aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/awesome-reproducible-png.patch4
-rw-r--r--gnu/packages/patches/cairo-CVE-2016-9082.patch122
-rw-r--r--gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch81
-rw-r--r--gnu/packages/patches/cssc-gets-undeclared.patch17
-rw-r--r--gnu/packages/patches/cssc-missing-include.patch12
-rw-r--r--gnu/packages/patches/fcgi-2.4.0-gcc44-fixes.patch14
-rw-r--r--gnu/packages/patches/fcgi-2.4.0-poll.patch89
-rw-r--r--gnu/packages/patches/gcc-4.9.3-mingw-gthr-default.patch11
-rw-r--r--gnu/packages/patches/gcj-arm-mode.patch36
-rw-r--r--gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch40
-rw-r--r--gnu/packages/patches/gst-plugins-good-fix-crashes.patch1047
-rw-r--r--gnu/packages/patches/gst-plugins-good-fix-invalid-read.patch37
-rw-r--r--gnu/packages/patches/gst-plugins-good-fix-signedness.patch58
-rw-r--r--gnu/packages/patches/gst-plugins-good-flic-bounds-check.patch319
-rw-r--r--gnu/packages/patches/httpd-CVE-2016-8740.patch36
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-9064.patch996
-rw-r--r--gnu/packages/patches/inkscape-drop-wait-for-targets.patch68
-rw-r--r--gnu/packages/patches/kdbusaddons-kinit-file-name.patch15
-rw-r--r--gnu/packages/patches/khal-disable-failing-tests.patch33
-rw-r--r--gnu/packages/patches/libepoxy-gl-null-checks.patch54
-rw-r--r--gnu/packages/patches/libpng-CVE-2016-10087.patch37
-rw-r--r--gnu/packages/patches/libupnp-CVE-2016-8863.patch72
-rw-r--r--gnu/packages/patches/libxml2-CVE-2016-4658.patch257
-rw-r--r--gnu/packages/patches/libxml2-CVE-2016-5131.patch218
-rw-r--r--gnu/packages/patches/mcrypt-CVE-2012-4409.patch35
-rw-r--r--gnu/packages/patches/mcrypt-CVE-2012-4527.patch198
-rw-r--r--gnu/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch218
-rw-r--r--gnu/packages/patches/multiqc-fix-git-subprocess-error.patch16
-rw-r--r--gnu/packages/patches/mupdf-CVE-2016-6265.patch30
-rw-r--r--gnu/packages/patches/mupdf-CVE-2016-6525.patch21
-rw-r--r--gnu/packages/patches/mupdf-CVE-2016-7504.patch99
-rw-r--r--gnu/packages/patches/mupdf-CVE-2016-7505.patch32
-rw-r--r--gnu/packages/patches/mupdf-CVE-2016-7506.patch42
-rw-r--r--gnu/packages/patches/mupdf-CVE-2016-7563.patch37
-rw-r--r--gnu/packages/patches/mupdf-CVE-2016-7564.patch34
-rw-r--r--gnu/packages/patches/mupdf-CVE-2016-8674.patch165
-rw-r--r--gnu/packages/patches/mupdf-CVE-2016-9017.patch46
-rw-r--r--gnu/packages/patches/mupdf-CVE-2016-9136.patch32
-rw-r--r--gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch9
-rw-r--r--gnu/packages/patches/nasm-no-ps-pdf.patch20
-rw-r--r--gnu/packages/patches/netcdf-config-date.patch47
-rw-r--r--gnu/packages/patches/netcdf-date-time.patch11
-rw-r--r--gnu/packages/patches/netcdf-tst_h_par.patch21
-rw-r--r--gnu/packages/patches/ocaml-Add-a-.file-directive.patch96
-rw-r--r--gnu/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch125
-rw-r--r--gnu/packages/patches/ocaml-bitstring-fix-configure.patch53
-rw-r--r--gnu/packages/patches/onionshare-fix-install-paths.patch39
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2015-6581.patch47
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch245
-rw-r--r--gnu/packages/patches/openssh-memory-exhaustion.patch39
-rw-r--r--gnu/packages/patches/python-2.7-site-prefixes.patch26
-rw-r--r--gnu/packages/patches/python-dendropy-exclude-failing-tests.patch21
-rw-r--r--gnu/packages/patches/python-pycrypto-CVE-2013-7459.patch97
-rw-r--r--gnu/packages/patches/python-rarfile-fix-tests.patch14
-rw-r--r--gnu/packages/patches/qemu-CVE-2016-8576.patch62
-rw-r--r--gnu/packages/patches/qemu-CVE-2016-8577.patch36
-rw-r--r--gnu/packages/patches/qemu-CVE-2016-8578.patch27
-rw-r--r--gnu/packages/patches/readline-7.0-mingw.patch28
-rw-r--r--gnu/packages/patches/ruby-symlinkfix.patch53
-rw-r--r--gnu/packages/patches/seq24-rename-mutex.patch124
-rw-r--r--gnu/packages/patches/slock-CVE-2016-6866.patch51
-rw-r--r--gnu/packages/patches/tcsh-fix-out-of-bounds-read.patch31
-rw-r--r--gnu/packages/patches/unrtf-CVE-2016-10091.patch189
-rw-r--r--gnu/packages/patches/vtk-mesa-10.patch36
64 files changed, 2501 insertions, 3724 deletions
diff --git a/gnu/packages/patches/awesome-reproducible-png.patch b/gnu/packages/patches/awesome-reproducible-png.patch
index 0fae65bc71..d8e92c70f9 100644
--- a/gnu/packages/patches/awesome-reproducible-png.patch
+++ b/gnu/packages/patches/awesome-reproducible-png.patch
@@ -7,8 +7,8 @@ See <https://wiki.debian.org/ReproducibleBuilds/TimestampsInPNG>.
set(ALL_ICONS ${ALL_ICONS} ${output})
add_custom_command(
-- COMMAND ${CONVERT_EXECUTABLE} ${input} ${ARGN} ${output}
-+ COMMAND ${CONVERT_EXECUTABLE} +set date:create +set date:modify -define png:exclude-chunk=time ${input} ${ARGN} ${output}
+- COMMAND ${CONVERT_EXECUTABLE} ${input} -strip ${ARGN} ${output}
++ COMMAND ${CONVERT_EXECUTABLE} +set date:create +set date:modify -define png:exclude-chunk=time ${input} -strip ${ARGN} ${output}
OUTPUT ${output}
DEPENDS ${input}
VERBATIM)
diff --git a/gnu/packages/patches/cairo-CVE-2016-9082.patch b/gnu/packages/patches/cairo-CVE-2016-9082.patch
new file mode 100644
index 0000000000..ad83404194
--- /dev/null
+++ b/gnu/packages/patches/cairo-CVE-2016-9082.patch
@@ -0,0 +1,122 @@
+From: Adrian Johnson <ajohnson@redneon.com>
+Date: Thu, 20 Oct 2016 21:12:30 +1030
+Subject: [PATCH] image: prevent invalid ptr access for > 4GB images
+
+Image data is often accessed using:
+
+ image->data + y * image->stride
+
+On 64-bit achitectures if the image data is > 4GB, this computation
+will overflow since both y and stride are 32-bit types.
+
+bug report: https://bugs.freedesktop.org/show_bug.cgi?id=98165
+patch: https://bugs.freedesktop.org/attachment.cgi?id=127421
+---
+ boilerplate/cairo-boilerplate.c | 4 +++-
+ src/cairo-image-compositor.c | 4 ++--
+ src/cairo-image-surface-private.h | 2 +-
+ src/cairo-mesh-pattern-rasterizer.c | 2 +-
+ src/cairo-png.c | 2 +-
+ src/cairo-script-surface.c | 3 ++-
+ 6 files changed, 10 insertions(+), 7 deletions(-)
+
+diff --git a/boilerplate/cairo-boilerplate.c b/boilerplate/cairo-boilerplate.c
+index 7fdbf79..4804dea 100644
+--- a/boilerplate/cairo-boilerplate.c
++++ b/boilerplate/cairo-boilerplate.c
+@@ -42,6 +42,7 @@
+ #undef CAIRO_VERSION_H
+ #include "../cairo-version.h"
+
++#include <stddef.h>
+ #include <stdlib.h>
+ #include <ctype.h>
+ #include <assert.h>
+@@ -976,7 +977,8 @@ cairo_surface_t *
+ cairo_boilerplate_image_surface_create_from_ppm_stream (FILE *file)
+ {
+ char format;
+- int width, height, stride;
++ int width, height;
++ ptrdiff_t stride;
+ int x, y;
+ unsigned char *data;
+ cairo_surface_t *image = NULL;
+diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c
+index 48072f8..3ca0006 100644
+--- a/src/cairo-image-compositor.c
++++ b/src/cairo-image-compositor.c
+@@ -1575,7 +1575,7 @@ typedef struct _cairo_image_span_renderer {
+ pixman_image_t *src, *mask;
+ union {
+ struct fill {
+- int stride;
++ ptrdiff_t stride;
+ uint8_t *data;
+ uint32_t pixel;
+ } fill;
+@@ -1594,7 +1594,7 @@ typedef struct _cairo_image_span_renderer {
+ struct finish {
+ cairo_rectangle_int_t extents;
+ int src_x, src_y;
+- int stride;
++ ptrdiff_t stride;
+ uint8_t *data;
+ } mask;
+ } u;
+diff --git a/src/cairo-image-surface-private.h b/src/cairo-image-surface-private.h
+index 8ca694c..7e78d61 100644
+--- a/src/cairo-image-surface-private.h
++++ b/src/cairo-image-surface-private.h
+@@ -71,7 +71,7 @@ struct _cairo_image_surface {
+
+ int width;
+ int height;
+- int stride;
++ ptrdiff_t stride;
+ int depth;
+
+ unsigned owns_data : 1;
+diff --git a/src/cairo-mesh-pattern-rasterizer.c b/src/cairo-mesh-pattern-rasterizer.c
+index 1b63ca8..e7f0db6 100644
+--- a/src/cairo-mesh-pattern-rasterizer.c
++++ b/src/cairo-mesh-pattern-rasterizer.c
+@@ -470,7 +470,7 @@ draw_pixel (unsigned char *data, int width, int height, int stride,
+ tg += tg >> 16;
+ tb += tb >> 16;
+
+- *((uint32_t*) (data + y*stride + 4*x)) = ((ta << 16) & 0xff000000) |
++ *((uint32_t*) (data + y*(ptrdiff_t)stride + 4*x)) = ((ta << 16) & 0xff000000) |
+ ((tr >> 8) & 0xff0000) | ((tg >> 16) & 0xff00) | (tb >> 24);
+ }
+ }
+diff --git a/src/cairo-png.c b/src/cairo-png.c
+index 562b743..aa8c227 100644
+--- a/src/cairo-png.c
++++ b/src/cairo-png.c
+@@ -673,7 +673,7 @@ read_png (struct png_read_closure_t *png_closure)
+ }
+
+ for (i = 0; i < png_height; i++)
+- row_pointers[i] = &data[i * stride];
++ row_pointers[i] = &data[i * (ptrdiff_t)stride];
+
+ png_read_image (png, row_pointers);
+ png_read_end (png, info);
+diff --git a/src/cairo-script-surface.c b/src/cairo-script-surface.c
+index ea0117d..91e4baa 100644
+--- a/src/cairo-script-surface.c
++++ b/src/cairo-script-surface.c
+@@ -1202,7 +1202,8 @@ static cairo_status_t
+ _write_image_surface (cairo_output_stream_t *output,
+ const cairo_image_surface_t *image)
+ {
+- int stride, row, width;
++ int row, width;
++ ptrdiff_t stride;
+ uint8_t row_stack[CAIRO_STACK_BUFFER_SIZE];
+ uint8_t *rowdata;
+ uint8_t *data;
+--
+2.1.4
+
diff --git a/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch b/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch
new file mode 100644
index 0000000000..59decde0e9
--- /dev/null
+++ b/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch
@@ -0,0 +1,81 @@
+diff -ur a/irregex-core.scm b/irregex-core.scm
+--- a/irregex-core.scm 2016-09-11 19:03:00.000000000 -0400
++++ b/irregex-core.scm 2017-01-01 22:24:08.000000000 -0500
+@@ -30,6 +30,8 @@
+
+ ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+ ;;;; History
++;; 0.9.6: 2016/12/05 - fixed exponential memory use of + in compilation
++;; of backtracking matcher.
+ ;; 0.9.5: 2016/09/10 - fixed a bug in irregex-fold handling of bow
+ ;; 0.9.4: 2015/12/14 - performance improvement for {n,m} matches
+ ;; 0.9.3: 2014/07/01 - R7RS library
+@@ -3170,16 +3172,7 @@
+ ((sre-empty? (sre-sequence (cdr sre)))
+ (error "invalid sre: empty *" sre))
+ (else
+- (letrec
+- ((body
+- (lp (sre-sequence (cdr sre))
+- n
+- flags
+- (lambda (cnk init src str i end matches fail)
+- (body cnk init src str i end matches
+- (lambda ()
+- (next cnk init src str i end matches fail)
+- ))))))
++ (let ((body (rec (list '+ (sre-sequence (cdr sre))))))
+ (lambda (cnk init src str i end matches fail)
+ (body cnk init src str i end matches
+ (lambda ()
+@@ -3204,10 +3197,21 @@
+ (lambda ()
+ (body cnk init src str i end matches fail))))))))
+ ((+)
+- (lp (sre-sequence (cdr sre))
+- n
+- flags
+- (rec (list '* (sre-sequence (cdr sre))))))
++ (cond
++ ((sre-empty? (sre-sequence (cdr sre)))
++ (error "invalid sre: empty +" sre))
++ (else
++ (letrec
++ ((body
++ (lp (sre-sequence (cdr sre))
++ n
++ flags
++ (lambda (cnk init src str i end matches fail)
++ (body cnk init src str i end matches
++ (lambda ()
++ (next cnk init src str i end matches fail)
++ ))))))
++ body))))
+ ((=)
+ (rec `(** ,(cadr sre) ,(cadr sre) ,@(cddr sre))))
+ ((>=)
+diff -ur a/irregex-utils.scm b/irregex-utils.scm
+--- a/irregex-utils.scm 2016-09-11 19:03:00.000000000 -0400
++++ b/irregex-utils.scm 2017-01-01 22:25:25.000000000 -0500
+@@ -89,7 +89,7 @@
+ (case (car x)
+ ((: seq)
+ (cond
+- ((and (pair? (cddr x)) (pair? (cddr x)) (not (eq? x obj)))
++ ((and (pair? (cdr x)) (pair? (cddr x)) (not (eq? x obj)))
+ (display "(?:" out) (for-each lp (cdr x)) (display ")" out))
+ (else (for-each lp (cdr x)))))
+ ((submatch)
+diff -ur "a/manual-html/Unit irregex.html" "b/manual-html/Unit irregex.html"
+--- "a/manual-html/Unit irregex.html" 2016-09-11 19:10:47.000000000 -0400
++++ "b/manual-html/Unit irregex.html" 2017-01-01 22:26:05.000000000 -0500
+@@ -353,6 +353,6 @@
+ <dd class="defsig"><p>Returns an optimized SRE matching any of the literal strings in the list, like Emacs' <tt>regexp-opt</tt>. Note this optimization doesn't help when irregex is able to build a DFA.</p></dd>
+ </dl>
+ <h5 id="sec:sre-.3estring"><a href="#sec:sre-.3estring">sre-&gt;string</a></h5><dl class="defsig"><dt class="defsig" id="def:sre-.3estring"><span class="sig"><tt>(sre-&gt;string &lt;sre&gt;)</tt></span> <span class="type">procedure</span></dt>
+-<dd class="defsig"><p>Convert an SRE to a POSIX-style regular expression string, if possible.</p></dd>
++<dd class="defsig"><p>Convert an SRE to a PCRE-style regular expression string, if possible.</p></dd>
+ </dl>
+-<hr /><p>Previous: <a href="Unit%20extras.html">Unit extras</a></p><p>Next: <a href="Unit%20srfi-1.html">Unit srfi-1</a></p></div></div></body>
+\ No newline at end of file
++<hr /><p>Previous: <a href="Unit%20extras.html">Unit extras</a></p><p>Next: <a href="Unit%20srfi-1.html">Unit srfi-1</a></p></div></div></body>
diff --git a/gnu/packages/patches/cssc-gets-undeclared.patch b/gnu/packages/patches/cssc-gets-undeclared.patch
deleted file mode 100644
index 68c607cf58..0000000000
--- a/gnu/packages/patches/cssc-gets-undeclared.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-CSSC uses a gets in a couple of places. For security reasons, modern gnulib
-does not allow this. This patch allows it again.
