "39" ||

+-		licenseKey.mid(2, 2) == "41" ||

+-		licenseKey.mid(2, 2) == "43" ||

+-		licenseKey.mid(2, 2) == "49" ||

+-		licenseKey.mid(2, 2) == "99") &&

+-		licenseKey[4].isDigit() &&

+-		licenseKey[5].isDigit() &&

+-		licenseKey[6].isDigit() &&

+-		licenseKey[7].isLetter() &&

+-		licenseKey[8].isDigit() &&

+-		licenseKey[9].isDigit() &&

+-		licenseKey[10].isDigit() &&

+-		licenseKey[11].isDigit() &&

+-		licenseKey[12].isLetter() &&

+-		licenseKey[13].isLetter()) {

+-

+-		return true;

+-	}

+-	return false;

+-}

+-

+-void LicenseDialog::writeSettings() {

+-	// Saves settings of the startwiget

+-	// (uses the default constructor of QSettings, passing

+-	// the application and company name see main function)

+-	#if APP_PORTABLE

+-	QSettings settings(QCoreApplication::applicationDirPath() +

+-    	"/portable/settings.ini", QSettings::IniFormat);

+-    #else

+-	QSettings settings;

+-	#endif

+-

+-	settings.beginGroup("general");

+-	settings.setValue("licensekey", lineLicensing->text());

+-	settings.endGroup();

+-}

+--- a/widget/licensedialog.h
++++ /dev/null
+@@ -1,85 +0,0 @@
+-/*

+-Copyright (c) 2006-2009, Tom Thielicke IT Solutions

+-

+-This program is free software; you can redistribute it and/or

+-modify it under the terms of the GNU General Public License

+-as published by the Free Software Foundation; either version 2

+-of the License.

+-

+-This program is distributed in the hope that it will be useful,

+-but WITHOUT ANY WARRANTY; without even the implied warranty of

+-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+-GNU General Public License for more details.

+-

+-You should have received a copy of the GNU General Public License

+-along with this program; if not, write to the Free Software

+-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

+-02110-1301, USA.

+-*/

+-

+-/****************************************************************

+-**

+-** Definition of the LicenseDialog class

+-** File name: licensedialog.h

+-**

+-****************************************************************/

+-

+-#ifndef LICENSEDIALOG_H

+-#define LICENSEDIALOG_H

+-

+-#include <QDialog>

+-#include <QWidget>

+-#include <QPushButton>

+-#include <QLabel>

+-#include <QLineEdit>

+-#include <QString>

+-

+-//! The LicenseDialog class provides a license input widget.

+-/*!

+-	The LicenseDialog class shows a dialog to enter a license key.

+-

+-	@author Tom Thielicke, s712715

+-	@version 0.0.1

+-	@date 09.09.2008

+-*/

+-class LicenseDialog : public QDialog {

+-	Q_OBJECT

+-

+-	public:

+-

+-		//! Constructor, creates two table objects and provide it in two tabs.

+-		LicenseDialog(QWidget *parent = 0);

+-

+-		bool checkLicenseKey(QString licenseKey);

+-

+-	public slots:

+-

+-	private slots:

+-

+-		//! Start button pressed

+-		void clickOk();

+-

+-		//! Demo button pressed

+-		void clickDemo();

+-

+-	private:

+-

+-		//! Creates a cancel and a ok button.

+-		void createButtons();

+-

+-		//! Creates a textbox.

+-		void createLineEdit();

+-

+-		//! Creates the layout of the complete class.

+-		void createLayout();

+-

+-		//! Writes user settings

+-		void writeSettings();

+-

+-		QPushButton *buttonOk;

+-		QPushButton *buttonDemo;

+-		QLabel *labelLicensing;

+-		QLineEdit *lineLicensing;

+-};

+-

+-#endif //LICENSEDIALOG_H

+--- a/widget/mainwindow.cpp
++++ b/widget/mainwindow.cpp
+@@ -116,11 +116,6 @@ void MainWindow::closeEvent(QCloseEvent
+ 	}

+ }

+ 

+-bool MainWindow::checkLicenseKey(QString licenseKey) {

+-

+-    return false;

+-}

+-

+ void MainWindow::createMenu() {

+ 	//Mac-Version:

+ 	//-----------

+--- a/widget/mainwindow.h
++++ b/widget/mainwindow.h
+@@ -39,7 +39,6 @@ Foundation, Inc., 51 Franklin Street, Fi
+ #include "trainingwidget.h"

+ #include "evaluationwidget.h"

+ #include "illustrationdialog.h"

+-#include "licensedialog.h"

+ #include "games/abcrainwidget.h"

+ #include "helpbrowser.h"

