summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/ath9k-htc-firmware-binutils.patch20
-rw-r--r--gnu/packages/patches/bcftools-regidx-unsigned-char.patch16
-rw-r--r--gnu/packages/patches/binutils-mips-bash-bug.patch22
-rw-r--r--gnu/packages/patches/catdoc-CVE-2017-11110.patch45
-rw-r--r--gnu/packages/patches/chicken-CVE-2017-11343.patch57
-rw-r--r--gnu/packages/patches/coreutils-cut-huge-range-test.patch29
-rw-r--r--gnu/packages/patches/coreutils-fix-cross-compilation.patch15
-rw-r--r--gnu/packages/patches/curl-bounds-check.patch19
-rw-r--r--gnu/packages/patches/cvs-2017-12836.patch45
-rw-r--r--gnu/packages/patches/deja-dup-use-ref-keyword-for-iter.patch41
-rw-r--r--gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch46
-rw-r--r--gnu/packages/patches/erlang-man-path.patch24
-rw-r--r--gnu/packages/patches/eudev-conflicting-declaration.patch31
-rw-r--r--gnu/packages/patches/evince-CVE-2017-1000083.patch109
-rw-r--r--gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch35
-rw-r--r--gnu/packages/patches/fabric-tests.patch15
-rw-r--r--gnu/packages/patches/findutils-gnulib-multi-core.patch294
-rw-r--r--gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch82
-rw-r--r--gnu/packages/patches/fontconfig-path-max.patch124
-rw-r--r--gnu/packages/patches/freetype-CVE-2017-8105.patch56
-rw-r--r--gnu/packages/patches/freetype-CVE-2017-8287.patch44
-rw-r--r--gnu/packages/patches/gcc-asan-powerpc-missing-include.patch20
-rw-r--r--gnu/packages/patches/gd-CVE-2017-7890.patch30
-rw-r--r--gnu/packages/patches/gettext-gnulib-multi-core.patch178
-rw-r--r--gnu/packages/patches/gettext-multi-core.patch185
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2013-5653.patch85
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2015-3228.patch32
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2016-7976.patch185
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2016-7978.patch25
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2016-7979.patch48
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2016-8602.patch47
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2017-8291.patch166
-rw-r--r--gnu/packages/patches/ghostscript-no-header-creationdate.patch22
-rw-r--r--gnu/packages/patches/ghostscript-no-header-id.patch57
-rw-r--r--gnu/packages/patches/ghostscript-no-header-uuid.patch50
-rw-r--r--gnu/packages/patches/ghostscript-runpath.patch17
-rw-r--r--gnu/packages/patches/glibc-CVE-2015-5180.patch311
-rw-r--r--gnu/packages/patches/glibc-CVE-2015-7547.patch590
-rw-r--r--gnu/packages/patches/glibc-CVE-2016-3075.patch43
-rw-r--r--gnu/packages/patches/glibc-CVE-2016-3706.patch188
-rw-r--r--gnu/packages/patches/glibc-CVE-2016-4429.patch58
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch28
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch16
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch28
-rw-r--r--gnu/packages/patches/grep-gnulib-lock.patch32
-rw-r--r--gnu/packages/patches/groff-source-date-epoch.patch299
-rw-r--r--gnu/packages/patches/guile-2.2-default-utf8.patch78
-rw-r--r--gnu/packages/patches/guile-bytestructures-name-clash.patch31
-rw-r--r--gnu/packages/patches/guile-relocatable.patch4
-rw-r--r--gnu/packages/patches/guile-ssh-channel-finalization.patch28
-rw-r--r--gnu/packages/patches/guile-ssh-double-free.patch37
-rw-r--r--gnu/packages/patches/guile-ssh-rexec-bug.patch16
-rw-r--r--gnu/packages/patches/heimdal-CVE-2017-11103.patch45
-rw-r--r--gnu/packages/patches/heimdal-CVE-2017-6594.patch85
-rw-r--r--gnu/packages/patches/intltool-perl-compatibility.patch76
-rw-r--r--gnu/packages/patches/libffi-3.2.1-complex-alpha.patch28
-rw-r--r--gnu/packages/patches/libgit2-use-after-free.patch24
-rw-r--r--gnu/packages/patches/libtasn1-CVE-2017-10790.patch63
-rw-r--r--gnu/packages/patches/libtasn1-CVE-2017-6891.patch51
-rw-r--r--gnu/packages/patches/libtiff-CVE-2016-10092.patch42
-rw-r--r--gnu/packages/patches/libtiff-CVE-2016-10093.patch53
-rw-r--r--gnu/packages/patches/libtiff-CVE-2016-10094.patch34
-rw-r--r--gnu/packages/patches/libtiff-CVE-2017-5225.patch86
-rw-r--r--gnu/packages/patches/libtiff-assertion-failure.patch60
-rw-r--r--gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch63
-rw-r--r--gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch104
-rw-r--r--gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch57
-rw-r--r--gnu/packages/patches/libtiff-divide-by-zero.patch67
-rw-r--r--gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch131
-rw-r--r--gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch132
-rw-r--r--gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch67
-rw-r--r--gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch60
-rw-r--r--gnu/packages/patches/libtiff-invalid-read.patch64
-rw-r--r--gnu/packages/patches/libtiff-null-dereference.patch42
-rw-r--r--gnu/packages/patches/libtiff-tiffcp-underflow.patch41
-rw-r--r--gnu/packages/patches/libunistring-gnulib-multi-core.patch178
-rw-r--r--gnu/packages/patches/libusb-0.1-disable-tests.patch15
-rw-r--r--gnu/packages/patches/lz4-fix-test-failures.patch136
-rw-r--r--gnu/packages/patches/mesa-fix-32bit-test-failures.patch58
-rw-r--r--gnu/packages/patches/mesa-skip-disk-cache-test.patch7
-rw-r--r--gnu/packages/patches/metabat-fix-boost-issue.patch27
-rw-r--r--gnu/packages/patches/metabat-fix-compilation.patch39
-rw-r--r--gnu/packages/patches/newsbeuter-CVE-2017-12904.patch34
-rw-r--r--gnu/packages/patches/nss-pkgconfig.patch4
-rw-r--r--gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch43
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch233
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch245
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-12982.patch28
-rw-r--r--gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch62
-rw-r--r--gnu/packages/patches/perl-net-ssleay-disable-ede-test.patch23
-rw-r--r--gnu/packages/patches/perl-no-sys-dirs.patch73
-rw-r--r--gnu/packages/patches/poppler-CVE-2017-9776.patch34
-rw-r--r--gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch61
-rw-r--r--gnu/packages/patches/python-cython-fix-tests-32bit.patch27
-rw-r--r--gnu/packages/patches/python-fake-factory-fix-build-32bit.patch36
-rw-r--r--gnu/packages/patches/python-file-double-encoding-bug.patch50
-rw-r--r--gnu/packages/patches/python-pbr-fix-man-page-support.patch28
-rw-r--r--gnu/packages/patches/python-pygit2-disable-network-tests.patch79
-rw-r--r--gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch36
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-10664.patch27
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-10806.patch38
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-10911.patch106
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-11334.patch52
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-11434.patch25
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-12809.patch38
-rw-r--r--gnu/packages/patches/quassel-fix-tls-check.patch25
-rw-r--r--gnu/packages/patches/rpm-CVE-2014-8118.patch25
-rw-r--r--gnu/packages/patches/ruby-puma-ignore-broken-test.patch13
-rw-r--r--gnu/packages/patches/shishi-fix-libgcrypt-detection.patch32
-rw-r--r--gnu/packages/patches/sooperlooper-build-with-wx-30.patch179
-rw-r--r--gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch42
-rw-r--r--gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch18
-rw-r--r--gnu/packages/patches/vinagre-revert-1.patch56
-rw-r--r--gnu/packages/patches/vinagre-revert-2.patch448
-rw-r--r--gnu/packages/patches/wget-perl-5.26.patch96
-rw-r--r--gnu/packages/patches/xf86-video-siliconmotion-fix-ftbfs.patch171
116 files changed, 5094 insertions, 3431 deletions
diff --git a/gnu/packages/patches/ath9k-htc-firmware-binutils.patch b/gnu/packages/patches/ath9k-htc-firmware-binutils.patch
index aa253e135f..7bb5d77dba 100644
--- a/gnu/packages/patches/ath9k-htc-firmware-binutils.patch
+++ b/gnu/packages/patches/ath9k-htc-firmware-binutils.patch
@@ -5,9 +5,6 @@ Not applying the first patch (apparently) leads to miscompiled firmware,
 and loading it fails with a "Target is unresponsive" message from the
 'ath9k_htc' module.
 
-The final hunk, applied to 'gas/config/tc-xtensa.c', is copied from the
-upstream file 'local/patches/binutils-2.27_fixup.patch'.
-
 From dbca73446265ce01b8e11462c3346b25953e3399 Mon Sep 17 00:00:00 2001
 From: Sujith Manoharan <c_manoha@qca.qualcomm.com>
 Date: Mon, 7 Jan 2013 15:59:53 +0530
@@ -28969,20 +28966,3 @@ index 30f4f41..fe9b051 100644
  #define XCHAL_MAX_INSTRUCTION_SIZE	3
 -- 
 1.8.1
-
-diff --git a/gas/config/tc-xtensa.c b/gas/config/tc-xtensa.c
-index d062044..ca261ae 100644
---- a/gas/config/tc-xtensa.c
-+++ b/gas/config/tc-xtensa.c
-@@ -2228,7 +2228,7 @@ xg_reverse_shift_count (char **cnt_argp)
-   cnt_arg = *cnt_argp;
- 
-   /* replace the argument with "31-(argument)" */
--  new_arg = concat ("31-(", cnt_argp, ")", (char *) NULL);
-+  new_arg = concat ("31-(", cnt_arg, ")", (char *) NULL);
- 
-   free (cnt_arg);
-   *cnt_argp = new_arg;
--- 
-2.10.1
-
diff --git a/gnu/packages/patches/bcftools-regidx-unsigned-char.patch b/gnu/packages/patches/bcftools-regidx-unsigned-char.patch
new file mode 100644
index 0000000000..af5bc160f5
--- /dev/null
+++ b/gnu/packages/patches/bcftools-regidx-unsigned-char.patch
@@ -0,0 +1,16 @@
+Description: Fix test-regidx argument parsing on archs with unsigned char
+ On architectures where char is unsigned "c >= 0" was always true.
+Author: Adrian Bunk <bunk@debian.org>
+Bug-Debian: https://bugs.debian.org/865060
+
+--- a/test/test-regidx.c
++++ b/test/test-regidx.c
+@@ -336,7 +336,7 @@
+         {"seed",1,0,'s'},
+         {0,0,0,0}
+     };
+-    char c;
++    int c;
+     int seed = (int)time(NULL);
+     while ((c = getopt_long(argc, argv, "hvs:",loptions,NULL)) >= 0) 
+     {
diff --git a/gnu/packages/patches/binutils-mips-bash-bug.patch b/gnu/packages/patches/binutils-mips-bash-bug.patch
deleted file mode 100644
index 08d3a79749..0000000000
--- a/gnu/packages/patches/binutils-mips-bash-bug.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Bash 4.2.0(1)-release, which we use during bootstrap, does not yield the
-"x" case in:
-
-  case x"$EMULATION_NAME" in x) ;; *) ;; esac
-
-when 'EMULATION_NAME' is undefined.  Bash 4.3.30(1)-release doesn't have this
-problem.  Work around it.
-
-This Bash bug was fixed
-in <http://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-007>.
-
---- a/ld/emulparams/elf32bmipn32-defs.sh
-+++ b/ld/emulparams/elf32bmipn32-defs.sh
-@@ -13,7 +13,7 @@ LITTLE_OUTPUT_FORMAT="elf32-littlemips"
- TEMPLATE_NAME=elf32
- EXTRA_EM_FILE=mipself
- 
--case x"$EMULATION_NAME" in
-+case "x$EMULATION_NAME" in
- xelf32*n32*) ELFSIZE=32 ;;
- xelf64*) ELFSIZE=64 ;;
- x) ;;
diff --git a/gnu/packages/patches/catdoc-CVE-2017-11110.patch b/gnu/packages/patches/catdoc-CVE-2017-11110.patch
new file mode 100644
index 0000000000..71c44f60fb
--- /dev/null
+++ b/gnu/packages/patches/catdoc-CVE-2017-11110.patch
@@ -0,0 +1,45 @@
+Fix CVE-2017-11110:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11110
+https://bugzilla.redhat.com/show_bug.cgi?id=1468471
+https://security-tracker.debian.org/tracker/CVE-2017-11110
+
+Patch copied from openSUSE:
+
+https://build.opensuse.org/package/view_file/openSUSE:Maintenance:6985/catdoc.openSUSE_Leap_42.2_Update/CVE-2017-11110.patch?expand=1
+
+From: Andreas Stieger <astieger@suse.com>
+Date: Mon, 10 Jul 2017 15:37:58 +0000
+References: CVE-2017-11110 http://bugzilla.suse.com/show_bug.cgi?id=1047877
+
+All .doc I found had sectorSize 0x09 at offset 0x1e. Guarding it against <4.
+
+---
+ src/ole.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+Index: catdoc-0.95/src/ole.c
+===================================================================
+--- catdoc-0.95.orig/src/ole.c	2016-05-25 06:37:12.000000000 +0200
++++ catdoc-0.95/src/ole.c	2017-07-10 17:42:33.578308107 +0200
+@@ -106,6 +106,11 @@ FILE* ole_init(FILE *f, void *buffer, si
+ 		return NULL;
+ 	}
+  	sectorSize = 1<<getshort(oleBuf,0x1e);
++	/* CVE-2017-11110) */
++ 	if (sectorSize < 4) {
++		fprintf(stderr,"sectorSize < 4 not supported\n");
++		return NULL;
++	}
+ 	shortSectorSize=1<<getshort(oleBuf,0x20);
+ 
+ /* Read BBD into memory */
+@@ -147,7 +152,7 @@ FILE* ole_init(FILE *f, void *buffer, si
+ 		}
+ 
+ 		fseek(newfile, 512+mblock*sectorSize, SEEK_SET);
+-		if(fread(tmpBuf+MSAT_ORIG_SIZE+(sectorSize-4)*i,
++		if(fread(tmpBuf+MSAT_ORIG_SIZE+(sectorSize-4)*i, /* >= 4 for CVE-2017-11110 */
+ 						 1, sectorSize, newfile) != sectorSize) {
+ 			fprintf(stderr, "Error read MSAT!\n");
+ 			ole_finish();
diff --git a/gnu/packages/patches/chicken-CVE-2017-11343.patch b/gnu/packages/patches/chicken-CVE-2017-11343.patch
new file mode 100644
index 0000000000..1d46ad50d9
--- /dev/null
+++ b/gnu/packages/patches/chicken-CVE-2017-11343.patch
@@ -0,0 +1,57 @@
+Fix CVE-2017-11343:
+
+https://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11343
+
+Patch copied from upstream mailing list:
+
+http://lists.gnu.org/archive/html/chicken-hackers/2017-06/txtod8Pa1wGU0.txt
+
+From ae2633195cc5f4f61c9da4ac90f0c14c010dcc3d Mon Sep 17 00:00:00 2001
+From: Peter Bex <address@hidden>
+Date: Fri, 30 Jun 2017 15:39:45 +0200
+Subject: [PATCH 2/2] Initialize symbol table after setting up randomization
+
+Otherwise, the symbol table wouldn't be correctly randomized.
+---
+ NEWS      | 3 +++
+ runtime.c | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+#diff --git a/NEWS b/NEWS
+#index f4b0e041..6588b30e 100644
+#--- a/NEWS
+#+++ b/NEWS
+#@@ -96,6 +96,9 @@
+#     buffer overrun and/or segfault (thanks to Lemonboy).
+#   - CVE-2017-9334: `length' no longer crashes on improper lists (fixes
+#     #1375, thanks to "megane").
+#+  - The randomization factor of the symbol table was set before
+#+    the random seed was set, causing it to have a fixed value on many
+#+    platforms.
+# 
+# - Core Libraries
+#   - Unit "posix": If file-lock, file-lock/blocking or file-unlock are
+diff --git a/runtime.c b/runtime.c
+index 81c54dd2..a4580abc 100644
+--- a/runtime.c
++++ b/runtime.c
+@@ -799,7 +799,6 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel)
+   C_initial_timer_interrupt_period = INITIAL_TIMER_INTERRUPT_PERIOD;
+   C_timer_interrupt_counter = INITIAL_TIMER_INTERRUPT_PERIOD;
+   memset(signal_mapping_table, 0, sizeof(int) * NSIG);
+-  initialize_symbol_table();
+   C_dlerror = "cannot load compiled code dynamically - this is a statically linked executable";
+   error_location = C_SCHEME_FALSE;
+   C_pre_gc_hook = NULL;
+@@ -816,6 +815,7 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel)
+   callback_continuation_level = 0;
+   gc_ms = 0;
+   (void)C_randomize(C_fix(time(NULL)));
++  initialize_symbol_table();
+ 
+   if (profiling) {
+ #ifndef C_NONUNIX
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/coreutils-cut-huge-range-test.patch b/gnu/packages/patches/coreutils-cut-huge-range-test.patch
index 0be2cef2b8..e3a0ef28eb 100644
--- a/gnu/packages/patches/coreutils-cut-huge-range-test.patch
+++ b/gnu/packages/patches/coreutils-cut-huge-range-test.patch
@@ -1,22 +1,33 @@
 This patch fixes 100% reproducible test failures on arm-linux-gnueabihf in our
-the build environment chroot, as reported at <https://bugs.gnu.org/26253>.
-It is a followup to this upstream patch:
+the build environment chroot, as reported at <https://bugs.gnu.org/26253>,
+and now on x86_64-linux-gnu as well.  It is a variant of this upstream patch:
 
-   commit 28803c8a3144d5d4363cdbd148bbe067af1a67c2
-   Author: Pádraig Brady <P@draigBrady.com>
-   Date:   Fri Mar 3 00:25:54 2017 -0800
+  commit f5422009389678680dba9ff4ecb7d33632ee3383
+  Author: Ludovic Courtès <ludo@gnu.org>
+  Date:   Mon Mar 27 20:34:39 2017 -0700
 
-       tests: avoid a spurious failure on older debian
+      tests: avoid false ulimit failure on some systems
+
+      * tests/misc/cut-huge-range.sh: On some systems returns_ may
+      use more memory, so incorporate that in the determination
+      of the ulimit value to use.  Noticed on ARMv7 with bash-4.4.12,
+      and x86_64 with bash-4.2.37.
+      Fixes http://bugs.gnu.org/26253
 
 ... which appeared to be insufficient.
 
+diff --git a/tests/misc/cut-huge-range.sh b/tests/misc/cut-huge-range.sh
+index 6b3c5b6ed..55b7b640e 100755
 --- a/tests/misc/cut-huge-range.sh
 +++ b/tests/misc/cut-huge-range.sh
-@@ -22,6 +22,7 @@ getlimits_
+@@ -20,9 +20,9 @@
+ print_ver_ cut
+ getlimits_
  
- vm=$(get_min_ulimit_v_ cut -b1 /dev/null) \
+-vm=$(get_min_ulimit_v_ cut -b1 /dev/null) \
++vm=$(get_min_ulimit_v_ sh -c 'cut -b1 /dev/null') \
    || skip_ "this shell lacks ulimit support"
-+vm=$(($vm + $(getconf PAGESIZE))) # avoid spurious failures
+ vm=$(($vm + 1000)) # avoid spurious failures
  