---- CSSC-1.3.0/gl/lib/stdio.in.h 2010-05-15 00:15:35.000000000 +0200
-+++ CSSC-1.3.0/gl/lib/stdio.in.h 2014-02-03 21:27:10.000000000 +0100
-@@ -135,12 +135,6 @@
- "use gnulib module fflush for portable POSIX compliance");
- #endif
-
--/* It is very rare that the developer ever has full control of stdin,
-- so any use of gets warrants an unconditional warning. Assume it is
-- always declared, since it is required by C89. */
--#undef gets
--_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
--
- #if @GNULIB_FOPEN@
- # if @REPLACE_FOPEN@
- # if !(defined __cplusplus && defined GNULIB_NAMESPACE)
diff --git a/gnu/packages/patches/cssc-missing-include.patch b/gnu/packages/patches/cssc-missing-include.patch
deleted file mode 100644
index 3cef9c15f1..0000000000
--- a/gnu/packages/patches/cssc-missing-include.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-Added a missing include file (necessary for gid_t and others).
-So far as I am aware, this has not been added upstream yet.
---- CSSC-1.3.0/src/file.h 2010-05-16 19:31:33.000000000 +0200
-+++ CSSC-1.3.0/src/file.h 2014-02-03 21:48:30.000000000 +0100
-@@ -30,6 +30,7 @@
- #ifndef CSSC__FILE_H__
- #define CSSC__FILE_H__
-
-+#include <sys/types.h>
- #include "filelock.h"
-
- enum create_mode {
diff --git a/gnu/packages/patches/fcgi-2.4.0-gcc44-fixes.patch b/gnu/packages/patches/fcgi-2.4.0-gcc44-fixes.patch
new file mode 100644
index 0000000000..0f921b120b
--- /dev/null
+++ b/gnu/packages/patches/fcgi-2.4.0-gcc44-fixes.patch
@@ -0,0 +1,14 @@
+Taken from http://pkgs.fedoraproject.org/cgit/rpms/fcgi.git/plain/fcgi-2.4.0-gcc44_fixes.patch.
+Fixes compilation with GCC 4.4 and later.
+
+diff -up fcgi-2.4.0/libfcgi/fcgio.cpp.gcc44_fixes fcgi-2.4.0/libfcgi/fcgio.cpp
+--- fcgi-2.4.0/libfcgi/fcgio.cpp.gcc44_fixes 2002-02-24 21:12:22.000000000 +0100
++++ fcgi-2.4.0/libfcgi/fcgio.cpp 2009-02-15 11:35:18.000000000 +0100
+@@ -23,6 +23,7 @@
+ #endif
+
+ #include <limits.h>
++#include <cstdio>
+ #include "fcgio.h"
+
+ using std::streambuf;
diff --git a/gnu/packages/patches/fcgi-2.4.0-poll.patch b/gnu/packages/patches/fcgi-2.4.0-poll.patch
new file mode 100644
index 0000000000..73be6a0a08
--- /dev/null
+++ b/gnu/packages/patches/fcgi-2.4.0-poll.patch
@@ -0,0 +1,89 @@
+Taken from http://pkgs.fedoraproject.org/cgit/rpms/fcgi.git/plain/fcgi-2.4.0-poll.patch
+Fixes CVE-2012-6687.
+
+Author: Anton Kortunov <toshic.toshic@gmail.com>
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/933417
+Description: use poll in os_unix.c instead of select to avoid problem with > 1024 connections
+Forwarded: yes, fastcgi-developers@mailman.fastcgi.com
+
+diff --git a/libfcgi/os_unix.c b/libfcgi/os_unix.c
+index 73e6a7f..af35aee 100755
+--- a/libfcgi/os_unix.c
++++ b/libfcgi/os_unix.c
+@@ -42,6 +42,7 @@ static const char rcsid[] = "$Id: os_unix.c,v 1.37 2002/03/05 19:14:49 robs Exp
+ #include <sys/time.h>
+ #include <sys/un.h>
+ #include <signal.h>
++#include <poll.h>
+
+ #ifdef HAVE_NETDB_H
+ #include <netdb.h>
+@@ -103,6 +104,9 @@ static int volatile maxFd = -1;
+ static int shutdownPending = FALSE;
+ static int shutdownNow = FALSE;
+
++static int libfcgiOsClosePollTimeout = 2000;
++static int libfcgiIsAfUnixKeeperPollTimeout = 2000;
++
+ void OS_ShutdownPending()
+ {
+ shutdownPending = TRUE;
+@@ -168,6 +172,16 @@ int OS_LibInit(int stdioFds[3])
+ if(libInitialized)
+ return 0;
+
++ char *libfcgiOsClosePollTimeoutStr = getenv( "LIBFCGI_OS_CLOSE_POLL_TIMEOUT" );
++ if(libfcgiOsClosePollTimeoutStr) {
++ libfcgiOsClosePollTimeout = atoi(libfcgiOsClosePollTimeoutStr);
++ }
++
++ char *libfcgiIsAfUnixKeeperPollTimeoutStr = getenv( "LIBFCGI_IS_AF_UNIX_KEEPER_POLL_TIMEOUT" );
++ if(libfcgiIsAfUnixKeeperPollTimeoutStr) {
++ libfcgiIsAfUnixKeeperPollTimeout = atoi(libfcgiIsAfUnixKeeperPollTimeoutStr);
++ }
++
+ asyncIoTable = (AioInfo *)malloc(asyncIoTableSize * sizeof(AioInfo));
+ if(asyncIoTable == NULL) {
+ errno = ENOMEM;
+@@ -755,19 +769,16 @@ int OS_Close(int fd)
+
+ if (shutdown(fd, 1) == 0)
+ {
+- struct timeval tv;
+- fd_set rfds;
++ struct pollfd pfd;
+ int rv;
+ char trash[1024];
+
+- FD_ZERO(&rfds);
++ pfd.fd = fd;
++ pfd.events = POLLIN;
+
+ do
+ {
+- FD_SET(fd, &rfds);
+- tv.tv_sec = 2;
+- tv.tv_usec = 0;
+- rv = select(fd + 1, &rfds, NULL, NULL, &tv);
++ rv = poll(&pfd, 1, libfcgiOsClosePollTimeout);
+ }
+ while (rv > 0 && read(fd, trash, sizeof(trash)) > 0);
+ }
+@@ -1116,13 +1127,11 @@ static int is_reasonable_accept_errno (const int error)
+ */
+ static int is_af_unix_keeper(const int fd)
+ {
+- struct timeval tval = { READABLE_UNIX_FD_DROP_DEAD_TIMEVAL };
+- fd_set read_fds;
+-
+- FD_ZERO(&read_fds);
+- FD_SET(fd, &read_fds);
++ struct pollfd pfd;
++ pfd.fd = fd;
++ pfd.events = POLLIN;
+
+- return select(fd + 1, &read_fds, NULL, NULL, &tval) >= 0 && FD_ISSET(fd, &read_fds);
++ return poll(&pfd, 1, libfcgiIsAfUnixKeeperPollTimeout) >= 0 && (pfd.revents & POLLIN);
+ }
+
+ /*
diff --git a/gnu/packages/patches/gcc-4.9.3-mingw-gthr-default.patch b/gnu/packages/patches/gcc-4.9.3-mingw-gthr-default.patch
new file mode 100644
index 0000000000..0ea008a7cb
--- /dev/null
+++ b/gnu/packages/patches/gcc-4.9.3-mingw-gthr-default.patch
@@ -0,0 +1,11 @@
+--- a/libgcc/config/i386/gthr-win32.h 2016-03-30 07:45:33.388684463 +0200
++++ b/libgcc/config/i386/gthr-win32.h 2016-03-30 15:51:24.123896436 +0200
+@@ -30,7 +30,7 @@
+
+ /* Make sure CONST_CAST2 (origin in system.h) is declared. */
+ #ifndef CONST_CAST2
+-#define CONST_CAST2(TOTYPE,FROMTYPE,X) ((__extension__(union {FROMTYPE _q; TOTYPE _nq;})(X))._nq)
++#define CONST_CAST2(TOTYPE,FROMTYPE,X) ((TOTYPE)X)
+ #endif
+
+ /* Windows32 threads specific definitions. The windows32 threading model
diff --git a/gnu/packages/patches/gcj-arm-mode.patch b/gnu/packages/patches/gcj-arm-mode.patch
new file mode 100644
index 0000000000..a3f999f7e9
--- /dev/null
+++ b/gnu/packages/patches/gcj-arm-mode.patch
@@ -0,0 +1,36 @@
+Taken from
+https://sources.debian.net/data/main/g/gcc-4.9/4.9.2-10/debian/patches/gcj-arm-mode.diff
+
+# DP: For armhf, force arm mode instead of thumb mode
+
+--- a/libjava/configure.host
++++ b/libjava/configure.host
+@@ -66,6 +66,9 @@
+ ;;
+ esac
+
++# on armhf force arm mode
++libgcj_flags="${libgcj_flags} -marm"
++
+ AM_RUNTESTFLAGS=
+
+ # Set any host dependent compiler flags.
+--- a/gcc/java/lang-specs.h
++++ b/gcc/java/lang-specs.h
+@@ -47,7 +47,7 @@
+ %{.class|.zip|.jar|!fsyntax-only:jc1 \
+ %{.java|fsaw-java-file:%U.jar -fsource-filename=%i %<ffilelist-file} \
+ %{.class|.zip|.jar|ffilelist-file|fcompile-resource*:%i} \
+- %(jc1) %(cc1_options) %{I*} %{!findirect-dispatch:-faux-classpath %U.zip} \
++ %(jc1) %(cc1_options) -marm %{I*} %{!findirect-dispatch:-faux-classpath %U.zip} \
+ %{MD:-MD_} %{MMD:-MMD_} %{M} %{MM} %{MA} %{MT*} %{MF*}\
+ %(invoke_as)}",
+ 0, 0, 0},
+--- a/libjava/libgcj.spec.in
++++ b/libjava/libgcj.spec.in
+@@ -9,4 +9,4 @@
+ %rename lib liborig
+ *lib: @LD_START_STATIC_SPEC@ @LIBGCJ_SPEC@ @LD_FINISH_STATIC_SPEC@ @LIBMATHSPEC@ @LDLIBICONV@ @GCSPEC@ @THREADSPEC@ @ZLIBSPEC@ @SYSTEMSPEC@ %(libgcc) @LIBSTDCXXSPEC@ %(liborig)
+
+-*jc1: @HASH_SYNC_SPEC@ @DIVIDESPEC@ @CHECKREFSPEC@ @JC1GCSPEC@ @EXCEPTIONSPEC@ @BACKTRACESPEC@ @IEEESPEC@ @ATOMICSPEC@ @LIBGCJ_BC_SPEC@ -fkeep-inline-functions
++*jc1: @HASH_SYNC_SPEC@ @DIVIDESPEC@ @CHECKREFSPEC@ @JC1GCSPEC@ @EXCEPTIONSPEC@ @BACKTRACESPEC@ @IEEESPEC@ @ATOMICSPEC@ @LIBGCJ_BC_SPEC@ -fkeep-inline-functions -marm
diff --git a/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch b/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch
new file mode 100644
index 0000000000..79bb41caaa
--- /dev/null
+++ b/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch
@@ -0,0 +1,40 @@
+This fixes a segfault on 32-bit architectures. Upstream discussion:
+
+https://lists.gnupg.org/pipermail/gnupg-devel/2016-December/032364.html
+
+Guix thread: https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00631.html
+
+Patch copied from upstream source repository:
+
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=6e96cdd41a0e55b672309431062f37c4a4a9f485
+
+From 6e96cdd41a0e55b672309431062f37c4a4a9f485 Mon Sep 17 00:00:00 2001
+From: Justus Winter <justus@g10code.com>
+Date: Wed, 21 Dec 2016 16:14:45 +0100
+Subject: [PATCH] gpgscm: Guard use of union member.
+
+* tests/gpgscm/scheme.c (opexe_5): Check that we have a file port
+before accessing filename. Fixes a crash on 32-bit architectures.
+
+Fixes-commit: e7429b1ced0c69fa7901f888f8dc25f00fc346a4
+Signed-off-by: Justus Winter <justus@g10code.com>
+---
+ tests/gpgscm/scheme.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c
+index a5b7691..2844545 100644
+--- a/tests/gpgscm/scheme.c
++++ b/tests/gpgscm/scheme.c
+@@ -4838,7 +4838,7 @@ static pointer opexe_5(scheme *sc, enum scheme_opcodes op) {
+ } else {
+ sc->nesting_stack[sc->file_i]++;
+ #if USE_TAGS && SHOW_ERROR_LINE
+- {
++ if (sc->load_stack[sc->file_i].kind & port_file) {
+ const char *filename =
+ sc->load_stack[sc->file_i].rep.stdio.filename;
+ int lineno =
+--
+2.8.0.rc3
+
diff --git a/gnu/packages/patches/gst-plugins-good-fix-crashes.patch b/gnu/packages/patches/gst-plugins-good-fix-crashes.patch
deleted file mode 100644
index c36a595608..0000000000
--- a/gnu/packages/patches/gst-plugins-good-fix-crashes.patch
+++ /dev/null
@@ -1,1047 +0,0 @@
-Fixes upstream bug #774859 (flic decoder: Invalid memory read in
-flx_decode_chunks):
-
-https://bugzilla.gnome.org/show_bug.cgi?id=774859
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=be670f0daf67304fb92c76aa09c30cae0bfd1fe4
-
-From be670f0daf67304fb92c76aa09c30cae0bfd1fe4 Mon Sep 17 00:00:00 2001
-From: Matthew Waters <matthew@centricular.com>
-Date: Wed, 23 Nov 2016 07:09:06 +1100
-Subject: [PATCH] flxdec: rewrite logic based on GstByteReader/Writer
-
-Solves overreading/writing the given arrays and will error out if the
-streams asks to do that.
-
-Also does more error checking that the stream is valid and won't
-overrun any allocated arrays. Also mitigate integer overflow errors
-calculating allocation sizes.
