summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/bigloo-gc-shebangs.patch18
-rw-r--r--gnu/packages/patches/chicken-CVE-2017-11343.patch57
-rw-r--r--gnu/packages/patches/evince-CVE-2017-1000083.patch109
-rw-r--r--gnu/packages/patches/heimdal-CVE-2017-11103.patch45
-rw-r--r--gnu/packages/patches/heimdal-CVE-2017-6594.patch85
-rw-r--r--gnu/packages/patches/hop-linker-flags.patch60
-rw-r--r--gnu/packages/patches/libusb-0.1-disable-tests.patch15
-rw-r--r--gnu/packages/patches/metabat-fix-compilation.patch39
-rw-r--r--gnu/packages/patches/python-fake-factory-fix-build-32bit.patch36
-rw-r--r--gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch36
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-11334.patch52
-rw-r--r--gnu/packages/patches/quassel-fix-tls-check.patch25
-rw-r--r--gnu/packages/patches/sooperlooper-build-with-wx-30.patch179
-rw-r--r--gnu/packages/patches/spice-CVE-2017-7506.patch158
-rw-r--r--gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch42
15 files changed, 806 insertions, 150 deletions
diff --git a/gnu/packages/patches/bigloo-gc-shebangs.patch b/gnu/packages/patches/bigloo-gc-shebangs.patch
deleted file mode 100644
index 367708610a..0000000000
--- a/gnu/packages/patches/bigloo-gc-shebangs.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Patch shebangs in source that gets unpacked by `configure'.
-
---- bigloo4.1a/gc/install-gc-7.4.0	2014-02-04 14:55:03.000000000 +0100
-+++ bigloo4.1a/gc/install-gc-7.4.0	2014-02-04 14:55:36.000000000 +0100
-@@ -29,10 +29,12 @@ fi
- 
- # untar the two versions of the GC
- $tar xfz $src -C ../gc || (echo "$tar xfz $src failed"; exit 1)
--/bin/rm -rf "../gc/$gc"_fth
-+rm -rf "../gc/$gc"_fth
-+find ../gc/$gc -perm /111 -type f | xargs sed -i -e"s|/bin/sh|`type -P sh`|g"
- mv ../gc/$gc "../gc/$gc"_fth || (echo "mv $gc failed"; exit 1)
- 
- $tar xfz $src  -C ../gc || (echo "$tar xfz $src failed"; exit 1)
-+find ../gc/$gc -perm /111 -type f | xargs sed -i -e"s|/bin/sh|`type -P sh`|g"
- 
- # general Bigloo patch
- (cd "../gc/$gc"_fth && $patch -p1 < ../$gc.patch > /dev/null)
diff --git a/gnu/packages/patches/chicken-CVE-2017-11343.patch b/gnu/packages/patches/chicken-CVE-2017-11343.patch
new file mode 100644
index 0000000000..1d46ad50d9
--- /dev/null
+++ b/gnu/packages/patches/chicken-CVE-2017-11343.patch
@@ -0,0 +1,57 @@
+Fix CVE-2017-11343:
+
+https://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11343
+
+Patch copied from upstream mailing list:
+
+http://lists.gnu.org/archive/html/chicken-hackers/2017-06/txtod8Pa1wGU0.txt
+
+From ae2633195cc5f4f61c9da4ac90f0c14c010dcc3d Mon Sep 17 00:00:00 2001
+From: Peter Bex <address@hidden>
+Date: Fri, 30 Jun 2017 15:39:45 +0200
+Subject: [PATCH 2/2] Initialize symbol table after setting up randomization
+
+Otherwise, the symbol table wouldn't be correctly randomized.
+---
+ NEWS      | 3 +++
+ runtime.c | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+#diff --git a/NEWS b/NEWS
+#index f4b0e041..6588b30e 100644
+#--- a/NEWS
+#+++ b/NEWS
+#@@ -96,6 +96,9 @@
+#     buffer overrun and/or segfault (thanks to Lemonboy).
+#   - CVE-2017-9334: `length' no longer crashes on improper lists (fixes
+#     #1375, thanks to "megane").
+#+  - The randomization factor of the symbol table was set before
+#+    the random seed was set, causing it to have a fixed value on many
+#+    platforms.
+# 
+# - Core Libraries
+#   - Unit "posix": If file-lock, file-lock/blocking or file-unlock are
+diff --git a/runtime.c b/runtime.c
+index 81c54dd2..a4580abc 100644
+--- a/runtime.c
++++ b/runtime.c
+@@ -799,7 +799,6 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel)
+   C_initial_timer_interrupt_period = INITIAL_TIMER_INTERRUPT_PERIOD;
+   C_timer_interrupt_counter = INITIAL_TIMER_INTERRUPT_PERIOD;
+   memset(signal_mapping_table, 0, sizeof(int) * NSIG);
+-  initialize_symbol_table();
+   C_dlerror = "cannot load compiled code dynamically - this is a statically linked executable";
+   error_location = C_SCHEME_FALSE;
+   C_pre_gc_hook = NULL;
+@@ -816,6 +815,7 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel)
+   callback_continuation_level = 0;
+   gc_ms = 0;
+   (void)C_randomize(C_fix(time(NULL)));
++  initialize_symbol_table();
+ 
+   if (profiling) {
+ #ifndef C_NONUNIX
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/evince-CVE-2017-1000083.patch b/gnu/packages/patches/evince-CVE-2017-1000083.patch
new file mode 100644
index 0000000000..2ca062f337
--- /dev/null
+++ b/gnu/packages/patches/evince-CVE-2017-1000083.patch
@@ -0,0 +1,109 @@
+Fix CVE-2017-1000083.
