aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-01-13 17:50:17 +0100
committerLudovic Courtès <ludo@gnu.org>2016-01-13 18:18:48 +0100
commit8c986ab12034d67db836a881f57c69754d8073ae (patch)
treebf5183011119695ac549d4cfff4dc2175e659397 /gnu/packages/patches
parent203795aceaabec0e0e5818e1650ad407d825d1b3 (diff)
parent7a2eed3aac1ecd0bdf293e33a234fad58f2e5f9e (diff)
downloadguix-8c986ab12034d67db836a881f57c69754d8073ae.tar
guix-8c986ab12034d67db836a881f57c69754d8073ae.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/asymptote-gsl2.patch33
-rw-r--r--gnu/packages/patches/bedtools-32bit-compilation.patch171
-rw-r--r--gnu/packages/patches/boost-mips-avoid-m32.patch15
-rw-r--r--gnu/packages/patches/csound-header-ordering.patch20
-rw-r--r--gnu/packages/patches/gtk2-respect-GUIX_GTK2_PATH.patch46
-rw-r--r--gnu/packages/patches/gtk3-respect-GUIX_GTK3_PATH.patch38
-rw-r--r--gnu/packages/patches/julia-0.3.10-fix-empty-array.patch13
-rw-r--r--gnu/packages/patches/ldc-disable-tests.patch90
-rw-r--r--gnu/packages/patches/libcmis-fix-test-onedrive.patch35
-rw-r--r--gnu/packages/patches/nss-pkgconfig.patch27
-rw-r--r--gnu/packages/patches/openimageio-boost-1.60.patch47
-rw-r--r--gnu/packages/patches/sudo-CVE-2015-5602.patch372
-rw-r--r--gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch24
-rw-r--r--gnu/packages/patches/w3m-disable-weak-ciphers.patch24
-rw-r--r--gnu/packages/patches/w3m-fix-compile.patch15
-rw-r--r--gnu/packages/patches/w3m-force-ssl_verify_server-on.patch24
-rw-r--r--gnu/packages/patches/w3m-libgc.patch28
17 files changed, 794 insertions, 228 deletions
diff --git a/gnu/packages/patches/asymptote-gsl2.patch b/gnu/packages/patches/asymptote-gsl2.patch
new file mode 100644
index 0000000000..4f73d16d7f
--- /dev/null
+++ b/gnu/packages/patches/asymptote-gsl2.patch
@@ -0,0 +1,33 @@
+From 71ff9e769ba5d9995b367201f0d41b7a8dedab9d Mon Sep 17 00:00:00 2001
+From: John Bowman <bowman@ualberta.ca>
+Date: Sat, 14 Nov 2015 01:25:56 -0700
+Subject: [PATCH] Support GSL 2.0.
+
+---
+ gsl.cc | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/gsl.cc b/gsl.cc
+index b500557..0f81dc6 100644
+--- a/gsl.cc
++++ b/gsl.cc
+@@ -27,6 +27,7 @@
+ #include <gsl/gsl_rng.h>
+ #include <gsl/gsl_randist.h>
+ #include <gsl/gsl_cdf.h>
++#include <gsl/gsl_version.h>
+
+ #include "opsymbols.h"
+
+@@ -1088,7 +1089,11 @@ void gen_rungsl_venv(venv &ve)
+ addGSLDOUBLE2Func<gsl_sf_ellint_F>(SYM(F));
+ addGSLDOUBLE2Func<gsl_sf_ellint_E>(SYM(E));
+ addGSLDOUBLE3Func<gsl_sf_ellint_P>(SYM(P),SYM(phi),SYM(k),SYM(n));
++#if GSL_MAJOR_VERSION >= 2
++ addGSLDOUBLE2Func<gsl_sf_ellint_D>(SYM(D),SYM(phi),SYM(k));
++#else
+ addGSLDOUBLE3Func<gsl_sf_ellint_D>(SYM(D),SYM(phi),SYM(k),SYM(n));
++#endif
+ addGSLDOUBLE2Func<gsl_sf_ellint_RC>(SYM(RC),SYM(x),SYM(y));
+ addGSLDOUBLE3Func<gsl_sf_ellint_RD>(SYM(RD),SYM(x),SYM(y),SYM(z));
+ addGSLDOUBLE3Func<gsl_sf_ellint_RF>(SYM(RF),SYM(x),SYM(y),SYM(z));
diff --git a/gnu/packages/patches/bedtools-32bit-compilation.patch b/gnu/packages/patches/bedtools-32bit-compilation.patch
deleted file mode 100644
index bc567f3f6b..0000000000
--- a/gnu/packages/patches/bedtools-32bit-compilation.patch
+++ /dev/null
@@ -1,171 +0,0 @@
-Fixed in upstream, see
-https://github.com/arq5x/bedtools2/issues/271
-
-From b47dbefcb57f8e6c4fe397f64346338620740b71 Mon Sep 17 00:00:00 2001
-From: arq5x <arq5x@virginia.edu>
-Date: Wed, 15 Jul 2015 15:15:23 -0600
-Subject: [PATCH] settle on uint32_t signature for QuickString. Resolves #267
- and #271?