-
-https://bugzilla.gnome.org/show_bug.cgi?id=774859
----
- gst/flx/flx_color.c | 1 -
- gst/flx/flx_fmt.h | 72 -------
- gst/flx/gstflxdec.c | 610 ++++++++++++++++++++++++++++++++++++----------------
- gst/flx/gstflxdec.h | 4 +-
- 4 files changed, 427 insertions(+), 260 deletions(-)
-
-diff --git a/gst/flx/flx_color.c b/gst/flx/flx_color.c
-index 047bfdf..3a58135 100644
---- a/gst/flx/flx_color.c
-+++ b/gst/flx/flx_color.c
-@@ -101,7 +101,6 @@ flx_set_palette_vector (FlxColorSpaceConverter * flxpal, guint start, guint num,
- } else {
- memcpy (&flxpal->palvec[start * 3], newpal, grab * 3);
- }
--
- }
-
- void
-diff --git a/gst/flx/flx_fmt.h b/gst/flx/flx_fmt.h
-index 9ab31ba..abff200 100644
---- a/gst/flx/flx_fmt.h
-+++ b/gst/flx/flx_fmt.h
-@@ -123,78 +123,6 @@ typedef struct _FlxFrameType
- } FlxFrameType;
- #define FlxFrameTypeSize 10
-
--#if G_BYTE_ORDER == G_BIG_ENDIAN
--#define LE_TO_BE_16(i16) ((guint16) (((i16) << 8) | ((i16) >> 8)))
--#define LE_TO_BE_32(i32) \
-- (((guint32) (LE_TO_BE_16((guint16) (i32))) << 16) | (LE_TO_BE_16((i32) >> 16)))
--
--#define FLX_FRAME_TYPE_FIX_ENDIANNESS(frm_type_p) \
-- do { \
-- (frm_type_p)->chunks = LE_TO_BE_16((frm_type_p)->chunks); \
-- (frm_type_p)->delay = LE_TO_BE_16((frm_type_p)->delay); \
-- } while(0)
--
--#define FLX_HUFFMAN_TABLE_FIX_ENDIANNESS(hffmn_table_p) \
-- do { \
-- (hffmn_table_p)->codelength = \
-- LE_TO_BE_16((hffmn_table_p)->codelength); \
-- (hffmn_table_p)->numcodes = LE_TO_BE_16((hffmn_table_p)->numcodes); \
-- } while(0)
--
--#define FLX_SEGMENT_TABLE_FIX_ENDIANNESS(sgmnt_table_p) \
-- ((sgmnt_table_p)->segments = LE_TO_BE_16((sgmnt_table_p)->segments))
--
--#define FLX_PREFIX_CHUNK_FIX_ENDIANNESS(prfx_chnk_p) \
-- do { \
-- (prfx_chnk_p)->chunks = LE_TO_BE_16((prfx_chnk_p)->chunks); \
-- } while(0)
--
--#define FLX_FRAME_CHUNK_FIX_ENDIANNESS(frm_chnk_p) \
-- do { \
-- (frm_chnk_p)->size = LE_TO_BE_32((frm_chnk_p)->size); \
-- (frm_chnk_p)->id = LE_TO_BE_16((frm_chnk_p)->id); \
-- } while(0)
--
--#define FLX_HDR_FIX_ENDIANNESS(hdr_p) \
-- do { \
-- (hdr_p)->size = LE_TO_BE_32((hdr_p)->size); \
-- (hdr_p)->type = LE_TO_BE_16((hdr_p)->type); \
-- (hdr_p)->frames = LE_TO_BE_16((hdr_p)->frames); \
-- (hdr_p)->width = LE_TO_BE_16((hdr_p)->width); \
-- (hdr_p)->height = LE_TO_BE_16((hdr_p)->height); \
-- (hdr_p)->depth = LE_TO_BE_16((hdr_p)->depth); \
-- (hdr_p)->flags = LE_TO_BE_16((hdr_p)->flags); \
-- (hdr_p)->speed = LE_TO_BE_32((hdr_p)->speed); \
-- (hdr_p)->reserved1 = LE_TO_BE_16((hdr_p)->reserved1); \
-- (hdr_p)->created = LE_TO_BE_32((hdr_p)->created); \
-- (hdr_p)->creator = LE_TO_BE_32((hdr_p)->creator); \
-- (hdr_p)->updated = LE_TO_BE_32((hdr_p)->updated); \
-- (hdr_p)->updater = LE_TO_BE_32((hdr_p)->updater); \
-- (hdr_p)->aspect_dx = LE_TO_BE_16((hdr_p)->aspect_dx); \
-- (hdr_p)->aspect_dy = LE_TO_BE_16((hdr_p)->aspect_dy); \
-- (hdr_p)->ext_flags = LE_TO_BE_16((hdr_p)->ext_flags); \
-- (hdr_p)->keyframes = LE_TO_BE_16((hdr_p)->keyframes); \
-- (hdr_p)->totalframes = LE_TO_BE_16((hdr_p)->totalframes); \
-- (hdr_p)->req_memory = LE_TO_BE_32((hdr_p)->req_memory); \
-- (hdr_p)->max_regions = LE_TO_BE_16((hdr_p)->max_regions); \
-- (hdr_p)->transp_num = LE_TO_BE_16((hdr_p)->transp_num); \
-- (hdr_p)->oframe1 = LE_TO_BE_32((hdr_p)->oframe1); \
-- (hdr_p)->oframe2 = LE_TO_BE_32((hdr_p)->oframe2); \
-- } while(0)
--#else
--
--#define LE_TO_BE_16(i16) ((i16))
--#define LE_TO_BE_32(i32) ((i32))
--
--#define FLX_FRAME_TYPE_FIX_ENDIANNESS(frm_type_p)
--#define FLX_HUFFMAN_TABLE_FIX_ENDIANNESS(hffmn_table_p)
--#define FLX_SEGMENT_TABLE_FIX_ENDIANNESS(sgmnt_table_p)
--#define FLX_PREFIX_CHUNK_FIX_ENDIANNESS(prfx_chnk_p)
--#define FLX_FRAME_CHUNK_FIX_ENDIANNESS(frm_chnk_p)
--#define FLX_HDR_FIX_ENDIANNESS(hdr_p)
--
--#endif /* G_BYTE_ORDER == G_BIG_ENDIAN */
--
- G_END_DECLS
-
- #endif /* __GST_FLX_FMT_H__ */
-diff --git a/gst/flx/gstflxdec.c b/gst/flx/gstflxdec.c
-index a237976..aa1bed5 100644
---- a/gst/flx/gstflxdec.c
-+++ b/gst/flx/gstflxdec.c
-@@ -1,5 +1,6 @@
- /* GStreamer
- * Copyright (C) <1999> Erik Walthinsen <omega@temple-baptist.com>
-+ * Copyright (C) <2016> Matthew Waters <matthew@centricular.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Library General Public
-@@ -24,6 +25,7 @@
- /*
- * http://www.coolutils.com/Formats/FLI
- * http://woodshole.er.usgs.gov/operations/modeling/flc.html
-+ * http://www.compuphase.com/flic.htm
- */
-
- #ifdef HAVE_CONFIG_H
-@@ -73,10 +75,14 @@ static GstStateChangeReturn gst_flxdec_change_state (GstElement * element,
- static gboolean gst_flxdec_src_query_handler (GstPad * pad, GstObject * parent,
- GstQuery * query);
-
--static void flx_decode_color (GstFlxDec *, guchar *, guchar *, gint);
--static gboolean flx_decode_brun (GstFlxDec *, guchar *, guchar *);
--static gboolean flx_decode_delta_fli (GstFlxDec *, guchar *, guchar *);
--static gboolean flx_decode_delta_flc (GstFlxDec *, guchar *, guchar *);
-+static gboolean flx_decode_color (GstFlxDec * flxdec, GstByteReader * reader,
-+ GstByteWriter * writer, gint scale);
-+static gboolean flx_decode_brun (GstFlxDec * flxdec,
-+ GstByteReader * reader, GstByteWriter * writer);
-+static gboolean flx_decode_delta_fli (GstFlxDec * flxdec,
-+ GstByteReader * reader, GstByteWriter * writer);
-+static gboolean flx_decode_delta_flc (GstFlxDec * flxdec,
-+ GstByteReader * reader, GstByteWriter * writer);
-
- #define rndalign(off) ((off) + ((off) & 1))
-
-@@ -204,57 +210,59 @@ gst_flxdec_sink_event_handler (GstPad * pad, GstObject * parent,
- }
-
- static gboolean
--flx_decode_chunks (GstFlxDec * flxdec, gulong count, guchar * data,
-- guchar * dest)
-+flx_decode_chunks (GstFlxDec * flxdec, gulong n_chunks, GstByteReader * reader,
-+ GstByteWriter * writer)
- {
-- FlxFrameChunk *hdr;
- gboolean ret = TRUE;
-
-- g_return_val_if_fail (data != NULL, FALSE);
--
-- while (count--) {
-- hdr = (FlxFrameChunk *) data;
-- FLX_FRAME_CHUNK_FIX_ENDIANNESS (hdr);
-- data += FlxFrameChunkSize;
-+ while (n_chunks--) {
-+ GstByteReader chunk;
-+ guint32 size;
-+ guint16 type;
-+
-+ if (!gst_byte_reader_get_uint32_le (reader, &size))
-+ goto parse_error;
-+ if (!gst_byte_reader_get_uint16_le (reader, &type))
-+ goto parse_error;
-+ GST_LOG_OBJECT (flxdec, "chunk has type 0x%02x size %d", type, size);
-+
-+ if (!gst_byte_reader_get_sub_reader (reader, &chunk,
-+ size - FlxFrameChunkSize)) {
-+ GST_ERROR_OBJECT (flxdec, "Incorrect size in the chunk header");
-+ goto error;
-+ }
-
-- switch (hdr->id) {
-+ switch (type) {
- case FLX_COLOR64:
-- flx_decode_color (flxdec, data, dest, 2);
-- data += rndalign (hdr->size) - FlxFrameChunkSize;
-+ ret = flx_decode_color (flxdec, &chunk, writer, 2);
- break;
-
- case FLX_COLOR256:
-- flx_decode_color (flxdec, data, dest, 0);
-- data += rndalign (hdr->size) - FlxFrameChunkSize;
-+ ret = flx_decode_color (flxdec, &chunk, writer, 0);
- break;
-
- case FLX_BRUN:
-- ret = flx_decode_brun (flxdec, data, dest);
-- data += rndalign (hdr->size) - FlxFrameChunkSize;
-+ ret = flx_decode_brun (flxdec, &chunk, writer);
- break;
-
- case FLX_LC:
-- ret = flx_decode_delta_fli (flxdec, data, dest);
-- data += rndalign (hdr->size) - FlxFrameChunkSize;
-+ ret = flx_decode_delta_fli (flxdec, &chunk, writer);
- break;
-
- case FLX_SS2:
-- ret = flx_decode_delta_flc (flxdec, data, dest);
-- data += rndalign (hdr->size) - FlxFrameChunkSize;
-+ ret = flx_decode_delta_flc (flxdec, &chunk, writer);
- break;
-
- case FLX_BLACK:
-- memset (dest, 0, flxdec->size);
-+ ret = gst_byte_writer_fill (writer, 0, flxdec->size);
- break;
-
- case FLX_MINI:
-- data += rndalign (hdr->size) - FlxFrameChunkSize;
- break;
-
- default:
-- GST_WARNING ("Unimplented chunk type: 0x%02x size: %d - skipping",
-- hdr->id, hdr->size);
-- data += rndalign (hdr->size) - FlxFrameChunkSize;
-+ GST_WARNING ("Unimplemented chunk type: 0x%02x size: %d - skipping",
-+ type, size);
- break;
- }
-
-@@ -263,43 +271,60 @@ flx_decode_chunks (GstFlxDec * flxdec, gulong count, guchar * data,
- }
-
- return ret;
-+
-+parse_error:
-+ GST_ERROR_OBJECT (flxdec, "Failed to decode chunk");
-+error:
-+ return FALSE;
- }
-
-
--static void
--flx_decode_color (GstFlxDec * flxdec, guchar * data, guchar * dest, gint scale)
-+static gboolean
-+flx_decode_color (GstFlxDec * flxdec, GstByteReader * reader,
-+ GstByteWriter * writer, gint scale)
- {
-- guint packs, count, indx;
-+ guint8 count, indx;
-+ guint16 packs;
-
-- g_return_if_fail (flxdec != NULL);
--
-- packs = (data[0] + (data[1] << 8));
--
-- data += 2;
-+ if (!gst_byte_reader_get_uint16_le (reader, &packs))
-+ goto error;
- indx = 0;
-
-- GST_LOG ("GstFlxDec: cmap packs: %d", packs);
-+ GST_LOG ("GstFlxDec: cmap packs: %d", (guint) packs);
- while (packs--) {
-+ const guint8 *data;
-+ guint16 actual_count;
-+
- /* color map index + skip count */
-- indx += *data++;
-+ if (!gst_byte_reader_get_uint8 (reader, &indx))
-+ goto error;
-
- /* number of rgb triplets */
-- count = *data++ & 0xff;
-- if (count == 0)
-- count = 256;
-+ if (!gst_byte_reader_get_uint8 (reader, &count))
-+ goto error;
-
-- GST_LOG ("GstFlxDec: cmap count: %d (indx: %d)", count, indx);
-- flx_set_palette_vector (flxdec->converter, indx, count, data, scale);
-+ actual_count = count == 0 ? 256 : count;
-
-- data += (count * 3);
-+ if (!gst_byte_reader_get_data (reader, count * 3, &data))
-+ goto error;
-+
-+ GST_LOG_OBJECT (flxdec, "cmap count: %d (indx: %d)", actual_count, indx);
-+ flx_set_palette_vector (flxdec->converter, indx, actual_count,
-+ (guchar *) data, scale);
- }
-+
-+ return TRUE;
-+
-+error:
-+ GST_ERROR_OBJECT (flxdec, "Error decoding color palette");
-+ return FALSE;
- }
-
- static gboolean
--flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest)
-+flx_decode_brun (GstFlxDec * flxdec, GstByteReader * reader,
-+ GstByteWriter * writer)
- {
-- gulong count, lines, row;
-- guchar x;
-+ gulong lines, row;
-
- g_return_val_if_fail (flxdec != NULL, FALSE);
-
-@@ -310,82 +335,125 @@ flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest)
- * contain more then 255 RLE packets. we use the frame
- * width instead.
- */
-- data++;
-+ if (!gst_byte_reader_skip (reader, 1))
-+ goto error;
-
- row = flxdec->hdr.width;
- while (row) {
-- count = *data++;
-+ gint8 count;
-+
-+ if (!gst_byte_reader_get_int8 (reader, &count))
-+ goto error;
-+
-+ if (count <= 0) {
-+ const guint8 *data;
-
-- if (count > 0x7f) {
- /* literal run */
-- count = 0x100 - count;
-- if ((glong) row - (glong) count < 0) {
-- GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected.");
-+ count = ABS (count);
-+
-+ GST_LOG_OBJECT (flxdec, "have literal run of size %d", count);
-+
-+ if (count > row) {
-+ GST_ERROR_OBJECT (flxdec, "Invalid BRUN line detected. "
-+ "bytes to write exceeds the end of the row");
- return FALSE;
- }
- row -= count;
-
-- while (count--)
-- *dest++ = *data++;
--
-+ if (!gst_byte_reader_get_data (reader, count, &data))
-+ goto error;
-+ if (!gst_byte_writer_put_data (writer, data, count))
-+ goto error;
- } else {
-- if ((glong) row - (glong) count < 0) {
-- GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected.");
-+ guint8 x;
-+
-+ GST_LOG_OBJECT (flxdec, "have replicate run of size %d", count);
-+
-+ if (count > row) {
-+ GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected."
