summary refs log tree commit diff
path: root/gnu/packages
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages')
-rw-r--r--gnu/packages/acl.scm11
-rw-r--r--gnu/packages/admin.scm1
-rw-r--r--gnu/packages/audio.scm4
-rw-r--r--gnu/packages/avahi.scm3
-rw-r--r--gnu/packages/base.scm273
-rw-r--r--gnu/packages/bash.scm26
-rw-r--r--gnu/packages/bioinformatics.scm39
-rw-r--r--gnu/packages/bootstrap.scm2
-rw-r--r--gnu/packages/certs.scm4
-rw-r--r--gnu/packages/check.scm5
-rw-r--r--gnu/packages/cmake.scm5
-rw-r--r--gnu/packages/code.scm5
-rw-r--r--gnu/packages/commencement.scm122
-rw-r--r--gnu/packages/compression.scm4
-rw-r--r--gnu/packages/cups.scm13
-rw-r--r--gnu/packages/curl.scm77
-rw-r--r--gnu/packages/databases.scm57
-rw-r--r--gnu/packages/emacs.scm26
-rw-r--r--gnu/packages/engineering.scm16
-rw-r--r--gnu/packages/finance.scm82
-rw-r--r--gnu/packages/fontutils.scm40
-rw-r--r--gnu/packages/gcc.scm8
-rw-r--r--gnu/packages/glib.scm4
-rw-r--r--gnu/packages/gnome.scm8
-rw-r--r--gnu/packages/gnuzilla.scm10
-rw-r--r--gnu/packages/graphics.scm8
-rw-r--r--gnu/packages/gtk.scm35
-rw-r--r--gnu/packages/guile.scm2
-rw-r--r--gnu/packages/hurd.scm61
-rw-r--r--gnu/packages/ibus.scm1
-rw-r--r--gnu/packages/icu4c.scm4
-rw-r--r--gnu/packages/image.scm39
-rw-r--r--gnu/packages/imagemagick.scm8
-rw-r--r--gnu/packages/java.scm4
-rw-r--r--gnu/packages/libidn.scm4
-rw-r--r--gnu/packages/linux.scm29
-rw-r--r--gnu/packages/make-bootstrap.scm14
-rw-r--r--gnu/packages/maths.scm20
-rw-r--r--gnu/packages/mp3.scm2
-rw-r--r--gnu/packages/ncurses.scm69
-rw-r--r--gnu/packages/ninja.scm7
-rw-r--r--gnu/packages/openldap.scm4
-rw-r--r--gnu/packages/package-management.scm4
-rw-r--r--gnu/packages/patches/acl-hurd-path-max.patch80
-rw-r--r--gnu/packages/patches/coreutils-racy-tail-test.patch13
-rw-r--r--gnu/packages/patches/glibc-hurd-extern-inline.patch35
-rw-r--r--gnu/packages/patches/glibc-locales.patch14
-rw-r--r--gnu/packages/patches/glibc-o-largefile.patch25
-rw-r--r--gnu/packages/patches/icu4c-CVE-2014-6585.patch21
-rw-r--r--gnu/packages/patches/icu4c-CVE-2015-1270.patch15
-rw-r--r--gnu/packages/patches/imagemagick-test-segv.patch20
-rw-r--r--gnu/packages/patches/libpthread-glibc-preparation.patch146
-rw-r--r--gnu/packages/patches/libtiff-CVE-2012-4564.patch33
-rw-r--r--gnu/packages/patches/libtiff-CVE-2013-1960.patch148
-rw-r--r--gnu/packages/patches/libtiff-CVE-2013-1961.patch770
-rw-r--r--gnu/packages/patches/libtiff-CVE-2013-4231.patch19
-rw-r--r--gnu/packages/patches/libtiff-CVE-2013-4232.patch20
-rw-r--r--gnu/packages/patches/libtiff-CVE-2013-4243.patch39
-rw-r--r--gnu/packages/patches/libtiff-CVE-2013-4244.patch20
-rw-r--r--gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch30
-rw-r--r--gnu/packages/patches/libtiff-CVE-2014-8127-pt2.patch42
-rw-r--r--gnu/packages/patches/libtiff-CVE-2014-8127-pt3.patch45
-rw-r--r--gnu/packages/patches/libtiff-CVE-2014-8127-pt4.patch295
-rw-r--r--gnu/packages/patches/libtiff-CVE-2014-8128-pt1.patch32
-rw-r--r--gnu/packages/patches/libtiff-CVE-2014-8128-pt2.patch83
-rw-r--r--gnu/packages/patches/libtiff-CVE-2014-8128-pt3.patch34
-rw-r--r--gnu/packages/patches/libtiff-CVE-2014-8128-pt4.patch77
-rw-r--r--gnu/packages/patches/libtiff-CVE-2014-8128-pt5.patch16
-rw-r--r--gnu/packages/patches/libtiff-CVE-2014-8129.patch45
-rw-r--r--gnu/packages/patches/libtiff-CVE-2014-9330.patch47
-rw-r--r--gnu/packages/patches/libtiff-CVE-2014-9655.patch88
-rw-r--r--gnu/packages/patches/openssl-c-rehash.patch17
-rw-r--r--gnu/packages/patches/perl-autosplit-default-time.patch15
-rw-r--r--gnu/packages/patches/pixman-pointer-arithmetic.patch15
-rw-r--r--gnu/packages/patches/util-linux-tests.patch12
-rw-r--r--gnu/packages/patches/valgrind-glibc-2.22.patch (renamed from gnu/packages/patches/valgrind-glibc-2.21.patch)15
-rw-r--r--gnu/packages/patches/valgrind-linux-libre-4.x.patch18
-rw-r--r--gnu/packages/pciutils.scm6
-rw-r--r--gnu/packages/pdf.scm8
-rw-r--r--gnu/packages/perl.scm1
-rw-r--r--gnu/packages/python.scm43
-rw-r--r--gnu/packages/screen.scm3
-rw-r--r--gnu/packages/synergy.scm8
-rw-r--r--gnu/packages/tcl.scm33
-rw-r--r--gnu/packages/textutils.scm6
-rw-r--r--gnu/packages/tls.scm96
-rw-r--r--gnu/packages/valgrind.scm4
-rw-r--r--gnu/packages/version-control.scm8
-rw-r--r--gnu/packages/video.scm3
-rw-r--r--gnu/packages/wicd.scm7
-rw-r--r--gnu/packages/xdisorg.scm3
-rw-r--r--gnu/packages/xml.scm6
-rw-r--r--gnu/packages/xorg.scm12
93 files changed, 1346 insertions, 2405 deletions
diff --git a/gnu/packages/acl.scm b/gnu/packages/acl.scm
index af2fb62b8a..784186b670 100644
--- a/gnu/packages/acl.scm
+++ b/gnu/packages/acl.scm
@@ -26,6 +26,7 @@
   #:use-module (gnu packages perl)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (gnu packages)
   #:use-module (guix build-system gnu))
 
 (define-public acl
@@ -39,7 +40,8 @@
                           version ".src.tar.gz"))
       (sha256
        (base32
-        "08qd9s3wfhv0ajswsylnfwr5h0d7j9d4rgip855nrh400nxp940p"))))
+        "08qd9s3wfhv0ajswsylnfwr5h0d7j9d4rgip855nrh400nxp940p"))
+      (patches (list (search-patch "acl-hurd-path-max.patch")))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f   ; FIXME: Investigate test suite failures
@@ -58,11 +60,8 @@
     (inputs `(("attr" ,attr)))
     (native-inputs
      `(("gettext" ,gnu-gettext)
-       ("perl" ,perl)
-       ("sed" ,sed)))
-
-    (home-page
-     "http://savannah.nongnu.org/projects/acl")
+       ("perl" ,perl)))
+    (home-page "http://savannah.nongnu.org/projects/acl")
     (synopsis
      "Library and tools for manipulating access control lists")
     (description
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 70b2bb2c8f..027fe5b573 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -428,6 +428,7 @@ connection alive.")
                      (zero? (system* "tar" "cf" "bind.tar.gz"
                                      "bind-9.9.5-P1"
                                      ;; avoid non-determinism in the archive
+                                     "--sort=name"
                                      "--mtime=@0"
                                      "--owner=root:0"
                                      "--group=root:0"))))
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index 2511f121c2..a35ef278ee 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -340,7 +340,7 @@ tools (analyzer, mono/stereo tools, crossovers).")
 (define-public csound
   (package
     (name "csound")
-    (version "6.04")
+    (version "6.05")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -348,7 +348,7 @@ tools (analyzer, mono/stereo tools, crossovers).")
                     version "/Csound" version ".tar.gz"))
               (sha256
                (base32
-                "1030w38lxdwjz1irr32m9cl0paqmgr02lab2m7f7j1yihwxj1w0g"))))
+                "0a1sni6lr7qpwywpggbkp0ia3h9bwwgf9i87gsag8ra2h30v82hd"))))
     (build-system cmake-build-system)
     (inputs
      `(("alsa-lib" ,alsa-lib)
diff --git a/gnu/packages/avahi.scm b/gnu/packages/avahi.scm
index 517df32382..b6eef1a6ad 100644
--- a/gnu/packages/avahi.scm
+++ b/gnu/packages/avahi.scm
@@ -52,7 +52,8 @@
                            "--disable-xmltoman"
                            "--enable-tests"
                            "--disable-qt3" "--disable-qt4"
-                           "--disable-gtk" "--disable-gtk3")))
+                           "--disable-gtk" "--disable-gtk3"
+                           "--enable-compat-libdns_sd")))
     (inputs
      `(("expat" ,expat)
        ("glib" ,glib)
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index c5f447736a..a3e3e36608 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014 Alex Kost <alezost@gmail.com>
+;;; Copyright © 2014, 2015 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -33,11 +34,13 @@
   #:use-module (gnu packages perl)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages texinfo)
+  #:use-module (gnu packages hurd)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages gettext)
   #:use-module (guix utils)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system trivial))
 
@@ -246,10 +249,18 @@ used to apply commands with arbitrarily long arguments.")
                                 version ".tar.xz"))
             (sha256
              (base32
-              "0w11jw3fb5sslf0f72kxy7llxgk1ia3a6bcw0c9kmvxrlj355mx2"))))
+              "0w11jw3fb5sslf0f72kxy7llxgk1ia3a6bcw0c9kmvxrlj355mx2"))
+            (patches
+             (list (search-patch "coreutils-racy-tail-test.patch")))))
    (build-system gnu-build-system)
    (inputs `(("acl"  ,acl)                        ; TODO: add SELinux
-             ("gmp"  ,gmp)))
+             ("gmp"  ,gmp)                        ;bignums in 'expr', yay!
+
+             ;; Drop the dependency on libcap when cross-compiling since it's
+             ;; not quite cross-compilable.
+             ,@(if (%current-target-system)
+                   '()
+                   `(("libcap" ,libcap)))))  ;capability support is 'ls', etc.
    (native-inputs
     ;; Perl is needed to run tests in native builds, and to run the bundled
     ;; copy of help2man.  However, don't pass it when cross-compiling since
@@ -285,6 +296,14 @@ functionality beyond that which is outlined in the POSIX standard.")
    (license gpl3+)
    (home-page "http://www.gnu.org/software/coreutils/")))
 
+(define-public coreutils-minimal
+  ;; Coreutils without its optional dependencies.
+  (package
+    (inherit coreutils)
+    (name "coreutils-minimal")
+    (outputs '("out"))
+    (inputs '())))
+
 (define-public gnu-make
   (package
    (name "make")
@@ -326,14 +345,14 @@ change.  GNU make offers many powerful extensions over the standard utility.")
 (define-public binutils
   (package
    (name "binutils")
-   (version "2.25")
+   (version "2.25.1")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/binutils/binutils-"
                                 version ".tar.bz2"))
             (sha256
              (base32
-              "08r9i26b05zcwb9zxb6zllpfdiiicdfsgbpsjlrjmvx3rxjzrpi2"))
+              "08lzmhidzc16af1zbx34f8cy4z7mzrswpdbhrb8shy3xxpflmcdm"))
             (patches (list (search-patch "binutils-ld-new-dtags.patch")
                            (search-patch "binutils-loongson-workaround.patch")))))
    (build-system gnu-build-system)
@@ -439,14 +458,14 @@ store.")
 (define-public glibc
   (package
    (name "glibc")
-   (version "2.21")
+   (version "2.22")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/glibc/glibc-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "1f135546j34s9bfkydmx2nhh9vwxlx60jldi80zmsnln6wj3dsxf"))
+              "0j49682pm2nh4qbdw35bas82p1pgfnz4d2l7iwfyzvrvj0318wzb"))
             (snippet
              ;; Disable 'ldconfig' and /etc/ld.so.cache.  The latter is
              ;; required on LFS distros to avoid loading the distro's libc.so
@@ -455,7 +474,9 @@ store.")
                 (("use_ldconfig=yes")
                  "use_ldconfig=no")))
             (modules '((guix build utils)))
-            (patches (list (search-patch "glibc-ldd-x86_64.patch")))))
+            (patches (map search-patch
+                          '("glibc-ldd-x86_64.patch"
+                            "glibc-o-largefile.patch")))))
    (build-system gnu-build-system)
 
    ;; Glibc's <limits.h> refers to <linux/limit.h>, for instance, so glibc
@@ -472,7 +493,7 @@ store.")
       #:parallel-build? #f
 
       ;; The libraries have an empty RUNPATH, but some, such as the versioned
-      ;; libraries (libdl-2.21.so, etc.) have ld.so marked as NEEDED.  Since
+      ;; libraries (libdl-2.22.so, etc.) have ld.so marked as NEEDED.  Since
       ;; these libraries are always going to be found anyway, just skip
       ;; RUNPATH checks.
       #:validate-runpath? #f
@@ -513,72 +534,65 @@ store.")
             "libc_cv_ssp=no")
 
       #:tests? #f                                 ; XXX
-      #:phases (alist-cons-before
-                'configure 'pre-configure
-                (lambda* (#:key inputs native-inputs outputs
-                          #:allow-other-keys)
-                  (let* ((out  (assoc-ref outputs "out"))
-                         (bin  (string-append out "/bin")))
-                    ;; Use `pwd', not `/bin/pwd'.
-                    (substitute* "configure"
-                      (("/bin/pwd") "pwd"))
-
-                    ;; Install the rpc data base file under `$out/etc/rpc'.
-                    ;; FIXME: Use installFlags = [ "sysconfdir=$(out)/etc" ];
-                    (substitute* "sunrpc/Makefile"
-                      (("^\\$\\(inst_sysconfdir\\)/rpc(.*)$" _ suffix)
-                       (string-append out "/etc/rpc" suffix "\n"))
-                      (("^install-others =.*$")
-                       (string-append "install-others = " out "/etc/rpc\n")))
-
-                    (substitute* "Makeconfig"
-                      ;; According to
-                      ;; <http://www.linuxfromscratch.org/lfs/view/stable/chapter05/glibc.html>,
-                      ;; linking against libgcc_s is not needed with GCC
-                      ;; 4.7.1.
-                      ((" -lgcc_s") ""))
-
-                    ;; Copy a statically-linked Bash in the output, with
-                    ;; no references to other store paths.
-                    ;; FIXME: Normally we would look it up only in INPUTS but
-                    ;; cross-base uses it as a native input.
-                    (mkdir-p bin)
-                    (copy-file (string-append (or (assoc-ref inputs
-                                                             "static-bash")
-                                                  (assoc-ref native-inputs
-                                                             "static-bash"))
-                                              "/bin/bash")
-                               (string-append bin "/bash"))
-                    (remove-store-references (string-append bin "/bash"))
-                    (chmod (string-append bin "/bash") #o555)
-
-                    ;; Keep a symlink, for `patch-shebang' resolution.
-                    (with-directory-excursion bin
-                      (symlink "bash" "sh"))
-
-                    ;; Have `system' use that Bash.
-                    (substitute* "sysdeps/posix/system.c"
-                      (("#define[[:blank:]]+SHELL_PATH.*$")
-                       (format #f "#define SHELL_PATH \"~a/bin/bash\"\n"
-                               out)))
-
-                    ;; Same for `popen'.
-                    (substitute* "libio/iopopen.c"
-                      (("/bin/sh")
-                       (string-append out "/bin/bash")))
-
-                    ;; Make sure we don't retain a reference to the
-                    ;; bootstrap Perl.
-                    (substitute* "malloc/mtrace.pl"
-                      (("^#!.*")
-                       ;; The shebang can be omitted, because there's the
-                       ;; "bilingual" eval/exec magic at the top of the file.
-                       "")
-                      (("exec @PERL@")
-                       "exec perl"))))
-                %standard-phases)))
-
-   (inputs `(("static-bash" ,(static-package bash-light))))
+      #:phases (modify-phases %standard-phases
+                 (add-before
+                  'configure 'pre-configure
+                  (lambda* (#:key inputs native-inputs outputs
+                                  #:allow-other-keys)
+                    (let* ((out  (assoc-ref outputs "out"))
+                           (bin  (string-append out "/bin"))
+                           ;; FIXME: Normally we would look it up only in INPUTS
+                           ;; but cross-base uses it as a native input.
+                           (bash (or (assoc-ref inputs "static-bash")
+                                     (assoc-ref native-inputs "static-bash"))))
+                      ;; Use `pwd', not `/bin/pwd'.
+                      (substitute* "configure"
+                        (("/bin/pwd") "pwd"))
+
+                      ;; Install the rpc data base file under `$out/etc/rpc'.
+                      ;; FIXME: Use installFlags = [ "sysconfdir=$(out)/etc" ];
+                      (substitute* "sunrpc/Makefile"
+                        (("^\\$\\(inst_sysconfdir\\)/rpc(.*)$" _ suffix)
+                         (string-append out "/etc/rpc" suffix "\n"))
+                        (("^install-others =.*$")
+                         (string-append "install-others = " out "/etc/rpc\n")))
+
+                      (substitute* "Makeconfig"
+                        ;; According to
+                        ;; <http://www.linuxfromscratch.org/lfs/view/stable/chapter05/glibc.html>,
+                        ;; linking against libgcc_s is not needed with GCC
+                        ;; 4.7.1.
+                        ((" -lgcc_s") ""))
+
+                      ;; Have `system' use that Bash.
+                      (substitute* "sysdeps/posix/system.c"
+                        (("#define[[:blank:]]+SHELL_PATH.*$")
+                         (format #f "#define SHELL_PATH \"~a/bin/bash\"\n"
+                                 bash)))
+
+                      ;; Same for `popen'.
+                      (substitute* "libio/iopopen.c"
+                        (("/bin/sh")
+                         (string-append bash "/bin/bash")))
+
+                      ;; Same for the shell used by the 'exec' functions for
+                      ;; scripts that lack a shebang.
+                      (substitute* (find-files "." "^paths\\.h$")
+                        (("#define[[:blank:]]+_PATH_BSHELL[[:blank:]].*$")
+                         (string-append "#define _PATH_BSHELL \""
+                                        bash "/bin/bash\"\n")))
+
+                      ;; Make sure we don't retain a reference to the
+                      ;; bootstrap Perl.
+                      (substitute* "malloc/mtrace.pl"
+                        (("^#!.*")
+                         ;; The shebang can be omitted, because there's the
+                         ;; "bilingual" eval/exec magic at the top of the file.
+                         "")
+                        (("exec @PERL@")
+                         "exec perl"))))))))
+
+   (inputs `(("static-bash" ,static-bash)))
 
    ;; To build the manual, we need Texinfo and Perl.  Gettext is needed to
    ;; install the message catalogs, with 'msgfmt'.
@@ -626,10 +640,6 @@ the 'share/locale' sub-directory of this package.")
           `(alist-replace
             'build
             (lambda* (#:key outputs #:allow-other-keys)
-              (let ((out (assoc-ref outputs "out")))
-                ;; Delete $out/bin, which contains 'bash'.
-                (delete-file-recursively (string-append out "/bin")))
-
               (zero? (system* "make" "localedata/install-locales"
                               "-j" (number->string (parallel-job-count)))))
             (alist-delete 'install ,phases)))
@@ -700,6 +710,113 @@ variety of options.  It is an alternative to the shell \"type\" built-in
 command.")
     (license gpl3+))) ; some files are under GPLv2+
 
+(define-public glibc/hurd
+  ;; The Hurd's libc variant.
+  (package (inherit glibc)
+    (name "glibc-hurd")
+    (version "2.18")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "git://git.sv.gnu.org/hurd/glibc")
+                    (commit "cc94b3cfe65523f980359e5f0e93a26196bda1d3")))
+              (sha256
+               (base32
+                "17gsh0kaz0zyvghjmx861mi2p65m9901lngi179x61zm6v2v3xc4"))
+              (file-name (string-append name "-" version))
+              (patches (map search-patch
+                            '("glibc-hurd-extern-inline.patch")))))
+
+    ;; Libc provides <hurd.h>, which includes a bunch of Hurd and Mach headers,
+    ;; so both should be propagated.
+    (propagated-inputs `(("gnumach-headers" ,gnumach-headers)
+                         ("hurd-headers" ,hurd-headers)
+                         ("hurd-minimal" ,hurd-minimal)))
+    (native-inputs
+     `(,@(package-native-inputs glibc)
+       ("patch/libpthread-patch" ,(search-patch "libpthread-glibc-preparation.patch"))
+       ("mig" ,mig)
+       ("perl" ,perl)
+       ("libpthread" ,(origin
+                        (method git-fetch)
+                        (uri (git-reference
+                              (url "git://git.sv.gnu.org/hurd/libpthread")
+                              (commit "0ef7b75c4ba91b6660f0d3d8b51d14d25e3d5bfb")))
+                        (sha256
+                         (base32
+                          "031py18fls15z0wprni33mf762kg6fx8xqijppimhp83yp6ky3l3"))
+                        (file-name "libpthread")))))
+
+    (arguments
+     (substitute-keyword-arguments (package-arguments glibc)
+       ((#:configure-flags original-configure-flags)
+        `(append (list "--host=i686-pc-gnu"
+
+                       ;; nscd fails to build for GNU/Hurd:
+                       ;; <https://lists.gnu.org/archive/html/bug-hurd/2014-07/msg00006.html>.
+                       ;; Disable it.
+                       "--disable-nscd")
+                 (filter (lambda (flag)
+                           (not (or (string-prefix? "--with-headers=" flag)
+                                    (string-prefix? "--enable-kernel=" flag))))
+                         ;; Evaluate 'original-configure-flags' in a
+                         ;; lexical environment that has a dummy
+                         ;; "linux-headers" input, to prevent errors.
+                         (let ((%build-inputs `(("linux-headers" . "@DUMMY@")
+                                                ,@%build-inputs)))
+                           ,original-configure-flags))))
+       ((#:phases phases)
+        `(alist-cons-after
+          'unpack 'prepare-libpthread
+          (lambda* (#:key inputs #:allow-other-keys)
+            (copy-recursively (assoc-ref inputs "libpthread") "libpthread")
+
+            (system* "patch" "--force" "-p1" "-i"
+                     (assoc-ref inputs "patch/libpthread-patch"))
+            #t)
+          ,phases))))
+    (synopsis "The GNU C Library (GNU Hurd variant)")
+    (supported-systems %hurd-systems)))
+
+(define-public glibc/hurd-headers
+  (package (inherit glibc/hurd)
+    (name "glibc-hurd-headers")
+    (outputs '("out"))
+    (propagated-inputs `(("gnumach-headers" ,gnumach-headers)
+                         ("hurd-headers" ,hurd-headers)))
+    (arguments
+     (substitute-keyword-arguments (package-arguments glibc/hurd)
+       ;; We just pass the flags really needed to build the headers.
+       ((#:configure-flags _)
+        `(list "--enable-add-ons"
+               "--host=i686-pc-gnu"
+               "--enable-obsolete-rpc"))
+       ((#:phases _)
+        '(alist-replace
+          'install
+          (lambda* (#:key outputs #:allow-other-keys)
+            (and (zero? (system* "make" "install-headers"))
+
+                 ;; Make an empty stubs.h to work around not being able to
+                 ;; produce a valid stubs.h and causing the build to fail. See
+                 ;; <http://lists.gnu.org/archive/html/guix-devel/2014-04/msg00233.html>.
+                 (let ((out (assoc-ref outputs "out")))
+                   (close-port
+                    (open-output-file
+                     (string-append out "/include/gnu/stubs.h"))))))
+
+          ;; Nothing to build.
+          (alist-delete
+           'build
+
+           (alist-cons-before
+            'configure 'pre-configure
+            (lambda _
+              ;; Use the right 'pwd'.
+              (substitute* "configure"
+                (("/bin/pwd") "pwd")))
+            %standard-phases))))))))
+
 (define-public tzdata
   (package
     (name "tzdata")
diff --git a/gnu/packages/bash.scm b/gnu/packages/bash.scm
index 6b2d0b855d..180c64e872 100644
--- a/gnu/packages/bash.scm
+++ b/gnu/packages/bash.scm
@@ -214,10 +214,10 @@ without modification.")
      (license gpl3+)
      (home-page "http://www.gnu.org/software/bash/"))))
 
-(define-public bash-light
+(define-public bash-minimal
   ;; A stripped-down Bash for non-interactive use.
   (package (inherit bash)
-    (name "bash-light")
+    (name "bash-minimal")
     (inputs '())                                ; no readline, no curses
     (arguments
      (let ((args `(#:modules ((guix build gnu-build-system)
@@ -239,6 +239,28 @@ without modification.")
                        '("bash_cv_job_control_missing=no")
                        '()))))))))
 
+(define-public static-bash
+  ;; Statically-linked Bash that contains nothing but the 'bash' binary and
+  ;; 'sh' symlink, without any reference.
+  (let ((bash (static-package bash-minimal)))
+    (package
+      (inherit bash)
+      (name "bash-static")
+      (arguments
+       (substitute-keyword-arguments
+           `(#:allowed-references ("out") ,@(package-arguments bash))
+         ((#:phases phases)
+          `(alist-cons-after
+            'strip 'remove-everything-but-the-binary
+            (lambda* (#:key outputs #:allow-other-keys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (bin (string-append out "/bin")))
+                (remove-store-references (string-append bin "/bash"))
+                (delete-file (string-append bin "/bashbug"))
+                (delete-file-recursively (string-append out "/share"))
+                #t))
+            ,phases)))))))
+
 (define-public bash-completion
   (package
     (name "bash-completion")
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index e647186ab3..8fc6142f19 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -233,9 +233,8 @@ computational cluster.")
           'install
           (lambda* (#:key outputs #:allow-other-keys)
             (let ((bin (string-append (assoc-ref outputs "out") "/bin/")))
-              (mkdir-p bin)
               (for-each (lambda (file)
-                          (copy-file file (string-append bin (basename file))))
+                          (install-file file bin))
                         (find-files "bin" ".*"))))
           %standard-phases)))))
     (home-page "https://github.com/arq5x/bedtools2")
@@ -559,9 +558,8 @@ confidence to have in an alignment.")
          'install
          (lambda* (#:key outputs #:allow-other-keys)
            (let ((bin (string-append (assoc-ref outputs "out") "/bin/")))
-             (mkdir-p bin)
              (for-each (lambda (file)
-                         (copy-file file (string-append bin file)))
+                         (install-file file bin))
                        (find-files "." "bowtie2.*"))))
          (alist-replace
           'check
@@ -611,9 +609,9 @@ gapped, local, and paired-end alignment modes.")
             (mkdir-p bin)
             (mkdir-p doc)
             (mkdir-p man)
-            (copy-file "bwa" (string-append bin "/bwa"))
-            (copy-file "README.md" (string-append doc "/README.md"))
-            (copy-file "bwa.1" (string-append man "/bwa.1"))))
+            (install-file "bwa" bin)
+            (install-file "README.md" doc)
+            (install-file "bwa.1" man)))
         ;; no "configure" script
         (alist-delete 'configure %standard-phases))))
     (inputs `(("zlib" ,zlib)))
@@ -1308,14 +1306,12 @@ estimates transcript expression.")
         (alist-replace
          'install
          (lambda* (#:key outputs #:allow-other-keys)
-           (let ((bin (string-append (assoc-ref outputs "out") "/bin/")))
-             (mkdir-p bin)
-             (for-each
-              (lambda (file)
-                (copy-file file (string-append bin file)))
-              (find-files
-               "."
-               "hisat(-(build|align|inspect)(-(s|l)(-debug)*)*)*$"))))
+           (let ((bin (string-append (assoc-ref outputs "out") "/bi/")))
+             (for-each (lambda (file)
+                         (install-file file bin))
+                       (find-files
+                        "."
+                        "hisat(-(build|align|inspect)(-(s|l)(-debug)*)*)*$"))))
          (alist-delete 'configure %standard-phases)))))
     (native-inputs
      `(("unzip" ,unzip)))
@@ -2091,17 +2087,14 @@ distribution, coverage uniformity, strand specificity, etc.")
          'install 'install-library
          (lambda* (#:key outputs #:allow-other-keys)
            (let ((lib (string-append (assoc-ref outputs "out") "/lib")))
-             (mkdir-p lib)
-             (copy-file "libbam.a" (string-append lib "/libbam.a"))))
+             (install-file "libbam.a" lib)))
          (alist-cons-after
           'install 'install-headers
           (lambda* (#:key outputs #:allow-other-keys)
             (let ((include (string-append (assoc-ref outputs "out")
                                           "/include/samtools/")))
-              (mkdir-p include)
               (for-each (lambda (file)
-                          (copy-file file (string-append include
-                                                         (basename file))))
+                          (install-file file include))
                         (scandir "." (lambda (name) (string-match "\\.h$" name))))
               #t))
           (alist-delete 'configure %standard-phases))))))
@@ -2356,8 +2349,7 @@ accessed/downloaded on demand across HTTP.")
                   (lambda* (#:key outputs #:allow-other-keys)
                     (let ((bin (string-append (assoc-ref outputs "out")
                                               "/bin/")))
-                      (mkdir-p bin)
-                      (copy-file "plink" (string-append bin "plink"))
+                      (install-file "plink" bin)
                       #t))))))
     (inputs
      `(("zlib" ,zlib)
@@ -2617,8 +2609,7 @@ is one that takes arguments.")
          'install
          (lambda* (#:key outputs #:allow-other-keys)
            (let ((bin (string-append (assoc-ref outputs "out") "/bin/")))
-             (mkdir-p bin)
-             (copy-file "STAR" (string-append bin "STAR"))))
+             (install-file "STAR" bin)))
          (alist-delete
           'configure %standard-phases)))))
     (native-inputs
diff --git a/gnu/packages/bootstrap.scm b/gnu/packages/bootstrap.scm
index bd9bce8a26..f5bf069c20 100644
--- a/gnu/packages/bootstrap.scm
+++ b/gnu/packages/bootstrap.scm
@@ -164,6 +164,8 @@ successful, or false to signal an error."
         ((string=? system "i686-linux") "/lib/ld-linux.so.2")
         ((string=? system "armhf-linux") "/lib/ld-linux-armhf.so.3")
         ((string=? system "mips64el-linux") "/lib/ld.so.1")
+        ((string=? system "i586-gnu") "/lib/ld.so.1")
+        ((string=? system "i686-gnu") "/lib/ld.so.1")
 