+
+http://seclists.org/oss-sec/2017/q3/128
+https://bugzilla.gnome.org/show_bug.cgi?id=784630
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/evince/commit/?id=717df38fd8509bf883b70d680c9b1b3cf36732ee
+
+From 717df38fd8509bf883b70d680c9b1b3cf36732ee Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <hadess@hadess.net>
+Date: Thu, 6 Jul 2017 20:02:00 +0200
+Subject: comics: Remove support for tar and tar-like commands
+
+diff --git a/backend/comics/comics-document.c b/backend/comics/comics-document.c
+index 4c74731..641d785 100644
+--- a/backend/comics/comics-document.c
++++ b/backend/comics/comics-document.c
+@@ -56,8 +56,7 @@ typedef enum
+ 	RARLABS,
+ 	GNAUNRAR,
+ 	UNZIP,
+-	P7ZIP,
+-	TAR
++	P7ZIP
+ } ComicBookDecompressType;
+ 
+ typedef struct _ComicsDocumentClass ComicsDocumentClass;
+@@ -117,9 +116,6 @@ static const ComicBookDecompressCommand command_usage_def[] = {
+ 
+         /* 7zip */
+ 	{NULL               , "%s l -- %s"     , "%s x -y %s -o%s", FALSE, OFFSET_7Z},
+-
+-        /* tar */
+-	{"%s -xOf"          , "%s -tf %s"      , NULL             , FALSE, NO_OFFSET}
+ };
+ 
+ static GSList*    get_supported_image_extensions (void);
+@@ -364,13 +360,6 @@ comics_check_decompress_command	(gchar          *mime_type,
+ 			comics_document->command_usage = GNAUNRAR;
+ 			return TRUE;
+ 		}
+-		comics_document->selected_command =
+-				g_find_program_in_path ("bsdtar");
+-		if (comics_document->selected_command) {
+-			comics_document->command_usage = TAR;
+-			return TRUE;
+-		}
+-
+ 	} else if (g_content_type_is_a (mime_type, "application/x-cbz") ||
+ 		   g_content_type_is_a (mime_type, "application/zip")) {
+ 		/* InfoZIP's unzip program */
+@@ -396,12 +385,6 @@ comics_check_decompress_command	(gchar          *mime_type,
+ 			comics_document->command_usage = P7ZIP;
+ 			return TRUE;
+ 		}
+-		comics_document->selected_command =
+-				g_find_program_in_path ("bsdtar");
+-		if (comics_document->selected_command) {
+-			comics_document->command_usage = TAR;
+-			return TRUE;
+-		}
+ 
+ 	} else if (g_content_type_is_a (mime_type, "application/x-cb7") ||
+ 		   g_content_type_is_a (mime_type, "application/x-7z-compressed")) {
+@@ -425,27 +408,6 @@ comics_check_decompress_command	(gchar          *mime_type,
+ 			comics_document->command_usage = P7ZIP;
+ 			return TRUE;
+ 		}
+-		comics_document->selected_command =
+-				g_find_program_in_path ("bsdtar");
+-		if (comics_document->selected_command) {
+-			comics_document->command_usage = TAR;
+-			return TRUE;
+-		}
+-	} else if (g_content_type_is_a (mime_type, "application/x-cbt") ||
+-		   g_content_type_is_a (mime_type, "application/x-tar")) {
+-		/* tar utility (Tape ARchive) */
+-		comics_document->selected_command =
+-				g_find_program_in_path ("tar");
+-		if (comics_document->selected_command) {
+-			comics_document->command_usage = TAR;
+-			return TRUE;
+-		}
+-		comics_document->selected_command =
+-				g_find_program_in_path ("bsdtar");
+-		if (comics_document->selected_command) {
+-			comics_document->command_usage = TAR;
+-			return TRUE;
+-		}
+ 	} else {
+ 		g_set_error (error,
+ 			     EV_DOCUMENT_ERROR,
+diff --git a/configure.ac b/configure.ac
+index 9e9f831..7eb0f1f 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -795,7 +795,7 @@ AC_SUBST(TIFF_MIME_TYPES)
+ AC_SUBST(APPDATA_TIFF_MIME_TYPES)
+ AM_SUBST_NOTMAKE(APPDATA_TIFF_MIME_TYPES)
+ if test "x$enable_comics" = "xyes"; then
+-        COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-cbt;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;application/x-ext-cbt"
++        COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;"
+         APPDATA_COMICS_MIME_TYPES=$(echo "<mimetype>$COMICS_MIME_TYPES</mimetype>" | sed -e 's/;/<\/mimetype>\n    <mimetype>/g')
+         if test -z "$EVINCE_MIME_TYPES"; then
+            EVINCE_MIME_TYPES="${COMICS_MIME_TYPES}"
+-- 
+cgit v0.12
+
diff --git a/gnu/packages/patches/heimdal-CVE-2017-11103.patch b/gnu/packages/patches/heimdal-CVE-2017-11103.patch
new file mode 100644
index 0000000000..d76f0df369
--- /dev/null
+++ b/gnu/packages/patches/heimdal-CVE-2017-11103.patch
@@ -0,0 +1,45 @@
+Fix CVE-2017-11103:
+
+https://orpheus-lyre.info/
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103
+https://security-tracker.debian.org/tracker/CVE-2017-11103
+
+Patch lifted from upstream source repository:
+
+https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea
+
+From 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea Mon Sep 17 00:00:00 2001
+From: Jeffrey Altman <jaltman@secure-endpoints.com>
+Date: Wed, 12 Apr 2017 15:40:42 -0400
+Subject: [PATCH] CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
+
+In _krb5_extract_ticket() the KDC-REP service name must be obtained from
+encrypted version stored in 'enc_part' instead of the unencrypted version
+stored in 'ticket'.  Use of the unecrypted version provides an
+opportunity for successful server impersonation and other attacks.
+
+Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
+
+Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c
+---
+ lib/krb5/ticket.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/krb5/ticket.c b/lib/krb5/ticket.c
+index d95d96d1b..b8d81c6ad 100644
+--- a/lib/krb5/ticket.c
++++ b/lib/krb5/ticket.c
+@@ -705,8 +705,8 @@ _krb5_extract_ticket(krb5_context context,
+     /* check server referral and save principal */
+     ret = _krb5_principalname2krb5_principal (context,
+ 					      &tmp_principal,
+-					      rep->kdc_rep.ticket.sname,
+-					      rep->kdc_rep.ticket.realm);
++					      rep->enc_part.sname,
++					      rep->enc_part.srealm);
+     if (ret)
+ 	goto out;
+     if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){
+-- 
+2.13.3
+
diff --git a/gnu/packages/patches/heimdal-CVE-2017-6594.patch b/gnu/packages/patches/heimdal-CVE-2017-6594.patch
new file mode 100644
index 0000000000..714af60304
--- /dev/null
+++ b/gnu/packages/patches/heimdal-CVE-2017-6594.patch
@@ -0,0 +1,85 @@
+Fix CVE-2017-6594:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6594
+https://security-tracker.debian.org/tracker/CVE-2017-6594
+
+Patch lifted from upstream source repository:
+
+https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837
+
+To apply the patch to Heimdal 1.5.3 release tarball, the changes to 'NEWS' and
+files in 'tests/' are removed, and hunk #4 of 'kdc/krb5tgs.c' is modified.