  # sed script to subtract one from the input.
  # Each input line should consist of a positive decimal number.
diff --git a/gnu/packages/patches/coreutils-fix-cross-compilation.patch b/gnu/packages/patches/coreutils-fix-cross-compilation.patch
deleted file mode 100644
index 3f0d35c33e..0000000000
--- a/gnu/packages/patches/coreutils-fix-cross-compilation.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Coreutils fails to cross compile for other platforms because cu_install_program
-is not being evaluated properly. This patch fixes it.
-See <https://lists.gnu.org/archive/html/coreutils/2017-01/msg00039.html>
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -5023,7 +5023,7 @@ pr = progs-readme
- @CROSS_COMPILING_FALSE@cu_install_program = src/ginstall
- 
- # Use the just-built 'ginstall', when not cross-compiling.
--@CROSS_COMPILING_TRUE@cu_install_program = @INSTALL_PROGRAM@
-+@CROSS_COMPILING_TRUE@cu_install_program := @INSTALL@
- info_TEXINFOS = doc/coreutils.texi
- doc_coreutils_TEXINFOS = \
-   doc/perm.texi \
-
diff --git a/gnu/packages/patches/curl-bounds-check.patch b/gnu/packages/patches/curl-bounds-check.patch
new file mode 100644
index 0000000000..4b8ff65304
--- /dev/null
+++ b/gnu/packages/patches/curl-bounds-check.patch
@@ -0,0 +1,19 @@
+Fix test failure on some 32-bit platforms.
+
+Patch copied from upstream source repository:
+
+https://github.com/curl/curl/commit/45a560390c4356bcb81d933bbbb229c8ea2acb63
+
+diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c
+index b9dedc989e..85c5e79a7e 100644
+--- a/src/tool_paramhlp.c
++++ b/src/tool_paramhlp.c
+@@ -218,7 +218,7 @@ static ParameterError str2double(double *val, const char *str, long max)
+     num = strtod(str, &endptr);
+     if(errno == ERANGE)
+       return PARAM_NUMBER_TOO_LARGE;
+-    if((long)num > max) {
++    if(num > max) {
+       /* too large */
+       return PARAM_NUMBER_TOO_LARGE;
+     }
diff --git a/gnu/packages/patches/cvs-2017-12836.patch b/gnu/packages/patches/cvs-2017-12836.patch
new file mode 100644
index 0000000000..507ab0f7d0
--- /dev/null
+++ b/gnu/packages/patches/cvs-2017-12836.patch
@@ -0,0 +1,45 @@
+Fix CVE-2017-12836:
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12836
+https://security-tracker.debian.org/tracker/CVE-2017-12836
+
+Patch adpated from Debian (comments and changelog annotations removed):
+
+https://anonscm.debian.org/cgit/collab-maint/cvs.git/commit/?h=stretch&id=41e077396e35efb6c879951f44c62dd8a1d0f094
+
+From 41e077396e35efb6c879951f44c62dd8a1d0f094 Mon Sep 17 00:00:00 2001
+From: mirabilos <m@mirbsd.org>
+Date: Sat, 12 Aug 2017 03:17:18 +0200
+Subject: Fix CVE-2017-12836 (Closes: #871810) for stretch
+
+---
+ debian/changelog |  6 ++++++
+ src/rsh-client.c | 10 ++++++++--
+ 2 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/src/rsh-client.c b/src/rsh-client.c
+index fe0cfc4..1fc860d 100644
+--- a/src/rsh-client.c
++++ b/src/rsh-client.c
+@@ -105,6 +106,9 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p,
+ 	rsh_argv[i++] = argvport;
+     }
+ 
++    /* Only non-option arguments from here. (CVE-2017-12836) */
++    rsh_argv[i++] = "--";
++
+     rsh_argv[i++] = root->hostname;
+     rsh_argv[i++] = cvs_server;
+     if (readonlyfs)
+@@ -189,6 +193,8 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p,
+ 		*p++ = argvport;
+ 	}
+ 
++	*p++ = "--";
++
+ 	*p++ = root->hostname;
+ 	*p++ = command;
+ 	*p++ = NULL;
+-- 
+cgit v0.12
+
diff --git a/gnu/packages/patches/deja-dup-use-ref-keyword-for-iter.patch b/gnu/packages/patches/deja-dup-use-ref-keyword-for-iter.patch
new file mode 100644
index 0000000000..a03e0c5481
--- /dev/null
+++ b/gnu/packages/patches/deja-dup-use-ref-keyword-for-iter.patch
@@ -0,0 +1,41 @@
+From 5676766be5e845ccb6cdf46cfa8722497f151752 Mon Sep 17 00:00:00 2001
+From: Jeremy Bicha <jbicha@ubuntu.com>
+Date: Fri, 16 Jun 2017 15:11:37 -0400
+Subject: Use 'ref' keyword for iter, requires vala 0.36
+
+
+diff --git a/deja-dup/widgets/ConfigList.vala b/deja-dup/widgets/ConfigList.vala
+index 15de2d6..02cd81a 100644
+--- a/deja-dup/widgets/ConfigList.vala
++++ b/deja-dup/widgets/ConfigList.vala
+@@ -333,7 +333,7 @@ public class ConfigList : ConfigWidget
+ 
+     model.row_deleted.disconnect(write_to_config);
+     foreach (Gtk.TreeIter iter in iters) {
+-      (model as Gtk.ListStore).remove(iter);
++      (model as Gtk.ListStore).remove(ref iter);
+     }
+     model.row_deleted.connect(write_to_config);
+ 
+diff --git a/deja-dup/widgets/ConfigLocation.vala b/deja-dup/widgets/ConfigLocation.vala
+index 869e2a8..d21c556 100644
+--- a/deja-dup/widgets/ConfigLocation.vala
++++ b/deja-dup/widgets/ConfigLocation.vala
+@@ -397,12 +397,12 @@ public class ConfigLocation : ConfigWidget
+     if (uuid == saved_uuid)
+       return;
+ 
+-    store.remove(iter);
++    store.remove(ref iter);
+ 
+     if (--num_volumes == 0) {
+       Gtk.TreeIter sep_iter;
+       if (store.get_iter_from_string(out sep_iter, index_vol_sep.to_string())) {
+-        store.remove(sep_iter);
++        store.remove(ref sep_iter);
+         index_vol_sep = -2;
+       }
+     }
+-- 
+cgit v0.10.2
+
diff --git a/gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch b/gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch
new file mode 100644
index 0000000000..e7a96a2ac0
--- /dev/null
+++ b/gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch
@@ -0,0 +1,46 @@
+Fix a test failure on 32-bit platforms.
+
+Patch copied from upstream source repository:
+
+https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=9e31a5696c4b699bf000a07b86601c1fb91c0493
+
+diff --git a/lib/support/mkquota.c b/lib/support/mkquota.c
+index 00f3a40..931a839 100644
+--- a/lib/support/mkquota.c
++++ b/lib/support/mkquota.c
+@@ -50,11 +50,13 @@ static void print_dquot(const char *desc, struct dquot *dq)
+ {
+ 	if (desc)
+ 		fprintf(stderr, "%s: ", desc);
+-	fprintf(stderr, "%u %ld:%ld:%ld %ld:%ld:%ld\n",
+-		dq->dq_id, dq->dq_dqb.dqb_curspace,
+-		dq->dq_dqb.dqb_bsoftlimit, dq->dq_dqb.dqb_bhardlimit,
+-		dq->dq_dqb.dqb_curinodes,
+-		dq->dq_dqb.dqb_isoftlimit, dq->dq_dqb.dqb_ihardlimit);
++	fprintf(stderr, "%u %lld:%lld:%lld %lld:%lld:%lld\n",
++		dq->dq_id, (long long) dq->dq_dqb.dqb_curspace,
++		(long long) dq->dq_dqb.dqb_bsoftlimit,
++		(long long) dq->dq_dqb.dqb_bhardlimit,
++		(long long) dq->dq_dqb.dqb_curinodes,
++		(long long) dq->dq_dqb.dqb_isoftlimit,
++		(long long) dq->dq_dqb.dqb_ihardlimit);
+ }
+ #else
+ static void print_dquot(const char *desc EXT2FS_ATTR((unused)),
+@@ -524,11 +526,11 @@ static int scan_dquots_callback(struct dquot *dquot, void *cb_data)
+ 	    dq->dq_dqb.dqb_curinodes != dquot->dq_dqb.dqb_curinodes) {
+ 		scan_data->usage_is_inconsistent = 1;
+ 		fprintf(stderr, "[QUOTA WARNING] Usage inconsistent for ID %u:"
+-			"actual (%ld, %ld) != expected (%ld, %ld)\n",
+-			dq->dq_id, dq->dq_dqb.dqb_curspace,
+-			dq->dq_dqb.dqb_curinodes,
+-			dquot->dq_dqb.dqb_curspace,
+-			dquot->dq_dqb.dqb_curinodes);
++			"actual (%lld, %lld) != expected (%lld, %lld)\n",
++			dq->dq_id, (long long) dq->dq_dqb.dqb_curspace,
++			(long long) dq->dq_dqb.dqb_curinodes,
++			(long long) dquot->dq_dqb.dqb_curspace,
++			(long long) dquot->dq_dqb.dqb_curinodes);
+ 	}
+ 
+ 	if (scan_data->update_limits) {
diff --git a/gnu/packages/patches/erlang-man-path.patch b/gnu/packages/patches/erlang-man-path.patch
new file mode 100644
index 0000000000..68fc9f45b4
--- /dev/null
+++ b/gnu/packages/patches/erlang-man-path.patch
@@ -0,0 +1,24 @@
+Patch originally from https://sources.debian.net/patches/erlang/1:20.0.1%2Bdfsg-2/man.patch/
+by Francois-Denis Gonthier <neumann@lostwebsite.net>.
+
+Patch description rewritten for Guix.
+
+This patch allows access to the man page with the 'erl -man' command
+(Erlang manual pages are placed to /gnu/store/..erlang../share/man/ hierarchy
+as other man pages.)
+
+--- a/erts/etc/common/erlexec.c
++++ b/erts/etc/common/erlexec.c
+@@ -709,8 +709,10 @@
+ 			error("-man not supported on Windows");
+ #else
+ 			argv[i] = "man";
+-			erts_snprintf(tmpStr, sizeof(tmpStr), "%s/man", rootdir);
+-			set_env("MANPATH", tmpStr);
++			/*
++			* Conform to erlang-manpages content.
++			*/
++			putenv(strsave("MANSECT=1:3:5:7"));
+ 			execvp("man", argv+i);
+ 			error("Could not execute the 'man' command.");
+ #endif
diff --git a/gnu/packages/patches/eudev-conflicting-declaration.patch b/gnu/packages/patches/eudev-conflicting-declaration.patch
deleted file mode 100644
index f5399e20d3..0000000000
--- a/gnu/packages/patches/eudev-conflicting-declaration.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-Fix build failure due to conflicting declaration of
-keyboard_lookup_key() in gperf-3.1:
-
-https://bugs.gentoo.org/show_bug.cgi?id=604864
-
-Patch copied from upstream source repository:
-
-https://github.com/gentoo/eudev/commit/5bab4d8de0dcbb8e2e7d4d5125b4aea1652a0d60
-
-From 5bab4d8de0dcbb8e2e7d4d5125b4aea1652a0d60 Mon Sep 17 00:00:00 2001
-From: "Anthony G. Basile" <blueness@gentoo.org>
-Date: Thu, 5 Jan 2017 16:21:17 -0500
-Subject: [PATCH] src/udev/udev-builtin-keyboard.c: fix build with gperf 3.1
-
-Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
----
- src/udev/udev-builtin-keyboard.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/src/udev/udev-builtin-keyboard.c b/src/udev/udev-builtin-keyboard.c
-index 73171c3..fad3520 100644
---- a/src/udev/udev-builtin-keyboard.c
-+++ b/src/udev/udev-builtin-keyboard.c
-@@ -28,7 +28,6 @@
- 
- #include "udev.h"
- 
--static const struct key *keyboard_lookup_key(const char *str, unsigned len);
- #include "keyboard-keys-from-name.h"
- #include "keyboard-keys-to-name.h"
- 
diff --git a/gnu/packages/patches/evince-CVE-2017-1000083.patch b/gnu/packages/patches/evince-CVE-2017-1000083.patch
deleted file mode 100644
index 2ca062f337..0000000000
--- a/gnu/packages/patches/evince-CVE-2017-1000083.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-Fix CVE-2017-1000083.
-
-http://seclists.org/oss-sec/2017/q3/128
-https://bugzilla.gnome.org/show_bug.cgi?id=784630
-
-Patch copied from upstream source repository:
-
-https://git.gnome.org/browse/evince/commit/?id=717df38fd8509bf883b70d680c9b1b3cf36732ee
-
-From 717df38fd8509bf883b70d680c9b1b3cf36732ee Mon Sep 17 00:00:00 2001
-From: Bastien Nocera <hadess@hadess.net>
-Date: Thu, 6 Jul 2017 20:02:00 +0200
-Subject: comics: Remove support for tar and tar-like commands
-
-diff --git a/backend/comics/comics-document.c b/backend/comics/comics-document.c
-index 4c74731..641d785 100644
---- a/backend/comics/comics-document.c
-+++ b/backend/comics/comics-document.c
-@@ -56,8 +56,7 @@ typedef enum
- 	RARLABS,
- 	GNAUNRAR,
- 	UNZIP,
--	P7ZIP,
--	TAR
-+	P7ZIP
- } ComicBookDecompressType;
- 
- typedef struct _ComicsDocumentClass ComicsDocumentClass;
-@@ -117,9 +116,6 @@ static const ComicBookDecompressCommand command_usage_def[] = {
- 
-         /* 7zip */
- 	{NULL               , "%s l -- %s"     , "%s x -y %s -o%s", FALSE, OFFSET_7Z},
--
--        /* tar */
--	{"%s -xOf"          , "%s -tf %s"      , NULL             , FALSE, NO_OFFSET}
- };
- 
- static GSList*    get_supported_image_extensions (void);
-@@ -364,13 +360,6 @@ comics_check_decompress_command	(gchar          *mime_type,
- 			comics_document->command_usage = GNAUNRAR;
- 			return TRUE;
- 		}
--		comics_document->selected_command =
--				g_find_program_in_path ("bsdtar");
--		if (comics_document->selected_command) {
--			comics_document->command_usage = TAR;
--			return TRUE;
--		}
--
- 	} else if (g_content_type_is_a (mime_type, "application/x-cbz") ||
- 		   g_content_type_is_a (mime_type, "application/zip")) {
- 		/* InfoZIP's unzip program */
-@@ -396,12 +385,6 @@ comics_check_decompress_command	(gchar          *mime_type,
- 			comics_document->command_usage = P7ZIP;
- 			return TRUE;
- 		}
--		comics_document->selected_command =
--				g_find_program_in_path ("bsdtar");
--		if (comics_document->selected_command) {
--			comics_document->command_usage = TAR;
--			return TRUE;
--		}
- 
- 	} else if (g_content_type_is_a (mime_type, "application/x-cb7") ||
- 		   g_content_type_is_a (mime_type, "application/x-7z-compressed")) {
-@@ -425,27 +408,6 @@ comics_check_decompress_command	(gchar          *mime_type,
- 			comics_document->command_usage = P7ZIP;
- 			return TRUE;
- 		}
--		comics_document->selected_command =
--				g_find_program_in_path ("bsdtar");
--		if (comics_document->selected_command) {
--			comics_document->command_usage = TAR;
--			return TRUE;
--		}
--	} else if (g_content_type_is_a (mime_type, "application/x-cbt") ||
--		   g_content_type_is_a (mime_type, "application/x-tar")) {
--		/* tar utility (Tape ARchive) */
--		comics_document->selected_command =
--				g_find_program_in_path ("tar");
--		if (comics_document->selected_command) {
--			comics_document->command_usage = TAR;
--			return TRUE;
--		}
--		comics_document->selected_command =
--				g_find_program_in_path ("bsdtar");
--		if (comics_document->selected_command) {
--			comics_document->command_usage = TAR;
--			return TRUE;
--		}
- 	} else {
- 		g_set_error (error,
- 			     EV_DOCUMENT_ERROR,
-diff --git a/configure.ac b/configure.ac
-index 9e9f831..7eb0f1f 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -795,7 +795,7 @@ AC_SUBST(TIFF_MIME_TYPES)
- AC_SUBST(APPDATA_TIFF_MIME_TYPES)
- AM_SUBST_NOTMAKE(APPDATA_TIFF_MIME_TYPES)
- if test "x$enable_comics" = "xyes"; then
--        COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-cbt;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;application/x-ext-cbt"
-+        COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;"
-         APPDATA_COMICS_MIME_TYPES=$(echo "<mimetype>$COMICS_MIME_TYPES</mimetype>" | sed -e 's/;/<\/mimetype>\n    <mimetype>/g')
-         if test -z "$EVINCE_MIME_TYPES"; then
-            EVINCE_MIME_TYPES="${COMICS_MIME_TYPES}"
--- 
-cgit v0.12
-
diff --git a/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch b/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch
deleted file mode 100644
index b489401fea..0000000000
--- a/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Fix regression caused by fix for CVE-2016-0718 when building with -DXML_UNICODE.
-
-Discussion:
-
-https://sourceforge.net/p/expat/bugs/539/
-
-Patch copied from upstream source repository:
-
-https://sourceforge.net/p/expat/code_git/ci/af507cef2c93cb8d40062a0abe43a4f4e9158fb2/
-
-From af507cef2c93cb8d40062a0abe43a4f4e9158fb2 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Sun, 17 Jul 2016 20:22:29 +0200
-Subject: [PATCH 1/2] Fix regression bug #539 (needs -DXML_UNICODE)
-
-Thanks to Andy Wang and Karl Waclawek!
----
- expat/lib/xmlparse.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
-index b308e67..0d5dd7b 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -2468,7 +2468,7 @@ doContent(XML_Parser parser,
-                        &fromPtr, rawNameEnd,
-                        (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1);
-             convLen = (int)(toPtr - (XML_Char *)tag->buf);
--            if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
-+            if ((fromPtr >= rawNameEnd) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
-               tag->name.strLen = convLen;
-               break;
-             }
--- 
-2.10.0
diff --git a/gnu/packages/patches/fabric-tests.patch b/gnu/packages/patches/fabric-tests.patch
deleted file mode 100644
index 4a0ca9f8f1..0000000000
--- a/gnu/packages/patches/fabric-tests.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-The `fab` excecutable doesn't exist during the test phase as it is created
-dynamically during installation. Refer to the equivalent Python module
-directly.
-
---- a/tests/test_utils.py
-+++ b/tests/test_utils.py
-@@ -93,7 +93,7 @@
-     # perform when they are allowed to bubble all the way to the top. So, we
-     # invoke a subprocess and look at its stderr instead.
-     with quiet():
--        result = local("fab -f tests/support/aborts.py kaboom", capture=True)
-+        result = local("python -m fabric -f tests/support/aborts.py kaboom", capture=True)
-     # When error in #1318 is present, this has an extra "It burns!" at end of
-     # stderr string.
-     eq_(result.stderr, "Fatal error: It burns!\n\nAborting.")
\ No newline at end of file
diff --git a/gnu/packages/patches/findutils-gnulib-multi-core.patch b/gnu/packages/patches/findutils-gnulib-multi-core.patch
new file mode 100644
index 0000000000..5a37f4f1f9
--- /dev/null
+++ b/gnu/packages/patches/findutils-gnulib-multi-core.patch
@@ -0,0 +1,294 @@
+This patch fixes performance problems on multi-core machines
+as reported at <https://bugs.gnu.org/26441>.
+
+See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib
+by Bruno Haible <bruno@clisp.org>.
+
+diff --git a/tests/test-lock.c b/tests/test-lock.c
+index a992f64..fb18dee 100644
+--- a/tests/test-lock.c
++++ b/tests/test-lock.c
+@@ -1,5 +1,5 @@
+ /* Test of locking in multithreaded situations.
+-   Copyright (C) 2005, 2008-2015 Free Software Foundation, Inc.
++   Copyright (C) 2005, 2008-2017 Free Software Foundation, Inc.
+ 
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+@@ -50,6 +50,28 @@
+    Uncomment this to see if the operating system has a fair scheduler.  */
+ #define EXPLICIT_YIELD 1
+ 
++/* Whether to use 'volatile' on some variables that communicate information
++   between threads.  If set to 0, a semaphore or a lock is used to protect
++   these variables.  If set to 1, 'volatile' is used; this is theoretically
++   equivalent but can lead to much slower execution (e.g. 30x slower total
++   run time on a 40-core machine), because 'volatile' does not imply any
++   synchronization/communication between different CPUs.  */
++#define USE_VOLATILE 0
++
++#if USE_POSIX_THREADS && HAVE_SEMAPHORE_H
++/* Whether to use a semaphore to communicate information between threads.
++   If set to 0, a lock is used. If set to 1, a semaphore is used.
++   Uncomment this to reduce the dependencies of this test.  */
++# define USE_SEMAPHORE 1
++/* Mac OS X provides only named semaphores (sem_open); its facility for
++   unnamed semaphores (sem_init) does not work.  */
++# if defined __APPLE__ && defined __MACH__
++#  define USE_NAMED_SEMAPHORE 1
++# else
++#  define USE_UNNAMED_SEMAPHORE 1
++# endif
++#endif
++
+ /* Whether to print debugging messages.  */
+ #define ENABLE_DEBUGGING 0
+ 
+@@ -90,6 +112,12 @@
+ 
+ #include "glthread/thread.h"
+ #include "glthread/yield.h"
++#if USE_SEMAPHORE
++# include <errno.h>
++# include <fcntl.h>
++# include <semaphore.h>
++# include <unistd.h>
++#endif
+ 
+ #if ENABLE_DEBUGGING
+ # define dbgprintf printf
+@@ -103,6 +131,132 @@
+ # define yield()
+ #endif
+ 
++#if USE_VOLATILE
++struct atomic_int {
++  volatile int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  return ai->value;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  ai->value = new_value;
++}
++#elif USE_SEMAPHORE
++/* This atomic_int implementation can only support the values 0 and 1.
++   It is initially 0 and can be set to 1 only once.  */
++# if USE_UNNAMED_SEMAPHORE
++struct atomic_int {
++  sem_t semaphore;
++};
++#define atomic_int_semaphore(ai) (&(ai)->semaphore)
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++  sem_init (&ai->semaphore, 0, 0);
++}
++# endif
++# if USE_NAMED_SEMAPHORE
++struct atomic_int {
++  sem_t *semaphore;
++};
++#define atomic_int_semaphore(ai) ((ai)->semaphore)
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++  sem_t *s;
++  unsigned int count;
++  for (count = 0; ; count++)
++    {
++      char name[80];
++      /* Use getpid() in the name, so that different processes running at the
++         same time will not interfere.  Use ai in the name, so that different
++         atomic_int in the same process will not interfere.  Use a count in
++         the name, so that even in the (unlikely) case that a semaphore with
++         the specified name already exists, we can try a different name.  */
++      sprintf (name, "test-lock-%lu-%p-%u",
++               (unsigned long) getpid (), ai, count);
++      s = sem_open (name, O_CREAT | O_EXCL, 0600, 0);
++      if (s == SEM_FAILED)
++        {
++          if (errno == EEXIST)
++            /* Retry with a different name.  */
++            continue;
++          else
++            {
++              perror ("sem_open failed");
++              abort ();
++            }
++        }
++      else
++        {
++          /* Try not to leave a semaphore hanging around on the file system
++             eternally, if we can avoid it.  */
++          sem_unlink (name);
++          break;
++        }
++    }
++  ai->semaphore = s;
++}
++# endif
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  if (sem_trywait (atomic_int_semaphore (ai)) == 0)
++    {
++      if (sem_post (atomic_int_semaphore (ai)))
++        abort ();
++      return 1;
++    }
++  else if (errno == EAGAIN)
++    return 0;
++  else
++    abort ();
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  if (new_value == 0)
++    /* It's already initialized with 0.  */
++    return;
++  /* To set the value 1: */
++  if (sem_post (atomic_int_semaphore (ai)))
++    abort ();
++}
++#else
++struct atomic_int {
++  gl_lock_define (, lock)
++  int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++  gl_lock_init (ai->lock);
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  gl_lock_lock (ai->lock);
++  int ret = ai->value;
++  gl_lock_unlock (ai->lock);
++  return ret;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  gl_lock_lock (ai->lock);
++  ai->value = new_value;
++  gl_lock_unlock (ai->lock);
++}
++#endif
++
+ #define ACCOUNT_COUNT 4
+ 
+ static int account[ACCOUNT_COUNT];
+@@ -170,12 +324,12 @@ lock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int lock_checker_done;
++static struct atomic_int lock_checker_done;
+ 
+ static void *
+ lock_checker_thread (void *arg)
+ {
+-  while (!lock_checker_done)
++  while (get_atomic_int_value (&lock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_lock_lock (my_lock);
+@@ -200,7 +354,8 @@ test_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  lock_checker_done = 0;
++  init_atomic_int (&lock_checker_done);
++  set_atomic_int_value (&lock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (lock_checker_thread, NULL);
+@@ -210,7 +365,7 @@ test_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  lock_checker_done = 1;
++  set_atomic_int_value (&lock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
+@@ -254,12 +409,12 @@ rwlock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int rwlock_checker_done;
++static struct atomic_int rwlock_checker_done;
+ 
+ static void *
+ rwlock_checker_thread (void *arg)
+ {
+-  while (!rwlock_checker_done)
++  while (get_atomic_int_value (&rwlock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ());
+       gl_rwlock_rdlock (my_rwlock);
+@@ -284,7 +439,8 @@ test_rwlock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  rwlock_checker_done = 0;
++  init_atomic_int (&rwlock_checker_done);
++  set_atomic_int_value (&rwlock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+@@ -295,7 +451,7 @@ test_rwlock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  rwlock_checker_done = 1;
++  set_atomic_int_value (&rwlock_checker_done, 1);
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (checkerthreads[i], NULL);
+   check_accounts ();
+@@ -356,12 +512,12 @@ reclock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int reclock_checker_done;
++static struct atomic_int reclock_checker_done;
+ 
+ static void *
+ reclock_checker_thread (void *arg)
+ {
+-  while (!reclock_checker_done)
++  while (get_atomic_int_value (&reclock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_recursive_lock_lock (my_reclock);
+@@ -386,7 +542,8 @@ test_recursive_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  reclock_checker_done = 0;
++  init_atomic_int (&reclock_checker_done);
++  set_atomic_int_value (&reclock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (reclock_checker_thread, NULL);
+@@ -396,7 +553,7 @@ test_recursive_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  reclock_checker_done = 1;
++  set_atomic_int_value (&reclock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
diff --git a/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch b/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch
deleted file mode 100644
index 8ebe33bc6c..0000000000
--- a/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-The first patch is copied from the upstream source repository:
-
-https://cgit.freedesktop.org/fontconfig/commit/?id=1ab5258f7c2abfafcd63a760ca08bf93591912da
-
-The second patch is adapted from a message to from the OpenEmbedded mailing list:
-
-http://lists.openembedded.org/pipermail/openembedded-core/2016-December/130213.html
-
-From 1ab5258f7c2abfafcd63a760ca08bf93591912da Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 14 Dec 2016 16:11:05 -0800
-Subject: Avoid conflicts with integer width macros from TS 18661-1:2014
-
-glibc 2.25+ has now defined these macros in <limits.h>
-https://sourceware.org/git/?p=glibc.git;a=commit;h=5b17fd0da62bf923cb61d1bb7b08cf2e1f1f9c1a
-
-Create an alias for FC_CHAR_WIDTH for ABI compatibility
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-diff --git a/fontconfig/fontconfig.h b/fontconfig/fontconfig.h
-index 5c72b22..070a557 100644
---- a/fontconfig/fontconfig.h
-+++ b/fontconfig/fontconfig.h
-@@ -128,7 +128,8 @@ typedef int		FcBool;
- #define FC_USER_CACHE_FILE	    ".fonts.cache-" FC_CACHE_VERSION
- 
- /* Adjust outline rasterizer */
--#define FC_CHAR_WIDTH	    "charwidth"	/* Int */
-+#define FC_CHARWIDTH	    "charwidth"	/* Int */
-+#define FC_CHAR_WIDTH	    FC_CHARWIDTH
- #define FC_CHAR_HEIGHT	    "charheight"/* Int */
- #define FC_MATRIX	    "matrix"    /* FcMatrix */
- 
-diff --git a/src/fcobjs.h b/src/fcobjs.h
-index 1fc4f65..d27864b 100644
---- a/src/fcobjs.h
-+++ b/src/fcobjs.h
-@@ -51,7 +51,7 @@ FC_OBJECT (DPI,			FcTypeDouble,	NULL)
- FC_OBJECT (RGBA,		FcTypeInteger,	NULL)
- FC_OBJECT (SCALE,		FcTypeDouble,	NULL)
- FC_OBJECT (MINSPACE,		FcTypeBool,	NULL)
--FC_OBJECT (CHAR_WIDTH,		FcTypeInteger,	NULL)
-+FC_OBJECT (CHARWIDTH,		FcTypeInteger,	NULL)
- FC_OBJECT (CHAR_HEIGHT,		FcTypeInteger,	NULL)
- FC_OBJECT (MATRIX,		FcTypeMatrix,	NULL)
- FC_OBJECT (CHARSET,		FcTypeCharSet,	FcCompareCharSet)
--- 
-cgit v0.10.2
-
-From 20cddc824c6501c2082cac41b162c34cd5fcc530 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem at gmail.com>
-Date: Sun, 11 Dec 2016 14:32:00 -0800
-Subject: [PATCH] Avoid conflicts with integer width macros from TS
- 18661-1:2014
-
-glibc 2.25+ has now defined these macros in <limits.h>
-https://sourceware.org/git/?p=glibc.git;a=commit;h=5b17fd0da62bf923cb61d1bb7b08cf2e1f1f9c1a
-
-Signed-off-by: Khem Raj <raj.khem at gmail.com>
----
-Upstream-Status: Submitted
-
- fontconfig/fontconfig.h | 2 +-
- src/fcobjs.h            | 2 +-
- src/fcobjshash.gperf    | 2 +-
- src/fcobjshash.h        | 2 +-
- 4 files changed, 4 insertions(+), 4 deletions(-)
-
-Index: fontconfig-2.12.1/src/fcobjshash.h
-===================================================================
---- fontconfig-2.12.1.orig/src/fcobjshash.h
-+++ fontconfig-2.12.1/src/fcobjshash.h
-@@ -284,7 +284,7 @@ FcObjectTypeLookup (register const char
-       {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str43,FC_CHARSET_OBJECT},
-       {-1},
- #line 47 "fcobjshash.gperf"
--      {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str45,FC_CHAR_WIDTH_OBJECT},
-+      {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str45,FC_CHARWIDTH_OBJECT},
- #line 48 "fcobjshash.gperf"
-       {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str46,FC_CHAR_HEIGHT_OBJECT},
- #line 55 "fcobjshash.gperf"
diff --git a/gnu/packages/patches/fontconfig-path-max.patch b/gnu/packages/patches/fontconfig-path-max.patch
deleted file mode 100644
index e12f60ef00..0000000000
--- a/gnu/packages/patches/fontconfig-path-max.patch
+++ /dev/null
@@ -1,124 +0,0 @@
-This patch fix the build on GNU/Hurd, due to PATH_MAX isn't defined.
-
-The patch was adapted from upstream source repository:
-'<https://cgit.freedesktop.org/fontconfig/commit/?id=abdb6d658e1a16410dd1c964e365a3ebd5039e7c>'
-Commit: abdb6d658e1a16410dd1c964e365a3ebd5039e7c
-
----
- src/fcdefault.c | 34 +++++++++++++++++++++++++++-------
- src/fcint.h     |  6 ++++++
- src/fcstat.c    | 12 +++++++++++-
- 3 files changed, 44 insertions(+), 8 deletions(-)
-
-diff --git a/src/fcdefault.c b/src/fcdefault.c
-index 6647a8f..5afd7ec 100644
---- a/src/fcdefault.c
-+++ b/src/fcdefault.c
-@@ -148,17 +148,34 @@ retry:
- 	    prgname = FcStrdup ("");
- #else
- # if defined (HAVE_GETEXECNAME)
--	const char *p = getexecname ();
-+	char *p = FcStrdup(getexecname ());
- # elif defined (HAVE_READLINK)
--	char buf[PATH_MAX + 1];
--	int len;
-+	size_t size = FC_PATH_MAX;
- 	char *p = NULL;
- 
--	len = readlink ("/proc/self/exe", buf, sizeof (buf) - 1);
--	if (len != -1)
-+	while (1)
- 	{
--	    buf[len] = '\0';
--	    p = buf;
-+	    char *buf = malloc (size);
-+	    ssize_t len;
-+
-+	    if (!buf)
-+		break;
-+
-+	    len = readlink ("/proc/self/exe", buf, size - 1);
-+	    if (len < 0)
-+	    {
-+		free (buf);
-+		break;
-+	    }
-+	    if (len < size - 1)
-+	    {
-+		buf[len] = 0;
-+		p = buf;
-+		break;
-+	    }
-+
-+	    free (buf);
-+	    size *= 2;
- 	}
- # else
- 	char *p = NULL;
-@@ -176,6 +193,9 @@ retry:
- 
- 	if (!prgname)
- 	    prgname = FcStrdup ("");
-+
-+	if (p)
-+	    free (p);
- #endif
- 
- 	if (!fc_atomic_ptr_cmpexch (&default_prgname, NULL, prgname)) {
-diff --git a/src/fcint.h b/src/fcint.h
-index ac911ad..dad34c5 100644
---- a/src/fcint.h
-+++ b/src/fcint.h
-@@ -70,6 +70,12 @@ extern pfnSHGetFolderPathA pSHGetFolderPathA;
- #  define FC_DIR_SEPARATOR_S       "/"
- #endif
- 
-+#ifdef PATH_MAX
-+#define FC_PATH_MAX	PATH_MAX
-+#else
-+#define FC_PATH_MAX	128
-+#endif
-+
- #if __GNUC__ >= 4
- #define FC_UNUSED	__attribute__((unused))
- #else
-diff --git a/src/fcstat.c b/src/fcstat.c
-index 1734fa4..f6e1aaa 100644
---- a/src/fcstat.c
-+++ b/src/fcstat.c
-@@ -278,8 +278,13 @@ FcDirChecksum (const FcChar8 *dir, time_t *checksum)
- 	{
- #endif
- 	struct stat statb;
--	char f[PATH_MAX + 1];
-+	char *f = malloc (len + 1 + dlen + 1);
- 
-+	if (!f)
-+	{
-+	    ret = -1;
-+	    goto bail;
-+	}
- 	memcpy (f, dir, len);
- 	f[len] = FC_DIR_SEPARATOR;
- 	memcpy (&f[len + 1], files[n]->d_name, dlen);
-@@ -287,11 +292,16 @@ FcDirChecksum (const FcChar8 *dir, time_t *checksum)
- 	if (lstat (f, &statb) < 0)
- 	{
- 	    ret = -1;
-+	    free (f);
- 	    goto bail;
- 	}
- 	if (S_ISDIR (statb.st_mode))
-+	{
-+	    free (f);
- 	    goto bail;
-+	}
- 
-+	free (f);
- 	dtype = statb.st_mode;
- #ifdef HAVE_STRUCT_DIRENT_D_TYPE
- 	}
--- 
-2.11.0
-
diff --git a/gnu/packages/patches/freetype-CVE-2017-8105.patch b/gnu/packages/patches/freetype-CVE-2017-8105.patch
deleted file mode 100644
index 1891c4ab5f..0000000000
--- a/gnu/packages/patches/freetype-CVE-2017-8105.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-Fix CVE-2017-8105:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
-
-Patch copied from upstream source repository:
-
-https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791
-
-From f958c48ee431bef8d4d466b40c9cb2d4dbcb7791 Mon Sep 17 00:00:00 2001
-From: Werner Lemberg <wl@gnu.org>
-Date: Fri, 24 Mar 2017 09:15:10 +0100
-Subject: [PATCH] [psaux] Better protect `flex' handling.
-
-Reported as
-
-  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
-
-* src/psaux/t1decode.c (t1_decoder_parse_charstrings)
-<callothersubr>: Since there is not a single flex operator but a
-series of subroutine calls, malformed fonts can call arbitrary other
-operators after the start of a flex, possibly adding points.  For
-this reason we have to check the available number of points before
-inserting a point.
----
- ChangeLog            | 15 +++++++++++++++
- src/psaux/t1decode.c |  9 +++++++++
- 2 files changed, 24 insertions(+)
-
-diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c
-index af7b465e..7dd45135 100644
---- a/src/psaux/t1decode.c
-+++ b/src/psaux/t1decode.c
-@@ -780,10 +780,19 @@
-             /* point without adding any point to the outline    */
-             idx = decoder->num_flex_vectors++;
-             if ( idx > 0 && idx < 7 )
-+            {
-+              /* in malformed fonts it is possible to have other */
-+              /* opcodes in the middle of a flex (which don't    */
-+              /* increase `num_flex_vectors'); we thus have to   */
-+              /* check whether we can add a point                */
-+              if ( FT_SET_ERROR( t1_builder_check_points( builder, 1 ) ) )
-+                goto Syntax_Error;
-+
-               t1_builder_add_point( builder,
-                                     x,
-                                     y,
-                                     (FT_Byte)( idx == 3 || idx == 6 ) );
-+            }
-           }
-           break;
- 
--- 
-2.12.2
-
diff --git a/gnu/packages/patches/freetype-CVE-2017-8287.patch b/gnu/packages/patches/freetype-CVE-2017-8287.patch
deleted file mode 100644
index d1145a87ee..0000000000
--- a/gnu/packages/patches/freetype-CVE-2017-8287.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-Fix CVE-2017-8287:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
-
-Patch copied from upstream source repository:
-https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0
-
-From 3774fc08b502c3e685afca098b6e8a195aded6a0 Mon Sep 17 00:00:00 2001
-From: Werner Lemberg <wl@gnu.org>
-Date: Sun, 26 Mar 2017 08:32:09 +0200
-Subject: [PATCH] * src/psaux/psobjs.c (t1_builder_close_contour): Add safety
- guard.
-
-Reported as
-
-  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
----
- ChangeLog          | 8 ++++++++
- src/psaux/psobjs.c | 8 ++++++++
- 2 files changed, 16 insertions(+)
-
-diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c
-index d18e821a..0baf8368 100644
---- a/src/psaux/psobjs.c
-+++ b/src/psaux/psobjs.c
-@@ -1718,6 +1718,14 @@
-     first = outline->n_contours <= 1
-             ? 0 : outline->contours[outline->n_contours - 2] + 1;
- 
-+    /* in malformed fonts it can happen that a contour was started */
-+    /* but no points were added                                    */
-+    if ( outline->n_contours && first == outline->n_points )
-+    {
-+      outline->n_contours--;
-+      return;
-+    }
-+
-     /* We must not include the last point in the path if it */
-     /* is located on the first point.                       */
-     if ( outline->n_points > 1 )
--- 
-2.12.2
-
diff --git a/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch b/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch
new file mode 100644
index 0000000000..74b10c4a44
--- /dev/null
+++ b/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch
@@ -0,0 +1,20 @@
+Add missing include that triggers a build failure on PowerPC:
+
+  ../../../../gcc-5.4.0/libsanitizer/asan/asan_linux.cc: In function ‘bool __asan::AsanInterceptsSignal(int)’:
+  ../../../../gcc-5.4.0/libsanitizer/asan/asan_linux.cc:222:20: error: ‘SIGSEGV’ was not declared in this scope
+     return signum == SIGSEGV && common_flags()->handle_segv;
+		      ^
+From <https://patchwork.ozlabs.org/patch/725596/>.
+
+diff --git a/libsanitizer/asan/asan_linux.cc b/libsanitizer/asan/asan_linux.cc
+index c504168..59087b9 100644
+--- a/libsanitizer/asan/asan_linux.cc
++++ b/libsanitizer/asan/asan_linux.cc
+@@ -29,6 +29,7 @@
+ #include <dlfcn.h>
+ #include <fcntl.h>
+ #include <pthread.h>
++#include <signal.h>
+ #include <stdio.h>
+ #include <unistd.h>
+ #include <unwind.h>
diff --git a/gnu/packages/patches/gd-CVE-2017-7890.patch b/gnu/packages/patches/gd-CVE-2017-7890.patch
new file mode 100644
index 0000000000..66034c5703
--- /dev/null
+++ b/gnu/packages/patches/gd-CVE-2017-7890.patch
@@ -0,0 +1,30 @@
+From 99ba5c353373ed198f54af66fe4e355ebb96e363 Mon Sep 17 00:00:00 2001
+From: LEPILLER Julien <julien@lepiller.eu>
+Date: Thu, 3 Aug 2017 17:04:17 +0200
+Subject: [PATCH] Fix #399: Buffer over-read into uninitialized memory.
+
+The stack allocated color map buffers were not zeroed before usage, and
+so undefined palette indexes could cause information leakage.
+
+This is CVE-2017-7890.
+---
+ src/gd_gif_in.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c
+index 008d1ec..c195448 100644
+--- a/src/gd_gif_in.c
++++ b/src/gd_gif_in.c
+@@ -216,6 +216,9 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd)
+ 
+ 	gdImagePtr im = 0;
+ 
++	memset(ColorMap, 0, 3 * MAXCOLORMAPSIZE);
++	memset(localColorMap, 0, 3 * MAXCOLORMAPSIZE);
++
+ 	if(!ReadOK(fd, buf, 6)) {
+ 		return 0;
+ 	}
+-- 
+2.13.3
+
diff --git a/gnu/packages/patches/gettext-gnulib-multi-core.patch b/gnu/packages/patches/gettext-gnulib-multi-core.patch
new file mode 100644
index 0000000000..5ccdbe4ca1
--- /dev/null
+++ b/gnu/packages/patches/gettext-gnulib-multi-core.patch
@@ -0,0 +1,178 @@
+This patch fixes performance problems on multi-core machines
+as reported at <https://bugs.gnu.org/26441>.
+
+See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib
+by Bruno Haible <bruno@clisp.org>.
+
+diff --git a/gettext-tools/gnulib-tests/test-lock.c b/gettext-tools/gnulib-tests/test-lock.c
+index cb734b4e6..aa6de2739 100644
+--- a/gettext-tools/gnulib-tests/test-lock.c
++++ b/gettext-tools/gnulib-tests/test-lock.c
+@@ -50,6 +50,13 @@
+    Uncomment this to see if the operating system has a fair scheduler.  */
+ #define EXPLICIT_YIELD 1
+ 
++/* Whether to use 'volatile' on some variables that communicate information
++   between threads.  If set to 0, a lock is used to protect these variables.
++   If set to 1, 'volatile' is used; this is theoretically equivalent but can
++   lead to much slower execution (e.g. 30x slower total run time on a 40-core
++   machine.  */
++#define USE_VOLATILE 0
++
+ /* Whether to print debugging messages.  */
+ #define ENABLE_DEBUGGING 0
+ 
+@@ -103,6 +110,51 @@
+ # define yield()
+ #endif
+ 
++#if USE_VOLATILE
++struct atomic_int {
++  volatile int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  return ai->value;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  ai->value = new_value;
++}
++#else
++struct atomic_int {
++  gl_lock_define (, lock)
++  int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++  gl_lock_init (ai->lock);
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  gl_lock_lock (ai->lock);
++  int ret = ai->value;
++  gl_lock_unlock (ai->lock);
++  return ret;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  gl_lock_lock (ai->lock);
++  ai->value = new_value;
++  gl_lock_unlock (ai->lock);
++}
++#endif
++
+ #define ACCOUNT_COUNT 4
+ 
+ static int account[ACCOUNT_COUNT];
+@@ -170,12 +222,12 @@ lock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int lock_checker_done;
++static struct atomic_int lock_checker_done;
+ 
+ static void *
+ lock_checker_thread (void *arg)
+ {
+-  while (!lock_checker_done)
++  while (get_atomic_int_value (&lock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_lock_lock (my_lock);
+@@ -200,7 +252,8 @@ test_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  lock_checker_done = 0;
++  init_atomic_int (&lock_checker_done);
++  set_atomic_int_value (&lock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (lock_checker_thread, NULL);
+@@ -210,7 +263,7 @@ test_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  lock_checker_done = 1;
++  set_atomic_int_value (&lock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
+@@ -254,12 +307,12 @@ rwlock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int rwlock_checker_done;
++static struct atomic_int rwlock_checker_done;
+ 
+ static void *
+ rwlock_checker_thread (void *arg)
+ {
+-  while (!rwlock_checker_done)
++  while (get_atomic_int_value (&rwlock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ());
+       gl_rwlock_rdlock (my_rwlock);
+@@ -284,7 +337,8 @@ test_rwlock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  rwlock_checker_done = 0;
++  init_atomic_int (&rwlock_checker_done);
++  set_atomic_int_value (&rwlock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+@@ -295,7 +349,7 @@ test_rwlock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  rwlock_checker_done = 1;
++  set_atomic_int_value (&rwlock_checker_done, 1);
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (checkerthreads[i], NULL);
+   check_accounts ();
+@@ -356,12 +410,12 @@ reclock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int reclock_checker_done;
++static struct atomic_int reclock_checker_done;
+ 
+ static void *
+ reclock_checker_thread (void *arg)
+ {
+-  while (!reclock_checker_done)
++  while (get_atomic_int_value (&reclock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_recursive_lock_lock (my_reclock);
+@@ -386,7 +440,8 @@ test_recursive_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  reclock_checker_done = 0;
++  init_atomic_int (&reclock_checker_done);
++  set_atomic_int_value (&reclock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (reclock_checker_thread, NULL);
+@@ -396,7 +451,7 @@ test_recursive_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  reclock_checker_done = 1;
++  set_atomic_int_value (&reclock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
diff --git a/gnu/packages/patches/gettext-multi-core.patch b/gnu/packages/patches/gettext-multi-core.patch
new file mode 100644
index 0000000000..31a378cfd0
--- /dev/null
+++ b/gnu/packages/patches/gettext-multi-core.patch
@@ -0,0 +1,185 @@
+This patch fixes performance problems on multi-core machines
+as reported at <https://bugs.gnu.org/26441>.
+
+See commit 1afbcb06fded2a427b761dd1615b1e48e1e853cc in Gettext
+by Bruno Haible <bruno@clisp.org>.
+
+diff --git a/gettext-runtime/tests/test-lock.c b/gettext-runtime/tests/test-lock.c
+index d279d1d60..51cec3d6b 100644
+--- a/gettext-runtime/tests/test-lock.c
++++ b/gettext-runtime/tests/test-lock.c
+@@ -1,5 +1,5 @@
+ /* Test of locking in multithreaded situations.
+-   Copyright (C) 2005, 2008-2016 Free Software Foundation, Inc.
++   Copyright (C) 2005, 2008-2017 Free Software Foundation, Inc.
+ 
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Lesser General Public License as published by
+@@ -50,6 +50,13 @@
+    Uncomment this to see if the operating system has a fair scheduler.  */
+ #define EXPLICIT_YIELD 1
+ 
++/* Whether to use 'volatile' on some variables that communicate information
++   between threads.  If set to 0, a lock is used to protect these variables.
++   If set to 1, 'volatile' is used; this is theoretically equivalent but can
++   lead to much slower execution (e.g. 30x slower total run time on a 40-core
++   machine.  */
++#define USE_VOLATILE 0
++
+ /* Whether to print debugging messages.  */
+ #define ENABLE_DEBUGGING 0
+ 
+@@ -214,6 +221,51 @@ static inline void * gl_thread_self_pointer (void)
+ # define yield()
+ #endif
+ 
++#if USE_VOLATILE
++struct atomic_int {
++  volatile int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  return ai->value;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  ai->value = new_value;
++}
++#else
++struct atomic_int {
++  gl_lock_define (, lock)
++  int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++  gl_lock_init (ai->lock);
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  gl_lock_lock (ai->lock);
++  int ret = ai->value;
++  gl_lock_unlock (ai->lock);
++  return ret;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  gl_lock_lock (ai->lock);
++  ai->value = new_value;
++  gl_lock_unlock (ai->lock);
++}
++#endif
++
+ #define ACCOUNT_COUNT 4
+ 
+ static int account[ACCOUNT_COUNT];
+@@ -281,12 +333,12 @@ lock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int lock_checker_done;
++static struct atomic_int lock_checker_done;
+ 
+ static void *
+ lock_checker_thread (void *arg)
+ {
+-  while (!lock_checker_done)
++  while (get_atomic_int_value (&lock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_lock_lock (my_lock);
+@@ -311,7 +363,8 @@ test_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  lock_checker_done = 0;
++  init_atomic_int (&lock_checker_done);
++  set_atomic_int_value (&lock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (lock_checker_thread, NULL);
+@@ -321,7 +374,7 @@ test_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  lock_checker_done = 1;
++  set_atomic_int_value (&lock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
+@@ -365,12 +418,12 @@ rwlock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int rwlock_checker_done;
++static struct atomic_int rwlock_checker_done;
+ 
+ static void *
+ rwlock_checker_thread (void *arg)
+ {
+-  while (!rwlock_checker_done)
++  while (get_atomic_int_value (&rwlock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ());
+       gl_rwlock_rdlock (my_rwlock);
+@@ -395,7 +448,8 @@ test_rwlock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  rwlock_checker_done = 0;
++  init_atomic_int (&rwlock_checker_done);
++  set_atomic_int_value (&rwlock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+@@ -406,7 +460,7 @@ test_rwlock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  rwlock_checker_done = 1;
++  set_atomic_int_value (&rwlock_checker_done, 1);
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (checkerthreads[i], NULL);
+   check_accounts ();
+@@ -467,12 +521,12 @@ reclock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int reclock_checker_done;
++static struct atomic_int reclock_checker_done;
+ 
+ static void *
+ reclock_checker_thread (void *arg)
+ {
+-  while (!reclock_checker_done)
++  while (get_atomic_int_value (&reclock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_recursive_lock_lock (my_reclock);
+@@ -497,7 +551,8 @@ test_recursive_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  reclock_checker_done = 0;
++  init_atomic_int (&reclock_checker_done);
++  set_atomic_int_value (&reclock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (reclock_checker_thread, NULL);
+@@ -507,7 +562,7 @@ test_recursive_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  reclock_checker_done = 1;
++  set_atomic_int_value (&reclock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
diff --git a/gnu/packages/patches/ghostscript-CVE-2013-5653.patch b/gnu/packages/patches/ghostscript-CVE-2013-5653.patch
deleted file mode 100644
index 622266b176..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2013-5653.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-The following patch was adapted for GNU Ghostscript
-by Mark H Weaver <mhw@netris.org> based on:
-
-http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8
-
-From ab109aaeb3ddba59518b036fb288402a65cf7ce8 Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Sat, 5 Mar 2016 14:56:03 -0800
-Subject: [PATCH] Bug 694724: Have filenameforall and getenv honor SAFER
-
----
- Resource/Init/gs_init.ps |  2 ++
- psi/zfile.c              | 36 ++++++++++++++++++++----------------
- 2 files changed, 22 insertions(+), 16 deletions(-)
-
-diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
-index fa33d88..99888ac 100644
---- a/Resource/Init/gs_init.ps
-+++ b/Resource/Init/gs_init.ps
-@@ -2018,6 +2018,7 @@ readonly def
- 
- /.locksafe {
-   .locksafe_userparams
-+  systemdict /getenv {pop //false} put
-   % setpagedevice has the side effect of clearing the page, but
-   % we will just document that. Using setpagedevice keeps the device
-   % properties and pagedevice .LockSafetyParams in agreement even
-@@ -2036,6 +2037,7 @@ readonly def
- %%
- /.locksafeglobal {
-   .locksafe_userparams
-+  systemdict /getenv {pop //false} put
-   % setpagedevice has the side effect of clearing the page, but
-   % we will just document that. Using setpagedevice keeps the device
-   % properties and pagedevice .LockSafetyParams in agreement even
-diff --git a/psi/zfile.c b/psi/zfile.c
-index 320ecd5..0b9f299 100644
---- a/psi/zfile.c
-+++ b/psi/zfile.c
-@@ -371,22 +371,26 @@ file_continue(i_ctx_t *i_ctx_p)
- 
-     if (len < devlen)
-         return_error(e_rangecheck);     /* not even room for device len */
--    memcpy((char *)pscratch->value.bytes, iodev->dname, devlen);
--    code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen,
--                len - devlen);
--    if (code == ~(uint) 0) {    /* all done */
--        esp -= 5;               /* pop proc, pfen, devlen, iodev , mark */
--        return o_pop_estack;
--    } else if (code > len)      /* overran string */
--        return_error(e_rangecheck);
--    else {
--        push(1);
--        ref_assign(op, pscratch);
--        r_set_size(op, code + devlen);
--        push_op_estack(file_continue);  /* come again */
--        *++esp = pscratch[2];   /* proc */
--        return o_push_estack;
--    }
-+
-+    do {
-+        memcpy((char *)pscratch->value.bytes, iodev->dname, devlen);
-+        code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen,
-+                    len - devlen);
-+        if (code == ~(uint) 0) {    /* all done */
-+            esp -= 5;               /* pop proc, pfen, devlen, iodev , mark */
-+            return o_pop_estack;
-+        } else if (code > len)      /* overran string */
-+            return_error(e_rangecheck);
-+        else if (iodev != iodev_default(imemory)
-+              || (check_file_permissions_reduced(i_ctx_p, (char *)pscratch->value.bytes, code + devlen, "PermitFileReading")) == 0) {
-+            push(1);
-+            ref_assign(op, pscratch);
-+            r_set_size(op, code + devlen);
-+            push_op_estack(file_continue);  /* come again */
-+            *++esp = pscratch[2];   /* proc */
-+            return o_push_estack;
-+        }
-+    } while(1);
- }
- /* Cleanup procedure for enumerating files */
- static int
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/ghostscript-CVE-2015-3228.patch b/gnu/packages/patches/ghostscript-CVE-2015-3228.patch
deleted file mode 100644
index c19fdb1d43..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2015-3228.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-The file names in the upstream patch below were modified to apply to GNU
-ghostscript.
-
-From 0c0b0859ae1aba64861599f0e7f74f143f305932 Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Tue, 7 Jul 2015 16:57:41 +0100
-Subject: [PATCH] Bug 696041: sanity check for memory allocation.
-
-In gs_heap_alloc_bytes(), add a sanity check to ensure we don't overflow the
-variable holding the actual number of bytes we allocate.
-
-No cluster differences
----
- gs/base/gsmalloc.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/base/gsmalloc.c b/base/gsmalloc.c
-index 624552d..cad79c2 100644
---- a/base/gsmalloc.c
-+++ b/base/gsmalloc.c
-@@ -178,7 +178,7 @@ gs_heap_alloc_bytes(gs_memory_t * mem, uint size, client_name_t cname)
-     } else {
-         uint added = size + sizeof(gs_malloc_block_t);
- 
--        if (mmem->limit - added < mmem->used)
-+        if (added <= size || mmem->limit - added < mmem->used)
-             set_msg("exceeded limit");
-         else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0)
-             set_msg("failed");
--- 
-2.4.6
-
diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7976.patch b/gnu/packages/patches/ghostscript-CVE-2016-7976.patch
deleted file mode 100644
index 0a09f89016..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2016-7976.patch
+++ /dev/null
@@ -1,185 +0,0 @@
-The following patch was adapted for GNU Ghostscript
-by Mark H Weaver <mhw@netris.org> based on:
-
-http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d
-
-From 6d444c273da5499a4cd72f21cb6d4c9a5256807d Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Wed, 5 Oct 2016 09:55:55 +0100
-Subject: [PATCH] Bug 697178: Add a file permissions callback
-
-For the rare occasions when the graphics library directly opens a file
-(currently for reading), this allows us to apply any restrictions on
-file access normally applied in the interpteter.
----
- base/gsicc_manage.c | 10 ++++++----
- base/gslibctx.c     | 12 +++++++++++-
- base/gslibctx.h     |  7 +++++++
- psi/imain.c         |  2 ++
- psi/int.mak         |  2 +-
- psi/zfile.c         | 19 +++++++++++++++++++
- psi/zfile.h         |  7 +++++++
- 7 files changed, 53 insertions(+), 6 deletions(-)
-
-diff --git a/base/gsicc_manage.c b/base/gsicc_manage.c
-index 931c2a6..e9c09c3 100644
---- a/base/gsicc_manage.c
-+++ b/base/gsicc_manage.c
-@@ -1028,10 +1028,12 @@ gsicc_open_search(const char* pname, int namelen, gs_memory_t *mem_gc,
-     }
- 
-     /* First just try it like it is */
--    str = sfopen(pname, "rb", mem_gc);
--    if (str != NULL) {
--        *strp = str;
--        return 0;
-+    if (gs_check_file_permission(mem_gc, pname, namelen, "r") >= 0) {
-+        str = sfopen(pname, "rb", mem_gc);
-+        if (str != NULL) {
-+            *strp = str;
-+            return 0;
-+        }
-     }
- 
-     /* If that fails, try %rom% */ /* FIXME: Not sure this is needed or correct */
-diff --git a/base/gslibctx.c b/base/gslibctx.c
-index eaa0458..37ce1ca 100644
---- a/base/gslibctx.c
-+++ b/base/gslibctx.c
-@@ -121,7 +121,7 @@ int gs_lib_ctx_init( gs_memory_t *mem )
-         mem->gs_lib_ctx = NULL;
-         return -1;
-     }
-- 
-+    pio->client_check_file_permission = NULL;
-     gp_get_realtime(pio->real_time_0);
- 
-     return 0;
-@@ -262,3 +262,13 @@ void errflush(const gs_memory_t *mem)
-         fflush(mem->gs_lib_ctx->fstderr);
-     /* else nothing to flush */
- }
-+
-+int
-+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission)
-+{
-+    int code = 0;
-+    if (mem->gs_lib_ctx->client_check_file_permission != NULL) {
-+        code = mem->gs_lib_ctx->client_check_file_permission(mem, fname, len, permission);
-+    }
-+    return code;
-+}
-diff --git a/base/gslibctx.h b/base/gslibctx.h
-index 7a4e110..020e2d9 100644
---- a/base/gslibctx.h
-+++ b/base/gslibctx.h
-@@ -32,6 +32,9 @@ typedef struct gs_fapi_server_s gs_fapi_server;
- #  define gs_font_dir_DEFINED
- typedef struct gs_font_dir_s gs_font_dir;
- #endif
-+
-+typedef int (*client_check_file_permission_t) (gs_memory_t *mem, const char *fname, const int len, const char *permission);
-+
- typedef struct gs_lib_ctx_s
- {
-     gs_memory_t *memory;  /* mem->gs_lib_ctx->memory == mem */
-@@ -59,6 +62,7 @@ typedef struct gs_lib_ctx_s
-     bool dict_auto_expand;  /* ps dictionary: false level 1 true level 2 or 3 */
-     /* A table of local copies of the IODevices */
-     struct gx_io_device_s **io_device_table;
-+    client_check_file_permission_t client_check_file_permission;
-     /* Define the default value of AccurateScreens that affects setscreen
-        and setcolorscreen. */
-     bool screen_accurate_screens;
-@@ -108,6 +112,9 @@ int
- void gs_lib_ctx_set_icc_directory(const gs_memory_t *mem_gc, const char* pname,
-                         int dir_namelen);
- 
-+int
-+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission);
-+
- #define IS_LIBCTX_STDOUT(mem, f) (f == mem->gs_lib_ctx->fstdout)
- #define IS_LIBCTX_STDERR(mem, f) (f == mem->gs_lib_ctx->fstderr)
- 
-diff --git a/psi/imain.c b/psi/imain.c
-index 9a9bb5d..6874128 100644
---- a/psi/imain.c
-+++ b/psi/imain.c
-@@ -57,6 +57,7 @@
- #include "ivmspace.h"
- #include "idisp.h"              /* for setting display device callback */
- #include "iplugin.h"
-+#include "zfile.h"
- 
- #ifdef PACIFY_VALGRIND
- #include "valgrind.h"
-@@ -215,6 +216,7 @@ gs_main_init1(gs_main_instance * minst)
-                                            "the_gs_name_table");
-             if (code < 0)
-                 return code;
-+            mem->gs_lib_ctx->client_check_file_permission = z_check_file_permissions;
-         }
-         code = obj_init(&minst->i_ctx_p, &idmem);  /* requires name_init */
-         if (code < 0)
-diff --git a/psi/int.mak b/psi/int.mak
-index 4654afc..bb30d51 100644
---- a/psi/int.mak
-+++ b/psi/int.mak
-@@ -1868,7 +1868,7 @@ $(PSOBJ)imain.$(OBJ) : $(PSSRC)imain.c $(GH) $(memory__h) $(string__h)\
-  $(ialloc_h) $(iconf_h) $(idebug_h) $(idict_h) $(idisp_h) $(iinit_h)\
-  $(iname_h) $(interp_h) $(iplugin_h) $(isave_h) $(iscan_h) $(ivmspace_h)\
-  $(iinit_h) $(main_h) $(oper_h) $(ostack_h)\
-- $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h)
-+ $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h) $(zfile_h)
- 	$(PSCC) $(PSO_)imain.$(OBJ) $(C_) $(PSSRC)imain.c
- 
- #****** $(CCINT) interp.c
-diff --git a/psi/zfile.c b/psi/zfile.c
-index 2c6c958..2f27f82 100644
---- a/psi/zfile.c
-+++ b/psi/zfile.c
-@@ -197,6 +197,25 @@ check_file_permissions(i_ctx_t *i_ctx_p, const char *fname, int len,
-     return check_file_permissions_reduced(i_ctx_p, fname_reduced, rlen, permitgroup);
- }
- 
-+/* z_check_file_permissions: see zfile.h for explanation
-+ */
-+int
-+z_check_file_permissions(gs_memory_t *mem, const char *fname, const int len, const char *permission)
-+{
-+    i_ctx_t *i_ctx_p = get_minst_from_memory(mem)->i_ctx_p;
-+    gs_parsed_file_name_t pname;
-+    const char *permitgroup = permission[0] == 'r' ? "PermitFileReading" : "PermitFileWriting";
-+    int code = gs_parse_file_name(&pname, fname, len, imemory);
-+    if (code < 0)
-+        return code;
-+
-+    if (pname.iodev && i_ctx_p->LockFilePermissions && strcmp(pname.iodev->dname, "%pipe%") == 0)
-+        return e_invalidfileaccess;
-+        
-+    code = check_file_permissions(i_ctx_p, fname, len, permitgroup);
-+    return code;
-+}
-+
- /* <name_string> <access_string> file <file> */
- int                             /* exported for zsysvm.c */
- zfile(i_ctx_t *i_ctx_p)
-diff --git a/psi/zfile.h b/psi/zfile.h
-index fdf1373..a9399c7 100644
---- a/psi/zfile.h
-+++ b/psi/zfile.h
-@@ -22,4 +22,11 @@
- int zopen_file(i_ctx_t *i_ctx_p, const gs_parsed_file_name_t *pfn,
-            const char *file_access, stream **ps, gs_memory_t *mem);
- 
-+/* z_check_file_permissions: a callback (via mem->gs_lib_ctx->client_check_file_permission)
-+ * to allow applying the above permissions checks when opening file(s) from
-+ * the graphics library
-+ */
-+int
-+z_check_file_permissions(gs_memory_t *mem, const char *fname,
-+                                 const int len, const char *permission);
- #endif
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7978.patch b/gnu/packages/patches/ghostscript-CVE-2016-7978.patch
deleted file mode 100644
index 81cb26e9ed..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2016-7978.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 6f749c0c44e7b9e09737b9f29edf29925a34f0cf Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Wed, 5 Oct 2016 09:59:25 +0100
-Subject: [PATCH] Bug 697179: Reference count device icc profile
-
-when copying a device
----
- base/gsdevice.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/base/gsdevice.c b/base/gsdevice.c
-index 778106f..aea986a 100644
---- a/base/gsdevice.c
-+++ b/base/gsdevice.c
-@@ -614,6 +614,7 @@ gx_device_init(gx_device * dev, const gx_device * proto, gs_memory_t * mem,
-     dev->memory = mem;
-     dev->retained = !internal;
-     rc_init(dev, mem, (internal ? 0 : 1));
-+    rc_increment(dev->icc_struct);
- }
- 
- void
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7979.patch b/gnu/packages/patches/ghostscript-CVE-2016-7979.patch
deleted file mode 100644
index a557adfdea..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2016-7979.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-The following patch was adapted for GNU Ghostscript
-by Mark H Weaver <mhw@netris.org> based on:
-
-http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=875a0095f37626a721c7ff57d606a0f95af03913
-
-From 875a0095f37626a721c7ff57d606a0f95af03913 Mon Sep 17 00:00:00 2001
-From: Ken Sharp <ken.sharp@artifex.com>
-Date: Wed, 5 Oct 2016 10:10:58 +0100
-Subject: [PATCH] DSC parser - validate parameters
-
-Bug #697190 ".initialize_dsc_parser doesn't validate the parameter is a dict type before using it."
-
-Regardless of any security implications, its simply wrong for a PostScript
-operator not to validate its parameter(s).
-
-No differences expected.
----
- psi/zdscpars.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/psi/zdscpars.c b/psi/zdscpars.c
-index c05e154..9b4b605 100644
---- a/psi/zdscpars.c
-+++ b/psi/zdscpars.c
-@@ -150,11 +150,16 @@ zinitialize_dsc_parser(i_ctx_t *i_ctx_p)
-     ref local_ref;
-     int code;
-     os_ptr const op = osp;
--    dict * const pdict = op->value.pdict;
--    gs_memory_t * const mem = (gs_memory_t *)dict_memory(pdict);
--    dsc_data_t * const data =
--        gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init");
-+    dict *pdict;
-+    gs_memory_t *mem;
-+    dsc_data_t *data;
- 
-+    check_read_type(*op, t_dictionary);
-+
-+    pdict = op->value.pdict;
-+    mem = (gs_memory_t *)dict_memory(pdict);
-+
-+    data = gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init");
-     if (!data)
-         return_error(e_VMerror);
-     data->document_level = 0;
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/ghostscript-CVE-2016-8602.patch b/gnu/packages/patches/ghostscript-CVE-2016-8602.patch
deleted file mode 100644
index aaf20b6c6c..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2016-8602.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-The following patch was adapted for GNU Ghostscript
-by Mark H Weaver <mhw@netris.org> based on:
-
-http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78
-
-From f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Sat, 8 Oct 2016 16:10:27 +0100
-Subject: [PATCH] Bug 697203: check for sufficient params in .sethalftone5
-
-and param types
----
- psi/zht2.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/psi/zht2.c b/psi/zht2.c
-index fb4a264..dfa27a4 100644
---- a/psi/zht2.c
-+++ b/psi/zht2.c
-@@ -82,14 +82,22 @@ zsethalftone5(i_ctx_t *i_ctx_p)
-     gs_memory_t *mem;
-     uint edepth = ref_stack_count(&e_stack);
-     int npop = 2;
--    int dict_enum = dict_first(op);
-+    int dict_enum;
-     ref rvalue[2];
-     int cname, colorant_number;
-     byte * pname;
-     uint name_size;
-     int halftonetype, type = 0;
-     gs_state *pgs = igs;
--    int space_index = r_space_index(op - 1);
-+    int space_index;
-+
-+    if (ref_stack_count(&o_stack) < 2)
-+        return_error(e_stackunderflow);
-+    check_type(*op, t_dictionary);
-+    check_type(*(op - 1), t_dictionary);
-+
-+    dict_enum = dict_first(op);
-+    space_index = r_space_index(op - 1);
- 
-     mem = (gs_memory_t *) idmemory->spaces_indexed[space_index];
- 
--- 
-2.9.1
-
diff --git a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch
index db80b6ddec..d38bd593c0 100644
--- a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch
+++ b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch
@@ -1,15 +1,60 @@
 Fix CVE-2017-8291:
 
-https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8291
+https://bugs.ghostscript.com/show_bug.cgi?id=697799
+https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate)
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291
 
-This patch is adapted from these two Artifex Ghostscript commits by Leo
-Famulari <leo@famulari.name>:
+Patches copied from upstream source repository:
 
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d;hp=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3;hp=5603e8fc3e59c435318877efe627967ee6baebb8
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad
+
+From 4f83478c88c2e05d6e8d79ca4557eb039354d2f3 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 27 Apr 2017 13:03:33 +0100
+Subject: [PATCH] Bug 697799: have .eqproc check its parameters
+
+The Ghostscript custom operator .eqproc was not check the number or type of
+the parameters it was given.
+---
+ psi/zmisc3.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/psi/zmisc3.c b/psi/zmisc3.c
+index 54b304246..37293ff4b 100644
+--- a/psi/zmisc3.c
++++ b/psi/zmisc3.c
+@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p)
+     ref2_t stack[MAX_DEPTH + 1];
+     ref2_t *top = stack;
+ 
++    if (ref_stack_count(&o_stack) < 2)
++        return_error(gs_error_stackunderflow);
++    if (!r_is_array(op - 1) || !r_is_array(op)) {
++        return_error(gs_error_typecheck);
++    }
++
+     make_array(&stack[0].proc1, 0, 1, op - 1);
+     make_array(&stack[0].proc2, 0, 1, op);
+     for (;;) {
+-- 
+2.13.0
+
+From 04b37bbce174eed24edec7ad5b920eb93db4d47d Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 27 Apr 2017 13:21:31 +0100
+Subject: [PATCH] Bug 697799: have .rsdparams check its parameters
+
+The Ghostscript internal operator .rsdparams wasn't checking the number or
+type of the operands it was being passed. Do so.
+---
+ psi/zfrsd.c | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
 
 diff --git a/psi/zfrsd.c b/psi/zfrsd.c
-index fb4bce9..2629afa 100644
+index 191107d8a..950588d69 100644
 --- a/psi/zfrsd.c
 +++ b/psi/zfrsd.c
 @@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p)
@@ -24,9 +69,9 @@ index fb4bce9..2629afa 100644
 +    int code = 0;
 +
 +    if (ref_stack_count(&o_stack) < 1)
-+        return_error(e_stackunderflow);
++        return_error(gs_error_stackunderflow);
 +    if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
-+        return_error(e_typecheck);
++        return_error(gs_error_typecheck);
 +    }
  
      make_empty_array(&empty_array, a_readonly);
@@ -35,15 +80,15 @@ index fb4bce9..2629afa 100644
 +        && dict_find_string(op, "Filter", &pFilter) > 0) {
          if (!r_is_array(pFilter)) {
              if (!r_has_type(pFilter, t_name))
-                 return_error(e_typecheck);
+                 return_error(gs_error_typecheck);
 @@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p)
-                 return_error(e_typecheck);
+                 return_error(gs_error_typecheck);
          }
      }
 -    code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
 +    if (r_has_type(op, t_dictionary))
 +        code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
-     if (code < 0 && code != e_rangecheck) /* out-of-range int is ok, use 0 */
+     if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */
          return code;
 -    if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0
 -        )
@@ -54,20 +99,97 @@ index fb4bce9..2629afa 100644
      push(1);
      op[-1] = *pFilter;
      if (pDecodeParms)
+-- 
+2.13.0
+
+From 57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Wed, 3 May 2017 12:05:45 +0100
+Subject: [PATCH] Bug 697846: revision to commit 4f83478c88 (.eqproc)
+
+When using the "DELAYBIND" feature, it turns out that .eqproc can be called with
+parameters that are not both procedures. In this case, it turns out, the
+expectation is for the operator to return 'false', rather than throw an error.
+---
+ psi/zmisc3.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
 diff --git a/psi/zmisc3.c b/psi/zmisc3.c
-index 54b3042..0d357f1 100644
+index 37293ff4b..3f01d39a3 100644
 --- a/psi/zmisc3.c
 +++ b/psi/zmisc3.c
-@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p)
-     ref2_t stack[MAX_DEPTH + 1];
-     ref2_t *top = stack;
+@@ -38,6 +38,15 @@ zcliprestore(i_ctx_t *i_ctx_p)
+     return gs_cliprestore(igs);
+ }
  
