13 files changed, 239 insertions, 430 deletions
diff --git a/gnu/packages/patches/adb-add-libraries.patch b/gnu/packages/patches/adb-add-libraries.patch
new file mode 100644
index 0000000000..b014832f62
--- /dev/null
+++ b/gnu/packages/patches/adb-add-libraries.patch
@@ -0,0 +1,30 @@
+--- a/adb/Android.mk	2018-04-25 23:23:29.527198350 +0200
++++ b/adb/Android.mk	2018-04-25 23:24:25.558632573 +0200
+@@ -226,7 +226,7 @@
+ LOCAL_SRC_FILES := test_track_devices.cpp
+ LOCAL_SANITIZE := $(adb_host_sanitize)
+ LOCAL_SHARED_LIBRARIES := libbase
+-LOCAL_STATIC_LIBRARIES := libadb libcrypto_static libcutils
++LOCAL_STATIC_LIBRARIES := libadb libbase libcrypto_static libcutils
+ LOCAL_LDLIBS += -lrt -ldl -lpthread
+ include $(BUILD_HOST_EXECUTABLE)
+ endif
+@@ -278,6 +278,7 @@
+ LOCAL_SANITIZE := $(adb_host_sanitize)
+ LOCAL_STATIC_LIBRARIES := \
+     libadb \
++    libcutils \
+     libbase \
+     libcrypto_static \
+     libdiagnose_usb \
+--- a/adb/sysdeps_test.cpp	2018-05-09 23:58:46.583163684 +0200
++++ b/adb/sysdeps_test.cpp	2018-05-09 23:56:41.356544648 +0200
+@@ -17,6 +17,8 @@
+ #include <gtest/gtest.h>
+ #include <unistd.h>
+ #include <atomic>
++#include <climits>
++#include <mutex>
+ 
+ #include "adb_io.h"
+ #include "sysdeps.h"
diff --git a/gnu/packages/patches/groovy-add-exceptionutilsgenerator.patch b/gnu/packages/patches/groovy-add-exceptionutilsgenerator.patch
new file mode 100644
index 0000000000..df74bdbaba
--- /dev/null
+++ b/gnu/packages/patches/groovy-add-exceptionutilsgenerator.patch
@@ -0,0 +1,98 @@
+From 3dbdc68093e90f0ef9b77b70490d8e0b1dcfbf8f Mon Sep 17 00:00:00 2001
+From: Julien Lepiller <julien@lepiller.eu>
+Date: Sun, 17 Sep 2017 21:08:45 +0200
+Subject: [PATCH] Add ExceptionUtilsGenerator.java.
+
+A gradle task (in gradle/utils.gradle) is normally used to generate an
+ExceptionUtils class. Since gradle depends on groovy, we cannot use it, so
+we copy the code from the gradle task to a new file. Running this file then
+generates the required class.
+---
+ .../codehaus/groovy/ExceptionUtilsGenerator.java   | 75 ++++++++++++++++++++++
+ 1 file changed, 75 insertions(+)
+ create mode 100644 config/ant/src/org/codehaus/groovy/ExceptionUtilsGenerator.java
+
+diff --git a/config/ant/src/org/codehaus/groovy/ExceptionUtilsGenerator.java b/config/ant/src/org/codehaus/groovy/ExceptionUtilsGenerator.java
+new file mode 100644
+index 0000000..41f006d
+--- /dev/null
++++ b/config/ant/src/org/codehaus/groovy/ExceptionUtilsGenerator.java
+@@ -0,0 +1,75 @@
++package org.codehaus.groovy;
++
++import org.objectweb.asm.*;
++
++import java.io.BufferedOutputStream;
++import java.io.File;
++import java.io.FileOutputStream;
++import java.io.IOException;
++import java.util.logging.Logger;
++
++public class ExceptionUtilsGenerator implements Opcodes {
++    private final static Logger LOGGER = Logger.getLogger(ExceptionUtilsGenerator.class.getName());
++
++    public static void main(String... args) {
++        if (args==null || args.length==0) {
++            throw new IllegalArgumentException("You must specify at least one file");
++        }
++
++        ClassWriter cw = new ClassWriter(0);
++        MethodVisitor mv;
++