+
+From b1e699103f08d6a0ca46a122193c9da65f6cf837 Mon Sep 17 00:00:00 2001
+From: Viktor Dukhovni <viktor@twosigma.com>
+Date: Wed, 10 Aug 2016 23:31:14 +0000
+Subject: [PATCH] Fix transit path validation CVE-2017-6594
+
+Commit f469fc6 (2010-10-02) inadvertently caused the previous hop realm
+to not be added to the transit path of issued tickets.  This may, in
+some cases, enable bypass of capath policy in Heimdal versions 1.5
+through 7.2.
+
+Note, this may break sites that rely on the bug.  With the bug some
+incomplete [capaths] worked, that should not have.  These may now break
+authentication in some cross-realm configurations.
+---
+ NEWS                   | 14 ++++++++++++++
+ kdc/krb5tgs.c          | 12 ++++++++++--
+ tests/kdc/check-kdc.in | 17 +++++++++++++++++
+ tests/kdc/krb5.conf.in |  4 ++++
+ 4 files changed, 45 insertions(+), 2 deletions(-)
+
+diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c
+index 6048b9c55..98503812f 100644
+--- a/kdc/krb5tgs.c
++++ b/kdc/krb5tgs.c
+@@ -655,8 +655,12 @@ fix_transited_encoding(krb5_context context,
+ 		  "Decoding transited encoding");
+ 	return ret;
+     }
++
++    /*
++     * If the realm of the presented tgt is neither the client nor the server
++     * realm, it is a transit realm and must be added to transited set.
++     */
+     if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)) {
+-	/* not us, so add the previous realm to transited set */
+ 	if (num_realms + 1 > UINT_MAX/sizeof(*realms)) {
+ 	    ret = ERANGE;
+ 	    goto free_realms;
+@@ -737,6 +741,7 @@ tgs_make_reply(krb5_context context,
+ 	       const char *server_name,
+ 	       hdb_entry_ex *client,
+ 	       krb5_principal client_principal,
++               const char *tgt_realm,
+ 	       hdb_entry_ex *krbtgt,
+ 	       krb5_enctype krbtgt_etype,
+ 	       krb5_principals spp,
+@@ -798,7 +803,7 @@ tgs_make_reply(krb5_context context,
+ 				 &tgt->transited, &et,
+ 				 krb5_principal_get_realm(context, client_principal),
+ 				 krb5_principal_get_realm(context, server->entry.principal),
+-				 krb5_principal_get_realm(context, krbtgt->entry.principal));
++				 tgt_realm);
+     if(ret)
+ 	goto out;
+ 
+@@ -1519,4 +1524,6 @@ tgs_build_reply(krb5_context context,
+     krb5_keyblock sessionkey;
+     krb5_kvno kvno;
+     krb5_data rspac;
++    const char *tgt_realm = /* Realm of TGT issuer */
++        krb5_principal_get_realm(context, krbtgt->entry.principal);
+
+@@ -2324,6 +2331,7 @@ server_lookup:
+ 			 spn,
+ 			 client,
+ 			 cp,
++                         tgt_realm,
+ 			 krbtgt_out,
+ 			 tkey_sign->key.keytype,
+ 			 spp,
+-- 
+2.13.3
+
diff --git a/gnu/packages/patches/hop-linker-flags.patch b/gnu/packages/patches/hop-linker-flags.patch
deleted file mode 100644
index f1f5dbfbd9..0000000000
--- a/gnu/packages/patches/hop-linker-flags.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-Make hop's link rules honor flags set by the --blflags configure argument.
-
---- hop-2.4.0/src/Makefile	2015-05-05 19:41:04.800151036 -0500
-+++ hop-2.4.0/src/Makefile	2015-05-05 19:40:40.916150417 -0500
-@@ -69,10 +69,10 @@
- 	$(MAKE) link.$(LINK) DEST=$@
- 
- link.dynamic:
--	@ $(call link,$(BIGLOO),$(BCFLAGS),$(BCFLAGSDEV),$(OBJECTS),-o,$(DEST))
-+	@ $(call link,$(BIGLOO),$(BCFLAGS) $(BLFLAGS),$(BCFLAGSDEV),$(OBJECTS),-o,$(DEST))
- 
- link.static:
--	@ $(call link,$(BIGLOO),$(BCFLAGS),$(BCFLAGSDEV),-static-all-bigloo $(OBJECTS),-o,$(DEST))
-+	@ $(call link,$(BIGLOO),$(BCFLAGS) $(BLFLAGS),$(BCFLAGSDEV),-static-all-bigloo $(OBJECTS),-o,$(DEST))
- 
- link.library:
- 	echo "***ERROR: link.library not currently supported!"
---- hop-2.4.0/hopc/Makefile	2013-01-30 07:17:59.000000000 -0600
-+++ hop-2.4.0/hopc/Makefile	2015-05-05 19:45:21.876157699 -0500
-@@ -62,7 +62,7 @@
- 	mkdir -p $@
- 
- $(BUILDBINDIR)/$(EXEC): .afile .etags $(OBJECTS)
--	@ $(call link,$(BIGLOO),$(BCFLAGS),,$(OBJECTS),-o,$@)
-+	@ $(call link,$(BIGLOO),$(BCFLAGS) $(BLFLAGS),$(BCFLAGSDEV),$(OBJECTS),-o,$@)
- 
- $(BUILDBINDIR)/$(EXEC).jar: .afile .etags .jfile $(BGL_CLASSES) META-INF/MANIFEST.MF jvm-stdlibs jvm-share jvm-lib
- 	$(JAR) $@ META-INF/MANIFEST.MF -C o/class_s .