-+ "bytes to write exceeds the end of the row");
- return FALSE;
- }
-
- /* replicate run */
- row -= count;
-- x = *data++;
-
-- while (count--)
-- *dest++ = x;
-+ if (!gst_byte_reader_get_uint8 (reader, &x))
-+ goto error;
-+ if (!gst_byte_writer_fill (writer, x, count))
-+ goto error;
- }
- }
- }
-
- return TRUE;
-+
-+error:
-+ GST_ERROR_OBJECT (flxdec, "Failed to decode BRUN packet");
-+ return FALSE;
- }
-
- static gboolean
--flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest)
-+flx_decode_delta_fli (GstFlxDec * flxdec, GstByteReader * reader,
-+ GstByteWriter * writer)
- {
-- gulong count, packets, lines, start_line;
-- guchar *start_p, x;
-+ guint16 start_line, lines;
-+ guint line_start_i;
-
- g_return_val_if_fail (flxdec != NULL, FALSE);
- g_return_val_if_fail (flxdec->delta_data != NULL, FALSE);
-
- /* use last frame for delta */
-- memcpy (dest, flxdec->delta_data, flxdec->size);
-+ if (!gst_byte_writer_put_data (writer, flxdec->delta_data, flxdec->size))
-+ goto error;
-+
-+ if (!gst_byte_reader_get_uint16_le (reader, &start_line))
-+ goto error;
-+ if (!gst_byte_reader_get_uint16_le (reader, &lines))
-+ goto error;
-+ GST_LOG_OBJECT (flxdec, "height %d start line %d line count %d",
-+ flxdec->hdr.height, start_line, lines);
-
-- start_line = (data[0] + (data[1] << 8));
-- lines = (data[2] + (data[3] << 8));
- if (start_line + lines > flxdec->hdr.height) {
- GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. too many lines.");
- return FALSE;
- }
-- data += 4;
-
-- /* start position of delta */
-- dest += (flxdec->hdr.width * start_line);
-- start_p = dest;
-+ line_start_i = flxdec->hdr.width * start_line;
-+ if (!gst_byte_writer_set_pos (writer, line_start_i))
-+ goto error;
-
- while (lines--) {
-+ guint8 packets;
-+
- /* packet count */
-- packets = *data++;
-+ if (!gst_byte_reader_get_uint8 (reader, &packets))
-+ goto error;
-+ GST_LOG_OBJECT (flxdec, "have %d packets", packets);
-
- while (packets--) {
- /* skip count */
-- guchar skip = *data++;
-- dest += skip;
-+ guint8 skip;
-+ gint8 count;
-+ if (!gst_byte_reader_get_uint8 (reader, &skip))
-+ goto error;
-+
-+ /* skip bytes */
-+ if (!gst_byte_writer_set_pos (writer,
-+ gst_byte_writer_get_pos (writer) + skip))
-+ goto error;
-
- /* RLE count */
-- count = *data++;
-+ if (!gst_byte_reader_get_int8 (reader, &count))
-+ goto error;
-+
-+ if (count < 0) {
-+ guint8 x;
-
-- if (count > 0x7f) {
- /* literal run */
-- count = 0x100 - count;
-+ count = ABS (count);
-+ GST_LOG_OBJECT (flxdec, "have literal run of size %d at offset %d",
-+ count, skip);
-
- if (skip + count > flxdec->hdr.width) {
- GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. "
-@@ -393,11 +461,16 @@ flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest)
- return FALSE;
- }
-
-- x = *data++;
-- while (count--)
-- *dest++ = x;
--
-+ if (!gst_byte_reader_get_uint8 (reader, &x))
-+ goto error;
-+ if (!gst_byte_writer_fill (writer, x, count))
-+ goto error;
- } else {
-+ const guint8 *data;
-+
-+ GST_LOG_OBJECT (flxdec, "have replicate run of size %d at offset %d",
-+ count, skip);
-+
- if (skip + count > flxdec->hdr.width) {
- GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. "
- "line too long.");
-@@ -405,45 +478,60 @@ flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest)
- }
-
- /* replicate run */
-- while (count--)
-- *dest++ = *data++;
-+ if (!gst_byte_reader_get_data (reader, count, &data))
-+ goto error;
-+ if (!gst_byte_writer_put_data (writer, data, count))
-+ goto error;
- }
- }
-- start_p += flxdec->hdr.width;
-- dest = start_p;
-+ line_start_i += flxdec->hdr.width;
-+ if (!gst_byte_writer_set_pos (writer, line_start_i))
-+ goto error;
- }
-
- return TRUE;
-+
-+error:
-+ GST_ERROR_OBJECT (flxdec, "Failed to decode FLI packet");
-+ return FALSE;
- }
-
- static gboolean
--flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest)
-+flx_decode_delta_flc (GstFlxDec * flxdec, GstByteReader * reader,
-+ GstByteWriter * writer)
- {
-- gulong count, lines, start_l, opcode;
-- guchar *start_p;
-+ guint16 lines, start_l;
-
- g_return_val_if_fail (flxdec != NULL, FALSE);
- g_return_val_if_fail (flxdec->delta_data != NULL, FALSE);
-
- /* use last frame for delta */
-- memcpy (dest, flxdec->delta_data, flxdec->size);
-+ if (!gst_byte_writer_put_data (writer, flxdec->delta_data, flxdec->size))
-+ goto error;
-+ if (!gst_byte_reader_get_uint16_le (reader, &lines))
-+ goto error;
-
-- lines = (data[0] + (data[1] << 8));
- if (lines > flxdec->hdr.height) {
- GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. too many lines.");
- return FALSE;
- }
-- data += 2;
-
-- start_p = dest;
- start_l = lines;
-
- while (lines) {
-- dest = start_p + (flxdec->hdr.width * (start_l - lines));
-+ guint16 opcode;
-+
-+ if (!gst_byte_writer_set_pos (writer,
-+ flxdec->hdr.width * (start_l - lines)))
-+ goto error;
-
- /* process opcode(s) */
-- while ((opcode = (data[0] + (data[1] << 8))) & 0xc000) {
-- data += 2;
-+ while (TRUE) {
-+ if (!gst_byte_reader_get_uint16_le (reader, &opcode))
-+ goto error;
-+ if ((opcode & 0xc000) == 0)
-+ break;
-+
- if ((opcode & 0xc000) == 0xc000) {
- /* line skip count */
- gulong skip = (0x10000 - opcode);
-@@ -453,27 +541,44 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest)
- return FALSE;
- }
- start_l += skip;
-- dest += flxdec->hdr.width * skip;
-+ if (!gst_byte_writer_set_pos (writer,
-+ gst_byte_writer_get_pos (writer) + flxdec->hdr.width * skip))
-+ goto error;
- } else {
- /* last pixel */
-- dest += flxdec->hdr.width;
-- *dest++ = (opcode & 0xff);
-+ if (!gst_byte_writer_set_pos (writer,
-+ gst_byte_writer_get_pos (writer) + flxdec->hdr.width))
-+ goto error;
-+ if (!gst_byte_writer_put_uint8 (writer, opcode & 0xff))
-+ goto error;
- }
- }
-- data += 2;
-
- /* last opcode is the packet count */
-+ GST_LOG_OBJECT (flxdec, "have %d packets", opcode);
- while (opcode--) {
- /* skip count */
-- guchar skip = *data++;
-- dest += skip;
-+ guint8 skip;
-+ gint8 count;
-+
-+ if (!gst_byte_reader_get_uint8 (reader, &skip))
-+ goto error;
-+ if (!gst_byte_writer_set_pos (writer,
-+ gst_byte_writer_get_pos (writer) + skip))
-+ goto error;
-
- /* RLE count */
-- count = *data++;
-+ if (!gst_byte_reader_get_int8 (reader, &count))
-+ goto error;
-+
-+ if (count < 0) {
-+ guint16 x;
-
-- if (count > 0x7f) {
- /* replicate word run */
-- count = 0x100 - count;
-+ count = ABS (count);
-+
-+ GST_LOG_OBJECT (flxdec, "have replicate run of size %d at offset %d",
-+ count, skip);
-
- if (skip + count > flxdec->hdr.width) {
- GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. "
-@@ -481,22 +586,31 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest)
- return FALSE;
- }
-
-+ if (!gst_byte_reader_get_uint16_le (reader, &x))
-+ goto error;
-+
- while (count--) {
-- *dest++ = data[0];
-- *dest++ = data[1];
-+ if (!gst_byte_writer_put_uint16_le (writer, x)) {
-+ goto error;
-+ }
- }
-- data += 2;
- } else {
-+ GST_LOG_OBJECT (flxdec, "have literal run of size %d at offset %d",
-+ count, skip);
-+
- if (skip + count > flxdec->hdr.width) {
- GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. "
- "line too long.");
- return FALSE;
- }
-
-- /* literal word run */
- while (count--) {
-- *dest++ = *data++;
-- *dest++ = *data++;
-+ guint16 x;
-+
-+ if (!gst_byte_reader_get_uint16_le (reader, &x))
-+ goto error;
-+ if (!gst_byte_writer_put_uint16_le (writer, x))
-+ goto error;
- }
- }
- }
-@@ -504,13 +618,91 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest)
- }
-
- return TRUE;
-+
-+error:
-+ GST_ERROR_OBJECT (flxdec, "Failed to decode FLI packet");
-+ return FALSE;
-+}
-+
-+static gboolean
-+_read_flx_header (GstFlxDec * flxdec, GstByteReader * reader, FlxHeader * flxh)
-+{
-+ memset (flxh, 0, sizeof (*flxh));
-+
-+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->size))
-+ goto error;
-+ if (flxh->size < FlxHeaderSize) {
-+ GST_ERROR_OBJECT (flxdec, "Invalid file size in the header");
-+ return FALSE;
-+ }
-+
-+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->type))
-+ goto error;
-+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->frames))
-+ goto error;
-+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->width))
-+ goto error;
-+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->height))
-+ goto error;
-+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->depth))
-+ goto error;
-+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->flags))
-+ goto error;
-+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->speed))
-+ goto error;
-+ if (!gst_byte_reader_skip (reader, 2)) /* reserved */
-+ goto error;
-+ /* FLC */
-+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->created))
-+ goto error;
-+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->creator))
-+ goto error;
-+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->updated))
-+ goto error;
-+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->updater))
-+ goto error;
-+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->aspect_dx))
-+ goto error;
-+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->aspect_dy))
-+ goto error;
-+ /* EGI */
-+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->ext_flags))
-+ goto error;
-+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->keyframes))
-+ goto error;
-+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->totalframes))
-+ goto error;
-+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->req_memory))
-+ goto error;
-+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->max_regions))
-+ goto error;
-+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->transp_num))
-+ goto error;
-+ if (!gst_byte_reader_skip (reader, 24)) /* reserved */
-+ goto error;
-+ /* FLC */
-+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->oframe1))
-+ goto error;
-+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->oframe2))
-+ goto error;
-+ if (!gst_byte_reader_skip (reader, 40)) /* reserved */
-+ goto error;
-+
-+ return TRUE;
-+
-+error:
-+ GST_ERROR_OBJECT (flxdec, "Error reading file header");
-+ return FALSE;
- }
-
- static GstFlowReturn
- gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf)
- {
-+ GstByteReader reader;
-+ GstBuffer *input;
-+ GstMapInfo map_info;
- GstCaps *caps;
-- guint avail;
-+ guint available;
- GstFlowReturn res = GST_FLOW_OK;
-
- GstFlxDec *flxdec;
-@@ -521,31 +713,50 @@ gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf)
- g_return_val_if_fail (flxdec != NULL, GST_FLOW_ERROR);
-
- gst_adapter_push (flxdec->adapter, buf);
-- avail = gst_adapter_available (flxdec->adapter);
-+ available = gst_adapter_available (flxdec->adapter);
-+ input = gst_adapter_get_buffer (flxdec->adapter, available);
-+ if (!gst_buffer_map (input, &map_info, GST_MAP_READ)) {
-+ GST_ELEMENT_ERROR (flxdec, STREAM, DECODE,
-+ ("%s", "Failed to map buffer"), (NULL));
-+ goto error;
-+ }
-+ gst_byte_reader_init (&reader, map_info.data, map_info.size);
-
- if (flxdec->state == GST_FLXDEC_READ_HEADER) {
-- if (avail >= FlxHeaderSize) {
-- const guint8 *data = gst_adapter_map (flxdec->adapter, FlxHeaderSize);
-+ if (available >= FlxHeaderSize) {
-+ GstByteReader header;
- GstCaps *templ;
-
-- memcpy ((gchar *) & flxdec->hdr, data, FlxHeaderSize);
-- FLX_HDR_FIX_ENDIANNESS (&(flxdec->hdr));
-- gst_adapter_unmap (flxdec->adapter);
-+ if (!gst_byte_reader_get_sub_reader (&reader, &header, FlxHeaderSize)) {
-+ GST_ELEMENT_ERROR (flxdec, STREAM, DECODE,
-+ ("%s", "Could not read header"), (NULL));
-+ goto unmap_input_error;
-+ }
- gst_adapter_flush (flxdec->adapter, FlxHeaderSize);
-+ available -= FlxHeaderSize;
-+
-+ if (!_read_flx_header (flxdec, &header, &flxdec->hdr)) {
-+ GST_ELEMENT_ERROR (flxdec, STREAM, DECODE,
-+ ("%s", "Failed to parse header"), (NULL));
-+ goto unmap_input_error;
-+ }
-
- flxh = &flxdec->hdr;
-
- /* check header */
- if (flxh->type != FLX_MAGICHDR_FLI &&