++        cw.visit(V1_5, ACC_PUBLIC + ACC_SUPER, "org/codehaus/groovy/runtime/ExceptionUtils", null, "java/lang/Object", null);
++
++        cw.visitSource("ExceptionUtils.java", null);
++
++        mv = cw.visitMethod(ACC_PUBLIC, "<init>", "()V", null, null);
++        mv.visitCode();
++        Label l0 = new Label();
++        mv.visitLabel(l0);
++        mv.visitLineNumber(18, l0);
++        mv.visitVarInsn(ALOAD, 0);
++        mv.visitMethodInsn(INVOKESPECIAL, "java/lang/Object", "<init>", "()V");
++        mv.visitInsn(RETURN);
++        Label l1 = new Label();
++        mv.visitLabel(l1);
++        mv.visitLocalVariable("this", "Lorg/codehaus/groovy/runtime/ExceptionUtils;", null, l0, l1, 0);
++        mv.visitMaxs(1, 1);
++        mv.visitEnd();
++
++        mv = cw.visitMethod(ACC_PUBLIC + ACC_STATIC, "sneakyThrow", "(Ljava/lang/Throwable;)V", null, null);
++        mv.visitCode();
++        Label l2 = new Label();
++        mv.visitLabel(l2);
++        mv.visitLineNumber(20, l2);
++        mv.visitVarInsn(ALOAD, 0);
++        mv.visitInsn(ATHROW);
++        Label l3 = new Label();
++        mv.visitLabel(l3);
++        mv.visitLocalVariable("e", "Ljava/lang/Throwable;", null, l2, l3, 0);
++        mv.visitMaxs(1, 1);
++        mv.visitEnd();
++
++        cw.visitEnd();
++
++        LOGGER.info("Generating ExceptionUtils");
++        byte[] bytes = cw.toByteArray();
++        for (String classFilePath : args) {
++            File classFile = new File(classFilePath);
++            if (classFile.getParentFile().exists() || classFile.getParentFile().mkdirs()) {
++                try {
++                    if (classFile.exists()) {
++                        classFile.delete();
++                    }
++                    BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(classFile));
++                    bos.write(bytes);
++                    bos.close();
++                } catch (IOException e) {
++                    LOGGER.warning("Unable to write file "+classFile);
++                }
++            } else {
++                LOGGER.warning("Unable to create directory "+classFile.getParentFile());
++            }
++        }
++	}
++}
+-- 
+2.14.1
+
diff --git a/gnu/packages/patches/icecat-bug-1452075.patch b/gnu/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch
index b776640133..b776640133 100644
--- a/gnu/packages/patches/icecat-bug-1452075.patch
+++ b/gnu/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch
diff --git a/gnu/packages/patches/libutils-add-includes.patch b/gnu/packages/patches/libutils-add-includes.patch
new file mode 100644
index 0000000000..354c59b735
--- /dev/null
+++ b/gnu/packages/patches/libutils-add-includes.patch
@@ -0,0 +1,11 @@
+--- a/libutils/CallStack.cpp	2018-04-25 20:13:06.348665241 +0200
++++ b/libutils/CallStack.cpp	2018-04-25 20:13:18.360510763 +0200
+@@ -17,7 +17,7 @@
+ #define LOG_TAG "CallStack"
+ 
+ #include <memory>
+-
++#include <cstdlib>
+ #include <utils/CallStack.h>
+ #include <utils/Printer.h>
+ #include <utils/Errors.h>
diff --git a/gnu/packages/patches/libutils-remove-damaging-includes.patch b/gnu/packages/patches/libutils-remove-damaging-includes.patch
new file mode 100644
index 0000000000..7867dd3b80
--- /dev/null
+++ b/gnu/packages/patches/libutils-remove-damaging-includes.patch