---- hop-2.4.0/hophz/Makefile	2013-01-30 07:17:59.000000000 -0600
-+++ hop-2.4.0/hophz/Makefile	2015-05-05 19:59:42.996180030 -0500
-@@ -16,9 +16,6 @@
- -include ../etc/Makefile.hopconfig
- -include ../etc/Makefile.version
- 
--BLFLAGS		= 
--BLINKFLAGS 	= -suffix hop
--
- #*---------------------------------------------------------------------*/
- #*    Target and Project                                               */
- #*---------------------------------------------------------------------*/
-@@ -72,7 +69,7 @@
- 	mkdir -p $@
- 
- $(BUILDBINDIR)/$(EXEC): .afile .etags $(OBJECTS)
--	@ $(call link,$(BIGLOO),$(BCFLAGS),$(BLINKFLAGS),$(OBJECTS),-o,$@)
-+	@ $(call link,$(BIGLOO),$(BCFLAGS) $(BLFLAGS),$(BCFLAGSDEV),$(OBJECTS),-o,$@)
- 
- $(BUILDBINDIR)/$(EXEC).jar: .afile .etags .jfile $(BGL_CLASSES) META-INF/MANIFEST.MF jvm-stdlibs jvm-share jvm-lib
- 	@ $(JAR) $@ META-INF/MANIFEST.MF -C o/class_s .
---- hop-2.4.0/hopsh/Makefile	2013-01-30 07:17:59.000000000 -0600
-+++ hop-2.4.0/hopsh/Makefile	2015-05-05 19:46:36.060159626 -0500
-@@ -60,7 +60,7 @@
- 	mkdir -p $@
- 
- $(BUILDBINDIR)/$(EXEC): .afile .etags $(OBJECTS)
--	@ $(call link,$(BIGLOO),$(BCFLAGS),$(BCFLAGSDEV),$(OBJECTS),-o,$@)
-+	@ $(call link,$(BIGLOO),$(BCFLAGS) $(BLFLAGS),$(BCFLAGSDEV),$(OBJECTS),-o,$@)
- 
- $(BUILDBINDIR)/$(EXEC).jar: .afile .etags .jfile $(BGL_CLASSES) META-INF/MANIFEST.MF jvm-stdlibs jvm-share jvm-lib
- 	@ $(JAR) $@ META-INF/MANIFEST.MF -C o/class_s .
diff --git a/gnu/packages/patches/libusb-0.1-disable-tests.patch b/gnu/packages/patches/libusb-0.1-disable-tests.patch
new file mode 100644
index 0000000000..37dd8bd111
--- /dev/null
+++ b/gnu/packages/patches/libusb-0.1-disable-tests.patch
@@ -0,0 +1,15 @@
+Disable tests who fail because they have to run as root.
+
+--- libusb-0.1.12/tests/Makefile.in	2006-03-04 03:54:06.000000000 +0100
++++ libusb-0.1.12/tests/Makefile.in	2017-07-13 16:17:45.201728019 +0200
+@@ -255,8 +255,8 @@
+ hub_strings_LDADD = $(top_builddir)/libusbpp.la @OSLIBS@
+ driver_name_SOURCES = driver_name.cpp
+ driver_name_LDADD = $(top_builddir)/libusbpp.la @OSLIBS@
+-TESTS = testlibusb descriptor_test id_test find_hubs find_mice \
+-		get_resolution hub_strings $(OS_SPECIFIC)
++TESTS = testlibusb descriptor_test id_test find_hubs find_mice
++		#get_resolution hub_strings $(OS_SPECIFIC)
+ 
+ XFAIL_TESTS = get_resolution hub_strings $(OS_SPECIFIC_XFAIL)
+ all: all-am
diff --git a/gnu/packages/patches/metabat-fix-compilation.patch b/gnu/packages/patches/metabat-fix-compilation.patch
new file mode 100644
index 0000000000..7086a96e86
--- /dev/null
+++ b/gnu/packages/patches/metabat-fix-compilation.patch
@@ -0,0 +1,39 @@
+This patch changes metabat so that (1) it is not build statically, (2) it uses
+shared libraries rather than static libraries where possible.
+
+diff --git a/SConstruct b/SConstruct
+index 69cdc0a..ac99bcb 100644
+--- a/SConstruct
++++ b/SConstruct
+@@ -26,8 +26,6 @@ debug = ARGUMENTS.get('DEBUG', None)
+ build_flags = ['-Wall', '-g', '-std=c++11', '-fopenmp']
+ link_flags = ['-lstdc++', '-lm', '-fopenmp']
+ 
+-if platform.platform(True, True).find('Darwin') == -1:
+-    link_flags.extend(['-static', '-static-libgcc', '-static-libstdc++'])
+ 
+ if debug is None:
+     build_flags.extend(['-O3', '-DNDEBUG', '-Wno-unknown-pragmas', '-Wno-deprecated-declarations', '-Wno-overflow', '-Wno-unused-variable'])
+@@ -110,17 +108,17 @@ def findStaticOrShared( lib, testPaths, static_source_list, link_flag_list, stat
+     for path in testPaths:
+         if not os.path.isdir(path):
+             continue
++        for testfile in ('%s/lib%s.so' % (path, lib), '%s/lib%s.dylib' % (path, lib)):
++            if os.path.isfile(testfile):
++                print "Found shared library %s as %s" % (lib, testfile)
++                link_flag_list.extend( ["-L%s" % (path), "-l%s" % (lib) ] )
++                return
+         for suffix in staticSuffixes:
+             testfile = '%s/lib%s%s' % (path, lib, suffix)
+             if os.path.isfile(testfile):
+                 static_source_list.append(testfile)
+                 print "Found static library %s as %s" % (lib, testfile)
+                 return
+-        for testfile in ('%s/lib%s.so' % (path, lib), '%s/lib%s.dylib' % (path, lib)):
+-            if os.path.isfile(testfile):
+-                print "Found shared library %s as %s" % (lib, testfile)
+-                link_flag_list.extend( ["-L%s" % (path), "-l%s" % (lib) ] )
+-                return
+     print "Could not find library for %s!!! Looked in %s" % (lib, testPaths)
+     return
+ 
diff --git a/gnu/packages/patches/python-fake-factory-fix-build-32bit.patch b/gnu/packages/patches/python-fake-factory-fix-build-32bit.patch
deleted file mode 100644
index cb60896fad..0000000000
--- a/gnu/packages/patches/python-fake-factory-fix-build-32bit.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-These tests fail on 32-bit due to an overflow.