-- flxh->type != FLX_MAGICHDR_FLC && flxh->type != FLX_MAGICHDR_FLX)
-- goto wrong_type;
-+ flxh->type != FLX_MAGICHDR_FLC && flxh->type != FLX_MAGICHDR_FLX) {
-+ GST_ELEMENT_ERROR (flxdec, STREAM, WRONG_TYPE, (NULL),
-+ ("not a flx file (type %x)", flxh->type));
-+ goto unmap_input_error;
-+ }
-
-- GST_LOG ("size : %d", flxh->size);
-- GST_LOG ("frames : %d", flxh->frames);
-- GST_LOG ("width : %d", flxh->width);
-- GST_LOG ("height : %d", flxh->height);
-- GST_LOG ("depth : %d", flxh->depth);
-- GST_LOG ("speed : %d", flxh->speed);
-+ GST_INFO_OBJECT (flxdec, "size : %d", flxh->size);
-+ GST_INFO_OBJECT (flxdec, "frames : %d", flxh->frames);
-+ GST_INFO_OBJECT (flxdec, "width : %d", flxh->width);
-+ GST_INFO_OBJECT (flxdec, "height : %d", flxh->height);
-+ GST_INFO_OBJECT (flxdec, "depth : %d", flxh->depth);
-+ GST_INFO_OBJECT (flxdec, "speed : %d", flxh->speed);
-
- flxdec->next_time = 0;
-
-@@ -573,18 +784,32 @@ gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf)
- gst_pad_set_caps (flxdec->srcpad, caps);
- gst_caps_unref (caps);
-
-- if (flxh->depth <= 8)
-- flxdec->converter =
-- flx_colorspace_converter_new (flxh->width, flxh->height);
-+ /* zero means 8 */
-+ if (flxh->depth == 0)
-+ flxh->depth = 8;
-+
-+ if (flxh->depth != 8) {
-+ GST_ELEMENT_ERROR (flxdec, STREAM, WRONG_TYPE,
-+ ("%s", "Don't know how to decode non 8 bit depth streams"), (NULL));
-+ goto unmap_input_error;
-+ }
-+
-+ flxdec->converter =
-+ flx_colorspace_converter_new (flxh->width, flxh->height);
-
- if (flxh->type == FLX_MAGICHDR_FLC || flxh->type == FLX_MAGICHDR_FLX) {
-- GST_LOG ("(FLC) aspect_dx : %d", flxh->aspect_dx);
-- GST_LOG ("(FLC) aspect_dy : %d", flxh->aspect_dy);
-- GST_LOG ("(FLC) oframe1 : 0x%08x", flxh->oframe1);
-- GST_LOG ("(FLC) oframe2 : 0x%08x", flxh->oframe2);
-+ GST_INFO_OBJECT (flxdec, "(FLC) aspect_dx : %d", flxh->aspect_dx);
-+ GST_INFO_OBJECT (flxdec, "(FLC) aspect_dy : %d", flxh->aspect_dy);
-+ GST_INFO_OBJECT (flxdec, "(FLC) oframe1 : 0x%08x", flxh->oframe1);
-+ GST_INFO_OBJECT (flxdec, "(FLC) oframe2 : 0x%08x", flxh->oframe2);
- }
-
- flxdec->size = ((guint) flxh->width * (guint) flxh->height);
-+ if (flxdec->size >= G_MAXSIZE / 4) {
-+ GST_ELEMENT_ERROR (flxdec, STREAM, DECODE,
-+ ("%s", "Cannot allocate required memory"), (NULL));
-+ goto unmap_input_error;
-+ }
-
- /* create delta and output frame */
- flxdec->frame_data = g_malloc (flxdec->size);
-@@ -596,55 +821,66 @@ gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf)
- GstBuffer *out;
-
- /* while we have enough data in the adapter */
-- while (avail >= FlxFrameChunkSize && res == GST_FLOW_OK) {
-- FlxFrameChunk flxfh;
-- guchar *chunk;
-- const guint8 *data;
-- GstMapInfo map;
--
-- chunk = NULL;
-- data = gst_adapter_map (flxdec->adapter, FlxFrameChunkSize);
-- memcpy (&flxfh, data, FlxFrameChunkSize);
-- FLX_FRAME_CHUNK_FIX_ENDIANNESS (&flxfh);
-- gst_adapter_unmap (flxdec->adapter);
--
-- switch (flxfh.id) {
-- case FLX_FRAME_TYPE:
-- /* check if we have the complete frame */
-- if (avail < flxfh.size)
-- goto need_more_data;
--
-- /* flush header */
-- gst_adapter_flush (flxdec->adapter, FlxFrameChunkSize);
--
-- chunk = gst_adapter_take (flxdec->adapter,
-- flxfh.size - FlxFrameChunkSize);
-- FLX_FRAME_TYPE_FIX_ENDIANNESS ((FlxFrameType *) chunk);
-- if (((FlxFrameType *) chunk)->chunks == 0)
-- break;
-+ while (available >= FlxFrameChunkSize && res == GST_FLOW_OK) {
-+ guint32 size;
-+ guint16 type;
-
-- /* create 32 bits output frame */
--// res = gst_pad_alloc_buffer_and_set_caps (flxdec->srcpad,
--// GST_BUFFER_OFFSET_NONE,
--// flxdec->size * 4, GST_PAD_CAPS (flxdec->srcpad), &out);
--// if (res != GST_FLOW_OK)
--// break;
-+ if (!gst_byte_reader_get_uint32_le (&reader, &size))
-+ goto parse_error;
-+ if (available < size)
-+ goto need_more_data;
-
-- out = gst_buffer_new_and_alloc (flxdec->size * 4);
-+ available -= size;
-+ gst_adapter_flush (flxdec->adapter, size);
-+
-+ if (!gst_byte_reader_get_uint16_le (&reader, &type))
-+ goto parse_error;
-+
-+ switch (type) {
-+ case FLX_FRAME_TYPE:{
-+ GstByteReader chunks;
-+ GstByteWriter writer;
-+ guint16 n_chunks;
-+ GstMapInfo map;
-+
-+ GST_LOG_OBJECT (flxdec, "Have frame type 0x%02x of size %d", type,
-+ size);
-+
-+ if (!gst_byte_reader_get_sub_reader (&reader, &chunks,
-+ size - FlxFrameChunkSize))
-+ goto parse_error;
-+
-+ if (!gst_byte_reader_get_uint16_le (&chunks, &n_chunks))
-+ goto parse_error;
-+ GST_LOG_OBJECT (flxdec, "Have %d chunks", n_chunks);
-+
-+ if (n_chunks == 0)
-+ break;
-+ if (!gst_byte_reader_skip (&chunks, 8)) /* reserved */
-+ goto parse_error;
-+
-+ gst_byte_writer_init_with_data (&writer, flxdec->frame_data,
-+ flxdec->size, TRUE);
-
- /* decode chunks */
-- if (!flx_decode_chunks (flxdec,
-- ((FlxFrameType *) chunk)->chunks,
-- chunk + FlxFrameTypeSize, flxdec->frame_data)) {
-+ if (!flx_decode_chunks (flxdec, n_chunks, &chunks, &writer)) {
- GST_ELEMENT_ERROR (flxdec, STREAM, DECODE,
- ("%s", "Could not decode chunk"), NULL);
-- return GST_FLOW_ERROR;
-+ goto unmap_input_error;
- }
-+ gst_byte_writer_reset (&writer);
-
- /* save copy of the current frame for possible delta. */
- memcpy (flxdec->delta_data, flxdec->frame_data, flxdec->size);
-
-- gst_buffer_map (out, &map, GST_MAP_WRITE);
-+ out = gst_buffer_new_and_alloc (flxdec->size * 4);
-+ if (!gst_buffer_map (out, &map, GST_MAP_WRITE)) {
-+ GST_ELEMENT_ERROR (flxdec, STREAM, DECODE,
-+ ("%s", "Could not map output buffer"), NULL);
-+ gst_buffer_unref (out);
-+ goto unmap_input_error;
-+ }
-+
- /* convert current frame. */
- flx_colorspace_convert (flxdec->converter, flxdec->frame_data,
- map.data);
-@@ -655,30 +891,32 @@ gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf)
-
- res = gst_pad_push (flxdec->srcpad, out);
- break;
-+ }
- default:
-- /* check if we have the complete frame */
-- if (avail < flxfh.size)
-- goto need_more_data;
--
-- gst_adapter_flush (flxdec->adapter, flxfh.size);
-+ GST_DEBUG_OBJECT (flxdec, "Unknown frame type 0x%02x, skipping %d",
-+ type, size);
-+ if (!gst_byte_reader_skip (&reader, size - FlxFrameChunkSize))
-+ goto parse_error;
- break;
- }
--
-- g_free (chunk);
--
-- avail = gst_adapter_available (flxdec->adapter);
- }
- }
-+
-+ gst_buffer_unmap (input, &map_info);
-+ gst_buffer_unref (input);
-+
- need_more_data:
- return res;
-
- /* ERRORS */
--wrong_type:
-- {
-- GST_ELEMENT_ERROR (flxdec, STREAM, WRONG_TYPE, (NULL),
-- ("not a flx file (type %x)", flxh->type));
-- return GST_FLOW_ERROR;
-- }
-+parse_error:
-+ GST_ELEMENT_ERROR (flxdec, STREAM, DECODE,
-+ ("%s", "Failed to parse stream"), (NULL));
-+unmap_input_error:
-+ gst_buffer_unmap (input, &map_info);
-+ gst_buffer_unref (input);
-+error:
-+ return GST_FLOW_ERROR;
- }
-
- static GstStateChangeReturn
-diff --git a/gst/flx/gstflxdec.h b/gst/flx/gstflxdec.h
-index 3f9a0aa..4fd8dfd 100644
---- a/gst/flx/gstflxdec.h
-+++ b/gst/flx/gstflxdec.h
-@@ -23,6 +23,8 @@
- #include <gst/gst.h>
-
- #include <gst/base/gstadapter.h>
-+#include <gst/base/gstbytereader.h>
-+#include <gst/base/gstbytewriter.h>
- #include "flx_color.h"
-
- G_BEGIN_DECLS
-@@ -45,7 +47,7 @@ struct _GstFlxDec {
-
- guint8 *delta_data, *frame_data;
- GstAdapter *adapter;
-- gulong size;
-+ gsize size;
- GstFlxDecState state;
- gint64 frame_time;
- gint64 next_time;
---
-2.10.2
-
diff --git a/gnu/packages/patches/gst-plugins-good-fix-invalid-read.patch b/gnu/packages/patches/gst-plugins-good-fix-invalid-read.patch
deleted file mode 100644
index 1daaa2ae15..0000000000
--- a/gnu/packages/patches/gst-plugins-good-fix-invalid-read.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Fixes upstream bug #774897 (flxdec: Unreferences itself one time too many on
-invalid files):
-
-https://bugzilla.gnome.org/show_bug.cgi?id=774897
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=b31c504645a814c59d91d49e4fe218acaf93f4ca
-
-From b31c504645a814c59d91d49e4fe218acaf93f4ca Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
-Date: Wed, 23 Nov 2016 11:20:49 +0200
-Subject: [PATCH] flxdec: Don't unref() parent in the chain function
-
-We don't own the reference here, it is owned by the caller and given to
-us for the scope of this function. Leftover mistake from 0.10 porting.
-
-https://bugzilla.gnome.org/show_bug.cgi?id=774897
----
- gst/flx/gstflxdec.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/gst/flx/gstflxdec.c b/gst/flx/gstflxdec.c
-index e675c99..a237976 100644
---- a/gst/flx/gstflxdec.c
-+++ b/gst/flx/gstflxdec.c
-@@ -677,7 +677,6 @@ wrong_type:
- {
- GST_ELEMENT_ERROR (flxdec, STREAM, WRONG_TYPE, (NULL),
- ("not a flx file (type %x)", flxh->type));
-- gst_object_unref (flxdec);
- return GST_FLOW_ERROR;
- }
- }
---
-2.10.2
-
diff --git a/gnu/packages/patches/gst-plugins-good-fix-signedness.patch b/gnu/packages/patches/gst-plugins-good-fix-signedness.patch
deleted file mode 100644
index a3e20e19dd..0000000000
--- a/gnu/packages/patches/gst-plugins-good-fix-signedness.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-This is a followup fix for upstream bug #774834 (flic decoder: Buffer overflow
-in flx_decode_delta_fli):
-
-https://bugzilla.gnome.org/show_bug.cgi?id=774834#c2
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=1ab2b26193861b124426e2f8eb62b75b59ec5488
-
-From 1ab2b26193861b124426e2f8eb62b75b59ec5488 Mon Sep 17 00:00:00 2001
-From: Matthew Waters <matthew@centricular.com>
-Date: Tue, 22 Nov 2016 23:46:00 +1100
-Subject: [PATCH] flxdec: fix some warnings comparing unsigned < 0
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-bf43f44fcfada5ec4a3ce60cb374340486fe9fac was comparing an unsigned
-expression to be < 0 which was always false.
-
-gstflxdec.c: In function ‘flx_decode_brun’:
-gstflxdec.c:322:33: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits]
- if ((glong) row - count < 0) {
- ^
-gstflxdec.c:332:33: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits]
- if ((glong) row - count < 0) {
- ^
-
-https://bugzilla.gnome.org/show_bug.cgi?id=774834
----
- gst/flx/gstflxdec.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/gst/flx/gstflxdec.c b/gst/flx/gstflxdec.c
-index d51a8e6..e675c99 100644
---- a/gst/flx/gstflxdec.c
-+++ b/gst/flx/gstflxdec.c
-@@ -319,7 +319,7 @@ flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest)
- if (count > 0x7f) {
- /* literal run */
- count = 0x100 - count;
-- if ((glong) row - count < 0) {
-+ if ((glong) row - (glong) count < 0) {
- GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected.");
- return FALSE;
- }
-@@ -329,7 +329,7 @@ flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest)
- *dest++ = *data++;
-
- } else {
-- if ((glong) row - count < 0) {
-+ if ((glong) row - (glong) count < 0) {
- GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected.");
- return FALSE;
- }
---
-2.10.2
-
diff --git a/gnu/packages/patches/gst-plugins-good-flic-bounds-check.patch b/gnu/packages/patches/gst-plugins-good-flic-bounds-check.patch
deleted file mode 100644
index f77dca2cd6..0000000000
--- a/gnu/packages/patches/gst-plugins-good-flic-bounds-check.patch
+++ /dev/null
@@ -1,319 +0,0 @@
-Fix CVE-2016-{9634,9635,9636}.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9634
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9635
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9636
-
-This fixes upstream bug #774834 (flic decoder: Buffer overflow in
-flx_decode_delta_fli):
-
-https://bugzilla.gnome.org/show_bug.cgi?id=774834
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=2e203a79b7d9af4029307c1a845b3c148d5f5e62
-
-From 2e203a79b7d9af4029307c1a845b3c148d5f5e62 Mon Sep 17 00:00:00 2001
-From: Matthew Waters <matthew@centricular.com>
-Date: Tue, 22 Nov 2016 19:05:00 +1100
-Subject: [PATCH] flxdec: add some write bounds checking
-
-Without checking the bounds of the frame we are writing into, we can
-write off the end of the destination buffer.