         ;; XXX: This one is used bare-bones, without a libc, so add a case
         ;; here just so we can keep going.
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 0f5a105755..dd7d339794 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -26,6 +26,7 @@
   #:use-module (gnu packages)
   #:use-module (gnu packages gnuzilla)
   #:use-module (gnu packages python)
+  #:use-module (gnu packages perl)
   #:use-module (gnu packages tls))
 
 (define certdata2pem
@@ -76,7 +77,8 @@
     (outputs '("out"))
     (native-inputs
      `(("certdata2pem" ,certdata2pem)
-       ("openssl" ,openssl)))
+       ("openssl" ,openssl)
+       ("perl" ,perl)))                           ;for OpenSSL's 'c_rehash'
     (inputs '())
     (propagated-inputs '())
     (arguments
diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm
index e0ee7c4d4f..3b7a243ba7 100644
--- a/gnu/packages/check.scm
+++ b/gnu/packages/check.scm
@@ -136,10 +136,9 @@ supervised tests.")
                                                  ,version)))
                      (begin
                        (for-each mkdir-p (list incdir docdir))
-                       (copy-file (string-append source
+                       (install-file (string-append source
                                                  "/single_include/catch.hpp")
-                                  (string-append incdir
-                                                 "/catch.hpp"))
+                                     incdir)
                        (copy-recursively (string-append source "/docs")
                                          docdir))))))
     (home-page "http://catch-lib.net/")
diff --git a/gnu/packages/cmake.scm b/gnu/packages/cmake.scm
index 6f8b9f67e3..128f0370dd 100644
--- a/gnu/packages/cmake.scm
+++ b/gnu/packages/cmake.scm
@@ -36,7 +36,7 @@
 (define-public cmake
   (package
     (name "cmake")
-    (version "3.2.2")
+    (version "3.3.1")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -44,12 +44,11 @@
                    (version-major+minor version)
                    "/cmake-" version ".tar.gz"))
              (sha256
-              (base32 "0y3w83al0vh9ll7fnqm3nx7l8hsl85k8iv9abxb791q36rp4xsdd"))
+              (base32 "1mp32dqywk4dfw7zmpgp31axszv7h74yk69g273z21q7d8n04rfd"))
              (patches (list (search-patch "cmake-fix-tests.patch")))))
     (build-system gnu-build-system)
     (arguments
      `(#:test-target "test"
-       #:parallel-tests? #f ; 3 test from RunCMake fails
        #:phases (alist-cons-before
                  'configure 'patch-bin-sh
                  (lambda _
diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index e346f7e0c5..ece86a9ed5 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -117,9 +117,8 @@ highlighting your own code that seemed comprehensible when you wrote it.")
                    (let* ((out  (assoc-ref outputs "out"))
                           (data (string-append out "/share/gtags"))
                           (lisp (string-append out "/share/emacs/site-lisp")))
-                     (mkdir-p lisp)
-                     (copy-file (string-append data "/gtags.el")
-                                (string-append lisp "/gtags.el"))
+                     (install-file (string-append data "/gtags.el")
+                                   lisp)
                      (delete-file (string-append data "/gtags.el"))
                      #t))
                  %standard-phases)))
diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm
index 74c3f304af..56c4cefaf9 100644
--- a/gnu/packages/commencement.scm
+++ b/gnu/packages/commencement.scm
@@ -419,18 +419,17 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
                                   #:guile %bootstrap-guile))))
 
 (define static-bash-for-glibc
-  ;; A statically-linked Bash to be embedded in GLIBC-FINAL, for use by
-  ;; system(3) & co.
+  ;; A statically-linked Bash to be used by GLIBC-FINAL in system(3) & co.
   (let* ((gcc  (cross-gcc-wrapper gcc-boot0 binutils-boot0
                                   glibc-final-with-bootstrap-bash
                                   (car (assoc-ref %boot1-inputs "bash"))))
-         (bash (package (inherit bash-light)
+         (bash (package (inherit static-bash)
                  (native-inputs `(("bison" ,bison-boot1)))
                  (arguments
                   `(#:guile ,%bootstrap-guile
-                    ,@(package-arguments bash-light))))))
+                    ,@(package-arguments static-bash))))))
     (package-with-bootstrap-guile
-     (package-with-explicit-inputs (static-package bash)
+     (package-with-explicit-inputs bash
                                    `(("gcc" ,gcc)
                                      ("libc" ,glibc-final-with-bootstrap-bash)
                                      ,@(fold alist-delete %boot1-inputs
@@ -490,6 +489,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
     (arguments
      `(#:allowed-references
        ,(cons* `(,gcc-boot0 "lib") (linux-libre-headers-boot0)
+               static-bash-for-glibc
                (package-outputs glibc-final-with-bootstrap-bash))
 
        ,@(package-arguments glibc-final-with-bootstrap-bash)))))
@@ -562,7 +562,8 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
      `(#:guile ,%bootstrap-guile
        #:implicit-inputs? #f
 
-       #:allowed-references ("out" "lib" ,glibc-final)
+       #:allowed-references ("out" "lib"
+                             ,glibc-final ,static-bash-for-glibc)
 
        ;; Things like libasan.so and libstdc++.so NEED ld.so for some
        ;; reason, but it is not in their RUNPATH.  This is a false
@@ -596,8 +597,12 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
            ((#:phases phases)
             `(alist-delete 'symlink-libgcc_eh ,phases)))))
 
-    ;; This time we want Texinfo, so we get the manual.
+    ;; This time we want Texinfo, so we get the manual.  Add
+    ;; STATIC-BASH-FOR-GLIBC so that it's used in the final shebangs of
+    ;; scripts such as 'mkheaders' and 'fixinc.sh' (XXX: who cares about these
+    ;; scripts?).
     (native-inputs `(("texinfo" ,texinfo-boot0)
+                     ("static-bash" ,static-bash-for-glibc)
                      ,@(package-native-inputs gcc-boot0)))
 
     (inputs `(("gmp-source" ,(bootstrap-origin (package-source gmp)))
@@ -655,10 +660,90 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
                                               (current-source-location)
                                               #:guile %bootstrap-guile))))))
 
+(define (locale-proof-package p)
+  "Return a new package based on P that ignores 'LOCPATH'.  The result is a
+\"locale-proof\" package in the sense that it cannot end up loading locale
+data that is not in the format its libc expects.  This is useful because the
+locale binary format may change incompatibly between libc versions."
+  (package
+    (inherit p)
+    (name (string-append (package-name p) "-lp"))
+    (build-system trivial-build-system)
+    (inputs `(("original" ,p)
+              ("bash" ,bash-final)))
+    (outputs '("out"))
+    (arguments
+     '(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+
+         (let* ((out      (assoc-ref %outputs "out"))
+                (bin      (string-append out "/bin"))
+                (bash     (assoc-ref %build-inputs "bash"))
+                (binaries (assoc-ref %build-inputs "original"))
+                (programs (find-files (string-append binaries "/bin"))))
+           (define (wrap-program program)
+             (let ((base (basename program)))
+               (call-with-output-file base
+                 (lambda (port)
+                   (format port "#!~a/bin/sh
+# Unset 'LOCPATH' so that the program does not end up loading incompatible
+# locale data.
+unset LOCPATH
+exec \"~a\" \"$@\"\n"
+                           bash program)))
+               (chmod base #o755)))
+
+           (mkdir-p bin)
+           (with-directory-excursion bin
+             (for-each wrap-program programs)
+             #t)))))))
+
+(define-public ld-wrapper
+  ;; The final 'ld' wrapper, which uses the final Guile and Binutils.
+  (package (inherit ld-wrapper-boot3)
+    (name "ld-wrapper")
+    (inputs `(("guile" ,guile-final)
+              ("bash"  ,bash-final)
+              ,@(fold alist-delete (package-inputs ld-wrapper-boot3)
+                      '("guile" "bash"))))))
+
 (define %boot5-inputs
-  ;; Now with UTF-8 locale.
-  `(("locales" ,glibc-utf8-locales-final)
-    ,@%boot4-inputs))
+  ;; Now with UTF-8 locales.  Since the locale binary format differs between
+  ;; libc versions, we have to rebuild some of the packages so that they use
+  ;; the new libc, which allows them to load locale data from
+  ;; GLIBC-UTF8-LOCALES-FINAL (remember that the bootstrap binaries were built
+  ;; with an older libc, which cannot load the new locale format.)  See
+  ;; <https://lists.gnu.org/archive/html/guix-devel/2015-08/msg00737.html>.
+  (let ((new-libc-package (compose package-with-bootstrap-guile
+                                   (cut package-with-explicit-inputs <>
+                                        %boot4-inputs
+                                        (current-source-location)
+                                        #:guile %bootstrap-guile))))
+    `(("locales" ,glibc-utf8-locales-final)
+      ("ld-wrapper" ,ld-wrapper)
+      ("binutils" ,binutils-final)
+      ("bash" ,bash-final)
+      ("make" ,(new-libc-package gnu-make))
+
+      ;; Some test suites (grep, Gnulib) use 'diff' to compare files in locale
+      ;; encoding, so we need support this.
+      ("diffutils" ,(new-libc-package diffutils))
+      ("findutils" ,(new-libc-package findutils))
+
+      ;; Grep's test suite uses 'timeout' from Coreutils to execute command,
+      ;; and yet these commands need to see the valid 'LOCPATH'.
+      ("coreutils" ,(new-libc-package coreutils-minimal))
+
+      ;; We just wrap the remaining binaries (tar, gzip, xz, etc.)  so that
+      ;; they ignore 'LOCPATH' (if they did not, they would be hit by an
+      ;; assertion failure in loadlocale.c.)
+      ("coreutils&co" ,(locale-proof-package %bootstrap-coreutils&co))
+
+      ,@(fold alist-delete %boot4-inputs
+              '("coreutils&co" "findutils" "diffutils" "make"
+                "bash" "binutils-cross" "ld-wrapper")))))
 
 (define gnu-make-final
   ;; The final GNU Make, which uses the final Guile.
@@ -668,15 +753,6 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
                                    ,@%boot5-inputs)
                                  (current-source-location))))
 
-(define-public ld-wrapper
-  ;; The final `ld' wrapper, which uses the final Guile.
-  (package (inherit ld-wrapper-boot3)
-    (name "ld-wrapper")
-    (inputs `(("guile" ,guile-final)
-              ("bash"  ,bash-final)
-              ,@(fold alist-delete (package-inputs ld-wrapper-boot3)
-                      '("guile" "bash"))))))
-
 (define coreutils-final
   ;; The final Coreutils.  Treat them specially because some packages, such as
   ;; Findutils, keep a reference to the Coreutils they were built with.
@@ -791,14 +867,6 @@ COREUTILS-FINAL vs. COREUTILS, etc."
                        (((names . directories) ...)
                         (union-build out directories)))
 
-                     ;; Remove the 'sh' and 'bash' binaries that come with
-                     ;; libc to avoid polluting the user's profile (these are
-                     ;; statically-linked binaries with no locale support and
-                     ;; so on.)
-                     (for-each (lambda (file)
-                                 (delete-file (string-append out "/bin/" file)))
-                               '("sh" "bash"))
-
                      (union-build (assoc-ref %outputs "debug")
                                   (list (assoc-ref %build-inputs
                                                    "libc-debug")))))))
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 9a5c4e9a8d..fbe5ba484e 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -253,7 +253,7 @@ than gzip and 15 % smaller output than bzip2.")
 (define-public lzo
   (package
     (name "lzo")
-    (version "2.06")
+    (version "2.09")
     (source
      (origin
       (method url-fetch)
@@ -261,7 +261,7 @@ than gzip and 15 % smaller output than bzip2.")
                           version ".tar.gz"))
       (sha256
        (base32
-        "0wryshs446s7cclrbjykyj766znhcpnr7s3cxy33ybfn6vwfcygz"))))
+        "0k5kpj3jnsjfxqqkblpfpx0mqcy86zs5fhjhgh2kq1hksg7ag57j"))))
     (build-system gnu-build-system)
     (arguments '(#:configure-flags '("--enable-shared")))
     (home-page "http://www.oberhumer.com/opensource/lzo")
diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index da085ee897..9dcb75ad91 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -37,7 +37,7 @@
 (define-public cups-filters
   (package
     (name "cups-filters")
-    (version "1.0.71")
+    (version "1.0.75")
     (source (origin
               (method url-fetch)
               (uri
@@ -45,7 +45,7 @@
                               "cups-filters-" version ".tar.xz"))
               (sha256
                (base32
-                "07wwlqcykfjfqcwj1bxk60ggahyaw7wcx32n5s104d1qkhham01i"))
+                "0wrh9jmd2rm4z8c8nb50llb10shj1hik9vwqnr0djcvf63mfqsbw"))
               (modules '((guix build utils)))
               (snippet
                ;; install backends, banners and filters to cups-filters output
@@ -71,7 +71,8 @@
          ,(string-append "--with-rcdir="
                          (assoc-ref %outputs "out") "/etc/rc.d"))))
     (native-inputs
-     `(("pkg-config" ,pkg-config)))
+     `(("glib" ,glib "bin") ; for gdbus-codegen
+       ("pkg-config" ,pkg-config)))
     (inputs
      `(("fontconfig"   ,fontconfig)
        ("freetype"     ,freetype)
@@ -109,14 +110,14 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
 (define-public cups-minimal
   (package
     (name "cups-minimal")
-    (version "2.0.3")
+    (version "2.1.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://www.cups.org/software/"
-                                  version "/cups-" version "-source.tar.gz"))
+                                  version "/cups-" version "-source.tar.bz2"))
               (sha256
                (base32
-                "1kq1kpny0hghqgbjvashlv6qw1xn0c1p3d4r3cx8qxdzd2ifk4lf"))))
+                "1jfjqsw9l7jbn5kb9i96k0wj12kjdbgx0rd8157dif22hi0kh0ms"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 4523d529e7..f7c9f083b7 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Tomáš Čech <sleep_walker@suse.cz>
+;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -47,6 +48,8 @@
              (base32
               "0gjnaav9vmwwwza451na1643br7i0kxgd4002pwqh3xk5ywvdap7"))))
    (build-system gnu-build-system)
+   (outputs '("out"
+              "doc"))                             ;1.2 MiB of man3 pages
    (inputs `(("gnutls" ,gnutls)
              ("gss" ,gss)
              ("libidn" ,libidn)
@@ -63,40 +66,50 @@
     `(#:configure-flags '("--with-gnutls" "--with-gssapi")
       ;; Add a phase to patch '/bin/sh' occurances in tests/runtests.pl
       #:phases
-      (alist-replace
-       'check
-       (lambda _
-         (substitute* "tests/runtests.pl"
-           (("/bin/sh") (which "sh")))
-         ;; Test #1135 requires extern-scan.pl, which is not part of the
-         ;; tarball due to a mistake.  It has been fixed upstream.  We can
-         ;; simply disable the test as it is specific to VMS and OS/400.
-         (delete-file "tests/data/test1135")
+      (modify-phases %standard-phases
+        (add-after
+         'install 'move-man3-pages
+         (lambda* (#:key outputs #:allow-other-keys)
+           ;; Move section 3 man pages to "doc".
+           (let ((out (assoc-ref outputs "out"))
+                 (doc (assoc-ref outputs "doc")))
+             (mkdir-p (string-append doc "/share/man"))
+             (rename-file (string-append out "/share/man/man3")
+                          (string-append doc "/share/man/man3"))
+             #t)))
+        (replace
+         'check
+         (lambda _
+           (substitute* "tests/runtests.pl"
+             (("/bin/sh") (which "sh")))
+           ;; Test #1135 requires extern-scan.pl, which is not part of the
+           ;; tarball due to a mistake.  It has been fixed upstream.  We can
+           ;; simply disable the test as it is specific to VMS and OS/400.
+           (delete-file "tests/data/test1135")
 
-         ;; XXX FIXME: Test #1510 seems to work on some machines and not
-         ;; others, possibly based on the kernel version.  It works on GuixSD
-         ;; on x86_64 with linux-libre-4.1, but fails on Hydra for both i686
-         ;; and x86_64 with the following error:
-         ;;
-         ;; test 1510...[HTTP GET connection cache limit (CURLOPT_MAXCONNECTS)]
-         ;;
-         ;;  1510: output (log/stderr1510) FAILED:
-         ;; --- log/check-expected	2015-06-27 07:45:53.166720834 +0000
-         ;; +++ log/check-generated	2015-06-27 07:45:53.166720834 +0000
-         ;; @@ -1,5 +1,5 @@
-         ;;  * Connection #0 to host server1.example.com left intact[LF]
-         ;;  * Connection #1 to host server2.example.com left intact[LF]
-         ;;  * Connection #2 to host server3.example.com left intact[LF]
-         ;; -* Closing connection 0[LF]
-         ;; +* Closing connection 1[LF]
-         ;;  * Connection #3 to host server4.example.com left intact[LF]
-         (delete-file "tests/data/test1510")
+           ;; XXX FIXME: Test #1510 seems to work on some machines and not
+           ;; others, possibly based on the kernel version.  It works on GuixSD
+           ;; on x86_64 with linux-libre-4.1, but fails on Hydra for both i686
+           ;; and x86_64 with the following error:
+           ;;
+           ;; test 1510...[HTTP GET connection cache limit (CURLOPT_MAXCONNECTS)]
+           ;;
+           ;;  1510: output (log/stderr1510) FAILED:
+           ;; --- log/check-expected	2015-06-27 07:45:53.166720834 +0000
+           ;; +++ log/check-generated	2015-06-27 07:45:53.166720834 +0000
+           ;; @@ -1,5 +1,5 @@
+           ;;  * Connection #0 to host server1.example.com left intact[LF]
+           ;;  * Connection #1 to host server2.example.com left intact[LF]
+           ;;  * Connection #2 to host server3.example.com left intact[LF]
+           ;; -* Closing connection 0[LF]
+           ;; +* Closing connection 1[LF]
+           ;;  * Connection #3 to host server4.example.com left intact[LF]
+           (delete-file "tests/data/test1510")
 
-         ;; The top-level "make check" does "make -C tests quiet-test", which
-         ;; is too quiet.  Use the "test" target instead, which is more
-         ;; verbose.
-         (zero? (system* "make" "-C" "tests" "test")))
-       %standard-phases)))
+           ;; The top-level "make check" does "make -C tests quiet-test", which
+           ;; is too quiet.  Use the "test" target instead, which is more
+           ;; verbose.
+           (zero? (system* "make" "-C" "tests" "test")))))))
    (synopsis "Command line tool for transferring data with URL syntax")
    (description
     "curl is a command line tool for transferring data with URL syntax,
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 9036d0445b..a17424196a 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2012, 2014 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2012, 2014, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2013 Cyril Roelandt <tipecaml@gmail.com>
 ;;; Copyright © 2014 David Thompson <davet@gnu.org>
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
@@ -68,26 +68,31 @@
                "doc"))                           ; 94 MiB of HTML docs
     (arguments
      '(#:tests? #f                            ; no check target available
-                #:phases
-                (alist-replace
-                 'configure
-                 (lambda* (#:key outputs #:allow-other-keys)
-                   (let ((out (assoc-ref outputs "out"))
-                         (doc (assoc-ref outputs "doc")))
-                     ;; '--docdir' is not honored, so we need to patch.
-                     (substitute* "dist/Makefile.in"
-                       (("docdir[[:blank:]]*=.*")
-                        (string-append "docdir = " doc "/share/doc/bdb")))
+       #:phases
+       (alist-replace
+        'configure
+        (lambda* (#:key outputs #:allow-other-keys)
+          (let ((out (assoc-ref outputs "out"))
+                (doc (assoc-ref outputs "doc")))
+            ;; '--docdir' is not honored, so we need to patch.
+            (substitute* "dist/Makefile.in"
+              (("docdir[[:blank:]]*=.*")
+               (string-append "docdir = " doc "/share/doc/bdb")))
+
+            (zero?
+             (system* "./dist/configure"
+                      (string-append "--prefix=" out)
+                      (string-append "CONFIG_SHELL=" (which "bash"))
+                      (string-append "SHELL=" (which "bash"))
 
-                     (zero?
-                      (system* "./dist/configure"
-                               (string-append "--prefix=" out)
-                               (string-append "CONFIG_SHELL=" (which "bash"))
-                               (string-append "SHELL=" (which "bash"))
+                      ;; The compatibility mode is needed by some packages,
+                      ;; notably iproute2.
+                      "--enable-compat185"
 
-                               ;; The compatibility mode is needed by some packages,
-                               ;; notably iproute2.
-                               "--enable-compat185"))))
+                      ;; The following flag is needed so that the inclusion
+                      ;; of db_cxx.h into C++ files works; it leads to
+                      ;; HAVE_CXX_STDHEADERS being defined in db_cxx.h.
+                      "--enable-cxx"))))
                  %standard-phases)))
     (synopsis "Berkeley database")
     (description
@@ -307,7 +312,7 @@ types are supported, as is encryption.")
 (define-public sqlite
   (package
    (name "sqlite")
-   (version "3.8.10.2")
+   (version "3.8.11.1")
    (source (origin
             (method url-fetch)
             ;; TODO: Download from sqlite.org once this bug :
@@ -322,9 +327,13 @@ types are supported, as is encryption.")
                                             (map (cut string-pad <> 2 #\0)
                                                  other-digits))
                                            6 #\0))))))
-                   (string-append
-                    "https://fossies.org/linux/misc/sqlite-autoconf-"
-                    numeric-version ".tar.gz")
+                   (list
+                    (string-append
+                     "https://fossies.org/linux/misc/sqlite-autoconf-"
+                     numeric-version ".tar.gz")
+                    (string-append
+                     "http://distfiles.gentoo.org/distfiles/"
+                     "/sqlite-autoconf-" numeric-version ".tar.gz"))
 
                    ;; XXX: As of 2015-09-08, SourceForge is squatting the URL
                    ;; below, returning 200 and showing an advertising page.
@@ -334,7 +343,7 @@ types are supported, as is encryption.")
                    ))
             (sha256
              (base32
-              "09nnaqx50gl1vmfvdipirizr61q3s0ywlql50f9kr1bx9rdfb0l3"))))
+              "1dnkl4qr1dgaprbyf3jddfiynkhxnin86qabni47wjlc0fnb16gv"))))
    (build-system gnu-build-system)
    (inputs `(("readline" ,readline)))
    (arguments
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index a342f4861b..dcbe5e5bd5 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -406,9 +406,9 @@ operations.")
                 (lisp-dir (string-append %output "/share/emacs/site-lisp")))
            (setenv "PATH" PATH)
            (system* tar "xvf" source)
-           (mkdir-p lisp-dir)
-           (copy-file (string-append ,name "-" ,version "/magit-svn.el")
-                      (string-append lisp-dir "/magit-svn.el"))
+
+           (install-file (string-append ,name "-" ,version "/magit-svn.el")
+                         lisp-dir)
 
            (with-directory-excursion lisp-dir
              (parameterize ((%emacs emacs))
@@ -462,18 +462,14 @@ support for Git-SVN.")
                          out "/share/doc/haskell-mode-" ,version))
                    (info (string-append out "/share/info")))
               (define (copy-to-dir dir files)
-                (mkdir-p dir)
-                (for-each
-                 (lambda (f)
-                   (copy-file f (string-append dir "/" (basename f))))
-                 files))
+                (for-each (lambda (f)
+                            (install-file f dir))
+                          files))
 