@@ -0,0 +1,21 @@
+--- a/include/utils/StrongPointer.h	2018-04-25 18:42:34.321003602 +0200
++++ b/include/utils/StrongPointer.h	2018-04-25 18:42:42.180912201 +0200
+@@ -17,8 +17,6 @@
+ #ifndef ANDROID_STRONG_POINTER_H
+ #define ANDROID_STRONG_POINTER_H
+ 
+-#include <cutils/atomic.h>
+-
+ #include <stdint.h>
+ #include <sys/types.h>
+ #include <stdlib.h>
+--- a/libutils/Trace.cpp	2018-04-25 20:41:48.775049786 +0200
++++ b/libutils/Trace.cpp	2018-04-25 20:42:13.674744182 +0200
+@@ -21,5 +21,7 @@
+ 
+ static void traceInit()
+ {
++#if defined(__ANDROID__)
+     ::android::add_sysprop_change_callback(atrace_update_tags, 0);
++#endif
+ }
diff --git a/gnu/packages/patches/libziparchive-add-includes.patch b/gnu/packages/patches/libziparchive-add-includes.patch
new file mode 100644
index 0000000000..41137105a0
--- /dev/null
+++ b/gnu/packages/patches/libziparchive-add-includes.patch
@@ -0,0 +1,10 @@
+--- a/libziparchive/zip_writer.cc	2018-04-25 22:33:05.472674164 +0200
++++ b/libziparchive/zip_writer.cc	2018-04-25 22:33:21.296519518 +0200
+@@ -22,6 +22,7 @@
+ 
+ #include <sys/param.h>
+ 
++#include <cstring>
+ #include <cassert>
+ #include <cstdio>
+ #include <memory>
diff --git a/gnu/packages/patches/mupdf-CVE-2017-17858.patch b/gnu/packages/patches/mupdf-CVE-2017-17858.patch
deleted file mode 100644
index 66df127509..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2017-17858.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-Fix CVE-2017-17858:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17858
-https://bugs.ghostscript.com/show_bug.cgi?id=698819
-https://github.com/mzet-/Security-Advisories/blob/master/mzet-adv-2017-01.md
-
-Patch copied from upstream source repository:
-
-https://git.ghostscript.com/?p=mupdf.git;a=commit;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731
-
-From 55c3f68d638ac1263a386e0aaa004bb6e8bde731 Mon Sep 17 00:00:00 2001
-From: Sebastian Rasmussen <sebras@gmail.com>
-Date: Mon, 11 Dec 2017 14:09:15 +0100
-Subject: [PATCH] Bugs 698804/698810/698811: Keep PDF object numbers below
- limit.
-
-This ensures that:
- * xref tables with objects pointers do not grow out of bounds.
- * other readers, e.g. Adobe Acrobat can parse PDFs written by mupdf.
----
- include/mupdf/pdf/object.h |  3 +++
- source/pdf/pdf-repair.c    |  5 +----
- source/pdf/pdf-xref.c      | 21 ++++++++++++---------
- 3 files changed, 16 insertions(+), 13 deletions(-)
-
-diff --git a/include/mupdf/pdf/object.h b/include/mupdf/pdf/object.h
-index 21ed8595..4177112b 100644
---- a/include/mupdf/pdf/object.h
-+++ b/include/mupdf/pdf/object.h
-@@ -3,6 +3,9 @@
- 
- typedef struct pdf_document_s pdf_document;
- 
-+/* Defined in PDF 1.7 according to Acrobat limit. */
-+#define PDF_MAX_OBJECT_NUMBER 8388607
-+
- /*
-  * Dynamic objects.
-  * The same type of objects as found in PDF and PostScript.
-diff --git a/source/pdf/pdf-repair.c b/source/pdf/pdf-repair.c
-index ca149bd3..0c29758e 100644
---- a/source/pdf/pdf-repair.c
-+++ b/source/pdf/pdf-repair.c
-@@ -6,9 +6,6 @@
- 
- /* Scan file for objects and reconstruct xref table */
- 
--/* Define in PDF 1.7 to be 8388607, but mupdf is more lenient. */
--#define MAX_OBJECT_NUMBER (10 << 20)
--
- struct entry
- {
- 	int num;