+ 

diff --git a/gnu/packages/patches/totem-debug-format-fix.patch b/gnu/packages/patches/totem-debug-format-fix.patch
deleted file mode 100644
index 7ddd31ee10..0000000000
--- a/gnu/packages/patches/totem-debug-format-fix.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- totem-3.20.1/src/backend/bacon-video-widget.c.orig	2016-03-22 12:45:32.000000000 -0400
-+++ totem-3.20.1/src/backend/bacon-video-widget.c	2016-05-11 02:49:55.299109551 -0400
-@@ -2334,7 +2334,7 @@
-     if (!gst_toc_entry_get_start_stop_times (entry, &start, &stop)) {
-       GST_DEBUG ("Chapter #%d (couldn't get times)", i);
-     } else {
--      GST_DEBUG ("Chapter #%d (start: %li stop: %li)", i, start, stop);
-+      GST_DEBUG ("Chapter #%d (start: %li stop: %li)", i, (long) start, (long) stop);
-     }
-   }
- 
diff --git a/gnu/packages/patches/upower-builddir.patch b/gnu/packages/patches/upower-builddir.patch
index 13cef5876a..d59d4364b8 100644
--- a/gnu/packages/patches/upower-builddir.patch
+++ b/gnu/packages/patches/upower-builddir.patch
@@ -37,7 +37,7 @@ Patch by Andy Wingo <wingo@igalia.com>
 -	if (g_file_test ("../etc/UPower.conf", G_FILE_TEST_EXISTS))
 -		g_setenv ("UPOWER_CONF_FILE_NAME", "../etc/UPower.conf", TRUE);
 -	else
--		g_setenv ("UPOWER_CONF_FILE_NAME", "../../etc/UPower.conf", TRUE);
+-		g_setenv ("UPOWER_CONF_FILE_NAME", "../../../etc/UPower.conf", TRUE);
 -
  	/* tests go here */
  	g_test_add_func ("/power/backend", up_test_backend_func);
diff --git a/gnu/packages/patches/vsearch-unbundle-cityhash.patch b/gnu/packages/patches/vsearch-unbundle-cityhash.patch
new file mode 100644
index 0000000000..b1ecb1f063
--- /dev/null
+++ b/gnu/packages/patches/vsearch-unbundle-cityhash.patch
@@ -0,0 +1,73 @@
+diff --git a/src/Makefile.am b/src/Makefile.am
+index e56a8a2..4adcc48 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -3,7 +3,7 @@ bin_PROGRAMS = $(top_builddir)/bin/vsearch
+ if TARGET_PPC
+ AM_CXXFLAGS=-Wall -Wsign-compare -O3 -g -mcpu=power8
+ else
+-AM_CXXFLAGS=-Wall -Wsign-compare -O3 -g
++AM_CXXFLAGS=-Wall -Wsign-compare -O3 -g -lcityhash
+ endif
+ 
+ AM_CFLAGS=$(AM_CXXFLAGS)
+@@ -18,8 +18,6 @@ allpairs.h \
+ arch.h \
+ bitmap.h \
+ chimera.h \
+-city.h \
+-citycrc.h \
+ cluster.h \
+ cpu.h \
+ db.h \
+@@ -59,31 +57,26 @@ xstring.h
+ 
+ if TARGET_PPC
+ libcpu_a_SOURCES = cpu.cc $(VSEARCHHEADERS)
+-noinst_LIBRARIES = libcpu.a libcityhash.a
++noinst_LIBRARIES = libcpu.a
+ else
+ libcpu_sse2_a_SOURCES = cpu.cc $(VSEARCHHEADERS)
+ libcpu_sse2_a_CXXFLAGS = $(AM_CXXFLAGS) -msse2
+ libcpu_ssse3_a_SOURCES = cpu.cc $(VSEARCHHEADERS)
+ libcpu_ssse3_a_CXXFLAGS = $(AM_CXXFLAGS) -mssse3 -DSSSE3
+-noinst_LIBRARIES = libcpu_sse2.a libcpu_ssse3.a libcityhash.a
++noinst_LIBRARIES = libcpu_sse2.a libcpu_ssse3.a
+ endif
+ 
+-libcityhash_a_SOURCES = city.cc city.h
+-
+ if TARGET_WIN
+ 
+-libcityhash_a_CXXFLAGS = -Wall -Wno-sign-compare -O3 -g -D_MSC_VER
+-__top_builddir__bin_vsearch_LDFLAGS = -static
+-__top_builddir__bin_vsearch_LDADD = libregex.a libcityhash.a libcpu_ssse3.a libcpu_sse2.a
++__top_builddir__bin_vsearch_LDFLAGS = -static -lcityhash
++__top_builddir__bin_vsearch_LDADD = libregex.a libcpu_ssse3.a libcpu_sse2.a
+ 
+ else
+ 
+-libcityhash_a_CXXFLAGS = -Wall -Wno-sign-compare -O3 -g
+-
+ if TARGET_PPC
+-__top_builddir__bin_vsearch_LDADD = libcityhash.a libcpu.a
++__top_builddir__bin_vsearch_LDADD = libcpu.a