               (with-directory-excursion "doc"
                 (unless (zero? (system* "makeinfo" "haskell-mode.texi"))
                   (error "makeinfo failed"))
-                (mkdir-p info)
-                (copy-file "haskell-mode.info"
-                           (string-append info "/haskell-mode.info")))
+                (install-file "haskell-mode.info" info))
                (copy-to-dir doc '("CONTRIBUTING.md" "NEWS" "README.md"))
                (copy-to-dir el-dir (find-files "." "\\.elc?"))
                ;; these are now distributed with emacs
@@ -952,11 +948,9 @@ single buffer.")
           (lambda* (#:key outputs #:allow-other-keys)
             (let ((target (string-append (assoc-ref outputs "out")
                                          "/share/emacs/site-lisp/")))
-              (mkdir-p target)
-              (for-each
-               (lambda (file)
-                 (copy-file file (string-append target (basename file))))
-               (find-files "../lisp" "^(pdf|tab).*\\.elc?"))
+              (for-each (lambda (file)
+                          (install-file file target))
+                        (find-files "../lisp" "^(pdf|tab).*\\.elc?"))
               (emacs-byte-compile-directory target)
               (emacs-generate-autoloads "pdf-tools" target)))))))
     (native-inputs `(("autoconf" ,autoconf)
diff --git a/gnu/packages/engineering.scm b/gnu/packages/engineering.scm
index 1e245a8b5e..54e43ef0f8 100644
--- a/gnu/packages/engineering.scm
+++ b/gnu/packages/engineering.scm
@@ -302,11 +302,9 @@ optimizer; and it can produce photorealistic and design review images.")
                            (doc (string-append data "/doc/" ,name "-" ,version))
                            (examples (string-append doc "/examples")))
                       (with-directory-excursion "bin"
-                        (mkdir-p bin)
-                        (for-each
-                         (lambda (f)
-                           (copy-file f (string-append bin "/" (basename f))))
-                         (find-files "." ".*")))
+                        (for-each (lambda (f)
+                                    (install-file f bin))
+                                  (find-files "." ".*")))
                       (copy-recursively "doc" doc)
                       (copy-recursively "examples" examples)
                       #t))))))
@@ -352,11 +350,9 @@ multipole-accelerated algorithm.")
                            (doc (string-append data "/doc/" ,name "-" ,version))
                            (examples (string-append doc "/examples")))
                       (with-directory-excursion "bin"
-                        (mkdir-p bin)
-                        (for-each
-                         (lambda (f)
-                           (copy-file f (string-append bin "/" (basename f))))
-                         (find-files "." ".*")))
+                        (for-each (lambda (f)
+                                    (install-file f bin))
+                                  (find-files "." ".*")))
                       (copy-recursively "doc" doc)
                       (copy-recursively "examples" examples)
                       #t))))))
diff --git a/gnu/packages/finance.scm b/gnu/packages/finance.scm
new file mode 100644
index 0000000000..264cfbf7f3
--- /dev/null
+++ b/gnu/packages/finance.scm
@@ -0,0 +1,82 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages finance)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix packages)
+ #:use-module (guix download)
+ #:use-module (guix build utils)
+ #:use-module (guix build-system gnu)
+ #:use-module (gnu packages boost)
+ #:use-module (gnu packages databases)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages protobuf)
+ #:use-module (gnu packages python)
+ #:use-module (gnu packages qt)
+ #:use-module (gnu packages tls)
+ #:use-module (gnu packages upnp))
+
+(define-public bitcoin-core
+  (package
+    (name "bitcoin-core")
+    (version "0.11.0")
+    (source (origin
+             (method url-fetch)
+             (uri
+              (string-append "https://bitcoin.org/bin/bitcoin-core-"
+                             version "/bitcoin-"
+                             version ".tar.gz"))
+             (sha256
+              (base32
+               "17yh6lq13xzzi5v2i48qaxiqm40x3hrj4gwyamkib9yzmmb1gfji"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("python" ,python-wrapper) ; for the tests
+       ("util-linux" ,util-linux))) ; provides the hexdump command for tests
+    (inputs
+     `(("bdb" ,bdb)
+       ("boost" ,boost)
+       ("miniupnpc" ,miniupnpc)
+       ("openssl" ,openssl)
+       ("protobuf" ,protobuf)
+       ("qt" ,qt)))
+    (arguments
+     `(#:configure-flags
+        (list
+          ;; We use a bdb version newer than 4.8.
+          "--with-incompatible-bdb"
+          ;; Boost is not found unless specified manually.
+          (string-append "--with-boost="
+                         (assoc-ref %build-inputs "boost")))
+       #:phases
+        (modify-phases %standard-phases
+          (add-before 'check 'set-home
+           (lambda _
+            (setenv "HOME" (getenv "TMPDIR"))))))) ; Tests write to $HOME.
+    (home-page "https://bitcoin.org/en/")
+    (synopsis "Bitcoin peer-to-peer client")
+    (description
+     "Bitcoin is a digital currency that enables instant payments to anyone
+anywhere in the world.  It uses peer-to-peer technology to operate without
+central authority: managing transactions and issuing money are carried out
+collectively by the network.  Bitcoin Core is the reference implementation
+of the bitcoin protocol.  This package provides the Bitcoin Core command
+line client and a client based on Qt.")
+    (license license:expat)))
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index 8b5346a17f..3db8f9f11d 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -71,14 +71,14 @@ anti-aliased glyph bitmap generation with 256 gray levels.")
 (define-public fontconfig
   (package
    (name "fontconfig")
-   (version "2.11.92")
+   (version "2.11.94")
    (source (origin
             (method url-fetch)
             (uri (string-append
                    "http://www.freedesktop.org/software/fontconfig/release/fontconfig-"
                    version ".tar.bz2"))
             (sha256 (base32
-                     "18r45dcnaj93izwfr082qiwg8ka7ll6j0c9yf1slblm542d5pmd9"))))
+                     "1psrl4b4gi4wmbvwwh43lk491wsl8lgvqj146prlcha3vwjc0qyp"))))
    (build-system gnu-build-system)
    (propagated-inputs `(("expat" ,expat)
                         ("freetype" ,freetype)))
@@ -86,13 +86,24 @@ anti-aliased glyph bitmap generation with 256 gray levels.")
    (native-inputs
       `(("pkg-config" ,pkg-config)))
    (arguments
-     `(#:configure-flags
-               ;; point to user profile instead of /usr/share/fonts in /etc/fonts.conf
-        (list "--with-default-fonts=~/.guix-profile/share/fonts"
-              ;; register gs-fonts
-              (string-append "--with-add-fonts="
-                             (assoc-ref %build-inputs "gs-fonts")
-                             "/share/fonts"))))
+    `(#:configure-flags
+      (list "--with-cache-dir=/var/cache/fontconfig"
+            ;; register gs-fonts as default fonts
+            (string-append "--with-default-fonts="
+                           (assoc-ref %build-inputs "gs-fonts")
+                           "/share/fonts")
+            ;; register fonts from user profile
+            "--with-add-fonts=~/.guix-profile/share/fonts"
+            ;; python is not actually needed
+            "PYTHON=false")
+      #:phases
+      (modify-phases %standard-phases
+        (replace 'install
+                 (lambda _
+                   ;; Don't try to create /var/cache/fontconfig.
+                   (zero? (system* "make" "install"
+                                   "fc_cachedir=$(TMPDIR)"
+                                   "RUN_FC_CACHE_TEST=false")))))))
    (synopsis "Library for configuring and customizing font access")
    (description
     "Fontconfig can discover new fonts when installed automatically;
@@ -192,7 +203,7 @@ applications should be.")
 (define-public graphite2
   (package
    (name "graphite2")
-   (version "1.2.4")
+   (version "1.3.1")
    (source
      (origin
        (method url-fetch)
@@ -201,12 +212,13 @@ applications should be.")
               version ".tgz"))
        (sha256
          (base32
-           "00xhv1mp640fr3wmdzwn4yz0g56jd4r9fb7b02mc1g19h0bdbhsb"))))
+           "0xvhmlyyxg2qmbwyl8k2f9w7mrbjyl59823pnjd8xmxpyl6976d5"))))
    (build-system cmake-build-system)
+   (native-inputs
+    `(("python" ,python-2) ; because of "import imap" in tests
+      ("python-fonttools" ,python2-fonttools)))
    (inputs
-    `(("freetype" ,freetype)
-      ("perl" ,perl)
-      ("python" ,python-2))) ; because of "import imap" in tests
+    `(("freetype" ,freetype)))
    (synopsis "Reimplementation of the SIL Graphite text processing engine")
    (description
     "Graphite2 is a reimplementation of the SIL Graphite text processing
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index 761d3a6998..d2652aef3f 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -206,7 +206,7 @@ where the OS part is overloaded to denote a specific ABI---into GCC
 
                 ;; Fix the dynamic linker's file name.
                 (substitute* (find-files "gcc/config"
-                                         "^linux(64|-elf|-eabi)?\\.h$")
+                                         "^(linux|gnu)(64|-elf|-eabi)?\\.h$")
                   (("#define GLIBC_DYNAMIC_LINKER([^ ]*).*$" _ suffix)
                    (format #f "#define GLIBC_DYNAMIC_LINKER~a \"~a\"~%"
                            suffix
@@ -578,11 +578,7 @@ using compilers other than GCC."
                                     (("@XSL_STYLE_DIR@")
                                      (string-append
                                       docbook "/xml/xsl/"
-                                      (string-drop
-                                       docbook
-                                       (+ 34
-                                          (string-length
-                                           (%store-directory))))))))))
+                                      (strip-store-file-name docbook)))))))
                   (replace 'build
                            (lambda _
                              ;; XXX: There's also a 'doc-info' target, but it
diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index cdec3706dd..2e8797560b 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -119,7 +119,7 @@ shared NFS home directories.")
 (define glib
   (package
    (name "glib")
-   (version "2.44.0")
+   (version "2.44.1")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/"
@@ -127,7 +127,7 @@ shared NFS home directories.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "1fgmjv3yzxgbks31h42201x2izpw0sd84h8dfw0si3x00sqn5lzj"))
+              "01yabrfp64i11mrks3p1gcks99lw0zm7f5vhkc53sl4amyndw4c8"))
             (patches (list (search-patch "glib-tests-homedir.patch")
                            (search-patch "glib-tests-desktop.patch")
                            (search-patch "glib-tests-prlimit.patch")
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index f9cb579e85..b4b5c237c9 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -787,7 +787,7 @@ XML/CSS rendering engine.")
 (define-public libgsf
   (package
     (name "libgsf")
-    (version "1.14.30")
+    (version "1.14.34")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -795,7 +795,7 @@ XML/CSS rendering engine.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0w2v1a9sxsymd1mcy4mwsz4r6za9iwq69rj86nb939p41d4c6j6b"))))
+                "0a5m1i5gp4m2z0cn2x1rrdm8wgrr04bzv65l8pgp6jipw13s9zph"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("intltool" ,intltool)
@@ -820,7 +820,7 @@ dealing with different structured file formats.")
 (define-public librsvg
   (package
     (name "librsvg")
-    (version "2.40.9")
+    (version "2.40.10")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -828,7 +828,7 @@ dealing with different structured file formats.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0fplymmqqr28y24vcnb01szn62pfbqhk8p1ngns54x9m6mflr5hk"))))
+                "0y9lvnb9ij9mjg8cyp7xysi0c5ms5v4q1zrhx42b546f71s80p4n"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index bfd1f5dc7b..53e6ea7787 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -190,14 +190,12 @@ in the Mozilla clients.")
                    (obj (match (scandir "dist" (cut string-suffix? "OBJ" <>))
                           ((obj) (string-append "dist/" obj)))))
               ;; Install nss-config to $out/bin.
-              (mkdir-p (string-append out "/bin"))
-              (copy-file (string-append obj "/bin/nss-config")
-                         (string-append out "/bin/nss-config"))
+              (install-file (string-append obj "/bin/nss-config")
+                            (string-append out "/bin"))
               (delete-file (string-append obj "/bin/nss-config"))
               ;; Install nss.pc to $out/lib/pkgconfig.
-              (mkdir-p (string-append out "/lib/pkgconfig"))
-              (copy-file (string-append obj "/lib/pkgconfig/nss.pc")
-                         (string-append out "/lib/pkgconfig/nss.pc"))
+              (install-file (string-append obj "/lib/pkgconfig/nss.pc")
+                            (string-append out "/lib/pkgconfig"))
               (delete-file (string-append obj "/lib/pkgconfig/nss.pc"))
               (rmdir (string-append obj "/lib/pkgconfig"))
               ;; Install other files.
diff --git a/gnu/packages/graphics.scm b/gnu/packages/graphics.scm
index b2f921e9dd..02e65d3276 100644
--- a/gnu/packages/graphics.scm
+++ b/gnu/packages/graphics.scm
@@ -43,15 +43,15 @@
 (define-public cgal
   (package
     (name "cgal")
-    (version "4.5.1")
+    (version "4.6.3")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                    "http://gforge.inria.fr/frs/download.php/file/34402/CGAL-"
-                    version ".tar.xz"))
+                    "http://gforge.inria.fr/frs/download.php/file/"
+                    "35139/CGAL-4.6.3.tar.xz"))
               (sha256
                (base32
-                "1565ycbds92bxmhi09avc1jl6ks141ig00j110l49gqxp9swy6zv"))))
+                "08gwjjh0qz3fakj1y2nsl2qvb0qv5lc7k1pxwjkagh37hxxh4f73"))))
     (build-system cmake-build-system)
     (arguments
      '(;; "RelWithDebInfo" is not supported.
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index 45cd1e30f6..a44c2dd3fe 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -144,28 +144,34 @@ affine transformation (scale, rotation, shear, etc.).")
 (define-public harfbuzz
   (package
    (name "harfbuzz")
-   (version "0.9.40")
+   (version "1.0.3")
    (source (origin
-            (method url-fetch)
-            (uri (string-append "http://www.freedesktop.org/software/harfbuzz/release/harfbuzz-"
-                                version ".tar.bz2"))
-            (sha256
-             (base32
-              "07rjp05axas96fp23lpf8l2yyfdj9yib4m0qjv592vdyhcsxaw8p"))))
+             (method url-fetch)
+             (uri (string-append "http://www.freedesktop.org/software/"
+                                 "harfbuzz/release/harfbuzz-"
+                                 version ".tar.bz2"))
+             (sha256
+              (base32
+               "1xrxlrvgyr6mm9qjxmkif2kvcah082y94gf1vqi0f0bdl1g8gp7b"))))
    (build-system gnu-build-system)
+   (outputs '("out"
+              "bin")) ; 160K, only hb-view depend on cairo
    (inputs
-    `(("cairo" ,cairo)
+    `(("cairo" ,cairo)))
+   (propagated-inputs
+    ;; There are all in the Requires or Requires.private field of '.pc'.
+    `(("glib" ,glib)
       ("graphite2" ,graphite2)
       ("icu4c" ,icu4c)))
-   (propagated-inputs
-    `(("glib" ,glib))) ; required by harfbuzz-gobject.pc
    (native-inputs
     `(("gobject-introspection" ,gobject-introspection)
       ("pkg-config" ,pkg-config)
       ("python" ,python-2))) ; incompatible with Python 3 (print syntax)
    (arguments
     `(#:configure-flags `("--with-graphite2"
-                          "--with-gobject")))
+                          "--with-gobject"
+                          ,(string-append
+                            "--bindir=" (assoc-ref %outputs "bin") "/bin"))))
    (synopsis "OpenType text shaping engine")
    (description
     "HarfBuzz is an OpenType text shaping engine.")
@@ -508,7 +514,7 @@ application suites.")
 (define-public gtk+
   (package (inherit gtk+-2)
    (name "gtk+")
-   (version "3.16.3")
+   (version "3.16.6")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/" name "/"
@@ -516,7 +522,7 @@ application suites.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "195ykv53sl2gsc847wcnd79zilm1yzcc2cfjxnrakhh2dd5gshr9"))))
+              "1gpzlnfrifc17yfk0zki6b2vmsfpf5cmrbh232s6iaan11np44jd"))))
    (propagated-inputs
     `(("at-spi2-atk" ,at-spi2-atk)
       ("atk" ,atk)
@@ -556,9 +562,6 @@ application suites.")
          (substitute* "testsuite/Makefile.in"
            (("SUBDIRS = gdk gtk a11y css reftests")
             "SUBDIRS = gdk"))
-         (substitute* '("demos/widget-factory/Makefile.in"
-                        "demos/gtk-demo/Makefile.in")
-           (("gtk-update-icon-cache") "$(bindir)/gtk-update-icon-cache"))
          #t)
        (alist-cons-after
         'install 'wrap-gtk-encode-symbolic-svg
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 60af92dceb..d5a95a0444 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -467,7 +467,7 @@ http:://json.org specification.  These are the main features:
                      scm-files)
 
            ;; Also copy over the README.
-           (copy-file "README.org" (string-append doc "/README.org"))
+           (install-file "README.org" doc)
            #t))))
     (inputs
      `(("guile" ,guile-2.0)))
diff --git a/gnu/packages/hurd.scm b/gnu/packages/hurd.scm
index 62dc04385f..3867b4d7ec 100644
--- a/gnu/packages/hurd.scm
+++ b/gnu/packages/hurd.scm
@@ -20,11 +20,14 @@
   #:use-module (guix licenses)
   #:use-module (guix download)
   #:use-module (guix packages)
+  #:use-module (gnu packages)
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages flex)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages perl)
-  #:use-module (gnu packages autotools))
+  #:use-module (gnu packages autotools)
+  #:use-module (gnu packages base)
+  #:use-module (guix git-download))
 
 (define-public gnumach-headers
   (package
@@ -73,7 +76,9 @@
        (base32
         "13r1pg8icyc0pl082z7k36i440pr1f3nr7ahig3rrc0r7qndqmk9"))))
     (build-system gnu-build-system)
-    (inputs `(("gnumach-headers" ,gnumach-headers)))
+    ;; Flex is needed both at build and run time.
+    (inputs `(("gnumach-headers" ,gnumach-headers)
+              ("flex" ,flex)))
     (native-inputs
      `(("flex" ,flex)
        ("bison" ,bison)))
@@ -128,3 +133,55 @@ communication.")
      "This package provides C headers of the GNU Hurd, used to build the GNU C
 Library and other user programs.")
     (license gpl2+)))
+
+(define-public hurd-minimal
+  (package (inherit hurd-headers)
+    (name "hurd-minimal")
+    (inputs `(("glibc-hurd-headers" ,glibc/hurd-headers)))
+    (native-inputs
+     `(("autoconf" ,(autoconf-wrapper))
+       ("mig" ,mig)))
+
+    (arguments
+     `(#:phases (alist-replace
+                 'install
+                 (lambda* (#:key outputs #:allow-other-keys)
+                   (let ((out (assoc-ref outputs "out")))
+                     ;; We need to copy libihash.a to the output directory manually,
+                     ;; since there is no target for that in the makefile.
+                     (mkdir-p (string-append out "/include"))
+                     (copy-file "libihash/ihash.h"
+                                (string-append out "/include/ihash.h"))
+                     (mkdir-p (string-append out "/lib"))
+                     (copy-file "libihash/libihash.a"
+                                (string-append out "/lib/libihash.a"))
+                     #t))
+                 (alist-replace
+                  'build
+                  (lambda _
+                    (zero? (system* "make" "-Clibihash" "libihash.a")))
+                  (alist-cons-before
+                   'configure 'bootstrap
+                   (lambda _
+                     (zero? (system* "autoreconf" "-vfi")))
+                   %standard-phases)))
+       #:configure-flags '(;; Pretend we're on GNU/Hurd; 'configure' wants
+                           ;; that.
+                           "--host=i686-pc-gnu"
+
+                           ;; Reduce set of dependencies.
+                           "--disable-ncursesw"
+                           "--disable-test"
+                           "--without-libbz2"
+                           "--without-libz"
+                           "--without-parted"
+                           ;; Skip the clnt_create check because it expects
+                           ;; a working glibc causing a circular dependency.
+                           "ac_cv_search_clnt_create=no")
+       #:tests? #f))
+    (home-page "http://www.gnu.org/software/hurd/hurd.html")
+    (synopsis "GNU Hurd libraries")
+    (description
+     "This package provides libihash, needed to build the GNU C 
+Library for GNU/Hurd.")
+    (license gpl2+)))
diff --git a/gnu/packages/ibus.scm b/gnu/packages/ibus.scm
index 38db959d94..97b65698bb 100644
--- a/gnu/packages/ibus.scm
+++ b/gnu/packages/ibus.scm
@@ -82,6 +82,7 @@
       ("dconf" ,dconf)
       ("gconf" ,gconf)
       ("gtk2" ,gtk+-2)
+      ("gtk+" ,gtk+)
       ("intltool" ,intltool)
       ("libnotify" ,libnotify)
       ("iso-codes" ,iso-codes)
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 46e5d12049..d442b5e69a 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -38,7 +38,9 @@
                    "-src.tgz"))
             (sha256
              (base32 "0ys5f5spizg45qlaa31j2lhgry0jka2gfha527n4ndfxxz5j4sz1"))
-            (patches (list (search-patch "icu4c-CVE-2015-4760.patch")))))
+            (patches (map search-patch '("icu4c-CVE-2014-6585.patch"
+                                         "icu4c-CVE-2015-1270.patch"
+                                         "icu4c-CVE-2015-4760.patch")))))
    (build-system gnu-build-system)
    (inputs
     `(("perl" ,perl)))
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 1ba281205c..cee7f146fa 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -107,41 +107,24 @@ image files in PBMPLUS PPM/PGM, GIF, BMP, and Targa file formats.")
 (define-public libtiff
   (package
    (name "libtiff")
-   (version "4.0.3")
+   (version "4.0.5")
    (source (origin
             (method url-fetch)
             (uri (string-append "ftp://ftp.remotesensing.org/pub/libtiff/tiff-"
                    version ".tar.gz"))
             (sha256 (base32
-                     "0wj8d1iwk9vnpax2h29xqc2hwknxg3s0ay2d5pxkg59ihbifn6pa"))
-            (patches (map search-patch '("libtiff-CVE-2012-4564.patch"
-                                         "libtiff-CVE-2013-1960.patch"
-                                         "libtiff-CVE-2013-1961.patch"
-                                         "libtiff-CVE-2013-4231.patch"
-                                         "libtiff-CVE-2013-4232.patch"
-                                         "libtiff-CVE-2013-4244.patch"
-                                         "libtiff-CVE-2013-4243.patch"
-                                         "libtiff-CVE-2014-9330.patch"
-                                         "libtiff-CVE-2014-8127-pt1.patch"
-                                         "libtiff-CVE-2014-8127-pt2.patch"
-                                         "libtiff-CVE-2014-8127-pt3.patch"
-                                         "libtiff-CVE-2014-8127-pt4.patch"
-                                         "libtiff-CVE-2014-8128-pt1.patch"
-                                         "libtiff-CVE-2014-8128-pt2.patch"
-                                         "libtiff-CVE-2014-8128-pt3.patch"
-                                         "libtiff-CVE-2014-8129.patch"
-                                         "libtiff-CVE-2014-9655.patch"
-                                         "libtiff-CVE-2014-8128-pt4.patch"
-                                         "libtiff-CVE-2014-8128-pt5.patch")))))
+                     "171hgy4mylwmvdm7gp6ffjva81m4j56v3fbqsbfl7avzxn1slpp2"))))
    (build-system gnu-build-system)
-   (inputs `(("zlib" ,zlib)
-             ("libjpeg-8" ,libjpeg-8)))
-             ;; currently does not compile with libjpeg version 9
+   (outputs '("out"
+              "doc"))                           ;1.3 MiB of HTML documentation
    (arguments
-    `(#:configure-flags
-      (list (string-append "--with-jpeg-include-dir="
-                           (assoc-ref %build-inputs "libjpeg-8")
-                           "/include"))))
+    ;; Instead of using --docdir, this package has its own --with-docdir.
+    `(#:configure-flags (list (string-append "--with-docdir="
+                                             (assoc-ref %outputs "doc")
+                                             "/share/doc/"
+                                             ,name "-" ,version))))
+   (inputs `(("zlib" ,zlib)
+             ("libjpeg" ,libjpeg)))
    (synopsis "Library for handling TIFF files")
    (description
     "Libtiff provides support for the Tag Image File Format (TIFF), a format
diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm
index 4e49c60993..8e176845e1 100644
--- a/gnu/packages/imagemagick.scm
+++ b/gnu/packages/imagemagick.scm
@@ -23,6 +23,7 @@
   #:use-module (guix build-system perl)
   #:use-module (guix download)
   #:use-module ((guix licenses) #:select (fsf-free))
+  #:use-module (gnu packages)
   #:use-module (gnu packages algebra)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages fontutils)
@@ -37,14 +38,15 @@
 (define-public imagemagick
   (package
     (name "imagemagick")
-    (version "6.9.1-3")
+    (version "6.9.2-1")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://imagemagick/ImageMagick-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "18wbsjfccxlgsdsd6h9wvhcjrsglyi086jk4bk029ik07rh81laz"))))
+               "159afhqrj22jlz745ccbgnkdiwvn8pjcc96jic0iv9ms7gqxwln5"))
+             (patches (list (search-patch "imagemagick-test-segv.patch")))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases (modify-phases %standard-phases
@@ -84,7 +86,7 @@
               ("libxml2" ,libxml2)
               ("libtiff" ,libtiff)
               ("libpng" ,libpng)
-              ("libjpeg" ,libjpeg-8)
+              ("libjpeg" ,libjpeg)
               ("pango" ,pango)
               ("freetype" ,freetype)
               ("bzip2" ,bzip2)
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index 0ff70c82b2..9304a92eb9 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -102,8 +102,8 @@
           (lambda* (#:key outputs #:allow-other-keys)
             (let ((java (string-append (assoc-ref outputs "out")
                                        "/share/java")))
-              (mkdir-p java)
-              (copy-file "swt.jar" (string-append java "/swt.jar"))) #t)
+              (install-file "swt.jar" java)
+              #t))
           (alist-delete 'configure %standard-phases))))))
     (inputs
      `(("xulrunner" ,icecat)
diff --git a/gnu/packages/libidn.scm b/gnu/packages/libidn.scm
index 4a7840c78c..382e14f0cc 100644
--- a/gnu/packages/libidn.scm
+++ b/gnu/packages/libidn.scm
@@ -26,13 +26,13 @@
 (define-public libidn
   (package
    (name "libidn")
-   (version "1.31")
+   (version "1.32")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/libidn/libidn-" version
                                 ".tar.gz"))
             (sha256 (base32
-                     "026z12mczlag443ms9n954h36pi3m7iva9jfw8y4ispsj772zpxg"))))
+                     "1xf4hphhahcjm2xwx147lfpsavjwv9l4c2gf6hx71zxywbz5lpds"))))
    (build-system gnu-build-system)
 ;; FIXME: No Java and C# libraries are currently built.
    (synopsis "Internationalized string processing library")
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 97e8bdcaec..d2619335a3 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -321,7 +321,7 @@ It has been modified to remove all non-free binary blobs.")
 (define-public linux-pam
   (package
     (name "linux-pam")
-    (version "1.1.6")
+    (version "1.2.1")
     (source
      (origin
       (method url-fetch)
@@ -331,7 +331,7 @@ It has been modified to remove all non-free binary blobs.")
                                 version ".tar.bz2")))
       (sha256
        (base32
-        "1hlz2kqvbjisvwyicdincq7nz897b9rrafyzccwzqiqg53b8gf5s"))))
+        "1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("flex" ,flex)
@@ -390,7 +390,7 @@ providing the system administrator with some help in common tasks.")
 (define-public util-linux
   (package
     (name "util-linux")
-    (version "2.25.2")
+    (version "2.27")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://kernel.org/linux/utils/"
@@ -398,19 +398,20 @@ providing the system administrator with some help in common tasks.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1miwwdq1zwvhf0smrxx3fjddq3mz22s8rc5cw54s7x3kbdqpyig0"))
+                "1ivdx1bhjbakf77agm9dn3wyxia1wgz9lzxgd61zqxw3xzih9gzw"))
               (patches (list (search-patch "util-linux-tests.patch")))
               (modules '((guix build utils)))
               (snippet
                ;; We take the 'logger' program from GNU Inetutils and 'kill'
                ;; from GNU Coreutils.
-               '(substitute* "configure"
-                  (("build_logger=yes") "build_logger=no")
-                  (("build_kill=yes") "build_kill=no")))))
+               '(begin
+                  (substitute* "configure"
+                    (("build_logger=yes") "build_logger=no")
+                    (("build_kill=yes") "build_kill=no"))
+                  #t))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags (list "--disable-use-tty-group"
-                               "--enable-ddate"
 
                                ;; Install completions where our
                                ;; bash-completion package expects them.
@@ -1021,19 +1022,15 @@ advanced aspects of IP configuration (iptunnel, ipmaddr).")
 (define-public libcap
   (package
     (name "libcap")
-    (version "2.22")
+    (version "2.24")
     (source (origin
              (method url-fetch)
-
-             ;; Tarballs used to be available from
-             ;; <https://www.kernel.org/pub/linux/libs/security/linux-privs/>
-             ;; but they never came back after kernel.org was compromised.
              (uri (string-append
-                   "mirror://debian/pool/main/libc/libcap2/libcap2_"
-                   version ".orig.tar.gz"))
+                   "mirror://kernel.org/linux/libs/security/linux-privs/"
+                   "libcap2/libcap-" version ".tar.xz"))
              (sha256
               (base32
-               "07vjhkznm82p8dm4w6j8mmg7h5c70lp5s9bwwfdmgwpbixfydjp1"))))
+               "0rbc9qbqs5bp9am9s9g83wxj5k4ixps2agy9dxr1v1fwg27mdr6f"))))
     (build-system gnu-build-system)
     (arguments '(#:phases
                  (modify-phases %standard-phases
diff --git a/gnu/packages/make-bootstrap.scm b/gnu/packages/make-bootstrap.scm
index 1b70d54c48..b3c86dbebf 100644
--- a/gnu/packages/make-bootstrap.scm
+++ b/gnu/packages/make-bootstrap.scm
@@ -115,7 +115,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
                                 #:native-inputs native-inputs))
 
 (define %bash-static
-  (static-package bash-light))
+  (static-package bash-minimal))
 
 (define %static-inputs
   ;; Packages that are to be used as %BOOTSTRAP-INPUTS.
@@ -253,10 +253,8 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
 
             ;; But of course, there are exceptions to this rule.
             (let ((grep (assoc-ref %build-inputs "grep")))
-              (copy-file (string-append grep "/bin/fgrep")
-                         (string-append bin "/fgrep"))
-              (copy-file (string-append grep "/bin/egrep")
-                         (string-append bin "/egrep")))
+              (install-file (string-append grep "/bin/fgrep") bin)
+              (install-file (string-append grep "/bin/egrep") bin))
 
             ;; Clear references to the store path.
             (for-each remove-store-references
@@ -425,8 +423,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
                        "--disable-libcilkrts"
                        "--disable-libvtv"
                        "--disable-libssp"
-                       "--disable-libquadmath"
-                       "--disable-decimal-float")
+                       "--disable-libquadmath")
                       (remove (cut string-match "--(.*plugin|enable-languages)" <>)
                               ,flags)))
             ((#:phases phases)
@@ -631,7 +628,8 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
                                               ".tar.xz")
                                "."
                                ;; avoid non-determinism in the archive
-                               "--mtime=@0" "--owner=root:0" "--group=root:0"))))))))))
+                               "--sort=name" "--mtime=@0"
+                               "--owner=root:0" "--group=root:0"))))))))))
 