-@@ -436,7 +433,7 @@ pdf_repair_xref(fz_context *ctx, pdf_document *doc)
- 					break;
- 				}
- 
--				if (num <= 0 || num > MAX_OBJECT_NUMBER)
-+				if (num <= 0 || num > PDF_MAX_OBJECT_NUMBER)
- 				{
- 					fz_warn(ctx, "ignoring object with invalid object number (%d %d R)", num, gen);
- 					goto have_next_token;
-diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
-index 00586dbd..6284e70b 100644
---- a/source/pdf/pdf-xref.c
-+++ b/source/pdf/pdf-xref.c
-@@ -868,11 +868,12 @@ pdf_read_old_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf)
- 			fz_seek(ctx, file, -(2 + (int)strlen(s)), SEEK_CUR);
- 		}
- 
--		if (ofs < 0)
--			fz_throw(ctx, FZ_ERROR_GENERIC, "out of range object num in xref: %d", (int)ofs);
--		if (ofs > INT64_MAX - len)
--			fz_throw(ctx, FZ_ERROR_GENERIC, "xref section object numbers too big");
--
-+		if (ofs < 0 || ofs > PDF_MAX_OBJECT_NUMBER
-+				|| len < 0 || len > PDF_MAX_OBJECT_NUMBER
-+				|| ofs + len - 1 > PDF_MAX_OBJECT_NUMBER)
-+		{
-+			fz_throw(ctx, FZ_ERROR_GENERIC, "xref subsection object numbers are out of range");
-+		}
- 		/* broken pdfs where size in trailer undershoots entries in xref sections */
- 		if (ofs + len > xref_len)
- 		{
-@@ -933,10 +934,8 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, in
- 	pdf_xref_entry *table;
- 	int i, n;
- 
--	if (i0 < 0 || i1 < 0 || i0 > INT_MAX - i1)
--		fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index");
--	//if (i0 + i1 > pdf_xref_len(ctx, doc))
--	//	fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries");
-+	if (i0 < 0 || i0 > PDF_MAX_OBJECT_NUMBER || i1 < 0 || i1 > PDF_MAX_OBJECT_NUMBER || i0 + i1 - 1 > PDF_MAX_OBJECT_NUMBER)
-+		fz_throw(ctx, FZ_ERROR_GENERIC, "xref subsection object numbers are out of range");
- 
- 	table = pdf_xref_find_subsection(ctx, doc, i0, i1);
- 	for (i = i0; i < i0 + i1; i++)
-@@ -2086,6 +2085,10 @@ pdf_create_object(fz_context *ctx, pdf_document *doc)
- 	/* TODO: reuse free object slots by properly linking free object chains in the ofs field */
- 	pdf_xref_entry *entry;
- 	int num = pdf_xref_len(ctx, doc);
-+
-+	if (num > PDF_MAX_OBJECT_NUMBER)
-+		fz_throw(ctx, FZ_ERROR_GENERIC, "too many objects stored in pdf");
-+
- 	entry = pdf_get_incremental_xref_entry(ctx, doc, num);
- 	entry->type = 'f';
- 	entry->ofs = -1;
--- 
-2.16.1
-
diff --git a/gnu/packages/patches/mupdf-CVE-2018-1000051.patch b/gnu/packages/patches/mupdf-CVE-2018-1000051.patch
deleted file mode 100644
index bb78c46f80..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2018-1000051.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-Fix CVE-2018-1000051:
-
-https://bugs.ghostscript.com/show_bug.cgi?id=698873
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000051
-
-Patch copied from upstream source repository:
-
-https://git.ghostscript.com/?p=mupdf.git;a=commit;h=321ba1de287016b0036bf4a56ce774ad11763384
-
-From 321ba1de287016b0036bf4a56ce774ad11763384 Mon Sep 17 00:00:00 2001
-From: Sebastian Rasmussen <sebras@gmail.com>
-Date: Tue, 19 Dec 2017 23:47:47 +0100
-Subject: [PATCH] Bug 698825: Do not drop borrowed colorspaces.
-
-Previously the borrowed colorspace was dropped when updating annotation
-appearances, leading to use after free warnings from valgrind/ASAN.