-+    if (ref_stack_count(&o_stack) < 2)
-+        return_error(e_stackunderflow);
-+    if (!r_is_array(op - 1) || !r_is_array(op)) {
-+        return_error(e_typecheck);
-+    }
++static inline bool
++eqproc_check_type(ref *r)
++{
++    return r_has_type(r, t_array)
++           || r_has_type(r, t_mixedarray)
++           || r_has_type(r, t_shortarray)
++           || r_has_type(r, t_oparray);
++}
 +
+ /* <proc1> <proc2> .eqproc <bool> */
+ /*
+  * Test whether two procedures are equal to depth 10.
+@@ -58,8 +67,10 @@ zeqproc(i_ctx_t *i_ctx_p)
+ 
+     if (ref_stack_count(&o_stack) < 2)
+         return_error(gs_error_stackunderflow);
+-    if (!r_is_array(op - 1) || !r_is_array(op)) {
+-        return_error(gs_error_typecheck);
++    if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) {
++        make_false(op - 1);
++        pop(1);
++        return 0;
+     }
+ 
      make_array(&stack[0].proc1, 0, 1, op - 1);
-     make_array(&stack[0].proc2, 0, 1, op);
-     for (;;) {
+-- 
+2.13.0
+
+From ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Thu, 11 May 2017 14:07:48 +0100
+Subject: [PATCH] Bug 697892: fix check for op stack underflow.
+
+In the original fix, I used the wrong method to check for stack underflow, this
+is using the correct method.
+---
+ psi/zfrsd.c  | 3 +--
+ psi/zmisc3.c | 3 +--
+ 2 files changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/psi/zfrsd.c b/psi/zfrsd.c
+index 950588d69..9c035b96d 100644
+--- a/psi/zfrsd.c
++++ b/psi/zfrsd.c
+@@ -54,8 +54,7 @@ zrsdparams(i_ctx_t *i_ctx_p)
+     uint i;
+     int code = 0;
+ 
+-    if (ref_stack_count(&o_stack) < 1)
+-        return_error(gs_error_stackunderflow);
++    check_op(1);
+     if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
+         return_error(gs_error_typecheck);
+     }
+diff --git a/psi/zmisc3.c b/psi/zmisc3.c
+index 3f01d39a3..43803b55b 100644
+--- a/psi/zmisc3.c
++++ b/psi/zmisc3.c
+@@ -65,8 +65,7 @@ zeqproc(i_ctx_t *i_ctx_p)
+     ref2_t stack[MAX_DEPTH + 1];
+     ref2_t *top = stack;
+ 
+-    if (ref_stack_count(&o_stack) < 2)
+-        return_error(gs_error_stackunderflow);
++    check_op(2);
+     if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) {
+         make_false(op - 1);
+         pop(1);
+-- 
+2.13.0
+
diff --git a/gnu/packages/patches/ghostscript-no-header-creationdate.patch b/gnu/packages/patches/ghostscript-no-header-creationdate.patch
new file mode 100644
index 0000000000..92ddbdade0
--- /dev/null
+++ b/gnu/packages/patches/ghostscript-no-header-creationdate.patch
@@ -0,0 +1,22 @@
+This patch makes emission of /CreationDate and /ModDate headers optional.
+
+If the environment variable GS_GENERATE_UUIDS is set to "0" or "no", it will
+not write out the "/ID" field (if that's permissible).
+
+Upstream does not want to do this.
+
+See: https://bugs.ghostscript.com/show_bug.cgi?id=698208
+diff --git a/orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c b/bb/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c
+index 0fb067e..b342e2c 100644
+--- orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c
++++ gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c
+@@ -305,6 +305,9 @@ pdf_initialize_ids(gx_device_pdf * pdev)
+      * date and time, rather than (for example) %%CreationDate from the
+      * PostScript file.  We think this is wrong, but we do the same.
+      */
++    if (!getenv("GS_GENERATE_UUIDS") ||
++        (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 &&
++         strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))
+     {
+         struct tm tms;
+         time_t t;
diff --git a/gnu/packages/patches/ghostscript-no-header-id.patch b/gnu/packages/patches/ghostscript-no-header-id.patch
new file mode 100644
index 0000000000..19b71aadb5
--- /dev/null
+++ b/gnu/packages/patches/ghostscript-no-header-id.patch
@@ -0,0 +1,57 @@
+This patch makes the "/ID" field optional.
+
+If the environment variable GS_GENERATE_UUIDS is set to "0" or "no", it will
+not write out the "/ID" field (if that's permissible).
+
+Upstream does not want to do this.
+
+See: https://bugs.ghostscript.com/show_bug.cgi?id=698208
+diff -ur orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c
+--- orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c	2017-07-09 23:30:28.960479189 +0200
++++ gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c	2017-07-09 23:34:34.306524488 +0200
+@@ -1580,8 +1580,11 @@
+      * +1 for the linearisation dict and +1 for the primary hint stream.
+      */
+     linear_params->FirsttrailerOffset = gp_ftell_64(linear_params->Lin_File.file);
+-    gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R/ID[%s%s]/Prev %d>>\nstartxref\r\n0\n%%%%EOF\n        \n",
+-        linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber, fileID, fileID, 0);
++    gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R",
++        linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber);
++    if (pdev->OwnerPassword.size > 0 || !(!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 && strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))) /* ID is mandatory when encrypting */
++        gs_sprintf(LDict, "/ID[%s%s]", fileID, fileID);
++    gs_sprintf(LDict, "/Prev %d>>\nstartxref\r\n0\n%%%%EOF\n        \n", 0);
+     fwrite(LDict, strlen(LDict), 1, linear_params->Lin_File.file);
+ 
+     /* Write document catalog (Part 4) */
+@@ -2102,8 +2105,11 @@
+      * in the missing values.
+      */
+     code = gp_fseek_64(linear_params->sfile, linear_params->FirsttrailerOffset, SEEK_SET);
+-    gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R/ID[%s%s]/Prev %"PRId64">>\nstartxref\r\n0\n%%%%EOF\n",
+-        linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber, fileID, fileID, mainxref);
++    gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R",
++        linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber);
++    if (pdev->OwnerPassword.size > 0 || !(!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 || strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))) /* ID is mandatory when encrypting */
++        gs_sprintf(LDict, "/ID[%s%s]", fileID, fileID);
++    gs_sprintf(LDict, "/Prev %"PRId64">>\nstartxref\r\n0\n%%%%EOF\n", mainxref);
+     fwrite(LDict, strlen(LDict), 1, linear_params->sfile);
+ 
+     code = gp_fseek_64(linear_params->sfile, pdev->ResourceUsage[HintStreamObj].LinearisedOffset, SEEK_SET);
+@@ -2674,10 +2680,12 @@
+             stream_puts(s, "trailer\n");
+             pprintld3(s, "<< /Size %ld /Root %ld 0 R /Info %ld 0 R\n",
+                   pdev->next_id, Catalog_id, Info_id);
+-            stream_puts(s, "/ID [");
+-            psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0);
+-            psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0);
+-            stream_puts(s, "]\n");
++            if (pdev->OwnerPassword.size > 0 || !(!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 || strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))) { /* ID is mandatory when encrypting */
++                stream_puts(s, "/ID [");
++                psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0);
++                psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0);
++                stream_puts(s, "]\n");
++            }
+             if (pdev->OwnerPassword.size > 0) {
+                 pprintld1(s, "/Encrypt %ld 0 R ", Encrypt_id);
+             }
+Nur in gnu-ghostscript-9.14.0/devices/vector: gdevpdf.c.orig.
diff --git a/gnu/packages/patches/ghostscript-no-header-uuid.patch b/gnu/packages/patches/ghostscript-no-header-uuid.patch
new file mode 100644
index 0000000000..473531220c
--- /dev/null
+++ b/gnu/packages/patches/ghostscript-no-header-uuid.patch
@@ -0,0 +1,50 @@
+This patch makes the UUIDs in the XMP header optional, depending on the
+setting of the environment variable GS_GENERATE_UUIDS.
+
+If the environment variable GS_GENERATE_UUIDS is set to "0" or "no", it will
+not write out the Document UUID field and also will write the Instance ID
+field value as "".
+
+Upstream does not want to do this.
+
+See: https://bugs.ghostscript.com/show_bug.cgi?id=698208
+diff -ur orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdfe.c aa/gnu-ghostscript-9.14.0/devices/vector/gdevpdfe.c
+--- orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdfe.c	2017-07-09 23:30:28.960479189 +0200
++++ gnu-ghostscript-9.14.0/devices/vector/gdevpdfe.c	2017-07-10 01:04:12.252478276 +0200
+@@ -617,7 +617,7 @@
+         return code;
+ 
+     /* PDF/A XMP reference recommends setting UUID to empty. If not empty must be a URI */
+-    if (pdev->PDFA != 0)
++    if (pdev->PDFA != 0 || (getenv("GS_GENERATE_UUIDS") && (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") == 0 || strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") == 0)))
+         instance_uuid[0] = 0x00;
+ 
+     cre_date_time_len = pdf_get_docinfo_item(pdev, "/CreationDate", cre_date_time, sizeof(cre_date_time));
+@@ -719,15 +719,18 @@
+             pdf_xml_tag_close(s, "rdf:Description");
+             pdf_xml_newline(s);
+ 
+-            pdf_xml_tag_open_beg(s, "rdf:Description");
+-            pdf_xml_attribute_name(s, "rdf:about");
+-            pdf_xml_attribute_value(s, instance_uuid);
+-            pdf_xml_attribute_name(s, "xmlns:xapMM");
+-            pdf_xml_attribute_value(s, "http://ns.adobe.com/xap/1.0/mm/");
+-            pdf_xml_attribute_name(s, "xapMM:DocumentID");
+-            pdf_xml_attribute_value(s, document_uuid);
+-            pdf_xml_tag_end_empty(s);
+-            pdf_xml_newline(s);
++            if (!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 && strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))
++            {
++                pdf_xml_tag_open_beg(s, "rdf:Description");
++                pdf_xml_attribute_name(s, "rdf:about");
++                pdf_xml_attribute_value(s, instance_uuid);
++                pdf_xml_attribute_name(s, "xmlns:xapMM");
++                pdf_xml_attribute_value(s, "http://ns.adobe.com/xap/1.0/mm/");
++                pdf_xml_attribute_name(s, "xapMM:DocumentID");
++                pdf_xml_attribute_value(s, document_uuid);
++                pdf_xml_tag_end_empty(s);
++                pdf_xml_newline(s);
++            }
+ 
+             pdf_xml_tag_open_beg(s, "rdf:Description");
+             pdf_xml_attribute_name(s, "rdf:about");
diff --git a/gnu/packages/patches/ghostscript-runpath.patch b/gnu/packages/patches/ghostscript-runpath.patch
index c7dcfd4529..9f161e45b3 100644
--- a/gnu/packages/patches/ghostscript-runpath.patch
+++ b/gnu/packages/patches/ghostscript-runpath.patch
@@ -1,17 +1,18 @@
-This patch adds $(libdir) to the RUNPATH of 'gsc' and 'gsx'.
-
---- gnu-ghostscript-9.14.0/base/unix-dll.mak	2015-04-05 15:12:45.386957927 +0200
-+++ gnu-ghostscript-9.14.0/base/unix-dll.mak	2015-04-05 15:12:49.222982359 +0200
-@@ -91,11 +91,11 @@ $(GS_SO_MAJOR): $(GS_SO_MAJOR_MINOR)
+diff --git a/base/unix-dll.mak b/base/unix-dll.mak
+index 9d57a99..36ef1ff 100644
+--- a/base/unix-dll.mak
++++ b/base/unix-dll.mak
+@@ -171,11 +171,11 @@ gpdl-so-links-subtarget: $(GPDL_SO) $(UNIX_DLL_MAK) $(MAKEDIRS)
  # Build the small Ghostscript loaders, with Gtk+ and without
- $(GSSOC_XE): $(GS_SO) $(PSSRC)$(SOC_LOADER)
+ $(GSSOC_XE): gs-so-links-subtarget $(PSSRC)$(SOC_LOADER) $(UNIX_DLL_MAK) $(MAKEDIRS)
  	$(GLCC) -g -o $(GSSOC_XE) $(PSSRC)dxmainc.c \
 -	-L$(BINDIR) -l$(GS_SO_BASE)
 +	-L$(BINDIR) -l$(GS_SO_BASE) -Wl,-rpath=$(libdir)
  
- $(GSSOX_XE): $(GS_SO) $(PSSRC)$(SOC_LOADER)
+ $(GSSOX_XE): gs-so-links-subtarget $(PSSRC)$(SOC_LOADER) $(UNIX_DLL_MAK) $(MAKEDIRS)
  	$(GLCC) -g $(SOC_CFLAGS) -o $(GSSOX_XE) $(PSSRC)$(SOC_LOADER) \
 -	-L$(BINDIR) -l$(GS_SO_BASE) $(SOC_LIBS)
 +	-L$(BINDIR) -l$(GS_SO_BASE) $(SOC_LIBS) -Wl,-rpath=$(libdir)
  