-
----
- src/coverageFile/coverageFile.cpp | 24 ++++++++++++------------
- src/utils/general/QuickString.cpp | 27 ++++++++++++++-------------
- src/utils/general/QuickString.h | 6 +++---
- 3 files changed, 29 insertions(+), 28 deletions(-)
-
-diff --git a/src/coverageFile/coverageFile.cpp b/src/coverageFile/coverageFile.cpp
-index 859cfdc..0fb544b 100644
---- a/src/coverageFile/coverageFile.cpp
-+++ b/src/coverageFile/coverageFile.cpp
-@@ -83,11 +83,11 @@ void CoverageFile::giveFinalReport(RecordOutputMgr *outputMgr) {
- float depthPct = (float)basesAtDepth / (float)_totalQueryLen;
-
- _finalOutput = "all\t";
-- _finalOutput.append(depth);
-+ _finalOutput.append(static_cast<uint32_t>(depth));
- _finalOutput.append("\t");
-- _finalOutput.append(basesAtDepth);
-+ _finalOutput.append(static_cast<uint32_t>(basesAtDepth));
- _finalOutput.append("\t");
-- _finalOutput.append(_totalQueryLen);
-+ _finalOutput.append(static_cast<uint32_t>(_totalQueryLen));
- _finalOutput.append("\t");
- format(depthPct);
-
-@@ -138,7 +138,7 @@ size_t CoverageFile::countBasesAtDepth(size_t depth) {
-
- void CoverageFile::doCounts(RecordOutputMgr *outputMgr, RecordKeyVector &hits)
- {
-- _finalOutput = hits.size();
-+ _finalOutput = static_cast<uint32_t>(hits.size());
- outputMgr->printRecord(hits.getKey(), _finalOutput);
- }
-
-@@ -147,9 +147,9 @@ void CoverageFile::doPerBase(RecordOutputMgr *outputMgr, RecordKeyVector &hits)
- //loop through all bases in query, printing full record and metrics for each
- const Record * queryRec = hits.getKey();
- for (size_t i= 0; i < _queryLen; i++) {
-- _finalOutput = i +1;
-+ _finalOutput = static_cast<uint32_t>(i+1);
- _finalOutput.append("\t");
-- _finalOutput.append(_depthArray[i]);
-+ _finalOutput.append(static_cast<uint32_t>(_depthArray[i]));
-
- outputMgr->printRecord(queryRec, _finalOutput);
- }
-@@ -181,11 +181,11 @@ void CoverageFile::doHist(RecordOutputMgr *outputMgr, RecordKeyVector &hits)
- size_t numBasesAtDepth = iter->second;
- float coveredBases = (float)numBasesAtDepth / (float)_queryLen;
-
-- _finalOutput = depth;
-+ _finalOutput = static_cast<uint32_t>(depth);
- _finalOutput.append("\t");
-- _finalOutput.append(numBasesAtDepth);
-+ _finalOutput.append(static_cast<uint32_t>(numBasesAtDepth));
- _finalOutput.append("\t");
-- _finalOutput.append(_queryLen);
-+ _finalOutput.append(static_cast<uint32_t>(_queryLen));
- _finalOutput.append("\t");
- format(coveredBases);
-
-@@ -199,11 +199,11 @@ void CoverageFile::doDefault(RecordOutputMgr *outputMgr, RecordKeyVector &hits)
- size_t nonZeroBases = _queryLen - countBasesAtDepth(0);
- float coveredBases = (float)nonZeroBases / (float)_queryLen;
-
-- _finalOutput = hits.size();
-+ _finalOutput = static_cast<uint32_t>(hits.size());
- _finalOutput.append("\t");
-- _finalOutput.append(nonZeroBases);
-+ _finalOutput.append(static_cast<uint32_t>(nonZeroBases));
- _finalOutput.append("\t");
-- _finalOutput.append(_queryLen);
-+ _finalOutput.append(static_cast<uint32_t>(_queryLen));
- _finalOutput.append("\t");
- format(coveredBases);
-
-diff --git a/src/utils/general/QuickString.cpp b/src/utils/general/QuickString.cpp
-index 0757009..a83263e 100644
---- a/src/utils/general/QuickString.cpp
-+++ b/src/utils/general/QuickString.cpp
-@@ -105,11 +105,11 @@ QuickString &QuickString::operator = (uint32_t val) {
- return *this;
- }
-
--QuickString &QuickString::operator = (size_t val) {
-- clear();
-- append(val);
-- return *this;
--}
-+// QuickString &QuickString::operator = (size_t val) {
-+// clear();
-+// append(val);
-+// return *this;
-+// }
-
- QuickString &QuickString::operator = (float val) {
- clear();
-@@ -158,10 +158,11 @@ QuickString &QuickString::operator += (uint32_t num) {
- return *this;
- }
-
--QuickString &QuickString::operator += (size_t num) {
-- append(num);
-- return *this;
--}
-+// QuickString &QuickString::operator += (size_t num) {
-+// append(num);
-+// return *this;
-+// }
-+
- QuickString &QuickString::operator += (float num) {
- append(num);
- return *this;
-@@ -273,12 +274,12 @@ void QuickString::append(int num) {
- }
-
- void QuickString::append(uint32_t num) {
-- int2str((int)num, *this, true);
-+ int2str((int)num, *this, true);
- }
-
--void QuickString::append(size_t num) {
-- int2str((int)num, *this, true);
--}
-+// void QuickString::append(size_t num) {
-+// int2str((int)num, *this, true);
-+// }
-
- void QuickString::append(float num) {
- append(ToString(num));
-diff --git a/src/utils/general/QuickString.h b/src/utils/general/QuickString.h
-index b43fdfc..6e6fa94 100644
---- a/src/utils/general/QuickString.h
-+++ b/src/utils/general/QuickString.h
-@@ -38,7 +38,7 @@ class QuickString {
- QuickString &operator = (char);
- QuickString &operator = (int);
- QuickString &operator = (uint32_t);
-- QuickString &operator = (size_t);
-+ //QuickString &operator = (size_t);
- QuickString &operator = (float);
- QuickString &operator = (double);
- QuickString &operator += (const QuickString &);
-@@ -47,7 +47,7 @@ class QuickString {
- QuickString &operator += (char);
- QuickString &operator += (int);
- QuickString &operator += (uint32_t);
-- QuickString &operator += (size_t);
-+ //QuickString &operator += (size_t);
- QuickString &operator += (float);
- QuickString &operator += (double);
-
-@@ -74,7 +74,7 @@ class QuickString {
- //for better performance.
- void append(int num);
- void append(uint32_t num);
-- void append(size_t num);
-+ //void append(size_t num);
- void append(float num);
- void append(double num);
-
-
diff --git a/gnu/packages/patches/boost-mips-avoid-m32.patch b/gnu/packages/patches/boost-mips-avoid-m32.patch
deleted file mode 100644
index 811c9fb3aa..0000000000
--- a/gnu/packages/patches/boost-mips-avoid-m32.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-The following patch prevents the use of the -m32 flag on mips, where it
-is not understood by gcc, as well as other non-x86 architectures.
-
-diff -u -r boost_1_58_0.orig/tools/build/src/tools/gcc.jam boost_1_58_0/tools/build/src/tools/gcc.jam
---- boost_1_58_0.orig/tools/build/src/tools/gcc.jam 2015-04-04 19:25:07.000000000 +0200
-+++ boost_1_58_0/tools/build/src/tools/gcc.jam 2015-07-10 01:08:19.822733823 +0200
-@@ -451,7 +451,7 @@
- else
- {
- local arch = [ feature.get-values architecture : $(properties) ] ;
-- if $(arch) != arm
-+ if $(arch) = x86
- {
- if $(model) = 32
- {
diff --git a/gnu/packages/patches/csound-header-ordering.patch b/gnu/packages/patches/csound-header-ordering.patch
new file mode 100644
index 0000000000..3640d123dd
--- /dev/null
+++ b/gnu/packages/patches/csound-header-ordering.patch
@@ -0,0 +1,20 @@
+Prevent compilation issues with boost-1.60.0.