----
- source/pdf/pdf-appearance.c | 8 ++------
- 1 file changed, 2 insertions(+), 6 deletions(-)
-
-diff --git a/source/pdf/pdf-appearance.c b/source/pdf/pdf-appearance.c
-index 70f684f4..d7a1dddd 100644
---- a/source/pdf/pdf-appearance.c
-+++ b/source/pdf/pdf-appearance.c
-@@ -2170,7 +2170,6 @@ void pdf_update_free_text_annot_appearance(fz_context *ctx, pdf_document *doc, p
- 	fz_device *dev = NULL;
- 	font_info font_rec;
- 	fz_text *text = NULL;
--	fz_colorspace *cs = NULL;
- 	fz_matrix page_ctm;
- 
- 	pdf_page_transform(ctx, annot->page, NULL, &page_ctm);
-@@ -2184,11 +2183,11 @@ void pdf_update_free_text_annot_appearance(fz_context *ctx, pdf_document *doc, p
- 	fz_var(dlist);
- 	fz_var(dev);
- 	fz_var(text);
--	fz_var(cs);
- 	fz_try(ctx)
- 	{
- 		char *contents = pdf_to_str_buf(ctx, pdf_dict_get(ctx, obj, PDF_NAME_Contents));
- 		char *da = pdf_to_str_buf(ctx, pdf_dict_get(ctx, obj, PDF_NAME_DA));
-+		fz_colorspace *cs;
- 		fz_point pos;
- 		fz_rect rect;
- 
-@@ -2223,7 +2222,6 @@ void pdf_update_free_text_annot_appearance(fz_context *ctx, pdf_document *doc, p
- 		fz_drop_display_list(ctx, dlist);
- 		font_info_fin(ctx, &font_rec);
- 		fz_drop_text(ctx, text);
--		fz_drop_colorspace(ctx, cs);
- 	}
- 	fz_catch(ctx)
- 	{
-@@ -2359,7 +2357,6 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot
- 	fz_device *dev = NULL;
- 	font_info font_rec;
- 	fz_text *text = NULL;
--	fz_colorspace *cs = NULL;
- 	fz_path *path = NULL;
- 	fz_buffer *fzbuf = NULL;
- 	fz_matrix page_ctm;
-@@ -2375,7 +2372,6 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot
- 	fz_var(dlist);
- 	fz_var(dev);
- 	fz_var(text);
--	fz_var(cs);
- 	fz_var(fzbuf);
- 	fz_try(ctx)
- 	{
-@@ -2384,6 +2380,7 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot
- 		fz_rect logo_bounds;
- 		fz_matrix logo_tm;
- 		fz_rect rect;
-+		fz_colorspace *cs = fz_device_rgb(ctx); /* Borrowed reference */
- 
- 		pdf_to_rect(ctx, pdf_dict_get(ctx, annot->obj, PDF_NAME_Rect), &annot_rect);
- 		rect = annot_rect;
-@@ -2396,7 +2393,6 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot
- 		fz_bound_path(ctx, path, NULL, &fz_identity, &logo_bounds);
- 		center_rect_within_rect(&logo_bounds, &rect, &logo_tm);
- 		fz_concat(&logo_tm, &logo_tm, &page_ctm);
--		cs = fz_device_rgb(ctx); /* Borrowed reference */
- 		fz_fill_path(ctx, dev, path, 0, &logo_tm, cs, logo_color, 1.0f, NULL);
- 
- 		get_font_info(ctx, doc, dr, da, &font_rec);
--- 
-2.16.3
-
diff --git a/gnu/packages/patches/mupdf-CVE-2018-6544.patch b/gnu/packages/patches/mupdf-CVE-2018-6544.patch
deleted file mode 100644
index b2c8f849f3..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2018-6544.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-Fix CVE-2018-6544:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6544
-https://bugs.ghostscript.com/show_bug.cgi?id=698830
-https://bugs.ghostscript.com/show_bug.cgi?id=698965 
-
-Patches copied from upstream source repository:
-
-https://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d
-https://git.ghostscript.com/?p=mupdf.git;h=b03def134988da8c800adac1a38a41a1f09a1d89
-
-From b03def134988da8c800adac1a38a41a1f09a1d89 Mon Sep 17 00:00:00 2001
-From: Sebastian Rasmussen <sebras@gmail.com>
-Date: Thu, 1 Feb 2018 16:36:14 +0100
-Subject: [PATCH] Bug 698830: Avoid recursion when loading object streams
- objects.
-
-If there were indirect references in the object stream dictionary and
-one of those indirect references referred to an object inside the object
-stream itself, mupdf would previously enter recursion only bounded by the
-exception stack. After this commit the object stream is checked if it is
-marked immediately after being loaded. If it is marked then we terminate
-the recursion at this point, if it is not marked then mark it and
-attempt to load the desired object within. We also take care to unmark
-the stream object when done or upon exception.