 (define %bootstrap-binaries-tarball
   ;; A tarball with the statically-linked bootstrap binaries.
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index b56ca4057d..45fda144be 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -1828,21 +1828,17 @@ specifications.")
                           (string-append lib "/liblpsolve55.a"))
                (copy-file "lpsolve55/bin/ux64/liblpsolve55.so"
                           (string-append lib "/liblpsolve55.so"))
-               (mkdir-p bin)
-               (copy-file "lp_solve/bin/ux64/lp_solve"
-                          (string-append bin "/lp_solve"))
-               (mkdir-p include)
+               (install-file "lp_solve/bin/ux64/lp_solve" bin)
+
                ;; Install a subset of the header files as on Debian
                ;; (plus lp_bit.h, which matches the regular expression).
-               (for-each
-                 (lambda (name)
-                   (copy-file name (string-append include "/" name)))
-                 (find-files "." "lp_[HMSa-z].*\\.h$"))
+               (for-each (lambda (name)
+                           (install-file name include))
+                         (find-files "." "lp_[HMSa-z].*\\.h$"))
                (with-directory-excursion "shared"
-                 (for-each
-                   (lambda (name)
-                     (copy-file name (string-append include "/" name)))
-                   (find-files "." "\\.h$")))
+                 (for-each (lambda (name)
+                             (install-file name include))
+                           (find-files "." "\\.h$")))
                #t))))))
     (home-page "http://lpsolve.sourceforge.net/")
     (synopsis "Mixed integer linear programming (MILP) solver")
diff --git a/gnu/packages/mp3.scm b/gnu/packages/mp3.scm
index ddd90fb72a..d5ca1555db 100644
--- a/gnu/packages/mp3.scm
+++ b/gnu/packages/mp3.scm
@@ -435,7 +435,7 @@ format.")
                     (let* ((out (assoc-ref outputs "out"))
                            (bin (string-append out "/bin")))
                       (mkdir-p bin)
-                      (copy-file "mpc123" (string-append bin "/mpc123"))))
+                      (install-file "mpc123" bin)))
                   %standard-phases))
        #:tests? #f))
 
diff --git a/gnu/packages/ncurses.scm b/gnu/packages/ncurses.scm
index 180cdde19f..2b0d442664 100644
--- a/gnu/packages/ncurses.scm
+++ b/gnu/packages/ncurses.scm
@@ -28,21 +28,17 @@
          '(lambda _
             (for-each patch-makefile-SHELL
                       (find-files "." "Makefile.in"))))
-        (configure-phase
-         '(lambda* (#:key inputs outputs configure-flags
-                    #:allow-other-keys)
-            ;; The `ncursesw5-config' has a #!/bin/sh.  We want to patch
-            ;; it to point to libc's embedded Bash, to avoid retaining a
-            ;; reference to the bootstrap Bash.
-            (let* ((libc (assoc-ref inputs "libc"))
-                   (bash (string-append libc "/bin/bash"))
-                   (out  (assoc-ref outputs "out")))
-              (format #t "configure flags: ~s~%" configure-flags)
-              (zero? (apply system* bash "./configure"
-                            (string-append "SHELL=" bash)
-                            (string-append "CONFIG_SHELL=" bash)
-                            (string-append "--prefix=" out)
-                            configure-flags)))))
+        (remove-shebang-phase
+         '(lambda _
+            ;; To avoid retaining a reference to the bootstrap Bash via the
+            ;; shebang of the 'ncursesw5-config' script, simply remove that
+            ;; shebang: it'll work just as well without it.
+            (substitute* "misc/ncurses-config.in"
+              (("#!@SHELL@")
+               "# No shebang here, use /bin/sh!\n")
+              (("@SHELL@ \\$0")
+               "$0"))
+            #t))
         (post-install-phase
          '(lambda* (#:key outputs #:allow-other-keys)
             (let ((out (assoc-ref outputs "out")))
@@ -56,9 +52,9 @@
                             (define lib.a
                               (string-append "lib" lib ".a"))
                             (define libw.so.x
-                              (string-append "lib" lib "w.so.5"))
+                              (string-append "lib" lib "w.so.6"))
                             (define lib.so.x
-                              (string-append "lib" lib ".so.5"))
+                              (string-append "lib" lib ".so.6"))
                             (define lib.so
                               (string-append "lib" lib ".so"))
 
@@ -73,14 +69,14 @@
                           '("curses" "ncurses" "form" "panel" "menu")))))))
     (package
      (name "ncurses")
-     (version "5.9")
+     (version "6.0")
      (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/ncurses/ncurses-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0fsn7xis81za62afan0vvm38bvgzg5wfmv1m86flqcj0nj7jjilh"))))
+                "0q3jck7lna77z5r42f13c4xglc7azd19pxfrjrpgp2yf615w4lgm"))))
      (build-system gnu-build-system)
      (arguments
       `(#:configure-flags
@@ -90,37 +86,20 @@
           ;; what users expect.
           ,(string-append "--includedir=" (assoc-ref %outputs "out")
                           "/include")
+          "--enable-overwrite"                    ;really honor --includedir
 
           ;; Make sure programs like 'tic', 'reset', and 'clear' have a
           ;; correct RUNPATH.
           ,(string-append "LDFLAGS=-Wl,-rpath=" (assoc-ref %outputs "out")
-                          "/lib")
-
-          ;; C++ bindings fail to build on
-          ;; `i386-pc-solaris2.11' with GCC 3.4.3:
-          ;; <http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6395191>.
-          ,,@(if (string=? (%current-system) "i686-solaris")
-                 '("--without-cxx-binding")
-                 '()))
+                          "/lib"))
         #:tests? #f                               ; no "check" target
-        #:phases ,(if (%current-target-system)
-
-                      `(alist-cons-before         ; cross build
-                        'configure 'patch-makefile-SHELL
-                        ,patch-makefile-phase
-                        (alist-cons-after
-                         'install 'post-install ,post-install-phase
-                         %standard-phases))
-
-                      `(alist-cons-after          ; native build
-                        'install 'post-install ,post-install-phase
-                        (alist-cons-before
-                         'configure 'patch-makefile-SHELL
-                         ,patch-makefile-phase
-                         (alist-replace
-                          'configure
-                          ,configure-phase
-                          %standard-phases))))))
+        #:phases (modify-phases %standard-phases
+                   (add-after 'install 'post-install
+                              ,post-install-phase)
+                   (add-before 'configure 'patch-makefile-SHELL
+                               ,patch-makefile-phase)
+                   (add-after 'unpack 'remove-unneeded-shebang
+                              ,remove-shebang-phase))))
      (self-native-input? #t)                      ; for `tic'
      (synopsis "Terminal emulation (termcap, terminfo) library")
      (description
diff --git a/gnu/packages/ninja.scm b/gnu/packages/ninja.scm
index a0eb109bbb..ea5488afc9 100644
--- a/gnu/packages/ninja.scm
+++ b/gnu/packages/ninja.scm
@@ -66,11 +66,8 @@
             (let* ((out (assoc-ref outputs "out"))
                    (bin (string-append out "/bin"))
                    (doc (string-append out "/share/doc/ninja")))
-              (mkdir-p bin)
-              (copy-file "ninja" (string-append bin "/ninja"))
-              (mkdir-p doc)
-              (copy-file "doc/manual.asciidoc"
-                         (string-append doc "/manual.asciidoc"))
+              (install-file "ninja" bin)
+              (install-file "doc/manual.asciidoc" doc)
               #t))))))
     (home-page "http://martine.github.io/ninja/")
     (synopsis "Small build system")
diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm
index bbc3ebdd8f..d416a43857 100644
--- a/gnu/packages/openldap.scm
+++ b/gnu/packages/openldap.scm
@@ -34,7 +34,7 @@
 (define-public openldap
   (package
    (name "openldap")
-   (version "2.4.40")
+   (version "2.4.42")
    (source (origin
             (method url-fetch)
 
@@ -51,7 +51,7 @@
                         "openldap-release/openldap-" version ".tgz")))
             (sha256
              (base32
-              "1nyslrgwxwilgv5sixc37svls5rbvhsv9drb7hlrjr2vqaji29ni"))))
+              "0qwfpb5ipp2l76v11arghq5mr0sjc6xhjfg8a0kgsaw5qpib1dzf"))))
    (build-system gnu-build-system)
    (inputs `(("bdb" ,bdb)
              ("openssl" ,openssl)
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index f7af1a30da..8fbe5b3064 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -176,7 +176,7 @@ the Nix package manager.")
   ;;
   ;; Note: use a short commit id; when using the long one, the limit on socket
   ;; file names is exceeded while running the tests.
-  (let ((commit "5d09263"))
+  (let ((commit "abbe2c6"))
     (package (inherit guix-0.8.3)
       (version (string-append "0.8.3." commit))
       (source (origin
@@ -186,7 +186,7 @@ the Nix package manager.")
                       (commit commit)))
                 (sha256
                  (base32
-                  "0v5g90di91j218x620shib7xjrjd5dkk4h1zrlg98hdmbgxq5s3j"))
+                  "1zgjj5knpz3qbbqdjm4yh436bzfgasc6p0k3xnx58hfjd88mdsga"))
                 (file-name (string-append "guix-" version "-checkout"))))
       (arguments
        (substitute-keyword-arguments (package-arguments guix-0.8.3)
diff --git a/gnu/packages/patches/acl-hurd-path-max.patch b/gnu/packages/patches/acl-hurd-path-max.patch
new file mode 100644
index 0000000000..89cb3a38d7
--- /dev/null
+++ b/gnu/packages/patches/acl-hurd-path-max.patch
@@ -0,0 +1,80 @@
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=636512
+
+From: Svante Signell <srs@kth.se>
+Subject: acl: Fix FTBFS on hurd-i386
+Date: Wed, 03 Aug 2011 19:36:27 +0200
+
+Currently acl does not compile on hurd-i386. The problem is a PATH_MAX
+definition which is not supported on GNU/Hurd.
+
+Index: acl-2.2.52/setfacl/parse.c
+===================================================================
+--- acl-2.2.52/setfacl/parse.c
++++ acl-2.2.52/setfacl/parse.c
+@@ -419,7 +419,13 @@ read_acl_comments(
+ 	  bytes for "# file: ". Not a good solution but for now it is the
+ 	  best I can do without too much impact on the code. [tw]
+ 	*/
++
++#ifdef __GNU__
++	char *linebuf;
++	size_t dummy = 0;
++#else
+ 	char linebuf[(4*PATH_MAX)+9];
++#endif
+ 	char *cp;
+ 	char *p;
+ 	int comments_read = 0;
+@@ -449,9 +455,13 @@ read_acl_comments(
+ 		if (line)
+ 			(*line)++;
+ 
++#ifdef __GNU__
++		if (getline(&linebuf, &dummy, file) == -1)
++			break;
++#else
+ 		if (fgets(linebuf, sizeof(linebuf), file) == NULL)
+ 			break;
+-		
++#endif		
+ 		comments_read = 1;
+ 
+ 		p = strrchr(linebuf, '\0');
+@@ -473,7 +483,12 @@ read_acl_comments(
+ 					goto fail;
+ 				*path_p = (char*)malloc(strlen(cp)+1);
+ 				if (!*path_p)
++				  {
++#ifdef __GNU__
++				    free (linebuf);
++#endif
+ 					return -1;
++				  }
+ 				strcpy(*path_p, cp);
+ 			}
+ 		} else if (strncmp(cp, "owner:", 6) == 0) {
+@@ -522,13 +537,24 @@ read_acl_comments(
+ 		}
+ 	}
+ 	if (ferror(file))
++	  {
++#ifdef __GNU__
++	    free (linebuf);
++#endif
+ 		return -1;
++	  }
++#ifdef __GNU__
++	free (linebuf);
++#endif
+ 	return comments_read;
+ fail:
+ 	if (path_p && *path_p) {
+ 		free(*path_p);
+ 		*path_p = NULL;
+ 	}
++#ifdef __GNU__
++	free (linebuf);
++#endif
+ 	return -EINVAL;
+ }
+ 
diff --git a/gnu/packages/patches/coreutils-racy-tail-test.patch b/gnu/packages/patches/coreutils-racy-tail-test.patch
new file mode 100644
index 0000000000..91640513e4
--- /dev/null
+++ b/gnu/packages/patches/coreutils-racy-tail-test.patch
@@ -0,0 +1,13 @@
+Skip this test, which uncovers a race condition in how 'tail' handles
+file deletion.  See <http://bugs.gnu.org/21460>.
+
+--- a/tests/tail-2/assert.sh
++++ b/tests/tail-2/assert.sh
+@@ -16,6 +16,7 @@
+ # You should have received a copy of the GNU General Public License
+ # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ 
++exit 77				# see <http://bugs.gnu.org/21460>
+ 
+ # This test fails with tail from textutils-2.0.
+ # It would get something like this:
diff --git a/gnu/packages/patches/glibc-hurd-extern-inline.patch b/gnu/packages/patches/glibc-hurd-extern-inline.patch
new file mode 100644
index 0000000000..a609b1f54a
--- /dev/null
+++ b/gnu/packages/patches/glibc-hurd-extern-inline.patch
@@ -0,0 +1,35 @@
+This changes the way _EXTERN_INLINE is defined so we can
+avoid external definition errors.
+https://lists.gnu.org/archive/html/bug-hurd/2014-04/msg00002.html
+
+diff --git a/signal/sigsetops.c b/signal/sigsetops.c
+index 0317662..b92c296 100644
+--- a/signal/sigsetops.c
++++ b/signal/sigsetops.c
+@@ -3,7 +3,9 @@
+ 
+ #include <features.h>
+ 
+-#define _EXTERN_INLINE
++#ifndef _EXTERN_INLINE
++#define _EXTERN_INLINE __extern_inline
++#endif
+ #ifndef __USE_EXTERN_INLINES
+ # define __USE_EXTERN_INLINES  1
+ #endif
+
+Link libmachuser and libhurduser automatically with libc, since they are
+considered a standard part of the API in GNU-land.
+
+--- a/Makerules
++++ b/Makerules
+@@ -978,6 +978,9 @@
+ 	      '$(libdir)/$(patsubst %,$(libtype.oS),$(libprefix)$(libc-name))'\
+	      ' AS_NEEDED (' $(rtlddir)/$(rtld-installed-name) ') )' \
+ 	) > $@.new
++ifeq ($(patsubst gnu%,,$(config-os)),)
++	echo 'INPUT ( AS_NEEDED ( -lmachuser -lhurduser ) )' >> $@.new
++endif
+ 	mv -f $@.new $@
+ 
+ endif
\ No newline at end of file
diff --git a/gnu/packages/patches/glibc-locales.patch b/gnu/packages/patches/glibc-locales.patch
index 1d254e1c1d..1bcf12bf6f 100644
--- a/gnu/packages/patches/glibc-locales.patch
+++ b/gnu/packages/patches/glibc-locales.patch
@@ -9,9 +9,9 @@ in a package separate from glibc.
      because otherwise, 'localedef' fails with:
      "cannot write output files to `(null)'".
 
---- glibc-2.20/localedata/Makefile	2014-09-07 10:09:09.000000000 +0200
-+++ glibc-2.20/localedata/Makefile	2015-02-11 10:23:55.560545568 +0100
-@@ -217,7 +217,7 @@ INSTALL-SUPPORTED-LOCALES=$(addprefix in
+--- glibc-2.22/localedata/Makefile	1970-01-01 01:00:00.000000000 +0100
++++ glibc-2.22/localedata/Makefile	2015-09-25 14:18:34.698941752 +0200
+@@ -195,7 +195,7 @@ INSTALL-SUPPORTED-LOCALES=$(addprefix in
  
  # Sometimes the whole collection of locale files should be installed.
  LOCALEDEF=I18NPATH=. GCONV_PATH=$(common-objpfx)iconvdata LC_ALL=C \
@@ -20,12 +20,12 @@ in a package separate from glibc.
  install-locales: $(INSTALL-SUPPORTED-LOCALES)
  
  install-locales-dir:
-@@ -234,7 +234,7 @@ $(INSTALL-SUPPORTED-LOCALES): install-lo
+@@ -212,7 +212,7 @@ $(INSTALL-SUPPORTED-LOCALES): install-lo
  	input=`echo $$locale | sed 's/\([^.]*\)[^@]*\(.*\)/\1\2/'`; \
  	$(LOCALEDEF) --alias-file=../intl/locale.alias \
  		     -i locales/$$input -c -f charmaps/$$charset \
--		     $(addprefix --prefix=,$(install_root)) $$locale; \
-+		     $(addprefix --prefix=,$(install_root)) $(localedir)/$$locale; \
- 	echo ' done'; \
+-		     $(addprefix --prefix=,$(install_root)) $$locale \
++		     $(addprefix --prefix=,$(install_root)) $(localedir)/$$locale \
+ 	&& echo ' done'; \
  