- # ------------------------- Recursive make targets ------------------------- #
+ $(PCLSOC_XE): gpcl6-so-links-subtarget $(PLSRC)$(REALMAIN_SRC).c $(UNIX_DLL_MAK) $(MAKEDIRS)
+ 	$(GLCC) -g -o $(PCLSOC_XE) $(PLSRC)$(REALMAIN_SRC).c -L$(BINDIR) -l$(PCL_SO_BASE)
diff --git a/gnu/packages/patches/glibc-CVE-2015-5180.patch b/gnu/packages/patches/glibc-CVE-2015-5180.patch
new file mode 100644
index 0000000000..92e3740fc1
--- /dev/null
+++ b/gnu/packages/patches/glibc-CVE-2015-5180.patch
@@ -0,0 +1,311 @@
+From b3b37f1a5559a7620e31c8053ed1b44f798f2b6d Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Sat, 31 Dec 2016 20:22:09 +0100
+Subject: [PATCH] CVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ
+ #18784]
+
+Also rename T_UNSPEC because an upcoming public header file
+update will use that name.
+
+(cherry picked from commit fc82b0a2dfe7dbd35671c10510a8da1043d746a5)
+---
+ ChangeLog                     |  14 ++++
+ NEWS                          |   6 ++
+ include/arpa/nameser_compat.h |   6 +-
+ resolv/Makefile               |   5 ++
+ resolv/nss_dns/dns-host.c     |   2 +-
+ resolv/res_mkquery.c          |   4 +
+ resolv/res_query.c            |   6 +-
+ resolv/tst-resolv-qtypes.c    | 185 ++++++++++++++++++++++++++++++++++++++++++
+ 8 files changed, 221 insertions(+), 7 deletions(-)
+ create mode 100644 resolv/tst-resolv-qtypes.c
+
+diff --git a/include/arpa/nameser_compat.h b/include/arpa/nameser_compat.h
+index 2e735ed..7c0deed 100644
+--- a/include/arpa/nameser_compat.h
++++ b/include/arpa/nameser_compat.h
+@@ -1,8 +1,8 @@
+ #ifndef _ARPA_NAMESER_COMPAT_
+ #include <resolv/arpa/nameser_compat.h>
+ 
+-/* Picksome unused number to represent lookups of IPv4 and IPv6 (i.e.,
+-   T_A and T_AAAA).  */
+-#define T_UNSPEC 62321
++/* The number is outside the 16-bit RR type range and is used
++   internally by the implementation.  */
++#define T_QUERY_A_AND_AAAA 439963904
+ 
+ #endif
+diff --git a/resolv/Makefile b/resolv/Makefile
+index 8be41d3..a4c86b9 100644
+--- a/resolv/Makefile
++++ b/resolv/Makefile
+@@ -40,6 +40,9 @@ ifeq ($(have-thread-library),yes)
+ extra-libs += libanl
+ routines += gai_sigqueue
+ tests += tst-res_hconf_reorder
++
++# This test sends millions of packets and is rather slow.
++xtests += tst-resolv-qtypes
+ endif
+ extra-libs-others = $(extra-libs)
+ libresolv-routines := gethnamaddr res_comp res_debug	\
+@@ -117,3 +120,5 @@ tst-leaks2-ENV = MALLOC_TRACE=$(objpfx)tst-leaks2.mtrace
+ $(objpfx)mtrace-tst-leaks2.out: $(objpfx)tst-leaks2.out
+ 	$(common-objpfx)malloc/mtrace $(objpfx)tst-leaks2.mtrace > $@; \
+ 	$(evaluate-test)
++
++$(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library)
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+index 5f9e357..d16fa4b 100644
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -323,7 +323,7 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
+ 
+   int olderr = errno;
+   enum nss_status status;
+-  int n = __libc_res_nsearch (&_res, name, C_IN, T_UNSPEC,
++  int n = __libc_res_nsearch (&_res, name, C_IN, T_QUERY_A_AND_AAAA,
+ 			      host_buffer.buf->buf, 2048, &host_buffer.ptr,
+ 			      &ans2p, &nans2p, &resplen2, &ans2p_malloced);
+   if (n >= 0)
+diff --git a/resolv/res_mkquery.c b/resolv/res_mkquery.c
+index 12f9730..d80b531 100644
+--- a/resolv/res_mkquery.c
++++ b/resolv/res_mkquery.c
+@@ -103,6 +103,10 @@ res_nmkquery(res_state statp,
+ 	int n;
+ 	u_char *dnptrs[20], **dpp, **lastdnptr;
+ 
++	if (class < 0 || class > 65535
++	    || type < 0 || type > 65535)
++	  return -1;
++
+ #ifdef DEBUG
+ 	if (statp->options & RES_DEBUG)
+ 		printf(";; res_nmkquery(%s, %s, %s, %s)\n",
+diff --git a/resolv/res_query.c b/resolv/res_query.c
+index 944d1a9..07dc6f6 100644
+--- a/resolv/res_query.c
++++ b/resolv/res_query.c
+@@ -122,7 +122,7 @@ __libc_res_nquery(res_state statp,
+ 	int n, use_malloc = 0;
+ 	u_int oflags = statp->_flags;
+ 
+-	size_t bufsize = (type == T_UNSPEC ? 2 : 1) * QUERYSIZE;
++	size_t bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * QUERYSIZE;
+ 	u_char *buf = alloca (bufsize);
+ 	u_char *query1 = buf;
+ 	int nquery1 = -1;
+@@ -137,7 +137,7 @@ __libc_res_nquery(res_state statp,
+ 		printf(";; res_query(%s, %d, %d)\n", name, class, type);
+ #endif
+ 
+-	if (type == T_UNSPEC)
++	if (type == T_QUERY_A_AND_AAAA)
+ 	  {
+ 	    n = res_nmkquery(statp, QUERY, name, class, T_A, NULL, 0, NULL,
+ 			     query1, bufsize);
+@@ -190,7 +190,7 @@ __libc_res_nquery(res_state statp,
+ 	if (__builtin_expect (n <= 0, 0) && !use_malloc) {
+ 		/* Retry just in case res_nmkquery failed because of too
+ 		   short buffer.  Shouldn't happen.  */
+-		bufsize = (type == T_UNSPEC ? 2 : 1) * MAXPACKET;
++		bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * MAXPACKET;
+ 		buf = malloc (bufsize);
+ 		if (buf != NULL) {
+ 			query1 = buf;
+diff --git a/resolv/tst-resolv-qtypes.c b/resolv/tst-resolv-qtypes.c
+new file mode 100644
+index 0000000..b3e60c6
+--- /dev/null
++++ b/resolv/tst-resolv-qtypes.c
+@@ -0,0 +1,185 @@
++/* Exercise low-level query functions with different QTYPEs.
++   Copyright (C) 2016 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <http://www.gnu.org/licenses/>.  */
++
++#include <resolv.h>
++#include <string.h>
++#include <support/check.h>
++#include <support/check_nss.h>
++#include <support/resolv_test.h>
++#include <support/support.h>
++#include <support/test-driver.h>
++#include <support/xmemstream.h>
++
++/* If ture, the response function will send the actual response packet
++   over TCP instead of UDP.  */
++static volatile bool force_tcp;
++
++/* Send back a fake resource record matching the QTYPE.  */
++static void
++response (const struct resolv_response_context *ctx,
++          struct resolv_response_builder *b,
++          const char *qname, uint16_t qclass, uint16_t qtype)
++{
++  if (force_tcp && ctx->tcp)
++    {
++      resolv_response_init (b, (struct resolv_response_flags) { .tc = 1 });
++      resolv_response_add_question (b, qname, qclass, qtype);
++      return;
++    }
++
++  resolv_response_init (b, (struct resolv_response_flags) { });
++  resolv_response_add_question (b, qname, qclass, qtype);
++  resolv_response_section (b, ns_s_an);
++  resolv_response_open_record (b, qname, qclass, qtype, 0);
++  resolv_response_add_data (b, &qtype, sizeof (qtype));
++  resolv_response_close_record (b);
++}
++
++static const const char *domain = "www.example.com";
++
++static int
++wrap_res_query (int type, unsigned char *answer, int answer_length)
++{
++  return res_query (domain, C_IN, type, answer, answer_length);
++}
++
++static int
++wrap_res_search (int type, unsigned char *answer, int answer_length)
++{
++  return res_query (domain, C_IN, type, answer, answer_length);
++}
++
++static int
++wrap_res_querydomain (int type, unsigned char *answer, int answer_length)
++{
++  return res_querydomain ("www", "example.com", C_IN, type,
++                           answer, answer_length);
++}
++
++static int
++wrap_res_send (int type, unsigned char *answer, int answer_length)
++{
++  unsigned char buf[512];
++  int ret = res_mkquery (QUERY, domain, C_IN, type,
++                         (const unsigned char *) "", 0, NULL,
++                         buf, sizeof (buf));
++  if (type < 0 || type >= 65536)
++    {
++      /* res_mkquery fails for out-of-range record types.  */
++      TEST_VERIFY_EXIT (ret == -1);
++      return -1;
++    }
++  TEST_VERIFY_EXIT (ret > 12);  /* DNS header length.  */
++  return res_send (buf, ret, answer, answer_length);
++}
++
++static int
++wrap_res_nquery (int type, unsigned char *answer, int answer_length)
++{
++  return res_nquery (&_res, domain, C_IN, type, answer, answer_length);
++}
++
++static int
++wrap_res_nsearch (int type, unsigned char *answer, int answer_length)
++{
++  return res_nquery (&_res, domain, C_IN, type, answer, answer_length);
++}
++
++static int
++wrap_res_nquerydomain (int type, unsigned char *answer, int answer_length)
++{
++  return res_nquerydomain (&_res, "www", "example.com", C_IN, type,
++                           answer, answer_length);
++}
++
++static int
++wrap_res_nsend (int type, unsigned char *answer, int answer_length)
++{
++  unsigned char buf[512];
++  int ret = res_nmkquery (&_res, QUERY, domain, C_IN, type,
++                         (const unsigned char *) "", 0, NULL,
++                         buf, sizeof (buf));
++  if (type < 0 || type >= 65536)
++    {
++      /* res_mkquery fails for out-of-range record types.  */
++      TEST_VERIFY_EXIT (ret == -1);
++      return -1;
++    }
++  TEST_VERIFY_EXIT (ret > 12);  /* DNS header length.  */
++  return res_nsend (&_res, buf, ret, answer, answer_length);
++}
++
++static void
++test_function (const char *fname,
++               int (*func) (int type,
++                            unsigned char *answer, int answer_length))
++{
++  unsigned char buf[512];
++  for (int tcp = 0; tcp < 2; ++tcp)
++    {
++      force_tcp = tcp;
++      for (unsigned int type = 1; type <= 65535; ++type)
++        {
++          if (test_verbose)
++            printf ("info: sending QTYPE %d with %s (tcp=%d)\n",
++                    type, fname, tcp);
++          int ret = func (type, buf, sizeof (buf));
++          if (ret != 47)
++            FAIL_EXIT1 ("%s tcp=%d qtype=%d return value %d",
++                        fname,tcp, type, ret);
++          /* One question, one answer record.  */
++          TEST_VERIFY (memcmp (buf + 4, "\0\1\0\1\0\0\0\0", 8) == 0);
++          /* Question section.  */
++          static const char qname[] = "\3www\7example\3com";
++          size_t qname_length = sizeof (qname);
++          TEST_VERIFY (memcmp (buf + 12, qname, qname_length) == 0);
++          /* RDATA part of answer.  */
++          uint16_t type16 = type;
++          TEST_VERIFY (memcmp (buf + ret - 2, &type16, sizeof (type16)) == 0);
++        }
++    }
++
++  TEST_VERIFY (func (-1, buf, sizeof (buf) == -1));
++  TEST_VERIFY (func (65536, buf, sizeof (buf) == -1));
++}
++
++static int
++do_test (void)
++{
++  struct resolv_redirect_config config =
++    {
++      .response_callback = response,
++    };
++  struct resolv_test *obj = resolv_test_start (config);
++
++  test_function ("res_query", &wrap_res_query);
++  test_function ("res_search", &wrap_res_search);
++  test_function ("res_querydomain", &wrap_res_querydomain);
++  test_function ("res_send", &wrap_res_send);
++
++  test_function ("res_nquery", &wrap_res_nquery);
++  test_function ("res_nsearch", &wrap_res_nsearch);
++  test_function ("res_nquerydomain", &wrap_res_nquerydomain);
++  test_function ("res_nsend", &wrap_res_nsend);
++
++  resolv_test_end (obj);
++  return 0;
++}
++
++#define TIMEOUT 300
++#include <support/test-driver.c>
+-- 
+2.9.3
+
diff --git a/gnu/packages/patches/glibc-CVE-2015-7547.patch b/gnu/packages/patches/glibc-CVE-2015-7547.patch
new file mode 100644
index 0000000000..12abeb76d4
--- /dev/null
+++ b/gnu/packages/patches/glibc-CVE-2015-7547.patch
@@ -0,0 +1,590 @@
+From b995d95a5943785be3ab862b2d3276f3b4a22481 Mon Sep 17 00:00:00 2001
+From: Carlos O'Donell <carlos@systemhalted.org>
+Date: Tue, 16 Feb 2016 21:26:37 -0500
+Subject: [PATCH] CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug
+ 18665).
+
+* A stack-based buffer overflow was found in libresolv when invoked from
+  libnss_dns, allowing specially crafted DNS responses to seize control
+  of execution flow in the DNS client.  The buffer overflow occurs in
+  the functions send_dg (send datagram) and send_vc (send TCP) for the
+  NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC
+  family.  The use of AF_UNSPEC triggers the low-level resolver code to
+  send out two parallel queries for A and AAAA.  A mismanagement of the
+  buffers used for those queries could result in the response of a query
+  writing beyond the alloca allocated buffer created by
+  _nss_dns_gethostbyname4_r.  Buffer management is simplified to remove
+  the overflow.  Thanks to the Google Security Team and Red Hat for
+  reporting the security impact of this issue, and Robert Holiday of
+  Ciena for reporting the related bug 18665. (CVE-2015-7547)
+
+See also:
+https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
+https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html
+
+(cherry picked from commit e9db92d3acfe1822d56d11abcea5bfc4c41cf6ca)
+---
+ ChangeLog                 |  15 +++
+ NEWS                      |  14 +++
+ resolv/nss_dns/dns-host.c | 111 ++++++++++++++++++-
+ resolv/res_query.c        |   3 +
+ resolv/res_send.c         | 264 ++++++++++++++++++++++++++++++++++------------
+ 5 files changed, 338 insertions(+), 69 deletions(-)
+
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+index 357ac04..a0fe9a8 100644
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname,
+   int h_namelen = 0;
+ 
+   if (ancount == 0)
+-    return NSS_STATUS_NOTFOUND;
++    {
++      *h_errnop = HOST_NOT_FOUND;
++      return NSS_STATUS_NOTFOUND;
++    }
+ 
+   while (ancount-- > 0 && cp < end_of_message && had_error == 0)
+     {
+@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname,
+   /* Special case here: if the resolver sent a result but it only
+      contains a CNAME while we are looking for a T_A or T_AAAA record,
+      we fail with NOTFOUND instead of TRYAGAIN.  */
+-  return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND;
++  if (canon != NULL)
++    {
++      *h_errnop = HOST_NOT_FOUND;
++      return NSS_STATUS_NOTFOUND;
++    }
++
++  *h_errnop = NETDB_INTERNAL;
++  return NSS_STATUS_TRYAGAIN;
+ }
+ 
+ 
+@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1, int anslen1, const querybuf *answer2,
+ 
+   enum nss_status status = NSS_STATUS_NOTFOUND;
+ 
++  /* Combining the NSS status of two distinct queries requires some
++     compromise and attention to symmetry (A or AAAA queries can be
++     returned in any order).  What follows is a breakdown of how this
++     code is expected to work and why. We discuss only SUCCESS,
++     TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns
++     that apply (though RETURN and MERGE exist).  We make a distinction
++     between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable).
++     A recoverable TRYAGAIN is almost always due to buffer size issues
++     and returns ERANGE in errno and the caller is expected to retry
++     with a larger buffer.
++
++     Lastly, you may be tempted to make significant changes to the
++     conditions in this code to bring about symmetry between responses.
++     Please don't change anything without due consideration for
++     expected application behaviour.  Some of the synthesized responses
++     aren't very well thought out and sometimes appear to imply that
++     IPv4 responses are always answer 1, and IPv6 responses are always
++     answer 2, but that's not true (see the implementation of send_dg
++     and send_vc to see response can arrive in any order, particularly
++     for UDP). However, we expect it holds roughly enough of the time
++     that this code works, but certainly needs to be fixed to make this
++     a more robust implementation.
++
++     ----------------------------------------------
++     | Answer 1 Status /   | Synthesized | Reason |
++     | Answer 2 Status     | Status      |        |
++     |--------------------------------------------|
++     | SUCCESS/SUCCESS     | SUCCESS     | [1]    |
++     | SUCCESS/TRYAGAIN    | TRYAGAIN    | [5]    |
++     | SUCCESS/TRYAGAIN'   | SUCCESS     | [1]    |
++     | SUCCESS/NOTFOUND    | SUCCESS     | [1]    |
++     | SUCCESS/UNAVAIL     | SUCCESS     | [1]    |
++     | TRYAGAIN/SUCCESS    | TRYAGAIN    | [2]    |
++     | TRYAGAIN/TRYAGAIN   | TRYAGAIN    | [2]    |
++     | TRYAGAIN/TRYAGAIN'  | TRYAGAIN    | [2]    |
++     | TRYAGAIN/NOTFOUND   | TRYAGAIN    | [2]    |
++     | TRYAGAIN/UNAVAIL    | TRYAGAIN    | [2]    |
++     | TRYAGAIN'/SUCCESS   | SUCCESS     | [3]    |
++     | TRYAGAIN'/TRYAGAIN  | TRYAGAIN    | [3]    |
++     | TRYAGAIN'/TRYAGAIN' | TRYAGAIN'   | [3]    |
++     | TRYAGAIN'/NOTFOUND  | TRYAGAIN'   | [3]    |
++     | TRYAGAIN'/UNAVAIL   | UNAVAIL     | [3]    |
++     | NOTFOUND/SUCCESS    | SUCCESS     | [3]    |
++     | NOTFOUND/TRYAGAIN   | TRYAGAIN    | [3]    |
++     | NOTFOUND/TRYAGAIN'  | TRYAGAIN'   | [3]    |
++     | NOTFOUND/NOTFOUND   | NOTFOUND    | [3]    |
++     | NOTFOUND/UNAVAIL    | UNAVAIL     | [3]    |
++     | UNAVAIL/SUCCESS     | UNAVAIL     | [4]    |
++     | UNAVAIL/TRYAGAIN    | UNAVAIL     | [4]    |
++     | UNAVAIL/TRYAGAIN'   | UNAVAIL     | [4]    |
++     | UNAVAIL/NOTFOUND    | UNAVAIL     | [4]    |
++     | UNAVAIL/UNAVAIL     | UNAVAIL     | [4]    |
++     ----------------------------------------------
++
++     [1] If the first response is a success we return success.
++	 This ignores the state of the second answer and in fact
++	 incorrectly sets errno and h_errno to that of the second
++	 answer.  However because the response is a success we ignore
++	 *errnop and *h_errnop (though that means you touched errno on
++	 success).  We are being conservative here and returning the
++	 likely IPv4 response in the first answer as a success.
++
++     [2] If the first response is a recoverable TRYAGAIN we return
++	 that instead of looking at the second response.  The
++	 expectation here is that we have failed to get an IPv4 response
++	 and should retry both queries.
++
++     [3] If the first response was not a SUCCESS and the second
++	 response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN,
++	 or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the
++	 result from the second response, otherwise the first responses
++	 status is used.  Again we have some odd side-effects when the
++	 second response is NOTFOUND because we overwrite *errnop and
++	 *h_errnop that means that a first answer of NOTFOUND might see
++	 its *errnop and *h_errnop values altered.  Whether it matters
++	 in practice that a first response NOTFOUND has the wrong
++	 *errnop and *h_errnop is undecided.
++
++     [4] If the first response is UNAVAIL we return that instead of
++	 looking at the second response.  The expectation here is that
++	 it will have failed similarly e.g. configuration failure.
++
++     [5] Testing this code is complicated by the fact that truncated
++	 second response buffers might be returned as SUCCESS if the
++	 first answer is a SUCCESS.  To fix this we add symmetry to
++	 TRYAGAIN with the second response.  If the second response
++	 is a recoverable error we now return TRYAGIN even if the first
++	 response was SUCCESS.  */
++
+   if (anslen1 > 0)
+     status = gaih_getanswer_slice(answer1, anslen1, qname,
+ 				  &pat, &buffer, &buflen,
+ 				  errnop, h_errnop, ttlp,
+ 				  &first);
++
+   if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND
+        || (status == NSS_STATUS_TRYAGAIN
+ 	   /* We want to look at the second answer in case of an
+@@ -1242,8 +1342,15 @@ gaih_getanswer (const querybuf *answer1, int anslen1, const querybuf *answer2,
+ 						     &pat, &buffer, &buflen,
+ 						     errnop, h_errnop, ttlp,
+ 						     &first);
++      /* Use the second response status in some cases.  */
+       if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND)
+ 	status = status2;
++      /* Do not return a truncated second response (unless it was
++	 unavoidable e.g. unrecoverable TRYAGAIN).  */
++      if (status == NSS_STATUS_SUCCESS
++	  && (status2 == NSS_STATUS_TRYAGAIN
++	      && *errnop == ERANGE && *h_errnop != NO_RECOVERY))
++	status = NSS_STATUS_TRYAGAIN;
+     }
+ 
+   return status;
+diff --git a/resolv/res_query.c b/resolv/res_query.c
+index 4a9b3b3..95470a9 100644
+--- a/resolv/res_query.c
++++ b/resolv/res_query.c
+@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp,
+ 		  {
+ 		    free (*answerp2);
+ 		    *answerp2 = NULL;
++		    *nanswerp2 = 0;
+ 		    *answerp2_malloced = 0;
+ 		  }
+ 	}
+@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp,
+ 			  {
+ 			    free (*answerp2);
+ 			    *answerp2 = NULL;
++			    *nanswerp2 = 0;
+ 			    *answerp2_malloced = 0;
+ 			  }
+ 
+@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp,
+ 	  {
+ 	    free (*answerp2);
+ 	    *answerp2 = NULL;
++	    *nanswerp2 = 0;
+ 	    *answerp2_malloced = 0;
+ 	  }
+ 	if (saved_herrno != -1)
+diff --git a/resolv/res_send.c b/resolv/res_send.c
+index 5e53cc2..6511bb1 100644
+--- a/resolv/res_send.c
++++ b/resolv/res_send.c
+@@ -1,3 +1,20 @@
++/* Copyright (C) 2016 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <http://www.gnu.org/licenses/>.  */
++
+ /*
+  * Copyright (c) 1985, 1989, 1993
+  *    The Regents of the University of California.  All rights reserved.
+@@ -363,6 +380,8 @@ __libc_res_nsend(res_state statp, const u_char *buf, int buflen,
+ #ifdef USE_HOOKS
+ 	if (__glibc_unlikely (statp->qhook || statp->rhook))       {
+ 		if (anssiz < MAXPACKET && ansp) {
++			/* Always allocate MAXPACKET, callers expect
++			   this specific size.  */
+ 			u_char *buf = malloc (MAXPACKET);
+ 			if (buf == NULL)
+ 				return (-1);
+@@ -638,6 +657,77 @@ get_nsaddr (res_state statp, int n)
+     return (struct sockaddr *) (void *) &statp->nsaddr_list[n];
+ }
+ 
++/* The send_vc function is responsible for sending a DNS query over TCP
++   to the nameserver numbered NS from the res_state STATP i.e.
++   EXT(statp).nssocks[ns].  The function supports sending both IPv4 and
++   IPv6 queries at the same serially on the same socket.
++
++   Please note that for TCP there is no way to disable sending both
++   queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP
++   and sends the queries serially and waits for the result after each
++   sent query.  This implemetnation should be corrected to honour these
++   options.
++
++   Please also note that for TCP we send both queries over the same
++   socket one after another.  This technically violates best practice
++   since the server is allowed to read the first query, respond, and
++   then close the socket (to service another client).  If the server
++   does this, then the remaining second query in the socket data buffer
++   will cause the server to send the client an RST which will arrive
++   asynchronously and the client's OS will likely tear down the socket
++   receive buffer resulting in a potentially short read and lost
++   response data.  This will force the client to retry the query again,
++   and this process may repeat until all servers and connection resets
++   are exhausted and then the query will fail.  It's not known if this
++   happens with any frequency in real DNS server implementations.  This
++   implementation should be corrected to use two sockets by default for
++   parallel queries.
++
++   The query stored in BUF of BUFLEN length is sent first followed by
++   the query stored in BUF2 of BUFLEN2 length.  Queries are sent
++   serially on the same socket.
++
++   Answers to the query are stored firstly in *ANSP up to a max of
++   *ANSSIZP bytes.  If more than *ANSSIZP bytes are needed and ANSCP
++   is non-NULL (to indicate that modifying the answer buffer is allowed)
++   then malloc is used to allocate a new response buffer and ANSCP and
++   ANSP will both point to the new buffer.  If more than *ANSSIZP bytes
++   are needed but ANSCP is NULL, then as much of the response as
++   possible is read into the buffer, but the results will be truncated.
++   When truncation happens because of a small answer buffer the DNS
++   packets header field TC will bet set to 1, indicating a truncated
++   message and the rest of the socket data will be read and discarded.
++
++   Answers to the query are stored secondly in *ANSP2 up to a max of
++   *ANSSIZP2 bytes, with the actual response length stored in
++   *RESPLEN2.  If more than *ANSSIZP bytes are needed and ANSP2
++   is non-NULL (required for a second query) then malloc is used to
++   allocate a new response buffer, *ANSSIZP2 is set to the new buffer
++   size and *ANSP2_MALLOCED is set to 1.
++
++   The ANSP2_MALLOCED argument will eventually be removed as the
++   change in buffer pointer can be used to detect the buffer has
++   changed and that the caller should use free on the new buffer.
++
++   Note that the answers may arrive in any order from the server and
++   therefore the first and second answer buffers may not correspond to
++   the first and second queries.
++
++   It is not supported to call this function with a non-NULL ANSP2
++   but a NULL ANSCP.  Put another way, you can call send_vc with a
++   single unmodifiable buffer or two modifiable buffers, but no other
++   combination is supported.
++
++   It is the caller's responsibility to free the malloc allocated
++   buffers by detecting that the pointers have changed from their
++   original values i.e. *ANSCP or *ANSP2 has changed.
++
++   If errors are encountered then *TERRNO is set to an appropriate
++   errno value and a zero result is returned for a recoverable error,
++   and a less-than zero result is returned for a non-recoverable error.
++
++   If no errors are encountered then *TERRNO is left unmodified and
++   a the length of the first response in bytes is returned.  */
+ static int
+ send_vc(res_state statp,
+ 	const u_char *buf, int buflen, const u_char *buf2, int buflen2,
+@@ -647,11 +737,7 @@ send_vc(res_state statp,
+ {
+ 	const HEADER *hp = (HEADER *) buf;
+ 	const HEADER *hp2 = (HEADER *) buf2;
+-	u_char *ans = *ansp;
+-	int orig_anssizp = *anssizp;
+-	// XXX REMOVE
+-	// int anssiz = *anssizp;
+-	HEADER *anhp = (HEADER *) ans;
++	HEADER *anhp = (HEADER *) *ansp;
+ 	struct sockaddr *nsap = get_nsaddr (statp, ns);
+ 	int truncating, connreset, n;
+ 	/* On some architectures compiler might emit a warning indicating
+@@ -743,6 +829,8 @@ send_vc(res_state statp,
+ 	 * Receive length & response
+ 	 */
+ 	int recvresp1 = 0;
++	/* Skip the second response if there is no second query.
++	   To do that we mark the second response as received.  */
+ 	int recvresp2 = buf2 == NULL;
+ 	uint16_t rlen16;
+  read_len:
+@@ -779,40 +867,14 @@ send_vc(res_state statp,
+ 	u_char **thisansp;
+ 	int *thisresplenp;
+ 	if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
++		/* We have not received any responses
++		   yet or we only have one response to
++		   receive.  */
+ 		thisanssizp = anssizp;
+ 		thisansp = anscp ?: ansp;
+ 		assert (anscp != NULL || ansp2 == NULL);
+ 		thisresplenp = &resplen;
+ 	} else {
+-		if (*anssizp != MAXPACKET) {
+-			/* No buffer allocated for the first
+-			   reply.  We can try to use the rest
+-			   of the user-provided buffer.  */
+-#if __GNUC_PREREQ (4, 7)
+-			DIAG_PUSH_NEEDS_COMMENT;
+-			DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized");
+-#endif
+-#if _STRING_ARCH_unaligned
+-			*anssizp2 = orig_anssizp - resplen;
+-			*ansp2 = *ansp + resplen;
+-#else
+-			int aligned_resplen
+-			  = ((resplen + __alignof__ (HEADER) - 1)
+-			     & ~(__alignof__ (HEADER) - 1));
+-			*anssizp2 = orig_anssizp - aligned_resplen;
+-			*ansp2 = *ansp + aligned_resplen;
+-#endif
+-#if __GNUC_PREREQ (4, 7)
+-			DIAG_POP_NEEDS_COMMENT;
+-#endif
+-		} else {
+-			/* The first reply did not fit into the
+-			   user-provided buffer.  Maybe the second
+-			   answer will.  */
+-			*anssizp2 = orig_anssizp;
+-			*ansp2 = *ansp;
+-		}
+-
+ 		thisanssizp = anssizp2;
+ 		thisansp = ansp2;
+ 		thisresplenp = resplen2;
+@@ -820,10 +882,14 @@ send_vc(res_state statp,
+ 	anhp = (HEADER *) *thisansp;
+ 
+ 	*thisresplenp = rlen;
+-	if (rlen > *thisanssizp) {
+-		/* Yes, we test ANSCP here.  If we have two buffers
+-		   both will be allocatable.  */
+-		if (__glibc_likely (anscp != NULL))       {
++	/* Is the answer buffer too small?  */
++	if (*thisanssizp < rlen) {
++		/* If the current buffer is not the the static
++		   user-supplied buffer then we can reallocate
++		   it.  */
++		if (thisansp != NULL && thisansp != ansp) {
++			/* Always allocate MAXPACKET, callers expect
++			   this specific size.  */
+ 			u_char *newp = malloc (MAXPACKET);
+ 			if (newp == NULL) {
+ 				*terrno = ENOMEM;
+@@ -835,6 +901,9 @@ send_vc(res_state statp,
+ 			if (thisansp == ansp2)
+ 			  *ansp2_malloced = 1;
+ 			anhp = (HEADER *) newp;
++			/* A uint16_t can't be larger than MAXPACKET
++			   thus it's safe to allocate MAXPACKET but
++			   read RLEN bytes instead.  */
+ 			len = rlen;
+ 		} else {
+ 			Dprint(statp->options & RES_DEBUG,
+@@ -997,6 +1066,66 @@ reopen (res_state statp, int *terrno, int ns)
+ 	return 1;
+ }
+ 
++/* The send_dg function is responsible for sending a DNS query over UDP
++   to the nameserver numbered NS from the res_state STATP i.e.
++   EXT(statp).nssocks[ns].  The function supports IPv4 and IPv6 queries
++   along with the ability to send the query in parallel for both stacks
++   (default) or serially (RES_SINGLKUP).  It also supports serial lookup
++   with a close and reopen of the socket used to talk to the server
++   (RES_SNGLKUPREOP) to work around broken name servers.
++
++   The query stored in BUF of BUFLEN length is sent first followed by
++   the query stored in BUF2 of BUFLEN2 length.  Queries are sent
++   in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP).
++
++   Answers to the query are stored firstly in *ANSP up to a max of
++   *ANSSIZP bytes.  If more than *ANSSIZP bytes are needed and ANSCP
++   is non-NULL (to indicate that modifying the answer buffer is allowed)
++   then malloc is used to allocate a new response buffer and ANSCP and
++   ANSP will both point to the new buffer.  If more than *ANSSIZP bytes
++   are needed but ANSCP is NULL, then as much of the response as
++   possible is read into the buffer, but the results will be truncated.
++   When truncation happens because of a small answer buffer the DNS
++   packets header field TC will bet set to 1, indicating a truncated
++   message, while the rest of the UDP packet is discarded.
++
++   Answers to the query are stored secondly in *ANSP2 up to a max of
++   *ANSSIZP2 bytes, with the actual response length stored in
++   *RESPLEN2.  If more than *ANSSIZP bytes are needed and ANSP2
++   is non-NULL (required for a second query) then malloc is used to
++   allocate a new response buffer, *ANSSIZP2 is set to the new buffer
++   size and *ANSP2_MALLOCED is set to 1.
++
++   The ANSP2_MALLOCED argument will eventually be removed as the
++   change in buffer pointer can be used to detect the buffer has
++   changed and that the caller should use free on the new buffer.
++
++   Note that the answers may arrive in any order from the server and
++   therefore the first and second answer buffers may not correspond to
++   the first and second queries.
++
++   It is not supported to call this function with a non-NULL ANSP2
++   but a NULL ANSCP.  Put another way, you can call send_vc with a
++   single unmodifiable buffer or two modifiable buffers, but no other
++   combination is supported.
++
++   It is the caller's responsibility to free the malloc allocated
++   buffers by detecting that the pointers have changed from their
++   original values i.e. *ANSCP or *ANSP2 has changed.
++
++   If an answer is truncated because of UDP datagram DNS limits then
++   *V_CIRCUIT is set to 1 and the return value non-zero to indicate to
++   the caller to retry with TCP.  The value *GOTSOMEWHERE is set to 1
++   if any progress was made reading a response from the nameserver and
++   is used by the caller to distinguish between ECONNREFUSED and
++   ETIMEDOUT (the latter if *GOTSOMEWHERE is 1).
++
++   If errors are encountered then *TERRNO is set to an appropriate
++   errno value and a zero result is returned for a recoverable error,
++   and a less-than zero result is returned for a non-recoverable error.
++
++   If no errors are encountered then *TERRNO is left unmodified and
++   a the length of the first response in bytes is returned.  */
+ static int
+ send_dg(res_state statp,
+ 	const u_char *buf, int buflen, const u_char *buf2, int buflen2,
+@@ -1006,8 +1135,6 @@ send_dg(res_state statp,
+ {
+ 	const HEADER *hp = (HEADER *) buf;
+ 	const HEADER *hp2 = (HEADER *) buf2;
+-	u_char *ans = *ansp;
+-	int orig_anssizp = *anssizp;
+ 	struct timespec now, timeout, finish;
+ 	struct pollfd pfd[1];
+ 	int ptimeout;
+@@ -1040,6 +1167,8 @@ send_dg(res_state statp,
+ 	int need_recompute = 0;
+ 	int nwritten = 0;
+ 	int recvresp1 = 0;
++	/* Skip the second response if there is no second query.
++	   To do that we mark the second response as received.  */
+ 	int recvresp2 = buf2 == NULL;
+ 	pfd[0].fd = EXT(statp).nssocks[ns];
+ 	pfd[0].events = POLLOUT;
+@@ -1203,55 +1332,56 @@ send_dg(res_state statp,
+ 		int *thisresplenp;
+ 
+ 		if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
++			/* We have not received any responses
++			   yet or we only have one response to
++			   receive.  */
+ 			thisanssizp = anssizp;
+ 			thisansp = anscp ?: ansp;
+ 			assert (anscp != NULL || ansp2 == NULL);
+ 			thisresplenp = &resplen;
+ 		} else {
+-			if (*anssizp != MAXPACKET) {
+-				/* No buffer allocated for the first
+-				   reply.  We can try to use the rest
+-				   of the user-provided buffer.  */
+-#if _STRING_ARCH_unaligned
+-				*anssizp2 = orig_anssizp - resplen;
+-				*ansp2 = *ansp + resplen;
+-#else
+-				int aligned_resplen
+-				  = ((resplen + __alignof__ (HEADER) - 1)
+-				     & ~(__alignof__ (HEADER) - 1));
+-				*anssizp2 = orig_anssizp - aligned_resplen;
+-				*ansp2 = *ansp + aligned_resplen;
+-#endif
+-			} else {
+-				/* The first reply did not fit into the
+-				   user-provided buffer.  Maybe the second
+-				   answer will.  */
+-				*anssizp2 = orig_anssizp;
+-				*ansp2 = *ansp;
+-			}
+-
+ 			thisanssizp = anssizp2;
+ 			thisansp = ansp2;
+ 			thisresplenp = resplen2;
+ 		}
+ 
+ 		if (*thisanssizp < MAXPACKET
+-		    /* Yes, we test ANSCP here.  If we have two buffers
+-		       both will be allocatable.  */
+-		    && anscp
++		    /* If the current buffer is not the the static
++		       user-supplied buffer then we can reallocate
++		       it.  */
++		    && (thisansp != NULL && thisansp != ansp)
+ #ifdef FIONREAD
++		    /* Is the size too small?  */
+ 		    && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0
+ 			|| *thisanssizp < *thisresplenp)
+ #endif
+                     ) {
++			/* Always allocate MAXPACKET, callers expect
++			   this specific size.  */
+ 			u_char *newp = malloc (MAXPACKET);
+ 			if (newp != NULL) {
+-				*anssizp = MAXPACKET;
+-				*thisansp = ans = newp;
++				*thisanssizp = MAXPACKET;
++				*thisansp = newp;
+ 				if (thisansp == ansp2)
+ 				  *ansp2_malloced = 1;
+ 			}
+ 		}
++		/* We could end up with truncation if anscp was NULL
++		   (not allowed to change caller's buffer) and the
++		   response buffer size is too small.  This isn't a
++		   reliable way to detect truncation because the ioctl
++		   may be an inaccurate report of the UDP message size.
++		   Therefore we use this only to issue debug output.
++		   To do truncation accurately with UDP we need
++		   MSG_TRUNC which is only available on Linux.  We
++		   can abstract out the Linux-specific feature in the
++		   future to detect truncation.  */
++		if (__glibc_unlikely (*thisanssizp < *thisresplenp)) {
++			Dprint(statp->options & RES_DEBUG,
++			       (stdout, ";; response may be truncated (UDP)\n")
++			);
++		}
++
+ 		HEADER *anhp = (HEADER *) *thisansp;
+ 		socklen_t fromlen = sizeof(struct sockaddr_in6);
+ 		assert (sizeof(from) <= fromlen);
+-- 
+2.9.3
+
diff --git a/gnu/packages/patches/glibc-CVE-2016-3075.patch b/gnu/packages/patches/glibc-CVE-2016-3075.patch
new file mode 100644
index 0000000000..d16722806e
--- /dev/null
+++ b/gnu/packages/patches/glibc-CVE-2016-3075.patch
@@ -0,0 +1,43 @@
+From 146b58d11fddbef15b888906e3be4f33900c416f Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Tue, 29 Mar 2016 12:57:56 +0200
+Subject: [PATCH] CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ
+ #19879]
+
+The defensive copy is not needed because the name may not alias the
+output buffer.
+
+(cherry picked from commit 317b199b4aff8cfa27f2302ab404d2bb5032b9a4)
+(cherry picked from commit 883dceebc8f11921a9890211a4e202e5be17562f)
+---
+ ChangeLog                    |  7 +++++++
+ NEWS                         | 10 ++++++++--
+ resolv/nss_dns/dns-network.c |  5 +----
+ 3 files changed, 16 insertions(+), 6 deletions(-)
+
+diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c
+index 2eb2f67..8f301a7 100644
+--- a/resolv/nss_dns/dns-network.c
++++ b/resolv/nss_dns/dns-network.c
+@@ -118,17 +118,14 @@ _nss_dns_getnetbyname_r (const char *name, struct netent *result,
+   } net_buffer;
+   querybuf *orig_net_buffer;
+   int anslen;
+-  char *qbuf;
+   enum nss_status status;
+ 
+   if (__res_maybe_init (&_res, 0) == -1)
+     return NSS_STATUS_UNAVAIL;
+ 
+-  qbuf = strdupa (name);
+-
+   net_buffer.buf = orig_net_buffer = (querybuf *) alloca (1024);
+ 
+-  anslen = __libc_res_nsearch (&_res, qbuf, C_IN, T_PTR, net_buffer.buf->buf,
++  anslen = __libc_res_nsearch (&_res, name, C_IN, T_PTR, net_buffer.buf->buf,
+ 			       1024, &net_buffer.ptr, NULL, NULL, NULL, NULL);
+   if (anslen < 0)
+     {
+-- 
+2.9.3
+
diff --git a/gnu/packages/patches/glibc-CVE-2016-3706.patch b/gnu/packages/patches/glibc-CVE-2016-3706.patch
new file mode 100644
index 0000000000..617242df24
--- /dev/null
+++ b/gnu/packages/patches/glibc-CVE-2016-3706.patch
@@ -0,0 +1,188 @@
+From 1a8a7c12950a0026a3c406a7cb1608f96aa1460e Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Fri, 29 Apr 2016 10:35:34 +0200
+Subject: [PATCH] CVE-2016-3706: getaddrinfo: stack overflow in hostent
+ conversion [BZ #20010]
+
+When converting a struct hostent response to struct gaih_addrtuple, the
+gethosts macro (which is called from gaih_inet) used alloca, without
+malloc fallback for large responses.  This commit changes this code to
+use calloc unconditionally.
+
+This commit also consolidated a second hostent-to-gaih_addrtuple
+conversion loop (in gaih_inet) to use the new conversion function.
+
+(cherry picked from commit 4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9)
+---
+ ChangeLog                   |  10 ++++
+ sysdeps/posix/getaddrinfo.c | 130 +++++++++++++++++++++++---------------------
+ 2 files changed, 79 insertions(+), 61 deletions(-)
+
+diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
+index 1ef3f20..fed2d3b 100644
+--- a/sysdeps/posix/getaddrinfo.c
++++ b/sysdeps/posix/getaddrinfo.c
+@@ -168,9 +168,58 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
+   return 0;
+ }
+ 
++/* Convert struct hostent to a list of struct gaih_addrtuple objects.
++   h_name is not copied, and the struct hostent object must not be
++   deallocated prematurely.  *RESULT must be NULL or a pointer to an
++   object allocated using malloc, which is freed.  */
++static bool
++convert_hostent_to_gaih_addrtuple (const struct addrinfo *req,
++				   int family,
++				   struct hostent *h,
++				   struct gaih_addrtuple **result)
++{
++  free (*result);
++  *result = NULL;
++
++  /* Count the number of addresses in h->h_addr_list.  */
++  size_t count = 0;
++  for (char **p = h->h_addr_list; *p != NULL; ++p)
++    ++count;
++
++  /* Report no data if no addresses are available, or if the incoming
++     address size is larger than what we can store.  */
++  if (count == 0 || h->h_length > sizeof (((struct gaih_addrtuple) {}).addr))
++    return true;
++
++  struct gaih_addrtuple *array = calloc (count, sizeof (*array));
++  if (array == NULL)
++    return false;
++
++  for (size_t i = 0; i < count; ++i)
++    {
++      if (family == AF_INET && req->ai_family == AF_INET6)
++	{
++	  /* Perform address mapping. */
++	  array[i].family = AF_INET6;
++	  memcpy(array[i].addr + 3, h->h_addr_list[i], sizeof (uint32_t));
++	  array[i].addr[2] = htonl (0xffff);
++	}
++      else
++	{
++	  array[i].family = family;
++	  memcpy (array[i].addr, h->h_addr_list[i], h->h_length);
++	}
++      array[i].next = array + i + 1;
++    }
++  array[0].name = h->h_name;
++  array[count - 1].next = NULL;
++
++  *result = array;
++  return true;
++}
++
+ #define gethosts(_family, _type) \
+  {									      \
+-  int i;								      \
+   int herrno;								      \
+   struct hostent th;							      \
+   struct hostent *h;							      \
+@@ -219,36 +268,23 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
+     }									      \
+   else if (h != NULL)							      \
+     {									      \
+-      for (i = 0; h->h_addr_list[i]; i++)				      \
++      /* Make sure that addrmem can be freed.  */			      \
++      if (!malloc_addrmem)						      \
++	addrmem = NULL;							      \
++      if (!convert_hostent_to_gaih_addrtuple (req, _family,h, &addrmem))      \
+ 	{								      \
+-	  if (*pat == NULL)						      \
+-	    {								      \
+-	      *pat = __alloca (sizeof (struct gaih_addrtuple));		      \
+-	      (*pat)->scopeid = 0;					      \
+-	    }								      \
+-	  uint32_t *addr = (*pat)->addr;				      \
+-	  (*pat)->next = NULL;						      \
+-	  (*pat)->name = i == 0 ? strdupa (h->h_name) : NULL;		      \
+-	  if (_family == AF_INET && req->ai_family == AF_INET6)		      \
+-	    {								      \
+-	      (*pat)->family = AF_INET6;				      \
+-	      addr[3] = *(uint32_t *) h->h_addr_list[i];		      \
+-	      addr[2] = htonl (0xffff);					      \
+-	      addr[1] = 0;						      \
+-	      addr[0] = 0;						      \
+-	    }								      \
+-	  else								      \
+-	    {								      \
+-	      (*pat)->family = _family;					      \
+-	      memcpy (addr, h->h_addr_list[i], sizeof(_type));		      \
+-	    }								      \
+-	  pat = &((*pat)->next);					      \
++	  _res.options |= old_res_options & RES_USE_INET6;		      \
++	  result = -EAI_SYSTEM;						      \
++	  goto free_and_return;						      \
+ 	}								      \
++      *pat = addrmem;							      \
++      /* The conversion uses malloc unconditionally.  */		      \
++      malloc_addrmem = true;						      \
+ 									      \
+       if (localcanon !=	NULL && canon == NULL)				      \
+ 	canon = strdupa (localcanon);					      \
+ 									      \
+-      if (_family == AF_INET6 && i > 0)					      \
++      if (_family == AF_INET6 && *pat != NULL)				      \
+ 	got_ipv6 = true;						      \
+     }									      \
+  }
+@@ -612,44 +648,16 @@ gaih_inet (const char *name, const struct gaih_service *service,
+ 		{
+ 		  if (h != NULL)
+ 		    {
+-		      int i;
+-		      /* We found data, count the number of addresses.  */
+-		      for (i = 0; h->h_addr_list[i]; ++i)
+-			;
+-		      if (i > 0 && *pat != NULL)
+-			--i;
+-
+-		      if (__libc_use_alloca (alloca_used
+-					     + i * sizeof (struct gaih_addrtuple)))
+-			addrmem = alloca_account (i * sizeof (struct gaih_addrtuple),
+-						  alloca_used);
+-		      else
+-			{
+-			  addrmem = malloc (i
+-					    * sizeof (struct gaih_addrtuple));
+-			  if (addrmem == NULL)
+-			    {
+-			      result = -EAI_MEMORY;
+-			      goto free_and_return;
+-			    }
+-			  malloc_addrmem = true;
+-			}
+-
+-		      /* Now convert it into the list.  */
+-		      struct gaih_addrtuple *addrfree = addrmem;
+-		      for (i = 0; h->h_addr_list[i]; ++i)
++		      /* We found data, convert it.  */
++		      if (!convert_hostent_to_gaih_addrtuple
++			  (req, AF_INET, h, &addrmem))
+ 			{
+-			  if (*pat == NULL)
+-			    {
+-			      *pat = addrfree++;
+-			      (*pat)->scopeid = 0;
+-			    }
+-			  (*pat)->next = NULL;
+-			  (*pat)->family = AF_INET;
+-			  memcpy ((*pat)->addr, h->h_addr_list[i],
+-				  h->h_length);
+-			  pat = &((*pat)->next);
++			  result = -EAI_MEMORY;
++			  goto free_and_return;
+ 			}
++		      *pat = addrmem;
++		      /* The conversion uses malloc unconditionally.  */
++		      malloc_addrmem = true;
+ 		    }
+ 		}
+ 	      else
+-- 
+2.9.3
+
diff --git a/gnu/packages/patches/glibc-CVE-2016-4429.patch b/gnu/packages/patches/glibc-CVE-2016-4429.patch
new file mode 100644
index 0000000000..5eebd10543
--- /dev/null
+++ b/gnu/packages/patches/glibc-CVE-2016-4429.patch
@@ -0,0 +1,58 @@
+From bdce95930e1d9a7d013d1ba78740243491262879 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 23 May 2016 20:18:34 +0200
+Subject: [PATCH] CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call [BZ
+ #20112]
+
+The call is technically in a loop, and under certain circumstances
+(which are quite difficult to reproduce in a test case), alloca
+can be invoked repeatedly during a single call to clntudp_call.
+As a result, the available stack space can be exhausted (even
+though individual alloca sizes are bounded implicitly by what
+can fit into a UDP packet, as a side effect of the earlier
+successful send operation).
+
+(cherry picked from commit bc779a1a5b3035133024b21e2f339fe4219fb11c)
+---
+ ChangeLog         |  7 +++++++
+ NEWS              |  4 ++++
+ sunrpc/clnt_udp.c | 10 +++++++++-
+ 3 files changed, 20 insertions(+), 1 deletion(-)
+
+diff --git a/sunrpc/clnt_udp.c b/sunrpc/clnt_udp.c
+index a6cf5f1..4d9acb1 100644
+--- a/sunrpc/clnt_udp.c
++++ b/sunrpc/clnt_udp.c
+@@ -388,9 +388,15 @@ send_again:
+ 	  struct sock_extended_err *e;
+ 	  struct sockaddr_in err_addr;
+ 	  struct iovec iov;
+-	  char *cbuf = (char *) alloca (outlen + 256);
++	  char *cbuf = malloc (outlen + 256);
+ 	  int ret;
+ 
++	  if (cbuf == NULL)
++	    {
++	      cu->cu_error.re_errno = errno;
++	      return (cu->cu_error.re_status = RPC_CANTRECV);
++	    }
++
+ 	  iov.iov_base = cbuf + 256;
+ 	  iov.iov_len = outlen;
+ 	  msg.msg_name = (void *) &err_addr;
+@@ -415,10 +421,12 @@ send_again:
+ 		 cmsg = CMSG_NXTHDR (&msg, cmsg))
+ 	      if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR)
+ 		{
++		  free (cbuf);
+ 		  e = (struct sock_extended_err *) CMSG_DATA(cmsg);
+ 		  cu->cu_error.re_errno = e->ee_errno;
+ 		  return (cu->cu_error.re_status = RPC_CANTRECV);
+ 		}
++	  free (cbuf);
+ 	}
+ #endif
+       do
+-- 
+2.9.3
+
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch
new file mode 100644
index 0000000000..2cb3d46f62
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch
@@ -0,0 +1,28 @@
+This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188.
+
+diff -ur a/coders/png.c b/coders/png.c
+--- a/coders/png.c	2017-07-04 17:32:08.000000000 -0400
++++ b/coders/png.c	2017-08-19 11:16:20.933969362 -0400
+@@ -4101,11 +4101,17 @@
+                   mng_info->image=image;
+                 }
+ 
+-              if ((mng_info->mng_width > 65535L) || (mng_info->mng_height
+-                                                     > 65535L))
+-                (void) ThrowException(&image->exception,ImageError,
+-                                      WidthOrHeightExceedsLimit,
+-                                      image->filename);
++              if ((mng_info->mng_width > 65535L) ||
++                  (mng_info->mng_height > 65535L))
++                {
++                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                      "  MNG width or height is too large: %lu, %lu",
++                      mng_info->mng_width,mng_info->mng_height);
++                  MagickFreeMemory(chunk);
++                  ThrowReaderException(CorruptImageError,
++                     ImproperImageHeader,image);
++                }
++
+               FormatString(page_geometry,"%lux%lu+0+0",mng_info->mng_width,
+                            mng_info->mng_height);
+               mng_info->frame.left=0;
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch
new file mode 100644
index 0000000000..7036f37438
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch
@@ -0,0 +1,16 @@
+This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd.
+
+diff -ur a/coders/wmf.c b/coders/wmf.c
+--- a/coders/wmf.c	2016-09-05 15:20:23.000000000 -0400
++++ b/coders/wmf.c	2017-08-19 10:38:08.984187264 -0400
+@@ -2719,8 +2719,8 @@
+   if(image->exception.severity != UndefinedException)
+     ThrowException2(exception,
+                    CoderWarning,
+-                   ddata->image->exception.reason,
+-                   ddata->image->exception.description);
++                   image->exception.reason,
++                   image->exception.description);
+ 
+   if(logging)
+     (void) LogMagickEvent(CoderEvent,GetMagickModule(),"leave ReadWMFImage()");
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch
new file mode 100644
index 0000000000..71af9ffe59
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch
@@ -0,0 +1,28 @@
+This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978.
+
+diff -ur a/coders/sun.c b/coders/sun.c
+--- a/coders/sun.c	2016-05-30 13:19:54.000000000 -0400
++++ b/coders/sun.c	2017-08-18 18:00:00.191023610 -0400
+@@ -1,5 +1,5 @@
+ /*
+-% Copyright (C) 2003-2015 GraphicsMagick Group
++% Copyright (C) 2003-2017 GraphicsMagick Group
+ % Copyright (C) 2002 ImageMagick Studio
+ % Copyright 1991-1999 E. I. du Pont de Nemours and Company
+ %
+@@ -577,6 +577,7 @@
+           for (bit=7; bit >= 0; bit--)
+             {
+               index=((*p) & (0x01 << bit) ? 0x01 : 0x00);
++              VerifyColormapIndex(image,index);
+               indexes[x+7-bit]=index;
+               q[x+7-bit]=image->colormap[index];
+             }
+@@ -587,6 +588,7 @@
+             for (bit=7; bit >= (long) (8-(image->columns % 8)); bit--)
+               {
+                 index=((*p) & (0x01 << bit) ? 0x01 : 0x00);
++                VerifyColormapIndex(image,index);
+                 indexes[x+7-bit]=index;
+                 q[x+7-bit]=image->colormap[index];
+               }
diff --git a/gnu/packages/patches/grep-gnulib-lock.patch b/gnu/packages/patches/grep-gnulib-lock.patch
new file mode 100644
index 0000000000..68c33f1031
--- /dev/null
+++ b/gnu/packages/patches/grep-gnulib-lock.patch
@@ -0,0 +1,32 @@
+This patch fix error on 'gnulib' library required to build
+'grep' package on GNU/Hurd.
+The patch was adapted from upstream source repository:
+'<http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=4084b3a1094372b960ce4a97634e08f4538c8bdd>'
+
+Commit: 4084b3a1094372b960ce4a97634e08f4538c8bdd
+
+diff --git a/lib/glthread/lock.c b/lib/glthread/lock.c
+index 061562b..afc86f4 100644
+--- a/lib/glthread/lock.c
++++ b/lib/glthread/lock.c
+@@ -30,7 +30,7 @@
+ 
+ /* ------------------------- gl_rwlock_t datatype ------------------------- */
+ 
+-# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1))
++# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1)))
+ 
+ #  ifdef PTHREAD_RWLOCK_INITIALIZER
+ 
+diff --git a/lib/glthread/lock.h b/lib/glthread/lock.h
+index ec16d39..67932aa 100644
+--- a/lib/glthread/lock.h
++++ b/lib/glthread/lock.h
+@@ -179,7 +179,7 @@ typedef pthread_mutex_t gl_lock_t;
+ 
+ /* ------------------------- gl_rwlock_t datatype ------------------------- */
+ 
+-# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1))
++# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1)))
+ 
+ #  ifdef PTHREAD_RWLOCK_INITIALIZER
diff --git a/gnu/packages/patches/groff-source-date-epoch.patch b/gnu/packages/patches/groff-source-date-epoch.patch
new file mode 100644
index 0000000000..53c590b049
--- /dev/null
+++ b/gnu/packages/patches/groff-source-date-epoch.patch
@@ -0,0 +1,299 @@
+Adds support for the environment variable SOURCE_DATE_EPOCH.
+
+See: https://sources.debian.net/patches/groff/1.22.3-9/source-date-epoch.patch/
+
+From abc23bc9245e18468817f2838361c3a08f7521e2 Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Thu, 5 Nov 2015 11:47:34 +0000
+Subject: Implement `SOURCE_DATE_EPOCH' for reproducible builds.
+
+Author: Colin Watson <cjwatson@debian.org>
+Forwarded: yes
+Last-Update: 2015-11-05
+
+Patch-Name: source-date-epoch.patch
+---
+ doc/groff.texinfo                 |  6 +++++
+ src/devices/grohtml/grohtml.man   |  7 ++++++
+ src/devices/grohtml/post-html.cpp |  5 ++--
+ src/devices/gropdf/gropdf.man     |  7 ++++++
+ src/devices/gropdf/gropdf.pl      |  3 ++-
+ src/devices/grops/grops.man       |  7 ++++++
+ src/devices/grops/ps.cpp          |  3 ++-
+ src/include/curtime.h             | 23 ++++++++++++++++++
+ src/libs/libgroff/Makefile.sub    |  2 ++
+ src/libs/libgroff/curtime.cpp     | 51 +++++++++++++++++++++++++++++++++++++++
+ src/roff/troff/input.cpp          |  3 ++-
+ 11 files changed, 112 insertions(+), 5 deletions(-)
+ create mode 100644 src/include/curtime.h
+ create mode 100644 src/libs/libgroff/curtime.cpp
+
+diff --git a/doc/groff.texinfo b/doc/groff.texinfo
+index 066b5274..1d3c7a9f 100644
+--- a/doc/groff.texinfo
++++ b/doc/groff.texinfo
+@@ -1453,6 +1453,12 @@ default directory (on Unix and GNU/Linux systems, this is usually
+ @item GROFF_TYPESETTER
+ @tindex GROFF_TYPESETTER@r{, environment variable}
+ The default output device.
++
++@item SOURCE_DATE_EPOCH
++@tindex SOURCE_DATE_EPOCH@r{, environment variable}
++A timestamp (expressed as seconds since the Unix epoch) to use in place of
++the current time when initializing time-based built-in registers such as
++@code{\n[seconds]}.
+ @end table
+ 
+ Note that MS-DOS and MS-Windows ports of @code{groff} use semi-colons,
+diff --git a/src/devices/grohtml/grohtml.man b/src/devices/grohtml/grohtml.man
+index 51eae224..4be4abbc 100644
+--- a/src/devices/grohtml/grohtml.man
++++ b/src/devices/grohtml/grohtml.man
+@@ -419,6 +419,13 @@ and
+ for more details.
+ .
+ .
++.TP
++.SM
++.B SOURCE_DATE_EPOCH
++A timestamp (expressed as seconds since the Unix epoch) to use as the
++creation timestamp in place of the current time.
++.
++.
+ .\" --------------------------------------------------------------------
+ .SH BUGS
+ .\" --------------------------------------------------------------------
+diff --git a/src/devices/grohtml/post-html.cpp b/src/devices/grohtml/post-html.cpp
+index fefbf014..b5fc5167 100644
+--- a/src/devices/grohtml/post-html.cpp
++++ b/src/devices/grohtml/post-html.cpp
+@@ -28,6 +28,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+ #include "html.h"
+ #include "html-text.h"
+ #include "html-table.h"
++#include "curtime.h"
+ 
+ #include <time.h>
+ 
+@@ -5013,7 +5014,7 @@ void html_printer::do_file_components (void)
+ 	.put_string(Version_string)
+ 	.end_comment();
+ 
+-      t = time(0);
++      t = current_time();
+       html.begin_comment("CreationDate: ")
+ 	.put_string(ctime(&t), strlen(ctime(&t))-1)
+ 	.end_comment();
+@@ -5126,7 +5127,7 @@ html_printer::~html_printer()
+     .put_string(Version_string)
+     .end_comment();
+ 
+-  t = time(0);
++  t = current_time();
+   html.begin_comment("CreationDate: ")
+     .put_string(ctime(&t), strlen(ctime(&t))-1)
+     .end_comment();
+diff --git a/src/devices/gropdf/gropdf.man b/src/devices/gropdf/gropdf.man
+index 3bbace6a..cc0c82f1 100644
+--- a/src/devices/gropdf/gropdf.man
++++ b/src/devices/gropdf/gropdf.man
+@@ -1029,6 +1029,13 @@ and
+ for more details.
+ .
+ .
++.TP
++.SM
++.B SOURCE_DATE_EPOCH
++A timestamp (expressed as seconds since the Unix epoch) to use as the
++creation timestamp in place of the current time.
++.
++.
+ .\" --------------------------------------------------------------------
+ .SH FILES
+ .\" --------------------------------------------------------------------
+diff --git a/src/devices/gropdf/gropdf.pl b/src/devices/gropdf/gropdf.pl
+index 035d1238..c25c4c67 100644
+--- a/src/devices/gropdf/gropdf.pl
++++ b/src/devices/gropdf/gropdf.pl
+@@ -239,13 +239,14 @@ elsif (exists($ppsz{$papersz}))
+     @defaultmb=@mediabox=(0,0,$ppsz{$papersz}->[0],$ppsz{$papersz}->[1]);
+ }
+ 
+-my (@dt)=localtime(time);
++my (@dt)=localtime($ENV{SOURCE_DATE_EPOCH} || time);
+ my $dt=PDFDate(\@dt);
+ 
+ my %info=('Creator' => "(groff version $cfg{GROFF_VERSION})",
+ 				'Producer' => "(gropdf version $cfg{GROFF_VERSION})",
+ 				'ModDate' => "($dt)",
+ 				'CreationDate' => "($dt)");
++
+ while (<>)
+ {
+     chomp;
+diff --git a/src/devices/grops/grops.man b/src/devices/grops/grops.man
+index 99fb7486..272c2d18 100644
+--- a/src/devices/grops/grops.man
++++ b/src/devices/grops/grops.man
+@@ -1419,6 +1419,13 @@ and
+ for more details.
+ .
+ .
++.TP
++.SM
++.B SOURCE_DATE_EPOCH
++A timestamp (expressed as seconds since the Unix epoch) to use as the
++creation timestamp in place of the current time.
++.
++.
+ .\" --------------------------------------------------------------------
+ .SH FILES
+ .\" --------------------------------------------------------------------
+diff --git a/src/devices/grops/ps.cpp b/src/devices/grops/ps.cpp
+index 745a503b..03e65372 100644
+--- a/src/devices/grops/ps.cpp
++++ b/src/devices/grops/ps.cpp
+@@ -28,6 +28,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+ #include "cset.h"
+ #include "nonposix.h"
+ #include "paper.h"
++#include "curtime.h"
+ 
+ #include "ps.h"
+ #include <time.h>
+@@ -1390,7 +1391,7 @@ ps_printer::~ps_printer()
+ #else
+     time_t
+ #endif
+-    t = time(0);
++    t = current_time();
+     fputs(ctime(&t), out.get_file());
+   }
+   for (font_pointer_list *f = font_list; f; f = f->next) {
+diff --git a/src/include/curtime.h b/src/include/curtime.h
+new file mode 100644
+index 00000000..a4105196
+--- /dev/null
++++ b/src/include/curtime.h
+@@ -0,0 +1,23 @@
++/* Copyright (C) 2015  Free Software Foundation, Inc.
++
++This file is part of groff.
++
++groff is free software; you can redistribute it and/or modify it under
++the terms of the GNU General Public License as published by the Free
++Software Foundation, either version 2 of the License, or
++(at your option) any later version.
++
++groff is distributed in the hope that it will be useful, but WITHOUT ANY
++WARRANTY; without even the implied warranty of MERCHANTABILITY or
++FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
++for more details.
++
++The GNU General Public License version 2 (GPL2) is available in the
++internet at <http://www.gnu.org/licenses/gpl-2.0.txt>. */
++
++#ifdef LONG_FOR_TIME_T
++long
++#else
++time_t
++#endif
++current_time();
+diff --git a/src/libs/libgroff/Makefile.sub b/src/libs/libgroff/Makefile.sub
+index 840d9934..4cb4937a 100644
+--- a/src/libs/libgroff/Makefile.sub
++++ b/src/libs/libgroff/Makefile.sub
+@@ -32,6 +32,7 @@ OBJS=\
+   cmap.$(OBJEXT) \
+   color.$(OBJEXT) \
+   cset.$(OBJEXT) \
++  curtime.$(OBJEXT) \
+   device.$(OBJEXT) \
+   errarg.$(OBJEXT) \
+   error.$(OBJEXT) \
+@@ -82,6 +83,7 @@ CCSRCS=\
+   $(srcdir)/cmap.cpp \
+   $(srcdir)/color.cpp \
+   $(srcdir)/cset.cpp \
++  $(srcdir)/curtime.cpp \
+   $(srcdir)/device.cpp \
+   $(srcdir)/errarg.cpp \
+   $(srcdir)/error.cpp \
+diff --git a/src/libs/libgroff/curtime.cpp b/src/libs/libgroff/curtime.cpp
+new file mode 100644
+index 00000000..00821b7f
+--- /dev/null
++++ b/src/libs/libgroff/curtime.cpp
+@@ -0,0 +1,51 @@
++/* Copyright (C) 2015  Free Software Foundation, Inc.
++
++This file is part of groff.
++
++groff is free software; you can redistribute it and/or modify it under
++the terms of the GNU General Public License as published by the Free
++Software Foundation, either version 2 of the License, or
++(at your option) any later version.
++
++groff is distributed in the hope that it will be useful, but WITHOUT ANY
++WARRANTY; without even the implied warranty of MERCHANTABILITY or
++FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
++for more details.
++
++The GNU General Public License version 2 (GPL2) is available in the
++internet at <http://www.gnu.org/licenses/gpl-2.0.txt>. */
++
++#include <errno.h>
++#include <limits.h>
++#include <stdlib.h>
++#include <string.h>
++#include <time.h>
++
++#include "errarg.h"
++#include "error.h"
++
++#ifdef LONG_FOR_TIME_T
++long
++#else
++time_t
++#endif
++current_time()
++{
++  char *source_date_epoch = getenv("SOURCE_DATE_EPOCH");
++
++  if (source_date_epoch) {
++    errno = 0;
++    char *endptr;
++    long epoch = strtol(source_date_epoch, &endptr, 10);
++
++    if ((errno == ERANGE && (epoch == LONG_MAX || epoch == LONG_MIN)) ||
++	(errno != 0 && epoch == 0))
++      fatal("$SOURCE_DATE_EPOCH: strtol: %1", strerror(errno));
++    if (endptr == source_date_epoch)
++      fatal("$SOURCE_DATE_EPOCH: no digits found: %1", endptr);
++    if (*endptr != '\0')
++      fatal("$SOURCE_DATE_EPOCH: trailing garbage: %1", endptr);
++    return epoch;
++  } else
++    return time(0);
++}
+diff --git a/src/roff/troff/input.cpp b/src/roff/troff/input.cpp
+index 9594f074..f7d2c18a 100644
+--- a/src/roff/troff/input.cpp
++++ b/src/roff/troff/input.cpp
+@@ -36,6 +36,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+ #include "input.h"
+ #include "defs.h"
+ #include "unicode.h"
++#include "curtime.h"
+ 
+ // Needed for getpid() and isatty()
+ #include "posix.h"
+@@ -8138,7 +8139,7 @@ static void init_registers()
+ #else /* not LONG_FOR_TIME_T */
+   time_t
+ #endif /* not LONG_FOR_TIME_T */
+-    t = time(0);
++    t = current_time();
+   // Use struct here to work around misfeature in old versions of g++.
+   struct tm *tt = localtime(&t);
+   set_number_reg("seconds", int(tt->tm_sec));
diff --git a/gnu/packages/patches/guile-2.2-default-utf8.patch b/gnu/packages/patches/guile-2.2-default-utf8.patch
new file mode 100644
index 0000000000..3233388874
--- /dev/null
+++ b/gnu/packages/patches/guile-2.2-default-utf8.patch
@@ -0,0 +1,78 @@
+This hack makes Guile default to UTF-8.  This avoids calls to
+`iconv_open'; `iconv_open' tries to open shared objects that aren't
+available during bootstrap, so using UTF-8 avoids that (and UTF-8 has
+built-in conversions in glibc, too.)
+
+diff --git a/libguile/bytevectors.c b/libguile/bytevectors.c
+index 7cd753009..de92653a4 100644
+--- a/libguile/bytevectors.c
++++ b/libguile/bytevectors.c
+@@ -1918,7 +1918,7 @@ utf_encoding_name (char *name, size_t utf_width, SCM endianness)
+   if (scm_i_is_narrow_string (str))                                     \
+     {                                                                   \
+       err = mem_iconveh (scm_i_string_chars (str), c_strlen,            \
+-                         "ISO-8859-1", c_utf_name,                      \
++                         "UTF-8", c_utf_name,                      \
+                          iconveh_question_mark, NULL,                   \
+                          &c_utf, &c_utf_len);                           \
+       if (SCM_UNLIKELY (err))                                           \
+diff --git a/libguile/ports.c b/libguile/ports.c
+index 2a25cd58e..bdaf921ca 100644
+--- a/libguile/ports.c
++++ b/libguile/ports.c
+@@ -959,7 +959,9 @@ canonicalize_encoding (const char *enc)
+   char *ret;
+   int i;
+ 
+-  if (!enc || encoding_matches (enc, sym_ISO_8859_1))
++  if (enc == NULL)
++    return sym_UTF_8;
++  if (encoding_matches (enc, sym_ISO_8859_1))
+     return sym_ISO_8859_1;
+   if (encoding_matches (enc, sym_UTF_8))
+     return sym_UTF_8;
+@@ -4182,7 +4184,7 @@ scm_init_ports (void)
+     scm_c_define ("%default-port-conversion-strategy",
+                   scm_make_fluid_with_default (sym_substitute));
+   /* Use the locale as the default port encoding.  */
+-  scm_i_set_default_port_encoding (locale_charset ());
++  scm_i_set_default_port_encoding ("UTF-8");
+ 
+   scm_c_register_extension ("libguile-" SCM_EFFECTIVE_VERSION,
+                             "scm_init_ice_9_ports",
+diff --git a/libguile/strings.c b/libguile/strings.c
+index 5c49e33d8..0131e6dc8 100644
+--- a/libguile/strings.c
++++ b/libguile/strings.c
+@@ -1561,7 +1561,7 @@ scm_i_default_string_failed_conversion_handler (void)
+ SCM
+ scm_from_locale_stringn (const char *str, size_t len)
+ {
+-  return scm_from_stringn (str, len, locale_charset (),
++  return scm_from_stringn (str, len, "UTF-8",
+                            scm_i_default_string_failed_conversion_handler ());
+ }
+ 
+@@ -1885,7 +1885,7 @@ char *
+ scm_to_locale_stringn (SCM str, size_t *lenp)
+ {
+   return scm_to_stringn (str, lenp,
+-                         locale_charset (),
++                         "UTF-8",
+                          scm_i_default_string_failed_conversion_handler ());
+ }
+ 
+@@ -2216,11 +2216,11 @@ scm_to_stringn (SCM str, size_t *lenp, const char *encoding,
+   len = 0;
+   enc = encoding;
+   if (enc == NULL)
+-    enc = "ISO-8859-1";
++    enc = "UTF-8";
+   if (scm_i_is_narrow_string (str))
+     {
+       ret = mem_iconveh (scm_i_string_chars (str), ilen,
+-                         "ISO-8859-1", enc,
++                         "UTF-8", enc,
+                          (enum iconv_ilseq_handler) handler, NULL,
+                          &buf, &len);
+ 
diff --git a/gnu/packages/patches/guile-bytestructures-name-clash.patch b/gnu/packages/patches/guile-bytestructures-name-clash.patch
new file mode 100644
index 0000000000..ac834dd504
--- /dev/null
+++ b/gnu/packages/patches/guile-bytestructures-name-clash.patch
@@ -0,0 +1,31 @@
+This patch works around a name clash between the 'cstring-pointer' module and
+the 'cstring-module' variable that occurs in Guile 2.0:
+
+  ice-9/boot-9.scm:109:20: re-exporting local variable: cstring-pointer
+
+--- guile-bytestructures-20170402.91d042e-checkout/bytestructures/guile.scm	2017-07-25 17:04:32.858289986 +0200
++++ guile-bytestructures-20170402.91d042e-checkout/bytestructures/guile.scm	2017-07-25 17:04:41.130244725 +0200
+@@ -1,6 +1,6 @@
+ (define-module (bytestructures guile))
+ 
+-(import
++(use-modules
+  (bytestructures guile base)
+  (bytestructures guile vector)
+  (bytestructures guile struct)
+@@ -8,7 +8,7 @@
+  (bytestructures guile pointer)
+  (bytestructures guile numeric)
+  (bytestructures guile string)
+- (bytestructures guile cstring-pointer))
++ ((bytestructures guile cstring-pointer) #:prefix cstr:))
+ (re-export
+  make-bytestructure-descriptor
+  bytestructure-descriptor?
+@@ -75,5 +75,5 @@
+ 
+  bs:string
+ 
+- cstring-pointer
++ cstr:cstring-pointer
+  )
diff --git a/gnu/packages/patches/guile-relocatable.patch b/gnu/packages/patches/guile-relocatable.patch
index 2431495f24..95bddcce88 100644
--- a/gnu/packages/patches/guile-relocatable.patch
+++ b/gnu/packages/patches/guile-relocatable.patch
@@ -35,11 +35,11 @@ location of the `guile' binary, allowing it to be relocated.
 +
 +  module_dir = scm_gc_malloc_pointerless (strlen (prefix) + 50, "string");
 +  strcpy (module_dir, prefix);
-+  strcat (module_dir, "/share/guile/2.0");
++  strcat (module_dir, "/share/guile/" SCM_EFFECTIVE_VERSION);
 +
 +  ccache_dir = scm_gc_malloc_pointerless (strlen (prefix) + 50, "string");
 +  strcpy (ccache_dir, prefix);
-+  strcat (ccache_dir, "/lib/guile/2.0/ccache");
++  strcat (ccache_dir, "/lib/guile/" SCM_EFFECTIVE_VERSION "/ccache");
 +
    env = scm_i_mirror_backslashes (getenv ("GUILE_SYSTEM_PATH"));
    if (env && strcmp (env, "") == 0)
diff --git a/gnu/packages/patches/guile-ssh-channel-finalization.patch b/gnu/packages/patches/guile-ssh-channel-finalization.patch
deleted file mode 100644
index 54b5055a20..0000000000
--- a/gnu/packages/patches/guile-ssh-channel-finalization.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-Avoid asynchronous channel finalization, which could lead to segfaults due to
-libssh not being thread-safe: <https://bugs.gnu.org/26976>.
-
---- guile-ssh-0.11.0/modules/ssh/dist/node.scm	2017-06-13 14:37:44.861671297 +0200
-+++ guile-ssh-0.11.0/modules/ssh/dist/node.scm	2017-06-13 14:38:02.841580565 +0200
-@@ -391,11 +391,18 @@ listens on an expected port, return #f o
-   "Evaluate QUOTED-EXP on the node and return the evaluated result."
-   (let ((repl-channel (node-open-rrepl node)))
-     (rrepl-skip-to-prompt repl-channel)
--    (call-with-values (lambda () (rrepl-eval repl-channel quoted-exp))
--      (lambda vals
--        (and (node-stop-repl-server? node)
-+    (dynamic-wind
-+      (const #t)
-+      (lambda ()
-+        (rrepl-eval repl-channel quoted-exp))
-+      (lambda ()
-+        (when (node-stop-repl-server? node)
-              (node-stop-server node))
--        (apply values vals)))))
-+
-+        ;; Close REPL-CHANNEL right away to prevent finalization from
-+        ;; happening in another thread at the wrong time (see
-+        ;; <https://bugs.gnu.org/26976>.)
-+        (close-port repl-channel)))))
- 
- (define (node-eval-1 node quoted-exp)
-   "Evaluate QUOTED-EXP on the node and return the evaluated result.  The
diff --git a/gnu/packages/patches/guile-ssh-double-free.patch b/gnu/packages/patches/guile-ssh-double-free.patch
deleted file mode 100644
index 9692b81d39..0000000000
--- a/gnu/packages/patches/guile-ssh-double-free.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Fix a double-free or use-after-free issue with Guile-SSH used
-with Guile 2.2.  See <https://bugs.gnu.org/26976>.
-
-diff --git a/libguile-ssh/channel-type.c b/libguile-ssh/channel-type.c
-index 3dd641f..0839854 100644
---- a/libguile-ssh/channel-type.c
-+++ b/libguile-ssh/channel-type.c
-@@ -229,10 +229,11 @@ ptob_close (SCM channel)
-       ssh_channel_free (ch->ssh_channel);
-     }
- 
-+  SCM_SETSTREAM (channel, NULL);
-+
- #if USING_GUILE_BEFORE_2_2
-   scm_gc_free (pt->write_buf, pt->write_buf_size, "port write buffer");
-   scm_gc_free (pt->read_buf,  pt->read_buf_size, "port read buffer");
--  SCM_SETSTREAM (channel, NULL);
- 
-   return 0;
- #endif
-diff --git a/libguile-ssh/sftp-file-type.c b/libguile-ssh/sftp-file-type.c
-index 8879924..f87cf03 100644
---- a/libguile-ssh/sftp-file-type.c
-+++ b/libguile-ssh/sftp-file-type.c
-@@ -224,10 +224,11 @@ ptob_close (SCM sftp_file)
-       sftp_close (fd->file);
-     }
- 
-+  SCM_SETSTREAM (sftp_file, NULL);
-+
- #if USING_GUILE_BEFORE_2_2
-   scm_gc_free (pt->write_buf, pt->write_buf_size, "port write buffer");
-   scm_gc_free (pt->read_buf,  pt->read_buf_size, "port read buffer");
--  SCM_SETSTREAM (sftp_file, NULL);
- 
-   return 1;
- #endif
diff --git a/gnu/packages/patches/guile-ssh-rexec-bug.patch b/gnu/packages/patches/guile-ssh-rexec-bug.patch
deleted file mode 100644
index 363fea38c9..0000000000
--- a/gnu/packages/patches/guile-ssh-rexec-bug.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Fix a bug whereby 'node-guile-version' would pass a node instead of
-a session to 'rexec'.
-
-diff --git a/modules/ssh/dist/node.scm b/modules/ssh/dist/node.scm
-index 9c065c7..29a3906 100644
---- a/modules/ssh/dist/node.scm
-+++ b/modules/ssh/dist/node.scm
-@@ -411,7 +411,8 @@ procedure returns the 1st evaluated value if multiple values were returned."
-   "Get Guile version installed on a NODE, return the version string.  Return
- #f if Guile is not installed."
-   (receive (result rc)
--      (rexec node "which guile > /dev/null && guile --version")
-+      (rexec (node-session node)
-+             "which guile > /dev/null && guile --version")
-     (and (zero? rc)
-          (car result))))
diff --git a/gnu/packages/patches/heimdal-CVE-2017-11103.patch b/gnu/packages/patches/heimdal-CVE-2017-11103.patch
new file mode 100644
index 0000000000..d76f0df369
--- /dev/null
+++ b/gnu/packages/patches/heimdal-CVE-2017-11103.patch
@@ -0,0 +1,45 @@
+Fix CVE-2017-11103:
+
+https://orpheus-lyre.info/
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103
+https://security-tracker.debian.org/tracker/CVE-2017-11103
+