----
- source/pdf/pdf-xref.c | 14 ++++++++++++++
- 1 file changed, 14 insertions(+)
-
-diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
-index 723b543c..ed09094c 100644
---- a/source/pdf/pdf-xref.c
-+++ b/source/pdf/pdf-xref.c
-@@ -1576,6 +1576,19 @@ pdf_load_obj_stm(fz_context *ctx, pdf_document *doc, int num, pdf_lexbuf *buf, i
- 	{
- 		objstm = pdf_load_object(ctx, doc, num);
- 
-+		if (pdf_obj_marked(ctx, objstm))
-+			fz_throw(ctx, FZ_ERROR_GENERIC, "recursive object stream lookup");
-+	}
-+	fz_catch(ctx)
-+	{
-+		pdf_drop_obj(ctx, objstm);
-+		fz_rethrow(ctx);
-+	}
-+
-+	fz_try(ctx)
-+	{
-+		pdf_mark_obj(ctx, objstm);
-+
- 		count = pdf_to_int(ctx, pdf_dict_get(ctx, objstm, PDF_NAME_N));
- 		first = pdf_to_int(ctx, pdf_dict_get(ctx, objstm, PDF_NAME_First));
- 
-@@ -1655,6 +1668,7 @@ pdf_load_obj_stm(fz_context *ctx, pdf_document *doc, int num, pdf_lexbuf *buf, i
- 		fz_drop_stream(ctx, stm);
- 		fz_free(ctx, ofsbuf);
- 		fz_free(ctx, numbuf);
-+		pdf_unmark_obj(ctx, objstm);
- 		pdf_drop_obj(ctx, objstm);
- 	}
- 	fz_catch(ctx)
--- 
-2.16.3
-
-From 26527eef77b3e51c2258c8e40845bfbc015e405d Mon Sep 17 00:00:00 2001
-From: Sebastian Rasmussen <sebras@gmail.com>
-Date: Mon, 29 Jan 2018 02:00:48 +0100
-Subject: [PATCH] Bug 698830: Don't drop unkept stream if running out of error
- stack.
-
-Under normal conditions where fz_keep_stream() is called inside
-fz_try() we may call fz_drop_stream() in fz_catch() upon exceptions.
-The issue comes when fz_keep_stream() has not yet been called but is
-dropped in fz_catch(). This happens in the PDF from the bug when
-fz_try() runs out of exception stack, and next the code in fz_catch()
-runs, dropping the caller's reference to the filter chain stream!
-
-The simplest way of fixing this it to always keep the filter chain
-stream before fz_try() is called. That way fz_catch() may drop the
-stream whether an exception has occurred or if the fz_try() ran out of
-exception stack.
----
- source/pdf/pdf-stream.c | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/source/pdf/pdf-stream.c b/source/pdf/pdf-stream.c
-index c89da5c4..c6ba7ad3 100644
---- a/source/pdf/pdf-stream.c
-+++ b/source/pdf/pdf-stream.c
-@@ -303,14 +303,13 @@ pdf_open_raw_filter(fz_context *ctx, fz_stream *chain, pdf_document *doc, pdf_ob
- 		*orig_gen = 0;
- 	}
- 
--	fz_var(chain);
-+	chain = fz_keep_stream(ctx, chain);
- 
- 	fz_try(ctx)
- 	{
- 		len = pdf_to_int(ctx, pdf_dict_get(ctx, stmobj, PDF_NAME_Length));
- 
--		/* don't close chain when we close this filter */
--		chain2 = fz_keep_stream(ctx, chain);
-+		chain2 = chain;
- 		chain = NULL;
- 		chain = fz_open_null(ctx, chain2, len, offset);
- 
--- 
-2.16.3
-
diff --git a/gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch b/gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch
deleted file mode 100644
index d5c9c60242..0000000000
--- a/gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Make it possible to build MuPDF with OpenJPEG 2.3, which is the latest
-release series and contains many important bug fixes.