  tst-setlocale-ENV = LC_ALL=ja_JP.EUC-JP
diff --git a/gnu/packages/patches/glibc-o-largefile.patch b/gnu/packages/patches/glibc-o-largefile.patch
new file mode 100644
index 0000000000..2b0ae8c8bb
--- /dev/null
+++ b/gnu/packages/patches/glibc-o-largefile.patch
@@ -0,0 +1,25 @@
+This fixes <https://sourceware.org/bugzilla/show_bug.cgi?id=18781>
+whereby, on 32-bit platforms, libc 2.22 would fail to pass O_LARGEFILE
+to 'openat'.  This was caught by 'tests/sparse03.at' in the tar
+test suite.
+
+commit eb32b0d40308166c4d8f6330cc2958cb1e545075
+Author: Andreas Schwab <schwab@suse.de>
+Date:   Mon Aug 10 14:12:47 2015 +0200
+
+    Readd O_LARGEFILE flag for openat64 (bug 18781)
+
+--- a/sysdeps/unix/sysv/linux/openat.c
++++ b/sysdeps/unix/sysv/linux/openat.c
+@@ -68,6 +68,11 @@ __OPENAT (int fd, const char *file, int oflag, ...)
+       va_end (arg);
+     }
+ 
++  /* We have to add the O_LARGEFILE flag for openat64.  */
++#ifdef MORE_OFLAGS
++  oflag |= MORE_OFLAGS;
++#endif
++
+   return SYSCALL_CANCEL (openat, fd, file, oflag, mode);
+ }
+ libc_hidden_def (__OPENAT)
diff --git a/gnu/packages/patches/icu4c-CVE-2014-6585.patch b/gnu/packages/patches/icu4c-CVE-2014-6585.patch
new file mode 100644
index 0000000000..d21a0d0ba1
--- /dev/null
+++ b/gnu/packages/patches/icu4c-CVE-2014-6585.patch
@@ -0,0 +1,21 @@
+Copied from Debian.
+
+description: out-of-bounds read
+origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6585
+
+--- a/source/layout/LETableReference.h
++++ b/source/layout/LETableReference.h
+@@ -322,7 +322,12 @@ LE_TRACE_TR("INFO: new RTAO")
+   }
+   
+   const T& operator()(le_uint32 i, LEErrorCode &success) const {
+-    return *getAlias(i,success);
++    const T *ret = getAlias(i,success);
++    if (LE_FAILURE(success) || ret==NULL) {
++      return *(new T());
++    } else {
++      return *ret;
++    }
+   }
+ 
+   size_t getOffsetFor(le_uint32 i, LEErrorCode &success) const {
diff --git a/gnu/packages/patches/icu4c-CVE-2015-1270.patch b/gnu/packages/patches/icu4c-CVE-2015-1270.patch
new file mode 100644
index 0000000000..2a7658d36e
--- /dev/null
+++ b/gnu/packages/patches/icu4c-CVE-2015-1270.patch
@@ -0,0 +1,15 @@
+Copied from Debian.
+
+diff --git a/source/common/ucnv_io.cpp b/source/common/ucnv_io.cpp
+index 5dd35d8..4424664 100644
+--- a/source/common/ucnv_io.cpp
++++ b/source/common/ucnv_io.cpp
+@@ -744,7 +744,7 @@ ucnv_io_getConverterName(const char *alias, UBool *containsOption, UErrorCode *p
+              * the name begins with 'x-'. If it does, strip it off and try
+              * again.  This behaviour is similar to how ICU4J does it.
+              */
+-            if (aliasTmp[0] == 'x' || aliasTmp[1] == '-') {
++            if (aliasTmp[0] == 'x' && aliasTmp[1] == '-') {
+                 aliasTmp = aliasTmp+2;
+             } else {
+                 break;
diff --git a/gnu/packages/patches/imagemagick-test-segv.patch b/gnu/packages/patches/imagemagick-test-segv.patch
new file mode 100644
index 0000000000..6626e54828
--- /dev/null
+++ b/gnu/packages/patches/imagemagick-test-segv.patch
@@ -0,0 +1,20 @@
+This patch works around a segmentation fault in 'Magick++/tests/color' when
+running 'Magick++/tests/tests.tap'.  Here we get an exception early on, which
+is supposedly harmless:
+
+  Caught exception: color: UnableToOpenConfigureFile `colors.xml' @ warning/configure.c/GetConfigureOptions/706
+
+However, when the stack unwinders run, 'UnregisterDOTImage' gets called even
+though 'RegisterDOTImage' hadn't been called yet; thus, 'graphic_context' in
+coders/dot.c is NULL, leading to the segfault.
+
+--- ImageMagick-6.9.2-1/coders/dot.c	2015-09-16 17:32:42.900323334 +0200
++++ ImageMagick-6.9.2-1/coders/dot.c	2015-09-16 17:32:48.312367636 +0200
+@@ -240,6 +240,7 @@ ModuleExport void UnregisterDOTImage(voi
+   (void) UnregisterMagickInfo("GV");
+   (void) UnregisterMagickInfo("DOT");
+ #if defined(MAGICKCORE_GVC_DELEGATE)
++  if (graphic_context != NULL)
+   gvFreeContext(graphic_context);
+ #endif
+ }
diff --git a/gnu/packages/patches/libpthread-glibc-preparation.patch b/gnu/packages/patches/libpthread-glibc-preparation.patch
new file mode 100644
index 0000000000..a43245436c
--- /dev/null
+++ b/gnu/packages/patches/libpthread-glibc-preparation.patch
@@ -0,0 +1,146 @@
+This patch helps to integrate the Hurd's libpthread as a libc add-on.
+
+It writes the configure file, removes an rpc call not yet 
+implemented on the version of gnumach we use and defines
+a missing macro.
+
+diff --git a/libpthread/configure b/libpthread/configure
+new file mode 100644
+index 0000000..2cdbc71
+--- /dev/null
++++ b/libpthread/configure
+@@ -0,0 +1,2 @@
++libc_add_on_canonical=libpthread
++libc_add_on_subdirs=.
+-- 
+1.9.0
+
+We are using a version of GNU Mach that lacks 'thread_terminate_release'
+(not introduced yet).  The 'thread_terminate' RPC call will be enough for
+our needs.
+See <http://lists.gnu.org/archive/html/bug-hurd/2014-05/msg00127.html>.
+
+diff --git a/libpthread/sysdeps/mach/pt-thread-terminate.c b/libpthread/sysdeps/mach/pt-thread-terminate.c
+index 6672065..129a611 100644
+--- a/libpthread/sysdeps/mach/pt-thread-terminate.c
++++ b/libpthread/sysdeps/mach/pt-thread-terminate.c
+@@ -70,9 +70,9 @@ __pthread_thread_terminate (struct __pthread *thread)
+   __mach_port_destroy (__mach_task_self (), wakeup_port);
+ 
+   /* Terminate and release all that's left.  */
+-  err = __thread_terminate_release (kernel_thread, mach_task_self (),
+-				    kernel_thread, reply_port,
+-				    stackaddr, stacksize);
++  /* err = __thread_terminate_release (kernel_thread, mach_task_self (), */
++  /* 				    kernel_thread, reply_port, */
++  /* 				    stackaddr, stacksize); */
+ 
+   /* The kernel does not support it yet.  Leak but at least terminate
+      correctly.  */
+-- 
+1.9.2
+
+The __PTHREAD_SPIN_LOCK_INITIALIZER definition is missing, so we 
+define it to __SPIN_LOCK_INITIALIZER which already exists.
+See <http://lists.gnu.org/archive/html/commit-hurd/2009-04/msg00006.html>.
+  
+diff --git a/libpthread/sysdeps/mach/bits/spin-lock.h b/libpthread/sysdeps/mach/bits/spin-lock.h
+index 537dac9..fca0e5a 100644
+--- a/libpthread/sysdeps/mach/bits/spin-lock.h
++++ b/libpthread/sysdeps/mach/bits/spin-lock.h
+@@ -30,7 +30,7 @@ typedef __spin_lock_t __pthread_spinlock_t;
+ 
+ /* Initializer for a spin lock object.  */
+ #ifndef __PTHREAD_SPIN_LOCK_INITIALIZER
+-#error __PTHREAD_SPIN_LOCK_INITIALIZER undefined: should be defined by <lock-intern.h>.
++#define __PTHREAD_SPIN_LOCK_INITIALIZER __SPIN_LOCK_INITIALIZER
+ #endif
+ 
+ __END_DECLS
+
+The version of the glibc we use doesn't include the shm-directory.c file and does
+not yet support IS_IN.
+See <https://lists.gnu.org/archive/html/bug-hurd/2015-03/msg00078.html>
+
+diff --git a/libpthread/Makefile b/libpthread/Makefile
+index 2906788..b8dee58 100644
+--- a/libpthread/Makefile
++++ b/libpthread/Makefile
+@@ -149,8 +149,6 @@ libpthread-routines := pt-attr pt-attr-destroy pt-attr-getdetachstate	    \
+ 	sem-post sem-timedwait sem-trywait sem-unlink			    \
+ 	sem-wait							    \
+ 									    \
+-	shm-directory							    \
+-									    \
+ 	cthreads-compat							    \
+ 	$(SYSDEPS)
+ 
+-- 
+2.3.6
+
+diff --git a/libpthread/pthread/pt-create.c b/libpthread/pthread/pt-create.c
+index d88afae..84044dc 100644
+--- a/libpthread/pthread/pt-create.c
++++ b/libpthread/pthread/pt-create.c
+@@ -28,7 +28,7 @@
+ 
+ #include <pt-internal.h>
+ 
+-#if IS_IN (libpthread)
++#ifdef IS_IN_libpthread
+ # include <ctype.h>
+ #endif
+ #ifdef HAVE_USELOCALE
+@@ -50,7 +50,7 @@ entry_point (struct __pthread *self, void *(*start_routine)(void *), void *arg)
+   __resp = &self->res_state;
+ #endif
+ 
+-#if IS_IN (libpthread)
++#ifdef IS_IN_libpthread
+   /* Initialize pointers to locale data.  */
+   __ctype_init ();
+ #endif
+diff --git a/libpthread/pthread/pt-initialize.c b/libpthread/pthread/pt-initialize.c
+index 9e5404b..b9cacbd 100644
+--- a/libpthread/pthread/pt-initialize.c
++++ b/libpthread/pthread/pt-initialize.c
+@@ -28,7 +28,7 @@
+ 
+ DEFINE_HOOK (__pthread_init, (void));
+ 
+-#if IS_IN (libpthread)
++#ifdef IS_IN_libpthread
+ static const struct pthread_functions pthread_functions =
+   {
+     .ptr_pthread_attr_destroy = __pthread_attr_destroy,
+@@ -81,7 +81,7 @@ static const struct pthread_functions pthread_functions =
+ void
+ ___pthread_init (void)
+ {
+-#if IS_IN (libpthread)
++#ifdef IS_IN_libpthread
+   __libc_pthread_init(&pthread_functions);
+ #endif
+   RUN_HOOK (__pthread_init, ());
+diff --git a/libpthread/pthread/pt-internal.h b/libpthread/pthread/pt-internal.h
+index 18b5b4c..8cdcfce 100644
+--- a/libpthread/pthread/pt-internal.h
++++ b/libpthread/pthread/pt-internal.h
+@@ -35,7 +35,7 @@
+ #include <pt-sysdep.h>
+ #include <pt-machdep.h>
+ 
+-#if IS_IN (libpthread)
++#ifdef IS_IN_libpthread
+ # include <ldsodefs.h>
+ #endif
+ 
+@@ -60,7 +60,7 @@ enum pthread_state
+ # define PTHREAD_SYSDEP_MEMBERS
+ #endif
+ 
+-#if !(IS_IN (libpthread))
++#ifndef IS_IN_libpthread
+ #ifdef ENABLE_TLS
+ /* Type of the TCB.  */
+ typedef struct
diff --git a/gnu/packages/patches/libtiff-CVE-2012-4564.patch b/gnu/packages/patches/libtiff-CVE-2012-4564.patch
deleted file mode 100644
index 472f9ca35f..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2012-4564.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Copied from Debian
-
-Index: tiff-4.0.3/tools/ppm2tiff.c
-===================================================================
---- tiff-4.0.3.orig/tools/ppm2tiff.c	2013-06-23 10:36:50.779629492 -0400
-+++ tiff-4.0.3/tools/ppm2tiff.c	2013-06-23 10:36:50.775629494 -0400
-@@ -89,6 +89,7 @@
- 	int c;
- 	extern int optind;
- 	extern char* optarg;
-+	tmsize_t scanline_size;
- 
- 	if (argc < 2) {
- 	    fprintf(stderr, "%s: Too few arguments\n", argv[0]);
-@@ -237,8 +238,16 @@
- 	}
- 	if (TIFFScanlineSize(out) > linebytes)
- 		buf = (unsigned char *)_TIFFmalloc(linebytes);
--	else
--		buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
-+	else {
-+		scanline_size = TIFFScanlineSize(out);
-+		if (scanline_size != 0)
-+			buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
-+		else {
-+			fprintf(stderr, "%s: scanline size overflow\n",infile);
-+			(void) TIFFClose(out);
-+			exit(-2);
-+			}
-+		}
- 	if (resolution > 0) {
- 		TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution);
- 		TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution);
diff --git a/gnu/packages/patches/libtiff-CVE-2013-1960.patch b/gnu/packages/patches/libtiff-CVE-2013-1960.patch
deleted file mode 100644
index 341063f25d..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2013-1960.patch
+++ /dev/null
@@ -1,148 +0,0 @@
-Copied from Debian
-
-Index: tiff-4.0.3/tools/tiff2pdf.c
-===================================================================
---- tiff-4.0.3.orig/tools/tiff2pdf.c	2013-06-23 10:36:50.979629486 -0400
-+++ tiff-4.0.3/tools/tiff2pdf.c	2013-06-23 10:36:50.975629486 -0400
-@@ -3341,33 +3341,56 @@
- 	uint32 height){
- 
- 	tsize_t i=0;
--	uint16 ri =0;
--	uint16 v_samp=1;
--	uint16 h_samp=1;
--	int j=0;
--	
--	i++;
--	
--	while(i<(*striplength)){
-+
-+	while (i < *striplength) {
-+		tsize_t datalen;
-+		uint16 ri;
-+		uint16 v_samp;
-+		uint16 h_samp;
-+		int j;
-+		int ncomp;
-+
-+		/* marker header: one or more FFs */
-+		if (strip[i] != 0xff)
-+			return(0);
-+		i++;
-+		while (i < *striplength && strip[i] == 0xff)
-+			i++;
-+		if (i >= *striplength)
-+			return(0);
-+		/* SOI is the only pre-SOS marker without a length word */
-+		if (strip[i] == 0xd8)
-+			datalen = 0;
-+		else {
-+			if ((*striplength - i) <= 2)
-+				return(0);
-+			datalen = (strip[i+1] << 8) | strip[i+2];
-+			if (datalen < 2 || datalen >= (*striplength - i))
-+				return(0);
-+		}
- 		switch( strip[i] ){
--			case 0xd8:
--				/* SOI - start of image */
-+			case 0xd8:	/* SOI - start of image */
- 				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), 2);
- 				*bufferoffset+=2;
--				i+=2;
- 				break;
--			case 0xc0:
--			case 0xc1:
--			case 0xc3:
--			case 0xc9:
--			case 0xca:
-+			case 0xc0:	/* SOF0 */
-+			case 0xc1:	/* SOF1 */
-+			case 0xc3:	/* SOF3 */
-+			case 0xc9:	/* SOF9 */
-+			case 0xca:	/* SOF10 */
- 				if(no==0){
--					_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
--					for(j=0;j<buffer[*bufferoffset+9];j++){
--						if( (buffer[*bufferoffset+11+(2*j)]>>4) > h_samp) 
--							h_samp = (buffer[*bufferoffset+11+(2*j)]>>4);
--						if( (buffer[*bufferoffset+11+(2*j)] & 0x0f) > v_samp) 
--							v_samp = (buffer[*bufferoffset+11+(2*j)] & 0x0f);
-+					_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
-+					ncomp = buffer[*bufferoffset+9];
-+					if (ncomp < 1 || ncomp > 4)
-+						return(0);
-+					v_samp=1;
-+					h_samp=1;
-+					for(j=0;j<ncomp;j++){
-+						uint16 samp = buffer[*bufferoffset+11+(3*j)];
-+						if( (samp>>4) > h_samp) 
-+							h_samp = (samp>>4);
-+						if( (samp & 0x0f) > v_samp) 
-+							v_samp = (samp & 0x0f);
- 					}
- 					v_samp*=8;
- 					h_samp*=8;
-@@ -3381,45 +3404,43 @@
-                                           (unsigned char) ((height>>8) & 0xff);
- 					buffer[*bufferoffset+6]=
-                                             (unsigned char) (height & 0xff);
--					*bufferoffset+=strip[i+2]+2;
--					i+=strip[i+2]+2;
--
-+					*bufferoffset+=datalen+2;
-+					/* insert a DRI marker */
- 					buffer[(*bufferoffset)++]=0xff;
- 					buffer[(*bufferoffset)++]=0xdd;
- 					buffer[(*bufferoffset)++]=0x00;
- 					buffer[(*bufferoffset)++]=0x04;
- 					buffer[(*bufferoffset)++]=(ri >> 8) & 0xff;
- 					buffer[(*bufferoffset)++]= ri & 0xff;
--				} else {
--					i+=strip[i+2]+2;
- 				}
- 				break;
--			case 0xc4:
--			case 0xdb:
--				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
--				*bufferoffset+=strip[i+2]+2;
--				i+=strip[i+2]+2;
-+			case 0xc4: /* DHT */
-+			case 0xdb: /* DQT */
-+				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
-+				*bufferoffset+=datalen+2;
- 				break;
--			case 0xda:
-+			case 0xda: /* SOS */
- 				if(no==0){
--					_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
--					*bufferoffset+=strip[i+2]+2;
--					i+=strip[i+2]+2;
-+					_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
-+					*bufferoffset+=datalen+2;
- 				} else {
- 					buffer[(*bufferoffset)++]=0xff;
- 					buffer[(*bufferoffset)++]=
-                                             (unsigned char)(0xd0 | ((no-1)%8));
--					i+=strip[i+2]+2;
- 				}
--				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), (*striplength)-i-1);
--				*bufferoffset+=(*striplength)-i-1;
-+				i += datalen + 1;
-+				/* copy remainder of strip */
-+				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i]), *striplength - i);
-+				*bufferoffset+= *striplength - i;
- 				return(1);
- 			default:
--				i+=strip[i+2]+2;
-+				/* ignore any other marker */
-+				break;
- 		}
-+		i += datalen + 1;
- 	}
--	
- 
-+	/* failed to find SOS marker */
- 	return(0);
- }
- #endif
diff --git a/gnu/packages/patches/libtiff-CVE-2013-1961.patch b/gnu/packages/patches/libtiff-CVE-2013-1961.patch
deleted file mode 100644
index 9c2481ce83..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2013-1961.patch
+++ /dev/null
@@ -1,770 +0,0 @@
-Copied from Debian
-
-Index: tiff-4.0.3/contrib/dbs/xtiff/xtiff.c
-===================================================================
---- tiff-4.0.3.orig/contrib/dbs/xtiff/xtiff.c	2013-06-23 10:36:51.163629483 -0400
-+++ tiff-4.0.3/contrib/dbs/xtiff/xtiff.c	2013-06-23 10:36:51.147629484 -0400
-@@ -512,9 +512,9 @@
-     Arg args[1];
- 
-     if (tfMultiPage)
--        sprintf(buffer, "%s - page %d", fileName, tfDirectory);
-+        snprintf(buffer, sizeof(buffer), "%s - page %d", fileName, tfDirectory);
-     else
--        strcpy(buffer, fileName);
-+        snprintf(buffer, sizeof(buffer), "%s", fileName);
-     XtSetArg(args[0], XtNlabel, buffer);
-     XtSetValues(labelWidget, args, 1);
- }
-Index: tiff-4.0.3/libtiff/tif_dirinfo.c
-===================================================================
---- tiff-4.0.3.orig/libtiff/tif_dirinfo.c	2013-06-23 10:36:51.163629483 -0400
-+++ tiff-4.0.3/libtiff/tif_dirinfo.c	2013-06-23 10:36:51.147629484 -0400
-@@ -711,7 +711,7 @@
- 	 * note that this name is a special sign to TIFFClose() and
- 	 * _TIFFSetupFields() to free the field
- 	 */
--	sprintf(fld->field_name, "Tag %d", (int) tag);
-+	snprintf(fld->field_name, 32, "Tag %d", (int) tag);
- 
- 	return fld;    
- }
-Index: tiff-4.0.3/libtiff/tif_codec.c
-===================================================================
---- tiff-4.0.3.orig/libtiff/tif_codec.c	2013-06-23 10:36:51.163629483 -0400
-+++ tiff-4.0.3/libtiff/tif_codec.c	2013-06-23 10:36:51.151629482 -0400
-@@ -108,7 +108,8 @@
- 	const TIFFCodec* c = TIFFFindCODEC(tif->tif_dir.td_compression);
-         char compression_code[20];
-         
--        sprintf( compression_code, "%d", tif->tif_dir.td_compression );
-+        snprintf(compression_code, sizeof(compression_code), "%d",
-+		 tif->tif_dir.td_compression );
- 	TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
-                      "%s compression support is not configured", 
-                      c ? c->name : compression_code );
-Index: tiff-4.0.3/tools/tiffdither.c
-===================================================================
---- tiff-4.0.3.orig/tools/tiffdither.c	2013-06-23 10:36:51.163629483 -0400
-+++ tiff-4.0.3/tools/tiffdither.c	2013-06-23 10:36:51.151629482 -0400
-@@ -260,7 +260,7 @@
- 		TIFFSetField(out, TIFFTAG_FILLORDER, fillorder);
- 	else
- 		CopyField(TIFFTAG_FILLORDER, shortv);
--	sprintf(thing, "Dithered B&W version of %s", argv[optind]);
-+	snprintf(thing, sizeof(thing), "Dithered B&W version of %s", argv[optind]);
- 	TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, thing);
- 	CopyField(TIFFTAG_PHOTOMETRIC, shortv);
- 	CopyField(TIFFTAG_ORIENTATION, shortv);
-Index: tiff-4.0.3/tools/rgb2ycbcr.c
-===================================================================
---- tiff-4.0.3.orig/tools/rgb2ycbcr.c	2013-06-23 10:36:51.163629483 -0400
-+++ tiff-4.0.3/tools/rgb2ycbcr.c	2013-06-23 10:36:51.151629482 -0400
-@@ -332,7 +332,8 @@
- 	TIFFSetField(out, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG);
- 	{ char buf[2048];
- 	  char *cp = strrchr(TIFFFileName(in), '/');
--	  sprintf(buf, "YCbCr conversion of %s", cp ? cp+1 : TIFFFileName(in));
-+	  snprintf(buf, sizeof(buf), "YCbCr conversion of %s",
-+		   cp ? cp+1 : TIFFFileName(in));
- 	  TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, buf);
- 	}
- 	TIFFSetField(out, TIFFTAG_SOFTWARE, TIFFGetVersion());
-Index: tiff-4.0.3/tools/tiff2pdf.c
-===================================================================
---- tiff-4.0.3.orig/tools/tiff2pdf.c	2013-06-23 10:36:51.163629483 -0400
-+++ tiff-4.0.3/tools/tiff2pdf.c	2013-06-23 10:36:51.151629482 -0400
-@@ -3630,7 +3630,9 @@
- 	char buffer[16];
- 	int buflen=0;
- 	
--	buflen=sprintf(buffer, "%%PDF-%u.%u ", t2p->pdf_majorversion&0xff, t2p->pdf_minorversion&0xff);
-+	buflen = snprintf(buffer, sizeof(buffer), "%%PDF-%u.%u ",
-+			  t2p->pdf_majorversion&0xff,
-+			  t2p->pdf_minorversion&0xff);
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 	written += t2pWriteFile(output, (tdata_t)"\n%\342\343\317\323\n", 7);
- 
-@@ -3644,10 +3646,10 @@
- tsize_t t2p_write_pdf_obj_start(uint32 number, TIFF* output){
- 
- 	tsize_t written=0;
--	char buffer[16];
-+	char buffer[32];
- 	int buflen=0;
- 
--	buflen=sprintf(buffer, "%lu", (unsigned long)number);
-+	buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)number);
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen );
- 	written += t2pWriteFile(output, (tdata_t) " 0 obj\n", 7);
- 
-@@ -3686,13 +3688,13 @@
- 	written += t2pWriteFile(output, (tdata_t) "/", 1);
- 	for (i=0;i<namelen;i++){
- 		if ( ((unsigned char)name[i]) < 0x21){
--			sprintf(buffer, "#%.2X", name[i]);
-+			snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
- 			buffer[sizeof(buffer) - 1] = '\0';
- 			written += t2pWriteFile(output, (tdata_t) buffer, 3);
- 			nextchar=1;
- 		}
- 		if ( ((unsigned char)name[i]) > 0x7E){
--			sprintf(buffer, "#%.2X", name[i]);
-+			snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
- 			buffer[sizeof(buffer) - 1] = '\0';
- 			written += t2pWriteFile(output, (tdata_t) buffer, 3);
- 			nextchar=1;
-@@ -3700,57 +3702,57 @@
- 		if (nextchar==0){
- 			switch (name[i]){
- 				case 0x23:
--					sprintf(buffer, "#%.2X", name[i]);
-+					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
- 					buffer[sizeof(buffer) - 1] = '\0';
- 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
- 					break;
- 				case 0x25:
--					sprintf(buffer, "#%.2X", name[i]);
-+					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
- 					buffer[sizeof(buffer) - 1] = '\0';
- 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
- 					break;
- 				case 0x28:
--					sprintf(buffer, "#%.2X", name[i]);
-+					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
- 					buffer[sizeof(buffer) - 1] = '\0';
- 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
- 					break;
- 				case 0x29:
--					sprintf(buffer, "#%.2X", name[i]); 
-+					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); 
- 					buffer[sizeof(buffer) - 1] = '\0';
- 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
- 					break;
- 				case 0x2F:
--					sprintf(buffer, "#%.2X", name[i]); 
-+					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); 
- 					buffer[sizeof(buffer) - 1] = '\0';
- 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
- 					break;
- 				case 0x3C:
--					sprintf(buffer, "#%.2X", name[i]); 
-+					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); 
- 					buffer[sizeof(buffer) - 1] = '\0';
- 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
- 					break;
- 				case 0x3E:
--					sprintf(buffer, "#%.2X", name[i]);
-+					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
- 					buffer[sizeof(buffer) - 1] = '\0';
- 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
- 					break;
- 				case 0x5B:
--					sprintf(buffer, "#%.2X", name[i]); 
-+					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); 
- 					buffer[sizeof(buffer) - 1] = '\0';
- 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
- 					break;
- 				case 0x5D:
--					sprintf(buffer, "#%.2X", name[i]);
-+					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
- 					buffer[sizeof(buffer) - 1] = '\0';
- 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
- 					break;
- 				case 0x7B:
--					sprintf(buffer, "#%.2X", name[i]); 
-+					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); 
- 					buffer[sizeof(buffer) - 1] = '\0';
- 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
- 					break;
- 				case 0x7D:
--					sprintf(buffer, "#%.2X", name[i]); 
-+					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); 
- 					buffer[sizeof(buffer) - 1] = '\0';
- 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
- 					break;
-@@ -3865,14 +3867,14 @@
- tsize_t t2p_write_pdf_stream_dict(tsize_t len, uint32 number, TIFF* output){
- 	
- 	tsize_t written=0;
--	char buffer[16];
-+	char buffer[32];
- 	int buflen=0;
- 	
- 	written += t2pWriteFile(output, (tdata_t) "/Length ", 8);
- 	if(len!=0){
- 		written += t2p_write_pdf_stream_length(len, output);
- 	} else {
--		buflen=sprintf(buffer, "%lu", (unsigned long)number);
-+		buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)number);
- 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 		written += t2pWriteFile(output, (tdata_t) " 0 R \n", 6);
- 	}
-@@ -3913,10 +3915,10 @@
- tsize_t t2p_write_pdf_stream_length(tsize_t len, TIFF* output){
- 
- 	tsize_t written=0;
--	char buffer[16];
-+	char buffer[32];
- 	int buflen=0;
- 
--	buflen=sprintf(buffer, "%lu", (unsigned long)len);
-+	buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)len);
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 	written += t2pWriteFile(output, (tdata_t) "\n", 1);
- 
-@@ -3930,7 +3932,7 @@
- tsize_t t2p_write_pdf_catalog(T2P* t2p, TIFF* output)
- {
- 	tsize_t written = 0;
--	char buffer[16];
-+	char buffer[32];
- 	int buflen = 0;
- 
- 	written += t2pWriteFile(output, 
-@@ -3969,7 +3971,6 @@
- 		written += t2p_write_pdf_string(t2p->pdf_datetime, output);
- 	}
- 	written += t2pWriteFile(output, (tdata_t) "\n/Producer ", 11);
--	_TIFFmemset((tdata_t)buffer, 0x00, sizeof(buffer));
- 	snprintf(buffer, sizeof(buffer), "libtiff / tiff2pdf - %d", TIFFLIB_VERSION);
- 	written += t2p_write_pdf_string(buffer, output);
- 	written += t2pWriteFile(output, (tdata_t) "\n", 1);
-@@ -4110,7 +4111,7 @@
- {
- 	tsize_t written=0;
- 	tdir_t i=0;
--	char buffer[16];
-+	char buffer[32];
- 	int buflen=0;
- 
- 	int page=0;
-@@ -4118,7 +4119,7 @@
- 		(tdata_t) "<< \n/Type /Pages \n/Kids [ ", 26);
- 	page = t2p->pdf_pages+1;
- 	for (i=0;i<t2p->tiff_pagecount;i++){
--		buflen=sprintf(buffer, "%d", page);
-+		buflen=snprintf(buffer, sizeof(buffer), "%d", page);
- 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 		written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
- 		if ( ((i+1)%8)==0 ) {
-@@ -4133,8 +4134,7 @@
- 		}
- 	}
- 	written += t2pWriteFile(output, (tdata_t) "] \n/Count ", 10);
--	_TIFFmemset(buffer, 0x00, 16);
--	buflen=sprintf(buffer, "%d", t2p->tiff_pagecount);
-+	buflen=snprintf(buffer, sizeof(buffer), "%d", t2p->tiff_pagecount);
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 	written += t2pWriteFile(output, (tdata_t) " \n>> \n", 6);
- 
-@@ -4149,28 +4149,28 @@
- 
- 	unsigned int i=0;
- 	tsize_t written=0;
--	char buffer[16];
-+	char buffer[256];
- 	int buflen=0;
- 
- 	written += t2pWriteFile(output, (tdata_t) "<<\n/Type /Page \n/Parent ", 24);
--	buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_pages);
-+	buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_pages);
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 	written += t2pWriteFile(output, (tdata_t) " 0 R \n", 6);
- 	written += t2pWriteFile(output, (tdata_t) "/MediaBox [", 11); 
--	buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.x1);
-+	buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.x1);
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 	written += t2pWriteFile(output, (tdata_t) " ", 1); 
--	buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.y1);
-+	buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.y1);
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 	written += t2pWriteFile(output, (tdata_t) " ", 1); 
--	buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.x2);
-+	buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.x2);
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 	written += t2pWriteFile(output, (tdata_t) " ", 1); 
--	buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.y2);
-+	buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.y2);
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 	written += t2pWriteFile(output, (tdata_t) "] \n", 3); 
- 	written += t2pWriteFile(output, (tdata_t) "/Contents ", 10);
--	buflen=sprintf(buffer, "%lu", (unsigned long)(object + 1));
-+	buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)(object + 1));
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 	written += t2pWriteFile(output, (tdata_t) " 0 R \n", 6);
- 	written += t2pWriteFile(output, (tdata_t) "/Resources << \n", 15);
-@@ -4178,15 +4178,13 @@
- 		written += t2pWriteFile(output, (tdata_t) "/XObject <<\n", 12);
- 		for(i=0;i<t2p->tiff_tiles[t2p->pdf_page].tiles_tilecount;i++){
- 			written += t2pWriteFile(output, (tdata_t) "/Im", 3);
--			buflen = sprintf(buffer, "%u", t2p->pdf_page+1);
-+			buflen = snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_page+1);
- 			written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 			written += t2pWriteFile(output, (tdata_t) "_", 1);
--			buflen = sprintf(buffer, "%u", i+1);
-+			buflen = snprintf(buffer, sizeof(buffer), "%u", i+1);
- 			written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 			written += t2pWriteFile(output, (tdata_t) " ", 1);
--			buflen = sprintf(
--				buffer, 
--				"%lu", 
-+			buflen = snprintf(buffer, sizeof(buffer), "%lu",
- 				(unsigned long)(object+3+(2*i)+t2p->tiff_pages[t2p->pdf_page].page_extra)); 
- 			written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 			written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
-@@ -4198,12 +4196,10 @@
- 	} else {
- 			written += t2pWriteFile(output, (tdata_t) "/XObject <<\n", 12);
- 			written += t2pWriteFile(output, (tdata_t) "/Im", 3);
--			buflen = sprintf(buffer, "%u", t2p->pdf_page+1);
-+			buflen = snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_page+1);
- 			written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 			written += t2pWriteFile(output, (tdata_t) " ", 1);
--			buflen = sprintf(
--				buffer, 
--				"%lu", 
-+			buflen = snprintf(buffer, sizeof(buffer), "%lu",
- 				(unsigned long)(object+3+(2*i)+t2p->tiff_pages[t2p->pdf_page].page_extra)); 
- 			written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 			written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
-@@ -4212,9 +4208,7 @@
- 	if(t2p->tiff_transferfunctioncount != 0) {
- 		written += t2pWriteFile(output, (tdata_t) "/ExtGState <<", 13);
- 		t2pWriteFile(output, (tdata_t) "/GS1 ", 5);
--		buflen = sprintf(
--			buffer, 
--			"%lu", 
-+		buflen = snprintf(buffer, sizeof(buffer), "%lu",
- 			(unsigned long)(object + 3)); 
- 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 		written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
-@@ -4587,7 +4581,7 @@
- 	if(t2p->tiff_tiles[t2p->pdf_page].tiles_tilecount>0){ 
- 		for(i=0;i<t2p->tiff_tiles[t2p->pdf_page].tiles_tilecount; i++){
- 			box=t2p->tiff_tiles[t2p->pdf_page].tiles_tiles[i].tile_box;
--			buflen=sprintf(buffer, 
-+			buflen=snprintf(buffer, sizeof(buffer), 
- 				"q %s %.4f %.4f %.4f %.4f %.4f %.4f cm /Im%d_%ld Do Q\n", 
- 				t2p->tiff_transferfunctioncount?"/GS1 gs ":"",
- 				box.mat[0],
-@@ -4602,7 +4596,7 @@
- 		}
- 	} else {
- 		box=t2p->pdf_imagebox;
--		buflen=sprintf(buffer, 
-+		buflen=snprintf(buffer, sizeof(buffer), 
- 			"q %s %.4f %.4f %.4f %.4f %.4f %.4f cm /Im%d Do Q\n", 
- 			t2p->tiff_transferfunctioncount?"/GS1 gs ":"",
- 			box.mat[0],
-@@ -4627,59 +4621,48 @@
- 												TIFF* output){
- 
- 	tsize_t written=0;
--	char buffer[16];
-+	char buffer[32];
- 	int buflen=0;
- 
- 	written += t2p_write_pdf_stream_dict(0, t2p->pdf_xrefcount+1, output); 
- 	written += t2pWriteFile(output, 
- 		(tdata_t) "/Type /XObject \n/Subtype /Image \n/Name /Im", 
- 		42);
--	buflen=sprintf(buffer, "%u", t2p->pdf_page+1);
-+	buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_page+1);
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 	if(tile != 0){
- 		written += t2pWriteFile(output, (tdata_t) "_", 1);
--		buflen=sprintf(buffer, "%lu", (unsigned long)tile);
-+		buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)tile);
- 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 	}
- 	written += t2pWriteFile(output, (tdata_t) "\n/Width ", 8);
--	_TIFFmemset((tdata_t)buffer, 0x00, 16);
- 	if(tile==0){
--		buflen=sprintf(buffer, "%lu", (unsigned long)t2p->tiff_width);
-+		buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->tiff_width);
- 	} else {
- 		if(t2p_tile_is_right_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)!=0){
--			buflen=sprintf(
--				buffer, 
--				"%lu", 
-+			buflen=snprintf(buffer, sizeof(buffer), "%lu",
- 				(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilewidth);
- 		} else {
--			buflen=sprintf(
--				buffer, 
--				"%lu", 
-+			buflen=snprintf(buffer, sizeof(buffer), "%lu",
- 				(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilewidth);
- 		}
- 	}
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 	written += t2pWriteFile(output, (tdata_t) "\n/Height ", 9);
--	_TIFFmemset((tdata_t)buffer, 0x00, 16);
- 	if(tile==0){
--		buflen=sprintf(buffer, "%lu", (unsigned long)t2p->tiff_length);
-+		buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->tiff_length);
- 	} else {
- 		if(t2p_tile_is_bottom_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)!=0){
--			buflen=sprintf(
--				buffer, 
--				"%lu", 
-+			buflen=snprintf(buffer, sizeof(buffer), "%lu",
- 				(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilelength);
- 		} else {
--			buflen=sprintf(
--				buffer, 
--				"%lu", 
-+			buflen=snprintf(buffer, sizeof(buffer), "%lu",
- 				(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilelength);
- 		}
- 	}
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 	written += t2pWriteFile(output, (tdata_t) "\n/BitsPerComponent ", 19);
--	_TIFFmemset((tdata_t)buffer, 0x00, 16);
--	buflen=sprintf(buffer, "%u", t2p->tiff_bitspersample);
-+	buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->tiff_bitspersample);
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 	written += t2pWriteFile(output, (tdata_t) "\n/ColorSpace ", 13);
- 	written += t2p_write_pdf_xobject_cs(t2p, output);
-@@ -4723,11 +4706,10 @@
- 		t2p->pdf_colorspace ^= T2P_CS_PALETTE;
- 		written += t2p_write_pdf_xobject_cs(t2p, output);
- 		t2p->pdf_colorspace |= T2P_CS_PALETTE;
--		buflen=sprintf(buffer, "%u", (0x0001 << t2p->tiff_bitspersample)-1 );
-+		buflen=snprintf(buffer, sizeof(buffer), "%u", (0x0001 << t2p->tiff_bitspersample)-1 );
- 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 		written += t2pWriteFile(output, (tdata_t) " ", 1);
--		_TIFFmemset(buffer, 0x00, 16);
--		buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_palettecs ); 
-+		buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_palettecs ); 
- 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 		written += t2pWriteFile(output, (tdata_t) " 0 R ]\n", 7);
- 		return(written);
-@@ -4761,10 +4743,10 @@
- 			X_W /= Y_W;
- 			Z_W /= Y_W;
- 			Y_W = 1.0F;
--			buflen=sprintf(buffer, "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
-+			buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
- 			written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 			written += t2pWriteFile(output, (tdata_t) "/Range ", 7);
--			buflen=sprintf(buffer, "[%d %d %d %d] \n", 
-+			buflen=snprintf(buffer, sizeof(buffer), "[%d %d %d %d] \n", 
- 				t2p->pdf_labrange[0], 
- 				t2p->pdf_labrange[1], 
- 				t2p->pdf_labrange[2], 
-@@ -4780,26 +4762,26 @@
- tsize_t t2p_write_pdf_transfer(T2P* t2p, TIFF* output){
- 
- 	tsize_t written=0;
--	char buffer[16];
-+	char buffer[32];
- 	int buflen=0;
- 
- 	written += t2pWriteFile(output, (tdata_t) "<< /Type /ExtGState \n/TR ", 25);
- 	if(t2p->tiff_transferfunctioncount == 1){
--		buflen=sprintf(buffer, "%lu",
-+		buflen=snprintf(buffer, sizeof(buffer), "%lu",
- 			       (unsigned long)(t2p->pdf_xrefcount + 1));
- 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 		written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
- 	} else {
- 		written += t2pWriteFile(output, (tdata_t) "[ ", 2);
--		buflen=sprintf(buffer, "%lu",
-+		buflen=snprintf(buffer, sizeof(buffer), "%lu",
- 			       (unsigned long)(t2p->pdf_xrefcount + 1));
- 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 		written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
--		buflen=sprintf(buffer, "%lu",
-+		buflen=snprintf(buffer, sizeof(buffer), "%lu",
- 			       (unsigned long)(t2p->pdf_xrefcount + 2));
- 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 		written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
--		buflen=sprintf(buffer, "%lu",
-+		buflen=snprintf(buffer, sizeof(buffer), "%lu",
- 			       (unsigned long)(t2p->pdf_xrefcount + 3));
- 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 		written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
-@@ -4821,7 +4803,7 @@
- 	written += t2pWriteFile(output, (tdata_t) "/FunctionType 0 \n", 17);
- 	written += t2pWriteFile(output, (tdata_t) "/Domain [0.0 1.0] \n", 19);
- 	written += t2pWriteFile(output, (tdata_t) "/Range [0.0 1.0] \n", 18);
--	buflen=sprintf(buffer, "/Size [%u] \n", (1<<t2p->tiff_bitspersample));
-+	buflen=snprintf(buffer, sizeof(buffer), "/Size [%u] \n", (1<<t2p->tiff_bitspersample));
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 	written += t2pWriteFile(output, (tdata_t) "/BitsPerSample 16 \n", 19);
- 	written += t2p_write_pdf_stream_dict(((tsize_t)1)<<(t2p->tiff_bitspersample+1), 0, output);
-@@ -4848,7 +4830,7 @@
- tsize_t t2p_write_pdf_xobject_calcs(T2P* t2p, TIFF* output){
- 
- 	tsize_t written=0;
--	char buffer[128];
-+	char buffer[256];
- 	int buflen=0;
- 	
- 	float X_W=0.0;
-@@ -4916,16 +4898,16 @@
- 	written += t2pWriteFile(output, (tdata_t) "<< \n", 4);
- 	if(t2p->pdf_colorspace & T2P_CS_CALGRAY){
- 		written += t2pWriteFile(output, (tdata_t) "/WhitePoint ", 12);
--		buflen=sprintf(buffer, "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
-+		buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
- 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 		written += t2pWriteFile(output, (tdata_t) "/Gamma 2.2 \n", 12);
- 	}
- 	if(t2p->pdf_colorspace & T2P_CS_CALRGB){
- 		written += t2pWriteFile(output, (tdata_t) "/WhitePoint ", 12);
--		buflen=sprintf(buffer, "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
-+		buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
- 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 		written += t2pWriteFile(output, (tdata_t) "/Matrix ", 8);
--		buflen=sprintf(buffer, "[%.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f] \n", 
-+		buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f] \n", 
- 			X_R, Y_R, Z_R, 
- 			X_G, Y_G, Z_G, 
- 			X_B, Y_B, Z_B); 
-@@ -4944,11 +4926,11 @@
- tsize_t t2p_write_pdf_xobject_icccs(T2P* t2p, TIFF* output){
- 
- 	tsize_t written=0;
--	char buffer[16];
-+	char buffer[32];
- 	int buflen=0;
- 	
- 	written += t2pWriteFile(output, (tdata_t) "[/ICCBased ", 11);
--	buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_icccs);
-+	buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_icccs);
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 	written += t2pWriteFile(output, (tdata_t) " 0 R] \n", 7);
- 
-@@ -4958,11 +4940,11 @@
- tsize_t t2p_write_pdf_xobject_icccs_dict(T2P* t2p, TIFF* output){
- 
- 	tsize_t written=0;
--	char buffer[16];
-+	char buffer[32];
- 	int buflen=0;
- 	
- 	written += t2pWriteFile(output, (tdata_t) "/N ", 3);
--	buflen=sprintf(buffer, "%u \n", t2p->tiff_samplesperpixel);
-+	buflen=snprintf(buffer, sizeof(buffer), "%u \n", t2p->tiff_samplesperpixel);
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 	written += t2pWriteFile(output, (tdata_t) "/Alternate ", 11);
- 	t2p->pdf_colorspace ^= T2P_CS_ICCBASED;
-@@ -5027,7 +5009,7 @@
- tsize_t t2p_write_pdf_xobject_stream_filter(ttile_t tile, T2P* t2p, TIFF* output){
- 
- 	tsize_t written=0;
--	char buffer[16];
-+	char buffer[32];
- 	int buflen=0;
- 
- 	if(t2p->pdf_compression==T2P_COMPRESS_NONE){
-@@ -5042,41 +5024,33 @@
- 			written += t2pWriteFile(output, (tdata_t) "<< /K -1 ", 9);
- 			if(tile==0){
- 				written += t2pWriteFile(output, (tdata_t) "/Columns ", 9);
--				buflen=sprintf(buffer, "%lu",
-+				buflen=snprintf(buffer, sizeof(buffer), "%lu",
- 					       (unsigned long)t2p->tiff_width);
- 				written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 				written += t2pWriteFile(output, (tdata_t) " /Rows ", 7);
--				buflen=sprintf(buffer, "%lu",
-+				buflen=snprintf(buffer, sizeof(buffer), "%lu",
- 					       (unsigned long)t2p->tiff_length);
- 				written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 			} else {
- 				if(t2p_tile_is_right_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)==0){
- 					written += t2pWriteFile(output, (tdata_t) "/Columns ", 9);
--					buflen=sprintf(
--						buffer, 
--						"%lu", 
-+					buflen=snprintf(buffer, sizeof(buffer), "%lu",
- 						(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilewidth);
- 					written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 				} else {
- 					written += t2pWriteFile(output, (tdata_t) "/Columns ", 9);
--					buflen=sprintf(
--						buffer, 
--						"%lu", 
-+					buflen=snprintf(buffer, sizeof(buffer), "%lu",
- 						(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilewidth);
- 					written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 				}
- 				if(t2p_tile_is_bottom_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)==0){
- 					written += t2pWriteFile(output, (tdata_t) " /Rows ", 7);
--					buflen=sprintf(
--						buffer, 
--						"%lu", 
-+					buflen=snprintf(buffer, sizeof(buffer), "%lu",
- 						(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilelength);
- 					written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 				} else {
- 					written += t2pWriteFile(output, (tdata_t) " /Rows ", 7);
--					buflen=sprintf(
--						buffer, 
--						"%lu", 
-+					buflen=snprintf(buffer, sizeof(buffer), "%lu",
- 						(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilelength);
- 					written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 				}
-@@ -5103,21 +5077,17 @@
- 			if(t2p->pdf_compressionquality%100){
- 				written += t2pWriteFile(output, (tdata_t) "/DecodeParms ", 13);
- 				written += t2pWriteFile(output, (tdata_t) "<< /Predictor ", 14);
--				_TIFFmemset(buffer, 0x00, 16);
--				buflen=sprintf(buffer, "%u", t2p->pdf_compressionquality%100);
-+				buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_compressionquality%100);
- 				written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 				written += t2pWriteFile(output, (tdata_t) " /Columns ", 10);
--				_TIFFmemset(buffer, 0x00, 16);
--				buflen = sprintf(buffer, "%lu",
-+				buflen = snprintf(buffer, sizeof(buffer), "%lu",
- 						 (unsigned long)t2p->tiff_width);
- 				written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 				written += t2pWriteFile(output, (tdata_t) " /Colors ", 9);
--				_TIFFmemset(buffer, 0x00, 16);
--				buflen=sprintf(buffer, "%u", t2p->tiff_samplesperpixel);
-+				buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->tiff_samplesperpixel);
- 				written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 				written += t2pWriteFile(output, (tdata_t) " /BitsPerComponent ", 19);
--				_TIFFmemset(buffer, 0x00, 16);
--				buflen=sprintf(buffer, "%u", t2p->tiff_bitspersample);
-+				buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->tiff_bitspersample);
- 				written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 				written += t2pWriteFile(output, (tdata_t) ">>\n", 3);
- 			}
-@@ -5137,16 +5107,16 @@
- tsize_t t2p_write_pdf_xreftable(T2P* t2p, TIFF* output){
- 
- 	tsize_t written=0;
--	char buffer[21];
-+	char buffer[64];
- 	int buflen=0;
- 	uint32 i=0;
- 
- 	written += t2pWriteFile(output, (tdata_t) "xref\n0 ", 7);
--	buflen=sprintf(buffer, "%lu", (unsigned long)(t2p->pdf_xrefcount + 1));
-+	buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)(t2p->pdf_xrefcount + 1));
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- 	written += t2pWriteFile(output, (tdata_t) " \n0000000000 65535 f \n", 22);
- 	for (i=0;i<t2p->pdf_xrefcount;i++){
--		sprintf(buffer, "%.10lu 00000 n \n",
-+		snprintf(buffer, sizeof(buffer), "%.10lu 00000 n \n",
- 			(unsigned long)t2p->pdf_xrefoffsets[i]);
- 		written += t2pWriteFile(output, (tdata_t) buffer, 20);
- 	}
-@@ -5170,17 +5140,14 @@
- 		snprintf(t2p->pdf_fileid + i, 9, "%.8X", rand());
- 
- 	written += t2pWriteFile(output, (tdata_t) "trailer\n<<\n/Size ", 17);
--	buflen = sprintf(buffer, "%lu", (unsigned long)(t2p->pdf_xrefcount+1));
-+	buflen = snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)(t2p->pdf_xrefcount+1));
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
--	_TIFFmemset(buffer, 0x00, 32);	
- 	written += t2pWriteFile(output, (tdata_t) "\n/Root ", 7);
--	buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_catalog);
-+	buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_catalog);
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
--	_TIFFmemset(buffer, 0x00, 32);	
- 	written += t2pWriteFile(output, (tdata_t) " 0 R \n/Info ", 12);
--	buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_info);
-+	buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_info);
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
--	_TIFFmemset(buffer, 0x00, 32);	
- 	written += t2pWriteFile(output, (tdata_t) " 0 R \n/ID[<", 11);
- 	written += t2pWriteFile(output, (tdata_t) t2p->pdf_fileid,
- 				sizeof(t2p->pdf_fileid) - 1);
-@@ -5188,9 +5155,8 @@
- 	written += t2pWriteFile(output, (tdata_t) t2p->pdf_fileid,
- 				sizeof(t2p->pdf_fileid) - 1);
- 	written += t2pWriteFile(output, (tdata_t) ">]\n>>\nstartxref\n", 16);
--	buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_startxref);
-+	buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_startxref);
- 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
--	_TIFFmemset(buffer, 0x00, 32);	
- 	written += t2pWriteFile(output, (tdata_t) "\n%%EOF\n", 7);
- 
- 	return(written);
-Index: tiff-4.0.3/tools/tiff2ps.c
-===================================================================
---- tiff-4.0.3.orig/tools/tiff2ps.c	2013-06-23 10:36:51.163629483 -0400
-+++ tiff-4.0.3/tools/tiff2ps.c	2013-06-23 10:36:51.155629481 -0400
-@@ -1781,8 +1781,8 @@
- 		imageOp = "imagemask";
- 
- 	(void)strcpy(im_x, "0");
--	(void)sprintf(im_y, "%lu", (long) h);
--	(void)sprintf(im_h, "%lu", (long) h);
-+	(void)snprintf(im_y, sizeof(im_y), "%lu", (long) h);
-+	(void)snprintf(im_h, sizeof(im_h), "%lu", (long) h);
- 	tile_width = w;
- 	tile_height = h;
- 	if (TIFFIsTiled(tif)) {
-@@ -1803,7 +1803,7 @@
- 		}
- 		if (tile_height < h) {
- 			fputs("/im_y 0 def\n", fd);
--			(void)sprintf(im_y, "%lu im_y sub", (unsigned long) h);
-+			(void)snprintf(im_y, sizeof(im_y), "%lu im_y sub", (unsigned long) h);
- 		}
- 	} else {
- 		repeat_count = tf_numberstrips;
-@@ -1815,7 +1815,7 @@
- 			fprintf(fd, "/im_h %lu def\n",
- 			    (unsigned long) tile_height);
- 			(void)strcpy(im_h, "im_h");
--			(void)sprintf(im_y, "%lu im_y sub", (unsigned long) h);
-+			(void)snprintf(im_y, sizeof(im_y), "%lu im_y sub", (unsigned long) h);
- 		}
- 	}
- 
-Index: tiff-4.0.3/tools/tiffcrop.c
-===================================================================
---- tiff-4.0.3.orig/tools/tiffcrop.c	2013-06-23 10:36:51.163629483 -0400
-+++ tiff-4.0.3/tools/tiffcrop.c	2013-06-23 10:36:51.159629481 -0400
-@@ -2077,7 +2077,7 @@
-         return 1;
-         }
- 
--      sprintf (filenum, "-%03d%s", findex, export_ext);
-+      snprintf(filenum, sizeof(filenum), "-%03d%s", findex, export_ext);
-       filenum[14] = '\0';
-       strncat (exportname, filenum, 15);
-       }
-@@ -2230,8 +2230,8 @@
- 
-           /* dump.infilename is guaranteed to be NUL termimated and have 20 bytes 
-              fewer than PATH_MAX */ 
--          memset (temp_filename, '\0', PATH_MAX + 1);              
--          sprintf (temp_filename, "%s-read-%03d.%s", dump.infilename, dump_images,
-+          snprintf(temp_filename, sizeof(temp_filename), "%s-read-%03d.%s",
-+		   dump.infilename, dump_images,
-                   (dump.format == DUMP_TEXT) ? "txt" : "raw");
-           if ((dump.infile = fopen(temp_filename, dump.mode)) == NULL)
-             {
-@@ -2249,8 +2249,8 @@
- 
-           /* dump.outfilename is guaranteed to be NUL termimated and have 20 bytes 
-              fewer than PATH_MAX */ 
--          memset (temp_filename, '\0', PATH_MAX + 1);              
--          sprintf (temp_filename, "%s-write-%03d.%s", dump.outfilename, dump_images,
-+          snprintf(temp_filename, sizeof(temp_filename), "%s-write-%03d.%s",
-+		   dump.outfilename, dump_images,
-                   (dump.format == DUMP_TEXT) ? "txt" : "raw");
-           if ((dump.outfile = fopen(temp_filename, dump.mode)) == NULL)
-             {
-Index: tiff-4.0.3/tools/tiff2bw.c
-===================================================================
---- tiff-4.0.3.orig/tools/tiff2bw.c	2013-06-23 10:36:51.163629483 -0400
-+++ tiff-4.0.3/tools/tiff2bw.c	2013-06-23 10:36:51.159629481 -0400
-@@ -205,7 +205,7 @@
- 		}
- 	}
- 	TIFFSetField(out, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_MINISBLACK);
--	sprintf(thing, "B&W version of %s", argv[optind]);
-+	snprintf(thing, sizeof(thing), "B&W version of %s", argv[optind]);