+Patch lifted from upstream source repository:
+
+https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea
+
+From 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea Mon Sep 17 00:00:00 2001
+From: Jeffrey Altman <jaltman@secure-endpoints.com>
+Date: Wed, 12 Apr 2017 15:40:42 -0400
+Subject: [PATCH] CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
+
+In _krb5_extract_ticket() the KDC-REP service name must be obtained from
+encrypted version stored in 'enc_part' instead of the unencrypted version
+stored in 'ticket'.  Use of the unecrypted version provides an
+opportunity for successful server impersonation and other attacks.
+
+Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
+
+Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c
+---
+ lib/krb5/ticket.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/krb5/ticket.c b/lib/krb5/ticket.c
+index d95d96d1b..b8d81c6ad 100644
+--- a/lib/krb5/ticket.c
++++ b/lib/krb5/ticket.c
+@@ -705,8 +705,8 @@ _krb5_extract_ticket(krb5_context context,
+     /* check server referral and save principal */
+     ret = _krb5_principalname2krb5_principal (context,
+ 					      &tmp_principal,
+-					      rep->kdc_rep.ticket.sname,
+-					      rep->kdc_rep.ticket.realm);
++					      rep->enc_part.sname,
++					      rep->enc_part.srealm);
+     if (ret)
+ 	goto out;
+     if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){
+-- 
+2.13.3
+
diff --git a/gnu/packages/patches/heimdal-CVE-2017-6594.patch b/gnu/packages/patches/heimdal-CVE-2017-6594.patch
new file mode 100644
index 0000000000..714af60304
--- /dev/null
+++ b/gnu/packages/patches/heimdal-CVE-2017-6594.patch
@@ -0,0 +1,85 @@
+Fix CVE-2017-6594:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6594
+https://security-tracker.debian.org/tracker/CVE-2017-6594
+
+Patch lifted from upstream source repository:
+
+https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837
+
+To apply the patch to Heimdal 1.5.3 release tarball, the changes to 'NEWS' and
+files in 'tests/' are removed, and hunk #4 of 'kdc/krb5tgs.c' is modified.
+
+From b1e699103f08d6a0ca46a122193c9da65f6cf837 Mon Sep 17 00:00:00 2001
+From: Viktor Dukhovni <viktor@twosigma.com>
+Date: Wed, 10 Aug 2016 23:31:14 +0000
+Subject: [PATCH] Fix transit path validation CVE-2017-6594
+
+Commit f469fc6 (2010-10-02) inadvertently caused the previous hop realm
+to not be added to the transit path of issued tickets.  This may, in
+some cases, enable bypass of capath policy in Heimdal versions 1.5
+through 7.2.
+
+Note, this may break sites that rely on the bug.  With the bug some
+incomplete [capaths] worked, that should not have.  These may now break
+authentication in some cross-realm configurations.
+---
+ NEWS                   | 14 ++++++++++++++
+ kdc/krb5tgs.c          | 12 ++++++++++--
+ tests/kdc/check-kdc.in | 17 +++++++++++++++++
+ tests/kdc/krb5.conf.in |  4 ++++
+ 4 files changed, 45 insertions(+), 2 deletions(-)
+
+diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c
+index 6048b9c55..98503812f 100644
+--- a/kdc/krb5tgs.c
++++ b/kdc/krb5tgs.c
+@@ -655,8 +655,12 @@ fix_transited_encoding(krb5_context context,
+ 		  "Decoding transited encoding");
+ 	return ret;
+     }
++
++    /*
++     * If the realm of the presented tgt is neither the client nor the server
++     * realm, it is a transit realm and must be added to transited set.
++     */
+     if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)) {
+-	/* not us, so add the previous realm to transited set */
+ 	if (num_realms + 1 > UINT_MAX/sizeof(*realms)) {
+ 	    ret = ERANGE;
+ 	    goto free_realms;
+@@ -737,6 +741,7 @@ tgs_make_reply(krb5_context context,
+ 	       const char *server_name,
+ 	       hdb_entry_ex *client,
+ 	       krb5_principal client_principal,
++               const char *tgt_realm,
+ 	       hdb_entry_ex *krbtgt,
+ 	       krb5_enctype krbtgt_etype,
+ 	       krb5_principals spp,
+@@ -798,7 +803,7 @@ tgs_make_reply(krb5_context context,
+ 				 &tgt->transited, &et,
+ 				 krb5_principal_get_realm(context, client_principal),
+ 				 krb5_principal_get_realm(context, server->entry.principal),
+-				 krb5_principal_get_realm(context, krbtgt->entry.principal));
++				 tgt_realm);
+     if(ret)
+ 	goto out;
+ 
+@@ -1519,4 +1524,6 @@ tgs_build_reply(krb5_context context,
+     krb5_keyblock sessionkey;
+     krb5_kvno kvno;
+     krb5_data rspac;
++    const char *tgt_realm = /* Realm of TGT issuer */
++        krb5_principal_get_realm(context, krbtgt->entry.principal);
+
+@@ -2324,6 +2331,7 @@ server_lookup:
+ 			 spn,
+ 			 client,
+ 			 cp,
++                         tgt_realm,
+ 			 krbtgt_out,
+ 			 tkey_sign->key.keytype,
+ 			 spp,
+-- 
+2.13.3
+
diff --git a/gnu/packages/patches/intltool-perl-compatibility.patch b/gnu/packages/patches/intltool-perl-compatibility.patch
new file mode 100644
index 0000000000..b895ca7cb9
--- /dev/null
+++ b/gnu/packages/patches/intltool-perl-compatibility.patch
@@ -0,0 +1,76 @@
+This patch fixes a regex parsing compatibility issue with Perl 5.26.0.
+It manifests during the configure phase of at-spi2-core like this:
+
+------
+Unescaped left brace in regex is illegal here in regex; marked by <-- HERE in m/^(.*)\${ <-- HERE ?([A-Z_]+)}?(.*)$/ at /gnu/store/...-intltool-0.51.0/bin/intltool-update line 1065.
+------
+
+Copied from Gentoo and MSYS2:
+
+https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-util/intltool/files/intltool-0.51.0-perl-5.26.patch?id=1105187fc65d8bf643e682fcef39620dcfd9326a
+https://github.com/Alexpux/MSYS2-packages/blob/0d3f442553ae4fc8798e32cbf44c4252fa8f3c07/intltool/perl-5.22-compatibility.patch
+
+#diff -ruN intltool-0.51.0.orig/intltool-update.in intltool-0.51.0/intltool-update.in
+#--- intltool-0.51.0.orig/intltool-update.in	2017-06-28 00:47:20.889269294 +0200
+#+++ intltool-0.51.0/intltool-update.in	2017-06-28 00:48:14.592271529 +0200
+#@@ -1068,7 +1068,7 @@
+# 	my $untouched = $1;
+# 	my $sub = "";
+#         # Ignore recursive definitions of variables
+#-        $sub = $varhash{$2} if defined $varhash{$2} and $varhash{$2} !~ /\${?$2}?/;
+#+        $sub = $varhash{$2} if defined $varhash{$2} and $varhash{$2} !~ /\$\{?$2}?/;
+# 
+# 	return SubstituteVariable ("$untouched$sub$rest");
+#     }
+--- intltool-0.51.0.orig/intltool-update.in	2015-03-09 02:39:54.000000000 +0100
++++ intltool-0.51.0.orig/intltool-update.in	2015-06-19 01:52:07.171228154 +0200
+@@ -1062,7 +1062,7 @@ 
+ 	}
+     }
+ 
+-    if ($str =~ /^(.*)\${?([A-Z_]+)}?(.*)$/)
++    if ($str =~ /^(.*)\$\{?([A-Z_]+)}?(.*)$/)
+     {
+ 	my $rest = $3;
+ 	my $untouched = $1;
+@@ -1068,7 +1068,7 @@
+ 	my $untouched = $1;
+ 	my $sub = "";
+         # Ignore recursive definitions of variables
+-        $sub = $varhash{$2} if defined $varhash{$2} and $varhash{$2} !~ /\${?$2}?/;
++        $sub = $varhash{$2} if defined $varhash{$2} and $varhash{$2} !~ /\$\{?$2}?/;
+ 
+ 	return SubstituteVariable ("$untouched$sub$rest");
+     }
+@@ -1190,10 +1190,10 @@ 
+ 	$name    =~ s/\(+$//g;
+ 	$version =~ s/\(+$//g;
+ 
+-	$varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\${?AC_PACKAGE_NAME}?/);
+-	$varhash{"PACKAGE"} = $name if (not $name =~ /\${?PACKAGE}?/);
+-	$varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\${?AC_PACKAGE_VERSION}?/);
+-	$varhash{"VERSION"} = $version if (not $name =~ /\${?VERSION}?/);
++	$varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\$\{?AC_PACKAGE_NAME}?/);
++	$varhash{"PACKAGE"} = $name if (not $name =~ /\$\{?PACKAGE}?/);
++	$varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\$\{?AC_PACKAGE_VERSION}?/);
++	$varhash{"VERSION"} = $version if (not $name =~ /\$\{?VERSION}?/);
+     }
+ 
+     if ($conf_source =~ /^AC_INIT\(([^,\)]+),([^,\)]+)[,]?([^,\)]+)?/m)
+@@ -1219,11 +1219,11 @@ 
+ 	$version =~ s/\(+$//g;
+         $bugurl  =~ s/\(+$//g if (defined $bugurl);
+ 
+-	$varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\${?AC_PACKAGE_NAME}?/);
+-	$varhash{"PACKAGE"} = $name if (not $name =~ /\${?PACKAGE}?/);
+-	$varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\${?AC_PACKAGE_VERSION}?/);
+-	$varhash{"VERSION"} = $version if (not $name =~ /\${?VERSION}?/);
+-        $varhash{"PACKAGE_BUGREPORT"} = $bugurl if (defined $bugurl and not $bugurl =~ /\${?\w+}?/);
++	$varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\$\{?AC_PACKAGE_NAME}?/);
++	$varhash{"PACKAGE"} = $name if (not $name =~ /\$\{?PACKAGE}?/);
++	$varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\$\{?AC_PACKAGE_VERSION}?/);
++	$varhash{"VERSION"} = $version if (not $name =~ /\$\{?VERSION}?/);
++        $varhash{"PACKAGE_BUGREPORT"} = $bugurl if (defined $bugurl and not $bugurl =~ /\$\{?\w+}?/);
+     }
+ 
+     # \s makes this not work, why?
diff --git a/gnu/packages/patches/libffi-3.2.1-complex-alpha.patch b/gnu/packages/patches/libffi-3.2.1-complex-alpha.patch
new file mode 100644
index 0000000000..ebbc0635a5
--- /dev/null
+++ b/gnu/packages/patches/libffi-3.2.1-complex-alpha.patch
@@ -0,0 +1,28 @@
+The patch fixes build failure of form:
+     ../src/alpha/osf.S:298:2: error: #error "osf.S out of sync with ffi.h"
+Upstream fixed the bug in a more invasive way
+but didn't have releases since 3.2.1.
+
+The patch is taken from Gentoo:
+https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/libffi/files/libffi-3.2.1-complex_alpha.patch
+
+--- libffi-3.2.1/src/alpha/osf.S	2015-01-16 10:46:15.000000000 +0100
++++ libffi-3.2.1/src/alpha/osf.S	2015-01-16 10:46:24.000000000 +0100
+@@ -279,6 +279,7 @@
+ 	.gprel32 $load_64	# FFI_TYPE_SINT64
+ 	.gprel32 $load_none	# FFI_TYPE_STRUCT
+ 	.gprel32 $load_64	# FFI_TYPE_POINTER
++	.gprel32 $load_none	# FFI_TYPE_COMPLEX
+ 
+ /* Assert that the table above is in sync with ffi.h.  */
+ 
+@@ -294,7 +295,8 @@
+ 	|| FFI_TYPE_SINT64 != 12	\
+ 	|| FFI_TYPE_STRUCT != 13	\
+ 	|| FFI_TYPE_POINTER != 14	\
+-	|| FFI_TYPE_LAST != 14
++	|| FFI_TYPE_COMPLEX != 15       \
++	|| FFI_TYPE_LAST != 15
+ #error "osf.S out of sync with ffi.h"
+ #endif
+ 
diff --git a/gnu/packages/patches/libgit2-use-after-free.patch b/gnu/packages/patches/libgit2-use-after-free.patch
deleted file mode 100644
index 580af8781a..0000000000
--- a/gnu/packages/patches/libgit2-use-after-free.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-This patch is taken from <https://github.com/libgit2/libgit2/pull/4122>;
-we need it to fix the use-after-free error in 'git_commit_extract_signature'
-reported at <https://github.com/libgit2/libgit2/issues/4118>.
-
-From ade0d9c658fdfc68d8046935f6908f033fe7a529 Mon Sep 17 00:00:00 2001
-From: Patrick Steinhardt <ps@pks.im>
-Date: Mon, 13 Feb 2017 13:46:17 +0100
-Subject: [PATCH 3/3] commit: avoid possible use-after-free
-
-diff --git a/src/commit.c b/src/commit.c
-index 89a4db1..05b70a9 100644
---- a/src/commit.c
-+++ b/src/commit.c
-@@ -766,8 +766,9 @@ int git_commit_extract_signature(git_buf *signature, git_buf *signed_data, git_r
- 		if (git_buf_oom(signature))
- 			goto oom;
- 
-+		error = git_buf_puts(signed_data, eol+1);
- 		git_odb_object_free(obj);
--		return git_buf_puts(signed_data, eol+1);
-+		return error;
- 	}
- 
- 	giterr_set(GITERR_OBJECT, "this commit is not signed");
diff --git a/gnu/packages/patches/libtasn1-CVE-2017-10790.patch b/gnu/packages/patches/libtasn1-CVE-2017-10790.patch
new file mode 100644
index 0000000000..6cec0c8030
--- /dev/null
+++ b/gnu/packages/patches/libtasn1-CVE-2017-10790.patch
@@ -0,0 +1,63 @@
+Fix CVE-2017-10790:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790
+
+Patch copied from upstream source repository:
+
+https://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=d8d805e1f2e6799bb2dff4871a8598dc83088a39
+
+From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Thu, 22 Jun 2017 16:31:37 +0200
+Subject: [PATCH] _asn1_check_identifier: safer access to values read
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/parser_aux.c | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/lib/parser_aux.c b/lib/parser_aux.c
+index 976ab38..786ea64 100644
+--- a/lib/parser_aux.c
++++ b/lib/parser_aux.c
+@@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node)
+ 	  if (p2 == NULL)
+ 	    {
+ 	      if (p->value)
+-		_asn1_strcpy (_asn1_identifierMissing, p->value);
++		_asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value);
+ 	      else
+ 		_asn1_strcpy (_asn1_identifierMissing, "(null)");
+ 	      return ASN1_IDENTIFIER_NOT_FOUND;
+@@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node)
+ 	  if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT))
+ 	    {
+ 	      _asn1_str_cpy (name2, sizeof (name2), node->name);
+-	      _asn1_str_cat (name2, sizeof (name2), ".");
+-	      _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
+-	      _asn1_strcpy (_asn1_identifierMissing, p2->value);
++	      if (p2->value)
++	        {
++	          _asn1_str_cat (name2, sizeof (name2), ".");
++	          _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
++	          _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
++	        }
++	      else
++		_asn1_strcpy (_asn1_identifierMissing, "(null)");
++
+ 	      p2 = asn1_find_node (node, name2);
+ 	      if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) ||
+ 		  !(p2->type & CONST_ASSIGN))
+@@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node)
+ 		  _asn1_str_cpy (name2, sizeof (name2), node->name);
+ 		  _asn1_str_cat (name2, sizeof (name2), ".");
+ 		  _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
+-		  _asn1_strcpy (_asn1_identifierMissing, p2->value);
++		  _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
++
+ 		  p2 = asn1_find_node (node, name2);
+ 		  if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID)
+ 		      || !(p2->type & CONST_ASSIGN))
+-- 
+2.13.3
+
diff --git a/gnu/packages/patches/libtasn1-CVE-2017-6891.patch b/gnu/packages/patches/libtasn1-CVE-2017-6891.patch
deleted file mode 100644
index 1f847ed025..0000000000
--- a/gnu/packages/patches/libtasn1-CVE-2017-6891.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-Fix CVE-2017-6891:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891
-
-Patch copied from upstream source repository:
-
-https://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=5520704d075802df25ce4ffccc010ba1641bd484
-
-From 5520704d075802df25ce4ffccc010ba1641bd484 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Thu, 18 May 2017 18:03:34 +0200
-Subject: [PATCH] asn1_find_node: added safety check on asn1_find_node()
-
-This prevents a stack overflow in asn1_find_node() which
-is triggered by too long variable names in the definitions
-files. That means that applications have to deliberately
-pass a too long 'name' constant to asn1_write_value()
-and friends.  Reported by Jakub Jirasek.
-
-Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
----
- lib/parser_aux.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/lib/parser_aux.c b/lib/parser_aux.c
-index b4a7370..976ab38 100644
---- a/lib/parser_aux.c
-+++ b/lib/parser_aux.c
-@@ -120,6 +120,9 @@ asn1_find_node (asn1_node pointer, const char *name)
-       if (n_end)
- 	{
- 	  nsize = n_end - n_start;
-+	  if (nsize >= sizeof(n))
-+		return NULL;
-+
- 	  memcpy (n, n_start, nsize);
- 	  n[nsize] = 0;
- 	  n_start = n_end;
-@@ -158,6 +161,9 @@ asn1_find_node (asn1_node pointer, const char *name)
-       if (n_end)
- 	{
- 	  nsize = n_end - n_start;
-+	  if (nsize >= sizeof(n))
-+		return NULL;
-+
- 	  memcpy (n, n_start, nsize);
- 	  n[nsize] = 0;
- 	  n_start = n_end;
--- 
-2.13.0
-
diff --git a/gnu/packages/patches/libtiff-CVE-2016-10092.patch b/gnu/packages/patches/libtiff-CVE-2016-10092.patch
deleted file mode 100644
index d5fd796169..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2016-10092.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Fix CVE-2016-10092:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2620
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10092
-https://security-tracker.debian.org/tracker/CVE-2016-10092
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i (ignore)
-	mode so that the output buffer is correctly incremented to avoid write
-	outside bounds.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2620
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1178; previous revision: 1.1177
-/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v  <--  tools/tiffcrop.c
-new revision: 1.47; previous revision: 1.46
-
-Index: libtiff/tools/tiffcrop.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v
-retrieving revision 1.46
-retrieving revision 1.47
-diff -u -r1.46 -r1.47
---- libtiff/tools/tiffcrop.c	18 Nov 2016 14:58:46 -0000	1.46
-+++ libtiff/tools/tiffcrop.c	3 Dec 2016 11:35:56 -0000	1.47
-@@ -1,4 +1,4 @@
--/* $Id: tiffcrop.c,v 1.46 2016-11-18 14:58:46 erouault Exp $ */
-+/* $Id: tiffcrop.c,v 1.47 2016-12-03 11:35:56 erouault Exp $ */
- 
- /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of
-  * the image data through additional options listed below
-@@ -3698,7 +3698,7 @@
-                                   (unsigned long) strip, (unsigned long)rows);
-                         return 0;
-                 }
--                bufp += bytes_read;
-+                bufp += stripsize;
-         }
- 
-         return 1;
diff --git a/gnu/packages/patches/libtiff-CVE-2016-10093.patch b/gnu/packages/patches/libtiff-CVE-2016-10093.patch
deleted file mode 100644
index 5897ec1029..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2016-10093.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-Fix CVE-2016-10093:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2610
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10093
-https://security-tracker.debian.org/tracker/CVE-2016-10093
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcp.c: fix uint32 underflow/overflow that can cause
-	heap-based buffer overflow.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2610
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1187; previous revision: 1.1186
-/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
-new revision: 1.59; previous revision: 1.58
-
-Index: libtiff/tools/tiffcp.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
-retrieving revision 1.58
-retrieving revision 1.59
-diff -u -r1.58 -r1.59
---- libtiff/tools/tiffcp.c	3 Dec 2016 15:44:15 -0000	1.58
-+++ libtiff/tools/tiffcp.c	3 Dec 2016 16:40:01 -0000	1.59
-@@ -1163,7 +1163,7 @@
- 
- static void
- cpStripToTile(uint8* out, uint8* in,
--    uint32 rows, uint32 cols, int outskew, int inskew)
-+    uint32 rows, uint32 cols, int outskew, int64 inskew)
- {
- 	while (rows-- > 0) {
- 		uint32 j = cols;
-@@ -1320,7 +1320,7 @@
- 	tdata_t tilebuf;
- 	uint32 imagew = TIFFScanlineSize(in);
- 	uint32 tilew  = TIFFTileRowSize(in);
--	int iskew = imagew - tilew;
-+	int64 iskew = (int64)imagew - (int64)tilew;
- 	uint8* bufp = (uint8*) buf;
- 	uint32 tw, tl;
- 	uint32 row;
-@@ -1348,7 +1348,7 @@
- 				status = 0;
- 				goto done;
- 			}
--			if (colb + tilew > imagew) {
-+			if (colb > iskew) {
- 				uint32 width = imagew - colb;
- 				uint32 oskew = tilew - width;
- 				cpStripToTile(bufp + colb,
diff --git a/gnu/packages/patches/libtiff-CVE-2016-10094.patch b/gnu/packages/patches/libtiff-CVE-2016-10094.patch
deleted file mode 100644
index 9018773565..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2016-10094.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Fix CVE-2016-10094:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2640
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10094
-https://security-tracker.debian.org/tracker/CVE-2016-10094
-
-2016-12-20 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiff2pdf.c: avoid potential heap-based overflow in
-        t2p_readwrite_pdf_image_tile().
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2640
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1199; previous revision: 1.1198
-/cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v  <--  tools/tiff2pdf.c
-new revision: 1.101; previous revision: 1.100
-
-Index: libtiff/tools/tiff2pdf.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v
-retrieving revision 1.100
-retrieving revision 1.101
-diff -u -r1.100 -r1.101
---- libtiff/tools/tiff2pdf.c	20 Dec 2016 17:24:35 -0000	1.100
-+++ libtiff/tools/tiff2pdf.c	20 Dec 2016 17:28:17 -0000	1.101
-@@ -2895,7 +2895,7 @@
- 				return(0);
- 			}
- 			if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) {
--				if (count >= 4) {
-+				if (count > 4) {
-                                         int retTIFFReadRawTile;
-                     /* Ignore EOI marker of JpegTables */
- 					_TIFFmemcpy(buffer, jpt, count - 2);
diff --git a/gnu/packages/patches/libtiff-CVE-2017-5225.patch b/gnu/packages/patches/libtiff-CVE-2017-5225.patch
deleted file mode 100644
index 3158b49360..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2017-5225.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-Fix CVE-2017-5225 (Heap based buffer overflow in tools/tiffcp):
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2656
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5225
-https://security-tracker.debian.org/tracker/CVE-2017-5225
-
-2017-01-11 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow and
-        cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based
-overflow.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and
-        http://bugzilla.maptools.org/show_bug.cgi?id=2657
-
-
-less C/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1210; previous revision: 1.1209
-/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
-new revision: 1.61; previous revision: 1.60
-
-Index: libtiff/tools/tiffcp.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
-retrieving revision 1.60
-retrieving revision 1.61
-diff -u -r1.60 -r1.61
---- libtiff/tools/tiffcp.c	3 Dec 2016 16:50:02 -0000	1.60
-+++ libtiff/tools/tiffcp.c	11 Jan 2017 19:26:14 -0000	1.61
-#@@ -1,4 +1,4 @@
-#-/* $Id: tiffcp.c,v 1.60 2016-12-03 16:50:02 erouault Exp $ */
-#+/* $Id: tiffcp.c,v 1.61 2017-01-11 19:26:14 erouault Exp $ */
-# 
-# /*
-#  * Copyright (c) 1988-1997 Sam Leffler
-@@ -591,7 +591,7 @@
- static int
- tiffcp(TIFF* in, TIFF* out)
- {
--	uint16 bitspersample, samplesperpixel = 1;
-+	uint16 bitspersample = 1, samplesperpixel = 1;
- 	uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK;
- 	copyFunc cf;
- 	uint32 width, length;
-@@ -1067,6 +1067,16 @@
- 	register uint32 n;
- 	uint32 row;
- 	tsample_t s;
-+        uint16 bps = 0;
-+
-+        (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
-+        if( bps != 8 )
-+        {
-+            TIFFError(TIFFFileName(in),
-+                      "Error, can only handle BitsPerSample=8 in %s",
-+                      "cpContig2SeparateByRow");
-+            return 0;
-+        }
- 
- 	inbuf = _TIFFmalloc(scanlinesizein);
- 	outbuf = _TIFFmalloc(scanlinesizeout);
-@@ -1120,6 +1130,16 @@
- 	register uint32 n;
- 	uint32 row;
- 	tsample_t s;
-+        uint16 bps = 0;
-+
-+        (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
-+        if( bps != 8 )
-+        {
-+            TIFFError(TIFFFileName(in),
-+                      "Error, can only handle BitsPerSample=8 in %s",
-+                      "cpSeparate2ContigByRow");
-+            return 0;
-+        }
- 
- 	inbuf = _TIFFmalloc(scanlinesizein);
- 	outbuf = _TIFFmalloc(scanlinesizeout);
-@@ -1784,7 +1804,7 @@
- 	uint32 w, l, tw, tl;
- 	int bychunk;
- 
--	(void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv);
-+	(void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv);
- 	if (shortv != config && bitspersample != 8 && samplesperpixel > 1) {
- 		fprintf(stderr,
- 		    "%s: Cannot handle different planar configuration w/ bits/sample != 8\n",
diff --git a/gnu/packages/patches/libtiff-assertion-failure.patch b/gnu/packages/patches/libtiff-assertion-failure.patch
deleted file mode 100644
index ef747fbdd7..0000000000
--- a/gnu/packages/patches/libtiff-assertion-failure.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-Fix assertion failure in readSeparateTilesIntoBuffer():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2605
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcp.c: replace assert( (bps % 8) == 0 ) by a non assert
-check.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2605
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1188; previous revision: 1.1187
-/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
-new revision: 1.60; previous revision: 1.59
-
-Index: libtiff/tools/tiffcp.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
-retrieving revision 1.59
-retrieving revision 1.60
-diff -u -r1.59 -r1.60
---- libtiff/tools/tiffcp.c	3 Dec 2016 16:40:01 -0000	1.59
-+++ libtiff/tools/tiffcp.c	3 Dec 2016 16:50:02 -0000	1.60
-@@ -45,7 +45,6 @@
- #include <string.h>
- 
- #include <ctype.h>
--#include <assert.h>
- 
- #ifdef HAVE_UNISTD_H
- # include <unistd.h>
-@@ -1393,7 +1392,12 @@
-             status = 0;
-             goto done;
-         }
--	assert( bps % 8 == 0 );
-+        if( (bps % 8) != 0 )
-+        {
-+            TIFFError(TIFFFileName(in), "Error, cannot handle BitsPerSample that is not a multiple of 8");
-+            status = 0;
-+            goto done;
-+        }
- 	bytes_per_sample = bps/8;
- 
- 	for (row = 0; row < imagelength; row += tl) {
-@@ -1584,7 +1588,12 @@
-             _TIFFfree(obuf);
-             return 0;
-         }
--	assert( bps % 8 == 0 );
-+        if( (bps % 8) != 0 )
-+        {
-+            TIFFError(TIFFFileName(out), "Error, cannot handle BitsPerSample that is not a multiple of 8");
-+            _TIFFfree(obuf);
-+            return 0;
-+        }
- 	bytes_per_sample = bps/8;
- 
- 	for (row = 0; row < imagelength; row += tl) {
diff --git a/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch b/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch
deleted file mode 100644
index 2a96b68521..0000000000
--- a/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-Fix divide-by-zero in OJPEGDecodeRaw():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2611
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case of failure
-in
-        OJPEGPreDecode(). This will avoid a divide by zero, and potential other
-issues.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2611
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1177; previous revision: 1.1176
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v  <--  libtiff/tif_ojpeg.c
-new revision: 1.66; previous revision: 1.65
-
-Index: libtiff/libtiff/tif_ojpeg.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v
-retrieving revision 1.65
-retrieving revision 1.66
-diff -u -r1.65 -r1.66
---- libtiff/libtiff/tif_ojpeg.c	4 Sep 2016 21:32:56 -0000	1.65
-+++ libtiff/libtiff/tif_ojpeg.c	3 Dec 2016 11:15:18 -0000	1.66
-@@ -1,4 +1,4 @@
--/* $Id: tif_ojpeg.c,v 1.65 2016-09-04 21:32:56 erouault Exp $ */
-+/* $Id: tif_ojpeg.c,v 1.66 2016-12-03 11:15:18 erouault Exp $ */
- 
- /* WARNING: The type of JPEG encapsulation defined by the TIFF Version 6.0
-    specification is now totally obsolete and deprecated for new applications and
-@@ -244,6 +244,7 @@
- 
- typedef struct {
- 	TIFF* tif;
-+        int decoder_ok;
- 	#ifndef LIBJPEG_ENCAP_EXTERNAL
- 	JMP_BUF exit_jmpbuf;
- 	#endif
-@@ -722,6 +723,7 @@
- 		}
- 		sp->write_curstrile++;
- 	}
-+	sp->decoder_ok = 1;
- 	return(1);
- }
- 
-@@ -784,8 +786,14 @@
- static int
- OJPEGDecode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s)
- {
-+        static const char module[]="OJPEGDecode";
- 	OJPEGState* sp=(OJPEGState*)tif->tif_data;
- 	(void)s;
-+        if( !sp->decoder_ok )
-+        {
-+            TIFFErrorExt(tif->tif_clientdata,module,"Cannot decode: decoder not correctly initialized");
-+            return 0;
-+        }
- 	if (sp->libjpeg_jpeg_query_style==0)
- 	{
- 		if (OJPEGDecodeRaw(tif,buf,cc)==0)
diff --git a/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch b/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch
deleted file mode 100644
index d3f1c2b60e..0000000000
--- a/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-Fix two divide-by-zero bugs in readSeparateTilesIntoBuffer():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2597
-http://bugzilla.maptools.org/show_bug.cgi?id=2607
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
-tag is
-        missing.
-        Reported by Agostino sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2597
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1183; previous revision: 1.1182
-/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
-new revision: 1.57; previous revision: 1.56
-
-Index: libtiff/tools/tiffcp.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
-retrieving revision 1.56
-retrieving revision 1.57
-diff -u -r1.56 -r1.57
---- libtiff/tools/tiffcp.c	2 Dec 2016 22:13:32 -0000	1.56
-+++ libtiff/tools/tiffcp.c	3 Dec 2016 14:42:40 -0000	1.57
-@@ -1,4 +1,4 @@
--/* $Id: tiffcp.c,v 1.56 2016-12-02 22:13:32 erouault Exp $ */
-+/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -1378,7 +1378,7 @@
- 	uint8* bufp = (uint8*) buf;
- 	uint32 tw, tl;
- 	uint32 row;
--	uint16 bps, bytes_per_sample;
-+	uint16 bps = 0, bytes_per_sample;
- 
- 	tilebuf = _TIFFmalloc(tilesize);
- 	if (tilebuf == 0)
-@@ -1387,6 +1387,12 @@
- 	(void) TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw);
- 	(void) TIFFGetField(in, TIFFTAG_TILELENGTH, &tl);
- 	(void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
-+        if( bps == 0 )
-+        {
-+            TIFFError(TIFFFileName(in), "Error, cannot read BitsPerSample");
-+            status = 0;
-+            goto done;
-+        }
- 	assert( bps % 8 == 0 );
- 	bytes_per_sample = bps/8;
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
-tag is
-        missing.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2607
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1186; previous revision: 1.1185
-/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
-new revision: 1.58; previous revision: 1.57
- 
-Index: libtiff/tools/tiffcp.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
-retrieving revision 1.57
-retrieving revision 1.58
-diff -u -r1.57 -r1.58
---- libtiff/tools/tiffcp.c	3 Dec 2016 14:42:40 -0000	1.57
-+++ libtiff/tools/tiffcp.c	3 Dec 2016 15:44:15 -0000	1.58
-@@ -1,4 +1,4 @@
--/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */
-+/* $Id: tiffcp.c,v 1.58 2016-12-03 15:44:15 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -1569,7 +1569,7 @@
- 	uint8* bufp = (uint8*) buf;
- 	uint32 tl, tw;
- 	uint32 row;
--	uint16 bps, bytes_per_sample;
-+	uint16 bps = 0, bytes_per_sample;
- 
- 	obuf = _TIFFmalloc(TIFFTileSize(out));
- 	if (obuf == NULL)
-@@ -1578,6 +1578,12 @@
- 	(void) TIFFGetField(out, TIFFTAG_TILELENGTH, &tl);
- 	(void) TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw);
- 	(void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
-+        if( bps == 0 )
-+        {
-+            TIFFError(TIFFFileName(out), "Error, cannot read BitsPerSample");
-+            _TIFFfree(obuf);
-+            return 0;
-+        }
- 	assert( bps % 8 == 0 );
- 	bytes_per_sample = bps/8;
- 
diff --git a/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch b/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch
deleted file mode 100644
index 823293f1cf..0000000000
--- a/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-Fix divide-by-zero in readSeparateStripsIntoBuffer():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2619
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcrop.c: fix integer division by zero when BitsPerSample is
-missing.
-        Reported by Agostina Sarubo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2619
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1180; previous revision: 1.1179
-/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v  <--  tools/tiffcrop.c
-new revision: 1.49; previous revision: 1.48
-
-Index: libtiff/tools/tiffcrop.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v
-retrieving revision 1.48
-retrieving revision 1.49
-diff -u -r1.48 -r1.49
---- libtiff/tools/tiffcrop.c	3 Dec 2016 12:19:32 -0000	1.48
-+++ libtiff/tools/tiffcrop.c	3 Dec 2016 13:00:04 -0000	1.49
-@@ -1,4 +1,4 @@
--/* $Id: tiffcrop.c,v 1.48 2016-12-03 12:19:32 erouault Exp $ */
-+/* $Id: tiffcrop.c,v 1.49 2016-12-03 13:00:04 erouault Exp $ */
- 
- /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of
-  * the image data through additional options listed below
-@@ -1164,7 +1164,7 @@
-   tdata_t  obuf;
- 
-   (void) TIFFGetFieldDefaulted(out, TIFFTAG_ROWSPERSTRIP, &rowsperstrip);
--  (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
-+  (void) TIFFGetFieldDefaulted(out, TIFFTAG_BITSPERSAMPLE, &bps);
-   bytes_per_sample = (bps + 7) / 8;
-   if( width == 0 ||
-       (uint32)bps * (uint32)spp > TIFF_UINT32_MAX / width ||
-@@ -4760,7 +4760,7 @@
-   int i, bytes_per_sample, bytes_per_pixel, shift_width, result = 1;
-   uint32 j;
-   int32  bytes_read = 0;
--  uint16 bps, planar;
-+  uint16 bps = 0, planar;
-   uint32 nstrips;
-   uint32 strips_per_sample;
-   uint32 src_rowsize, dst_rowsize, rows_processed, rps;
-@@ -4780,7 +4780,7 @@
-     }
- 
-   memset (srcbuffs, '\0', sizeof(srcbuffs));
--  TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
-+  TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps);
-   TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &planar);
-   TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps);
-   if (rps > length)
diff --git a/gnu/packages/patches/libtiff-divide-by-zero.patch b/gnu/packages/patches/libtiff-divide-by-zero.patch
deleted file mode 100644
index 6dbd4666cd..0000000000
--- a/gnu/packages/patches/libtiff-divide-by-zero.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-Fix an integer overflow in TIFFReadEncodedStrip() that led to division-by-zero:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2596
-
-2016-12-02 Even Rouault <even.rouault at spatialys.com>
-
-        * libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow in
-        TIFFReadEncodedStrip() that caused an integer division by zero.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2596
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1173; previous revision: 1.1172
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v  <--  libtiff/tif_read.c
-new revision: 1.50; previous revision: 1.49
-/cvs/maptools/cvsroot/libtiff/libtiff/tiffiop.h,v  <--  libtiff/tiffiop.h
-new revision: 1.90; previous revision: 1.89
-
-Index: libtiff/libtiff/tif_read.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v
-retrieving revision 1.49
-retrieving revision 1.50
-diff -u -r1.49 -r1.50
---- libtiff/libtiff/tif_read.c	10 Jul 2016 18:00:21 -0000	1.49
-+++ libtiff/libtiff/tif_read.c	2 Dec 2016 21:56:56 -0000	1.50
-@@ -1,4 +1,4 @@
--/* $Id: tif_read.c,v 1.49 2016-07-10 18:00:21 erouault Exp $ */
-+/* $Id: tif_read.c,v 1.50 2016-12-02 21:56:56 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -346,7 +346,7 @@
- 	rowsperstrip=td->td_rowsperstrip;
- 	if (rowsperstrip>td->td_imagelength)
- 		rowsperstrip=td->td_imagelength;
--	stripsperplane=((td->td_imagelength+rowsperstrip-1)/rowsperstrip);
-+	stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip);
- 	stripinplane=(strip%stripsperplane);
- 	plane=(uint16)(strip/stripsperplane);
- 	rows=td->td_imagelength-stripinplane*rowsperstrip;
-Index: libtiff/libtiff/tiffiop.h
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tiffiop.h,v
-retrieving revision 1.89
-retrieving revision 1.90
-diff -u -r1.89 -r1.90
---- libtiff/libtiff/tiffiop.h	23 Jan 2016 21:20:34 -0000	1.89
-+++ libtiff/libtiff/tiffiop.h	2 Dec 2016 21:56:56 -0000	1.90
-@@ -1,4 +1,4 @@
--/* $Id: tiffiop.h,v 1.89 2016-01-23 21:20:34 erouault Exp $ */
-+/* $Id: tiffiop.h,v 1.90 2016-12-02 21:56:56 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -250,6 +250,10 @@
- #define TIFFhowmany_32(x, y) (((uint32)x < (0xffffffff - (uint32)(y-1))) ? \
- 			   ((((uint32)(x))+(((uint32)(y))-1))/((uint32)(y))) : \
- 			   0U)
-+/* Variant of TIFFhowmany_32() that doesn't return 0 if x close to MAXUINT. */
-+/* Caution: TIFFhowmany_32_maxuint_compat(x,y)*y might overflow */
-+#define TIFFhowmany_32_maxuint_compat(x, y) \
-+			   (((uint32)(x) / (uint32)(y)) + ((((uint32)(x) % (uint32)(y)) != 0) ? 1 : 0))
- #define TIFFhowmany8_32(x) (((x)&0x07)?((uint32)(x)>>3)+1:(uint32)(x)>>3)
- #define TIFFroundup_32(x, y) (TIFFhowmany_32(x,y)*(y))
- #define TIFFhowmany_64(x, y) ((((uint64)(x))+(((uint64)(y))-1))/((uint64)(y)))
diff --git a/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch b/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch
deleted file mode 100644
index 2d5e23586d..0000000000
--- a/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-Fix heap-based buffer overflow in _TIFFmemcpy():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2604
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based buffer
-        overflow on generation of PixarLog / LUV compressed files, with
-        ColorMap, TransferFunction attached and nasty plays with bitspersample.
-        The fix for LUV has not been tested, but suffers from the same kind
-        of issue of PixarLog.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2604
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1175; previous revision: 1.1174
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_luv.c,v  <--  libtiff/tif_luv.c
-new revision: 1.44; previous revision: 1.43
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v  <-- 
-libtiff/tif_pixarlog.c
-new revision: 1.49; previous revision: 1.48
-
-Index: libtiff/libtiff/tif_luv.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_luv.c,v
-retrieving revision 1.43
-retrieving revision 1.44
-diff -u -r1.43 -r1.44
---- libtiff/libtiff/tif_luv.c	4 Sep 2016 21:32:56 -0000	1.43
-+++ libtiff/libtiff/tif_luv.c	2 Dec 2016 23:05:51 -0000	1.44
-@@ -1,4 +1,4 @@
--/* $Id: tif_luv.c,v 1.43 2016-09-04 21:32:56 erouault Exp $ */
-+/* $Id: tif_luv.c,v 1.44 2016-12-02 23:05:51 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1997 Greg Ward Larson
-@@ -158,6 +158,7 @@
- typedef struct logLuvState LogLuvState;
- 
- struct logLuvState {
-+        int                     encoder_state;  /* 1 if encoder correctly initialized */
- 	int                     user_datafmt;   /* user data format */
- 	int                     encode_meth;    /* encoding method */
- 	int                     pixel_size;     /* bytes per pixel */
-@@ -1552,6 +1553,7 @@
- 		    td->td_photometric, "must be either LogLUV or LogL");
- 		break;
- 	}
-+	sp->encoder_state = 1;
- 	return (1);
- notsupported:
- 	TIFFErrorExt(tif->tif_clientdata, module,
-@@ -1563,19 +1565,27 @@
- static void
- LogLuvClose(TIFF* tif)
- {
-+        LogLuvState* sp = (LogLuvState*) tif->tif_data;
- 	TIFFDirectory *td = &tif->tif_dir;
- 
-+	assert(sp != 0);
- 	/*
- 	 * For consistency, we always want to write out the same
- 	 * bitspersample and sampleformat for our TIFF file,
- 	 * regardless of the data format being used by the application.
- 	 * Since this routine is called after tags have been set but
- 	 * before they have been recorded in the file, we reset them here.
-+         * Note: this is really a nasty approach. See PixarLogClose
- 	 */
--	td->td_samplesperpixel =
--	    (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
--	td->td_bitspersample = 16;
--	td->td_sampleformat = SAMPLEFORMAT_INT;
-+        if( sp->encoder_state )
-+        {
-+            /* See PixarLogClose. Might avoid issues with tags whose size depends
-+             * on those below, but not completely sure this is enough. */
-+            td->td_samplesperpixel =
-+                (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
-+            td->td_bitspersample = 16;
-+            td->td_sampleformat = SAMPLEFORMAT_INT;
-+        }
- }
- 
- static void
-Index: libtiff/libtiff/tif_pixarlog.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v
-retrieving revision 1.48
-retrieving revision 1.49
-diff -u -r1.48 -r1.49
---- libtiff/libtiff/tif_pixarlog.c	23 Sep 2016 22:12:18 -0000	1.48
-+++ libtiff/libtiff/tif_pixarlog.c	2 Dec 2016 23:05:51 -0000	1.49
-@@ -1,4 +1,4 @@
--/* $Id: tif_pixarlog.c,v 1.48 2016-09-23 22:12:18 erouault Exp $ */
-+/* $Id: tif_pixarlog.c,v 1.49 2016-12-02 23:05:51 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1996-1997 Sam Leffler
-@@ -1233,8 +1233,10 @@
- static void
- PixarLogClose(TIFF* tif)
- {
-+        PixarLogState* sp = (PixarLogState*) tif->tif_data;
- 	TIFFDirectory *td = &tif->tif_dir;
- 
-+	assert(sp != 0);
- 	/* In a really sneaky (and really incorrect, and untruthful, and
- 	 * troublesome, and error-prone) maneuver that completely goes against
- 	 * the spirit of TIFF, and breaks TIFF, on close, we covertly
-@@ -1243,8 +1245,19 @@
- 	 * readers that don't know about PixarLog, or how to set
- 	 * the PIXARLOGDATFMT pseudo-tag.
- 	 */
--	td->td_bitspersample = 8;
--	td->td_sampleformat = SAMPLEFORMAT_UINT;
-+
-+        if (sp->state&PLSTATE_INIT) {
-+            /* We test the state to avoid an issue such as in
-+             * http://bugzilla.maptools.org/show_bug.cgi?id=2604
-+             * What appends in that case is that the bitspersample is 1 and
-+             * a TransferFunction is set. The size of the TransferFunction
-+             * depends on 1<<bitspersample. So if we increase it, an access
-+             * out of the buffer will happen at directory flushing.
-+             * Another option would be to clear those targs. 
-+             */
-+            td->td_bitspersample = 8;
-+            td->td_sampleformat = SAMPLEFORMAT_UINT;
-+        }
- }
- 
- static void
diff --git a/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch b/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch
deleted file mode 100644
index 68889b121b..0000000000
--- a/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-Fix heap-based buffer overflow in TIFFFillStrip():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2608
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * libtiff/tif_dirread.c: modify ChopUpSingleUncompressedStrip() to
-        instanciate compute ntrips as TIFFhowmany_32(td->td_imagelength,
-rowsperstrip),
-        instead of a logic based on the total size of data. Which is faulty is
-        the total size of data is not sufficient to fill the whole image, and
-thus
-        results in reading outside of the StripByCounts/StripOffsets arrays
-when
-        using TIFFReadScanline().
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2608.
-
-        * libtiff/tif_strip.c: revert the change in TIFFNumberOfStrips() done
-        for http://bugzilla.maptools.org/show_bug.cgi?id=2587 / CVE-2016-9273
-since
-        the above change is a better fix that makes it unnecessary.
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1176; previous revision: 1.1175
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v  <-- 
-libtiff/tif_dirread.c
-new revision: 1.205; previous revision: 1.204
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v  <--  libtiff/tif_strip.c
-new revision: 1.38; previous revision: 1.37
-
-Index: libtiff/libtiff/tif_dirread.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v
-retrieving revision 1.204
-retrieving revision 1.205
-diff -u -r1.204 -r1.205
---- libtiff/libtiff/tif_dirread.c	16 Nov 2016 15:14:15 -0000	1.204
-+++ libtiff/libtiff/tif_dirread.c	3 Dec 2016 11:02:15 -0000	1.205
-@@ -1,4 +1,4 @@
--/* $Id: tif_dirread.c,v 1.204 2016-11-16 15:14:15 erouault Exp $ */
-+/* $Id: tif_dirread.c,v 1.205 2016-12-03 11:02:15 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -5502,8 +5502,7 @@
- 	uint64 rowblockbytes;
- 	uint64 stripbytes;
- 	uint32 strip;
--	uint64 nstrips64;
--	uint32 nstrips32;
-+	uint32 nstrips;
- 	uint32 rowsperstrip;
- 	uint64* newcounts;
- 	uint64* newoffsets;
-@@ -5534,18 +5533,17 @@
- 	    return;
- 
- 	/*
--	 * never increase the number of strips in an image
-+	 * never increase the number of rows per strip
- 	 */
- 	if (rowsperstrip >= td->td_rowsperstrip)
- 		return;
--	nstrips64 = TIFFhowmany_64(bytecount, stripbytes);
--	if ((nstrips64==0)||(nstrips64>0xFFFFFFFF)) /* something is wonky, do nothing. */
--	    return;
--	nstrips32 = (uint32)nstrips64;
-+        nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip);
-+        if( nstrips == 0 )
-+            return;
- 
--	newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
-+	newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
- 				"for chopped \"StripByteCounts\" array");
--	newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
-+	newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
- 				"for chopped \"StripOffsets\" array");
- 	if (newcounts == NULL || newoffsets == NULL) {
- 		/*
-@@ -5562,18 +5560,18 @@
- 	 * Fill the strip information arrays with new bytecounts and offsets
- 	 * that reflect the broken-up format.
- 	 */
--	for (strip = 0; strip < nstrips32; strip++) {
-+	for (strip = 0; strip < nstrips; strip++) {
- 		if (stripbytes > bytecount)
- 			stripbytes = bytecount;
- 		newcounts[strip] = stripbytes;
--		newoffsets[strip] = offset;
-+		newoffsets[strip] = stripbytes ? offset : 0;
- 		offset += stripbytes;
- 		bytecount -= stripbytes;
- 	}
- 	/*
- 	 * Replace old single strip info with multi-strip info.
- 	 */
--	td->td_stripsperimage = td->td_nstrips = nstrips32;
-+	td->td_stripsperimage = td->td_nstrips = nstrips;
- 	TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip);
- 
- 	_TIFFfree(td->td_stripbytecount);
-Index: libtiff/libtiff/tif_strip.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v
-retrieving revision 1.37
-retrieving revision 1.38
-diff -u -r1.37 -r1.38
---- libtiff/libtiff/tif_strip.c	9 Nov 2016 23:00:49 -0000	1.37
-+++ libtiff/libtiff/tif_strip.c	3 Dec 2016 11:02:15 -0000	1.38
-@@ -1,4 +1,4 @@
--/* $Id: tif_strip.c,v 1.37 2016-11-09 23:00:49 erouault Exp $ */
-+/* $Id: tif_strip.c,v 1.38 2016-12-03 11:02:15 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1991-1997 Sam Leffler
-@@ -63,15 +63,6 @@
- 	TIFFDirectory *td = &tif->tif_dir;
- 	uint32 nstrips;
- 
--    /* If the value was already computed and store in td_nstrips, then return it,
--       since ChopUpSingleUncompressedStrip might have altered and resized the
--       since the td_stripbytecount and td_stripoffset arrays to the new value
--       after the initial affectation of td_nstrips = TIFFNumberOfStrips() in
--       tif_dirread.c ~line 3612.
--       See http://bugzilla.maptools.org/show_bug.cgi?id=2587 */
--    if( td->td_nstrips )
--        return td->td_nstrips;
--
- 	nstrips = (td->td_rowsperstrip == (uint32) -1 ? 1 :
- 	     TIFFhowmany_32(td->td_imagelength, td->td_rowsperstrip));
- 	if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
diff --git a/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch b/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch
deleted file mode 100644
index f0fef08bf3..0000000000
--- a/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-Fix heap buffer overflow in tiffcp when parsing number of inks:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2599
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tif_dir.c: when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is
-called,
-        limit the return number of inks to SamplesPerPixel, so that code that
-parses
-        ink names doesn't go past the end of the buffer.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1184; previous revision: 1.1183
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v  <--  libtiff/tif_dir.c
-new revision: 1.128; previous revision: 1.127
-
-Index: libtiff/libtiff/tif_dir.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v
-retrieving revision 1.127
-retrieving revision 1.128
-diff -u -r1.127 -r1.128
---- libtiff/libtiff/tif_dir.c	25 Oct 2016 21:35:15 -0000	1.127
-+++ libtiff/libtiff/tif_dir.c	3 Dec 2016 15:30:31 -0000	1.128
-@@ -1,4 +1,4 @@
--/* $Id: tif_dir.c,v 1.127 2016-10-25 21:35:15 erouault Exp $ */
-+/* $Id: tif_dir.c,v 1.128 2016-12-03 15:30:31 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -854,6 +854,32 @@
- 	if( fip == NULL ) /* cannot happen since TIFFGetField() already checks it */
- 	    return 0;
- 	
-+        if( tag == TIFFTAG_NUMBEROFINKS )
-+        {
-+            int i;
-+            for (i = 0; i < td->td_customValueCount; i++) {
-+                uint16 val;
-+                TIFFTagValue *tv = td->td_customValues + i;
-+                if (tv->info->field_tag != tag)
-+                    continue;
-+                val = *(uint16 *)tv->value;
-+                /* Truncate to SamplesPerPixel, since the */
-+                /* setting code for INKNAMES assume that there are SamplesPerPixel */
-+                /* inknames. */
-+                /* Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 */
-+                if( val > td->td_samplesperpixel )
-+                {
-+                    TIFFWarningExt(tif->tif_clientdata,"_TIFFVGetField",
-+                                   "Truncating NumberOfInks from %u to %u",
-+                                   val, td->td_samplesperpixel);
-+                    val = td->td_samplesperpixel;
-+                }
-+                *va_arg(ap, uint16*) = val;
-+                return 1;
-+            }
-+            return 0;
-+        }
-+
- 	/*
- 	 * We want to force the custom code to be used for custom
- 	 * fields even if the tag happens to match a well known 
diff --git a/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch b/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch
deleted file mode 100644
index 8166c55758..0000000000
--- a/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-Fix heap-based buffer overflow in combineSeparateSamples16bits():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2621
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcrop.c: add 3 extra bytes at end of strip buffer in
-        readSeparateStripsIntoBuffer() to avoid read outside of heap allocated
-buffer.
-        Reported by Agostina Sarubo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2621
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1179; previous revision: 1.1178
-/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v  <--  tools/tiffcrop.c
-new revision: 1.48; previous revision: 1.47
-
-Index: libtiff/tools/tiffcrop.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v
-retrieving revision 1.47
-retrieving revision 1.48
-diff -u -r1.47 -r1.48
---- libtiff/tools/tiffcrop.c	3 Dec 2016 11:35:56 -0000	1.47
-+++ libtiff/tools/tiffcrop.c	3 Dec 2016 12:19:32 -0000	1.48
-@@ -1,4 +1,4 @@
--/* $Id: tiffcrop.c,v 1.47 2016-12-03 11:35:56 erouault Exp $ */
-+/* $Id: tiffcrop.c,v 1.48 2016-12-03 12:19:32 erouault Exp $ */
- 
- /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of
-  * the image data through additional options listed below
-@@ -4815,10 +4815,17 @@
-   nstrips = TIFFNumberOfStrips(in);
-   strips_per_sample = nstrips /spp;
- 
-+  /* Add 3 padding bytes for combineSeparateSamples32bits */
-+  if( (size_t) stripsize > 0xFFFFFFFFU - 3U )
-+  {
-+      TIFFError("readSeparateStripsIntoBuffer", "Integer overflow when calculating buffer size.");
-+      exit(-1);
-+  }
-+
-   for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
-     {
-     srcbuffs[s] = NULL;
--    buff = _TIFFmalloc(stripsize);
-+    buff = _TIFFmalloc(stripsize + 3);
-     if (!buff)
-       {
-       TIFFError ("readSeparateStripsIntoBuffer", 
-@@ -4827,6 +4834,9 @@
-         _TIFFfree (srcbuffs[i]);
-       return 0;
-       }
-+    buff[stripsize] = 0;
-+    buff[stripsize+1] = 0;
-+    buff[stripsize+2] = 0;
-     srcbuffs[s] = buff;
-     }
- 
diff --git a/gnu/packages/patches/libtiff-invalid-read.patch b/gnu/packages/patches/libtiff-invalid-read.patch
deleted file mode 100644
index 92742d8757..0000000000
--- a/gnu/packages/patches/libtiff-invalid-read.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-Fix invalid read in t2p_writeproc():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2639
-
-2016-12-20 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiff2pdf.c: avoid potential invalid memory read in
-        t2p_writeproc.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2639
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1198; previous revision: 1.1197
-/cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v  <--  tools/tiff2pdf.c
-new revision: 1.100; previous revision: 1.99
-
-Index: libtiff/tools/tiff2pdf.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v
-retrieving revision 1.99
-retrieving revision 1.100
-diff -u -r1.99 -r1.100
---- libtiff/tools/tiff2pdf.c	20 Dec 2016 17:13:26 -0000	1.99
-+++ libtiff/tools/tiff2pdf.c	20 Dec 2016 17:24:35 -0000	1.100
-@@ -2896,6 +2896,7 @@
- 			}
- 			if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) {
- 				if (count >= 4) {
-+                                        int retTIFFReadRawTile;
-                     /* Ignore EOI marker of JpegTables */
- 					_TIFFmemcpy(buffer, jpt, count - 2);
- 					bufferoffset += count - 2;
-@@ -2903,22 +2904,23 @@
- 					table_end[0] = buffer[bufferoffset-2];
- 					table_end[1] = buffer[bufferoffset-1];
- 					xuint32 = bufferoffset;
--                    bufferoffset -= 2;
--					bufferoffset += TIFFReadRawTile(
-+                                        bufferoffset -= 2;
-+                                        retTIFFReadRawTile= TIFFReadRawTile(
- 						input, 
- 						tile, 
- 						(tdata_t) &(((unsigned char*)buffer)[bufferoffset]), 
- 						-1);
-+                                        if( retTIFFReadRawTile < 0 )
-+                                        {
-+                                            _TIFFfree(buffer);
-+                                            t2p->t2p_error = T2P_ERR_ERROR;
-+                                            return(0);
-+                                        }
-+					bufferoffset += retTIFFReadRawTile;
-                     /* Overwrite SOI marker of image scan with previously */
-                     /* saved end of JpegTables */
- 					buffer[xuint32-2]=table_end[0];
- 					buffer[xuint32-1]=table_end[1];
--				} else {
--					bufferoffset += TIFFReadRawTile(
--						input, 
--						tile, 
--						(tdata_t) &(((unsigned char*)buffer)[bufferoffset]), 
--						-1);
- 				}
- 			}
- 			t2pWriteFile(output, (tdata_t) buffer, bufferoffset);
diff --git a/gnu/packages/patches/libtiff-null-dereference.patch b/gnu/packages/patches/libtiff-null-dereference.patch
deleted file mode 100644
index 8c6345b804..0000000000
--- a/gnu/packages/patches/libtiff-null-dereference.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Fix NULL pointer dereference in TIFFReadRawData():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2594
-
-
-2016-12-03 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffinfo.c: fix null pointer dereference in -r mode when
-        * the
-image has
-        no StripByteCount tag.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2594
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1182; previous revision: 1.1181
-/cvs/maptools/cvsroot/libtiff/tools/tiffinfo.c,v  <--  tools/tiffinfo.c
-new revision: 1.26; previous revision: 1.25
-
-Index: libtiff/tools/tiffinfo.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffinfo.c,v
-retrieving revision 1.25
-retrieving revision 1.26
-diff -u -r1.25 -r1.26
---- libtiff/tools/tiffinfo.c	12 Nov 2016 20:06:05 -0000	1.25
-+++ libtiff/tools/tiffinfo.c	3 Dec 2016 14:18:49 -0000	1.26
-@@ -1,4 +1,4 @@
--/* $Id: tiffinfo.c,v 1.25 2016-11-12 20:06:05 bfriesen Exp $ */
-+/* $Id: tiffinfo.c,v 1.26 2016-12-03 14:18:49 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -417,7 +417,7 @@
- 	uint64* stripbc=NULL;
- 
- 	TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &stripbc);
--	if (nstrips > 0) {
-+	if (stripbc != NULL && nstrips > 0) {
- 		uint32 bufsize = (uint32) stripbc[0];
- 		tdata_t buf = _TIFFmalloc(bufsize);
- 		tstrip_t s;
diff --git a/gnu/packages/patches/libtiff-tiffcp-underflow.patch b/gnu/packages/patches/libtiff-tiffcp-underflow.patch
deleted file mode 100644
index 5615cbb3e1..0000000000
--- a/gnu/packages/patches/libtiff-tiffcp-underflow.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Fix a integer underflow in tiffcp that led to heap overflows in
-TIFFReverseBits():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2598
-
-2016-12-02 Even Rouault <even.rouault at spatialys.com>
-
-        * tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips that 
-        can cause various issues, such as buffer overflows in the library.
-        Reported by Agostino Sarubbo.
-        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2598
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
-new revision: 1.1174; previous revision: 1.1173
-/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
-new revision: 1.56; previous revision: 1.55
-
-Index: libtiff/tools/tiffcp.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
-retrieving revision 1.55
-retrieving revision 1.56
-diff -u -r1.55 -r1.56
---- libtiff/tools/tiffcp.c	8 Oct 2016 15:54:57 -0000	1.55
-+++ libtiff/tools/tiffcp.c	2 Dec 2016 22:13:32 -0000	1.56
-@@ -1,4 +1,4 @@
--/* $Id: tiffcp.c,v 1.55 2016-10-08 15:54:57 erouault Exp $ */
-+/* $Id: tiffcp.c,v 1.56 2016-12-02 22:13:32 erouault Exp $ */
- 
- /*
-  * Copyright (c) 1988-1997 Sam Leffler
-@@ -985,7 +985,7 @@
- 		tstrip_t s, ns = TIFFNumberOfStrips(in);
- 		uint32 row = 0;
- 		_TIFFmemset(buf, 0, stripsize);
--		for (s = 0; s < ns; s++) {
-+		for (s = 0; s < ns && row < imagelength; s++) {
- 			tsize_t cc = (row + rowsperstrip > imagelength) ?
- 			    TIFFVStripSize(in, imagelength - row) : stripsize;
- 			if (TIFFReadEncodedStrip(in, s, buf, cc) < 0
diff --git a/gnu/packages/patches/libunistring-gnulib-multi-core.patch b/gnu/packages/patches/libunistring-gnulib-multi-core.patch
new file mode 100644
index 0000000000..709b20c6d2
--- /dev/null
+++ b/gnu/packages/patches/libunistring-gnulib-multi-core.patch
@@ -0,0 +1,178 @@
+This patch fixes performance problems on multi-core machines
+as reported at <https://bugs.gnu.org/26441>.
+
+See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib
+by Bruno Haible <bruno@clisp.org>.
+
+diff --git a/tests/test-lock.c b/tests/test-lock.c
+index cb734b4e6..aa6de2739 100644
+--- a/tests/test-lock.c
++++ b/tests/test-lock.c
+@@ -50,6 +50,13 @@
+    Uncomment this to see if the operating system has a fair scheduler.  */
+ #define EXPLICIT_YIELD 1
+ 
++/* Whether to use 'volatile' on some variables that communicate information
++   between threads.  If set to 0, a lock is used to protect these variables.
++   If set to 1, 'volatile' is used; this is theoretically equivalent but can
++   lead to much slower execution (e.g. 30x slower total run time on a 40-core
++   machine.  */
++#define USE_VOLATILE 0
++
+ /* Whether to print debugging messages.  */
+ #define ENABLE_DEBUGGING 0
+ 
+@@ -103,6 +110,51 @@
+ # define yield()
+ #endif
+ 
++#if USE_VOLATILE
++struct atomic_int {
++  volatile int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  return ai->value;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  ai->value = new_value;
++}
++#else
++struct atomic_int {
++  gl_lock_define (, lock)
++  int value;
++};
++static void
++init_atomic_int (struct atomic_int *ai)
++{
++  gl_lock_init (ai->lock);
++}
++static int
++get_atomic_int_value (struct atomic_int *ai)
++{
++  gl_lock_lock (ai->lock);
++  int ret = ai->value;
++  gl_lock_unlock (ai->lock);
++  return ret;
++}
++static void
++set_atomic_int_value (struct atomic_int *ai, int new_value)
++{
++  gl_lock_lock (ai->lock);
++  ai->value = new_value;
++  gl_lock_unlock (ai->lock);
++}
++#endif
++
+ #define ACCOUNT_COUNT 4
+ 
+ static int account[ACCOUNT_COUNT];
+@@ -170,12 +222,12 @@ lock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int lock_checker_done;
++static struct atomic_int lock_checker_done;
+ 
+ static void *
+ lock_checker_thread (void *arg)
+ {
+-  while (!lock_checker_done)
++  while (get_atomic_int_value (&lock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_lock_lock (my_lock);
+@@ -200,7 +252,8 @@ test_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  lock_checker_done = 0;
++  init_atomic_int (&lock_checker_done);
++  set_atomic_int_value (&lock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (lock_checker_thread, NULL);
+@@ -210,7 +263,7 @@ test_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  lock_checker_done = 1;
++  set_atomic_int_value (&lock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
+@@ -254,12 +307,12 @@ rwlock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int rwlock_checker_done;
++static struct atomic_int rwlock_checker_done;
+ 
+ static void *
+ rwlock_checker_thread (void *arg)
+ {
+-  while (!rwlock_checker_done)
++  while (get_atomic_int_value (&rwlock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ());
+       gl_rwlock_rdlock (my_rwlock);
+@@ -284,7 +337,8 @@ test_rwlock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  rwlock_checker_done = 0;
++  init_atomic_int (&rwlock_checker_done);
++  set_atomic_int_value (&rwlock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+@@ -295,7 +349,7 @@ test_rwlock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  rwlock_checker_done = 1;
++  set_atomic_int_value (&rwlock_checker_done, 1);
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (checkerthreads[i], NULL);
+   check_accounts ();
+@@ -356,12 +410,12 @@ reclock_mutator_thread (void *arg)
+   return NULL;
+ }
+ 
+-static volatile int reclock_checker_done;
++static struct atomic_int reclock_checker_done;
+ 
+ static void *
+ reclock_checker_thread (void *arg)
+ {
+-  while (!reclock_checker_done)
++  while (get_atomic_int_value (&reclock_checker_done) == 0)
+     {
+       dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
+       gl_recursive_lock_lock (my_reclock);
+@@ -386,7 +440,8 @@ test_recursive_lock (void)
+   /* Initialization.  */
+   for (i = 0; i < ACCOUNT_COUNT; i++)
+     account[i] = 1000;
+-  reclock_checker_done = 0;
++  init_atomic_int (&reclock_checker_done);
++  set_atomic_int_value (&reclock_checker_done, 0);
+ 
+   /* Spawn the threads.  */
+   checkerthread = gl_thread_create (reclock_checker_thread, NULL);
+@@ -396,7 +451,7 @@ test_recursive_lock (void)
+   /* Wait for the threads to terminate.  */
+   for (i = 0; i < THREAD_COUNT; i++)
+     gl_thread_join (threads[i], NULL);
+-  reclock_checker_done = 1;
++  set_atomic_int_value (&reclock_checker_done, 1);
+   gl_thread_join (checkerthread, NULL);
+   check_accounts ();
+ }
diff --git a/gnu/packages/patches/libusb-0.1-disable-tests.patch b/gnu/packages/patches/libusb-0.1-disable-tests.patch
new file mode 100644
index 0000000000..37dd8bd111
--- /dev/null
+++ b/gnu/packages/patches/libusb-0.1-disable-tests.patch
@@ -0,0 +1,15 @@
+Disable tests who fail because they have to run as root.
+
+--- libusb-0.1.12/tests/Makefile.in	2006-03-04 03:54:06.000000000 +0100
++++ libusb-0.1.12/tests/Makefile.in	2017-07-13 16:17:45.201728019 +0200
+@@ -255,8 +255,8 @@
+ hub_strings_LDADD = $(top_builddir)/libusbpp.la @OSLIBS@
+ driver_name_SOURCES = driver_name.cpp
+ driver_name_LDADD = $(top_builddir)/libusbpp.la @OSLIBS@
+-TESTS = testlibusb descriptor_test id_test find_hubs find_mice \
+-		get_resolution hub_strings $(OS_SPECIFIC)
++TESTS = testlibusb descriptor_test id_test find_hubs find_mice
++		#get_resolution hub_strings $(OS_SPECIFIC)
+ 
+ XFAIL_TESTS = get_resolution hub_strings $(OS_SPECIFIC_XFAIL)
+ all: all-am
diff --git a/gnu/packages/patches/lz4-fix-test-failures.patch b/gnu/packages/patches/lz4-fix-test-failures.patch
deleted file mode 100644
index d38357d402..0000000000
--- a/gnu/packages/patches/lz4-fix-test-failures.patch
+++ /dev/null
@@ -1,136 +0,0 @@
-These two patches fix some bugs in lz4's test suite:
-
-https://github.com/lz4/lz4/issues/308
-
-Patches copied from upstream source repository:
-
-https://github.com/lz4/lz4/commit/b89cac7b2e92b792af98bb0a12e4d14684d07629
-https://github.com/lz4/lz4/commit/0dfb0b9dad2a8cb7cc347d2139bf9b84de7e1481
-
-From b89cac7b2e92b792af98bb0a12e4d14684d07629 Mon Sep 17 00:00:00 2001
-From: Eric Siegerman <pub08-git@davor.org>
-Date: Tue, 14 Feb 2017 14:17:06 -0500
-Subject: [PATCH] Don't use "foo && false || true"
-
-Replace it with either:
-    test ! -f $FILE_THAT_SHOULD_NOT_EXIST
-or:
-    ! $COMMAND_THAT_SHOULD_FAIL
-
-as appropriate.
----
- tests/Makefile | 38 +++++++++++++++++++-------------------
- 1 file changed, 19 insertions(+), 19 deletions(-)
-
-diff --git a/tests/Makefile b/tests/Makefile
-index 77e6ae7..ebab278 100644
---- a/tests/Makefile
-+++ b/tests/Makefile
-@@ -236,17 +236,17 @@ test-lz4-basic: lz4 datagen unlz4 lz4cat
- 	./datagen -g256MB | $(LZ4) -vqB4D | $(LZ4) -t
- 	@echo "hello world" > tmp
- 	$(LZ4) --rm -f tmp
--	ls -ls tmp         && false || true   # must fail (--rm)
--	ls -ls tmp.lz4
--	$(PRGDIR)/lz4cat tmp.lz4              # must display hello world
--	ls -ls tmp.lz4
-+	test ! -f tmp                      # must fail (--rm)
-+	test   -f tmp.lz4
-+	$(PRGDIR)/lz4cat tmp.lz4           # must display hello world
-+	test   -f tmp.lz4
- 	$(PRGDIR)/unlz4 --rm tmp.lz4
--	ls -ls tmp
--	ls -ls tmp.lz4     && false || true   # must fail (--rm)
--	ls -ls tmp.lz4.lz4 && false || true   # must fail (unlz4)
--	$(PRGDIR)/lz4cat tmp                  # pass-through mode
--	ls -ls tmp
--	ls -ls tmp.lz4     && false || true   # must fail (lz4cat)
-+	test   -f tmp
-+	test ! -f tmp.lz4                  # must fail (--rm)
-+	test ! -f tmp.lz4.lz4              # must fail (unlz4)
-+	$(PRGDIR)/lz4cat tmp               # pass-through mode
-+	test   -f tmp
-+	test ! -f tmp.lz4                  # must fail (lz4cat)
- 	$(LZ4) tmp                         # creates tmp.lz4
- 	$(PRGDIR)/lz4cat < tmp.lz4 > tmp3  # checks lz4cat works with stdin (#285)
- 	$(DIFF) -q tmp tmp3
-@@ -262,22 +262,22 @@ test-lz4-hugefile: lz4 datagen
- 
- test-lz4-testmode: lz4 datagen
- 	@echo "\n ---- bench mode ----"
--	$(LZ4) -bi1
-+	  $(LZ4) -bi1
- 	@echo "\n ---- test mode ----"
--	./datagen | $(LZ4) -t             && false || true
--	./datagen | $(LZ4) -tf            && false || true
-+	! ./datagen | $(LZ4) -t
-+	! ./datagen | $(LZ4) -tf
- 	@echo "\n ---- pass-through mode ----"
--	./datagen | $(LZ4) -d  > $(VOID)  && false || true
--	./datagen | $(LZ4) -df > $(VOID)
-+	! ./datagen | $(LZ4) -d  > $(VOID)
-+	  ./datagen | $(LZ4) -df > $(VOID)
- 	@echo "Hello World !" > tmp1
- 	$(LZ4) -dcf tmp1
- 	@echo "from underground..." > tmp2
- 	$(LZ4) -dcfm tmp1 tmp2
- 	@echo "\n ---- test cli ----"
--	$(LZ4)     file-does-not-exist    && false || true
--	$(LZ4) -f  file-does-not-exist    && false || true
--	$(LZ4) -fm file1-dne file2-dne    && false || true
--	$(LZ4) -fm file1-dne file2-dne    && false || true
-+	! $(LZ4)     file-does-not-exist
-+	! $(LZ4) -f  file-does-not-exist
-+	! $(LZ4) -fm file1-dne file2-dne
-+	! $(LZ4) -fm file1-dne file2-dne
- 
- test-lz4-opt-parser: lz4 datagen
- 	@echo "\n ---- test opt-parser ----"
--- 
-2.12.2
-
-From 0dfb0b9dad2a8cb7cc347d2139bf9b84de7e1481 Mon Sep 17 00:00:00 2001
-From: "Dmitry V. Levin" <ldv@altlinux.org>
-Date: Sun, 5 Mar 2017 23:20:10 +0000
-Subject: [PATCH] Fix test-lz4-basic
-
-When no output filename is specified and stdout is not a terminal,
-lz4 doesn't attempt to guess an output filename and uses stdout for
-output.
-
-This change fixes test-lz4-basic when run without a terminal
-by specifying output filenames.
----
- tests/Makefile | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/tests/Makefile b/tests/Makefile
-index ebab278..d68c700 100644
---- a/tests/Makefile
-+++ b/tests/Makefile
-@@ -235,19 +235,19 @@ test-lz4-basic: lz4 datagen unlz4 lz4cat
- 	./datagen -g33M   | $(LZ4) --no-frame-crc | $(LZ4) -t
- 	./datagen -g256MB | $(LZ4) -vqB4D | $(LZ4) -t
- 	@echo "hello world" > tmp
--	$(LZ4) --rm -f tmp
-+	$(LZ4) --rm -f tmp tmp.lz4
- 	test ! -f tmp                      # must fail (--rm)
- 	test   -f tmp.lz4
- 	$(PRGDIR)/lz4cat tmp.lz4           # must display hello world
- 	test   -f tmp.lz4
--	$(PRGDIR)/unlz4 --rm tmp.lz4
-+	$(PRGDIR)/unlz4 --rm tmp.lz4 tmp
- 	test   -f tmp
- 	test ! -f tmp.lz4                  # must fail (--rm)
- 	test ! -f tmp.lz4.lz4              # must fail (unlz4)
- 	$(PRGDIR)/lz4cat tmp               # pass-through mode
- 	test   -f tmp
- 	test ! -f tmp.lz4                  # must fail (lz4cat)
--	$(LZ4) tmp                         # creates tmp.lz4
-+	$(LZ4) tmp tmp.lz4                 # creates tmp.lz4
- 	$(PRGDIR)/lz4cat < tmp.lz4 > tmp3  # checks lz4cat works with stdin (#285)
- 	$(DIFF) -q tmp tmp3
- 	$(PRGDIR)/lz4cat < tmp > tmp2      # checks lz4cat works with stdin (#285)
--- 
-2.12.2
-
diff --git a/gnu/packages/patches/mesa-fix-32bit-test-failures.patch b/gnu/packages/patches/mesa-fix-32bit-test-failures.patch
deleted file mode 100644
index e21e87cef6..0000000000
--- a/gnu/packages/patches/mesa-fix-32bit-test-failures.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-Fix a test failure when building for 32 bit architectures:
-
-http://lists.gnu.org/archive/html/guix-devel/2017-04/msg00381.html
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/mesa/mesa/commit/?id=61bbb25a080e48a8ca897ba7f6e73cc6a8e9b5b8
-
-From 61bbb25a080e48a8ca897ba7f6e73cc6a8e9b5b8 Mon Sep 17 00:00:00 2001
-From: Grazvydas Ignotas <notasas@gmail.com>
-Date: Thu, 9 Mar 2017 02:54:53 +0200
-Subject: [PATCH] util/disk_cache: fix size subtraction on 32bit
-
-Negating size_t on 32bit produces a 32bit result. This was effectively
-adding values close to UINT_MAX to the cache size (the files are usually
-small) instead of intended subtraction.
-Fixes 'make check' disk_cache failures on 32bit.
-
-Signed-off-by: Grazvydas Ignotas <notasas@gmail.com>
-Reviewed-by: Timothy Arceri <tarceri@itsqueeze.com>
----
- src/util/disk_cache.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/util/disk_cache.c b/src/util/disk_cache.c
-index 5470688df3..facdcecf7c 100644
---- a/src/util/disk_cache.c
-+++ b/src/util/disk_cache.c
-@@ -603,7 +603,7 @@ evict_random_item(struct disk_cache *cache)
-    free(dir_path);
- 
-    if (size) {
--      p_atomic_add(cache->size, - size);
-+      p_atomic_add(cache->size, - (uint64_t)size);
-       return;
-    }
- 
-@@ -624,7 +624,7 @@ evict_random_item(struct disk_cache *cache)
-    free(dir_path);
- 
-    if (size)
--      p_atomic_add(cache->size, - size);
-+      p_atomic_add(cache->size, - (uint64_t)size);
- }
- 
- void
-#@@ -646,7 +646,7 @@ disk_cache_remove(struct disk_cache *cache, const cache_key key)
-#    free(filename);
-# 
-#    if (sb.st_size)
-#-      p_atomic_add(cache->size, - sb.st_size);
-#+      p_atomic_add(cache->size, - (uint64_t)sb.st_size);
-# }
-# 
-# /* From the zlib docs:
--- 
-2.12.2
-
diff --git a/gnu/packages/patches/mesa-skip-disk-cache-test.patch b/gnu/packages/patches/mesa-skip-disk-cache-test.patch
index 4377110475..b3f9367fd5 100644
--- a/gnu/packages/patches/mesa-skip-disk-cache-test.patch
+++ b/gnu/packages/patches/mesa-skip-disk-cache-test.patch
@@ -5,16 +5,15 @@ for now.
 