+ else
+-__top_builddir__bin_vsearch_LDADD = libcityhash.a libcpu_ssse3.a libcpu_sse2.a
++__top_builddir__bin_vsearch_LDADD = libcpu_ssse3.a libcpu_sse2.a
+ endif
+ 
+ endif
+diff --git a/src/vsearch.h b/src/vsearch.h
+index f2c244b..5f51bbe 100644
+--- a/src/vsearch.h
++++ b/src/vsearch.h
+@@ -148,7 +148,7 @@
+ #include <bzlib.h>
+ #endif
+ 
+-#include "city.h"
++#include <city.h>
+ #include "md5.h"
+ #include "sha1.h"
+ 
diff --git a/gnu/packages/patches/xf86-video-glint-remove-mibstore.patch b/gnu/packages/patches/xf86-video-glint-remove-mibstore.patch
deleted file mode 100644
index 969ed7e41e..0000000000
--- a/gnu/packages/patches/xf86-video-glint-remove-mibstore.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Removes references to mibstore.h and miInitializeBackingStore, which
-have been removed from xorg-server.  Zack Rusin <zackr@vmware.com>
-wrote: "It was a noop for at least 5 years and it has been removed."
-See: http://patches.openembedded.org/patch/46133/
-
---- xf86-video-glint-1.2.8/src/glint_driver.c.~1~	2012-07-15 22:50:47.000000000 -0400
-+++ xf86-video-glint-1.2.8/src/glint_driver.c	2014-12-19 00:42:39.162714279 -0500
-@@ -52,8 +52,6 @@
- #include "compiler.h"
- #include "mipointer.h"
- 
--#include "mibstore.h"
--
- #include "pm3_regs.h"
- #include "glint_regs.h"
- #include "IBM.h"
-@@ -2904,7 +2902,6 @@
-         }
-     }
- 
--    miInitializeBackingStore(pScreen);
-     xf86SetBackingStore(pScreen);
-     xf86SetSilkenMouse(pScreen);
- 
diff --git a/gnu/packages/patches/xf86-video-nv-remove-mibstore.patch b/gnu/packages/patches/xf86-video-nv-remove-mibstore.patch
deleted file mode 100644
index 48588ed0e4..0000000000
--- a/gnu/packages/patches/xf86-video-nv-remove-mibstore.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-Removes references to mibstore.h and miInitializeBackingStore, which
-have been removed from xorg-server.  Zack Rusin <zackr@vmware.com>
-wrote: "It was a noop for at least 5 years and it has been removed."
-See: http://patches.openembedded.org/patch/46133/
-
-diff -ru xf86-video-nv-2.1.20.orig/src/g80_driver.c xf86-video-nv-2.1.20/src/g80_driver.c
---- xf86-video-nv-2.1.20.orig/src/g80_driver.c	2012-07-17 02:47:02.000000000 -0400
-+++ xf86-video-nv-2.1.20/src/g80_driver.c	2014-12-17 10:11:42.197579082 -0500
-@@ -34,7 +34,6 @@
- #include <xf86Resources.h>
- #endif
- #include <mipointer.h>
--#include <mibstore.h>
- #include <micmap.h>
- #include <xf86cmap.h>
- #include <fb.h>
-@@ -833,7 +832,6 @@
-         }
-     }
- 
--    miInitializeBackingStore(pScreen);
-     xf86SetBackingStore(pScreen);
-     xf86SetSilkenMouse(pScreen);
- 
-diff -ru xf86-video-nv-2.1.20.orig/src/nv_driver.c xf86-video-nv-2.1.20/src/nv_driver.c
---- xf86-video-nv-2.1.20.orig/src/nv_driver.c	2012-07-17 02:47:02.000000000 -0400
-+++ xf86-video-nv-2.1.20/src/nv_driver.c	2014-12-17 10:11:39.037563413 -0500
-@@ -2550,7 +2550,6 @@
-     if (!pNv->NoAccel)
- 	NVAccelInit(pScreen);
-     
--    miInitializeBackingStore(pScreen);
-     xf86SetBackingStore(pScreen);
-     xf86SetSilkenMouse(pScreen);
- 
-diff -ru xf86-video-nv-2.1.20.orig/src/nv_include.h xf86-video-nv-2.1.20/src/nv_include.h
---- xf86-video-nv-2.1.20.orig/src/nv_include.h	2012-07-17 02:48:19.000000000 -0400
-+++ xf86-video-nv-2.1.20/src/nv_include.h	2014-12-17 10:11:22.089479372 -0500
-@@ -24,9 +24,6 @@