-
-https://scarybeastsecurity.blogspot.dk/2016/11/0day-exploit-advancing-exploitation.html
-
-https://bugzilla.gnome.org/show_bug.cgi?id=774834
----
- gst/flx/gstflxdec.c | 116 +++++++++++++++++++++++++++++++++++++++++-----------
- 1 file changed, 91 insertions(+), 25 deletions(-)
-
-diff --git a/gst/flx/gstflxdec.c b/gst/flx/gstflxdec.c
-index 604be2f..d51a8e6 100644
---- a/gst/flx/gstflxdec.c
-+++ b/gst/flx/gstflxdec.c
-@@ -74,9 +74,9 @@ static gboolean gst_flxdec_src_query_handler (GstPad * pad, GstObject * parent,
- GstQuery * query);
-
- static void flx_decode_color (GstFlxDec *, guchar *, guchar *, gint);
--static void flx_decode_brun (GstFlxDec *, guchar *, guchar *);
--static void flx_decode_delta_fli (GstFlxDec *, guchar *, guchar *);
--static void flx_decode_delta_flc (GstFlxDec *, guchar *, guchar *);
-+static gboolean flx_decode_brun (GstFlxDec *, guchar *, guchar *);
-+static gboolean flx_decode_delta_fli (GstFlxDec *, guchar *, guchar *);
-+static gboolean flx_decode_delta_flc (GstFlxDec *, guchar *, guchar *);
-
- #define rndalign(off) ((off) + ((off) & 1))
-
-@@ -203,13 +203,14 @@ gst_flxdec_sink_event_handler (GstPad * pad, GstObject * parent,
- return ret;
- }
-
--static void
-+static gboolean
- flx_decode_chunks (GstFlxDec * flxdec, gulong count, guchar * data,
- guchar * dest)
- {
- FlxFrameChunk *hdr;
-+ gboolean ret = TRUE;
-
-- g_return_if_fail (data != NULL);
-+ g_return_val_if_fail (data != NULL, FALSE);
-
- while (count--) {
- hdr = (FlxFrameChunk *) data;
-@@ -228,17 +229,17 @@ flx_decode_chunks (GstFlxDec * flxdec, gulong count, guchar * data,
- break;
-
- case FLX_BRUN:
-- flx_decode_brun (flxdec, data, dest);
-+ ret = flx_decode_brun (flxdec, data, dest);
- data += rndalign (hdr->size) - FlxFrameChunkSize;
- break;
-
- case FLX_LC:
-- flx_decode_delta_fli (flxdec, data, dest);
-+ ret = flx_decode_delta_fli (flxdec, data, dest);
- data += rndalign (hdr->size) - FlxFrameChunkSize;
- break;
-
- case FLX_SS2:
-- flx_decode_delta_flc (flxdec, data, dest);
-+ ret = flx_decode_delta_flc (flxdec, data, dest);
- data += rndalign (hdr->size) - FlxFrameChunkSize;
- break;
-
-@@ -256,7 +257,12 @@ flx_decode_chunks (GstFlxDec * flxdec, gulong count, guchar * data,
- data += rndalign (hdr->size) - FlxFrameChunkSize;
- break;
- }
-+
-+ if (!ret)
-+ break;
- }
-+
-+ return ret;
- }
-
-
-@@ -289,13 +295,13 @@ flx_decode_color (GstFlxDec * flxdec, guchar * data, guchar * dest, gint scale)
- }
- }
-
--static void
-+static gboolean
- flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest)
- {
- gulong count, lines, row;
- guchar x;
-
-- g_return_if_fail (flxdec != NULL);
-+ g_return_val_if_fail (flxdec != NULL, FALSE);
-
- lines = flxdec->hdr.height;
- while (lines--) {
-@@ -313,12 +319,21 @@ flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest)
- if (count > 0x7f) {
- /* literal run */
- count = 0x100 - count;
-+ if ((glong) row - count < 0) {
-+ GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected.");
-+ return FALSE;
-+ }
- row -= count;
-
- while (count--)
- *dest++ = *data++;
-
- } else {
-+ if ((glong) row - count < 0) {
-+ GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected.");
-+ return FALSE;
-+ }
-+
- /* replicate run */
- row -= count;
- x = *data++;
-@@ -328,22 +343,28 @@ flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest)
- }
- }
- }
-+
-+ return TRUE;
- }
-
--static void
-+static gboolean
- flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest)
- {
- gulong count, packets, lines, start_line;
- guchar *start_p, x;
-
-- g_return_if_fail (flxdec != NULL);
-- g_return_if_fail (flxdec->delta_data != NULL);
-+ g_return_val_if_fail (flxdec != NULL, FALSE);
-+ g_return_val_if_fail (flxdec->delta_data != NULL, FALSE);
-
- /* use last frame for delta */
- memcpy (dest, flxdec->delta_data, flxdec->size);
-
- start_line = (data[0] + (data[1] << 8));
- lines = (data[2] + (data[3] << 8));
-+ if (start_line + lines > flxdec->hdr.height) {
-+ GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. too many lines.");
-+ return FALSE;
-+ }
- data += 4;
-
- /* start position of delta */
-@@ -356,7 +377,8 @@ flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest)
-
- while (packets--) {
- /* skip count */
-- dest += *data++;
-+ guchar skip = *data++;
-+ dest += skip;
-
- /* RLE count */
- count = *data++;
-@@ -364,12 +386,24 @@ flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest)
- if (count > 0x7f) {
- /* literal run */
- count = 0x100 - count;
-- x = *data++;
-
-+ if (skip + count > flxdec->hdr.width) {
-+ GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. "
-+ "line too long.");
-+ return FALSE;
-+ }
-+
-+ x = *data++;
- while (count--)
- *dest++ = x;
-
- } else {
-+ if (skip + count > flxdec->hdr.width) {
-+ GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. "
-+ "line too long.");
-+ return FALSE;
-+ }
-+
- /* replicate run */
- while (count--)
- *dest++ = *data++;
-@@ -378,21 +412,27 @@ flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest)
- start_p += flxdec->hdr.width;
- dest = start_p;
- }
-+
-+ return TRUE;
- }
-
--static void
-+static gboolean
- flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest)
- {
- gulong count, lines, start_l, opcode;
- guchar *start_p;
-
-- g_return_if_fail (flxdec != NULL);
-- g_return_if_fail (flxdec->delta_data != NULL);
-+ g_return_val_if_fail (flxdec != NULL, FALSE);
-+ g_return_val_if_fail (flxdec->delta_data != NULL, FALSE);
-
- /* use last frame for delta */
- memcpy (dest, flxdec->delta_data, flxdec->size);
-
- lines = (data[0] + (data[1] << 8));
-+ if (lines > flxdec->hdr.height) {
-+ GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. too many lines.");
-+ return FALSE;
-+ }
- data += 2;
-
- start_p = dest;
-@@ -405,9 +445,15 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest)
- while ((opcode = (data[0] + (data[1] << 8))) & 0xc000) {
- data += 2;
- if ((opcode & 0xc000) == 0xc000) {
-- /* skip count */
-- start_l += (0x10000 - opcode);
-- dest += flxdec->hdr.width * (0x10000 - opcode);
-+ /* line skip count */
-+ gulong skip = (0x10000 - opcode);
-+ if (skip > flxdec->hdr.height) {
-+ GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. "
-+ "skip line count too big.");
-+ return FALSE;
-+ }
-+ start_l += skip;
-+ dest += flxdec->hdr.width * skip;
- } else {
- /* last pixel */
- dest += flxdec->hdr.width;
-@@ -419,7 +465,8 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest)
- /* last opcode is the packet count */
- while (opcode--) {
- /* skip count */
-- dest += *data++;
-+ guchar skip = *data++;
-+ dest += skip;
-
- /* RLE count */
- count = *data++;
-@@ -427,12 +474,25 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest)
- if (count > 0x7f) {
- /* replicate word run */
- count = 0x100 - count;
-+
-+ if (skip + count > flxdec->hdr.width) {
-+ GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. "
-+ "line too long.");
-+ return FALSE;
-+ }
-+
- while (count--) {
- *dest++ = data[0];
- *dest++ = data[1];
- }
- data += 2;
- } else {
-+ if (skip + count > flxdec->hdr.width) {
-+ GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. "
-+ "line too long.");
-+ return FALSE;
-+ }
-+
- /* literal word run */
- while (count--) {
- *dest++ = *data++;
-@@ -442,6 +502,8 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest)
- }
- lines--;
- }
-+
-+ return TRUE;
- }
-
- static GstFlowReturn
-@@ -571,9 +633,13 @@ gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf)
- out = gst_buffer_new_and_alloc (flxdec->size * 4);
-
- /* decode chunks */
-- flx_decode_chunks (flxdec,
-- ((FlxFrameType *) chunk)->chunks,
-- chunk + FlxFrameTypeSize, flxdec->frame_data);
-+ if (!flx_decode_chunks (flxdec,
-+ ((FlxFrameType *) chunk)->chunks,
-+ chunk + FlxFrameTypeSize, flxdec->frame_data)) {
-+ GST_ELEMENT_ERROR (flxdec, STREAM, DECODE,
-+ ("%s", "Could not decode chunk"), NULL);
-+ return GST_FLOW_ERROR;
-+ }
-
- /* save copy of the current frame for possible delta. */
- memcpy (flxdec->delta_data, flxdec->frame_data, flxdec->size);
---
-2.10.2
-
diff --git a/gnu/packages/patches/httpd-CVE-2016-8740.patch b/gnu/packages/patches/httpd-CVE-2016-8740.patch
new file mode 100644
index 0000000000..17ba323ccf
--- /dev/null
+++ b/gnu/packages/patches/httpd-CVE-2016-8740.patch
@@ -0,0 +1,36 @@
+This patch applies against httpd-2.4.23 and shouldn't be needed in later releases
+http://openwall.com/lists/oss-security/2016/12/05/17
+Index: modules/http2/h2_stream.c
+===================================================================
+--- modules/http2/h2_stream.c (revision 1771866)
++++ modules/http2/h2_stream.c (working copy)
+@@ -322,18 +322,18 @@
+ HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE);
+ }
+ }
+- }
+-
+- if (h2_stream_is_scheduled(stream)) {
+- return h2_request_add_trailer(stream->request, stream->pool,
+- name, nlen, value, vlen);
+- }
+- else {
+- if (!input_open(stream)) {
+- return APR_ECONNRESET;
++
++ if (h2_stream_is_scheduled(stream)) {
++ return h2_request_add_trailer(stream->request, stream->pool,
++ name, nlen, value, vlen);
+ }
+- return h2_request_add_header(stream->request, stream->pool,
+- name, nlen, value, vlen);
++ else {
++ if (!input_open(stream)) {
++ return APR_ECONNRESET;
++ }
++ return h2_request_add_header(stream->request, stream->pool,
++ name, nlen, value, vlen);
++ }
+ }
+ }
+
diff --git a/gnu/packages/patches/icecat-CVE-2016-9064.patch b/gnu/packages/patches/icecat-CVE-2016-9064.patch
deleted file mode 100644
index a5393815e0..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-9064.patch
+++ /dev/null
@@ -1,996 +0,0 @@
-Copied from
-<https://hg.mozilla.org/releases/mozilla-esr45/raw-rev/00c2b7baaa0b>
-but with one hunk omitted: the git binary patch for
-toolkit/mozapps/extensions/test/addons/test_update_multi2/addon.xpi
-which is not present in the IceCat sources.
-
-# HG changeset patch
-# User Andrew Swan <aswan@mozilla.com>
-# Date 1474063218 25200
-# Node ID 00c2b7baaa0b4bfb7d5f1aac31c094ea6b255e1f
-# Parent 46b07bdbf8b20cf3fdc28104add57ff58a55832b
-Bug 1303418 - Don't allow upgrades that change the addon ID. r=mossop, a=lizzard
-
-MozReview-Commit-ID: JHINo8ShmeI
-
-diff --git a/toolkit/mozapps/extensions/AddonManager.jsm b/toolkit/mozapps/extensions/AddonManager.jsm
---- a/toolkit/mozapps/extensions/AddonManager.jsm
-+++ b/toolkit/mozapps/extensions/AddonManager.jsm
-@@ -2956,16 +2956,18 @@ this.AddonManager = {
- // The downloaded file seems to be corrupted in some way.
- ERROR_CORRUPT_FILE: -3,
- // An error occured trying to write to the filesystem.
- ERROR_FILE_ACCESS: -4,
- // The add-on must be signed and isn't.
- ERROR_SIGNEDSTATE_REQUIRED: -5,
- // The downloaded add-on had a different type than expected.
- ERROR_UNEXPECTED_ADDON_TYPE: -6,
-+ // The addon did not have the expected ID
-+ ERROR_INCORRECT_ID: -7,
-
- // These must be kept in sync with AddonUpdateChecker.
- // No error was encountered.
- UPDATE_STATUS_NO_ERROR: 0,
- // The update check timed out
- UPDATE_STATUS_TIMEOUT: -1,
- // There was an error while downloading the update information.
- UPDATE_STATUS_DOWNLOAD_ERROR: -2,
-diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
---- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm
-+++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
-@@ -5473,16 +5473,37 @@ AddonInstall.prototype = {
- // loadManifestFromZipReader performs the certificate verification for us
- this.addon = yield loadManifestFromZipReader(zipreader, this.installLocation);
- }
- catch (e) {
- zipreader.close();
- return Promise.reject([AddonManager.ERROR_CORRUPT_FILE, e]);
- }
-
-+ if (this.existingAddon) {
-+ // Check various conditions related to upgrades
-+ if (this.addon.id != this.existingAddon.id) {
-+ zipreader.close();
-+ return Promise.reject([AddonManager.ERROR_INCORRECT_ID,
-+ `Refusing to upgrade addon ${this.existingAddon.id} to different ID ${this.addon.id}`]);
-+ }
-+
-+ if (this.addon.type == "multipackage") {
-+ zipreader.close();
-+ return Promise.reject([AddonManager.ERROR_UNEXPECTED_ADDON_TYPE,
-+ `Refusing to upgrade addon ${this.existingAddon.id} to a multi-package xpi`]);
-+ }
-+
-+ if (this.existingAddon.type == "webextension" && this.addon.type != "webextension") {
-+ zipreader.close();
-+ return Promise.reject([AddonManager.ERROR_UNEXPECTED_ADDON_TYPE,
-+ "Webextensions may not be updated to other extension types"]);
-+ }
-+ }
-+
- if (mustSign(this.addon.type)) {
- if (this.addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) {
- // This add-on isn't properly signed by a signature that chains to the
- // trusted root.
- let state = this.addon.signedState;
- this.addon = null;
- zipreader.close();
-
-@@ -5510,23 +5531,16 @@ AddonInstall.prototype = {
- } else {
- zipreader.close();
- return Promise.reject([AddonManager.ERROR_CORRUPT_FILE,
- "XPI is incorrectly signed"]);
- }
- }
- }
-
-- if (this.existingAddon && this.existingAddon.type == "webextension" &&
-- this.addon.type != "webextension") {
-- zipreader.close();
-- return Promise.reject([AddonManager.ERROR_UNEXPECTED_ADDON_TYPE,
-- "WebExtensions may not be upated to other extension types"]);
-- }
--
- if (this.addon.type == "multipackage")
- return this._loadMultipackageManifests(zipreader);
-
- zipreader.close();
-
- this.updateAddonURIs();
-
- this.addon._install = this;
-@@ -5791,16 +5805,17 @@ AddonInstall.prototype = {
- else {
- // TODO Should we send some event here (bug 557716)?