 --- a/src/compiler/glsl/tests/cache_test.c
 +++ b/src/compiler/glsl/tests/cache_test.c
-@@ -137,11 +137,6 @@
+@@ -170,11 +170,6 @@
     unsetenv("MESA_GLSL_CACHE_DIR");
     unsetenv("XDG_CACHE_HOME");
 
--   cache = disk_cache_create();
+-   cache = disk_cache_create("test", "make_check");
 -   expect_non_null(cache, "disk_cache_create with no environment variables");
 -
 -   disk_cache_destroy(cache);
 -
     /* Test with XDG_CACHE_HOME set */
     setenv("XDG_CACHE_HOME", CACHE_TEST_TMP "/xdg-cache-home", 1);
-    cache = disk_cache_create();
-
+    cache = disk_cache_create("test", "make_check");
diff --git a/gnu/packages/patches/metabat-fix-boost-issue.patch b/gnu/packages/patches/metabat-fix-boost-issue.patch
new file mode 100644
index 0000000000..3382d84d66
--- /dev/null
+++ b/gnu/packages/patches/metabat-fix-boost-issue.patch
@@ -0,0 +1,27 @@
+This patch fixes the issue described at
+https://bitbucket.org/berkeleylab/metabat/issues/28/compilation-fail-with-boost-164
+
+diff --git a/src/metabat.h b/src/metabat.h
+index 32ae94c..2292c04 100644
+--- a/src/metabat.h
++++ b/src/metabat.h
+@@ -35,6 +35,7 @@ KSEQ_INIT(gzFile, gzread)
+ 
+ #include <boost/program_options.hpp>
+ #include <boost/algorithm/string.hpp>
++#include <boost/serialization/array_wrapper.hpp>
+ #include <boost/numeric/ublas/matrix.hpp>
+ #include <boost/math/distributions.hpp>
+ #include <boost/serialization/serialization.hpp>
+diff --git a/src/metabat2.h b/src/metabat2.h
+index 60a9998..19fa815 100644
+--- a/src/metabat2.h
++++ b/src/metabat2.h
+@@ -41,6 +41,7 @@ KSEQ_INIT(gzFile, gzread)
+ 
+ #include <boost/program_options.hpp>
+ #include <boost/algorithm/string.hpp>
++#include <boost/serialization/array_wrapper.hpp>
+ #include <boost/numeric/ublas/matrix.hpp>
+ #include <boost/numeric/ublas/matrix_sparse.hpp>
+ #include <boost/numeric/ublas/matrix_proxy.hpp>
diff --git a/gnu/packages/patches/metabat-fix-compilation.patch b/gnu/packages/patches/metabat-fix-compilation.patch
new file mode 100644
index 0000000000..7086a96e86
--- /dev/null
+++ b/gnu/packages/patches/metabat-fix-compilation.patch
@@ -0,0 +1,39 @@
+This patch changes metabat so that (1) it is not build statically, (2) it uses
+shared libraries rather than static libraries where possible.
+
+diff --git a/SConstruct b/SConstruct
+index 69cdc0a..ac99bcb 100644
+--- a/SConstruct
++++ b/SConstruct
+@@ -26,8 +26,6 @@ debug = ARGUMENTS.get('DEBUG', None)
+ build_flags = ['-Wall', '-g', '-std=c++11', '-fopenmp']
+ link_flags = ['-lstdc++', '-lm', '-fopenmp']
+ 
+-if platform.platform(True, True).find('Darwin') == -1:
+-    link_flags.extend(['-static', '-static-libgcc', '-static-libstdc++'])
+ 
+ if debug is None:
+     build_flags.extend(['-O3', '-DNDEBUG', '-Wno-unknown-pragmas', '-Wno-deprecated-declarations', '-Wno-overflow', '-Wno-unused-variable'])
+@@ -110,17 +108,17 @@ def findStaticOrShared( lib, testPaths, static_source_list, link_flag_list, stat
+     for path in testPaths:
+         if not os.path.isdir(path):
+             continue
++        for testfile in ('%s/lib%s.so' % (path, lib), '%s/lib%s.dylib' % (path, lib)):
++            if os.path.isfile(testfile):
++                print "Found shared library %s as %s" % (lib, testfile)
++                link_flag_list.extend( ["-L%s" % (path), "-l%s" % (lib) ] )
++                return
+         for suffix in staticSuffixes:
+             testfile = '%s/lib%s%s' % (path, lib, suffix)
+             if os.path.isfile(testfile):
+                 static_source_list.append(testfile)
+                 print "Found static library %s as %s" % (lib, testfile)
+                 return
+-        for testfile in ('%s/lib%s.so' % (path, lib), '%s/lib%s.dylib' % (path, lib)):
+-            if os.path.isfile(testfile):
+-                print "Found shared library %s as %s" % (lib, testfile)
+-                link_flag_list.extend( ["-L%s" % (path), "-l%s" % (lib) ] )
+-                return
+     print "Could not find library for %s!!! Looked in %s" % (lib, testPaths)
+     return
+ 
diff --git a/gnu/packages/patches/newsbeuter-CVE-2017-12904.patch b/gnu/packages/patches/newsbeuter-CVE-2017-12904.patch
new file mode 100644
index 0000000000..8e90502469
--- /dev/null
+++ b/gnu/packages/patches/newsbeuter-CVE-2017-12904.patch
@@ -0,0 +1,34 @@
+Fix CVE-2017-12904:
+
+https://github.com/akrennmair/newsbeuter/issues/591
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12904
+
+Patch copied from the Debian package of newsbeuter, version 2.9-5+deb9u1.
+
+Adapted from upstream source repository:
+
+https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307
+
+Description: Fix a RCE vulnerability in the bookmark command
+ Newsbeuter didn't properly escape the title and description fields before
+ passing them to the bookmarking program which could lead to remote code
+ execution using the shells command substitution functionality (e.g. "$()", ``,
+ etc)
+
+Origin: upstream, https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307
+Last-Update: 2017-08-18
+
+--- newsbeuter-2.9.orig/src/controller.cpp
++++ newsbeuter-2.9/src/controller.cpp
+@@ -1274,9 +1274,10 @@ std::string controller::bookmark(const s
+ 	std::string bookmark_cmd = cfg.get_configvalue("bookmark-cmd");
+ 	bool is_interactive = cfg.get_configvalue_as_bool("bookmark-interactive");
+ 	if (bookmark_cmd.length() > 0) {
+-		std::string cmdline = utils::strprintf("%s '%s' %s %s",
++		std::string cmdline = utils::strprintf("%s '%s' '%s' '%s'",
+ 		                                       bookmark_cmd.c_str(), utils::replace_all(url,"'", "%27").c_str(),
+-		                                       stfl::quote(title).c_str(), stfl::quote(description).c_str());
++		                                       utils::replace_all(title,"'", "%27").c_str(),
++		                                       utils::replace_all(description,"'", "%27").c_str());
+ 
+ 		LOG(LOG_DEBUG, "controller::bookmark: cmd = %s", cmdline.c_str());
diff --git a/gnu/packages/patches/nss-pkgconfig.patch b/gnu/packages/patches/nss-pkgconfig.patch
index a33e05fcf2..e3145aa4cf 100644
--- a/gnu/packages/patches/nss-pkgconfig.patch
+++ b/gnu/packages/patches/nss-pkgconfig.patch
@@ -221,5 +221,5 @@ Later adapted to apply cleanly to nss-3.21.
  
  RELEASE = nss
  
--DIRS = coreconf lib cmd gtests
-+DIRS = coreconf lib cmd gtests config
+-DIRS = coreconf lib cmd cpputil gtests
++DIRS = coreconf lib cmd cpputil gtests config
diff --git a/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch
deleted file mode 100644
index 83c9dbb3d4..0000000000
--- a/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-Fix CVE-2017-0358:
-http://seclists.org/oss-sec/2017/q1/259
-This patch was copied from the above URL.
-
-diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c
-index 0bb38f9..c6d1dad 100644
---- a/src/lowntfs-3g.c
-+++ b/src/lowntfs-3g.c
-@@ -3827,13 +3827,14 @@ static fuse_fstype load_fuse_module(void)
- 	struct stat st;
- 	pid_t pid;
- 	const char *cmd = "/sbin/modprobe";
-+	char *env = (char*)NULL;
- 	struct timespec req = { 0, 100000000 };   /* 100 msec */
- 	fuse_fstype fstype;
-         
- 	if (!stat(cmd, &st) && !geteuid()) {
- 		pid = fork();
- 		if (!pid) {
--			execl(cmd, cmd, "fuse", NULL);
-+			execle(cmd, cmd, "fuse", NULL, &env);
- 			_exit(1);
- 		} else if (pid != -1)
- 			waitpid(pid, NULL, 0);
-diff -ur ntfs-3g.old/src/ntfs-3g.c ntfs-3g/src/ntfs-3g.c
---- ntfs-3g.old/src/ntfs-3g.c	2017-02-09 15:01:04.074331542 -0500
-+++ ntfs-3g/src/ntfs-3g.c	2017-02-09 15:06:26.077252571 -0500
-@@ -3612,13 +3612,14 @@
-	struct stat st;
-	pid_t pid;
-	const char *cmd = "/sbin/modprobe";
-+	char *env = (char*)NULL;
-	struct timespec req = { 0, 100000000 };   /* 100 msec */
-	fuse_fstype fstype;
-	
-	if (!stat(cmd, &st) && !geteuid()) {
-		pid = fork();
-		if (!pid) {
--			execl(cmd, cmd, "fuse", NULL);
-+			execle(cmd, cmd, "fuse", NULL, &env);
-			_exit(1);
-		} else if (pid != -1)
-			waitpid(pid, NULL, 0);
diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch b/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch
deleted file mode 100644
index 545b5d0a71..0000000000
--- a/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch
+++ /dev/null
@@ -1,233 +0,0 @@
-Fix CVE-2016-9572 and CVE-2016-9573:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573
-https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572
-https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573
-
-Patch copied from 3rd-party repository:
-
-https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d
-
-From 7b28bd2b723df6be09fe7791eba33147c1c47d0d Mon Sep 17 00:00:00 2001
-From: szukw000 <szukw000@arcor.de>
-Date: Mon, 28 Nov 2016 21:57:20 +0100
-Subject: [PATCH] Changes for issues #863 and #862
-
----
- src/bin/jp2/convert.c        | 59 +++++++++++++++++++++++++++++++++++++++-----
- src/bin/jp2/convertbmp.c     | 29 +++++++++++++++++++++-
- src/bin/jp2/opj_decompress.c |  2 +-
- src/lib/openjp2/j2k.c        | 11 ++++++---
- 4 files changed, 90 insertions(+), 11 deletions(-)
-
-diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
-index deee4f6..6a3f65b 100644
---- a/src/bin/jp2/convert.c
-+++ b/src/bin/jp2/convert.c
-@@ -906,7 +906,8 @@ int imagetotga(opj_image_t * image, const char *outfile) {
-     for (i = 0; i < image->numcomps-1; i++)	{
-         if ((image->comps[0].dx != image->comps[i+1].dx)
-                 ||(image->comps[0].dy != image->comps[i+1].dy)
--                ||(image->comps[0].prec != image->comps[i+1].prec))	{
-+                ||(image->comps[0].prec != image->comps[i+1].prec)
-+				||(image->comps[0].sgnd != image->comps[i+1].sgnd))	{
-             fclose(fdest);
-             fprintf(stderr, "Unable to create a tga file with such J2K image charateristics.");
-             return 1;
-@@ -1743,7 +1744,7 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
-     int *red, *green, *blue, *alpha;
-     int wr, hr, max;
-     int i;
--    unsigned int compno, ncomp;
-+    unsigned int compno, ncomp, ui;
-     int adjustR, adjustG, adjustB, adjustA;
-     int fails, two, want_gray, has_alpha, triple;
-     int prec, v;
-@@ -1768,6 +1769,27 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
- 
-     if(want_gray) ncomp = 1;
- 
-+    for (ui = 1; ui < ncomp; ++ui) {
-+        if (image->comps[0].dx != image->comps[ui].dx) {
-+            break;
-+        }
-+        if (image->comps[0].dy != image->comps[ui].dy) {
-+            break;
-+        }
-+        if (image->comps[0].prec != image->comps[ui].prec) {
-+            break;
-+        }
-+        if (image->comps[0].sgnd != image->comps[ui].sgnd) {
-+            break;
-+        }
-+    }
-+    if (ui != ncomp) {
-+        fprintf(stderr,"imagetopnm: All components\n    shall have "
-+         "the same subsampling, same bit depth, same sign.\n"
-+         "    Aborting\n");
-+        return 1;
-+    }
-+
-     if ((force_split == 0) &&
- 				(ncomp == 2 /* GRAYA */
-             || (ncomp > 2 /* RGB, RGBA */
-@@ -2126,7 +2148,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
- {
-     FILE *rawFile = NULL;
-     size_t res;
--    unsigned int compno;
-+    unsigned int compno, numcomps;
-     int w, h, fails;
-     int line, row, curr, mask;
-     int *ptr;
-@@ -2139,6 +2161,31 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
-         return 1;
-     }
- 
-+    numcomps = image->numcomps;
-+
-+    if (numcomps > 4) {
-+        numcomps = 4;
-+    }
-+    for (compno = 1; compno < numcomps; ++compno) {
-+        if (image->comps[0].dx != image->comps[compno].dx) {
-+            break;
-+        }
-+        if (image->comps[0].dy != image->comps[compno].dy) {
-+            break;
-+        }
-+        if (image->comps[0].prec != image->comps[compno].prec) {
-+            break;
-+        }
-+        if (image->comps[0].sgnd != image->comps[compno].sgnd) {
-+            break;
-+        }
-+    }
-+    if (compno != numcomps) {
-+        fprintf(stderr,"imagetoraw_common: All components shall have the same subsampling, same bit depth, same sign.\n");
-+        fprintf(stderr,"\tAborting\n");
-+        return 1;
-+    }
-+
-     rawFile = fopen(outfile, "wb");
-     if (!rawFile) {
-         fprintf(stderr, "Failed to open %s for writing !!\n", outfile);
-@@ -2146,9 +2193,9 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
-     }
- 
-     fails = 1;
--    fprintf(stdout,"Raw image characteristics: %d components\n", image->numcomps);
-+    fprintf(stdout,"Raw image characteristics: %d components\n", numcomps);
- 
--    for(compno = 0; compno < image->numcomps; compno++)
-+    for(compno = 0; compno < numcomps; compno++)
-     {
-         fprintf(stdout,"Component %u characteristics: %dx%dx%d %s\n", compno, image->comps[compno].w,
-                 image->comps[compno].h, image->comps[compno].prec, image->comps[compno].sgnd==1 ? "signed": "unsigned");
-@@ -2238,7 +2285,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
-         }
-         else if (image->comps[compno].prec <= 32)
-         {
--            fprintf(stderr,"More than 16 bits per component no handled yet\n");
-+            fprintf(stderr,"More than 16 bits per component not handled yet\n");
-             goto fin;
-         }
-         else
-diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
-index ae83077..8017ba8 100644
---- a/src/bin/jp2/convertbmp.c
-+++ b/src/bin/jp2/convertbmp.c
-@@ -806,8 +806,35 @@ int imagetobmp(opj_image_t * image, const char *outfile) {
-     FILE *fdest = NULL;
-     int adjustR, adjustG, adjustB;
- 
-+   {
-+    unsigned int ui, ncomp = image->numcomps;
-+
-+    if (ncomp > 4) { /* RGBA in bmpmask32toimage */
-+        ncomp = 4;
-+    }
-+    for (ui = 1; ui < ncomp; ++ui) {
-+        if (image->comps[0].dx != image->comps[ui].dx) {
-+            break;
-+        }
-+        if (image->comps[0].dy != image->comps[ui].dy) {
-+            break;
-+        }
-+        if (image->comps[0].prec != image->comps[ui].prec) {
-+            break;
-+        }
-+        if (image->comps[0].sgnd != image->comps[ui].sgnd) {
-+            break;
-+        }
-+    }
-+    if (ui != ncomp) {
-+        fprintf(stderr,"imagetobmp: All components shall have the same subsampling, same bit depth, same sign.\n");
-+        fprintf(stderr,"\tAborting\n");
-+        return 1;
-+    }
-+
-+   }
-     if (image->comps[0].prec < 8) {
--        fprintf(stderr, "Unsupported number of components: %d\n", image->comps[0].prec);
-+        fprintf(stderr, "imagetobmp: Unsupported precision: %d\n", image->comps[0].prec);
-         return 1;
-     }
-     if (image->numcomps >= 3 && image->comps[0].dx == image->comps[1].dx
-diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
-index 83160c3..c30079b 100644
---- a/src/bin/jp2/opj_decompress.c
-+++ b/src/bin/jp2/opj_decompress.c
-@@ -1607,7 +1607,7 @@ int main(int argc, char **argv)
- 		if(dirptr->filename_buf) free(dirptr->filename_buf);
- 		free(dirptr);
- 	}
--	if (numDecompressedImages) {
-+	if (numDecompressedImages && !failed) {
- 		fprintf(stdout, "decode time: %d ms\n", (int)( (tCumulative * 1000.0) / (OPJ_FLOAT64)numDecompressedImages));
- 	}
- 	return failed ? EXIT_FAILURE : EXIT_SUCCESS;
-diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
-index 66802bb..b6daa32 100644
---- a/src/lib/openjp2/j2k.c
-+++ b/src/lib/openjp2/j2k.c
-@@ -2158,7 +2158,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
-                                   i, l_img_comp->dx, l_img_comp->dy);
-                     return OPJ_FALSE;
-                 }
--                if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */
-+                if( l_img_comp->prec < 1 || l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */
-                     opj_event_msg(p_manager, EVT_ERROR,
-                                   "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n",
-                                   i, l_img_comp->prec);
-@@ -10029,7 +10029,11 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k,
-         /* Move data and copy one information from codec to output image*/
-         for (compno = 0; compno < p_image->numcomps; compno++) {
-                 p_image->comps[compno].resno_decoded = p_j2k->m_output_image->comps[compno].resno_decoded;
--                p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
-+		p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
-+
-+		if(p_image->comps[compno].data == NULL) return OPJ_FALSE;
-+
-+                p_j2k->m_output_image->comps[compno].data = NULL;
- #if 0
-                 char fn[256];
-                 sprintf( fn, "/tmp/%d.raw", compno );
-@@ -10037,7 +10041,6 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k,
-                 fwrite( p_image->comps[compno].data, sizeof(OPJ_INT32), p_image->comps[compno].w * p_image->comps[compno].h, debug );
-                 fclose( debug );
- #endif
--                p_j2k->m_output_image->comps[compno].data = NULL;
-         }
- 
-         return OPJ_TRUE;
-@@ -10131,6 +10134,8 @@ OPJ_BOOL opj_j2k_get_tile(      opj_j2k_t *p_j2k,
- 
-                 p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
- 
-+				if (p_image->comps[compno].data == NULL) return OPJ_FALSE;
-+
-                 p_j2k->m_output_image->comps[compno].data = NULL;
-         }
- 
diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch b/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch
deleted file mode 100644
index 3f637fa88b..0000000000
--- a/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch
+++ /dev/null
@@ -1,245 +0,0 @@
-From cadff5fb6e73398de26a92e96d3d7cac893af255 Mon Sep 17 00:00:00 2001
-From: szukw000 <szukw000@arcor.de>
-Date: Fri, 9 Dec 2016 08:29:55 +0100
-Subject: [PATCH] These changes repair bugs of #871 and #872
-
-email from http://openwall.com/lists/oss-security/2016/12/09/4
-patch is against openjpeg-2.1.2, applies cleanly to 2.1.1.
-
----
- src/bin/jp2/converttif.c | 107 +++++++++++++++++++++++++++++++----------------
- 1 file changed, 70 insertions(+), 37 deletions(-)
-
-diff --git a/src/bin/jp2/converttif.c b/src/bin/jp2/converttif.c
-index 143d3be..c690f8b 100644
---- a/src/bin/jp2/converttif.c
-+++ b/src/bin/jp2/converttif.c
-@@ -553,20 +553,18 @@ static void tif_32sto16u(const OPJ_INT32* pSrc, OPJ_UINT16* pDst, OPJ_SIZE_T len
- 
- int imagetotif(opj_image_t * image, const char *outfile)
- {
--	int width, height;
--	int bps,adjust, sgnd;
--	int tiPhoto;
-+	uint32 width, height, bps, tiPhoto;
-+	int adjust, sgnd;
- 	TIFF *tif;
- 	tdata_t buf;
--	tsize_t strip_size;
-+	tmsize_t strip_size, rowStride;
- 	OPJ_UINT32 i, numcomps;
--	OPJ_SIZE_T rowStride;
- 	OPJ_INT32* buffer32s = NULL;
- 	OPJ_INT32 const* planes[4];
- 	convert_32s_PXCX cvtPxToCx = NULL;
- 	convert_32sXXx_C1R cvt32sToTif = NULL;
- 
--	bps = (int)image->comps[0].prec;
-+	bps = (uint32)image->comps[0].prec;
- 	planes[0] = image->comps[0].data;
- 	
- 	numcomps = image->numcomps;
-@@ -674,13 +672,13 @@ int imagetotif(opj_image_t * image, const char *outfile)
- 			break;
- 	}
- 	sgnd = (int)image->comps[0].sgnd;
--	adjust = sgnd ? 1 << (image->comps[0].prec - 1) : 0;
--	width   = (int)image->comps[0].w;
--	height  = (int)image->comps[0].h;
-+	adjust = sgnd ? (int)(1 << (image->comps[0].prec - 1)) : 0;
-+	width   = (uint32)image->comps[0].w;
-+	height  = (uint32)image->comps[0].h;
- 	
- 	TIFFSetField(tif, TIFFTAG_IMAGEWIDTH, width);
- 	TIFFSetField(tif, TIFFTAG_IMAGELENGTH, height);
--	TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, numcomps);
-+	TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, (uint32)numcomps);
- 	TIFFSetField(tif, TIFFTAG_BITSPERSAMPLE, bps);
- 	TIFFSetField(tif, TIFFTAG_ORIENTATION, ORIENTATION_TOPLEFT);
- 	TIFFSetField(tif, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG);
-@@ -688,8 +686,8 @@ int imagetotif(opj_image_t * image, const char *outfile)
- 	TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, 1);
- 	
- 	strip_size = TIFFStripSize(tif);
--	rowStride = ((OPJ_SIZE_T)width * numcomps * (OPJ_SIZE_T)bps + 7U) / 8U;
--	if (rowStride != (OPJ_SIZE_T)strip_size) {
-+	rowStride = (width * numcomps * bps + 7U) / 8U;
-+	if (rowStride != strip_size) {
- 		fprintf(stderr, "Invalid TIFF strip size\n");
- 		TIFFClose(tif);
- 		return 1;
-@@ -699,7 +697,7 @@ int imagetotif(opj_image_t * image, const char *outfile)
- 		TIFFClose(tif);
- 		return 1;
- 	}
--	buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)width * numcomps * sizeof(OPJ_INT32));
-+	buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof(OPJ_INT32)));
- 	if (buffer32s == NULL) {
- 		_TIFFfree(buf);
- 		TIFFClose(tif);
-@@ -1211,20 +1209,19 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
- 	TIFF *tif;
- 	tdata_t buf;
- 	tstrip_t strip;
--	tsize_t strip_size;
-+	tmsize_t strip_size;
- 	int j, currentPlane, numcomps = 0, w, h;
- 	OPJ_COLOR_SPACE color_space = OPJ_CLRSPC_UNKNOWN;
- 	opj_image_cmptparm_t cmptparm[4]; /* RGBA */
- 	opj_image_t *image = NULL;
- 	int has_alpha = 0;
--	unsigned short tiBps, tiPhoto, tiSf, tiSpp, tiPC;
--	unsigned int tiWidth, tiHeight;
-+	uint32 tiBps, tiPhoto, tiSf, tiSpp, tiPC, tiWidth, tiHeight;
- 	OPJ_BOOL is_cinema = OPJ_IS_CINEMA(parameters->rsiz);
- 	convert_XXx32s_C1R cvtTifTo32s = NULL;
- 	convert_32s_CXPX cvtCxToPx = NULL;
- 	OPJ_INT32* buffer32s = NULL;
- 	OPJ_INT32* planes[4];
--	OPJ_SIZE_T rowStride;
-+	tmsize_t rowStride;
- 	
- 	tif = TIFFOpen(filename, "r");
- 	
-@@ -1243,22 +1240,35 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
- 	TIFFGetField(tif, TIFFTAG_SAMPLESPERPIXEL, &tiSpp);
- 	TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &tiPhoto);
- 	TIFFGetField(tif, TIFFTAG_PLANARCONFIG, &tiPC);
--	w= (int)tiWidth;
--	h= (int)tiHeight;
--	
--	if(tiBps > 16U) {
--		fprintf(stderr,"tiftoimage: Bits=%d, Only 1 to 16 bits implemented\n",tiBps);
--		fprintf(stderr,"\tAborting\n");
-+
-+	if(tiSpp == 0 || tiSpp > 4) { /* should be 1 ... 4 */
-+		fprintf(stderr,"tiftoimage: Bad value for samples per pixel == %hu.\n"
-+		 "\tAborting.\n", tiSpp);
-+		TIFFClose(tif);
-+		return NULL;
-+	}
-+	if(tiBps > 16U || tiBps == 0) {
-+		fprintf(stderr,"tiftoimage: Bad values for Bits == %d.\n"
-+		 "\tMax. 16 Bits are allowed here.\n\tAborting.\n",tiBps);
- 		TIFFClose(tif);
- 		return NULL;
- 	}
- 	if(tiPhoto != PHOTOMETRIC_MINISBLACK && tiPhoto != PHOTOMETRIC_RGB) {
--		fprintf(stderr,"tiftoimage: Bad color format %d.\n\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto);
-+		fprintf(stderr,"tiftoimage: Bad color format %d.\n"
-+		 "\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto);
- 		fprintf(stderr,"\tAborting\n");
- 		TIFFClose(tif);
- 		return NULL;
- 	}
--	
-+	if(tiWidth == 0 || tiHeight == 0) {
-+		fprintf(stderr,"tiftoimage: Bad values for width(%u) "
-+		 "and/or height(%u)\n\tAborting.\n",tiWidth,tiHeight);
-+		TIFFClose(tif);
-+		return NULL;
-+	}
-+	w= (int)tiWidth;
-+	h= (int)tiHeight;
-+
- 	switch (tiBps) {
- 		case 1:
- 		case 2:
-@@ -1312,7 +1322,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
- 		
- 		TIFFGetFieldDefaulted(tif, TIFFTAG_EXTRASAMPLES,
- 													&extrasamples, &sampleinfo);
--		
-+
- 		if(extrasamples >= 1)
- 		{
- 			switch(sampleinfo[0])
-@@ -1333,7 +1343,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
- 		else /* extrasamples == 0 */
- 			if(tiSpp == 4 || tiSpp == 2) has_alpha = 1;
- 	}
--	
-+
- 	/* initialize image components */
- 	memset(&cmptparm[0], 0, 4 * sizeof(opj_image_cmptparm_t));
- 	
-@@ -1346,7 +1356,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
- 	} else {
- 		is_cinema = 0U;
- 	}
--	
-+
- 	if(tiPhoto == PHOTOMETRIC_RGB) /* RGB(A) */
- 	{
- 		numcomps = 3 + has_alpha;
-@@ -1384,10 +1394,24 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
- 	image->x0 = (OPJ_UINT32)parameters->image_offset_x0;
- 	image->y0 = (OPJ_UINT32)parameters->image_offset_y0;
- 	image->x1 =	!image->x0 ? (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1 :
--	image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1;
-+	 image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1;
-+	if(image->x1 <= image->x0) {
-+		fprintf(stderr,"tiftoimage: Bad value for image->x1(%d) vs. "
-+		 "image->x0(%d)\n\tAborting.\n",image->x1,image->x0);
-+		TIFFClose(tif);
-+		opj_image_destroy(image);
-+		return NULL;
-+	}
- 	image->y1 =	!image->y0 ? (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1 :
--	image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1;
--
-+	 image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1;
-+	if(image->y1 <= image->y0) {
-+		fprintf(stderr,"tiftoimage: Bad value for image->y1(%d) vs. "
-+		 "image->y0(%d)\n\tAborting.\n",image->y1,image->y0);
-+		TIFFClose(tif);
-+		opj_image_destroy(image);
-+		return NULL;
-+	}
-+	
- 	for(j = 0; j < numcomps; j++)
- 	{
- 		planes[j] = image->comps[j].data;
-@@ -1395,15 +1419,15 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
- 	image->comps[numcomps - 1].alpha = (OPJ_UINT16)(1 - (numcomps & 1));
- 		
- 	strip_size = TIFFStripSize(tif);
--	
-+
- 	buf = _TIFFmalloc(strip_size);
- 	if (buf == NULL) {
- 		TIFFClose(tif);
- 		opj_image_destroy(image);
- 		return NULL;
- 	}
--	rowStride = ((OPJ_SIZE_T)w * tiSpp * tiBps + 7U) / 8U;
--	buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)w * tiSpp * sizeof(OPJ_INT32));
-+	rowStride = (w * tiSpp * tiBps + 7U) / 8U;
-+	buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(w * tiSpp * sizeof(OPJ_INT32)));
- 	if (buffer32s == NULL) {
- 		_TIFFfree(buf);
- 		TIFFClose(tif);
-@@ -1421,11 +1445,20 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
- 		for(; (h > 0) && (strip < TIFFNumberOfStrips(tif)); strip++)
- 		{
- 				const OPJ_UINT8 *dat8;
--				OPJ_SIZE_T ssize;
-+				tmsize_t ssize;
- 				
--				ssize = (OPJ_SIZE_T)TIFFReadEncodedStrip(tif, strip, buf, strip_size);
-+				ssize = TIFFReadEncodedStrip(tif, strip, buf, strip_size);
-+				if(ssize < 1 || ssize > strip_size) {
-+					fprintf(stderr,"tiftoimage: Bad value for ssize(%ld) "
-+                     "vs. strip_size(%ld).\n\tAborting.\n",ssize,strip_size);
-+					_TIFFfree(buf);
-+					_TIFFfree(buffer32s);
-+					TIFFClose(tif);
-+					opj_image_destroy(image);
-+					return NULL;
-+				}
- 				dat8 = (const OPJ_UINT8*)buf;
--				
-+
- 				while (ssize >= rowStride) {
- 					cvtTifTo32s(dat8, buffer32s, (OPJ_SIZE_T)w * tiSpp);
- 					cvtCxToPx(buffer32s, planes, (OPJ_SIZE_T)w);
diff --git a/gnu/packages/patches/openjpeg-CVE-2017-12982.patch b/gnu/packages/patches/openjpeg-CVE-2017-12982.patch
new file mode 100644
index 0000000000..3929a73570
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2017-12982.patch
@@ -0,0 +1,28 @@
+http://openwall.com/lists/oss-security/2017/08/21/1
+https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch
+
+From baf0c1ad4572daa89caa3b12985bdd93530f0dd7 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Mon, 14 Aug 2017 17:26:58 +0200
+Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0
+ (#983)
+
+---
+ src/bin/jp2/convertbmp.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
+index b49e7a080..2715fdf24 100644
+--- a/src/bin/jp2/convertbmp.c
++++ b/src/bin/jp2/convertbmp.c
+@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header)
+ 
+     header->biBitCount  = (OPJ_UINT16)getc(IN);
+     header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8);
++    if (header->biBitCount == 0) {
++        fprintf(stderr, "Error, invalid biBitCount %d\n", 0);
++        return OPJ_FALSE;
++    }
+ 
+     if (header->biSize >= 40U) {
+         header->biCompression  = (OPJ_UINT32)getc(IN);
diff --git a/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
new file mode 100644
index 0000000000..74613cb632
--- /dev/null
+++ b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
@@ -0,0 +1,62 @@
+Fix CVE-2017-10788:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10788
+
+Patch written to match corrected documentation specifications:
+
+Old: http://web.archive.org/web/20161220021610/https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html
+New: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html
+
+The patch itself is from https://github.com/perl5-dbi/DBD-mysql/issues/120#issuecomment-312420660.
+
+From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001
+From: Pali <pali@cpan.org>
+Date: Sun, 25 Jun 2017 10:07:39 +0200
+Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close()
+
+Ignore return value from mysql_stmt_close() and also its error message
+because it points to freed memory after mysql_stmt_close() was called.
+---
+ dbdimp.c |    8 ++------
+ mysql.xs |    7 ++-----
+ 2 files changed, 4 insertions(+), 11 deletions(-)
+
+diff --git a/dbdimp.c b/dbdimp.c
+index c60a5f6..a6410e5 100644
+--- a/dbdimp.c
++++ b/dbdimp.c
+@@ -4894,12 +4894,8 @@ void dbd_st_destroy(SV *sth, imp_sth_t *imp_sth) {
+
+   if (imp_sth->stmt)
+   {
+-    if (mysql_stmt_close(imp_sth->stmt))
+-    {
+-      do_error(DBIc_PARENT_H(imp_sth), mysql_stmt_errno(imp_sth->stmt),
+-          mysql_stmt_error(imp_sth->stmt),
+-          mysql_stmt_sqlstate(imp_sth->stmt));
+-    }
++    mysql_stmt_close(imp_sth->stmt);
++    imp_sth->stmt= NULL;
+   }
+ #endif
+
+diff --git a/mysql.xs b/mysql.xs
+index 55376e1..affde59 100644
+--- a/mysql.xs
++++ b/mysql.xs
+@@ -434,11 +434,8 @@ do(dbh, statement, attr=Nullsv, ...)
+       if (bind)
+         Safefree(bind);
+
+-      if(mysql_stmt_close(stmt))
+-      {
+-        fprintf(stderr, "\n failed while closing the statement");
+-        fprintf(stderr, "\n %s", mysql_stmt_error(stmt));
+-      }
++      mysql_stmt_close(stmt);
++      stmt= NULL;
+
+       if (retval == -2) /* -2 means error */
+       {
+--
+1.7.9.5
diff --git a/gnu/packages/patches/perl-net-ssleay-disable-ede-test.patch b/gnu/packages/patches/perl-net-ssleay-disable-ede-test.patch
deleted file mode 100644
index 16f136fb54..0000000000
--- a/gnu/packages/patches/perl-net-ssleay-disable-ede-test.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-Disable a test that fails with openssl-1.0.2b.
-
---- Net-SSLeay-1.68/t/local/33_x509_create_cert.t.orig	2014-06-07 02:01:39.000000000 -0400
-+++ Net-SSLeay-1.68/t/local/33_x509_create_cert.t	2015-06-12 03:38:57.620286888 -0400
-@@ -2,7 +2,7 @@
- 
- use strict;
- use warnings;
--use Test::More tests => 123;
-+use Test::More tests => 122;
- use Net::SSLeay qw/MBSTRING_ASC MBSTRING_UTF8 EVP_PK_RSA EVP_PKT_SIGN EVP_PKT_ENC/;
- use File::Spec;
- use utf8;
-@@ -101,7 +101,8 @@
-   like(my $key_pem3 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg1), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg");
-   
-   ok(my $alg2 = Net::SSLeay::EVP_get_cipherbyname("DES-EDE3-OFB"), "EVP_get_cipherbyname");
--  like(my $key_pem4 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg2), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg");
-+  # This test fails with openssl-1.0.2b
-+  #like(my $key_pem4 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg2), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg");
-   
-   is(Net::SSLeay::X509_NAME_print_ex($name), "O=Company Name,C=UK,CN=Common name text X509", "X509_NAME_print_ex");  
- 
diff --git a/gnu/packages/patches/perl-no-sys-dirs.patch b/gnu/packages/patches/perl-no-sys-dirs.patch
index da91fef3b4..31d53e0353 100644
--- a/gnu/packages/patches/perl-no-sys-dirs.patch
+++ b/gnu/packages/patches/perl-no-sys-dirs.patch
@@ -1,6 +1,7 @@
 Don't look for headers and libraries in "traditional" locations.
 