+
+Reported upstream at https://github.com/csound/csound/issues/570
+
+--- Csound6.05/Opcodes/chua/ChuaOscillator.cpp 2015-04-25 14:06:22.995646234 -0500
++++ Csound6.05/Opcodes/chua/ChuaOscillator.cpp 2015-12-21 10:31:58.182362640 -0600
+@@ -117,11 +117,12 @@
+ // d = sys_variables(12);
+ // gnor = a*(x.^3) + b*(x.^2) + c*x + d;
+
+-#include <OpcodeBase.hpp>
+ #include <boost/numeric/ublas/vector.hpp>
+ using namespace boost::numeric;
+ #include <cmath>
+
++#include <OpcodeBase.hpp>
++
+ #undef CS_KSMPS
+ #define CS_KSMPS (opds.insdshead->ksmps)
+
diff --git a/gnu/packages/patches/gtk2-respect-GUIX_GTK2_PATH.patch b/gnu/packages/patches/gtk2-respect-GUIX_GTK2_PATH.patch
new file mode 100644
index 0000000000..93a8ddc242
--- /dev/null
+++ b/gnu/packages/patches/gtk2-respect-GUIX_GTK2_PATH.patch
@@ -0,0 +1,46 @@
+This patch makes GTK+ look for additional modules in a list of directories
+specified by the environment variable "GUIX_GTK2_PATH". This can be used
+instead of "GTK_PATH" to make GTK+ find modules that are incompatible with
+other major versions of GTK+.
+
+--- a/gtk/gtkmodules.c 2014-09-29 22:02:17.000000000 +0200
++++ b/gtk/gtkmodules.c 2015-12-02 18:41:53.306396938 +0100
+@@ -55,6 +55,7 @@
+ get_module_path (void)
+ {
+ const gchar *module_path_env;
++ const gchar *module_guix_gtk2_path_env;
+ const gchar *exe_prefix;
+ const gchar *home_dir;
+ gchar *home_gtk_dir = NULL;
+@@ -70,6 +71,7 @@
+ home_gtk_dir = g_build_filename (home_dir, ".gtk-2.0", NULL);
+
+ module_path_env = g_getenv ("GTK_PATH");
++ module_guix_gtk2_path_env = g_getenv ("GUIX_GTK2_PATH");
+ exe_prefix = g_getenv ("GTK_EXE_PREFIX");
+
+ if (exe_prefix)
+@@ -77,9 +79,21 @@
+ else
+ default_dir = g_build_filename (GTK_LIBDIR, "gtk-2.0", NULL);
+
+- if (module_path_env && home_gtk_dir)
++ if (module_guix_gtk2_path_env && module_path_env && home_gtk_dir)
++ module_path = g_build_path (G_SEARCHPATH_SEPARATOR_S,
++ module_guix_gtk2_path_env, module_path_env, home_gtk_dir, default_dir, NULL);
++ else if (module_guix_gtk2_path_env && home_gtk_dir)
++ module_path = g_build_path (G_SEARCHPATH_SEPARATOR_S,
++ module_guix_gtk2_path_env, home_gtk_dir, default_dir, NULL);
++ else if (module_guix_gtk2_path_env && module_path_env)
++ module_path = g_build_path (G_SEARCHPATH_SEPARATOR_S,
++ module_guix_gtk2_path_env, module_path_env, default_dir, NULL);
++ else if (module_path_env && home_gtk_dir)
+ module_path = g_build_path (G_SEARCHPATH_SEPARATOR_S,
+ module_path_env, home_gtk_dir, default_dir, NULL);
++ else if (module_guix_gtk2_path_env)
++ module_path = g_build_path (G_SEARCHPATH_SEPARATOR_S,
++ module_guix_gtk2_path_env, default_dir, NULL);
+ else if (module_path_env)
+ module_path = g_build_path (G_SEARCHPATH_SEPARATOR_S,
+ module_path_env, default_dir, NULL);
diff --git a/gnu/packages/patches/gtk3-respect-GUIX_GTK3_PATH.patch b/gnu/packages/patches/gtk3-respect-GUIX_GTK3_PATH.patch
new file mode 100644
index 0000000000..66fd2fd1c4
--- /dev/null
+++ b/gnu/packages/patches/gtk3-respect-GUIX_GTK3_PATH.patch
@@ -0,0 +1,38 @@
+This patch makes GTK+ look for additional modules in a list of directories
+specified by the environment variable "GUIX_GTK3_PATH". This can be used
+instead of "GTK_PATH" to make GTK+ find modules that are incompatible with
+other major versions of GTK+.
+
+--- a/gtk/gtkmodules.c 2015-09-20 20:09:05.060590217 +0200
++++ b/gtk/gtkmodules.c 2015-09-20 20:10:33.423124833 +0200
+@@ -52,6 +52,7 @@
+ get_module_path (void)
+ {
+ const gchar *module_path_env;
++ const gchar *module_guix_gtk3_path_env;
+ const gchar *exe_prefix;
+ gchar *module_path;
+ gchar *default_dir;
+@@ -61,6 +62,7 @@
+ return result;
+
+ module_path_env = g_getenv ("GTK_PATH");
++ module_guix_gtk3_path_env = g_getenv ("GUIX_GTK3_PATH");
+ exe_prefix = g_getenv ("GTK_EXE_PREFIX");
+
+ if (exe_prefix)
+@@ -68,7 +70,13 @@
+ else
+ default_dir = g_build_filename (_gtk_get_libdir (), "gtk-3.0", NULL);
+
+- if (module_path_env)
++ if (module_guix_gtk3_path_env && module_path_env)
++ module_path = g_build_path (G_SEARCHPATH_SEPARATOR_S,
++ module_guix_gtk3_path_env, module_path_env, default_dir, NULL);
++ else if (module_guix_gtk3_path_env)
++ module_path = g_build_path (G_SEARCHPATH_SEPARATOR_S,
++ module_guix_gtk3_path_env, default_dir, NULL);
++ else if (module_path_env)
+ module_path = g_build_path (G_SEARCHPATH_SEPARATOR_S,
+ module_path_env, default_dir, NULL);
+ else
diff --git a/gnu/packages/patches/julia-0.3.10-fix-empty-array.patch b/gnu/packages/patches/julia-0.3.10-fix-empty-array.patch
deleted file mode 100644
index b00f6549e3..0000000000
--- a/gnu/packages/patches/julia-0.3.10-fix-empty-array.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-See https://github.com/JuliaLang/julia/issues/11817
-
---- a/src/codegen.cpp 2015-06-24 12:44:31.218674066 +0200
-+++ b/src/codegen.cpp 2015-04-23 11:19:50.000000000 +0200
-@@ -4551,7 +4551,7 @@
- #ifdef V128_BUG
- "-avx",
- #endif
-- };
-+ ""};
- SmallVector<std::string, 4> MAttrs(mattr, mattr+sizeof(mattr)/sizeof(mattr[0]));
- EngineBuilder eb = EngineBuilder(engine_module)
- .setEngineKind(EngineKind::JIT)
diff --git a/gnu/packages/patches/ldc-disable-tests.patch b/gnu/packages/patches/ldc-disable-tests.patch
new file mode 100644
index 0000000000..3f5e6c29a1
--- /dev/null
+++ b/gnu/packages/patches/ldc-disable-tests.patch
@@ -0,0 +1,90 @@
+This patch fixes a failing unit test by feeding buildNormalizedPath to the
+tzdata properly. Three other tests are disabled, one assumes /root and the
+two others use networking. Not bad out of almost 700 tests!