- this.state = AddonManager.STATE_CHECKING;
- new UpdateChecker(this.addon, {
- onUpdateFinished: aAddon => this.downloadCompleted(),
- }, AddonManager.UPDATE_WHEN_ADDON_INSTALLED);
- }
- }, ([error, message]) => {
-+ this.removeTemporaryFile();
- this.downloadFailed(error, message);
- });
- }
- else {
- if (aRequest instanceof Ci.nsIHttpChannel)
- this.downloadFailed(AddonManager.ERROR_NETWORK_FAILURE,
- aRequest.responseStatus + " " +
- aRequest.responseStatusText);
-diff --git a/toolkit/mozapps/extensions/test/addons/test_update_multi1/bootstrap.js b/toolkit/mozapps/extensions/test/addons/test_update_multi1/bootstrap.js
-new file mode 100644
---- /dev/null
-+++ b/toolkit/mozapps/extensions/test/addons/test_update_multi1/bootstrap.js
-@@ -0,0 +1,5 @@
-+
-+function install(data, reason) {}
-+function startup(data, reason) {}
-+function shutdown(data, reason) {}
-+function uninstall(data, reason) {}
-diff --git a/toolkit/mozapps/extensions/test/addons/test_update_multi1/install.rdf b/toolkit/mozapps/extensions/test/addons/test_update_multi1/install.rdf
-new file mode 100644
---- /dev/null
-+++ b/toolkit/mozapps/extensions/test/addons/test_update_multi1/install.rdf
-@@ -0,0 +1,16 @@
-+<?xml version="1.0"?>
-+<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-+ xmlns:em="http://www.mozilla.org/2004/em-rdf#">
-+<Description about="urn:mozilla:install-manifest">
-+ <em:id>updatemulti@tests.mozilla.org</em:id>
-+ <em:version>1.0</em:version>
-+ <em:updateURL>http://localhost:4444/data/test_update_multi.rdf</em:updateURL>
-+ <em:bootstrap>true</em:bootstrap>
-+ <em:name>Test Addon 1</em:name>
-+<em:targetApplication><Description>
-+ <em:id>xpcshell@tests.mozilla.org</em:id>
-+ <em:minVersion>1</em:minVersion>
-+ <em:maxVersion>1</em:maxVersion>
-+</Description></em:targetApplication>
-+</Description>
-+</RDF>
-diff --git a/toolkit/mozapps/extensions/test/addons/test_update_multi2/install.rdf b/toolkit/mozapps/extensions/test/addons/test_update_multi2/install.rdf
-new file mode 100644
---- /dev/null
-+++ b/toolkit/mozapps/extensions/test/addons/test_update_multi2/install.rdf
-@@ -0,0 +1,9 @@
-+<?xml version="1.0"?>
-+<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-+ xmlns:em="http://www.mozilla.org/2004/em-rdf#">
-+<Description about="urn:mozilla:install-manifest">
-+ <em:id>updatemulti@tests.mozilla.org</em:id>
-+ <em:type>32</em:type>
-+ <em:version>2.0</em:version>
-+</Description>
-+</RDF>
-diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid1/bootstrap.js b/toolkit/mozapps/extensions/test/addons/test_updateid1/bootstrap.js
-new file mode 100644
---- /dev/null
-+++ b/toolkit/mozapps/extensions/test/addons/test_updateid1/bootstrap.js
-@@ -0,0 +1,5 @@
-+
-+function install(data, reason) {}
-+function startup(data, reason) {}
-+function shutdown(data, reason) {}
-+function uninstall(data, reason) {}
-diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid1/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid1/install.rdf
-new file mode 100644
---- /dev/null
-+++ b/toolkit/mozapps/extensions/test/addons/test_updateid1/install.rdf
-@@ -0,0 +1,16 @@
-+<?xml version="1.0"?>
-+<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-+ xmlns:em="http://www.mozilla.org/2004/em-rdf#">
-+<Description about="urn:mozilla:install-manifest">
-+ <em:id>addon1@tests.mozilla.org</em:id>
-+ <em:version>1.0</em:version>
-+ <em:updateURL>http://localhost:4444/data/test_updateid.rdf</em:updateURL>
-+ <em:bootstrap>true</em:bootstrap>
-+ <em:name>Test Addon 1</em:name>
-+<em:targetApplication><Description>
-+ <em:id>xpcshell@tests.mozilla.org</em:id>
-+ <em:minVersion>1</em:minVersion>
-+ <em:maxVersion>1</em:maxVersion>
-+</Description></em:targetApplication>
-+</Description>
-+</RDF>
-diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid2/bootstrap.js b/toolkit/mozapps/extensions/test/addons/test_updateid2/bootstrap.js
-new file mode 100644
---- /dev/null
-+++ b/toolkit/mozapps/extensions/test/addons/test_updateid2/bootstrap.js
-@@ -0,0 +1,5 @@
-+
-+function install(data, reason) {}
-+function startup(data, reason) {}
-+function shutdown(data, reason) {}
-+function uninstall(data, reason) {}
-diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid2/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid2/install.rdf
-new file mode 100644
---- /dev/null
-+++ b/toolkit/mozapps/extensions/test/addons/test_updateid2/install.rdf
-@@ -0,0 +1,16 @@
-+<?xml version="1.0"?>
-+<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-+ xmlns:em="http://www.mozilla.org/2004/em-rdf#">
-+<Description about="urn:mozilla:install-manifest">
-+ <em:id>addon1.changed@tests.mozilla.org</em:id>
-+ <em:version>2.0</em:version>
-+ <em:updateURL>http://localhost:4444/data/test_updateid.rdf</em:updateURL>
-+ <em:bootstrap>true</em:bootstrap>
-+ <em:name>Test Addon 1</em:name>
-+<em:targetApplication><Description>
-+ <em:id>xpcshell@tests.mozilla.org</em:id>
-+ <em:minVersion>1</em:minVersion>
-+ <em:maxVersion>1</em:maxVersion>
-+</Description></em:targetApplication>
-+</Description>
-+</RDF>
-diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid2_2/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid2_2/install.rdf
-deleted file mode 100644
---- a/toolkit/mozapps/extensions/test/addons/test_updateid2_2/install.rdf
-+++ /dev/null
-@@ -1,24 +0,0 @@
--<?xml version="1.0"?>
--
--<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-- xmlns:em="http://www.mozilla.org/2004/em-rdf#">
--
-- <Description about="urn:mozilla:install-manifest">
-- <em:id>addon2@tests.mozilla.org</em:id>
-- <em:version>2.0</em:version>
-- <em:updateURL>http://localhost:4444/data/test_updateid.rdf</em:updateURL>
--
-- <!-- Front End MetaData -->
-- <em:name>Test 2</em:name>
-- <em:description>Test Description</em:description>
--
-- <em:targetApplication>
-- <Description>
-- <em:id>xpcshell@tests.mozilla.org</em:id>
-- <em:minVersion>1</em:minVersion>
-- <em:maxVersion>1</em:maxVersion>
-- </Description>
-- </em:targetApplication>
--
-- </Description>
--</RDF>
-diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid2_5/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid2_5/install.rdf
-deleted file mode 100644
---- a/toolkit/mozapps/extensions/test/addons/test_updateid2_5/install.rdf
-+++ /dev/null
-@@ -1,24 +0,0 @@
--<?xml version="1.0"?>
--
--<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-- xmlns:em="http://www.mozilla.org/2004/em-rdf#">
--
-- <Description about="urn:mozilla:install-manifest">
-- <em:id>addon2@tests.mozilla.org</em:id>
-- <em:version>5.0</em:version>
-- <em:updateURL>http://localhost:4444/data/test_updateid.rdf</em:updateURL>
--
-- <!-- Front End MetaData -->
-- <em:name>Test 2</em:name>
-- <em:description>Test Description</em:description>
--
-- <em:targetApplication>
-- <Description>
-- <em:id>xpcshell@tests.mozilla.org</em:id>
-- <em:minVersion>1</em:minVersion>
-- <em:maxVersion>1</em:maxVersion>
-- </Description>
-- </em:targetApplication>
--
-- </Description>
--</RDF>
-diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid3_3/bootstrap.js b/toolkit/mozapps/extensions/test/addons/test_updateid3_3/bootstrap.js
-deleted file mode 100644
---- a/toolkit/mozapps/extensions/test/addons/test_updateid3_3/bootstrap.js
-+++ /dev/null
-@@ -1,21 +0,0 @@
--Components.utils.import("resource://gre/modules/Services.jsm");
--
--function install(data, reason) {
-- Services.prefs.setIntPref("bootstraptest.installed_version", 3);
-- Services.prefs.setIntPref("bootstraptest.install_reason", reason);
--}
--
--function startup(data, reason) {
-- Services.prefs.setIntPref("bootstraptest.active_version", 3);
-- Services.prefs.setIntPref("bootstraptest.startup_reason", reason);
--}
--
--function shutdown(data, reason) {
-- Services.prefs.setIntPref("bootstraptest.active_version", 0);
-- Services.prefs.setIntPref("bootstraptest.shutdown_reason", reason);
--}
--
--function uninstall(data, reason) {
-- Services.prefs.setIntPref("bootstraptest.installed_version", 0);
-- Services.prefs.setIntPref("bootstraptest.uninstall_reason", reason);
--}
-diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid3_3/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid3_3/install.rdf
-deleted file mode 100644
---- a/toolkit/mozapps/extensions/test/addons/test_updateid3_3/install.rdf
-+++ /dev/null
-@@ -1,25 +0,0 @@
--<?xml version="1.0"?>
--
--<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-- xmlns:em="http://www.mozilla.org/2004/em-rdf#">
--
-- <Description about="urn:mozilla:install-manifest">
-- <em:id>addon3@tests.mozilla.org</em:id>
-- <em:version>3.0</em:version>
-- <em:updateURL>http://localhost:4444/data/test_updateid.rdf</em:updateURL>
-- <em:bootstrap>true</em:bootstrap>
--
-- <!-- Front End MetaData -->
-- <em:name>Test 3</em:name>
-- <em:description>Test Description</em:description>
--
-- <em:targetApplication>
-- <Description>
-- <em:id>xpcshell@tests.mozilla.org</em:id>
-- <em:minVersion>1</em:minVersion>
-- <em:maxVersion>1</em:maxVersion>
-- </Description>
-- </em:targetApplication>
--
-- </Description>
--</RDF>
-diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid4_4/bootstrap.js b/toolkit/mozapps/extensions/test/addons/test_updateid4_4/bootstrap.js
-deleted file mode 100644
---- a/toolkit/mozapps/extensions/test/addons/test_updateid4_4/bootstrap.js
-+++ /dev/null
-@@ -1,21 +0,0 @@
--Components.utils.import("resource://gre/modules/Services.jsm");
--
--function install(data, reason) {
-- Services.prefs.setIntPref("bootstraptest.installed_version", 4);
-- Services.prefs.setIntPref("bootstraptest.install_reason", reason);
--}
--
--function startup(data, reason) {
-- Services.prefs.setIntPref("bootstraptest.active_version", 4);
-- Services.prefs.setIntPref("bootstraptest.startup_reason", reason);
--}
--
--function shutdown(data, reason) {
-- Services.prefs.setIntPref("bootstraptest.active_version", 0);
-- Services.prefs.setIntPref("bootstraptest.shutdown_reason", reason);
--}
--
--function uninstall(data, reason) {
-- Services.prefs.setIntPref("bootstraptest.installed_version", 0);
-- Services.prefs.setIntPref("bootstraptest.uninstall_reason", reason);
--}
-diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid4_4/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid4_4/install.rdf
-deleted file mode 100644
---- a/toolkit/mozapps/extensions/test/addons/test_updateid4_4/install.rdf
-+++ /dev/null
-@@ -1,25 +0,0 @@
--<?xml version="1.0"?>
--
--<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-- xmlns:em="http://www.mozilla.org/2004/em-rdf#">
--
-- <Description about="urn:mozilla:install-manifest">
-- <em:id>addon4@tests.mozilla.org</em:id>
-- <em:version>4.0</em:version>
-- <em:updateURL>http://localhost:4444/data/test_updateid.rdf</em:updateURL>
-- <em:bootstrap>true</em:bootstrap>
--
-- <!-- Front End MetaData -->
-- <em:name>Test 4</em:name>
-- <em:description>Test Description</em:description>
--
-- <em:targetApplication>
-- <Description>
-- <em:id>xpcshell@tests.mozilla.org</em:id>
-- <em:minVersion>1</em:minVersion>
-- <em:maxVersion>1</em:maxVersion>
-- </Description>
-- </em:targetApplication>
--
-- </Description>
--</RDF>
-diff --git a/toolkit/mozapps/extensions/test/xpcshell/data/test_update_multi.rdf b/toolkit/mozapps/extensions/test/xpcshell/data/test_update_multi.rdf
-new file mode 100644
---- /dev/null
-+++ b/toolkit/mozapps/extensions/test/xpcshell/data/test_update_multi.rdf
-@@ -0,0 +1,26 @@
-+<?xml version="1.0" encoding="UTF-8"?>
-+
-+<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-+ xmlns:em="http://www.mozilla.org/2004/em-rdf#">
-+
-+ <Description about="urn:mozilla:extension:updatemulti@tests.mozilla.org">
-+ <em:updates>
-+ <Seq>
-+ <li>
-+ <Description>
-+ <em:version>2.0</em:version>
-+ <em:targetApplication>
-+ <Description>
-+ <em:id>xpcshell@tests.mozilla.org</em:id>
-+ <em:minVersion>1</em:minVersion>
-+ <em:maxVersion>1</em:maxVersion>
-+ <em:updateLink>http://localhost:4444/addons/test_update_multi2.xpi</em:updateLink>
-+ </Description>
-+ </em:targetApplication>
-+ </Description>
-+ </li>
-+ </Seq>
-+ </em:updates>
-+ </Description>
-+
-+</RDF>
-diff --git a/toolkit/mozapps/extensions/test/xpcshell/data/test_updateid.rdf b/toolkit/mozapps/extensions/test/xpcshell/data/test_updateid.rdf
---- a/toolkit/mozapps/extensions/test/xpcshell/data/test_updateid.rdf
-+++ b/toolkit/mozapps/extensions/test/xpcshell/data/test_updateid.rdf
-@@ -9,77 +9,17 @@
- <li>
- <Description>
- <em:version>2.0</em:version>
- <em:targetApplication>
- <Description>
- <em:id>xpcshell@tests.mozilla.org</em:id>
- <em:minVersion>1</em:minVersion>
- <em:maxVersion>1</em:maxVersion>
-- <em:updateLink>http://localhost:4444/addons/test_updateid2_2.xpi</em:updateLink>
-- </Description>
-- </em:targetApplication>
-- </Description>
-- </li>
-- </Seq>
-- </em:updates>
-- </Description>
--
-- <Description about="urn:mozilla:extension:addon2@tests.mozilla.org">
-- <em:updates>
-- <Seq>
-- <li>
-- <Description>
-- <em:version>3.0</em:version>
-- <em:targetApplication>
-- <Description>
-- <em:id>xpcshell@tests.mozilla.org</em:id>
-- <em:minVersion>1</em:minVersion>
-- <em:maxVersion>1</em:maxVersion>
-- <em:updateLink>http://localhost:4444/addons/test_updateid3_3.xpi</em:updateLink>
-- </Description>
-- </em:targetApplication>
-- </Description>
-- </li>
-- </Seq>
-- </em:updates>
-- </Description>
--
-- <Description about="urn:mozilla:extension:addon3@tests.mozilla.org">
-- <em:updates>
-- <Seq>
-- <li>
-- <Description>
-- <em:version>4.0</em:version>
-- <em:targetApplication>
-- <Description>
-- <em:id>xpcshell@tests.mozilla.org</em:id>
-- <em:minVersion>1</em:minVersion>
-- <em:maxVersion>1</em:maxVersion>
-- <em:updateLink>http://localhost:4444/addons/test_updateid4_4.xpi</em:updateLink>
-- </Description>
-- </em:targetApplication>
-- </Description>
-- </li>
-- </Seq>
-- </em:updates>
-- </Description>
--
-- <Description about="urn:mozilla:extension:addon4@tests.mozilla.org">
-- <em:updates>
-- <Seq>
-- <li>
-- <Description>
-- <em:version>5.0</em:version>
-- <em:targetApplication>
-- <Description>
-- <em:id>xpcshell@tests.mozilla.org</em:id>
-- <em:minVersion>1</em:minVersion>
-- <em:maxVersion>1</em:maxVersion>
-- <em:updateLink>http://localhost:4444/addons/test_updateid2_5.xpi</em:updateLink>
-+ <em:updateLink>http://localhost:4444/addons/test_updateid2.xpi</em:updateLink>
- </Description>
- </em:targetApplication>
- </Description>
- </li>
- </Seq>
- </em:updates>
- </Description>
-
-diff --git a/toolkit/mozapps/extensions/test/xpcshell/test_updateid.js b/toolkit/mozapps/extensions/test/xpcshell/test_updateid.js
---- a/toolkit/mozapps/extensions/test/xpcshell/test_updateid.js
-+++ b/toolkit/mozapps/extensions/test/xpcshell/test_updateid.js
-@@ -2,421 +2,85 @@
- * http://creativecommons.org/publicdomain/zero/1.0/
- */
-
- // This verifies that updating an add-on to a new ID works
-
- // The test extension uses an insecure update url.
- Services.prefs.setBoolPref("extensions.checkUpdateSecurity", false);
-
--Components.utils.import("resource://testing-common/httpd.js");
--var testserver;
- const profileDir = gProfD.clone();
- profileDir.append("extensions");
-
--function resetPrefs() {
-- Services.prefs.setIntPref("bootstraptest.active_version", -1);
-- Services.prefs.setIntPref("bootstraptest.installed_version", -1);
-- Services.prefs.setIntPref("bootstraptest.startup_reason", -1);
-- Services.prefs.setIntPref("bootstraptest.shutdown_reason", -1);
-- Services.prefs.setIntPref("bootstraptest.install_reason", -1);
-- Services.prefs.setIntPref("bootstraptest.uninstall_reason", -1);
--}
--
--function getActiveVersion() {
-- return Services.prefs.getIntPref("bootstraptest.active_version");
--}
--
--function getInstalledVersion() {
-- return Services.prefs.getIntPref("bootstraptest.installed_version");
--}
--
--function run_test() {
-- createAppInfo("xpcshell@tests.mozilla.org", "XPCShell", "1", "1.9.2");
--
-- // Create and configure the HTTP server.