- /* All drivers initialising the SW cursor need this */
- #include "mipointer.h"
- 
--/* All drivers implementing backing store need this */
--#include "mibstore.h"
--
- #include "micmap.h"
- 
- #include "xf86DDC.h"
-diff -ru xf86-video-nv-2.1.20.orig/src/riva_driver.c xf86-video-nv-2.1.20/src/riva_driver.c
---- xf86-video-nv-2.1.20.orig/src/riva_driver.c	2012-07-17 02:47:02.000000000 -0400
-+++ xf86-video-nv-2.1.20/src/riva_driver.c	2014-12-17 10:11:31.101524060 -0500
-@@ -1168,7 +1168,6 @@
-     if (!pRiva->NoAccel)
- 	RivaAccelInit(pScreen);
-     
--    miInitializeBackingStore(pScreen);
-     xf86SetBackingStore(pScreen);
-     xf86SetSilkenMouse(pScreen);
- 
-diff -ru xf86-video-nv-2.1.20.orig/src/riva_include.h xf86-video-nv-2.1.20/src/riva_include.h
---- xf86-video-nv-2.1.20.orig/src/riva_include.h	2012-07-17 02:48:45.000000000 -0400
-+++ xf86-video-nv-2.1.20/src/riva_include.h	2014-12-17 10:11:12.229430478 -0500
-@@ -22,9 +22,6 @@
- /* All drivers initialising the SW cursor need this */
- #include "mipointer.h"
- 
--/* All drivers implementing backing store need this */
--#include "mibstore.h"
--
- #include "micmap.h"
- 
- #include "xf86DDC.h"
diff --git a/gnu/packages/patches/xinetd-CVE-2013-4342.patch b/gnu/packages/patches/xinetd-CVE-2013-4342.patch
new file mode 100644
index 0000000000..ad57bc7b0e
--- /dev/null
+++ b/gnu/packages/patches/xinetd-CVE-2013-4342.patch
@@ -0,0 +1,36 @@
+Fix CVE-2013-4342:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678
+
+Patch copied from upstream source repository:
+
+https://github.com/xinetd-org/xinetd/commit/91e2401a219121eae15244a6b25d2e79c1af5864
+
+From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001
+From: Thomas Swan <thomas.swan@gmail.com>
+Date: Wed, 2 Oct 2013 23:17:17 -0500
+Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for
+ TCPMUX services
+
+Originally reported to Debian in 2005 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678> and rediscovered <https://bugzilla.redhat.com/show_bug.cgi?id=1006100>, xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root).
+---
+ xinetd/builtins.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xinetd/builtins.c b/xinetd/builtins.c
+index 3b85579..34a5bac 100644
+--- a/xinetd/builtins.c
++++ b/xinetd/builtins.c
+@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp )
+    if( SC_IS_INTERNAL( scp ) ) {
+       SC_INTERNAL(scp, nserp);
+    } else {
+-      exec_server(nserp);
++      child_process(nserp);
+    }
+ }
+ 
+-- 
+2.7.4
+
diff --git a/gnu/packages/patches/xinetd-fix-fd-leak.patch b/gnu/packages/patches/xinetd-fix-fd-leak.patch
new file mode 100644
index 0000000000..77e4600185
--- /dev/null
+++ b/gnu/packages/patches/xinetd-fix-fd-leak.patch
@@ -0,0 +1,26 @@
+Fix a file descriptor leak:
+
+https://github.com/xinetd-org/xinetd/issues/23
+
+Patch copied from Debian:
+
+https://anonscm.debian.org/cgit/collab-maint/xinetd.git/tree/debian/patches/000012-fix_fd_leak
+
+Patch sent upstream at https://github.com/xinetd-org/xinetd/pull/26.
+
+diff --git a/xinetd/xgetloadavg.c b/xinetd/xgetloadavg.c
+index 5a26214..fe0f872 100644
+--- a/xinetd/xgetloadavg.c
++++ b/xinetd/xgetloadavg.c
+@@ -34,7 +34,7 @@ double xgetloadavg(void)
+ 
+    if( fscanf(fd, "%lf", &ret) != 1 ) {
+       perror("fscanf");
+-      return -1;
++      ret = -1;
+    }
+ 
+    fclose(fd);
+-- 
+2.7.4
+