+
+by Pjotr Prins <pjotr.guix@thebird.nl>
+
+diff --git a/std/datetime.d b/std/datetime.d
+index 8e4ed3b..6c15bc5 100644
+--- a/std/datetime.d
++++ b/std/datetime.d
+@@ -28018,6 +28018,7 @@ public:
+ The default directory where the TZ Database files are. It's empty
+ for Windows, since Windows doesn't have them.
+ +/
++
+ enum defaultTZDatabaseDir = "/usr/share/zoneinfo/";
+ }
+ else version(Windows)
+@@ -28069,14 +28070,13 @@ assert(tz.dstName == "PDT");
+ import std.range : retro;
+ import std.format : format;
+
+- name = strip(name);
+-
+ enforce(tzDatabaseDir.exists(), new DateTimeException(format("Directory %s does not exist.", tzDatabaseDir)));
+ enforce(tzDatabaseDir.isDir, new DateTimeException(format("%s is not a directory.", tzDatabaseDir)));
+
+- immutable file = buildNormalizedPath(tzDatabaseDir, name);
++ auto filename = "./" ~ strip(name); // make sure the prefix is not stripped
++ immutable file = buildNormalizedPath(tzDatabaseDir, filename);
+
+- enforce(file.exists(), new DateTimeException(format("File %s does not exist.", file)));
++ enforce(file.exists(), new DateTimeException(format("File %s does not exist in %s.", file, tzDatabaseDir)));
+ enforce(file.isFile, new DateTimeException(format("%s is not a file.", file)));
+
+ auto tzFile = File(file);
+diff --git a/std/path.d b/std/path.d
+index 254d8f0..b0fc04d 100644
+--- a/std/path.d
++++ b/std/path.d
+@@ -3080,8 +3080,11 @@ unittest
+ }
+ else
+ {
++ pragma(msg, "test disabled on GNU Guix");
++/*
+ assert(expandTilde("~root") == "/root", expandTilde("~root"));
+ assert(expandTilde("~root/") == "/root/", expandTilde("~root/"));
++*/
+ }
+ assert(expandTilde("~Idontexist/hey") == "~Idontexist/hey");
+ }
+diff --git a/std/socket.d b/std/socket.d
+index b85d1c9..7fbf346 100644
+--- a/std/socket.d
++++ b/std/socket.d
+@@ -517,6 +517,8 @@ class Protocol
+
+ unittest
+ {
++ pragma(msg, "test disabled on GNU Guix");
++/*
+ // getprotobyname,number are unimplemented on Android
+ softUnittest({
+ Protocol proto = new Protocol;
+@@ -530,6 +532,7 @@ unittest
+ assert(proto.name == "tcp");
+ assert(proto.aliases.length == 1 && proto.aliases[0] == "TCP");
+ });
++*/
+ }
+
+
+@@ -859,6 +862,8 @@ class InternetHost
+
+ unittest
+ {
++ pragma(msg, "test disabled on GNU Guix");
++ /*
+ InternetHost ih = new InternetHost;
+
+ ih.getHostByAddr(0x7F_00_00_01);
+@@ -889,6 +894,7 @@ unittest
+ // writefln("aliases[%d] = %s", i, s);
+ // }
+ });
++ */
+ }
+
+
diff --git a/gnu/packages/patches/libcmis-fix-test-onedrive.patch b/gnu/packages/patches/libcmis-fix-test-onedrive.patch
new file mode 100644
index 0000000000..adf2e0b8e5
--- /dev/null
+++ b/gnu/packages/patches/libcmis-fix-test-onedrive.patch
@@ -0,0 +1,35 @@
+Patch from resolution of http://sourceforge.net/p/libcmis/tickets/13/
+
+From 814c7845d53688b35a747cf193c2ff99e40a8652 Mon Sep 17 00:00:00 2001
+From: Jonathan Wakely <jwakely@redhat.com>
+Date: Wed, 2 Sep 2015 16:35:45 +0100
+Subject: [PATCH 5/5] Remove invalid comments from test JSON file.
+
+---
+ qa/libcmis/data/onedrive/search-result.json | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/qa/libcmis/data/onedrive/search-result.json b/qa/libcmis/data/onedrive/search-result.json
+index 61d250a..2482429 100644
+--- a/qa/libcmis/data/onedrive/search-result.json
++++ b/qa/libcmis/data/onedrive/search-result.json
+@@ -8,7 +8,7 @@
+ },
+ "name":"OneDriveFile",
+ "description":"",
+- "parent_id":"folderA", // path: /A/Wrong File
++ "parent_id":"folderA",
+ "size":18047,
+ "upload_location":"https://apis.live.net/v5.0/wrongFileId/content/",
+ "comments_count":0,
+@@ -32,7 +32,7 @@
+ },
+ "name":"OneDriveFile",
+ "description":"",
+- "parent_id":"folderC", // path: /A/B/C/Right File
++ "parent_id":"folderC",
+ "size":4,
+ "upload_location":"https://apis.live.net/v5.0/rightFileId/content/",
+ "comments_count":0,
+--
+2.4.3 \ No newline at end of file
diff --git a/gnu/packages/patches/nss-pkgconfig.patch b/gnu/packages/patches/nss-pkgconfig.patch
index 80c0c5b009..e611f69bea 100644
--- a/gnu/packages/patches/nss-pkgconfig.patch
+++ b/gnu/packages/patches/nss-pkgconfig.patch
@@ -7,8 +7,10 @@ Modifications:
Remove optional patching in nss/Makefile.