- 	TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, thing);
- 	TIFFSetField(out, TIFFTAG_SOFTWARE, "tiff2bw");
- 	outbuf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
diff --git a/gnu/packages/patches/libtiff-CVE-2013-4231.patch b/gnu/packages/patches/libtiff-CVE-2013-4231.patch
deleted file mode 100644
index c71f7dac2e..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2013-4231.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-Copied from Debian
-
-Description: Buffer overflow in gif2tiff
-Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2450
-Bug-Debian: http://bugs.debian.org/719303
-
-Index: tiff-4.0.3/tools/gif2tiff.c
-===================================================================
---- tiff-4.0.3.orig/tools/gif2tiff.c	2013-08-22 11:46:11.960846910 -0400
-+++ tiff-4.0.3/tools/gif2tiff.c	2013-08-22 11:46:11.956846910 -0400
-@@ -333,6 +333,8 @@
-     int status = 1;
- 
-     datasize = getc(infile);
-+    if (datasize > 12)
-+	return 0;
-     clear = 1 << datasize;
-     eoi = clear + 1;
-     avail = clear + 2;
diff --git a/gnu/packages/patches/libtiff-CVE-2013-4232.patch b/gnu/packages/patches/libtiff-CVE-2013-4232.patch
deleted file mode 100644
index 3a92f61fef..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2013-4232.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Copied from Debian
-
-Description: use after free in tiff2pdf
-Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2449
-Bug-Debian: http://bugs.debian.org/719303
-
-Index: tiff-4.0.3/tools/tiff2pdf.c
-===================================================================
---- tiff-4.0.3.orig/tools/tiff2pdf.c	2013-08-22 11:46:37.292847242 -0400
-+++ tiff-4.0.3/tools/tiff2pdf.c	2013-08-22 11:46:37.292847242 -0400
-@@ -2461,7 +2461,8 @@
- 					(unsigned long) t2p->tiff_datasize, 
- 					TIFFFileName(input));
- 				t2p->t2p_error = T2P_ERR_ERROR;
--			  _TIFFfree(buffer);
-+				_TIFFfree(buffer);
-+				return(0);
- 			} else {
- 				buffer=samplebuffer;
- 				t2p->tiff_datasize *= t2p->tiff_samplesperpixel;
diff --git a/gnu/packages/patches/libtiff-CVE-2013-4243.patch b/gnu/packages/patches/libtiff-CVE-2013-4243.patch
deleted file mode 100644
index a10884cd89..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2013-4243.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Copied from Debian
-
-Index: tiff/tools/gif2tiff.c
-===================================================================
---- tiff.orig/tools/gif2tiff.c
-+++ tiff/tools/gif2tiff.c
-@@ -280,6 +280,10 @@ readgifimage(char* mode)
-         fprintf(stderr, "no colormap present for image\n");
-         return (0);
-     }
-+    if (width == 0 || height == 0) {
-+        fprintf(stderr, "Invalid value of width or height\n");
-+        return(0);
-+    }
-     if ((raster = (unsigned char*) _TIFFmalloc(width*height+EXTRAFUDGE)) == NULL) {
-         fprintf(stderr, "not enough memory for image\n");
-         return (0);
-@@ -404,6 +408,10 @@ process(register int code, unsigned char
-             fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
-             return 0;
-         }
-+        if (*fill >= raster + width*height) {
-+            fprintf(stderr, "raster full before eoi code\n");
-+            return 0;
-+        }
- 	*(*fill)++ = suffix[code];
- 	firstchar = oldcode = code;
- 	return 1;
-@@ -434,6 +442,10 @@ process(register int code, unsigned char
-     }
-     oldcode = incode;
-     do {
-+        if (*fill >= raster + width*height) {
-+            fprintf(stderr, "raster full before eoi code\n");
-+            return 0;
-+        }
- 	*(*fill)++ = *--stackp;
-     } while (stackp > stack);
-     return 1;
diff --git a/gnu/packages/patches/libtiff-CVE-2013-4244.patch b/gnu/packages/patches/libtiff-CVE-2013-4244.patch
deleted file mode 100644
index be9c65c311..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2013-4244.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Copied from Debian
-
-Description: OOB write in gif2tiff
-Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=996468
-
-Index: tiff-4.0.3/tools/gif2tiff.c
-===================================================================
---- tiff-4.0.3.orig/tools/gif2tiff.c	2013-08-24 11:17:13.546447901 -0400
-+++ tiff-4.0.3/tools/gif2tiff.c	2013-08-24 11:17:13.546447901 -0400
-@@ -400,6 +400,10 @@
-     }
- 
-     if (oldcode == -1) {
-+        if (code >= clear) {
-+            fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
-+            return 0;
-+        }
- 	*(*fill)++ = suffix[code];
- 	firstchar = oldcode = code;
- 	return 1;
diff --git a/gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch b/gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch
deleted file mode 100644
index 7f70edb86f..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Copied from Debian
-
-From 0782c759084daaf9e4de7ee6be7543081823455e Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Sun, 21 Dec 2014 20:58:29 +0000
-Subject: [PATCH] * tools/tiff2bw.c: when Photometric=RGB, the utility only
- works if SamplesPerPixel = 3. Enforce that
- http://bugzilla.maptools.org/show_bug.cgi?id=2485 (CVE-2014-8127)
-
----
- ChangeLog       | 6 ++++++
- tools/tiff2bw.c | 5 +++++
- 2 files changed, 11 insertions(+)
-
-diff --git a/tools/tiff2bw.c b/tools/tiff2bw.c
-index 22467cd..94b8e31 100644
---- a/tools/tiff2bw.c
-+++ b/tools/tiff2bw.c
-@@ -171,6 +171,11 @@ main(int argc, char* argv[])
- 		    argv[optind], samplesperpixel);
- 		return (-1);
- 	}
-+	if( photometric == PHOTOMETRIC_RGB && samplesperpixel != 3) {
-+		fprintf(stderr, "%s: Bad samples/pixel %u for PHOTOMETRIC_RGB.\n",
-+		    argv[optind], samplesperpixel);
-+		return (-1);
-+	}
- 	TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bitspersample);
- 	if (bitspersample != 8) {
- 		fprintf(stderr,
diff --git a/gnu/packages/patches/libtiff-CVE-2014-8127-pt2.patch b/gnu/packages/patches/libtiff-CVE-2014-8127-pt2.patch
deleted file mode 100644
index a177ebfa21..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2014-8127-pt2.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Copied from Debian
-
-From 3996fa0f84f4a8b7e65fe4b8f0681711022034ea Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Sun, 21 Dec 2014 20:04:31 +0000
-Subject: [PATCH] * tools/pal2rgb.c, tools/thumbnail.c: fix crash by disabling
- TIFFTAG_INKNAMES copying. The right fix would be to properly copy it, but not
- worth the burden for those esoteric utilities.
- http://bugzilla.maptools.org/show_bug.cgi?id=2484 (CVE-2014-8127)
-
----
- ChangeLog         | 7 +++++++
- tools/pal2rgb.c   | 2 +-
- tools/thumbnail.c | 2 +-
- 3 files changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c
-index bfe7899..3fc3de3 100644
---- a/tools/pal2rgb.c
-+++ b/tools/pal2rgb.c
-@@ -372,7 +372,7 @@ static struct cpTag {
-     { TIFFTAG_CLEANFAXDATA,		1, TIFF_SHORT },
-     { TIFFTAG_CONSECUTIVEBADFAXLINES,	1, TIFF_LONG },
-     { TIFFTAG_INKSET,			1, TIFF_SHORT },
--    { TIFFTAG_INKNAMES,			1, TIFF_ASCII },
-+    /*{ TIFFTAG_INKNAMES,			1, TIFF_ASCII },*/ /* Needs much more complicated logic. See tiffcp */
-     { TIFFTAG_DOTRANGE,			2, TIFF_SHORT },
-     { TIFFTAG_TARGETPRINTER,		1, TIFF_ASCII },
-     { TIFFTAG_SAMPLEFORMAT,		1, TIFF_SHORT },
-diff --git a/tools/thumbnail.c b/tools/thumbnail.c
-index c50bbff..73f9c34 100644
---- a/tools/thumbnail.c
-+++ b/tools/thumbnail.c
-@@ -257,7 +257,7 @@ static struct cpTag {
-     { TIFFTAG_CLEANFAXDATA,		1, TIFF_SHORT },
-     { TIFFTAG_CONSECUTIVEBADFAXLINES,	1, TIFF_LONG },
-     { TIFFTAG_INKSET,			1, TIFF_SHORT },
--    { TIFFTAG_INKNAMES,			1, TIFF_ASCII },
-+    /*{ TIFFTAG_INKNAMES,			1, TIFF_ASCII },*/ /* Needs much more complicated logic. See tiffcp */
-     { TIFFTAG_DOTRANGE,			2, TIFF_SHORT },
-     { TIFFTAG_TARGETPRINTER,		1, TIFF_ASCII },
-     { TIFFTAG_SAMPLEFORMAT,		1, TIFF_SHORT },
diff --git a/gnu/packages/patches/libtiff-CVE-2014-8127-pt3.patch b/gnu/packages/patches/libtiff-CVE-2014-8127-pt3.patch
deleted file mode 100644
index b8a3703c4c..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2014-8127-pt3.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Copied from Debian
-
-From 1f7359b00663804d96c3a102bcb6ead9812c1509 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Tue, 23 Dec 2014 10:15:35 +0000
-Subject: [PATCH] * libtiff/tif_read.c: fix several invalid comparisons of a
- uint64 value with <= 0 by casting it to int64 first. This solves crashing bug
- on corrupted images generated by afl.
-
----
- ChangeLog          | 6 ++++++
- libtiff/tif_read.c | 6 +++---
- 2 files changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
-index 2ba822a..dfc5b07 100644
---- a/libtiff/tif_read.c
-+++ b/libtiff/tif_read.c
-@@ -458,7 +458,7 @@ TIFFReadRawStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size)
- 		return ((tmsize_t)(-1));
- 	}
- 	bytecount = td->td_stripbytecount[strip];
--	if (bytecount <= 0) {
-+	if ((int64)bytecount <= 0) {
- #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
- 		TIFFErrorExt(tif->tif_clientdata, module,
- 			     "%I64u: Invalid strip byte count, strip %lu",
-@@ -498,7 +498,7 @@ TIFFFillStrip(TIFF* tif, uint32 strip)
- 	if ((tif->tif_flags&TIFF_NOREADRAW)==0)
- 	{
- 		uint64 bytecount = td->td_stripbytecount[strip];
--		if (bytecount <= 0) {
-+		if ((int64)bytecount <= 0) {
- #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
- 			TIFFErrorExt(tif->tif_clientdata, module,
- 				"Invalid strip byte count %I64u, strip %lu",
-@@ -801,7 +801,7 @@ TIFFFillTile(TIFF* tif, uint32 tile)
- 	if ((tif->tif_flags&TIFF_NOREADRAW)==0)
- 	{
- 		uint64 bytecount = td->td_stripbytecount[tile];
--		if (bytecount <= 0) {
-+		if ((int64)bytecount <= 0) {
- #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
- 			TIFFErrorExt(tif->tif_clientdata, module,
- 				"%I64u: Invalid tile byte count, tile %lu",
diff --git a/gnu/packages/patches/libtiff-CVE-2014-8127-pt4.patch b/gnu/packages/patches/libtiff-CVE-2014-8127-pt4.patch
deleted file mode 100644
index 62d903c650..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2014-8127-pt4.patch
+++ /dev/null
@@ -1,295 +0,0 @@
-Copied from Debian
-
-From 662f74445b2fea2eeb759c6524661118aef567ca Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Sun, 21 Dec 2014 15:15:31 +0000
-Subject: [PATCH] Fix various crasher bugs on fuzzed images. *
- libtiff/tif_dir.c: TIFFSetField(): refuse to set negative values for
- TIFFTAG_XRESOLUTION and TIFFTAG_YRESOLUTION that cause asserts when writing
- the directory * libtiff/tif_dirread.c: TIFFReadDirectory(): refuse to read
- ColorMap or TransferFunction if BitsPerSample has not yet been read,
- otherwise reading it later will cause user code to crash if BitsPerSample > 1
- * libtiff/tif_getimage.c: TIFFRGBAImageOK(): return FALSE if LOGLUV with
- SamplesPerPixel != 3, or if CIELAB with SamplesPerPixel != 3 or BitsPerSample
- != 8 * libtiff/tif_next.c: in the "run mode", use tilewidth for tiled images
- instead of imagewidth to avoid crash * tools/bmp2tiff.c: fix crash due to int
- overflow related to input BMP dimensions * tools/tiff2pdf.c: fix crash due to
- invalid tile count (should likely be checked by libtiff too). Detect invalid
- settings of BitsPerSample/SamplesPerPixel for CIELAB / ITULAB *
- tools/tiffcrop.c: fix crash due to invalid TileWidth/TileHeight *
- tools/tiffdump.c: fix crash due to overflow of entry count.
-
----
- ChangeLog              | 19 +++++++++++++++++++
- libtiff/tif_dir.c      | 21 +++++++++++++++++++--
- libtiff/tif_dirread.c  | 17 +++++++++++++++++
- libtiff/tif_getimage.c | 15 +++++++++++++++
- libtiff/tif_next.c     |  2 ++
- tools/bmp2tiff.c       | 15 +++++++++++++++
- tools/tiff2pdf.c       | 41 +++++++++++++++++++++++++++++++++++++++++
- tools/tiffcrop.c       |  7 ++++---
- tools/tiffdump.c       |  9 ++++++---
- 9 files changed, 138 insertions(+), 8 deletions(-)
-
-diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
-index 98cf66d..ab43a28 100644
---- a/libtiff/tif_dir.c
-+++ b/libtiff/tif_dir.c
-@@ -160,6 +160,7 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
- 	TIFFDirectory* td = &tif->tif_dir;
- 	int status = 1;
- 	uint32 v32, i, v;
-+    double dblval;
- 	char* s;
- 	const TIFFField *fip = TIFFFindField(tif, tag, TIFF_ANY);
- 	uint32 standard_tag = tag;
-@@ -284,10 +285,16 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
- 			setDoubleArrayOneValue(&td->td_smaxsamplevalue, va_arg(ap, double), td->td_samplesperpixel);
- 		break;
- 	case TIFFTAG_XRESOLUTION:
--		td->td_xresolution = (float) va_arg(ap, double);
-+        dblval = va_arg(ap, double);
-+        if( dblval < 0 )
-+            goto badvaluedouble;
-+		td->td_xresolution = (float) dblval;
- 		break;
- 	case TIFFTAG_YRESOLUTION:
--		td->td_yresolution = (float) va_arg(ap, double);
-+        dblval = va_arg(ap, double);
-+        if( dblval < 0 )
-+            goto badvaluedouble;
-+		td->td_yresolution = (float) dblval;
- 		break;
- 	case TIFFTAG_PLANARCONFIG:
- 		v = (uint16) va_arg(ap, uint16_vap);
-@@ -694,6 +701,16 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
- 		va_end(ap);
-         }
- 	return (0);
-+badvaluedouble:
-+        {
-+        const TIFFField* fip=TIFFFieldWithTag(tif,tag);
-+        TIFFErrorExt(tif->tif_clientdata, module,
-+             "%s: Bad value %f for \"%s\" tag",
-+             tif->tif_name, dblval,
-+             fip ? fip->field_name : "Unknown");
-+        va_end(ap);
-+        }
-+    return (0);
- }
- 
- /*
-diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
-index 391c823..f66c9a7 100644
---- a/libtiff/tif_dirread.c
-+++ b/libtiff/tif_dirread.c
-@@ -3430,6 +3430,8 @@ TIFFReadDirectory(TIFF* tif)
- 	const TIFFField* fip;
- 	uint32 fii=FAILED_FII;
-         toff_t nextdiroff;
-+    int bitspersample_read = FALSE;
-+
- 	tif->tif_diroff=tif->tif_nextdiroff;
- 	if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff))
- 		return 0;           /* last offset or bad offset (IFD looping) */
-@@ -3706,6 +3708,8 @@ TIFFReadDirectory(TIFF* tif)
- 					}
- 					if (!TIFFSetField(tif,dp->tdir_tag,value))
- 						goto bad;
-+                    if( dp->tdir_tag == TIFFTAG_BITSPERSAMPLE )
-+                        bitspersample_read = TRUE;
- 				}
- 				break;
- 			case TIFFTAG_SMINSAMPLEVALUE:
-@@ -3763,6 +3767,19 @@ TIFFReadDirectory(TIFF* tif)
- 					uint32 countrequired;
- 					uint32 incrementpersample;
- 					uint16* value=NULL;
-+                    /* It would be dangerous to instanciate those tag values */
-+                    /* since if td_bitspersample has not yet been read (due to */
-+                    /* unordered tags), it could be read afterwards with a */
-+                    /* values greater than the default one (1), which may cause */
-+                    /* crashes in user code */
-+                    if( !bitspersample_read )
-+                    {
-+                        fip = TIFFFieldWithTag(tif,dp->tdir_tag);
-+                        TIFFWarningExt(tif->tif_clientdata,module,
-+                                       "Ignoring %s since BitsPerSample tag not found",
-+                                       fip ? fip->field_name : "unknown tagname");
-+                        continue;
-+                    }
- 					countpersample=(1L<<tif->tif_dir.td_bitspersample);
- 					if ((dp->tdir_tag==TIFFTAG_TRANSFERFUNCTION)&&(dp->tdir_count==(uint64)countpersample))
- 					{
-diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
-index 074d32a..396ad08 100644
---- a/libtiff/tif_getimage.c
-+++ b/libtiff/tif_getimage.c
-@@ -182,8 +182,23 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
- 				    "Planarconfiguration", td->td_planarconfig);
- 				return (0);
- 			}
-+			if( td->td_samplesperpixel != 3 )
-+            {
-+                sprintf(emsg,
-+                        "Sorry, can not handle image with %s=%d",
-+                        "Samples/pixel", td->td_samplesperpixel);
-+                return 0;
-+            }
- 			break;
- 		case PHOTOMETRIC_CIELAB:
-+            if( td->td_samplesperpixel != 3 || td->td_bitspersample != 8 )
-+            {
-+                sprintf(emsg,
-+                        "Sorry, can not handle image with %s=%d and %s=%d",
-+                        "Samples/pixel", td->td_samplesperpixel,
-+                        "Bits/sample", td->td_bitspersample);
-+                return 0;
-+            }
- 			break;
- 		default:
- 			sprintf(emsg, "Sorry, can not handle image with %s=%d",
-diff --git a/libtiff/tif_next.c b/libtiff/tif_next.c
-index 55e2537..a53c716 100644
---- a/libtiff/tif_next.c
-+++ b/libtiff/tif_next.c
-@@ -102,6 +102,8 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s)
- 		default: {
- 			uint32 npixels = 0, grey;
- 			uint32 imagewidth = tif->tif_dir.td_imagewidth;
-+            if( isTiled(tif) )
-+                imagewidth = tif->tif_dir.td_tilewidth;
- 
- 			/*
- 			 * The scanline is composed of a sequence of constant
-diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
-index dfda963..f202b41 100644
---- a/tools/tiff2pdf.c
-+++ b/tools/tiff2pdf.c
-@@ -1167,6 +1167,15 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){
- 		if( (TIFFGetField(input, TIFFTAG_PLANARCONFIG, &xuint16) != 0)
- 			&& (xuint16 == PLANARCONFIG_SEPARATE ) ){
- 				TIFFGetField(input, TIFFTAG_SAMPLESPERPIXEL, &xuint16);
-+                if( (t2p->tiff_tiles[i].tiles_tilecount % xuint16) != 0 )
-+                {
-+                    TIFFError(
-+                        TIFF2PDF_MODULE, 
-+                        "Invalid tile count, %s", 
-+                        TIFFFileName(input));
-+                    t2p->t2p_error = T2P_ERR_ERROR;
-+                    return;
-+                }
- 				t2p->tiff_tiles[i].tiles_tilecount/= xuint16;
- 		}
- 		if( t2p->tiff_tiles[i].tiles_tilecount > 0){
-@@ -1552,6 +1561,22 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){
- #endif
- 			break;
- 		case PHOTOMETRIC_CIELAB:
-+            if( t2p->tiff_samplesperpixel != 3){
-+                TIFFError(
-+                    TIFF2PDF_MODULE, 
-+                    "Unsupported samplesperpixel = %d for CIELAB", 
-+                    t2p->tiff_samplesperpixel);
-+                t2p->t2p_error = T2P_ERR_ERROR;
-+                return;
-+            }
-+            if( t2p->tiff_bitspersample != 8){
-+                TIFFError(
-+                    TIFF2PDF_MODULE, 
-+                    "Invalid bitspersample = %d for CIELAB", 
-+                    t2p->tiff_bitspersample);
-+                t2p->t2p_error = T2P_ERR_ERROR;
-+                return;
-+            }
- 			t2p->pdf_labrange[0]= -127;
- 			t2p->pdf_labrange[1]= 127;
- 			t2p->pdf_labrange[2]= -127;
-@@ -1567,6 +1592,22 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){
- 			t2p->pdf_colorspace=T2P_CS_LAB;
- 			break;
- 		case PHOTOMETRIC_ITULAB:
-+            if( t2p->tiff_samplesperpixel != 3){
-+                TIFFError(
-+                    TIFF2PDF_MODULE, 
-+                    "Unsupported samplesperpixel = %d for ITULAB", 
-+                    t2p->tiff_samplesperpixel);
-+                t2p->t2p_error = T2P_ERR_ERROR;
-+                return;
-+            }
-+            if( t2p->tiff_bitspersample != 8){
-+                TIFFError(
-+                    TIFF2PDF_MODULE, 
-+                    "Invalid bitspersample = %d for ITULAB", 
-+                    t2p->tiff_bitspersample);
-+                t2p->t2p_error = T2P_ERR_ERROR;
-+                return;
-+            }
- 			t2p->pdf_labrange[0]=-85;
- 			t2p->pdf_labrange[1]=85;
- 			t2p->pdf_labrange[2]=-75;
-diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
-index f5530bb..4088463 100644
---- a/tools/tiffcrop.c
-+++ b/tools/tiffcrop.c
-@@ -1205,9 +1205,10 @@ static int writeBufferToContigTiles (TIFF* out, uint8* buf, uint32 imagelength,
-   tsize_t tilesize = TIFFTileSize(out);
-   unsigned char *tilebuf = NULL;
- 
--  TIFFGetField(out, TIFFTAG_TILELENGTH, &tl);
--  TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw);
--  TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
-+  if( !TIFFGetField(out, TIFFTAG_TILELENGTH, &tl) ||
-+      !TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw) ||
-+      !TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps) )
-+      return 1;
- 
-   tile_buffsize = tilesize;
-   if (tilesize < (tsize_t)(tl * tile_rowsize))
-diff --git a/tools/tiffdump.c b/tools/tiffdump.c
-index cf5d62f..8247765 100644
---- a/tools/tiffdump.c
-+++ b/tools/tiffdump.c
-@@ -374,6 +374,8 @@ ReadDirectory(int fd, unsigned int ix, uint64 off)
- 		void* datamem;
- 		uint64 dataoffset;
- 		int datatruncated;
-+        int datasizeoverflow;
-+
- 		tag = *(uint16*)dp;
- 		if (swabflag)
- 			TIFFSwabShort(&tag);
-@@ -412,13 +414,14 @@ ReadDirectory(int fd, unsigned int ix, uint64 off)
- 		else
- 			typewidth = datawidth[type];
- 		datasize = count*typewidth;
-+        datasizeoverflow = (typewidth > 0 && datasize / typewidth != count);
- 		datafits = 1;
- 		datamem = dp;
- 		dataoffset = 0;
- 		datatruncated = 0;
- 		if (!bigtiff)
- 		{
--			if (datasize>4)
-+			if (datasizeoverflow || datasize>4)
- 			{
- 				uint32 dataoffset32;
- 				datafits = 0;
-@@ -432,7 +435,7 @@ ReadDirectory(int fd, unsigned int ix, uint64 off)
- 		}
- 		else
- 		{
--			if (datasize>8)
-+			if (datasizeoverflow || datasize>8)
- 			{
- 				datafits = 0;
- 				datamem = NULL;
-@@ -442,7 +445,7 @@ ReadDirectory(int fd, unsigned int ix, uint64 off)
- 			}
- 			dp += sizeof(uint64);
- 		}
--		if (datasize>0x10000)
-+		if (datasizeoverflow || datasize>0x10000)
- 		{
- 			datatruncated = 1;
- 			count = 0x10000/typewidth;
diff --git a/gnu/packages/patches/libtiff-CVE-2014-8128-pt1.patch b/gnu/packages/patches/libtiff-CVE-2014-8128-pt1.patch
deleted file mode 100644
index fda018b7bb..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2014-8128-pt1.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Copied from Debian
-
-From 3206e0c752a62da1ae606867113ed3bf9bf73306 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Sun, 21 Dec 2014 19:53:59 +0000
-Subject: [PATCH] * tools/thumbnail.c: fix out-of-buffer write
- http://bugzilla.maptools.org/show_bug.cgi?id=2489 (CVE-2014-8128)
-
----
- ChangeLog         | 5 +++++
- tools/thumbnail.c | 8 +++++++-
- 2 files changed, 12 insertions(+), 1 deletion(-)
-
-diff --git a/tools/thumbnail.c b/tools/thumbnail.c
-index fab63f6..c50bbff 100644
---- a/tools/thumbnail.c
-+++ b/tools/thumbnail.c
-@@ -568,7 +568,13 @@ setImage1(const uint8* br, uint32 rw, uint32 rh)
- 	    err -= limit;
- 	    sy++;
- 	    if (err >= limit)
--		rows[nrows++] = br + bpr*sy;
-+		{
-+			/* We should perhaps error loudly, but I can't make sense of that */
-+			/* code... */
-+			if( nrows == 256 )
-+				break;
-+			rows[nrows++] = br + bpr*sy;
-+		}
- 	}
- 	setrow(row, nrows, rows);
- 	row += tnw;
diff --git a/gnu/packages/patches/libtiff-CVE-2014-8128-pt2.patch b/gnu/packages/patches/libtiff-CVE-2014-8128-pt2.patch
deleted file mode 100644
index 6f9ef85d14..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2014-8128-pt2.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-Copied from Debian
-
-From 8b6e80fca434525497e5a31c3309a3bab5b3c1c8 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Sun, 21 Dec 2014 18:52:42 +0000
-Subject: [PATCH] * tools/thumbnail.c, tools/tiffcmp.c: only read/write
- TIFFTAG_GROUP3OPTIONS or TIFFTAG_GROUP4OPTIONS if compression is
- COMPRESSION_CCITTFAX3 or COMPRESSION_CCITTFAX4
- http://bugzilla.maptools.org/show_bug.cgi?id=2493 (CVE-2014-8128)
-
----
- ChangeLog         |  7 +++++++
- tools/thumbnail.c | 21 ++++++++++++++++++++-
- tools/tiffcmp.c   | 17 +++++++++++++++--
- 3 files changed, 42 insertions(+), 3 deletions(-)
-
-diff --git a/tools/thumbnail.c b/tools/thumbnail.c
-index a98a881..fab63f6 100644
---- a/tools/thumbnail.c
-+++ b/tools/thumbnail.c
-@@ -274,7 +274,26 @@ cpTags(TIFF* in, TIFF* out)
- {
-     struct cpTag *p;
-     for (p = tags; p < &tags[NTAGS]; p++)
--	cpTag(in, out, p->tag, p->count, p->type);
-+	{
-+		/* Horrible: but TIFFGetField() expects 2 arguments to be passed */
-+		/* if we request a tag that is defined in a codec, but that codec */
-+		/* isn't used */
-+		if( p->tag == TIFFTAG_GROUP3OPTIONS )
-+		{
-+			uint16 compression;
-+			if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
-+				compression != COMPRESSION_CCITTFAX3 )
-+				continue;
-+		}
-+		if( p->tag == TIFFTAG_GROUP4OPTIONS )
-+		{
-+			uint16 compression;
-+			if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
-+				compression != COMPRESSION_CCITTFAX4 )
-+				continue;
-+		}
-+		cpTag(in, out, p->tag, p->count, p->type);
-+	}
- }
- #undef NTAGS
- 
-diff --git a/tools/tiffcmp.c b/tools/tiffcmp.c
-index 508a461..d6392af 100644
---- a/tools/tiffcmp.c
-+++ b/tools/tiffcmp.c
-@@ -260,6 +260,7 @@ tiffcmp(TIFF* tif1, TIFF* tif2)
- static int
- cmptags(TIFF* tif1, TIFF* tif2)
- {
-+	uint16 compression1, compression2;
- 	CmpLongField(TIFFTAG_SUBFILETYPE,	"SubFileType");
- 	CmpLongField(TIFFTAG_IMAGEWIDTH,	"ImageWidth");
- 	CmpLongField(TIFFTAG_IMAGELENGTH,	"ImageLength");
-@@ -276,8 +277,20 @@ cmptags(TIFF* tif1, TIFF* tif2)
- 	CmpShortField(TIFFTAG_SAMPLEFORMAT,	"SampleFormat");
- 	CmpFloatField(TIFFTAG_XRESOLUTION,	"XResolution");
- 	CmpFloatField(TIFFTAG_YRESOLUTION,	"YResolution");
--	CmpLongField(TIFFTAG_GROUP3OPTIONS,	"Group3Options");
--	CmpLongField(TIFFTAG_GROUP4OPTIONS,	"Group4Options");
-+	if( TIFFGetField(tif1, TIFFTAG_COMPRESSION, &compression1) &&
-+		compression1 == COMPRESSION_CCITTFAX3 &&
-+		TIFFGetField(tif2, TIFFTAG_COMPRESSION, &compression2) &&
-+		compression2 == COMPRESSION_CCITTFAX3 )
-+	{
-+		CmpLongField(TIFFTAG_GROUP3OPTIONS,	"Group3Options");
-+	}
-+	if( TIFFGetField(tif1, TIFFTAG_COMPRESSION, &compression1) &&
-+		compression1 == COMPRESSION_CCITTFAX4 &&
-+		TIFFGetField(tif2, TIFFTAG_COMPRESSION, &compression2) &&
-+		compression2 == COMPRESSION_CCITTFAX4 )
-+	{
-+		CmpLongField(TIFFTAG_GROUP4OPTIONS,	"Group4Options");
-+	}
- 	CmpShortField(TIFFTAG_RESOLUTIONUNIT,	"ResolutionUnit");
- 	CmpShortField(TIFFTAG_PLANARCONFIG,	"PlanarConfiguration");
- 	CmpLongField(TIFFTAG_ROWSPERSTRIP,	"RowsPerStrip");
diff --git a/gnu/packages/patches/libtiff-CVE-2014-8128-pt3.patch b/gnu/packages/patches/libtiff-CVE-2014-8128-pt3.patch
deleted file mode 100644
index 200af0ef8b..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2014-8128-pt3.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Copied from Debian
-
-From 266bc48054b018a2f1d74562aa48eb2f509436d5 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Sun, 21 Dec 2014 17:36:36 +0000
-Subject: [PATCH] * tools/tiff2pdf.c: check return code of TIFFGetField() when
- reading TIFFTAG_SAMPLESPERPIXEL
-
----
- ChangeLog        |  5 +++++
- tools/tiff2pdf.c | 10 +++++++++-
- 2 files changed, 14 insertions(+), 1 deletion(-)
-
-Index: tiff-4.0.3/tools/tiff2pdf.c
-===================================================================
---- tiff-4.0.3.orig/tools/tiff2pdf.c
-+++ tiff-4.0.3/tools/tiff2pdf.c
-@@ -1164,7 +1164,15 @@ void t2p_read_tiff_init(T2P* t2p, TIFF*
- 			t2p->tiff_pages[i].page_tilecount;
- 		if( (TIFFGetField(input, TIFFTAG_PLANARCONFIG, &xuint16) != 0)
- 			&& (xuint16 == PLANARCONFIG_SEPARATE ) ){
--				TIFFGetField(input, TIFFTAG_SAMPLESPERPIXEL, &xuint16);
-+				if( !TIFFGetField(input, TIFFTAG_SAMPLESPERPIXEL, &xuint16) )
-+				{
-+					TIFFError(
-+                        TIFF2PDF_MODULE, 
-+                        "Missing SamplesPerPixel, %s", 
-+                        TIFFFileName(input));
-+                    t2p->t2p_error = T2P_ERR_ERROR;
-+                    return;
-+				}
-                 if( (t2p->tiff_tiles[i].tiles_tilecount % xuint16) != 0 )
-                 {
-                     TIFFError(
diff --git a/gnu/packages/patches/libtiff-CVE-2014-8128-pt4.patch b/gnu/packages/patches/libtiff-CVE-2014-8128-pt4.patch
deleted file mode 100644
index fda4045504..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2014-8128-pt4.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-Copied from Debian
-
-Picked from CVE: diff -u -r1.14 -r1.15
-http://bugzilla.maptools.org/show_bug.cgi?id=2501
-
-Author: Even Rouault <even.rouault@spatialys.com>
-
---- tiff-4.0.3.orig/tools/tiffdither.c
-+++ tiff-4.0.3/tools/tiffdither.c
-@@ -39,6 +39,7 @@
- #endif
- 
- #include "tiffio.h"
-+#include "tiffiop.h"
- 
- #define	streq(a,b)	(strcmp(a,b) == 0)
- #define	strneq(a,b,n)	(strncmp(a,b,n) == 0)
-@@ -56,7 +57,7 @@ static	void usage(void);
-  * Floyd-Steinberg error propragation with threshold.
-  * This code is stolen from tiffmedian.
-  */
--static void
-+static int
- fsdither(TIFF* in, TIFF* out)
- {
- 	unsigned char *outline, *inputline, *inptr;
-@@ -68,14 +69,19 @@ fsdither(TIFF* in, TIFF* out)
- 	int lastline, lastpixel;
- 	int bit;
- 	tsize_t outlinesize;
-+	int errcode = 0;
- 
- 	imax = imagelength - 1;
- 	jmax = imagewidth - 1;
- 	inputline = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(in));
--	thisline = (short *)_TIFFmalloc(imagewidth * sizeof (short));
--	nextline = (short *)_TIFFmalloc(imagewidth * sizeof (short));
-+	thisline = (short *)_TIFFmalloc(TIFFSafeMultiply(tmsize_t, imagewidth, sizeof (short)));
-+	nextline = (short *)_TIFFmalloc(TIFFSafeMultiply(tmsize_t, imagewidth, sizeof (short)));
- 	outlinesize = TIFFScanlineSize(out);
- 	outline = (unsigned char *) _TIFFmalloc(outlinesize);
-+	if (! (inputline && thisline && nextline && outline)) {
-+	    fprintf(stderr, "Out of memory.\n");
-+	    goto skip_on_error;
-+	}
- 
- 	/*
- 	 * Get first line
-@@ -93,7 +99,7 @@ fsdither(TIFF* in, TIFF* out)
- 		nextline = tmpptr;
- 		lastline = (i == imax);
- 		if (TIFFReadScanline(in, inputline, i, 0) <= 0)
--			break;
-+			goto skip_on_error;
- 		inptr = inputline;
- 		nextptr = nextline;
- 		for (j = 0; j < imagewidth; ++j)
-@@ -131,13 +137,18 @@ fsdither(TIFF* in, TIFF* out)
- 			}
- 		}
- 		if (TIFFWriteScanline(out, outline, i-1, 0) < 0)
--			break;
-+			goto skip_on_error;
- 	}
-+	goto exit_label;
-+
-   skip_on_error:
-+	errcode = 1;
-+  exit_label:
- 	_TIFFfree(inputline);
- 	_TIFFfree(thisline);
- 	_TIFFfree(nextline);
- 	_TIFFfree(outline);
-+	return errcode;
- }
- 
- static	uint16 compression = COMPRESSION_PACKBITS;
diff --git a/gnu/packages/patches/libtiff-CVE-2014-8128-pt5.patch b/gnu/packages/patches/libtiff-CVE-2014-8128-pt5.patch
deleted file mode 100644
index a555a18747..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2014-8128-pt5.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Copied from Debian
-
-Patches by Petr Gajdos (pgajdos@suse.cz) from
-http://bugzilla.maptools.org/show_bug.cgi?id=2499
-
---- tiff-4.0.3.orig/libtiff/tif_dirinfo.c
-+++ tiff-4.0.3/libtiff/tif_dirinfo.c
-@@ -141,6 +141,8 @@ tiffFields[] = {
- 	{ TIFFTAG_FAXDCS, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_ASCII, TIFF_SETGET_ASCII, FIELD_CUSTOM, TRUE, FALSE, "FaxDcs", NULL },
- 	{ TIFFTAG_STONITS, 1, 1, TIFF_DOUBLE, 0, TIFF_SETGET_DOUBLE, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "StoNits", NULL },
- 	{ TIFFTAG_INTEROPERABILITYIFD, 1, 1, TIFF_IFD8, 0, TIFF_SETGET_UNDEFINED, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "InteroperabilityIFDOffset", NULL },
-+	{ TIFFTAG_CONSECUTIVEBADFAXLINES, 1, 1, TIFF_LONG, 0, TIFF_SETGET_UINT32, TIFF_SETGET_UINT32, FIELD_CUSTOM, TRUE, FALSE, "ConsecutiveBadFaxLines", NULL },
-+        { TIFFTAG_PREDICTOR, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UINT16, FIELD_CUSTOM, FALSE, FALSE, "Predictor", NULL },
- 	/* begin DNG tags */
- 	{ TIFFTAG_DNGVERSION, 4, 4, TIFF_BYTE, 0, TIFF_SETGET_C0_UINT8, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "DNGVersion", NULL },
- 	{ TIFFTAG_DNGBACKWARDVERSION, 4, 4, TIFF_BYTE, 0, TIFF_SETGET_C0_UINT8, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "DNGBackwardVersion", NULL },
diff --git a/gnu/packages/patches/libtiff-CVE-2014-8129.patch b/gnu/packages/patches/libtiff-CVE-2014-8129.patch
deleted file mode 100644
index 091ec8f573..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2014-8129.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Copied from Debian
-
-From cd82b5267ad4c10eb91e4ee8a716a81362cf851c Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Sun, 21 Dec 2014 18:07:48 +0000
-Subject: [PATCH] * libtiff/tif_next.c: check that BitsPerSample = 2. Fixes
- http://bugzilla.maptools.org/show_bug.cgi?id=2487 (CVE-2014-8129)
-
----
- ChangeLog          |  5 +++++
- libtiff/tif_next.c | 17 +++++++++++++++++
- 2 files changed, 22 insertions(+)
-
-diff --git a/libtiff/tif_next.c b/libtiff/tif_next.c
-index a53c716..d834196 100644
---- a/libtiff/tif_next.c
-+++ b/libtiff/tif_next.c
-@@ -141,10 +141,27 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s)
- 	return (0);
- }
- 
-+static int
-+NeXTPreDecode(TIFF* tif, uint16 s)
-+{
-+	static const char module[] = "NeXTPreDecode";
-+	TIFFDirectory *td = &tif->tif_dir;
-+	(void)s;
-+
-+	if( td->td_bitspersample != 2 )
-+	{
-+		TIFFErrorExt(tif->tif_clientdata, module, "Unsupported BitsPerSample = %d",
-+					 td->td_bitspersample);
-+		return (0);
-+	}
-+	return (1);
-+}
-+	
- int
- TIFFInitNeXT(TIFF* tif, int scheme)
- {
- 	(void) scheme;
-+	tif->tif_predecode = NeXTPreDecode;  
- 	tif->tif_decoderow = NeXTDecode;  
- 	tif->tif_decodestrip = NeXTDecode;  
- 	tif->tif_decodetile = NeXTDecode;
diff --git a/gnu/packages/patches/libtiff-CVE-2014-9330.patch b/gnu/packages/patches/libtiff-CVE-2014-9330.patch
deleted file mode 100644
index c3c5fc0367..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2014-9330.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Copied from Debian
-
-Description: CVE-2014-9330
- Integer overflow in bmp2tiff
-Origin: upstream, http://bugzilla.maptools.org/show_bug.cgi?id=2494
-Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2494
-Bug-Debian: http://bugs.debian.org/773987
-
-Index: tiff/tools/bmp2tiff.c
-===================================================================
---- tiff.orig/tools/bmp2tiff.c
-+++ tiff/tools/bmp2tiff.c
-@@ -1,4 +1,4 @@
--/* $Id: bmp2tiff.c,v 1.23 2010-03-10 18:56:49 bfriesen Exp $
-+/* $Id: bmp2tiff.c,v 1.24 2014-12-21 15:15:32 erouault Exp $
-  *
-  * Project:  libtiff tools
-  * Purpose:  Convert Windows BMP files in TIFF.
-@@ -403,6 +403,13 @@ main(int argc, char* argv[])
- 
- 		width = info_hdr.iWidth;
- 		length = (info_hdr.iHeight > 0) ? info_hdr.iHeight : -info_hdr.iHeight;
-+        if( width <= 0 || length <= 0 )
-+        {
-+            TIFFError(infilename,
-+                  "Invalid dimensions of BMP file" );
-+            close(fd);
-+            return -1;
-+        }
- 
- 		switch (info_hdr.iBitCount)
- 		{
-@@ -593,6 +600,14 @@ main(int argc, char* argv[])
- 
- 			compr_size = file_hdr.iSize - file_hdr.iOffBits;
- 			uncompr_size = width * length;
-+            /* Detect int overflow */
-+            if( uncompr_size / width != length )
-+            {
-+                TIFFError(infilename,
-+                    "Invalid dimensions of BMP file" );
-+                close(fd);
-+                return -1;
-+            }
- 			comprbuf = (unsigned char *) _TIFFmalloc( compr_size );
- 			if (!comprbuf) {
- 				TIFFError(infilename,
diff --git a/gnu/packages/patches/libtiff-CVE-2014-9655.patch b/gnu/packages/patches/libtiff-CVE-2014-9655.patch
deleted file mode 100644
index 065804d03a..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2014-9655.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-Copied from Debian
-
-From 40a5955cbf0df62b1f9e9bd7d9657b0070725d19 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Mon, 29 Dec 2014 12:09:11 +0000
-Subject: [PATCH] * libtiff/tif_next.c: add new tests to check that we don't
- read outside of the compressed input stream buffer.
-
-* libtiff/tif_getimage.c: in OJPEG case, fix checks on strile width/height
----
- ChangeLog              |  9 +++++++++
- libtiff/tif_getimage.c | 12 +++++++-----
- libtiff/tif_next.c     |  4 +++-
- 3 files changed, 19 insertions(+), 6 deletions(-)
-
-diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
-index a4f46d9..3ad8ee7 100644
---- a/libtiff/tif_getimage.c
-+++ b/libtiff/tif_getimage.c
-@@ -1871,7 +1871,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr42tile)
- 
-     (void) y;
-     fromskew = (fromskew * 10) / 4;
--    if ((h & 3) == 0 && (w & 1) == 0) {
-+    if ((w & 3) == 0 && (h & 1) == 0) {
-         for (; h >= 2; h -= 2) {
-             x = w>>2;
-             do {
-@@ -1948,7 +1948,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr41tile)
-     /* XXX adjust fromskew */
-     do {
- 	x = w>>2;
--	do {
-+	while(x>0) {
- 	    int32 Cb = pp[4];
- 	    int32 Cr = pp[5];
- 
-@@ -1959,7 +1959,8 @@ DECLAREContigPutFunc(putcontig8bitYCbCr41tile)
- 
- 	    cp += 4;
- 	    pp += 6;
--	} while (--x);
-+		x--;
-+	}
- 
-         if( (w&3) != 0 )
-         {
-@@ -2050,7 +2051,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr21tile)
- 	fromskew = (fromskew * 4) / 2;
- 	do {
- 		x = w>>1;
--		do {
-+		while(x>0) {
- 			int32 Cb = pp[2];
- 			int32 Cr = pp[3];
- 
-@@ -2059,7 +2060,8 @@ DECLAREContigPutFunc(putcontig8bitYCbCr21tile)
- 
- 			cp += 2;
- 			pp += 4;
--		} while (--x);
-+			x --;
-+		}
- 
- 		if( (w&1) != 0 )
- 		{
-diff --git a/libtiff/tif_next.c b/libtiff/tif_next.c
-index d834196..dd669cc 100644
---- a/libtiff/tif_next.c
-+++ b/libtiff/tif_next.c
-@@ -71,7 +71,7 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s)
- 		TIFFErrorExt(tif->tif_clientdata, module, "Fractional scanlines cannot be read");
- 		return (0);
- 	}
--	for (row = buf; occ > 0; occ -= scanline, row += scanline) {
-+	for (row = buf; cc > 0 && occ > 0; occ -= scanline, row += scanline) {
- 		n = *bp++, cc--;
- 		switch (n) {
- 		case LITERALROW:
-@@ -90,6 +90,8 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s)
- 			 * The scanline has a literal span that begins at some
- 			 * offset.
- 			 */
-+			if( cc < 4 )
-+				goto bad;
- 			off = (bp[0] * 256) + bp[1];
- 			n = (bp[2] * 256) + bp[3];
- 			if (cc < 4+n || off+n > scanline)
diff --git a/gnu/packages/patches/openssl-c-rehash.patch b/gnu/packages/patches/openssl-c-rehash.patch
new file mode 100644
index 0000000000..f873a9af23
--- /dev/null
+++ b/gnu/packages/patches/openssl-c-rehash.patch
@@ -0,0 +1,17 @@
+This patch removes the explicit reference to the 'perl' binary,
+such that OpenSSL does not retain a reference to Perl.
+
+The 'c_rehash' program is seldom used, but it is used nonetheless
+to create symbolic links to certificates, for instance in the 'nss-certs'
+package.
+
+--- openssl-1.0.2d/tools/c_rehash	2015-09-09 18:36:07.313316482 +0200
++++ openssl-1.0.2d/tools/c_rehash	2015-09-09 18:36:28.965458458 +0200
+@@ -1,4 +1,6 @@
+-#!/usr/bin/perl
++eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}'
++  & eval 'exec perl -wS "$0" $argv:q'
++    if 0;
+ 
+ # Perl c_rehash script, scan all files in a directory
+ # and add symbolic links to their hash values.
diff --git a/gnu/packages/patches/perl-autosplit-default-time.patch b/gnu/packages/patches/perl-autosplit-default-time.patch
new file mode 100644
index 0000000000..e801ac9bfe
--- /dev/null
+++ b/gnu/packages/patches/perl-autosplit-default-time.patch
@@ -0,0 +1,15 @@
+AutoSplit will fail to create an index for files whose modification time is 0
+because its default time for a non-existent index is 1.  Set this default time
+to -1 instead.
+
+--- perl-5.16.1/cpan/AutoLoader/lib/AutoSplit.pm.orig	2012-02-14 22:44:36.000000000 -0600
++++ perl-5.16.1/cpan/AutoLoader/lib/AutoSplit.pm	2015-09-09 19:59:22.208708921 -0500
+@@ -361,7 +361,7 @@
+     my($al_idx_file) = catfile($autodir, $modpname, $IndexFile);
+ 
+     if ($check_mod_time){
+-	my($al_ts_time) = (stat("$al_idx_file"))[9] || 1;
++	my($al_ts_time) = (stat("$al_idx_file"))[9] || -1;
+ 	if ($al_ts_time >= $pm_mod_time and
+ 	    $al_ts_time >= $self_mod_time){
+ 	    print "AutoSplit skipped ($al_idx_file newer than $filename)\n"
diff --git a/gnu/packages/patches/pixman-pointer-arithmetic.patch b/gnu/packages/patches/pixman-pointer-arithmetic.patch
new file mode 100644
index 0000000000..d34e6632a0
--- /dev/null
+++ b/gnu/packages/patches/pixman-pointer-arithmetic.patch
@@ -0,0 +1,15 @@
+Fix <https://bugs.freedesktop.org/show_bug.cgi?id=92027> whereby
+an arithemitic overflow could occur while doing pointer arithmetic,
+leading pixman to use an invalid address as the destination buffer.
+
+--- pixman-0.32.6/pixman/pixman-general.c	2015-09-21 15:14:34.695981325 +0200
++++ pixman-0.32.6/pixman/pixman-general.c	2015-09-21 15:19:48.898355548 +0200
+@@ -144,8 +144,7 @@ general_composite_rect  (pixman_implemen
+     mask_buffer = ALIGN (src_buffer + width * Bpp);
+     dest_buffer = ALIGN (mask_buffer + width * Bpp);
+ 
+-    if (ALIGN (dest_buffer + width * Bpp) >
+-	    scanline_buffer + sizeof (stack_scanline_buffer))
++    if ((width + 1) * Bpp * 3 > sizeof (stack_scanline_buffer))
+     {
+ 	scanline_buffer = pixman_malloc_ab_plus_c (width, Bpp * 3, 32 * 3);
diff --git a/gnu/packages/patches/util-linux-tests.patch b/gnu/packages/patches/util-linux-tests.patch
index 2ad025f66a..f436299b7f 100644
--- a/gnu/packages/patches/util-linux-tests.patch
+++ b/gnu/packages/patches/util-linux-tests.patch
@@ -16,15 +16,3 @@ using 'getpwnam' in libmount.  This doesn't work in the chroot because
  ts_init_subtest "deduplicate"
  ts_valgrind $TESTPROG --dedup bbb,ccc,AAA,xxx,AAA=a,AAA=bbb,ddd,AAA=ccc,fff=eee AAA &> $TS_OUTPUT
  ts_finalize_subtest
-
-
-The expected output for this test seems to lack a carriage return.
-
---- util-linux-2.25.2/tests/expected/more/regexp	2015-01-23 14:02:21.098557632 +0100
-+++ util-linux-2.25.2/tests/expected/more/regexp	2015-01-23 14:02:23.598573648 +0100
-@@ -1,4 +1,4 @@
- 
- ...skipping
--foo
-+
foo
- xyzzy
diff --git a/gnu/packages/patches/valgrind-glibc-2.21.patch b/gnu/packages/patches/valgrind-glibc-2.22.patch
index 70f809c43f..36c4916cc6 100644
--- a/gnu/packages/patches/valgrind-glibc-2.21.patch
+++ b/gnu/packages/patches/valgrind-glibc-2.22.patch
@@ -4,10 +4,13 @@ Initial Package Version: 3.10.1
 Upstream Status: Unknown
 Origin: Self
 Description: Allows Valgrind to build with glibc-2.21
+
+Later modified to support glibc-2.22 as well.
+
 diff -Naur valgrind-3.10.1.old/configure valgrind-3.10.1.new/configure
 --- valgrind-3.10.1.old/configure	2014-11-25 20:42:25.000000000 +0100
 +++ valgrind-3.10.1.new/configure	2015-02-22 10:46:06.607826488 +0100
-@@ -6842,6 +6842,16 @@
+@@ -6842,6 +6842,26 @@
  	DEFAULT_SUPP="glibc-2.34567-NPTL-helgrind.supp ${DEFAULT_SUPP}"
  	DEFAULT_SUPP="glibc-2.X-drd.supp ${DEFAULT_SUPP}"
  	;;
@@ -21,6 +24,16 @@ diff -Naur valgrind-3.10.1.old/configure valgrind-3.10.1.new/configure
 +	DEFAULT_SUPP="glibc-2.34567-NPTL-helgrind.supp ${DEFAULT_SUPP}"
 +	DEFAULT_SUPP="glibc-2.X-drd.supp ${DEFAULT_SUPP}"
 +	;;
++     2.22)
++	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.22 family" >&5
++$as_echo "2.22 family" >&6; }
++
++$as_echo "#define GLIBC_2_22 1" >>confdefs.h
++
++	DEFAULT_SUPP="glibc-2.X.supp ${DEFAULT_SUPP}"
++	DEFAULT_SUPP="glibc-2.34567-NPTL-helgrind.supp ${DEFAULT_SUPP}"
++	DEFAULT_SUPP="glibc-2.X-drd.supp ${DEFAULT_SUPP}"
++	;;
       darwin)
  	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Darwin" >&5
  $as_echo "Darwin" >&6; }
diff --git a/gnu/packages/patches/valgrind-linux-libre-4.x.patch b/gnu/packages/patches/valgrind-linux-libre-4.x.patch
new file mode 100644
index 0000000000..79166619c7
--- /dev/null
+++ b/gnu/packages/patches/valgrind-linux-libre-4.x.patch
@@ -0,0 +1,18 @@
+Modify valgrind's configure script to accept linux-libre-4.x as being in the
+same family as 3.x.
+
+--- valgrind-3.10.1/configure	2015-09-15 18:02:20.710262686 -0400
++++ valgrind-3.10.1/configure	2015-09-15 18:02:59.831829731 -0400
+@@ -5553,9 +5553,9 @@
+         kernel=`uname -r`
+ 
+         case "${kernel}" in
+-             2.6.*|3.*)
+-        	    { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.6.x/3.x family (${kernel})" >&5
+-$as_echo "2.6.x/3.x family (${kernel})" >&6; }
++             2.6.*|3.*|4.*)
++        	    { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.6.x/3.x/4.x family (${kernel})" >&5
++$as_echo "2.6.x/3.x/4.x family (${kernel})" >&6; }
+ 
+ $as_echo "#define KERNEL_2_6 1" >>confdefs.h
+ 
diff --git a/gnu/packages/pciutils.scm b/gnu/packages/pciutils.scm
index 7135af44e5..e022b6a81d 100644
--- a/gnu/packages/pciutils.scm
+++ b/gnu/packages/pciutils.scm
@@ -28,16 +28,16 @@
 (define-public pciutils
   (package
     (name "pciutils")
-    (version "3.2.0")
+    (version "3.3.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "mirror://kernel.org/software/utils/pciutils/pciutils-"
                     version
-                    ".tar.bz2"))
+                    ".tar.xz"))
               (sha256
                (base32
-                "0d9as9jzjjg5c1nwf58z1y1i7rf9fqxmww1civckhcvcn0xr85mq"))))
+                "1ag3skny1bamqil46dlppw8j1fp08spqa60fjygbxkg4fzdknjji"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases (alist-replace
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 5897974e78..03ed5113b1 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -52,13 +52,13 @@
 (define-public poppler
   (package
    (name "poppler")
-   (version "0.32.0")
+   (version "0.36.0")
    (source (origin
             (method url-fetch)
             (uri (string-append "http://poppler.freedesktop.org/poppler-"
                                 version ".tar.xz"))
             (sha256 (base32
-                     "162vfbvbz0frvqyk00ldsbl49h4bj8i8wn0ngfl30xg1lldy6qs9"))))
+                     "13i440kv873wgmw50rs4d1v05cj0r7bqnghd70hp9vy44dxhdk4k"))))
    (build-system gnu-build-system)
    ;; FIXME: more dependencies could  be added
    ;;  cairo output:       no (requires cairo >= 1.10.0)
@@ -477,13 +477,13 @@ and examining the file structure (pdfshow).")
 (define-public qpdf
   (package
    (name "qpdf")
-   (version "5.1.2")
+   (version "5.1.3")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://sourceforge/qpdf/qpdf-"
                                 version ".tar.gz"))
             (sha256 (base32
-                     "1zbvhrp0zjzbi6q2bnbxbg6399r47pq5gw3kspzph81j19fqvpg9"))))
+                     "1lq1v7xghvl6p4hgrwbps3a13ad6lh4ib3myimb83hxgsgd4n5nm"))))
    (build-system gnu-build-system)
    (arguments
       '(#:phases (alist-cons-before
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index 5bae3f31c8..95aa596cf5 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -47,6 +47,7 @@
                "15qxzba3a50c9nik5ydgyfp62x7h9vxxn12yd1jgl93hb1wj96km"))
              (patches (map search-patch
                            '("perl-no-sys-dirs.patch"
+                             "perl-autosplit-default-time.patch"
                              "perl-module-pluggable-search.patch")))))
     (build-system gnu-build-system)
     (arguments
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 7bb5e95c35..708ba29d24 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -674,7 +674,7 @@ have been used.")
 (define-public python-setuptools
   (package
     (name "python-setuptools")
-    (version "12.1")
+    (version "18.3.1")
     (source
      (origin
       (method url-fetch)
@@ -682,7 +682,7 @@ have been used.")
                           version ".tar.gz"))
       (sha256
        (base32
-        "04bfk7si1pwj3b5k2b1x9b1zkiclybmzpw6alrs5bciri56lg9zs"))))
+        "0kc7rbav00ks6iaw14p38y81q12fx0lpkhgf5m97xc04f5r318ig"))))
     (build-system python-build-system)
     ;; FIXME: Tests require pytest, which itself relies on setuptools.
     ;; One could bootstrap with an internal untested setuptools.
@@ -2791,7 +2791,7 @@ association studies (GWAS) on extremely large data sets.")
                                          (tgt-dir (string-append html "/" dir)))
                                     (unless (equal? "." dir)
                                       (mkdir-p tgt-dir))
-                                    (copy-file file (string-append html "/" file))))
+                                    (install-file file html)))
                                 (find-files "." ".*"))))))
               ,phases)))))))
 