-
-Upstream bug URL: https://github.com/joke2k/faker/issues/408
-
-diff --git a/faker/tests/__init__.py b/faker/tests/__init__.py
-index 6026772..58b6b83 100644
---- a/faker/tests/__init__.py
-+++ b/faker/tests/__init__.py
-@@ -384,7 +384,6 @@ class FactoryTestCase(unittest.TestCase):
-         provider = Provider
-         # test century
-         self.assertTrue(self._datetime_to_time(provider.date_time_this_century(after_now=False)) <= self._datetime_to_time(datetime.datetime.now()))
--        self.assertTrue(self._datetime_to_time(provider.date_time_this_century(before_now=False, after_now=True)) >= self._datetime_to_time(datetime.datetime.now()))
-         # test decade
-         self.assertTrue(self._datetime_to_time(provider.date_time_this_decade(after_now=False)) <= self._datetime_to_time(datetime.datetime.now()))
-         self.assertTrue(self._datetime_to_time(provider.date_time_this_decade(before_now=False, after_now=True)) >= self._datetime_to_time(datetime.datetime.now()))
-@@ -413,8 +412,6 @@ class FactoryTestCase(unittest.TestCase):
- 
-         # ensure all methods provide timezone aware datetimes
-         with self.assertRaises(TypeError):
--            provider.date_time_this_century(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now()
--        with self.assertRaises(TypeError):
-             provider.date_time_this_decade(after_now=False, tzinfo=utc) <= datetime.datetime.now()
-         with self.assertRaises(TypeError):
-             provider.date_time_this_year(after_now=False, tzinfo=utc) <= datetime.datetime.now()
-@@ -423,7 +420,6 @@ class FactoryTestCase(unittest.TestCase):
- 
-         # test century
-         self.assertTrue(provider.date_time_this_century(after_now=False, tzinfo=utc) <= datetime.datetime.now(utc))
--        self.assertTrue(provider.date_time_this_century(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now(utc))
-         # test decade
-         self.assertTrue(provider.date_time_this_decade(after_now=False, tzinfo=utc) <= datetime.datetime.now(utc))
-         self.assertTrue(provider.date_time_this_decade(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now(utc))
--- 
-2.11.1
-
diff --git a/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch b/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch
deleted file mode 100644
index 06b2f4fe03..0000000000
--- a/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Resolves a test failure on 32-bit platforms.
-
-https://github.com/pyca/pyopenssl/issues/657
-
-Patch copied from upstream source repository:
-
-https://github.com/pyca/pyopenssl/commit/ecc0325479c0d5c5f2ca88b4550e87cdb59d6c95
-
-From ecc0325479c0d5c5f2ca88b4550e87cdb59d6c95 Mon Sep 17 00:00:00 2001
-From: Alex Gaynor <alex.gaynor@gmail.com>
-Date: Thu, 6 Jul 2017 22:14:44 -0400
-Subject: [PATCH] Fixed #657 -- handle OverflowErrors on large allocation
- requests
-
----
- tests/test_rand.py | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/tests/test_rand.py b/tests/test_rand.py
-index bdd3af08..6adf72a1 100644
---- a/tests/test_rand.py
-+++ b/tests/test_rand.py
-@@ -32,10 +32,10 @@ def test_bytes_wrong_args(self, args):
- 
-     def test_insufficient_memory(self):
-         """
--        `OpenSSL.rand.bytes` raises `MemoryError` if more bytes are requested
--        than will fit in memory.
-+        `OpenSSL.rand.bytes` raises `MemoryError` or `OverflowError` if more
-+        bytes are requested than will fit in memory.
-         """
--        with pytest.raises(MemoryError):
-+        with pytest.raises((MemoryError, OverflowError)):
-             rand.bytes(sys.maxsize)
- 
-     def test_bytes(self):
diff --git a/gnu/packages/patches/qemu-CVE-2017-11334.patch b/gnu/packages/patches/qemu-CVE-2017-11334.patch
new file mode 100644
index 0000000000..cb68c803aa
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-11334.patch
@@ -0,0 +1,52 @@
+Fix CVE-2017-11334:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1471638
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11334
+
+Patch copied from upstream source repository:
+
+http://git.qemu.org/?p=qemu.git;a=commitdiff;h=04bf2526ce87f21b32c9acba1c5518708c243ad0
+
+From 04bf2526ce87f21b32c9acba1c5518708c243ad0 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Wed, 12 Jul 2017 18:08:40 +0530
+Subject: [PATCH] exec: use qemu_ram_ptr_length to access guest ram
+
+When accessing guest's ram block during DMA operation, use
+'qemu_ram_ptr_length' to get ram block pointer. It ensures
+that DMA operation of given length is possible; And avoids
+any OOB memory access situations.
+
+Reported-by: Alex <broscutamaker@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-Id: <20170712123840.29328-1-ppandit@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ exec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/exec.c b/exec.c
+index a083ff89ad..ad103ce483 100644
+--- a/exec.c
++++ b/exec.c
+@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
+             }
+         } else {
+             /* RAM case */
+-            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
+             memcpy(ptr, buf, l);
+             invalidate_and_set_dirty(mr, addr1, l);
+         }
+@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
+             }
+         } else {
+             /* RAM case */
+-            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
+             memcpy(buf, ptr, l);
+         }
+ 
+-- 
+2.13.3
+
diff --git a/gnu/packages/patches/quassel-fix-tls-check.patch b/gnu/packages/patches/quassel-fix-tls-check.patch
new file mode 100644
index 0000000000..057bc02a14
--- /dev/null
+++ b/gnu/packages/patches/quassel-fix-tls-check.patch
@@ -0,0 +1,25 @@
+This allows quasselclient to connect to SSL-enabled quasselcore instances.
+
+The check in qglobal.h requires -fPIC (not -fPIE as it is now). When this check
+fails SSL / TLS is disabled.
+
+This patch comes from the upstream source repository [0] and can be
+removed when the next version is packaged.
+
+[0] https://github.com/quassel/quassel/commit/4768c9e99f99b581d4e32e797db91d0182391696
+
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -428,6 +428,11 @@ endif()
+ cmake_push_check_state(RESET)
+ set(CMAKE_REQUIRED_INCLUDES ${QT_INCLUDES} ${Qt5Core_INCLUDE_DIRS})
+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${Qt5Core_EXECUTABLE_COMPILE_FLAGS}")
++
++if (USE_QT5 AND Qt5_POSITION_INDEPENDENT_CODE)
++    set(CMAKE_REQUIRED_FLAGS "-fPIC -DQT_NO_VERSION_TAGGING")
++endif()
++
+ check_cxx_source_compiles("
+     #include \"qglobal.h\"
+     #if defined QT_NO_SSL
+
diff --git a/gnu/packages/patches/sooperlooper-build-with-wx-30.patch b/gnu/packages/patches/sooperlooper-build-with-wx-30.patch
new file mode 100644
index 0000000000..43f4b9be69
--- /dev/null
+++ b/gnu/packages/patches/sooperlooper-build-with-wx-30.patch
@@ -0,0 +1,179 @@
+Downloaded from https://anonscm.debian.org/cgit/pkg-multimedia/sooperlooper.git/plain/debian/patches/04-build_with_wx_30.patch -O gnu/packages/patches/sooperlooper-build-with-wx-30.patch
+
+Author: Jaromír Mikeš <mira.mikes@seznam.cz>, Olly Betts <olly@survex.com>
+Description: build against wx 3.0.