Include -L$libdir in output from "nss-config --libs".
---- nss-3.17.1/nss/config/Makefile
-+++ nss-3.17.1/nss/config/Makefile
+Later adapted to apply cleanly to nss-3.21.
+
+--- nss-3.21/nss/config/Makefile
++++ nss-3.21/nss/config/Makefile
@@ -0,0 +1,40 @@
+CORE_DEPTH = ..
+DEPTH = ..
@@ -50,8 +52,8 @@ Modifications:
+
+dummy: all export libs
+
---- nss-3.17.1/nss/config/nss-config.in
-+++ nss-3.17.1/nss/config/nss-config.in
+--- nss-3.21/nss/config/nss-config.in
++++ nss-3.21/nss/config/nss-config.in
@@ -0,0 +1,145 @@
+#!/bin/sh
+
@@ -198,8 +200,8 @@ Modifications:
+ echo $libdirs
+fi
+
---- nss-3.17.1/nss/config/nss.pc.in
-+++ nss-3.17.1/nss/config/nss.pc.in
+--- nss-3.21/nss/config/nss.pc.in
++++ nss-3.21/nss/config/nss.pc.in
@@ -0,0 +1,12 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
@@ -213,14 +215,11 @@ Modifications:
+Libs: -L${libdir} -lssl3 -lsmime3 -lnss3 -lnssutil3
+Cflags: -I${includedir}
+
---- nss-3.17.1/nss/manifest.mn
-+++ nss-3.17.1/nss/manifest.mn
-@@ -10,7 +10,7 @@
+--- nss-3.21/nss/manifest.mn
++++ nss-3.21/nss/manifest.mn
+@@ -10,4 +10,4 @@
RELEASE = nss
--DIRS = coreconf lib cmd
-+DIRS = coreconf lib cmd config
-
- ifdef NSS_BUILD_GTESTS
- DIRS += external_tests
+-DIRS = coreconf lib cmd external_tests
++DIRS = coreconf lib cmd external_tests config
diff --git a/gnu/packages/patches/openimageio-boost-1.60.patch b/gnu/packages/patches/openimageio-boost-1.60.patch
new file mode 100644
index 0000000000..92fc3237bb
--- /dev/null
+++ b/gnu/packages/patches/openimageio-boost-1.60.patch
@@ -0,0 +1,47 @@
+From 875fbbd92695397bfc83d1cd5fdd4094e1d50199 Mon Sep 17 00:00:00 2001
+From: Larry Gritz <lg@larrygritz.com>
+Date: Mon, 28 Dec 2015 11:46:07 -0800
+Subject: [PATCH] Python ImageCache binding fixes -- disable broken calls
+
+Some of these calls (thankfully undocumented and presumably unused)
+are horribly broken. They compiled before, but with new Boost 1.60
+they don't even compile properly. So just comment them out on this
+obsolete branch. They are fully fixed in RB-1.6 and beyond.
+
+--- a/src/python/py_imagecache.cpp
++++ b/src/python/py_imagecache.cpp
+@@ -199,23 +199,24 @@ void declare_imagecache()
+ .def("destroy", &ImageCacheWrap::destroy)
+ .staticmethod("destroy")
+ .def("clear", &ImageCacheWrap::clear)
+- .def("attribute", &ImageCacheWrap::attribute)
++ // .def("attribute", &ImageCacheWrap::attribute)
+ .def("attribute", &ImageCacheWrap::attribute_int)
+ .def("attribute", &ImageCacheWrap::attribute_float)
+- .def("attribute", &ImageCacheWrap::attribute_double)
+- .def("attribute", &ImageCacheWrap::attribute_char)
++ // .def("attribute", &ImageCacheWrap::attribute_double)
++ // .def("attribute", &ImageCacheWrap::attribute_char)
+ .def("attribute", &ImageCacheWrap::attribute_string)
+- .def("getattribute", &ImageCacheWrap::attribute)
++ // .def("getattribute", &ImageCacheWrap::attribute)
+ .def("getattribute", &ImageCacheWrap::getattribute_int)
+ .def("getattribute", &ImageCacheWrap::getattribute_float)
+- .def("getattribute", &ImageCacheWrap::getattribute_double)
+- .def("getattribute", &ImageCacheWrap::getattribute_char)
++ // .def("getattribute", &ImageCacheWrap::getattribute_double)
++ // .def("getattribute", &ImageCacheWrap::getattribute_char)
+ .def("getattribute", &ImageCacheWrap::getattribute_string)
+- .def("resolve_filename", &ImageCacheWrap::resolve_filename)
+- .def("get_image_info", &ImageCacheWrap::get_image_info)
+- .def("get_image_info", &ImageCacheWrap::get_image_info_old)
++ // .def("get_image_info", &ImageCacheWrap::get_image_info)
++ // .def("get_image_info", &ImageCacheWrap::get_image_info_old)
+ .def("get_imagespec", &ImageCacheWrap::get_imagespec)
+- .def("get_pixels", &ImageCacheWrap::get_pixels)
++ // .def("get_pixels", &ImageCacheWrap::get_pixels)
++ .def("resolve_filename", &ImageCacheWrap::resolve_filename)
++
+ // .def("get_tile", &ImageCacheWrap::get_tile)
+ // .def("release_tile", &ImageCacheWrap::release_tile)
+ // .def("tile_pixels", &ImageCacheWrap::tile_pixels)
diff --git a/gnu/packages/patches/sudo-CVE-2015-5602.patch b/gnu/packages/patches/sudo-CVE-2015-5602.patch
new file mode 100644
index 0000000000..36c90fbee7
--- /dev/null
+++ b/gnu/packages/patches/sudo-CVE-2015-5602.patch
@@ -0,0 +1,372 @@
+Based on the patch from https://www.sudo.ws/repos/sudo/raw-rev/c2e36a80a279
+Backported to 1.8.15 by Mark H Weaver <mhw@netris.org>
+
+# HG changeset patch
+# User Todd C. Miller <Todd.Miller@courtesan.com>
+# Date 1452475889 25200
+# Node ID c2e36a80a27927c32cba55afae78b8dc830cddc3
+# Parent 94ffd6b18431fa4b9ed0a0c3f0b7b9582a4f6bde
+Rewritten sudoedit_checkdir support that checks all the dirs in the
+path and refuses to follow symlinks in writable directories.