@@ -2835,7 +2835,7 @@ association studies (GWAS) on extremely large data sets.")
             (for-each
              (lambda (dir tgt)
                (map (lambda (file)
-                      (copy-file file (string-append tgt "/" (basename file))))
+                      (install-file file tgt))
                     (find-files dir ".*")))
              (list "docs" "htmldoc" "examples")
              (list doc html-doc examples))))
@@ -3147,9 +3147,7 @@ atlas_libs = openblas
                  (for-each (lambda (file)
                              (let* ((dir (dirname file))
                                     (tgt-dir (string-append html "/" dir)))
-                               (unless (equal? "." dir)
-                                 (mkdir-p tgt-dir))
-                               (copy-file file (string-append html "/" file))))
+                               (install-file file html)))
                            (find-files "." ".*"))))))
          ;; Tests can only be run after the library has been installed and not
          ;; within the source directory.
@@ -4642,6 +4640,37 @@ term.js Javascript terminal emulator library.")
                 ,@(alist-delete "python-tornado"
                                 (package-propagated-inputs terminado)))))))
 
+(define-public python-fonttools
+  (package
+    (name "python-fonttools")
+    (version "2.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://pypi.python.org/packages/source/F/FontTools/"
+                    "fonttools-" version ".tar.gz"))
+              (sha256
+               (base32
+                "08ay3x4ijarwhl60gqx2i9jzq6pxs20p4snc2d1q5jagh4rn39lb"))))
+    (build-system python-build-system)
+    (arguments '(#:test-target "check"))
+    (propagated-inputs
+     ;; XXX: module not found if setuptools is not available.
+     `(("python-setuptools" ,python-setuptools)))
+    (home-page "http://github.com/behdad/fonttools")
+    (synopsis "Tools to manipulate font files")
+    (description
+     "FontTools/TTX is a library to manipulate font files from Python.  It
+supports reading and writinfg of TrueType/OpenType fonts, reading and writing
+of AFM files, reading (and partially writing) of PS Type 1 fonts.  The package
+also contains a tool called “TTX” which converts TrueType/OpenType fonts to and
+from an XML-based format.")
+    (license (non-copyleft "file://LICENSE.txt"
+                           "See LICENSE.txt in the distribution."))))
+
+(define-public python2-fonttools
+  (package-with-python2 python-fonttools))
+
 (define-public python-ly
   (package
     (name "python-ly")
diff --git a/gnu/packages/screen.scm b/gnu/packages/screen.scm
index 3a39c36478..84cc8c9dc5 100644
--- a/gnu/packages/screen.scm
+++ b/gnu/packages/screen.scm
@@ -79,8 +79,7 @@ view to show two terminals at once.")
                  'install
                  (lambda* (#:key outputs #:allow-other-keys)
                    (let ((out (assoc-ref outputs "out")))
-                     (mkdir-p (string-append out "/bin"))
-                     (copy-file "dtach" (string-append out "/bin/dtach"))))
+                     (install-file "dtach" (string-append out "/bin"))))
                  %standard-phases)
        ;; No check target.
        #:tests? #f))
diff --git a/gnu/packages/synergy.scm b/gnu/packages/synergy.scm
index 9a038bb545..905ef82af4 100644
--- a/gnu/packages/synergy.scm
+++ b/gnu/packages/synergy.scm
@@ -92,19 +92,15 @@
                      (ex  (string-append out "/share/doc/synergy-"
                                          ,version "/examples")))
                 (begin
-                  (mkdir-p bin)
                   (for-each
                    (lambda (f)
-                     (copy-file (string-append srcdir "/bin/" f)
-                                (string-append bin "/" f)))
+                     (install-file (string-append srcdir "/bin/" f) bin))
                    '("synergyc" "synergys" "synergyd"
                      "usynergy" "syntool"))
                   ;; Install example configuration files
-                  (mkdir-p ex)
                   (for-each
                    (lambda (e)
-                     (copy-file (string-append srcdir "/doc/" e)
-                                (string-append ex "/" e)))
+                     (install-file (string-append srcdir "/doc/" e) ex))
                    '("synergy.conf.example"
                      "synergy.conf.example-advanced"
                      "synergy.conf.example-basic")))))
diff --git a/gnu/packages/tcl.scm b/gnu/packages/tcl.scm
index afa715c4cb..5b55cccbde 100644
--- a/gnu/packages/tcl.scm
+++ b/gnu/packages/tcl.scm
@@ -25,6 +25,7 @@
   #:use-module (guix build-system perl)
   #:use-module (gnu packages)
   #:use-module (gnu packages image)
+  #:use-module (gnu packages fontutils)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages xorg)
@@ -33,7 +34,7 @@
 (define-public tcl
   (package
     (name "tcl")
-    (version "8.6.0")
+    (version "8.6.4")
     (source
      (origin
       (method url-fetch)
@@ -41,7 +42,7 @@
                           version "/tcl" version "-src.tar.gz"))
       (sha256
        (base32
-        "1pnabp3xsja4rc8c01l9q1avb65a3zhdzci3j54qa5krqjwj4i1m"))))
+        "13cwa4bc85ylf5gfj9vk182lvgy60qni3f7gbxghq78wk16djvly"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases (alist-cons-before
@@ -132,21 +133,34 @@ X11 GUIs.")
 (define-public tk
   (package
     (name "tk")
-    (version "8.6.0")
+    (version "8.6.4")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/tcl/Tcl/"
                                  version "/tk" version "-src.tar.gz"))
              (sha256
               (base32
-               "1rld0l7p1h31z488w44j170jpsm11xsjf2qrb7gid2b5dwmqnw2w"))))
+               "1h96vp15zl5xz0d4qp6wjyrchqmrmdm3q5k22wkw9jaxbvw9vy88"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:phases (alist-cons-before
-                 'configure 'pre-configure
-                 (lambda _
-                   (chdir "unix"))
-                 %standard-phases)
+     '(#:phases (modify-phases %standard-phases
+                  (add-before
+                   'configure 'pre-configure
+                   (lambda _
+                     (chdir "unix")))
+                  (add-after
+                   'install 'add-fontconfig-flag
+                   (lambda* (#:key inputs outputs #:allow-other-keys)
+                     ;; Add the missing -L flag for Fontconfig in 'tk.pc' and
+                     ;; 'tkConfig.sh'.
+                     (let ((out        (assoc-ref outputs "out"))
+                           (fontconfig (assoc-ref inputs "fontconfig")))
+                       (substitute* (find-files out
+                                                "^(tkConfig\\.sh|tk\\.pc)$")
+                         (("-lfontconfig")
+                          (string-append "-L" fontconfig
+                                         "/lib -lfontconfig")))
+                       #t))))
 