-
-Patch adapted from Debian:
-
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745246
-
-And related to this upstream commit:
-
-http://git.ghostscript.com/?p=mupdf.git;a=commit;h=f88bfe2e62dbadb96d4f52d7aa025f0a516078da
-
-diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c
-index 65699ba..ea84778 100644
---- a/source/fitz/load-jpx.c
-+++ b/source/fitz/load-jpx.c
-@@ -445,11 +445,6 @@ fz_load_jpx_info(fz_context *ctx, const unsigned char *data, size_t size, int *w
- 
- #else /* HAVE_LURATECH */
- 
--#define OPJ_STATIC
--#define OPJ_HAVE_INTTYPES_H
--#if !defined(_MSC_VER) || _MSC_VER >= 1600
--#define OPJ_HAVE_STDINT_H
--#endif
- #define USE_JPIP
- 
- #include <openjpeg.h>
diff --git a/gnu/packages/patches/myrepos-CVE-2018-7032.patch b/gnu/packages/patches/myrepos-CVE-2018-7032.patch
new file mode 100644
index 0000000000..ce9493e5f9
--- /dev/null
+++ b/gnu/packages/patches/myrepos-CVE-2018-7032.patch
@@ -0,0 +1,69 @@
+http://source.myrepos.branchable.com/?p=source.git;a=patch;h=40a3df21c73f1bb1b6915cc6fa503f50814664c8
+This can be removed with the next release. It was modified slightly to apply
+
+From 40a3df21c73f1bb1b6915cc6fa503f50814664c8 Mon Sep 17 00:00:00 2001
+From: Paul Wise <pabs3@bonedaddy.net>
+Date: Sun, 11 Feb 2018 21:57:49 +0800
+Subject: [PATCH] Mitigate vulnerabilities caused by some git remotes being
+ able to execute code
+
+Set GIT_PROTOCOL_FROM_USER=0 with git versions newer than 2.12.
+
+Prevent remote websites from causing cloning of local repositories.
+
+Manually whitelist known-safe protocols (http, https, git, ssh)
+when using git versions older than 2.12.
+
+Fixes: CVE-2018-7032
+Fixes: https://bugs.debian.org/840014
+Suggestions-by: Jakub Wilk <jwilk@jwilk.net>
+Reported-by: Jakub Wilk <jwilk@jwilk.net>
+---
+ webcheckout | 22 +++++++++++++++++++++-
+ 1 file changed, 21 insertions(+), 1 deletion(-)
+
+diff --git a/webcheckout b/webcheckout
+index e98da5c..de497ba 100755
+--- a/webcheckout
++++ b/webcheckout
+@@ -71,6 +71,16 @@ use Getopt::Long;
+ use warnings;
+ use strict;
+ 
++# Mitigate some git remote types being dangerous
++my $git_unsafe = 1;
++my $git_version = `git --version`;
++$git_version =~ s{^git version }{};
++my ($major, $minor) = split(/\./, $git_version);
++if (int($major) >= 2 && int($minor) >= 12) {
++	$ENV{GIT_PROTOCOL_FROM_USER} = 0;
++	$git_unsafe = 0;
++}
++
+ # What to download.
+ my $url;
+ 
+@@ -89,7 +99,17 @@ my $destdir;
+ 
+ # how to perform checkouts
+ my %handlers=(
+-	git => sub { doit("git", "clone", shift, $destdir) },
+-	svn => sub { doit("svn", "checkout", shift, $destdir) },
+-	bzr => sub { doit("bzr", "branch", shift, $destdir) },
++	git => sub {
++		my $git_url = shift;
++		# Reject unsafe URLs with older versions of git
++		# that do not already check the URL safety.
++		if ($git_unsafe && $git_url !~ m{^(?:(?:https?|git|ssh):[^:]|(?:[-_.A-Za-z0-9]+@)?[-_.A-Za-z0-9]+:(?!:|//))}) {
++			print STDERR "potentially unsafe git URL, may fail, touch local files or execute arbitrary code\n";
++			return 1;
++		}
++		# Reject cloning local directories too, webcheckout is for remote repos
++		doit(qw(git -c protocol.file.allow=user clone --), $git_url, $destdir)
++	},
++	svn => sub { doit(qw(svn checkout --), shift, $destdir) },
++	bzr => sub { doit(qw(bzr branch --), shift, $destdir) },
+ );
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/python-statsmodels-fix-tests.patch b/gnu/packages/patches/python-statsmodels-fix-tests.patch
deleted file mode 100644
index f910b4b5a5..0000000000
--- a/gnu/packages/patches/python-statsmodels-fix-tests.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-This drops a test that fails with numpy 1.12.
-
-Upstream bug URL: https://github.com/statsmodels/statsmodels/issues/3541
-
---- a/statsmodels/discrete/tests/test_discrete.py     2017-03-06 15:29:19.947343331 +0000
-+++ b/statsmodels/discrete/tests/test_discrete.py     2017-03-06 15:29:37.759328845 +0000
-@@ -1329,21 +1329,6 @@
-         res = mod.fit(start_params=-np.ones(4), method='newton', disp=0)
-     assert_(not res.mle_retvals['converged'])
- 
--def test_issue_339():
--    # make sure MNLogit summary works for J != K.