+This is a better fix for CVE-2015-5602.
+Adapted from a diff by Ben Hutchings. Bug #707
+
+diff -r 94ffd6b18431 -r c2e36a80a279 doc/CONTRIBUTORS
+--- a/doc/CONTRIBUTORS Mon Jan 04 10:47:11 2016 -0700
++++ b/doc/CONTRIBUTORS Sun Jan 10 18:31:29 2016 -0700
+@@ -58,6 +58,7 @@
+ Holloway, Nick
+ Hoover, Adam
+ Hunter, Michael T.
++ Hutchings, Ben
+ Irrgang, Eric
+ Jackson, Brian
+ Jackson, John R.
+diff -r 94ffd6b18431 -r c2e36a80a279 doc/UPGRADE
+--- a/doc/UPGRADE Mon Jan 04 10:47:11 2016 -0700
++++ b/doc/UPGRADE Sun Jan 10 18:31:29 2016 -0700
+@@ -1,6 +1,15 @@
+ Notes on upgrading from an older release
+ ========================================
+
++o Upgrading from a version prior to the post-1.8.15 fix for CVE-2015-5602.
++
++ The meaning of the sudoedit_checkdir sudoers option has changed.
++ Previously, it would only check the parent directory
++ of the file to be edited. After the CVE fix, all directories
++ in the path to be edited are checked and sudoedit will refuse
++ to follow a symbolic link in a directory that is writable by
++ the invoking user.
++
+ o Upgrading from a version prior to 1.8.15:
+
+ Prior to version 1.8.15, when env_reset was enabled (the default)
+diff -r 94ffd6b18431 -r c2e36a80a279 doc/sudoers.cat
+--- a/doc/sudoers.cat Mon Jan 04 10:47:11 2016 -0700
++++ b/doc/sudoers.cat Sun Jan 10 18:31:29 2016 -0700
+@@ -1275,12 +1275,15 @@
+ system call. This flag is _o_f_f by default.
+
+ sudoedit_checkdir
+- If set, ssuuddooeeddiitt will refuse to edit files located in a
+- directory that is writable by the invoking user unless
+- it is run by root. On many systems, this option
+- requires that the parent directory of the file to be
+- edited be readable by the target user. This flag is
+- _o_f_f by default.
++ If set, ssuuddooeeddiitt will check directories in the path to
++ be edited for writability by the invoking user.
++ Symbolic links will not be followed in writable
++ directories and ssuuddooeeddiitt will also refuse to edit a
++ file located in a writable directory. Theses
++ restrictions are not enforced when ssuuddooeeddiitt is invoked
++ as root. On many systems, this option requires that
++ all directories in the path to be edited be readable by
++ the target user. This flag is _o_f_f by default.
+
+ sudoedit_follow By default, ssuuddooeeddiitt will not follow symbolic links
+ when opening files. The _s_u_d_o_e_d_i_t___f_o_l_l_o_w option can be
+diff -r 94ffd6b18431 -r c2e36a80a279 doc/sudoers.man.in
+--- a/doc/sudoers.man.in Mon Jan 04 10:47:11 2016 -0700
++++ b/doc/sudoers.man.in Sun Jan 10 18:31:29 2016 -0700
+@@ -2715,10 +2715,16 @@
+ .br
+ If set,
+ \fBsudoedit\fR
+-will refuse to edit files located in a directory that is writable
+-by the invoking user unless it is run by root.
+-On many systems, this option requires that the parent directory
+-of the file to be edited be readable by the target user.
++will check directories in the path to be edited for writability
++by the invoking user.
++Symbolic links will not be followed in writable directories and
++\fBsudoedit\fR
++will also refuse to edit a file located in a writable directory.
++Theses restrictions are not enforced when
++\fBsudoedit\fR
++is invoked as root.
++On many systems, this option requires that all directories
++in the path to be edited be readable by the target user.
+ This flag is
+ \fIoff\fR
+ by default.
+diff -r 94ffd6b18431 -r c2e36a80a279 doc/sudoers.mdoc.in
+--- a/doc/sudoers.mdoc.in Mon Jan 04 10:47:11 2016 -0700
++++ b/doc/sudoers.mdoc.in Sun Jan 10 18:31:29 2016 -0700
+@@ -2549,10 +2549,16 @@
+ .It sudoedit_checkdir
+ If set,
+ .Nm sudoedit
+-will refuse to edit files located in a directory that is writable
+-by the invoking user unless it is run by root.
+-On many systems, this option requires that the parent directory
+-of the file to be edited be readable by the target user.
++will check directories in the path to be edited for writability
++by the invoking user.
++Symbolic links will not be followed in writable directories and
++.Nm sudoedit
++will also refuse to edit a file located in a writable directory.
++Theses restrictions are not enforced when
++.Nm sudoedit
++is invoked as root.
++On many systems, this option requires that all directories
++in the path to be edited be readable by the target user.
+ This flag is
+ .Em off
+ by default.
+diff -r 94ffd6b18431 -r c2e36a80a279 include/sudo_compat.h
+--- a/include/sudo_compat.h Mon Jan 04 10:47:11 2016 -0700
++++ b/include/sudo_compat.h Sun Jan 10 18:31:29 2016 -0700
+@@ -182,6 +182,8 @@
+ # ifndef UTIME_NOW
+ # define UTIME_NOW -2L
+ # endif
++#endif
++#if !defined(HAVE_OPENAT) || (!defined(HAVE_FUTIMENS) && !defined(HAVE_UTIMENSAT))
+ # ifndef AT_FDCWD
+ # define AT_FDCWD -100
+ # endif
+diff -r 94ffd6b18431 -r c2e36a80a279 src/sudo_edit.c
+--- a/src/sudo_edit.c Mon Jan 04 10:47:11 2016 -0700
++++ b/src/sudo_edit.c Sun Jan 10 18:31:29 2016 -0700
+@@ -179,13 +179,15 @@
+ }
+
+ #ifndef HAVE_OPENAT
+-/* This does not support AT_FDCWD... */
+ static int
+ sudo_openat(int dfd, const char *path, int flags, mode_t mode)
+ {
+ int fd, odfd;
+ debug_decl(sudo_openat, SUDO_DEBUG_EDIT)
+
++ if (dfd == AT_FDCWD)
++ debug_return_int(open(path, flags, mode));
++
+ /* Save cwd */
+ if ((odfd = open(".", O_RDONLY)) == -1)
+ debug_return_int(-1);
+@@ -207,6 +209,64 @@
+ #define openat sudo_openat
+ #endif /* HAVE_OPENAT */
+
++#ifdef O_NOFOLLOW
++static int
++sudo_edit_openat_nofollow(int dfd, char *path, int oflags, mode_t mode)
++{
++ debug_decl(sudo_edit_open_nofollow, SUDO_DEBUG_EDIT)
++
++ debug_return_int(openat(dfd, path, oflags|O_NOFOLLOW, mode));
++}
++#else
++/*
++ * Returns true if fd and path don't match or path is a symlink.