-Patch from Nixpkgs by Eelco Dolstra <eelco.dolstra@logicblox.com>.
+Patch adapted from Nixpkgs, originally by Eelco Dolstra
+<eelco.dolstra@logicblox.com>.
 
 diff -ru -x '*~' -x '*.rej' perl-5.20.0-orig/Configure perl-5.20.0/Configure
 --- perl-5.20.0-orig/Configure	2014-05-26 15:34:18.000000000 +0200
@@ -185,39 +186,6 @@ diff -ru -x '*~' -x '*.rej' perl-5.20.0-orig/hints/linux.sh perl-5.20.0/hints/li
  case "$plibpth" in
  '') plibpth=`LANG=C LC_ALL=C $gcc $ccflags $ldflags -print-search-dirs | grep libraries |
  	cut -f2- -d= | tr ':' $trnl | grep -v 'gcc' | sed -e 's:/$::'`
-@@ -178,32 +159,6 @@
-     ;;
- esac
- 
--case "$libc" in
--'')
--# If you have glibc, then report the version for ./myconfig bug reporting.
--# (Configure doesn't need to know the specific version since it just uses
--# gcc to load the library for all tests.)
--# We don't use __GLIBC__ and  __GLIBC_MINOR__ because they
--# are insufficiently precise to distinguish things like
--# libc-2.0.6 and libc-2.0.7.
--    for p in $plibpth
--    do
--        for trylib in libc.so.6 libc.so
--        do
--            if $test -e $p/$trylib; then
--                libc=`ls -l $p/$trylib | awk '{print $NF}'`
--                if $test "X$libc" != X; then
--                    break
--                fi
--            fi
--        done
--        if $test "X$libc" != X; then
--            break
--        fi
--    done
--    ;;
--esac
--
- # Are we using ELF?  Thanks to Kenneth Albanowski <kjahds@kjahds.com>
- # for this test.
- cat >try.c <<'EOM'
 @@ -367,33 +322,6 @@
  	;;
  esac
@@ -252,3 +220,40 @@ diff -ru -x '*~' -x '*.rej' perl-5.20.0-orig/hints/linux.sh perl-5.20.0/hints/li
  # Linux on Synology.
  if [ -f /etc/synoinfo.conf -a -d /usr/syno ]; then
      # Tested on Synology DS213 and DS413
+diff --git a/hints/linux.sh b/hints/linux.sh
+index 3f38ea0..97aed11 100644
+--- a/hints/linux.sh
++++ b/hints/linux.sh
+@@ -195,32 +195,6 @@ case "$usequadmath" in
+   ;;
+ esac
+ 
+-case "$libc" in
+-'')
+-# If you have glibc, then report the version for ./myconfig bug reporting.
+-# (Configure doesn't need to know the specific version since it just uses
+-# gcc to load the library for all tests.)
+-# We don't use __GLIBC__ and  __GLIBC_MINOR__ because they
+-# are insufficiently precise to distinguish things like
+-# libc-2.0.6 and libc-2.0.7.
+-    for p in $plibpth
+-    do
+-        for trylib in libc.so.6 libc.so
+-        do
+-            if $test -e $p/$trylib; then
+-                libc=`ls -l $p/$trylib | awk '{print $NF}'`
+-                if $test "X$libc" != X; then
+-                    break
+-                fi
+-            fi
+-        done
+-        if $test "X$libc" != X; then
+-            break
+-        fi
+-    done
+-    ;;
+-esac
+-
+ if ${sh:-/bin/sh} -c exit; then
+   echo ''
+   echo 'You appear to have a working bash.  Good.'
diff --git a/gnu/packages/patches/poppler-CVE-2017-9776.patch b/gnu/packages/patches/poppler-CVE-2017-9776.patch
deleted file mode 100644
index 17a2807171..0000000000
--- a/gnu/packages/patches/poppler-CVE-2017-9776.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Fix CVE-2017-9776:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776
-https://bugs.freedesktop.org/show_bug.cgi?id=101541
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/poppler/poppler/commit/?id=a3a98a6d83dfbf49f565f5aa2d7c07153a7f62fc
-
-From 55db66c69fd56826b8523710046deab1a8d14ba2 Mon Sep 17 00:00:00 2001
-From: Albert Astals Cid <aacid@kde.org>
-Date: Wed, 21 Jun 2017 00:55:20 +0200
-Subject: [PATCH] Fix crash in malformed documents
-
----
- poppler/JBIG2Stream.cc | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
-index 48535883..d89108c8 100644
---- a/poppler/JBIG2Stream.cc
-+++ b/poppler/JBIG2Stream.cc
-@@ -896,7 +896,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y,
-   oneByte = x0 == ((x1 - 1) & ~7);
- 
-   for (yy = y0; yy < y1; ++yy) {
--    if (unlikely(y + yy) >= h)
-+    if (unlikely((y + yy >= h) || (y + yy < 0)))
-       continue;
- 
-     // one byte per line -- need to mask both left and right side
--- 
-2.13.2
-
diff --git a/gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch b/gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch
deleted file mode 100644
index 353a16e322..0000000000
--- a/gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-Copied from:
-
-  https://cgit.freedesktop.org/poppler/poppler/patch/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a
-
-From 5c9b08a875b07853be6c44e43ff5f7f059df666a Mon Sep 17 00:00:00 2001
-From: Albert Astals Cid <aacid@kde.org>
-Date: Sat, 27 May 2017 00:09:17 +0200
-Subject: pdfunite: Fix crash with broken documents
-
-Sometimes we can't parse pages so check before accessing them
-
-Thanks to Jiaqi Peng for the report
-
-Fixes bugs #101153 and #101149
-
-diff --git a/utils/pdfunite.cc b/utils/pdfunite.cc
-index dfe48bf..c32e201 100644
---- a/utils/pdfunite.cc
-+++ b/utils/pdfunite.cc
-@@ -7,7 +7,7 @@
- // Copyright (C) 2011-2015, 2017 Thomas Freitag <Thomas.Freitag@alfa.de>
- // Copyright (C) 2012 Arseny Solokha <asolokha@gmx.com>
- // Copyright (C) 2012 Fabio D'Urso <fabiodurso@hotmail.it>
--// Copyright (C) 2012, 2014 Albert Astals Cid <aacid@kde.org>
-+// Copyright (C) 2012, 2014, 2017 Albert Astals Cid <aacid@kde.org>
- // Copyright (C) 2013 Adrian Johnson <ajohnson@redneon.com>
- // Copyright (C) 2013 Hib Eris <hib@hiberis.nl>
- // Copyright (C) 2015 Arthur Stavisky <vovodroid@gmail.com>
-@@ -268,15 +268,15 @@ int main (int argc, char *argv[])
-     catDict->lookup("OutputIntents", &intents);
-     catDict->lookupNF("AcroForm", &afObj);
-     Ref *refPage = docs[0]->getCatalog()->getPageRef(1);
--    if (!afObj.isNull()) {
-+    if (!afObj.isNull() && refPage) {
-       docs[0]->markAcroForm(&afObj, yRef, countRef, 0, refPage->num, refPage->num);
-     }
-     catDict->lookupNF("OCProperties", &ocObj);
--    if (!ocObj.isNull() && ocObj.isDict()) {
-+    if (!ocObj.isNull() && ocObj.isDict() && refPage) {
-       docs[0]->markPageObjects(ocObj.getDict(), yRef, countRef, 0, refPage->num, refPage->num);
-     }
-     catDict->lookup("Names", &names);
--    if (!names.isNull() && names.isDict()) {
-+    if (!names.isNull() && names.isDict() && refPage) {
-       docs[0]->markPageObjects(names.getDict(), yRef, countRef, 0, refPage->num, refPage->num);
-     }
-     if (intents.isArray() && intents.arrayGetLength() > 0) {
-@@ -353,6 +353,10 @@ int main (int argc, char *argv[])
- 
-   for (i = 0; i < (int) docs.size(); i++) {
-     for (j = 1; j <= docs[i]->getNumPages(); j++) {
-+      if (!docs[i]->getCatalog()->getPage(j)) {
-+        continue;
-+      }
-+
-       PDFRectangle *cropBox = NULL;
-       if (docs[i]->getCatalog()->getPage(j)->isCropped())
-         cropBox = docs[i]->getCatalog()->getPage(j)->getCropBox();
--- 
-cgit v0.10.2
-
diff --git a/gnu/packages/patches/python-cython-fix-tests-32bit.patch b/gnu/packages/patches/python-cython-fix-tests-32bit.patch
deleted file mode 100644
index 7ccc11dd4c..0000000000
--- a/gnu/packages/patches/python-cython-fix-tests-32bit.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-This fixes a test failure on 32-bit platforms.
-
-Upstream bug URL: https://github.com/cython/cython/issues/1548
-
-Patch copied from upstream source repository:
-
-https://github.com/cython/cython/commit/d92a718a26c9354fbf35f31a17de5c069865a447
-
-From d92a718a26c9354fbf35f31a17de5c069865a447 Mon Sep 17 00:00:00 2001
-From: Robert Bradshaw <robertwb@gmail.com>
-Date: Tue, 24 Jan 2017 16:57:00 -0800
-Subject: [PATCH] Normalize possible L suffix.
-
----
- tests/run/cpdef_enums.pyx | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/run/cpdef_enums.pyx b/tests/run/cpdef_enums.pyx
-index 167c762..c264ec5 100644
---- a/tests/run/cpdef_enums.pyx
-+++ b/tests/run/cpdef_enums.pyx
-@@ -93,4 +93,4 @@ def verify_resolution_GH1533():
-     3
-     """
-     THREE = 100
--    return PyxEnum.THREE
-+    return int(PyxEnum.THREE)
diff --git a/gnu/packages/patches/python-fake-factory-fix-build-32bit.patch b/gnu/packages/patches/python-fake-factory-fix-build-32bit.patch
deleted file mode 100644
index cb60896fad..0000000000
--- a/gnu/packages/patches/python-fake-factory-fix-build-32bit.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-These tests fail on 32-bit due to an overflow.
-
-Upstream bug URL: https://github.com/joke2k/faker/issues/408
-
-diff --git a/faker/tests/__init__.py b/faker/tests/__init__.py
-index 6026772..58b6b83 100644
---- a/faker/tests/__init__.py
-+++ b/faker/tests/__init__.py
-@@ -384,7 +384,6 @@ class FactoryTestCase(unittest.TestCase):
-         provider = Provider
-         # test century
-         self.assertTrue(self._datetime_to_time(provider.date_time_this_century(after_now=False)) <= self._datetime_to_time(datetime.datetime.now()))
--        self.assertTrue(self._datetime_to_time(provider.date_time_this_century(before_now=False, after_now=True)) >= self._datetime_to_time(datetime.datetime.now()))
-         # test decade
-         self.assertTrue(self._datetime_to_time(provider.date_time_this_decade(after_now=False)) <= self._datetime_to_time(datetime.datetime.now()))
-         self.assertTrue(self._datetime_to_time(provider.date_time_this_decade(before_now=False, after_now=True)) >= self._datetime_to_time(datetime.datetime.now()))
-@@ -413,8 +412,6 @@ class FactoryTestCase(unittest.TestCase):
- 
-         # ensure all methods provide timezone aware datetimes
-         with self.assertRaises(TypeError):
--            provider.date_time_this_century(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now()
--        with self.assertRaises(TypeError):
-             provider.date_time_this_decade(after_now=False, tzinfo=utc) <= datetime.datetime.now()
-         with self.assertRaises(TypeError):
-             provider.date_time_this_year(after_now=False, tzinfo=utc) <= datetime.datetime.now()
-@@ -423,7 +420,6 @@ class FactoryTestCase(unittest.TestCase):
- 
-         # test century
-         self.assertTrue(provider.date_time_this_century(after_now=False, tzinfo=utc) <= datetime.datetime.now(utc))
--        self.assertTrue(provider.date_time_this_century(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now(utc))
-         # test decade
-         self.assertTrue(provider.date_time_this_decade(after_now=False, tzinfo=utc) <= datetime.datetime.now(utc))
-         self.assertTrue(provider.date_time_this_decade(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now(utc))
--- 
-2.11.1
-
diff --git a/gnu/packages/patches/python-file-double-encoding-bug.patch b/gnu/packages/patches/python-file-double-encoding-bug.patch
deleted file mode 100644
index bbe825c36a..0000000000
--- a/gnu/packages/patches/python-file-double-encoding-bug.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-Fix bug that breaks file's Python bindings when using Python 3. This patch
-should not be applied when using Python 2.
-
-Copied from upstream source repository:
-
-https://github.com/file/file/commit/73e043d2a986234b187a00ed0c8d1f7bf83df372
-
-From 73e043d2a986234b187a00ed0c8d1f7bf83df372 Mon Sep 17 00:00:00 2001
-From: Christos Zoulas <christos@zoulas.com>
-Date: Tue, 28 Jun 2016 17:10:22 +0000
-Subject: [PATCH] PR/562: Reiner Herrmann: Avoid double encoding with python3
-
----
- python/magic.py | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/python/magic.py b/python/magic.py
-index c48f7d5..b0f7a17 100644
---- a/python/magic.py
-+++ b/python/magic.py
-@@ -134,7 +134,7 @@ class Magic(object):
-         if isinstance(r, str):
-             return r
-         else:
--            return str(r).encode('utf-8')
-+            return str(r, 'utf-8')
- 
-     def descriptor(self, fd):
-         """
-@@ -152,7 +152,7 @@ class Magic(object):
-         if isinstance(r, str):
-             return r
-         else:
--            return str(r).encode('utf-8')
-+            return str(r, 'utf-8')
- 
-     def error(self):
-         """
-@@ -163,7 +163,7 @@ class Magic(object):
-         if isinstance(e, str):
-             return e
-         else:
--            return str(e).encode('utf-8')
-+            return str(e, 'utf-8')
- 
-     def setflags(self, flags):
-         """
--- 
-2.10.1
-
diff --git a/gnu/packages/patches/python-pbr-fix-man-page-support.patch b/gnu/packages/patches/python-pbr-fix-man-page-support.patch
deleted file mode 100644
index b9036f5b01..0000000000
--- a/gnu/packages/patches/python-pbr-fix-man-page-support.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-See: https://bugs.launchpad.net/oslosphinx/+bug/1661861
-diff -ur orig/pbr-1.10.0/pbr/builddoc.py pbr-1.10.0/pbr/builddoc.py
---- orig/pbr-1.10.0/pbr/builddoc.py	2016-05-23 21:38:18.000000000 +0200
-+++ pbr-1.10.0/pbr/builddoc.py	2017-02-18 14:01:37.424434317 +0100
-@@ -138,7 +138,8 @@
-             sphinx_config.init_values(warnings.warn)
-         else:
-             sphinx_config.init_values()
--        if self.builder == 'man' and len(sphinx_config.man_pages) == 0:
-+        if self.builder == 'man' and len(
-+                getattr(sphinx_config, 'man_pages', '')) == 0:
-             return
-         app = application.Sphinx(
-             self.source_dir, self.config_dir,
-diff -ur orig/pbr-1.10.0/pbr/util.py pbr-1.10.0/pbr/util.py
---- orig/pbr-1.10.0/pbr/util.py	2016-05-23 21:38:18.000000000 +0200
-+++ pbr-1.10.0/pbr/util.py	2017-02-18 15:36:32.951196795 +0100
-@@ -211,7 +211,9 @@
-     parser.read(path)
-     config = {}
-     for section in parser.sections():
--        config[section] = dict(parser.items(section))
-+        config[section] = dict()
-+        for k, value in parser.items(section):
-+            config[section][k.replace('-', '_')] = value
- 
-     # Run setup_hooks, if configured
-     setup_hooks = has_get_option(config, 'global', 'setup_hooks')
diff --git a/gnu/packages/patches/python-pygit2-disable-network-tests.patch b/gnu/packages/patches/python-pygit2-disable-network-tests.patch
index e46d244807..5578e4c375 100644
--- a/gnu/packages/patches/python-pygit2-disable-network-tests.patch
+++ b/gnu/packages/patches/python-pygit2-disable-network-tests.patch
@@ -1,64 +1,43 @@
 Disable tests trying to look up remote servers.
 
 diff --git a/test/test_credentials.py b/test/test_credentials.py
-index 92482d9..9a281e5 100644
 --- a/test/test_credentials.py
 +++ b/test/test_credentials.py
-@@ -68,39 +68,5 @@ class CredentialCreateTest(utils.NoRepoTestCase):
+@@ -68,6 +68,7 @@ class CredentialCreateTest(utils.NoRepoTestCase):
          self.assertEqual((username, None, None, None), cred.credential_tuple)
  
  
--class CredentialCallback(utils.RepoTestCase):
--    def test_callback(self):
--        class MyCallbacks(pygit2.RemoteCallbacks):
--            @staticmethod
--            def credentials(url, username, allowed):
--                self.assertTrue(allowed & GIT_CREDTYPE_USERPASS_PLAINTEXT)
--                raise Exception("I don't know the password")
--
--        url = "https://github.com/github/github"
--        remote = self.repo.create_remote("github", url)
--
--        self.assertRaises(Exception, lambda: remote.fetch(callbacks=MyCallbacks()))
--
--    def test_bad_cred_type(self):
--        class MyCallbacks(pygit2.RemoteCallbacks):
--            @staticmethod
--            def credentials(url, username, allowed):
--                self.assertTrue(allowed & GIT_CREDTYPE_USERPASS_PLAINTEXT)
--                return Keypair("git", "foo.pub", "foo", "sekkrit")
--
--        url = "https://github.com/github/github"
--        remote = self.repo.create_remote("github", url)
--        self.assertRaises(TypeError, lambda: remote.fetch(callbacks=MyCallbacks()))
--
--class CallableCredentialTest(utils.RepoTestCase):
--
--    def test_user_pass(self):
--        credentials = UserPass("libgit2", "libgit2")
--        callbacks = pygit2.RemoteCallbacks(credentials=credentials)
--
--        url = "https://bitbucket.org/libgit2/testgitrepository.git"
--        remote = self.repo.create_remote("bb", url)
--        remote.fetch(callbacks=callbacks)
--
- if __name__ == '__main__':
-     unittest.main()
++@unittest.skipIf(True, "network tests are not supported in Guix")
+ class CredentialCallback(utils.RepoTestCase):
+     def test_callback(self):
+         class MyCallbacks(pygit2.RemoteCallbacks):
+@@ -92,6 +93,7 @@ class CredentialCallback(utils.RepoTestCase):
+         remote = self.repo.create_remote("github", url)
+         self.assertRaises(TypeError, lambda: remote.fetch(callbacks=MyCallbacks()))
+ 
++@unittest.skipIf(True, "network tests are not supported in Guix")
+ class CallableCredentialTest(utils.RepoTestCase):
+ 
+     def test_user_pass(self):
 diff --git a/test/test_repository.py b/test/test_repository.py
-index cfdf01e..c0d8de4 100644
 --- a/test/test_repository.py
 +++ b/test/test_repository.py
-@@ -538,13 +538,6 @@ class CloneRepositoryTest(utils.NoRepoTestCase):
+@@ -573,6 +573,7 @@ class CloneRepositoryTest(utils.NoRepoTestCase):
          self.assertTrue('refs/remotes/custom_remote/master' in repo.listall_references())
          self.assertIsNotNone(repo.remotes["custom_remote"])
  