        #:configure-flags (list (string-append "--with-tcl="
                                               (assoc-ref %build-inputs "tcl")
@@ -156,6 +170,7 @@ X11 GUIs.")
        #:tests? #f))
     (native-inputs `(("pkg-config" ,pkg-config)))
     (inputs `(("libxft" ,libxft)
+              ("fontconfig" ,fontconfig)
               ("tcl" ,tcl)))
     ;; tk.h refers to X11 headers, hence the propagation.
     (propagated-inputs `(("libx11" ,libx11)
diff --git a/gnu/packages/textutils.scm b/gnu/packages/textutils.scm
index 08b1b64c57..95a8ad1da9 100644
--- a/gnu/packages/textutils.scm
+++ b/gnu/packages/textutils.scm
@@ -111,11 +111,9 @@ libenca and several charset conversion libraries and tools.")
         (lambda* (#:key outputs #:allow-other-keys)
           (let ((lib (string-append (assoc-ref outputs "out") "/lib/"))
                 (include (string-append (assoc-ref outputs "out") "/include/")))
-            (mkdir-p lib)
-            (mkdir-p include)
-            (copy-file "utf8proc.h" (string-append include "utf8proc.h"))
+            (install-file "utf8proc.h" include)
             (for-each (lambda (file)
-                        (copy-file file (string-append lib (basename file))))
+                        (install-file file lib))
                       '("libutf8proc.a" "libutf8proc.so"))))
         ;; no configure script
         (alist-delete 'configure %standard-phases))))
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index c9c84dff2f..1a0eeb2708 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -105,7 +105,7 @@ living in the same process.")
 (define-public gnutls
   (package
     (name "gnutls")
-    (version "3.4.4.1")
+    (version "3.4.5")
     (source (origin
              (method url-fetch)
              (uri
@@ -116,7 +116,7 @@ living in the same process.")
                              "/gnutls-" version ".tar.xz"))
              (sha256
               (base32
-               "1xf354xafavqhi207ll1m1isd4l5b31lic2sz9lw0j0r0fcxfnsj"))
+               "1bks1zpmhmnkz2v32dd9b44pz6x0a5w4yi9zzwsd0a078vhbi25g"))
              (patches (list (search-patch "gnutls-doc-fix.patch")))))
     (build-system gnu-build-system)
     (arguments
@@ -195,7 +195,9 @@ required structures.")
             (sha256
              (base32
               "1j58r7rdj9fz2lanir8ajbx4bspb5jnm5ikl6dq8lql5fx43c737"))
-            (patches (list (search-patch "openssl-runpath.patch")))))
+            (patches (map search-patch
+                          '("openssl-runpath.patch"
+                            "openssl-c-rehash.patch")))))
    (build-system gnu-build-system)
    (native-inputs `(("perl" ,perl)))
    (arguments
@@ -203,32 +205,68 @@ required structures.")
       #:parallel-tests? #f
       #:test-target "test"
       #:phases
-      (alist-replace
-       'configure
-       (lambda* (#:key outputs #:allow-other-keys)
-         (let ((out (assoc-ref outputs "out")))
-           (zero?
-            (system* "./config"
-                     "shared"                   ; build shared libraries
-                     "--libdir=lib"
-                     (string-append "--prefix=" out)
-                     ;; XXX FIXME: Work around a code generation bug in GCC
-                     ;; 4.9.3 on ARM when compiled with -mfpu=neon.  See:
-                     ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
-                     ,@(if (and (not (%current-target-system))
-                                (string-prefix? "armhf" (%current-system)))
-                           '("-mfpu=vfpv3")
-                           '())))))
-       (alist-cons-before
-        'patch-source-shebangs 'patch-tests
-        (lambda* (#:key inputs native-inputs #:allow-other-keys)
-          (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
-            (substitute* (find-files "test" ".*")
-              (("/bin/sh")
-               (string-append bash "/bin/bash"))
-              (("/bin/rm")
-               "rm"))))
-        %standard-phases))))
+      (modify-phases %standard-phases
+        (add-before
+         'configure 'fix-man-dir
+         (lambda* (#:key outputs #:allow-other-keys)
+           ;; The default MANDIR is some unusual place.  Fix that.
+           (let ((out (assoc-ref outputs "out")))
+             (substitute* "Makefile.org"
+               (("^MANDIR[[:blank:]]*=.*$")
+                (string-append "MANDIR = " out "/share/man\n")))
+             #t)))
+        (replace
+         'configure
+         (lambda* (#:key outputs #:allow-other-keys)
+           (let ((out (assoc-ref outputs "out")))
+             (zero?
+              (system* "./config"
+                       "shared"                   ;build shared libraries
+                       "--libdir=lib"
+
+                       ;; The default for this catch-all directory is
+                       ;; PREFIX/ssl.  Change that to something more
+                       ;; conventional.
+                       (string-append "--openssldir=" out
+                                      "/share/openssl-" ,version)
+
+                       (string-append "--prefix=" out)
+
+                       ;; XXX FIXME: Work around a code generation bug in GCC
+                       ;; 4.9.3 on ARM when compiled with -mfpu=neon.  See:
+                       ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
+                       ,@(if (and (not (%current-target-system))
+                                  (string-prefix? "armhf" (%current-system)))
+                             '("-mfpu=vfpv3")
+                             '()))))))
+        (add-after
+         'install 'make-libraries-writable
+         (lambda* (#:key outputs #:allow-other-keys)
+           ;; Make libraries writable so that 'strip' does its job.
+           (let ((out (assoc-ref outputs "out")))
+             (for-each (lambda (file)
+                         (chmod file #o644))
+                       (find-files (string-append out "/lib")
+                                   "\\.so"))
+             #t)))
+        (add-before
+         'patch-source-shebangs 'patch-tests
+         (lambda* (#:key inputs native-inputs #:allow-other-keys)
+           (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
+             (substitute* (find-files "test" ".*")
+               (("/bin/sh")
+                (string-append bash "/bin/bash"))
+               (("/bin/rm")
+                "rm")))))
+        (add-after
+         'install 'remove-miscellany
+         (lambda* (#:key outputs #:allow-other-keys)
+           ;; The 'misc' directory contains random undocumented shell and Perl
+           ;; scripts.  Remove them to avoid retaining a reference on Perl.
+           (let ((out (assoc-ref outputs "out")))
+             (delete-file-recursively (string-append out "/share/openssl-"
+                                                     ,version "/misc"))
+             #t))))))
    (native-search-paths
     ;; FIXME: These two variables must designate a single file or directory
     ;; and are not actually "search paths."  In practice it works OK in user
diff --git a/gnu/packages/valgrind.scm b/gnu/packages/valgrind.scm
index 5e5a1d9069..a4c75baed9 100644
--- a/gnu/packages/valgrind.scm
+++ b/gnu/packages/valgrind.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -37,7 +38,8 @@
              (sha256
               (base32
                "15xrzhfnwwn7n1sfbkwvdbvs6zk0zx718n6zd5i1nrnvdp13s9gs"))
-             (patches (list (search-patch "valgrind-glibc-2.21.patch")))))
+             (patches (map search-patch '("valgrind-glibc-2.22.patch"
+                                          "valgrind-linux-libre-4.x.patch")))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases (alist-cons-after
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index e0b3c53858..b4c518acf7 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -419,11 +419,9 @@ lot easier.")
                             (output (assoc-ref %outputs "out"))
                             (bindir (string-append output "/bin"))
                             (script "git-test-sequence"))
-                       (begin
-                         (mkdir-p bindir)
-                         (copy-file (string-append source "/" script)
-                                    (string-append bindir "/" script))
-                         #t)))))
+                       (install-file (string-append source "/" script)
+                                     bindir)
+                       #t))))
       (home-page "http://dustin.sallings.org/2010/03/28/git-test-sequence.html")
       (synopsis "Run a command over a sequence of commits")
       (description
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index a4e90ac4c1..fbcfc12624 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -1014,7 +1014,8 @@ for use with HTML5 video.")
                (("#! /bin/sh") (string-append "#!" (which "bash"))))
              (system* "tar" "cjf" "ffmpeg-2.6.1.tar.bz2" "ffmpeg-2.6.1"
                       ;; avoid non-determinism in the archive
-                      "--mtime=@0" "--owner=root:0" "--group=root:0")
+                      "--sort=name" "--mtime=@0"
+                      "--owner=root:0" "--group=root:0")
              (delete-file-recursively "ffmpeg-2.6.1")))
          (alist-replace 'configure
           (lambda _
diff --git a/gnu/packages/wicd.scm b/gnu/packages/wicd.scm
index 26b1c7d3f9..33953eebf0 100644
--- a/gnu/packages/wicd.scm
+++ b/gnu/packages/wicd.scm
@@ -174,16 +174,13 @@
              ;; directory.
              (let ((dest-dir (string-append out "/etc/wicd"))
                    (name "dhclient.conf.template.default"))
-               (mkdir-p dest-dir)
-               (copy-file (string-append "other/" name)
-                          (string-append dest-dir "/" name)))
+               (install-file (string-append "other/" name) dest-dir))
 
              ;; Copy index.theme from hicolor-icon-theme.  This is needed to
              ;; allow wicd-gtk to find its icons.
              (let ((hicolor (assoc-ref inputs "hicolor-icon-theme"))
                    (name "/share/icons/hicolor/index.theme"))
-               (copy-file (string-append hicolor name)
-                          (string-append out name)))
+               (install-file (string-append hicolor name) out))
              #t))
          %standard-phases))))
     (synopsis "Network connection manager")
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 9fd9f4a321..7aa82fe312 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -150,7 +150,8 @@ following the mouse.")
                ".tar.gz"))
         (sha256
           (base32
-           "0129g4zdrw5hif5783li7rzcr4vpbc2cfia91azxmsk0h0xx3zix"))))
+           "0129g4zdrw5hif5783li7rzcr4vpbc2cfia91azxmsk0h0xx3zix"))
+        (patches (list (search-patch "pixman-pointer-arithmetic.patch")))))
     (build-system gnu-build-system)
     (inputs
       `(("libpng" ,libpng)
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index ddb73143a1..5d65648bfb 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -145,7 +145,7 @@ based on libxml for XML parsing, tree manipulation and XPath support.")
 (define-public perl-xml-parser
   (package
     (name "perl-xml-parser")
-    (version "2.41")
+    (version "2.44")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -153,7 +153,7 @@ based on libxml for XML parsing, tree manipulation and XPath support.")
                    version ".tar.gz"))
              (sha256
               (base32
-               "1sadi505g5qmxr36lgcbrcrqh3a5gcdg32b405gnr8k54b6rg0dl"))))
+               "05ij0g6bfn27iaggxf8nl5rhlwx6f6p6xmdav6rjcly3x5zd1s8s"))))
     (build-system perl-build-system)
     (arguments `(#:make-maker-flags
                  (let ((expat (assoc-ref %build-inputs "expat")))
@@ -171,7 +171,7 @@ may be provided when the XML::Parser object is created.  These options are
 then passed on to the Expat object on each parse call.  They can also be given
 as extra arguments to the parse methods, in which case they override options
 given at XML::Parser creation time.")
-    (home-page "http://search.cpan.org/~toddr/XML-Parser-2.41/Parser.pm")))
+    (home-page "http://search.cpan.org/dist/XML-Parser")))
 
 (define-public perl-libxml
   (package
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index a9859e695b..d4ed4b82d0 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -4951,6 +4951,12 @@ draggable titlebars and borders.")
           (base32
             "05mx0s0vqzds3qjc1gmjr2s6x2ll37z4lfhgm7p2w7936zl2g81a"))))
     (build-system gnu-build-system)
+    (outputs '("out"
+               "doc"))                            ;8 MiB of man pages + XML
+    (arguments
+     '(#:configure-flags (list (string-append "--mandir="
+                                              (assoc-ref %outputs "doc")
+                                              "/share/man"))))
     (propagated-inputs
       `(("kbproto" ,kbproto)
         ("libxcb" ,libxcb)))
@@ -5011,6 +5017,12 @@ draggable titlebars and borders.")
           (base32
             "0myxwbx9ylam5x3ia5b5f4x8azcqdm420h9ad1r4hrgmi2lrffl4"))))
     (build-system gnu-build-system)
+    (outputs '("out"
+               "doc"))                            ;2 MiB of man pages + XML
+    (arguments
+     '(#:configure-flags (list (string-append "--mandir="
+                                              (assoc-ref %outputs "doc")
+                                              "/share/man"))))
     (propagated-inputs
       `(("libx11" ,libx11)
         ("libice" ,libice)