+Forwarded: yes
+
+Index: sooperlooper/src/gui/main_panel.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/main_panel.cpp
++++ sooperlooper/src/gui/main_panel.cpp
+@@ -448,7 +448,7 @@ MainPanel::init_loopers (int count)
+ 		while (count < (int)_looper_panels.size()) {
+ 			looperpan = _looper_panels.back();
+ 			_looper_panels.pop_back();
+-			_main_sizer->Remove(looperpan);
++			_main_sizer->Detach(looperpan);
+ 			looperpan->Destroy();
+ 		}
+ 	}
+@@ -1277,7 +1277,7 @@ void MainPanel::misc_action (bool releas
+ 		}
+ 
+ 
+-		wxString filename = do_file_selector (wxT("Choose file to save loop"), wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"),  wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT);
++		wxString filename = do_file_selector (wxT("Choose file to save loop"), wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"),  wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT);
+ 		
+ 		if ( !filename.empty() )
+ 		{
+@@ -1296,7 +1296,7 @@ void MainPanel::misc_action (bool releas
+ 			index = 0;
+ 		}
+ 
+-		wxString filename = do_file_selector (wxT("Choose file to open"), wxT(""), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR);
++		wxString filename = do_file_selector (wxT("Choose file to open"), wxT(""), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR);
+ 		
+ 		if ( !filename.empty() )
+ 		{
+@@ -1408,7 +1408,7 @@ void MainPanel::set_curr_loop (int index
+ 
+ void MainPanel::do_load_session ()
+ {
+-	wxString filename = do_file_selector (wxT("Choose session to load"), wxT("*.slsess"), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR);
++	wxString filename = do_file_selector (wxT("Choose session to load"), wxT("*.slsess"), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR);
+ 	
+ 	if ( !filename.empty() )
+ 	{
+@@ -1419,7 +1419,7 @@ void MainPanel::do_load_session ()
+ 
+ void MainPanel::do_save_session (bool write_audio)
+ {
+-	wxString filename = do_file_selector (wxT("Choose file to save session"), wxT("slsess"), wxT("*.slsess"), wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT);
++	wxString filename = do_file_selector (wxT("Choose file to save session"), wxT("slsess"), wxT("*.slsess"), wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT);
+ 	
+ 	if ( !filename.empty() )
+ 	{
+Index: sooperlooper/src/gui/pix_button.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/pix_button.cpp
++++ sooperlooper/src/gui/pix_button.cpp
+@@ -250,7 +250,7 @@ PixButton::OnMouseEvents (wxMouseEvent &
+ 		pt.x += bounds.x;
+ 		pt.y += bounds.y;
+ 
+-		if (bounds.Inside(pt)) {
++		if (bounds.Contains(pt)) {
+ 			clicked (get_mouse_button(ev)); // emit
+ 
+ 			if (ev.MiddleUp() && ev.ControlDown()) {
+Index: sooperlooper/src/gui/looper_panel.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/looper_panel.cpp
++++ sooperlooper/src/gui/looper_panel.cpp
+@@ -1428,7 +1428,7 @@ LooperPanel::clicked_events (int button,
+ 	if (cmd == wxT("save"))
+ 	{
+ 		wxString filename = _mainpanel->do_file_selector (wxT("Choose file to save loop"),
+-											      wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"),  wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT);
++											      wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"),  wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT);
+ 		
+ 		if ( !filename.empty() )
+ 		{
+@@ -1442,7 +1442,7 @@ LooperPanel::clicked_events (int button,
+ 	}
+ 	else if (cmd == wxT("load"))
+ 	{
+-		wxString filename = _mainpanel->do_file_selector(wxT("Choose file to open"), wxT(""), wxT("Audio files (*.wav,*.aif)|*.wav;*.WAV;*.Wav;*.aif;*.aiff;*.AIF;*.AIFF|All files (*.*)|*.*"), wxOPEN|wxCHANGE_DIR);
++		wxString filename = _mainpanel->do_file_selector(wxT("Choose file to open"), wxT(""), wxT("Audio files (*.wav,*.aif)|*.wav;*.WAV;*.Wav;*.aif;*.aiff;*.AIF;*.AIFF|All files (*.*)|*.*"), wxFD_OPEN|wxFD_CHANGE_DIR);
+ 		
+ 		if ( !filename.empty() )
+ 		{
+Index: sooperlooper/src/gui/keyboard_target.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/keyboard_target.cpp
++++ sooperlooper/src/gui/keyboard_target.cpp
+@@ -553,10 +553,10 @@ KeyboardTarget::keycode_from_name (const
+                         keycode = WXK_RETURN;
+                     }
+                     else if ( keyname == wxT("PGUP") ) {
+-                        keycode = WXK_PRIOR;
++                        keycode = WXK_PAGEUP;
+                     }
+                     else if ( keyname == wxT("PGDN") ) {
+-                        keycode = WXK_NEXT;
++                        keycode = WXK_PAGEDOWN;
+                     }
+                     else if ( keyname == wxT("LEFT") ) {
+                         keycode = WXK_LEFT;
+@@ -630,10 +630,10 @@ wxString KeyboardTarget::name_from_keyco
+ 	case WXK_RETURN:
+ 		text += wxT("return");
+ 		break;
+-	case WXK_PRIOR:
++	case WXK_PAGEUP:
+ 		text += wxT("pageup");
+ 		break;
+-	case WXK_NEXT:
++	case WXK_PAGEDOWN:
+ 		text += wxT("pagedown");
+ 		break;
+ 	case WXK_LEFT:
+Index: sooperlooper/src/gui/check_box.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/check_box.cpp
++++ sooperlooper/src/gui/check_box.cpp
+@@ -237,7 +237,7 @@ CheckBox::OnMouseEvents (wxMouseEvent &e
+ 	}
+ 	else if (ev.LeftUp())
+ 	{
+-		if (bounds.Inside(ev.GetPosition())) {
++		if (bounds.Contains(ev.GetPosition())) {
+ 			// toggle value
+ 			_value = !_value;
+ 		
+Index: sooperlooper/src/gui/midi_bind_panel.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/midi_bind_panel.cpp
++++ sooperlooper/src/gui/midi_bind_panel.cpp
+@@ -880,7 +880,7 @@ void MidiBindPanel::on_button (wxCommand
+ 	}
+ 	else if (ev.GetId() == ID_LoadButton)
+ 	{
+-		wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to open"), wxT(""), wxT("*.slb"), wxOPEN|wxCHANGE_DIR);
++		wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to open"), wxT(""), wxT("*.slb"), wxFD_OPEN|wxFD_CHANGE_DIR);
+ 		if ( !filename.empty() )
+ 		{
+ 			_parent->get_loop_control().load_midi_bindings(filename,  _append_check->GetValue());
+@@ -888,7 +888,7 @@ void MidiBindPanel::on_button (wxCommand
+ 	}