--    data = sm.datasets.anes96.load()
--    exog = data.exog
--    # leave out last exog column
--    exog = exog[:,:-1]
--    exog = sm.add_constant(exog, prepend=True)
--    res1 = sm.MNLogit(data.endog, exog).fit(method="newton", disp=0)
--    # strip the header from the test
--    smry = "\n".join(res1.summary().as_text().split('\n')[9:])
--    cur_dir = os.path.dirname(os.path.abspath(__file__))
--    test_case_file = os.path.join(cur_dir, 'results', 'mn_logit_summary.txt')
--    test_case = open(test_case_file, 'r').read()
--    np.testing.assert_equal(smry, test_case[:-1])
--
- def test_issue_341():
-     data = sm.datasets.anes96.load()
-     exog = data.exog
diff --git a/gnu/packages/patches/wesnoth-fix-std-bad-cast.patch b/gnu/packages/patches/wesnoth-fix-std-bad-cast.patch
deleted file mode 100644
index 18328ed018..0000000000
--- a/gnu/packages/patches/wesnoth-fix-std-bad-cast.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From 18e5ea50a7136cb3686c5a7c51c111ccce73dc54 Mon Sep 17 00:00:00 2001
-From: Iris Morelle <shadowm@wesnoth.org>
-Date: Sun, 6 May 2018 16:10:42 -0300
-Subject: [PATCH] i18n: Blind fix attempt for std::bad_cast being thrown on
- Windows
-
-Several reports on Steam and our forums point at std::bad_cast being
-thrown when accessing Preferences and the Multiplayer menu amongst
-others. It's possible that the locale configuration on those systems is
-not quite right, and compare() and icompare() are able to throw
-std::bad_cast when this happens as they both use std::use_facet().
-
-Note that much like the macOS/iOS version of icompare(), this stopgap
-patch doesn't attempt to provide any form of case-insensitive fallback
-and just uses a case-sensitive comparison instead.
----
- src/gettext_boost.cpp | 29 +++++++++++++++++++++++++++--
- 1 file changed, 27 insertions(+), 2 deletions(-)
-
-diff --git a/src/gettext_boost.cpp b/src/gettext_boost.cpp
-index 3cc7690d5ef..fb04ffeea90 100644
---- a/src/gettext_boost.cpp
-+++ b/src/gettext_boost.cpp
-@@ -423,7 +423,19 @@ void set_language(const std::string& language, const std::vector<std::string>* /
- int compare(const std::string& s1, const std::string& s2)
- {
- 	std::lock_guard<std::mutex> lock(get_mutex());
--	return std::use_facet<std::collate<char>>(get_manager().get_locale()).compare(s1.c_str(), s1.c_str() + s1.size(), s2.c_str(), s2.c_str() + s2.size());
-+
-+	try {
-+		return std::use_facet<std::collate<char>>(get_manager().get_locale()).compare(s1.c_str(), s1.c_str() + s1.size(), s2.c_str(), s2.c_str() + s2.size());
-+	} catch(const std::bad_cast&) {
-+		static bool bad_cast_once = false;
-+
-+		if(!bad_cast_once) {
-+			ERR_G << "locale set-up for compare() is broken, falling back to std::string::compare()\n";
-+			bad_cast_once = true;
-+		}
-+
-+		return s1.compare(s2);
-+	}
- }
- 
- int icompare(const std::string& s1, const std::string& s2)
-@@ -433,8 +445,21 @@ int icompare(const std::string& s1, const std::string& s2)
- 	return compare(s1, s2);
- #else
- 	std::lock_guard<std::mutex> lock(get_mutex());
--	return std::use_facet<bl::collator<char>>(get_manager().get_locale()).compare(
-+
-+	try {
-+		return std::use_facet<bl::collator<char>>(get_manager().get_locale()).compare(
- 			bl::collator_base::secondary, s1, s2);
-+	} catch(const std::bad_cast&) {
-+		static bool bad_cast_once = false;
-+
-+		if(!bad_cast_once) {
-+			ERR_G << "locale set-up for icompare() is broken, falling back to std::string::compare()\n";
-+			bad_cast_once = true;
-+		}
-+
-+		// FIXME: not even lazily case-insensitive
-+		return s1.compare(s2);
-+	}
- #endif
- }
-