--    def test_clone_with_credentials(self):
--        repo = clone_repository(
--            "https://bitbucket.org/libgit2/testgitrepository.git",
--            self._temp_dir, callbacks=pygit2.RemoteCallbacks(credentials=pygit2.UserPass("libgit2", "libgit2")))
--
--        self.assertFalse(repo.is_empty)
--
-     def test_clone_with_checkout_branch(self):
-         # create a test case which isolates the remote
-         test_repo = clone_repository('./test/data/testrepo.git',
++    @unittest.skipIf(True, "network tests are not supported in Guix")
+     def test_clone_with_credentials(self):
+         repo = clone_repository(
+             "https://bitbucket.org/libgit2/testgitrepository.git",
+diff --git a/test/test_submodule.py b/test/test_submodule.py
+--- a/test/test_submodule.py
++++ b/test/test_submodule.py
+@@ -42,6 +42,7 @@ SUBM_PATH = 'submodule'
+ SUBM_URL = 'https://github.com/libgit2/pygit2'
+ SUBM_HEAD_SHA = '819cbff552e46ac4b8d10925cc422a30aa04e78e'
+ 
++@unittest.skipIf(True, "network tests are not supported in Guix")
+ class SubmoduleTest(utils.SubmoduleRepoTestCase):
+ 
+     def test_lookup_submodule(self):
diff --git a/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch b/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch
deleted file mode 100644
index 06b2f4fe03..0000000000
--- a/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Resolves a test failure on 32-bit platforms.
-
-https://github.com/pyca/pyopenssl/issues/657
-
-Patch copied from upstream source repository:
-
-https://github.com/pyca/pyopenssl/commit/ecc0325479c0d5c5f2ca88b4550e87cdb59d6c95
-
-From ecc0325479c0d5c5f2ca88b4550e87cdb59d6c95 Mon Sep 17 00:00:00 2001
-From: Alex Gaynor <alex.gaynor@gmail.com>
-Date: Thu, 6 Jul 2017 22:14:44 -0400
-Subject: [PATCH] Fixed #657 -- handle OverflowErrors on large allocation
- requests
-
----
- tests/test_rand.py | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/tests/test_rand.py b/tests/test_rand.py
-index bdd3af08..6adf72a1 100644
---- a/tests/test_rand.py
-+++ b/tests/test_rand.py
-@@ -32,10 +32,10 @@ def test_bytes_wrong_args(self, args):
- 
-     def test_insufficient_memory(self):
-         """
--        `OpenSSL.rand.bytes` raises `MemoryError` if more bytes are requested
--        than will fit in memory.
-+        `OpenSSL.rand.bytes` raises `MemoryError` or `OverflowError` if more
-+        bytes are requested than will fit in memory.
-         """
--        with pytest.raises(MemoryError):
-+        with pytest.raises((MemoryError, OverflowError)):
-             rand.bytes(sys.maxsize)
- 
-     def test_bytes(self):
diff --git a/gnu/packages/patches/qemu-CVE-2017-10664.patch b/gnu/packages/patches/qemu-CVE-2017-10664.patch
new file mode 100644
index 0000000000..2b60de3dca
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-10664.patch
@@ -0,0 +1,27 @@
+Fix CVE-2017-10664:
+
+https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html
+https://bugzilla.redhat.com/show_bug.cgi?id=1466190
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10664
+https://security-tracker.debian.org/tracker/CVE-2017-10664
+
+Patch copied from upstream source repository:
+
+https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commitdiff;h=041e32b8d9d076980b4e35317c0339e57ab888f1
+
+diff --git a/qemu-nbd.c b/qemu-nbd.c
+index 9464a0461c..4dd3fd4732 100644
+--- a/qemu-nbd.c
++++ b/qemu-nbd.c
+@@ -581,6 +581,10 @@ int main(int argc, char **argv)
+     sa_sigterm.sa_handler = termsig_handler;
+     sigaction(SIGTERM, &sa_sigterm, NULL);
+ 
++#ifdef CONFIG_POSIX
++    signal(SIGPIPE, SIG_IGN);
++#endif
++
+     module_call_init(MODULE_INIT_TRACE);
+     qcrypto_init(&error_fatal);
+ 
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-10806.patch b/gnu/packages/patches/qemu-CVE-2017-10806.patch
new file mode 100644
index 0000000000..ebf782fe7b
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-10806.patch
@@ -0,0 +1,38 @@
+Fix CVE-2017-10806:
+
+https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html
+https://bugzilla.redhat.com/show_bug.cgi?id=1468496
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10806
+https://security-tracker.debian.org/tracker/CVE-2017-10806
+
+Patch copied from upstream source repository:
+
+https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bd4a683505b27adc1ac809f71e918e58573d851d
+
+diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
+index b001a27f05..ad5ef783a6 100644
+--- a/hw/usb/redirect.c
++++ b/hw/usb/redirect.c
+@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg)
+ static void usbredir_log_data(USBRedirDevice *dev, const char *desc,
+     const uint8_t *data, int len)
+ {
+-    int i, j, n;
+-
+     if (dev->debug < usbredirparser_debug_data) {
+         return;
+     }
+-
+-    for (i = 0; i < len; i += j) {
+-        char buf[128];
+-
+-        n = sprintf(buf, "%s", desc);
+-        for (j = 0; j < 8 && i + j < len; j++) {
+-            n += sprintf(buf + n, " %02X", data[i + j]);
+-        }
+-        error_report("%s", buf);
+-    }
++    qemu_hexdump((char *)data, stderr, desc, len);
+ }
+ 
+ /*
diff --git a/gnu/packages/patches/qemu-CVE-2017-10911.patch b/gnu/packages/patches/qemu-CVE-2017-10911.patch
new file mode 100644
index 0000000000..1dcb860a2d
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-10911.patch
@@ -0,0 +1,106 @@
+Fix CVE-2017-10911:
+
+https://xenbits.xen.org/xsa/advisory-216.html
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10911
+https://security-tracker.debian.org/tracker/CVE-2017-10911
+
+Patch copied from Xen Security Advisory:
+
+https://xenbits.xen.org/xsa/xsa216-qemuu.patch
+
+--- a/hw/block/xen_blkif.h
++++ b/hw/block/xen_blkif.h
+@@ -14,9 +14,6 @@
+ struct blkif_common_request {
+     char dummy;
+ };
+-struct blkif_common_response {
+-    char dummy;
+-};
+ 
+ /* i386 protocol version */
+ #pragma pack(push, 4)
+@@ -36,13 +33,7 @@ struct blkif_x86_32_request_discard {
+     blkif_sector_t sector_number;    /* start sector idx on disk (r/w only)  */
+     uint64_t       nr_sectors;       /* # of contiguous sectors to discard   */
+ };
+-struct blkif_x86_32_response {
+-    uint64_t        id;              /* copied from request */
+-    uint8_t         operation;       /* copied from request */
+-    int16_t         status;          /* BLKIF_RSP_???       */
+-};
+ typedef struct blkif_x86_32_request blkif_x86_32_request_t;
+-typedef struct blkif_x86_32_response blkif_x86_32_response_t;
+ #pragma pack(pop)
+ 
+ /* x86_64 protocol version */
+@@ -62,20 +53,14 @@ struct blkif_x86_64_request_discard {
+     blkif_sector_t sector_number;    /* start sector idx on disk (r/w only)  */
+     uint64_t       nr_sectors;       /* # of contiguous sectors to discard   */
+ };
+-struct blkif_x86_64_response {
+-    uint64_t       __attribute__((__aligned__(8))) id;
+-    uint8_t         operation;       /* copied from request */
+-    int16_t         status;          /* BLKIF_RSP_???       */
+-};
+ typedef struct blkif_x86_64_request blkif_x86_64_request_t;
+-typedef struct blkif_x86_64_response blkif_x86_64_response_t;
+ 
+ DEFINE_RING_TYPES(blkif_common, struct blkif_common_request,
+-                  struct blkif_common_response);
++                  struct blkif_response);
+ DEFINE_RING_TYPES(blkif_x86_32, struct blkif_x86_32_request,
+-                  struct blkif_x86_32_response);
++                  struct blkif_response QEMU_PACKED);
+ DEFINE_RING_TYPES(blkif_x86_64, struct blkif_x86_64_request,
+-                  struct blkif_x86_64_response);
++                  struct blkif_response);
+ 
+ union blkif_back_rings {
+     blkif_back_ring_t        native;
+--- a/hw/block/xen_disk.c
++++ b/hw/block/xen_disk.c
+@@ -769,31 +769,30 @@ static int blk_send_response_one(struct
+     struct XenBlkDev  *blkdev = ioreq->blkdev;
+     int               send_notify   = 0;
+     int               have_requests = 0;
+-    blkif_response_t  resp;
+-    void              *dst;
+-
+-    resp.id        = ioreq->req.id;
+-    resp.operation = ioreq->req.operation;
+-    resp.status    = ioreq->status;
++    blkif_response_t  *resp;
+ 
+     /* Place on the response ring for the relevant domain. */
+     switch (blkdev->protocol) {
+     case BLKIF_PROTOCOL_NATIVE:
+-        dst = RING_GET_RESPONSE(&blkdev->rings.native, blkdev->rings.native.rsp_prod_pvt);
++        resp = RING_GET_RESPONSE(&blkdev->rings.native,
++                                 blkdev->rings.native.rsp_prod_pvt);
+         break;
+     case BLKIF_PROTOCOL_X86_32:
+-        dst = RING_GET_RESPONSE(&blkdev->rings.x86_32_part,
+-                                blkdev->rings.x86_32_part.rsp_prod_pvt);
++        resp = RING_GET_RESPONSE(&blkdev->rings.x86_32_part,
++                                 blkdev->rings.x86_32_part.rsp_prod_pvt);
+         break;
+     case BLKIF_PROTOCOL_X86_64:
+-        dst = RING_GET_RESPONSE(&blkdev->rings.x86_64_part,
+-                                blkdev->rings.x86_64_part.rsp_prod_pvt);
++        resp = RING_GET_RESPONSE(&blkdev->rings.x86_64_part,
++                                 blkdev->rings.x86_64_part.rsp_prod_pvt);
+         break;
+     default:
+-        dst = NULL;
+         return 0;
+     }
+-    memcpy(dst, &resp, sizeof(resp));
++
++    resp->id        = ioreq->req.id;
++    resp->operation = ioreq->req.operation;
++    resp->status    = ioreq->status;
++
+     blkdev->rings.common.rsp_prod_pvt++;
+ 
+     RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&blkdev->rings.common, send_notify);
diff --git a/gnu/packages/patches/qemu-CVE-2017-11334.patch b/gnu/packages/patches/qemu-CVE-2017-11334.patch
new file mode 100644
index 0000000000..cb68c803aa
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-11334.patch
@@ -0,0 +1,52 @@
+Fix CVE-2017-11334:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1471638
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11334
+
+Patch copied from upstream source repository:
+
+http://git.qemu.org/?p=qemu.git;a=commitdiff;h=04bf2526ce87f21b32c9acba1c5518708c243ad0
+
+From 04bf2526ce87f21b32c9acba1c5518708c243ad0 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Wed, 12 Jul 2017 18:08:40 +0530
+Subject: [PATCH] exec: use qemu_ram_ptr_length to access guest ram
+
+When accessing guest's ram block during DMA operation, use
+'qemu_ram_ptr_length' to get ram block pointer. It ensures
+that DMA operation of given length is possible; And avoids
+any OOB memory access situations.
+
+Reported-by: Alex <broscutamaker@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-Id: <20170712123840.29328-1-ppandit@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ exec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/exec.c b/exec.c
+index a083ff89ad..ad103ce483 100644
+--- a/exec.c
++++ b/exec.c
+@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
+             }
+         } else {
+             /* RAM case */
+-            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
+             memcpy(ptr, buf, l);
+             invalidate_and_set_dirty(mr, addr1, l);
+         }
+@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
+             }
+         } else {
+             /* RAM case */
+-            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
+             memcpy(buf, ptr, l);
+         }
+ 
+-- 
+2.13.3
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-11434.patch b/gnu/packages/patches/qemu-CVE-2017-11434.patch
new file mode 100644
index 0000000000..4da701a73d
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-11434.patch
@@ -0,0 +1,25 @@
+Fix CVE-2017-11434:
+
+https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html
+https://bugzilla.redhat.com/show_bug.cgi?id=1472611
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11434
+https://security-tracker.debian.org/tracker/CVE-2017-11434
+
+Patch copied from upstream source repository:
+
+https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=413d463f43fbc4dd3a601e80a5724aa384a265a0
+
+diff --git a/slirp/bootp.c b/slirp/bootp.c
+index 5a4646c182..5dd1a415b5 100644
+--- a/slirp/bootp.c
++++ b/slirp/bootp.c
+@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
+             if (p >= p_end)
+                 break;
+             len = *p++;
++            if (p + len > p_end) {
++                break;
++            }
+             DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
+ 
+             switch(tag) {
diff --git a/gnu/packages/patches/qemu-CVE-2017-12809.patch b/gnu/packages/patches/qemu-CVE-2017-12809.patch
new file mode 100644
index 0000000000..e40a14b4e0
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-12809.patch
@@ -0,0 +1,38 @@
+http://openwall.com/lists/oss-security/2017/08/21/2
+https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html
+
+The block backend changed in a way that flushing empty CDROM drives now
+crashes.  Amend IDE to avoid doing so until the root problem can be
+addressed for 2.11.
+
+Original patch by John Snow <address@hidden>.
+
+Reported-by: Kieron Shorrock <address@hidden>
+Signed-off-by: Stefan Hajnoczi <address@hidden>
+---
+ hw/ide/core.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/hw/ide/core.c b/hw/ide/core.c
+index 0b48b64d3a..bea39536b0 100644
+--- a/hw/ide/core.c
++++ b/hw/ide/core.c
+@@ -1063,7 +1063,15 @@ static void ide_flush_cache(IDEState *s)
+     s->status |= BUSY_STAT;
+     ide_set_retry(s);
+     block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH);
+-    s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s);
++
++    if (blk_bs(s->blk)) {
++        s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s);
++    } else {
++        /* XXX blk_aio_flush() crashes when blk_bs(blk) is NULL, remove this
++         * temporary workaround when blk_aio_*() functions handle NULL blk_bs.
++         */
++        ide_flush_cb(s, 0);
++    }
+ }
+      
+ static void ide_cfata_metadata_inquiry(IDEState *s)
+-- 
+2.13.3
diff --git a/gnu/packages/patches/quassel-fix-tls-check.patch b/gnu/packages/patches/quassel-fix-tls-check.patch
new file mode 100644
index 0000000000..057bc02a14
--- /dev/null
+++ b/gnu/packages/patches/quassel-fix-tls-check.patch
@@ -0,0 +1,25 @@
+This allows quasselclient to connect to SSL-enabled quasselcore instances.
+
+The check in qglobal.h requires -fPIC (not -fPIE as it is now). When this check
+fails SSL / TLS is disabled.
+
+This patch comes from the upstream source repository [0] and can be
+removed when the next version is packaged.
+
+[0] https://github.com/quassel/quassel/commit/4768c9e99f99b581d4e32e797db91d0182391696
+
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -428,6 +428,11 @@ endif()
+ cmake_push_check_state(RESET)
+ set(CMAKE_REQUIRED_INCLUDES ${QT_INCLUDES} ${Qt5Core_INCLUDE_DIRS})
+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${Qt5Core_EXECUTABLE_COMPILE_FLAGS}")
++
++if (USE_QT5 AND Qt5_POSITION_INDEPENDENT_CODE)
++    set(CMAKE_REQUIRED_FLAGS "-fPIC -DQT_NO_VERSION_TAGGING")
++endif()
++
+ check_cxx_source_compiles("
+     #include \"qglobal.h\"
+     #if defined QT_NO_SSL
+
diff --git a/gnu/packages/patches/rpm-CVE-2014-8118.patch b/gnu/packages/patches/rpm-CVE-2014-8118.patch
deleted file mode 100644
index 5fdb0f0eb2..0000000000
--- a/gnu/packages/patches/rpm-CVE-2014-8118.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Fix CVE-2014-8118 (integer overflow allowing arbitrary remote code
-execution via crafted CPIO header).
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118
-
-Source:
-https://bugzilla.redhat.com/attachment.cgi?id=962159&action=diff
-
-Adopted by Debian:
-http://anonscm.debian.org/cgit/collab-maint/rpm.git/plain/debian/patches/CVE-2014-8118.patch
-
-diff --git a/lib/cpio.c b/lib/cpio.c
-index 253ff0f..600633a 100644
---- a/lib/cpio.c
-+++ b/lib/cpio.c
-@@ -399,6 +399,9 @@ int rpmcpioHeaderRead(rpmcpio_t cpio, char ** path, int * fx)
- 
-     GET_NUM_FIELD(hdr.filesize, fsize);
-     GET_NUM_FIELD(hdr.namesize, nameSize);
-+    if (nameSize <= 0 || nameSize > 4096) {
-+        return RPMERR_BAD_HEADER;
-+    }
- 
-     char name[nameSize + 1];
-     read = Fread(name, nameSize, 1, cpio->fd);
diff --git a/gnu/packages/patches/ruby-puma-ignore-broken-test.patch b/gnu/packages/patches/ruby-puma-ignore-broken-test.patch
deleted file mode 100644
index 8961ffa4ca..0000000000
--- a/gnu/packages/patches/ruby-puma-ignore-broken-test.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/test/test_cli.rb b/test/test_cli.rb
-index 9c515c6..6bd439f 100644
---- a/test/test_cli.rb
-+++ b/test/test_cli.rb
-@@ -88,7 +88,7 @@ class TestCLI < Test::Unit::TestCase
-     s << "GET /stats HTTP/1.0\r\n\r\n"
-     body = s.read
- 
--    assert_match(/\{ "workers": 2, "phase": 0, "booted_workers": 0, "old_workers": 0, "worker_status": \[\{ "pid": \d+, "index": 0, "phase": 0, "booted": false, "last_checkin": "[^"]+", "last_status": \{\} \},\{ "pid": \d+, "index": 1, "phase": 0, "booted": false, "last_checkin": "[^"]+", "last_status": \{\} \}\] \}/, body.split("\r\n").last)
-+    #assert_match(/\{ "workers": 2, "phase": 0, "booted_workers": 0, "old_workers": 0, "worker_status": \[\{ "pid": \d+, "index": 0, "phase": 0, "booted": false, "last_checkin": "[^"]+", "last_status": \{\} \},\{ "pid": \d+, "index": 1, "phase": 0, "booted": false, "last_checkin": "[^"]+", "last_status": \{\} \}\] \}/, body.split("\r\n").last)
- 
-     # wait until the first status ping has come through
-     sleep 6
diff --git a/gnu/packages/patches/shishi-fix-libgcrypt-detection.patch b/gnu/packages/patches/shishi-fix-libgcrypt-detection.patch
new file mode 100644
index 0000000000..3db42feac9
--- /dev/null
+++ b/gnu/packages/patches/shishi-fix-libgcrypt-detection.patch
@@ -0,0 +1,32 @@
+Fix building of Shishi with libgcrypt 1.6 and later.
+
+Patch copied from Debian:
+
+https://anonscm.debian.org/cgit/collab-maint/shishi.git/tree/debian/patches/fix_gcrypt_detection.diff?id=948301ae648a542a408da250755aeed58a6e3542
+
+Description: Fix autoconf gnutls detection to also accept gcrypt 1.6.
+Author: Andreas Metzler <ametzler@debian.org>
+Bug-Debian: http://bugs.debian.org/753150
+Origin: vendor
+Forwarded: no
+Last-Update: 2014-07-18
+
+--- shishi-1.0.2.orig/gl/m4/gc.m4
++++ shishi-1.0.2/gl/m4/gc.m4
+@@ -12,10 +12,12 @@ AC_DEFUN([gl_GC],
+   if test "$libgcrypt" != no; then
+     AC_LIB_HAVE_LINKFLAGS([gcrypt], [gpg-error], [
+ #include <gcrypt.h>
+-/* GCRY_MODULE_ID_USER was added in 1.4.4 and gc-libgcrypt.c
+-   will fail on startup if we don't have 1.4.4 or later, so
+-   test for it early. */
+-#if !defined GCRY_MODULE_ID_USER
++/* gc-libgcrypt.c will fail on startup if we don't have libgcrypt 1.4.4 or
++   later, test for it early. by checking for either
++   - GCRY_MODULE_ID_USER which was added in 1.4.4 and dropped in 1.6 or
++   - GCRYPT_VERSION_NUMBER which was added in 1.6.
++   */
++#if !defined GCRY_MODULE_ID_USER && !defined GCRYPT_VERSION_NUMBER
+ error too old libgcrypt
+ #endif
+ ])
diff --git a/gnu/packages/patches/sooperlooper-build-with-wx-30.patch b/gnu/packages/patches/sooperlooper-build-with-wx-30.patch
new file mode 100644
index 0000000000..43f4b9be69
--- /dev/null
+++ b/gnu/packages/patches/sooperlooper-build-with-wx-30.patch
@@ -0,0 +1,179 @@
+Downloaded from https://anonscm.debian.org/cgit/pkg-multimedia/sooperlooper.git/plain/debian/patches/04-build_with_wx_30.patch -O gnu/packages/patches/sooperlooper-build-with-wx-30.patch
+
+Author: Jaromír Mikeš <mira.mikes@seznam.cz>, Olly Betts <olly@survex.com>
+Description: build against wx 3.0.
+Forwarded: yes
+
+Index: sooperlooper/src/gui/main_panel.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/main_panel.cpp
++++ sooperlooper/src/gui/main_panel.cpp
+@@ -448,7 +448,7 @@ MainPanel::init_loopers (int count)
+ 		while (count < (int)_looper_panels.size()) {
+ 			looperpan = _looper_panels.back();
+ 			_looper_panels.pop_back();
+-			_main_sizer->Remove(looperpan);
++			_main_sizer->Detach(looperpan);
+ 			looperpan->Destroy();
+ 		}
+ 	}
+@@ -1277,7 +1277,7 @@ void MainPanel::misc_action (bool releas
+ 		}
+ 
+ 
+-		wxString filename = do_file_selector (wxT("Choose file to save loop"), wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"),  wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT);
++		wxString filename = do_file_selector (wxT("Choose file to save loop"), wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"),  wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT);
+ 		
+ 		if ( !filename.empty() )
+ 		{
+@@ -1296,7 +1296,7 @@ void MainPanel::misc_action (bool releas
+ 			index = 0;
+ 		}
+ 
+-		wxString filename = do_file_selector (wxT("Choose file to open"), wxT(""), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR);
++		wxString filename = do_file_selector (wxT("Choose file to open"), wxT(""), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR);
+ 		
+ 		if ( !filename.empty() )
+ 		{
+@@ -1408,7 +1408,7 @@ void MainPanel::set_curr_loop (int index
+ 
+ void MainPanel::do_load_session ()
+ {
+-	wxString filename = do_file_selector (wxT("Choose session to load"), wxT("*.slsess"), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR);
++	wxString filename = do_file_selector (wxT("Choose session to load"), wxT("*.slsess"), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR);
+ 	
+ 	if ( !filename.empty() )
+ 	{
+@@ -1419,7 +1419,7 @@ void MainPanel::do_load_session ()
+ 
+ void MainPanel::do_save_session (bool write_audio)
+ {
+-	wxString filename = do_file_selector (wxT("Choose file to save session"), wxT("slsess"), wxT("*.slsess"), wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT);
++	wxString filename = do_file_selector (wxT("Choose file to save session"), wxT("slsess"), wxT("*.slsess"), wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT);
+ 	
+ 	if ( !filename.empty() )
+ 	{
+Index: sooperlooper/src/gui/pix_button.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/pix_button.cpp
++++ sooperlooper/src/gui/pix_button.cpp
+@@ -250,7 +250,7 @@ PixButton::OnMouseEvents (wxMouseEvent &
+ 		pt.x += bounds.x;
+ 		pt.y += bounds.y;
+ 
+-		if (bounds.Inside(pt)) {
++		if (bounds.Contains(pt)) {
+ 			clicked (get_mouse_button(ev)); // emit
+ 
+ 			if (ev.MiddleUp() && ev.ControlDown()) {
+Index: sooperlooper/src/gui/looper_panel.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/looper_panel.cpp
++++ sooperlooper/src/gui/looper_panel.cpp
+@@ -1428,7 +1428,7 @@ LooperPanel::clicked_events (int button,
+ 	if (cmd == wxT("save"))
+ 	{
+ 		wxString filename = _mainpanel->do_file_selector (wxT("Choose file to save loop"),
+-											      wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"),  wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT);
++											      wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"),  wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT);
+ 		
+ 		if ( !filename.empty() )
+ 		{
+@@ -1442,7 +1442,7 @@ LooperPanel::clicked_events (int button,
+ 	}
+ 	else if (cmd == wxT("load"))
+ 	{
+-		wxString filename = _mainpanel->do_file_selector(wxT("Choose file to open"), wxT(""), wxT("Audio files (*.wav,*.aif)|*.wav;*.WAV;*.Wav;*.aif;*.aiff;*.AIF;*.AIFF|All files (*.*)|*.*"), wxOPEN|wxCHANGE_DIR);
++		wxString filename = _mainpanel->do_file_selector(wxT("Choose file to open"), wxT(""), wxT("Audio files (*.wav,*.aif)|*.wav;*.WAV;*.Wav;*.aif;*.aiff;*.AIF;*.AIFF|All files (*.*)|*.*"), wxFD_OPEN|wxFD_CHANGE_DIR);
+ 		
+ 		if ( !filename.empty() )
+ 		{
+Index: sooperlooper/src/gui/keyboard_target.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/keyboard_target.cpp
++++ sooperlooper/src/gui/keyboard_target.cpp
+@@ -553,10 +553,10 @@ KeyboardTarget::keycode_from_name (const
+                         keycode = WXK_RETURN;
+                     }
+                     else if ( keyname == wxT("PGUP") ) {
+-                        keycode = WXK_PRIOR;
++                        keycode = WXK_PAGEUP;
+                     }
+                     else if ( keyname == wxT("PGDN") ) {
+-                        keycode = WXK_NEXT;
++                        keycode = WXK_PAGEDOWN;
+                     }
+                     else if ( keyname == wxT("LEFT") ) {
+                         keycode = WXK_LEFT;
+@@ -630,10 +630,10 @@ wxString KeyboardTarget::name_from_keyco
+ 	case WXK_RETURN:
+ 		text += wxT("return");
+ 		break;
+-	case WXK_PRIOR:
++	case WXK_PAGEUP:
+ 		text += wxT("pageup");
+ 		break;
+-	case WXK_NEXT:
++	case WXK_PAGEDOWN:
+ 		text += wxT("pagedown");
+ 		break;
+ 	case WXK_LEFT:
+Index: sooperlooper/src/gui/check_box.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/check_box.cpp
++++ sooperlooper/src/gui/check_box.cpp
+@@ -237,7 +237,7 @@ CheckBox::OnMouseEvents (wxMouseEvent &e
+ 	}
+ 	else if (ev.LeftUp())
+ 	{
+-		if (bounds.Inside(ev.GetPosition())) {
++		if (bounds.Contains(ev.GetPosition())) {
+ 			// toggle value
+ 			_value = !_value;
+ 		
+Index: sooperlooper/src/gui/midi_bind_panel.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/midi_bind_panel.cpp
++++ sooperlooper/src/gui/midi_bind_panel.cpp
+@@ -880,7 +880,7 @@ void MidiBindPanel::on_button (wxCommand
+ 	}
+ 	else if (ev.GetId() == ID_LoadButton)
+ 	{
+-		wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to open"), wxT(""), wxT("*.slb"), wxOPEN|wxCHANGE_DIR);
++		wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to open"), wxT(""), wxT("*.slb"), wxFD_OPEN|wxFD_CHANGE_DIR);
+ 		if ( !filename.empty() )
+ 		{
+ 			_parent->get_loop_control().load_midi_bindings(filename,  _append_check->GetValue());
+@@ -888,7 +888,7 @@ void MidiBindPanel::on_button (wxCommand
+ 	}
+ 	else if (ev.GetId() == ID_SaveButton)
+ 	{
+-		wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to save"), wxT(""), wxT("*.slb"), wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT);
++		wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to save"), wxT(""), wxT("*.slb"), wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT);
+ 
+ 		if ( !filename.empty() )
+ 		{
+Index: sooperlooper/src/gui/config_panel.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/config_panel.cpp
++++ sooperlooper/src/gui/config_panel.cpp
+@@ -378,7 +378,7 @@ void ConfigPanel::on_button (wxCommandEv
+ 	else if (ev.GetId() == ID_MidiBrowseButton) {
+ 		
+ 		_parent->get_keyboard().set_enabled(false);
+-		wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to use"), wxT(""), wxT("*.slb"), wxOPEN|wxCHANGE_DIR);
++		wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to use"), wxT(""), wxT("*.slb"), wxFD_OPEN|wxFD_CHANGE_DIR);
+ 		_parent->get_keyboard().set_enabled(true);
+ 		
+ 		if ( !filename.empty() )
+@@ -389,8 +389,8 @@ void ConfigPanel::on_button (wxCommandEv
+ 	else if (ev.GetId() == ID_SessionBrowseButton) {
+ 		
+ 		_parent->get_keyboard().set_enabled(false);
+-		wxString filename = _parent->do_file_selector(wxT("Choose session file to use"), wxT(""), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR);
+-		//wxString filename = wxFileSelector(wxT("Choose session file to use"), wxT(""), wxT(""), wxT(""), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR);
++		wxString filename = _parent->do_file_selector(wxT("Choose session file to use"), wxT(""), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR);
++		//wxString filename = wxFileSelector(wxT("Choose session file to use"), wxT(""), wxT(""), wxT(""), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR);
+ 		_parent->get_keyboard().set_enabled(true);
+ 		
+ 		if ( !filename.empty() )
diff --git a/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch b/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch
new file mode 100644
index 0000000000..db3c56861b
--- /dev/null
+++ b/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch
@@ -0,0 +1,42 @@
+https://github.com/supertuxkart/stk-code/commit/5e05f1178ce6bc5f3a653b55ab3dc6d016196341.patch
+
+From 5e05f1178ce6bc5f3a653b55ab3dc6d016196341 Mon Sep 17 00:00:00 2001
+From: Deve <deveee@gmail.com>
+Date: Mon, 3 Oct 2016 23:26:09 +0200
+Subject: [PATCH] Fixed compiler error on Linux with non-x86 64bit platforms,
+ e.g. arm64, mips, and s390x architectures
+
+This modification is already applied in upstream angelscript repository:
+https://sourceforge.net/p/angelscript/code/2353/
+
+Thanks to Adrian Bunk and Andreas Jonsson
+---
+ lib/angelscript/projects/cmake/CMakeLists.txt | 1 +
+ lib/angelscript/source/as_config.h            | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/angelscript/projects/cmake/CMakeLists.txt b/lib/angelscript/projects/cmake/CMakeLists.txt
+index e93971315e..755d8378c3 100644
+--- a/lib/angelscript/projects/cmake/CMakeLists.txt
++++ b/lib/angelscript/projects/cmake/CMakeLists.txt
+@@ -67,6 +67,7 @@ set(ANGELSCRIPT_SOURCE
+     ../../source/as_builder.cpp
+     ../../source/as_bytecode.cpp
+     ../../source/as_callfunc.cpp
++    ../../source/as_callfunc_mips.cpp
+     ../../source/as_callfunc_x86.cpp
+     ../../source/as_callfunc_x64_gcc.cpp
+     ../../source/as_callfunc_x64_msvc.cpp
+diff --git a/lib/angelscript/source/as_config.h b/lib/angelscript/source/as_config.h
+index cb05bffbd5..5bb5b8e800 100644
+--- a/lib/angelscript/source/as_config.h
++++ b/lib/angelscript/source/as_config.h
+@@ -844,7 +844,7 @@
+ 			#define THISCALL_PASS_OBJECT_POINTER_ON_THE_STACK
+ 			#define AS_X86
+ 			#undef AS_NO_THISCALL_FUNCTOR_METHOD
+-		#elif defined(__LP64__) && !defined(__arm64__)
++		#elif defined(__x86_64__)
+ 			#define AS_X64_GCC
+ 			#undef AS_NO_THISCALL_FUNCTOR_METHOD
+ 			#define HAS_128_BIT_PRIMITIVES
diff --git a/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch b/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch
deleted file mode 100644
index 3a9ae993f6..0000000000
--- a/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Fix CVE-2016-10243:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10243
-
-Patch adapted from upstream commit:
-
-https://www.tug.org/svn/texlive?view=revision&revision=42605
-
---- trunk/Master/texmf-dist/web2c/texmf.cnf	2016/11/29 23:10:33	42604
-+++ trunk/Master/texmf-dist/web2c/texmf.cnf	2016/11/29 23:27:53	42605
-@@ -568,7 +568,6 @@ extractbb,\
- gregorio,\
- kpsewhich,\
- makeindex,\
--mpost,\
- repstopdf,\
- 
- % we'd like to allow:
diff --git a/gnu/packages/patches/vinagre-revert-1.patch b/gnu/packages/patches/vinagre-revert-1.patch
new file mode 100644
index 0000000000..5a983770b7
--- /dev/null
+++ b/gnu/packages/patches/vinagre-revert-1.patch
@@ -0,0 +1,56 @@
+Patch taken from Debian: revert changes that prevent building against freerdp
+version 1.1 branch.
+
+From 8ebc0685b85e0d1f70eb00171f2e7712de3d44bd Mon Sep 17 00:00:00 2001
+From: Michael Biebl <biebl@debian.org>
+Date: Thu, 22 Sep 2016 01:15:55 +0200
+Subject: [PATCH 1/2] Revert "Improve FreeRDP authentication failure handling"
+
+This reverts commit d7b4f88943e8615d252d27e1efc58cb64a9e1821.
+---
+ plugins/rdp/vinagre-rdp-tab.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/plugins/rdp/vinagre-rdp-tab.c b/plugins/rdp/vinagre-rdp-tab.c
+index b731f9b..8572bc3 100644
+--- a/plugins/rdp/vinagre-rdp-tab.c
++++ b/plugins/rdp/vinagre-rdp-tab.c
+@@ -1195,8 +1195,8 @@ open_freerdp (VinagreRdpTab *rdp_tab)
+   VinagreTab           *tab = VINAGRE_TAB (rdp_tab);
+   GtkWindow            *window = GTK_WINDOW (vinagre_tab_get_window (tab));
+   gboolean              success = TRUE;
++  gboolean              authentication_error = FALSE;
+   gboolean              cancelled = FALSE;
+-  guint                 authentication_errors = 0;
+ 
+   priv->events = g_queue_new ();
+ 
+@@ -1205,12 +1205,14 @@ open_freerdp (VinagreRdpTab *rdp_tab)
+ 
+   do
+     {
++      authentication_error = FALSE;
++
+       /* Run FreeRDP session */
+       success = freerdp_connect (priv->freerdp_session);
+       if (!success)
+         {
+-          authentication_errors += freerdp_get_last_error (priv->freerdp_session->context) == 0x20009 ||
+-                                   freerdp_get_last_error (priv->freerdp_session->context) == 0x2000c;
++          authentication_error = freerdp_get_last_error (priv->freerdp_session->context) == 0x20009 ||
++                                 freerdp_get_last_error (priv->freerdp_session->context) == 0x2000c;
+ 
+           cancelled = freerdp_get_last_error (priv->freerdp_session->context) == 0x2000b;
+ 
+@@ -1218,7 +1220,7 @@ open_freerdp (VinagreRdpTab *rdp_tab)
+           init_freerdp (rdp_tab);
+         }
+     }
+-  while (!success && authentication_errors < 3);
++  while (!success && authentication_error);
+ 
+   if (!success)
+     {
+-- 
+2.9.3
+
diff --git a/gnu/packages/patches/vinagre-revert-2.patch b/gnu/packages/patches/vinagre-revert-2.patch
new file mode 100644
index 0000000000..686ee203e4
--- /dev/null
+++ b/gnu/packages/patches/vinagre-revert-2.patch
@@ -0,0 +1,448 @@
+Patch taken from Debian: revert changes that prevent building against freerdp
+version 1.1 branch.
+
+From bb1828b6b7eb29bb037bcc687cf10f916ddc7561 Mon Sep 17 00:00:00 2001
+From: Michael Biebl <biebl@debian.org>
+Date: Thu, 22 Sep 2016 01:18:16 +0200
+Subject: [PATCH 2/2] Revert "Store credentials for RDP"
+
+This reverts commit 60dea279a24c7f0e398b89a0a60d45e80087ed1d.
+---
+ plugins/rdp/vinagre-rdp-connection.c |  22 +---
+ plugins/rdp/vinagre-rdp-plugin.c     |  29 +----
+ plugins/rdp/vinagre-rdp-tab.c        | 231 +++++++++++++++++------------------
+ 3 files changed, 123 insertions(+), 159 deletions(-)
+
+diff --git a/plugins/rdp/vinagre-rdp-connection.c b/plugins/rdp/vinagre-rdp-connection.c
+index f0ff02b..c5f6ed1 100644
+--- a/plugins/rdp/vinagre-rdp-connection.c
++++ b/plugins/rdp/vinagre-rdp-connection.c
+@@ -127,25 +127,9 @@ rdp_parse_item (VinagreConnection *conn, xmlNode *root)
+ static void
+ rdp_parse_options_widget (VinagreConnection *conn, GtkWidget *widget)
+ {
+-  const gchar *text;
+-  GtkWidget   *u_entry, *d_entry, *spin_button, *scaling_button;
+-  gboolean     scaling;
+-  guint        width, height;
+-
+-  d_entry = g_object_get_data (G_OBJECT (widget), "domain_entry");
+-  if (!d_entry)
+-    {
+-      g_warning ("Wrong widget passed to rdp_parse_options_widget()");
+-      return;
+-    }
+-
+-  text = gtk_entry_get_text (GTK_ENTRY (d_entry));
+-  vinagre_cache_prefs_set_string  ("rdp-connection", "domain", text);
+-
+-  g_object_set (conn,
+-		"domain", text != NULL && *text != '\0' ? text : NULL,
+-		NULL);
+-
++  GtkWidget *u_entry, *spin_button, *scaling_button;
++  gboolean   scaling;
++  guint      width, height;
+ 
+   u_entry = g_object_get_data (G_OBJECT (widget), "username_entry");
+   if (!u_entry)
+diff --git a/plugins/rdp/vinagre-rdp-plugin.c b/plugins/rdp/vinagre-rdp-plugin.c
+index 4751102..f41da37 100644
+--- a/plugins/rdp/vinagre-rdp-plugin.c
++++ b/plugins/rdp/vinagre-rdp-plugin.c
+@@ -100,7 +100,7 @@ vinagre_rdp_plugin_init (VinagreRdpPlugin *plugin)
+ static GtkWidget *
+ impl_get_connect_widget (VinagreProtocol *plugin, VinagreConnection *conn)
+ {
+-  GtkWidget *grid, *label, *u_entry, *d_entry, *spin_button, *check;
++  GtkWidget *grid, *label, *u_entry, *spin_button, *check;
+   gchar     *str;
+   gint       width, height;
+ 
+@@ -146,29 +146,10 @@ impl_get_connect_widget (VinagreProtocol *plugin, VinagreConnection *conn)
+   g_free (str);
+ 
+ 
+-  label = gtk_label_new_with_mnemonic (_("_Domain:"));
+-  gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.5);
+-  gtk_grid_attach (GTK_GRID (grid), label, 0, 3, 1, 1);
+-  gtk_widget_set_margin_left (label, 12);
+-
+-  d_entry = gtk_entry_new ();
+-  /* Translators: This is the tooltip for the domain field in a RDP connection */
+-  gtk_widget_set_tooltip_text (d_entry, _("Optional."));
+-  g_object_set_data (G_OBJECT (grid), "domain_entry", d_entry);
+-  gtk_grid_attach (GTK_GRID (grid), d_entry, 1, 3, 1, 1);
+-  gtk_label_set_mnemonic_widget (GTK_LABEL (label), d_entry);
+-  str = g_strdup (VINAGRE_IS_CONNECTION (conn) ?
+-		  vinagre_connection_get_domain (conn) :
+-		  vinagre_cache_prefs_get_string  ("rdp-connection", "domain", ""));
+-  gtk_entry_set_text (GTK_ENTRY (d_entry), str);
+-  gtk_entry_set_activates_default (GTK_ENTRY (d_entry), TRUE);
+-  g_free (str);
+-
+-
+   /* Host width */
+   label = gtk_label_new_with_mnemonic (_("_Width:"));
+   gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.5);
+-  gtk_grid_attach (GTK_GRID (grid), label, 0, 4, 1, 1);
++  gtk_grid_attach (GTK_GRID (grid), label, 0, 3, 1, 1);
+   gtk_widget_set_margin_left (label, 12);
+ 
+   spin_button = gtk_spin_button_new_with_range (MIN_SIZE, MAX_SIZE, 1);
+@@ -176,7 +157,7 @@ impl_get_connect_widget (VinagreProtocol *plugin, VinagreConnection *conn)
+   gtk_widget_set_tooltip_text (spin_button, _("Set width of the remote desktop"));
+   gtk_spin_button_set_value (GTK_SPIN_BUTTON (spin_button), DEFAULT_WIDTH);
+   g_object_set_data (G_OBJECT (grid), "width_spin_button", spin_button);
+-  gtk_grid_attach (GTK_GRID (grid), spin_button, 1, 4, 1, 1);
++  gtk_grid_attach (GTK_GRID (grid), spin_button, 1, 3, 1, 1);
+   gtk_label_set_mnemonic_widget (GTK_LABEL (label), spin_button);
+   width = VINAGRE_IS_CONNECTION (conn) ?
+           vinagre_connection_get_width (conn) :
+@@ -188,7 +169,7 @@ impl_get_connect_widget (VinagreProtocol *plugin, VinagreConnection *conn)
+   /* Host height */
+   label = gtk_label_new_with_mnemonic (_("_Height:"));
+   gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.5);
+-  gtk_grid_attach (GTK_GRID (grid), label, 0, 5, 1, 1);
++  gtk_grid_attach (GTK_GRID (grid), label, 0, 4, 1, 1);
+   gtk_widget_set_margin_left (label, 12);
+ 
+   spin_button = gtk_spin_button_new_with_range (MIN_SIZE, MAX_SIZE, 1);
+@@ -196,7 +177,7 @@ impl_get_connect_widget (VinagreProtocol *plugin, VinagreConnection *conn)
+   gtk_widget_set_tooltip_text (spin_button, _("Set height of the remote desktop"));
+   gtk_spin_button_set_value (GTK_SPIN_BUTTON (spin_button), DEFAULT_HEIGHT);
+   g_object_set_data (G_OBJECT (grid), "height_spin_button", spin_button);
+-  gtk_grid_attach (GTK_GRID (grid), spin_button, 1, 5, 1, 1);
++  gtk_grid_attach (GTK_GRID (grid), spin_button, 1, 4, 1, 1);
+   gtk_label_set_mnemonic_widget (GTK_LABEL (label), spin_button);
+   height = VINAGRE_IS_CONNECTION (conn) ?
+            vinagre_connection_get_height (conn) :
+diff --git a/plugins/rdp/vinagre-rdp-tab.c b/plugins/rdp/vinagre-rdp-tab.c
+index 8572bc3..f3d9c08 100644
+--- a/plugins/rdp/vinagre-rdp-tab.c
++++ b/plugins/rdp/vinagre-rdp-tab.c
+@@ -70,8 +70,6 @@ struct _VinagreRdpTabPrivate
+   gboolean         scaling;
+   double           scale;
+   double           offset_x, offset_y;
+-
+-  guint            authentication_attempts;
+ };
+ 
+ G_DEFINE_TYPE (VinagreRdpTab, vinagre_rdp_tab, VINAGRE_TYPE_TAB)
+@@ -611,7 +609,6 @@ frdp_post_connect (freerdp *instance)
+                               0, 0,
+                               gdi->width, gdi->height);
+ 
+-  vinagre_tab_save_credentials_in_keyring (VINAGRE_TAB (rdp_tab));
+   vinagre_tab_add_recent_used (VINAGRE_TAB (rdp_tab));
+   vinagre_tab_set_state (VINAGRE_TAB (rdp_tab), VINAGRE_TAB_STATE_CONNECTED);
+ 
+@@ -862,76 +859,114 @@ frdp_mouse_moved (GtkWidget      *widget,
+   return TRUE;
+ }
+ 
++static void
++entry_text_changed_cb (GtkEntry   *entry,
++                       GtkBuilder *builder)
++{
++  const gchar *text;
++  GtkWidget   *widget;
++  gsize        username_length;
++  gsize        password_length;
++
++  widget = GTK_WIDGET (gtk_builder_get_object (builder, "username_entry"));
++  text = gtk_entry_get_text (GTK_ENTRY (widget));
++  username_length = strlen (text);
++
++  widget = GTK_WIDGET (gtk_builder_get_object (builder, "password_entry"));
++  text = gtk_entry_get_text (GTK_ENTRY (widget));
++  password_length = strlen (text);
++
++  widget = GTK_WIDGET (gtk_builder_get_object (builder, "ok_button"));
++  gtk_widget_set_sensitive (widget, password_length > 0 && username_length > 0);
++}
++
+ static gboolean
+ frdp_authenticate (freerdp  *instance,
+                    char    **username,
+                    char    **password,
+                    char    **domain)
+ {
+-  VinagreTab           *tab = VINAGRE_TAB (((frdpContext *) instance->context)->rdp_tab);
+-  VinagreRdpTab        *rdp_tab = VINAGRE_RDP_TAB (tab);
+-  VinagreRdpTabPrivate *priv = rdp_tab->priv;
+-  VinagreConnection    *conn = vinagre_tab_get_conn (tab);
+-  GtkWindow            *window = GTK_WINDOW (vinagre_tab_get_window (tab));
+-  gboolean              save_in_keyring = FALSE;
+-  gchar                *keyring_domain = NULL;
+-  gchar                *keyring_username = NULL;
+-  gchar                *keyring_password = NULL;
++  VinagreTab        *tab = VINAGRE_TAB (((frdpContext *) instance->context)->rdp_tab);
++  VinagreConnection *conn = vinagre_tab_get_conn (tab);
++  const gchar       *user_name;
++  const gchar       *domain_name;
++  GtkBuilder        *builder;
++  GtkWidget         *dialog;
++  GtkWidget         *widget;
++  GtkWidget         *username_entry;
++  GtkWidget         *password_entry;
++  GtkWidget         *domain_entry;
++  gboolean           save_credential_check_visible;
++  gboolean           domain_label_visible;
++  gboolean           domain_entry_visible;
++  gint               response;
+ 
+-  priv->authentication_attempts++;
++  builder = vinagre_utils_get_builder ();
+ 
+-  if (priv->authentication_attempts == 1)
+-    {
+-      vinagre_tab_find_credentials_in_keyring (tab, &keyring_domain, &keyring_username, &keyring_password);
+-      if (keyring_password != NULL && keyring_username != NULL)
+-        {
+-          *domain = keyring_domain;
+-          *username = keyring_username;
+-          *password = keyring_password;
++  dialog = GTK_WIDGET (gtk_builder_get_object (builder, "auth_required_dialog"));
++  gtk_window_set_modal ((GtkWindow *) dialog, TRUE);
++  gtk_window_set_transient_for ((GtkWindow *) dialog, GTK_WINDOW (vinagre_tab_get_window (tab)));
+ 
+-          return TRUE;
+-        }
+-      else
+-        {
+-          g_free (keyring_domain);
+-          g_free (keyring_username);
+-          g_free (keyring_password);
+-        }
++  widget = GTK_WIDGET (gtk_builder_get_object (builder, "host_label"));
++  gtk_label_set_text (GTK_LABEL (widget), vinagre_connection_get_host (conn));
++
++  username_entry = GTK_WIDGET (gtk_builder_get_object (builder, "username_entry"));
++  password_entry = GTK_WIDGET (gtk_builder_get_object (builder, "password_entry"));
++  domain_entry = GTK_WIDGET (gtk_builder_get_object (builder, "domain_entry"));
++
++  if (*username != NULL && *username[0] != '\0')
++    {
++      gtk_entry_set_text (GTK_ENTRY (username_entry), *username);
++      gtk_widget_grab_focus (password_entry);
+     }
+ 
+-  if (vinagre_utils_request_credential (window,
+-                                        "RDP",
+-                                        vinagre_connection_get_host (conn),
+-                                        vinagre_connection_get_domain (conn),
+-                                        vinagre_connection_get_username (conn),
+-                                        TRUE,
+-                                        TRUE,
+-                                        TRUE,
+-                                        20,
+-                                        domain,
+-                                        username,
+-                                        password,
+-                                        &save_in_keyring))
++  g_signal_connect (username_entry, "changed", G_CALLBACK (entry_text_changed_cb), builder);
++  g_signal_connect (password_entry, "changed", G_CALLBACK (entry_text_changed_cb), builder);
++
++
++  widget = GTK_WIDGET (gtk_builder_get_object (builder, "save_credential_check"));
++  save_credential_check_visible = gtk_widget_get_visible (widget);
++  gtk_widget_set_visible (widget, FALSE);
++
++  widget = GTK_WIDGET (gtk_builder_get_object (builder, "domain_label"));
++  domain_label_visible = gtk_widget_get_visible (widget);
++  gtk_widget_set_visible (widget, TRUE);
++
++  domain_entry_visible = gtk_widget_get_visible (domain_entry);
++  gtk_widget_set_visible (domain_entry, TRUE);
++
++
++  response = gtk_dialog_run (GTK_DIALOG (dialog));
++  gtk_widget_hide (dialog);
++
++
++  widget = GTK_WIDGET (gtk_builder_get_object (builder, "save_credential_check"));
++  gtk_widget_set_visible (widget, save_credential_check_visible);
++
++  widget = GTK_WIDGET (gtk_builder_get_object (builder, "domain_label"));
++  gtk_widget_set_visible (widget, domain_label_visible);
++
++  gtk_widget_set_visible (domain_entry, domain_entry_visible);
++
++
++  if (response == GTK_RESPONSE_OK)
+     {
+-      if (*domain && **domain != '\0')
+-        vinagre_connection_set_domain (conn, *domain);
++      domain_name = gtk_entry_get_text (GTK_ENTRY (domain_entry));
++      if (g_strcmp0 (*domain, domain_name) != 0)
++        *domain = g_strdup (domain_name);
+ 
+-      if (*username && **username != '\0')
+-        vinagre_connection_set_username (conn, *username);
++      user_name = gtk_entry_get_text (GTK_ENTRY (username_entry));
++      if (g_strcmp0 (*username, user_name) != 0)
++        *username = g_strdup (user_name);
+ 
+-      if (*password && **password != '\0')
+-        vinagre_connection_set_password (conn, *password);
++      *password = g_strdup (gtk_entry_get_text (GTK_ENTRY (password_entry)));
+ 
+-      vinagre_tab_set_save_credentials (tab, save_in_keyring);
++      return TRUE;
+     }
+   else
+     {
+-      vinagre_tab_remove_from_notebook (tab);
+-
+       return FALSE;
+     }
+-
+-  return TRUE;
+ }
+ 
+ static BOOL
+@@ -1028,25 +1063,30 @@ frdp_changed_certificate_verify (freerdp *instance,
+ #endif
+ 
+ static void
+-init_freerdp (VinagreRdpTab *rdp_tab)
++open_freerdp (VinagreRdpTab *rdp_tab)
+ {
+   VinagreRdpTabPrivate *priv = rdp_tab->priv;
+-  rdpSettings          *settings;
+   VinagreTab           *tab = VINAGRE_TAB (rdp_tab);
+   VinagreConnection    *conn = vinagre_tab_get_conn (tab);
+-  gboolean              scaling;
+-  gchar                *hostname;
+-  gint                  width, height;
+-  gint                  port;
++  rdpSettings          *settings;
++  GtkWindow            *window = GTK_WINDOW (vinagre_tab_get_window (tab));
++  gboolean              success = TRUE;
++  gboolean              fullscreen, scaling;
++  gchar                *hostname, *username;
++  gint                  port, width, height;
+ 
+   g_object_get (conn,
+                 "port", &port,
+                 "host", &hostname,
+                 "width", &width,
+                 "height", &height,
++                "fullscreen", &fullscreen,
+                 "scaling", &scaling,
++                "username", &username,
+                 NULL);
+ 
++  priv->events = g_queue_new ();
++
+   /* Setup FreeRDP session */
+   priv->freerdp_session = freerdp_new ();
+   priv->freerdp_session->PreConnect = frdp_pre_connect;
+@@ -1111,6 +1151,17 @@ init_freerdp (VinagreRdpTab *rdp_tab)
+   settings->port = port;
+ #endif
+ 
++  /* Set username */
++  username = g_strstrip (username);
++  if (username != NULL && username[0] != '\0')
++    {
++#if HAVE_FREERDP_1_1
++      settings->Username = g_strdup (username);
++#else
++      settings->username = g_strdup (username);
++#endif
++    }
++
+   /* Set keyboard layout */
+ #if HAVE_FREERDP_1_1
+   freerdp_keyboard_init (KBD_US);
+@@ -1120,24 +1171,6 @@ init_freerdp (VinagreRdpTab *rdp_tab)
+ 
+   /* Allow font smoothing by default */
+   settings->AllowFontSmoothing = TRUE;
+-}
+-
+-static void
+-init_display (VinagreRdpTab *rdp_tab)
+-{
+-  VinagreRdpTabPrivate *priv = rdp_tab->priv;
+-  VinagreTab           *tab = VINAGRE_TAB (rdp_tab);
+-  VinagreConnection    *conn = vinagre_tab_get_conn (tab);
+-  GtkWindow            *window = GTK_WINDOW (vinagre_tab_get_window (tab));
+-  gboolean              fullscreen, scaling;
+-  gint                  width, height;
+-
+-  g_object_get (conn,
+-                "width", &width,
+-                "height", &height,
+-                "fullscreen", &fullscreen,
+-                "scaling", &scaling,
+-                NULL);
+ 
+   /* Setup display for FreeRDP session */
+   priv->display = gtk_drawing_area_new ();
+@@ -1186,54 +1219,20 @@ init_display (VinagreRdpTab *rdp_tab)
+   priv->key_release_handler_id = g_signal_connect (GTK_WIDGET (tab), "key-release-event",
+                                                    G_CALLBACK (frdp_key_pressed),
+                                                    rdp_tab);
+-}
+-
+-static void
+-open_freerdp (VinagreRdpTab *rdp_tab)
+-{
+-  VinagreRdpTabPrivate *priv = rdp_tab->priv;
+-  VinagreTab           *tab = VINAGRE_TAB (rdp_tab);
+-  GtkWindow            *window = GTK_WINDOW (vinagre_tab_get_window (tab));
+-  gboolean              success = TRUE;
+-  gboolean              authentication_error = FALSE;
+-  gboolean              cancelled = FALSE;
+-
+-  priv->events = g_queue_new ();
+-
+-  init_freerdp (rdp_tab);
+-  init_display (rdp_tab);
+-
+-  do
+-    {
+-      authentication_error = FALSE;
+ 
+-      /* Run FreeRDP session */
+-      success = freerdp_connect (priv->freerdp_session);
+-      if (!success)
+-        {
+-          authentication_error = freerdp_get_last_error (priv->freerdp_session->context) == 0x20009 ||
+-                                 freerdp_get_last_error (priv->freerdp_session->context) == 0x2000c;
+-
+-          cancelled = freerdp_get_last_error (priv->freerdp_session->context) == 0x2000b;
+-
+-          freerdp_free (priv->freerdp_session);
+-          init_freerdp (rdp_tab);
+-        }
+-    }
+-  while (!success && authentication_error);
++  /* Run FreeRDP session */
++  success = freerdp_connect (priv->freerdp_session);
+ 
+   if (!success)
+     {
+       gtk_window_unfullscreen (window);
+-      if (!cancelled)
+-        vinagre_utils_show_error_dialog (_("Error connecting to host."),
+-                                         NULL,
+-                                         window);
++      vinagre_utils_show_error_dialog (_("Error connecting to host."),
++                                       NULL,
++                                       window);
+       g_idle_add ((GSourceFunc) idle_close, rdp_tab);
+     }
+   else
+     {
+-      priv->authentication_attempts = 0;
+       priv->update_id = g_idle_add ((GSourceFunc) update, rdp_tab);
+     }
+ }
+-- 
+2.9.3
+
diff --git a/gnu/packages/patches/wget-perl-5.26.patch b/gnu/packages/patches/wget-perl-5.26.patch
new file mode 100644
index 0000000000..ee3a984daa
--- /dev/null
+++ b/gnu/packages/patches/wget-perl-5.26.patch
@@ -0,0 +1,96 @@
+This upstream commit adjusts tests for Perl 5.26.
+
+commit 7ffe93cabb181f39ad5091c31ab9f61bd940a55f
+Author: Anton Yuzhaninov <citrin+github@citrin.ru>
+Date:   Wed Apr 5 19:06:42 2017 +0300
+
+    Fix perl warnings in tests
+    
+    * tests/FTPServer.pm: Escape '{' in RE to fix warnings
+    * tests/FTPTest.pm: Likewise
+    * tests/HTTPServer.pm: Likewise
+    * tests/HTTPTest.pm: Likewise
+    * tests/Test-proxied-https-auth-keepalive.px: Likewise
+    * tests/Test-proxied-https-auth.px: Likewise
+    Escape '{' in RE to fix warnings:
+    Unescaped left brace in regex is deprecated, passed through in regex;
+    marked by <-- HERE in m/{{ <-- HERE port}}/
+
+diff --git a/tests/FTPServer.pm b/tests/FTPServer.pm
+index a5185d66..cac80942 100644
+--- a/tests/FTPServer.pm
++++ b/tests/FTPServer.pm
+@@ -589,7 +589,7 @@ sub new
+     foreach my $file (keys %{$self->{_input}})
+     {
+         my $ref = \$self->{_input}{$file}{content};
+-        $$ref =~ s/{{port}}/$self->sockport/eg;
++        $$ref =~ s/\Q{{port}}/$self->sockport/eg;
+     }
+ 
+     return $self;
+diff --git a/tests/FTPTest.pm b/tests/FTPTest.pm
+index 50385ad0..0a1c768c 100644
+--- a/tests/FTPTest.pm
++++ b/tests/FTPTest.pm
+@@ -53,7 +53,7 @@ sub _substitute_port
+ {
+     my $self = shift;
+     my $ret  = shift;
+-    $ret =~ s/{{port}}/$self->{_server}->sockport/eg;
++    $ret =~ s/\Q{{port}}/$self->{_server}->sockport/eg;
+     return $ret;
+ }
+ 
+diff --git a/tests/HTTPServer.pm b/tests/HTTPServer.pm
+index dd8ec043..78609f65 100644
+--- a/tests/HTTPServer.pm
++++ b/tests/HTTPServer.pm
+@@ -310,7 +310,7 @@ sub _substitute_port
+ {
+     my $self = shift;
+     my $ret  = shift;
+-    $ret =~ s/{{port}}/$self->sockport/eg;
++    $ret =~ s/\Q{{port}}/$self->sockport/eg;
+     return $ret;
+ }
+ 
+diff --git a/tests/HTTPTest.pm b/tests/HTTPTest.pm
+index 00f079f8..6225c7f1 100644
+--- a/tests/HTTPTest.pm
++++ b/tests/HTTPTest.pm
+@@ -47,7 +47,7 @@ sub _substitute_port
+ {
+     my $self = shift;
+     my $ret  = shift;
+-    $ret =~ s/{{port}}/$self->{_server}->sockport/eg;
++    $ret =~ s/\Q{{port}}/$self->{_server}->sockport/eg;
+     return $ret;
+ }
+ 
+diff --git a/tests/Test-proxied-https-auth-keepalive.px b/tests/Test-proxied-https-auth-keepalive.px
+index 049bebec..2a18ccfd 100755
+--- a/tests/Test-proxied-https-auth-keepalive.px
++++ b/tests/Test-proxied-https-auth-keepalive.px
+@@ -153,7 +153,7 @@ my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee"
+     . " --password=Dodgson -e https_proxy=localhost:{{port}}"
+     . " --no-check-certificate"
+     . " https://no.such.domain/needs-auth.txt";
+-$cmdline =~ s/{{port}}/$SOCKET->sockport()/e;
++$cmdline =~ s/\Q{{port}}/$SOCKET->sockport()/e;
+ 
+ if (defined $srcdir) {
+     $VALGRIND_SUPP_FILE = $srcdir . '/valgrind-suppressions-ssl';
+diff --git a/tests/Test-proxied-https-auth.px b/tests/Test-proxied-https-auth.px
+index ce4e736c..878114e7 100755
+--- a/tests/Test-proxied-https-auth.px
++++ b/tests/Test-proxied-https-auth.px
+@@ -152,7 +152,7 @@ my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee"
+     . " --password=Dodgson -e https_proxy=localhost:{{port}}"
+     . " --no-check-certificate"
+     . " https://no.such.domain/needs-auth.txt";
+-$cmdline =~ s/{{port}}/$SOCKET->sockport()/e;
++$cmdline =~ s/\Q{{port}}/$SOCKET->sockport()/e;
+ 
+ if (defined $srcdir) {
+     $VALGRIND_SUPP_FILE = $srcdir . '/valgrind-suppressions-ssl';
diff --git a/gnu/packages/patches/xf86-video-siliconmotion-fix-ftbfs.patch b/gnu/packages/patches/xf86-video-siliconmotion-fix-ftbfs.patch
new file mode 100644
index 0000000000..8aeec455d7
--- /dev/null
+++ b/gnu/packages/patches/xf86-video-siliconmotion-fix-ftbfs.patch
@@ -0,0 +1,171 @@
+From eee8fd4c489a693344da0bba14cfa54c54610b89 Mon Sep 17 00:00:00 2001
+From: Maarten Lankhorst <maarten.lankhorst@ubuntu.com>
+Date: Thu, 9 Mar 2017 13:31:34 +0200
+Subject: [PATCH] Fix build against xorg server 1.17 on certain architectures
+
+Fixes at least arm64, likely also hppa, m68k, sh4.
+
+Signed-off-by: Maarten Lankhorst <maarten.lankhorst@ubuntu.com>
+---
+ src/regsmi.h       | 18 ++++++++++++++++++
+ src/smi.h          |  2 ++
+ src/smi_driver.c   | 19 +++++++++----------
+ src/smilynx_crtc.c |  6 +++---
+ src/smilynx_hw.c   |  5 ++---
+ 5 files changed, 34 insertions(+), 16 deletions(-)
+
+diff --git a/src/regsmi.h b/src/regsmi.h
+index 5dd0320..69205ba 100644
+--- a/src/regsmi.h
++++ b/src/regsmi.h
+@@ -64,8 +64,13 @@ VGAIN8_INDEX(SMIPtr pSmi, int indexPort, int dataPort, CARD8 index)
+ 	MMIO_OUT8(pSmi->IOBase, indexPort, index);
+ 	return(MMIO_IN8(pSmi->IOBase, dataPort));
+     } else {
++#ifdef XSERVER_LIBPCIACCESS
++	pci_io_write8(pSmi->io, indexPort, index);
++	return pci_io_read8(pSmi->io, dataPort);
++#else
+ 	outb(pSmi->PIOBase + indexPort, index);
+ 	return(inb(pSmi->PIOBase + dataPort));
++#endif
+     }
+ }
+ 
+@@ -76,8 +81,13 @@ VGAOUT8_INDEX(SMIPtr pSmi, int indexPort, int dataPort, CARD8 index, CARD8 data)
+ 	MMIO_OUT8(pSmi->IOBase, indexPort, index);
+ 	MMIO_OUT8(pSmi->IOBase, dataPort, data);
+     } else {
++#ifdef XSERVER_LIBPCIACCESS
++	pci_io_write8(pSmi->io, indexPort, index);
++	pci_io_write8(pSmi->io, dataPort, data);
++#else
+ 	outb(pSmi->PIOBase + indexPort, index);
+ 	outb(pSmi->PIOBase + dataPort, data);
++#endif
+     }
+ }
+ 
+@@ -87,7 +97,11 @@ VGAIN8(SMIPtr pSmi, int port)
+     if (pSmi->IOBase) {
+ 	return(MMIO_IN8(pSmi->IOBase, port));
+     } else {
++#ifdef XSERVER_LIBPCIACCESS
++	return pci_io_read8(pSmi->io, port);
++#else
+ 	return(inb(pSmi->PIOBase + port));
++#endif
+     }
+ }
+ 
+@@ -97,7 +111,11 @@ VGAOUT8(SMIPtr pSmi, int port, CARD8 data)
+     if (pSmi->IOBase) {
+ 	MMIO_OUT8(pSmi->IOBase, port, data);
+     } else {
++#ifdef XSERVER_LIBPCIACCESS
++	pci_io_write8(pSmi->io, port, data);
++#else
+ 	outb(pSmi->PIOBase + port, data);
++#endif
+     }
+ }
+ 
+diff --git a/src/smi.h b/src/smi.h
+index 2742c8d..1f20a2d 100644
+--- a/src/smi.h
++++ b/src/smi.h
+@@ -171,6 +171,8 @@ typedef struct
+     pciVideoPtr		PciInfo;	/* PCI info vars */
+ #ifndef XSERVER_LIBPCIACCESS
+     PCITAG		PciTag;
++#else
++    struct pci_io_handle *io;
+ #endif
+     int			Chipset;	/* Chip info, set using PCI
+ 					   above */
+diff --git a/src/smi_driver.c b/src/smi_driver.c
+index 8949cae..6bdf64d 100644
+--- a/src/smi_driver.c
++++ b/src/smi_driver.c
+@@ -446,6 +446,9 @@ SMI_PreInit(ScrnInfoPtr pScrn, int flags)
+ 	pSmi->PIOBase = hwp->PIOOffset;
+ #else
+ 	pSmi->PIOBase = 0;
++#ifdef XSERVER_LIBPCIACCESS
++	pSmi->io = hwp->io;
++#endif
+ #endif
+ 
+ 	xf86ErrorFVerb(VERBLEV, "\tSMI_PreInit vgaCRIndex=%x, vgaIOBase=%x, "
+@@ -2022,16 +2025,14 @@ SMI_EnableMmio(ScrnInfoPtr pScrn)
+ 	vgaHWSetStdFuncs(hwp);
+ 
+ 	/* Enable linear mode */
+-	outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x18);
+-	tmp = inb(pSmi->PIOBase + VGA_SEQ_DATA);
++	tmp = VGAIN8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x18);
+ 	pSmi->SR18Value = tmp;					/* PDR#521 */
+-	outb(pSmi->PIOBase + VGA_SEQ_DATA, tmp | 0x11);
++	VGAOUT8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x18, tmp | 0x11);
+ 
+ 	/* Enable 2D/3D Engine and Video Processor */
+-	outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x21);
+-	tmp = inb(pSmi->PIOBase + VGA_SEQ_DATA);
++	tmp = VGAIN8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x21);
+ 	pSmi->SR21Value = tmp;					/* PDR#521 */
+-	outb(pSmi->PIOBase + VGA_SEQ_DATA, tmp & ~0x03);
++	VGAOUT8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x21, tmp & ~0x03);
+     }
+ 
+     LEAVE();
+@@ -2050,12 +2051,10 @@ SMI_DisableMmio(ScrnInfoPtr pScrn)
+ 	vgaHWSetStdFuncs(hwp);
+ 
+ 	/* Disable 2D/3D Engine and Video Processor */
+-	outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x21);
+-	outb(pSmi->PIOBase + VGA_SEQ_DATA, pSmi->SR21Value);	/* PDR#521 */
++	VGAOUT8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x21, pSmi->SR21Value);	/* PDR#521 */
+ 
+ 	/* Disable linear mode */
+-	outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x18);
+-	outb(pSmi->PIOBase + VGA_SEQ_DATA, pSmi->SR18Value);	/* PDR#521 */
++	VGAOUT8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x18, pSmi->SR18Value);	/* PDR#521 */
+     }
+ 
+     LEAVE();
+diff --git a/src/smilynx_crtc.c b/src/smilynx_crtc.c
+index fb7183c..f4d8b4e 100644
+--- a/src/smilynx_crtc.c
++++ b/src/smilynx_crtc.c
+@@ -619,9 +619,9 @@ SMILynx_CrtcModeSet_bios(xf86CrtcPtr crtc,
+     xf86ExecX86int10(pSmi->pInt10);
+ 
+     /* Enable linear mode. */
+-    outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x18);
+-    tmp = inb(pSmi->PIOBase + VGA_SEQ_DATA);
+-    outb(pSmi->PIOBase + VGA_SEQ_DATA, tmp | 0x01);
++    VGAOUT8(pSmi, VGA_SEQ_INDEX, 0x18);
++    tmp = VGAIN8(pSmi, VGA_SEQ_DATA);
++    VGAOUT8(pSmi, VGA_SEQ_DATA, tmp | 0x01);
+ 
+     /* Enable DPR/VPR registers. */
+     tmp = VGAIN8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x21);
+diff --git a/src/smilynx_hw.c b/src/smilynx_hw.c
+index b2ee8a5..40aa5a4 100644
+--- a/src/smilynx_hw.c
++++ b/src/smilynx_hw.c
+@@ -365,9 +365,8 @@ SMILynx_WriteMode(ScrnInfoPtr pScrn, vgaRegPtr vgaSavePtr, SMIRegPtr restore)
+ 	xf86ExecX86int10(pSmi->pInt10);
+ 
+ 	/* Enable linear mode. */
+-	outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x18);
+-	tmp = inb(pSmi->PIOBase + VGA_SEQ_DATA);
+-	outb(pSmi->PIOBase + VGA_SEQ_DATA, tmp | 0x01);
++	tmp = VGAIN8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x18);
++	VGAOUT8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x18, tmp | 0x01);
+ 
+ 	/* Enable DPR/VPR registers. */
+ 	tmp = VGAIN8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x21);
+-- 
+2.7.4
+