+ 	else if (ev.GetId() == ID_SaveButton)
+ 	{
+-		wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to save"), wxT(""), wxT("*.slb"), wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT);
++		wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to save"), wxT(""), wxT("*.slb"), wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT);
+ 
+ 		if ( !filename.empty() )
+ 		{
+Index: sooperlooper/src/gui/config_panel.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/config_panel.cpp
++++ sooperlooper/src/gui/config_panel.cpp
+@@ -378,7 +378,7 @@ void ConfigPanel::on_button (wxCommandEv
+ 	else if (ev.GetId() == ID_MidiBrowseButton) {
+ 		
+ 		_parent->get_keyboard().set_enabled(false);
+-		wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to use"), wxT(""), wxT("*.slb"), wxOPEN|wxCHANGE_DIR);
++		wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to use"), wxT(""), wxT("*.slb"), wxFD_OPEN|wxFD_CHANGE_DIR);
+ 		_parent->get_keyboard().set_enabled(true);
+ 		
+ 		if ( !filename.empty() )
+@@ -389,8 +389,8 @@ void ConfigPanel::on_button (wxCommandEv
+ 	else if (ev.GetId() == ID_SessionBrowseButton) {
+ 		
+ 		_parent->get_keyboard().set_enabled(false);
+-		wxString filename = _parent->do_file_selector(wxT("Choose session file to use"), wxT(""), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR);
+-		//wxString filename = wxFileSelector(wxT("Choose session file to use"), wxT(""), wxT(""), wxT(""), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR);
++		wxString filename = _parent->do_file_selector(wxT("Choose session file to use"), wxT(""), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR);
++		//wxString filename = wxFileSelector(wxT("Choose session file to use"), wxT(""), wxT(""), wxT(""), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR);
+ 		_parent->get_keyboard().set_enabled(true);
+ 		
+ 		if ( !filename.empty() )
diff --git a/gnu/packages/patches/spice-CVE-2017-7506.patch b/gnu/packages/patches/spice-CVE-2017-7506.patch
new file mode 100644
index 0000000000..37d8f02831
--- /dev/null
+++ b/gnu/packages/patches/spice-CVE-2017-7506.patch
@@ -0,0 +1,158 @@
+Fix CVE-2017-7506:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1452606
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7506
+
+Patches copied from Debian spice package version
+'spice_0.12.8-2.1+deb9u1.debian.tar.xz':
+http://security.debian.org/debian-security/pool/updates/main/s/spice/spice_0.12.8-2.1+deb9u1.debian.tar.xz
+
+The patches had to be adapted to apply to the latest spice tarball, and
+are based on these upstream commits:
+
+https://cgit.freedesktop.org/spice/spice/commit/?id=111ab38611cef5012f1565a65fa2d8a8a05cce37
+https://cgit.freedesktop.org/spice/spice/commit/?id=571cec91e71c2aae0d5f439ea2d8439d0c3d75eb
+https://cgit.freedesktop.org/spice/spice/commit/?id=fbbcdad773e2791cfb988f4748faa41943551ca6
+
+From 257f69d619fed407493156c8a7b952abc8a51314 Mon Sep 17 00:00:00 2001
+Date: Mon, 15 May 2017 15:57:28 +0100
+Subject: [spice-server 1/3] reds: Disconnect when receiving overly big
+ ClientMonitorsConfig
+
+Total message size received from the client was unlimited. There is
+a 2kiB size check on individual agent messages, but the MonitorsConfig
+message can be split in multiple chunks, and the size of the
+non-chunked MonitorsConfig message was never checked. This could easily
+lead to memory exhaustion on the host.
+
+---
+ server/reds.c | 25 +++++++++++++++++++++++--
+ 1 file changed, 23 insertions(+), 2 deletions(-)
+
+diff --git a/server/reds.c b/server/reds.c
+index f439a3668..7be85fdfc 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -993,19 +993,34 @@ static void reds_client_monitors_config_cleanup(void)
+ static void reds_on_main_agent_monitors_config(
+         MainChannelClient *mcc, void *message, size_t size)
+ {
++    const unsigned int MAX_MONITORS = 256;
++    const unsigned int MAX_MONITOR_CONFIG_SIZE =
++       sizeof(VDAgentMonitorsConfig) + MAX_MONITORS * sizeof(VDAgentMonConfig);
++
+     VDAgentMessage *msg_header;
+     VDAgentMonitorsConfig *monitors_config;
+     RedsClientMonitorsConfig *cmc = &reds->client_monitors_config;
+ 
++    // limit size of message sent by the client as this can cause a DoS through
++    // memory exhaustion, or potentially some integer overflows
++    if (sizeof(VDAgentMessage) + MAX_MONITOR_CONFIG_SIZE - cmc->buffer_size < size) {
++        goto overflow;
++    }
+     cmc->buffer_size += size;
+     cmc->buffer = realloc(cmc->buffer, cmc->buffer_size);
+     spice_assert(cmc->buffer);
+     cmc->mcc = mcc;
+     memcpy(cmc->buffer + cmc->buffer_pos, message, size);
+     cmc->buffer_pos += size;
++    if (sizeof(VDAgentMessage) > cmc->buffer_size) {
++        spice_debug("not enough data yet. %d", cmc->buffer_size);
++        return;
++    }
+     msg_header = (VDAgentMessage *)cmc->buffer;
+-    if (sizeof(VDAgentMessage) > cmc->buffer_size ||
+-            msg_header->size > cmc->buffer_size - sizeof(VDAgentMessage)) {
++    if (msg_header->size > MAX_MONITOR_CONFIG_SIZE) {
++        goto overflow;
++    }
++    if (msg_header->size > cmc->buffer_size - sizeof(VDAgentMessage)) {
+         spice_debug("not enough data yet. %d", cmc->buffer_size);
+         return;
+     }
+@@ -1013,6 +1028,12 @@ static void reds_on_main_agent_monitors_config(
+     spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
+     red_dispatcher_client_monitors_config(monitors_config);
+     reds_client_monitors_config_cleanup();
++    return;
++
++overflow:
++    spice_warning("received invalid MonitorsConfig request from client, disconnecting");
++    red_channel_client_disconnect(main_channel_client_get_base(mcc));
++    reds_client_monitors_config_cleanup();
+ }
+ 
+ void reds_on_main_agent_data(MainChannelClient *mcc, void *message, size_t size)
+-- 
+2.13.0
+From ff2b4ef70181087d5abd50bad76d026ec5088a93 Mon Sep 17 00:00:00 2001
+Date: Mon, 15 May 2017 15:57:28 +0100
+Subject: [spice-server 2/3] reds: Avoid integer overflows handling monitor
+ configuration
+
+Avoid VDAgentMessage::size integer overflows.