++ * Used on older systems without O_NOFOLLOW.
++ */
++static bool
++sudo_edit_is_symlink(int fd, char *path)
++{
++ struct stat sb1, sb2;
++ debug_decl(sudo_edit_is_symlink, SUDO_DEBUG_EDIT)
++
++ /*
++ * Treat [fl]stat() failure like there was a symlink.
++ */
++ if (fstat(fd, &sb1) == -1 || lstat(path, &sb2) == -1)
++ debug_return_bool(true);
++
++ /*
++ * Make sure we did not open a link and that what we opened
++ * matches what is currently on the file system.
++ */
++ if (S_ISLNK(sb2.st_mode) ||
++ sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) {
++ debug_return_bool(true);
++ }
++
++ debug_return_bool(false);
++}
++
++static int
++sudo_edit_openat_nofollow(char *path, int oflags, mode_t mode)
++{
++ struct stat sb1, sb2;
++ int fd;
++ debug_decl(sudo_edit_openat_nofollow, SUDO_DEBUG_EDIT)
++
++ fd = openat(dfd, path, oflags, mode);
++ if (fd == -1)
++ debug_return_int(-1);
++
++ if (sudo_edit_is_symlink(fd, path)) {
++ close(fd);
++ fd = -1;
++ errno = ELOOP;
++ }
++
++ debug_return_int(fd);
++}
++#endif /* O_NOFOLLOW */
++
+ /*
+ * Returns true if the directory described by sb is writable
+ * by the user. We treat directories with the sticky bit as
+@@ -245,49 +305,94 @@
+ debug_return_bool(false);
+ }
+
++/*
++ * Directory open flags for use with openat(2) and fstat(2).
++ * Use O_PATH and O_DIRECTORY where possible.
++ */
++#if defined(O_PATH) && defined(O_DIRECTORY)
++# define DIR_OPEN_FLAGS (O_PATH|O_DIRECTORY)
++#elif defined(O_PATH) && !defined(O_DIRECTORY)
++# define DIR_OPEN_FLAGS O_PATH
++#elif !defined(O_PATH) && defined(O_DIRECTORY)
++# define DIR_OPEN_FLAGS (O_RDONLY|O_DIRECTORY)
++#else
++# define DIR_OPEN_FLAGS (O_RDONLY|O_NONBLOCK)
++#endif
++
+ static int
+ sudo_edit_open_nonwritable(char *path, int oflags, mode_t mode)
+ {
+- char *base, *dir;
++ int dfd, fd, dflags = DIR_OPEN_FLAGS;
++#if defined(__linux__) && defined(O_PATH)
++ char *opath = path;
++#endif
++ bool is_writable;
+ struct stat sb;
+- int dfd, fd;
+ debug_decl(sudo_edit_open_nonwritable, SUDO_DEBUG_EDIT)
+
+- base = strrchr(path, '/');
+- if (base != NULL) {
+- *base++ = '\0';
+- dir = path;
++#if defined(__linux__) && defined(O_PATH)
++restart:
++#endif
++ if (path[0] == '/') {
++ dfd = open("/", dflags);
++ path++;
+ } else {
+- base = path;
+- dir = ".";
++ dfd = open(".", dflags);
++ if (path[0] == '.' && path[1] == '/')
++ path += 2;
+ }
+-#ifdef O_PATH
+- if ((dfd = open(dir, O_PATH)) != -1) {
+- /* Linux kernels < 3.6 can't do fstat on O_PATH fds. */
+- if (fstat(dfd, &sb) == -1) {
+- close(dfd);
+- dfd = open(dir, O_RDONLY);
+- if (fstat(dfd, &sb) == -1) {
+- close(dfd);
+- dfd = -1;
+- }
+- }
+- }
+-#else
+- if ((dfd = open(dir, O_RDONLY)) != -1) {
+- if (fstat(dfd, &sb) == -1) {
+- close(dfd);
+- dfd = -1;
+- }
+- }
+-#endif
+- if (base != path)
+- base[-1] = '/'; /* restore path */
+ if (dfd == -1)
+ debug_return_int(-1);
+
+- if (dir_is_writable(&sb, user_details.uid, user_details.gid,
+- user_details.ngroups, user_details.groups)) {
++ for (;;) {
++ char *slash;
++ int subdfd;
++
++ /*
++ * Look up one component at a time, avoiding symbolic links in
++ * writable directories.
++ */
++ if (fstat(dfd, &sb) == -1) {
++ close(dfd);
++#if defined(__linux__) && defined(O_PATH)
++ /* Linux prior to 3.6 can't fstat an O_PATH fd */
++ if (ISSET(dflags, O_PATH)) {
++ CLR(dflags, O_PATH);
++ path = opath;
++ goto restart;
++ }
++#endif
++ debug_return_int(-1);
++ }
++#ifndef O_DIRECTORY
++ if (!S_ISDIR(sb.st_mode)) {
++ close(dfd);
++ errno = ENOTDIR;
++ debug_return_int(-1);
++ }
++#endif
++ is_writable = dir_is_writable(&sb, user_details.uid, user_details.gid,
++ user_details.ngroups, user_details.groups);
++
++ while (path[0] == '/')
++ path++;
++ slash = strchr(path, '/');
++ if (slash == NULL)
++ break;
++ *slash = '\0';
++ if (is_writable)
++ subdfd = sudo_edit_openat_nofollow(dfd, path, dflags, 0);
++ else
++ subdfd = openat(dfd, path, dflags, 0);
++ *slash = '/'; /* restore path */
++ close(dfd);
++ if (subdfd == -1)
++ debug_return_int(-1);
++ path = slash + 1;
++ dfd = subdfd;
++ }
++
++ if (is_writable) {
+ close(dfd);
+ errno = EISDIR;
+ debug_return_int(-1);
+@@ -332,27 +437,10 @@
+ if (!ISSET(oflags, O_NONBLOCK))
+ (void) fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+
+- /*
+- * Treat [fl]stat() failure like an open() failure.