+
+---
+ server/reds.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/server/reds.c b/server/reds.c
+index 7be85fdfc..e1c8c1086 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -1024,6 +1024,9 @@ static void reds_on_main_agent_monitors_config(
+         spice_debug("not enough data yet. %d", cmc->buffer_size);
+         return;
+     }
++    if (msg_header->size < sizeof(VDAgentMonitorsConfig)) {
++        goto overflow;
++    }
+     monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header));
+     spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
+     red_dispatcher_client_monitors_config(monitors_config);
+-- 
+2.13.0
+From 8cc3d7df2792751939cc832f4110c57e2addfca5 Mon Sep 17 00:00:00 2001
+Date: Mon, 15 May 2017 15:57:28 +0100
+Subject: [spice-server 3/3] reds: Avoid buffer overflows handling monitor
+ configuration
+
+It was also possible for a malicious client to set
+VDAgentMonitorsConfig::num_of_monitors to a number larger
+than the actual size of VDAgentMOnitorsConfig::monitors.
+This would lead to buffer overflows, which could allow the guest to
+read part of the host memory. This might cause write overflows in the
+host as well, but controlling the content of such buffers seems
+complicated.
+
+---
+ server/reds.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/server/reds.c b/server/reds.c
+index e1c8c1086..3a42c3755 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -1000,6 +1000,7 @@ static void reds_on_main_agent_monitors_config(
+     VDAgentMessage *msg_header;
+     VDAgentMonitorsConfig *monitors_config;
+     RedsClientMonitorsConfig *cmc = &reds->client_monitors_config;
++    uint32_t max_monitors;
+ 
+     // limit size of message sent by the client as this can cause a DoS through
+     // memory exhaustion, or potentially some integer overflows
+@@ -1028,6 +1029,12 @@ static void reds_on_main_agent_monitors_config(
+         goto overflow;
+     }
+     monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header));
++    // limit the monitor number to avoid buffer overflows
++    max_monitors = (msg_header->size - sizeof(VDAgentMonitorsConfig)) /
++                   sizeof(VDAgentMonConfig);
++    if (monitors_config->num_of_monitors > max_monitors) {
++        goto overflow;
++    }
+     spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
+     red_dispatcher_client_monitors_config(monitors_config);
+     reds_client_monitors_config_cleanup();
+-- 
+2.13.0
diff --git a/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch b/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch
new file mode 100644
index 0000000000..db3c56861b
--- /dev/null
+++ b/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch
@@ -0,0 +1,42 @@
+https://github.com/supertuxkart/stk-code/commit/5e05f1178ce6bc5f3a653b55ab3dc6d016196341.patch
+
+From 5e05f1178ce6bc5f3a653b55ab3dc6d016196341 Mon Sep 17 00:00:00 2001
+From: Deve <deveee@gmail.com>
+Date: Mon, 3 Oct 2016 23:26:09 +0200
+Subject: [PATCH] Fixed compiler error on Linux with non-x86 64bit platforms,
+ e.g. arm64, mips, and s390x architectures
+
+This modification is already applied in upstream angelscript repository:
+https://sourceforge.net/p/angelscript/code/2353/
+
+Thanks to Adrian Bunk and Andreas Jonsson
+---
+ lib/angelscript/projects/cmake/CMakeLists.txt | 1 +
+ lib/angelscript/source/as_config.h            | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/angelscript/projects/cmake/CMakeLists.txt b/lib/angelscript/projects/cmake/CMakeLists.txt
+index e93971315e..755d8378c3 100644
+--- a/lib/angelscript/projects/cmake/CMakeLists.txt
++++ b/lib/angelscript/projects/cmake/CMakeLists.txt
+@@ -67,6 +67,7 @@ set(ANGELSCRIPT_SOURCE
+     ../../source/as_builder.cpp
+     ../../source/as_bytecode.cpp
+     ../../source/as_callfunc.cpp
++    ../../source/as_callfunc_mips.cpp
+     ../../source/as_callfunc_x86.cpp
+     ../../source/as_callfunc_x64_gcc.cpp
+     ../../source/as_callfunc_x64_msvc.cpp
+diff --git a/lib/angelscript/source/as_config.h b/lib/angelscript/source/as_config.h
+index cb05bffbd5..5bb5b8e800 100644
+--- a/lib/angelscript/source/as_config.h
++++ b/lib/angelscript/source/as_config.h
+@@ -844,7 +844,7 @@
+ 			#define THISCALL_PASS_OBJECT_POINTER_ON_THE_STACK
+ 			#define AS_X86
+ 			#undef AS_NO_THISCALL_FUNCTOR_METHOD
+-		#elif defined(__LP64__) && !defined(__arm64__)
++		#elif defined(__x86_64__)
+ 			#define AS_X64_GCC
+ 			#undef AS_NO_THISCALL_FUNCTOR_METHOD
+ 			#define HAS_128_BIT_PRIMITIVES