+- */
+- if (fstat(fd, &sb1) == -1 || lstat(path, &sb2) == -1) {
+- const int serrno = errno;
++ if (!ISSET(sflags, CD_SUDOEDIT_FOLLOW) && sudo_edit_is_symlink(fd, path)) {
+ close(fd);
+- errno = serrno;
+- debug_return_int(-1);
+- }
+-
+- /*
+- * Make sure we did not open a link and that what we opened
+- * matches what is currently on the file system.
+- */
+- if (!ISSET(sflags, CD_SUDOEDIT_FOLLOW)) {
+- if (S_ISLNK(sb2.st_mode) ||
+- sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) {
+- close(fd);
+- errno = ELOOP;
+- debug_return_int(-1);
+- }
++ fd = -1;
++ errno = ELOOP;
+ }
+
+ debug_return_int(fd);
+
diff --git a/gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch b/gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch
new file mode 100644
index 0000000000..5b78f2d909
--- /dev/null
+++ b/gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch
@@ -0,0 +1,24 @@
+Subject: Disable SSLv2 and SSLv3.
+
+The only remaining methods are TLSv1.* (the code never distinguishes
+between TLSv1.0, TLSv1.1, and TLSv1.2).
+---
+ fm.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fm.h b/fm.h
+index 320906c..ddcd4fc 100644
+--- a/fm.h
++++ b/fm.h
+@@ -1144,7 +1144,7 @@ global int ssl_path_modified init(FALSE);
+ #endif /* defined(USE_SSL) &&
+ * defined(USE_SSL_VERIFY) */
+ #ifdef USE_SSL
+-global char *ssl_forbid_method init(NULL);
++global char *ssl_forbid_method init("2, 3");
+ #endif
+
+ global int is_redisplay init(FALSE);
+--
+2.6.4
+
diff --git a/gnu/packages/patches/w3m-disable-weak-ciphers.patch b/gnu/packages/patches/w3m-disable-weak-ciphers.patch
new file mode 100644
index 0000000000..4780d54cb6
--- /dev/null
+++ b/gnu/packages/patches/w3m-disable-weak-ciphers.patch
@@ -0,0 +1,24 @@
+Subject: Disable weak ciphers
+
+Disable RC4, "export ciphers", and all keys < 128 bits.
+
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/w3m/+bug/1325674
+---
+ url.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/url.c b/url.c
+index ed6062e..e86b1f3 100644
+--- a/url.c
++++ b/url.c
+@@ -326,6 +326,7 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
+ SSL_load_error_strings();
+ if (!(ssl_ctx = SSL_CTX_new(SSLv23_client_method())))
+ goto eend;
++ SSL_CTX_set_cipher_list(ssl_ctx, "DEFAULT:!LOW:!RC4:!EXP");
+ option = SSL_OP_ALL;
+ if (ssl_forbid_method) {
+ if (strchr(ssl_forbid_method, '2'))
+--
+2.6.4
+
diff --git a/gnu/packages/patches/w3m-fix-compile.patch b/gnu/packages/patches/w3m-fix-compile.patch
deleted file mode 100644
index 5604052f67..0000000000
--- a/gnu/packages/patches/w3m-fix-compile.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-https://bugs.archlinux.org/task/33397
-
-diff -aur old/main.c new/main.c
---- main.c 2013-01-14 18:16:14.216210053 -0600
-+++ main.c 2013-01-14 18:17:28.816220559 -0600
-@@ -833,7 +833,8 @@
- mySignal(SIGPIPE, SigPipe);
- #endif
-
-- orig_GC_warn_proc = GC_set_warn_proc(wrap_GC_warn_proc);
-+ orig_GC_warn_proc = GC_get_warn_proc();
-+ GC_set_warn_proc(wrap_GC_warn_proc);
- err_msg = Strnew();
- if (load_argc == 0) {
- /* no URL specified */
diff --git a/gnu/packages/patches/w3m-force-ssl_verify_server-on.patch b/gnu/packages/patches/w3m-force-ssl_verify_server-on.patch
new file mode 100644
index 0000000000..dc9f117f9d
--- /dev/null
+++ b/gnu/packages/patches/w3m-force-ssl_verify_server-on.patch
@@ -0,0 +1,24 @@
+Subject: Force ssl_verify_server on.
+
+By default, SSL/TLS certificates are not verified. This enables the
+verification.
+---
+ fm.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fm.h b/fm.h
+index 8378939..320906c 100644
+--- a/fm.h
++++ b/fm.h
+@@ -1135,7 +1135,7 @@ global int view_unseenobject init(TRUE);
+ #endif
+
+ #if defined(USE_SSL) && defined(USE_SSL_VERIFY)
+-global int ssl_verify_server init(FALSE);
++global int ssl_verify_server init(TRUE);
+ global char *ssl_cert_file init(NULL);
+ global char *ssl_key_file init(NULL);
+ global char *ssl_ca_path init(NULL);
+--
+2.6.4
+
diff --git a/gnu/packages/patches/w3m-libgc.patch b/gnu/packages/patches/w3m-libgc.patch
new file mode 100644
index 0000000000..0dc6a4027c
--- /dev/null
+++ b/gnu/packages/patches/w3m-libgc.patch
@@ -0,0 +1,28 @@
+This patch fixes w3m compilation with libgc > 7.2.
+
+Reported:
+https://bugs.archlinux.org/task/33397
+
+Patch with explanation:
+http://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=770eec8304bdbe458
+---
+ main.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/main.c b/main.c
+index b421943..249eb1a 100644
+--- a/main.c
++++ b/main.c
+@@ -833,7 +833,8 @@ main(int argc, char **argv, char **envp)
+ mySignal(SIGPIPE, SigPipe);
+ #endif
+
+- orig_GC_warn_proc = GC_set_warn_proc(wrap_GC_warn_proc);
++ orig_GC_warn_proc = GC_get_warn_proc();
++ GC_set_warn_proc(wrap_GC_warn_proc);
+ err_msg = Strnew();
+ if (load_argc == 0) {
+ /* no URL specified */
+--
+2.6.4
+