-- testserver = new HttpServer();
-- testserver.registerDirectory("/data/", do_get_file("data"));
-- testserver.registerDirectory("/addons/", do_get_file("addons"));
-- testserver.start(4444);
--
-- do_test_pending();
-- run_test_1();
--}
--
--function end_test() {
-- testserver.stop(do_test_finished);
--}
--
--function installUpdate(aInstall, aCallback) {
-- aInstall.addListener({
-- onInstallEnded: function(aInstall) {
-- // give the startup time to run
-- do_execute_soon(function() {
-- aCallback(aInstall);
-- });
-- }
-- });
--
-- aInstall.install();
--}
--
--// Verify that an update to an add-on with a new ID uninstalls the old add-on
--function run_test_1() {
-- writeInstallRDFForExtension({
-- id: "addon1@tests.mozilla.org",
-- version: "1.0",
-- updateURL: "http://localhost:4444/data/test_updateid.rdf",
-- targetApplications: [{
-- id: "xpcshell@tests.mozilla.org",
-- minVersion: "1",
-- maxVersion: "1"
-- }],
-- name: "Test Addon 1",
-- }, profileDir);
--
-- startupManager();
--
-- AddonManager.getAddonByID("addon1@tests.mozilla.org", function(a1) {
-- do_check_neq(a1, null);
-- do_check_eq(a1.version, "1.0");
-+function promiseInstallUpdate(install) {
-+ return new Promise((resolve, reject) => {
-+ install.addListener({
-+ onDownloadFailed: () => {
-+ let err = new Error("download error");
-+ err.code = install.error;
-+ reject(err);
-+ },
-+ onInstallFailed: () => {
-+ let err = new Error("install error");
-+ err.code = install.error;
-+ reject(err);
-+ },
-+ onInstallEnded: resolve,
-+ });
-
-- a1.findUpdates({
-- onUpdateAvailable: function(addon, install) {
-- do_check_eq(install.name, addon.name);
-- do_check_eq(install.version, "2.0");
-- do_check_eq(install.state, AddonManager.STATE_AVAILABLE);
-- do_check_eq(install.existingAddon, a1);
--
-- installUpdate(install, check_test_1);
-- }
-- }, AddonManager.UPDATE_WHEN_USER_REQUESTED);
-- });
--}
--
--function check_test_1(install) {
-- AddonManager.getAddonByID("addon1@tests.mozilla.org", callback_soon(function(a1) {
-- // Existing add-on should have a pending upgrade
-- do_check_neq(a1.pendingUpgrade, null);
-- do_check_eq(a1.pendingUpgrade.id, "addon2@tests.mozilla.org");
-- do_check_eq(a1.pendingUpgrade.install.existingAddon, a1);
-- do_check_neq(a1.syncGUID);
--
-- let a1SyncGUID = a1.syncGUID;
--
-- restartManager();
--
-- AddonManager.getAddonsByIDs(["addon1@tests.mozilla.org",
-- "addon2@tests.mozilla.org"], function([a1, a2]) {
-- // Should have uninstalled the old and installed the new
-- do_check_eq(a1, null);
-- do_check_neq(a2, null);
-- do_check_neq(a2.syncGUID, null);
--
-- // The Sync GUID should change when the ID changes
-- do_check_neq(a1SyncGUID, a2.syncGUID);
--
-- a2.uninstall();
--
-- do_execute_soon(run_test_2);
-- });
-- }));
--}
--
--// Test that when the new add-on already exists we just upgrade that
--function run_test_2() {
-- restartManager();
-- shutdownManager();
--
-- writeInstallRDFForExtension({
-- id: "addon1@tests.mozilla.org",
-- version: "1.0",
-- updateURL: "http://localhost:4444/data/test_updateid.rdf",
-- targetApplications: [{
-- id: "xpcshell@tests.mozilla.org",
-- minVersion: "1",
-- maxVersion: "1"
-- }],
-- name: "Test Addon 1",
-- }, profileDir);
-- writeInstallRDFForExtension({
-- id: "addon2@tests.mozilla.org",
-- version: "1.0",
-- targetApplications: [{
-- id: "xpcshell@tests.mozilla.org",
-- minVersion: "1",
-- maxVersion: "1"
-- }],
-- name: "Test Addon 2",
-- }, profileDir);
--
-- startupManager();
--
-- AddonManager.getAddonByID("addon1@tests.mozilla.org", function(a1) {
-- do_check_neq(a1, null);
-- do_check_eq(a1.version, "1.0");
--
-- a1.findUpdates({
-- onUpdateAvailable: function(addon, install) {
-- installUpdate(install, check_test_2);
-- }
-- }, AddonManager.UPDATE_WHEN_USER_REQUESTED);
-+ install.install();
- });
- }
-
--function check_test_2(install) {
-- AddonManager.getAddonsByIDs(["addon1@tests.mozilla.org",
-- "addon2@tests.mozilla.org"],
-- callback_soon(function([a1, a2]) {
-- do_check_eq(a1.pendingUpgrade, null);
-- // Existing add-on should have a pending upgrade
-- do_check_neq(a2.pendingUpgrade, null);
-- do_check_eq(a2.pendingUpgrade.id, "addon2@tests.mozilla.org");
-- do_check_eq(a2.pendingUpgrade.install.existingAddon, a2);
--
-- restartManager();
--
-- AddonManager.getAddonsByIDs(["addon1@tests.mozilla.org",
-- "addon2@tests.mozilla.org"], function([a1, a2]) {
-- // Should have uninstalled the old and installed the new
-- do_check_neq(a1, null);
-- do_check_neq(a2, null);
--
-- a1.uninstall();
-- a2.uninstall();
--
-- do_execute_soon(run_test_3);
-- });
-- }));
--}
--
--// Test that we rollback correctly when removing the old add-on fails
--function run_test_3() {
-- restartManager();
-- shutdownManager();
--
-- // This test only works on Windows
-- if (!("nsIWindowsRegKey" in AM_Ci)) {
-- run_test_4();
-- return;
-- }
--
-- writeInstallRDFForExtension({
-- id: "addon1@tests.mozilla.org",
-- version: "1.0",
-- updateURL: "http://localhost:4444/data/test_updateid.rdf",
-- targetApplications: [{
-- id: "xpcshell@tests.mozilla.org",
-- minVersion: "1",
-- maxVersion: "1"
-- }],
-- name: "Test Addon 1",
-- }, profileDir);
--
-- startupManager();
-+// Create and configure the HTTP server.
-+let testserver = createHttpServer(4444);
-+testserver.registerDirectory("/data/", do_get_file("data"));
-+testserver.registerDirectory("/addons/", do_get_file("addons"));
-
-- AddonManager.getAddonByID("addon1@tests.mozilla.org", function(a1) {
-- do_check_neq(a1, null);
-- do_check_eq(a1.version, "1.0");
--
-- a1.findUpdates({
-- onUpdateAvailable: function(addon, install) {
-- installUpdate(install, check_test_3);
-- }
-- }, AddonManager.UPDATE_WHEN_USER_REQUESTED);
-- });
--}
--
--function check_test_3(install) {
-- AddonManager.getAddonByID("addon1@tests.mozilla.org", callback_soon(function(a1) {
-- // Existing add-on should have a pending upgrade
-- do_check_neq(a1.pendingUpgrade, null);
-- do_check_eq(a1.pendingUpgrade.id, "addon2@tests.mozilla.org");
-- do_check_eq(a1.pendingUpgrade.install.existingAddon, a1);
--
-- // Lock the old add-on open so it can't be uninstalled
-- var file = profileDir.clone();
-- file.append("addon1@tests.mozilla.org");
-- if (!file.exists())
-- file.leafName += ".xpi";
-- else
-- file.append("install.rdf");
--
-- var fstream = AM_Cc["@mozilla.org/network/file-output-stream;1"].
-- createInstance(AM_Ci.nsIFileOutputStream);
-- fstream.init(file, FileUtils.MODE_APPEND | FileUtils.MODE_WRONLY, FileUtils.PERMS_FILE, 0);
--
-- restartManager();
--
-- fstream.close();
--
-- AddonManager.getAddonsByIDs(["addon1@tests.mozilla.org",
-- "addon2@tests.mozilla.org"],
-- callback_soon(function([a1, a2]) {
-- // Should not have installed the new add-on but it should still be
-- // pending install
-- do_check_neq(a1, null);
-- do_check_eq(a2, null);
--
-- restartManager();
--
-- AddonManager.getAddonsByIDs(["addon1@tests.mozilla.org",
-- "addon2@tests.mozilla.org"], function([a1, a2]) {
-- // Should have installed the new add-on
-- do_check_eq(a1, null);
-- do_check_neq(a2, null);
--
-- a2.uninstall();
--
-- do_execute_soon(run_test_4);
-- });
-- }));
-- }));
-+function run_test() {
-+ createAppInfo("xpcshell@tests.mozilla.org", "XPCShell", "1", "1.9.2");
-+ startupManager();
-+ run_next_test();
- }
-
--// Tests that upgrading to a bootstrapped add-on works but requires a restart
--function run_test_4() {
-- restartManager();
-- shutdownManager();
--
-- writeInstallRDFForExtension({
-- id: "addon2@tests.mozilla.org",
-- version: "2.0",
-- updateURL: "http://localhost:4444/data/test_updateid.rdf",
-- targetApplications: [{
-- id: "xpcshell@tests.mozilla.org",
-- minVersion: "1",
-- maxVersion: "1"
-- }],
-- name: "Test Addon 2",
-- }, profileDir);
--
-- startupManager();
--
-- resetPrefs();
--
-- AddonManager.getAddonByID("addon2@tests.mozilla.org", function(a2) {
-- do_check_neq(a2, null);
-- do_check_neq(a2.syncGUID, null);
-- do_check_eq(a2.version, "2.0");
--
-- a2.findUpdates({
-- onUpdateAvailable: function(addon, install) {
-- installUpdate(install, check_test_4);
-- }
-- }, AddonManager.UPDATE_WHEN_USER_REQUESTED);
-- });
--}
--
--function check_test_4() {
-- AddonManager.getAddonsByIDs(["addon2@tests.mozilla.org",
-- "addon3@tests.mozilla.org"],
-- callback_soon(function([a2, a3]) {
-- // Should still be pending install even though the new add-on is restartless
-- do_check_neq(a2, null);
-- do_check_eq(a3, null);
--
-- do_check_neq(a2.pendingUpgrade, null);
-- do_check_eq(a2.pendingUpgrade.id, "addon3@tests.mozilla.org");
--
-- do_check_eq(getInstalledVersion(), -1);
-- do_check_eq(getActiveVersion(), -1);
--
-- restartManager();
--
-- AddonManager.getAddonsByIDs(["addon2@tests.mozilla.org",
-- "addon3@tests.mozilla.org"], function([a2, a3]) {
-- // Should have updated
-- do_check_eq(a2, null);
-- do_check_neq(a3, null);
--
-- do_check_eq(getInstalledVersion(), 3);
-- do_check_eq(getActiveVersion(), 3);
--
-- do_execute_soon(run_test_5);
-- });
-- }));
--}
--
--// Tests that upgrading to another bootstrapped add-on works without a restart
--function run_test_5() {
-- AddonManager.getAddonByID("addon3@tests.mozilla.org", function(a3) {
-- do_check_neq(a3, null);
-- do_check_eq(a3.version, "3.0");
-+// Verify that an update to an add-on with a new ID fails
-+add_task(function* test_update_new_id() {
-+ yield promiseInstallAllFiles([do_get_addon("test_updateid1")]);
-
-- a3.findUpdates({
-- onUpdateAvailable: function(addon, install) {
-- installUpdate(install, check_test_5);
-- }
-- }, AddonManager.UPDATE_WHEN_USER_REQUESTED);
-- });
--}
--
--function check_test_5() {
-- AddonManager.getAddonsByIDs(["addon3@tests.mozilla.org",
-- "addon4@tests.mozilla.org"],
-- callback_soon(function([a3, a4]) {
-- // Should have updated
-- do_check_eq(a3, null);
-- do_check_neq(a4, null);
--
-- do_check_eq(getInstalledVersion(), 4);
-- do_check_eq(getActiveVersion(), 4);
--
-- restartManager();
--
-- AddonManager.getAddonsByIDs(["addon3@tests.mozilla.org",
-- "addon4@tests.mozilla.org"], function([a3, a4]) {
-- // Should still be gone
-- do_check_eq(a3, null);
-- do_check_neq(a4, null);
--
-- do_check_eq(getInstalledVersion(), 4);
-- do_check_eq(getActiveVersion(), 4);
--
-- run_test_6();
-- });
-- }));
--}
-+ let addon = yield promiseAddonByID("addon1@tests.mozilla.org");
-+ do_check_neq(addon, null);
-+ do_check_eq(addon.version, "1.0");
-
--// Tests that upgrading to a non-bootstrapped add-on works but requires a restart
--function run_test_6() {
-- AddonManager.getAddonByID("addon4@tests.mozilla.org", function(a4) {
-- do_check_neq(a4, null);
-- do_check_eq(a4.version, "4.0");
--
-- a4.findUpdates({
-- onUpdateAvailable: function(addon, install) {
-- installUpdate(install, check_test_6);
-- }
-- }, AddonManager.UPDATE_WHEN_USER_REQUESTED);
-- });
--}
-+ let update = yield promiseFindAddonUpdates(addon, AddonManager.UPDATE_WHEN_USER_REQUESTED);
-+ let install = update.updateAvailable;
-+ do_check_eq(install.name, addon.name);
-+ do_check_eq(install.version, "2.0");
-+ do_check_eq(install.state, AddonManager.STATE_AVAILABLE);
-+ do_check_eq(install.existingAddon, addon);
-
--function check_test_6() {
-- AddonManager.getAddonsByIDs(["addon4@tests.mozilla.org",
-- "addon2@tests.mozilla.org"],
-- callback_soon(function([a4, a2]) {
-- // Should still be pending install even though the old add-on is restartless
-- do_check_neq(a4, null);
-- do_check_eq(a2, null);
--
-- do_check_neq(a4.pendingUpgrade, null);
-- do_check_eq(a4.pendingUpgrade.id, "addon2@tests.mozilla.org");
--
-- do_check_eq(getInstalledVersion(), 4);
-- do_check_eq(getActiveVersion(), 4);
-+ yield Assert.rejects(promiseInstallUpdate(install),
-+ function(err) { return err.code == AddonManager.ERROR_INCORRECT_ID },
-+ "Upgrade to a different ID fails");
-
-- restartManager();
-+ addon.uninstall();
-+});
-
-- AddonManager.getAddonsByIDs(["addon4@tests.mozilla.org",
-- "addon2@tests.mozilla.org"], function([a4, a2]) {
-- // Should have updated
-- do_check_eq(a4, null);
-- do_check_neq(a2, null);
-+// Verify that an update to a multi-package xpi fails
-+add_task(function* test_update_new_id() {
-+ yield promiseInstallAllFiles([do_get_addon("test_update_multi1")]);
-
-- do_check_eq(getInstalledVersion(), 0);
-- do_check_eq(getActiveVersion(), 0);
-+ let addon = yield promiseAddonByID("updatemulti@tests.mozilla.org");
-+ do_check_neq(addon, null);
-+ do_check_eq(addon.version, "1.0");
-
-- end_test();
-- });
-- }));
--}
-+ let update = yield promiseFindAddonUpdates(addon, AddonManager.UPDATE_WHEN_USER_REQUESTED);
-+ let install = update.updateAvailable;
-+ do_check_eq(install.name, addon.name);
-+ do_check_eq(install.version, "2.0");
-+ do_check_eq(install.state, AddonManager.STATE_AVAILABLE);
-+ do_check_eq(install.existingAddon, addon);
-+
-+ yield Assert.rejects(promiseInstallUpdate(install),
-+ function(err) { return err.code == AddonManager.ERROR_UNEXPECTED_ADDON_TYPE },
-+ "Upgrade to a multipackage xpi fails");
-+
-+ addon.uninstall();
-+});
-
diff --git a/gnu/packages/patches/inkscape-drop-wait-for-targets.patch b/gnu/packages/patches/inkscape-drop-wait-for-targets.patch
deleted file mode 100644
index 3dbe6641e2..0000000000
--- a/gnu/packages/patches/inkscape-drop-wait-for-targets.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-Copied from Fedora.
-
-http://pkgs.fedoraproject.org/cgit/rpms/inkscape.git/plain/inkscape-0.91-drop-wait-for-targets.patch?id=eb5340800b563d6b05aa5f11a2f24f2cc0d8c80e
-
-=== modified file 'src/ui/clipboard.cpp'
---- src/ui/clipboard.cpp 2016-04-02 15:15:43 +0000
-+++ src/ui/clipboard.cpp 2016-04-07 16:30:32 +0000
-@@ -146,8 +146,6 @@
- void _setClipboardColor(guint32);
- void _userWarn(SPDesktop *, char const *);
-
-- void _inkscape_wait_for_targets(std::list<Glib::ustring> &);
--
- // private properites
- SPDocument *_clipboardSPDoc; ///< Document that stores the clipboard until someone requests it
- Inkscape::XML::Node *_defs; ///< Reference to the clipboard document's defs node
-@@ -1302,9 +1300,7 @@
- */
- Glib::ustring ClipboardManagerImpl::_getBestTarget()
- {
-- // GTKmm's wait_for_targets() is broken, see the comment in _inkscape_wait_for_targets()
-- std::list<Glib::ustring> targets; // = _clipboard->wait_for_targets();
-- _inkscape_wait_for_targets(targets);
-+ std::list<Glib::ustring> targets = _clipboard->wait_for_targets();
-
- // clipboard target debugging snippet
- /*
-@@ -1456,39 +1452,6 @@
- desktop->messageStack()->flash(Inkscape::WARNING_MESSAGE, msg);
- }
-
--
--// GTKMM's clipboard::wait_for_targets is buggy and might return bogus, see
--//
--// https://bugs.launchpad.net/inkscape/+bug/296778
--// http://mail.gnome.org/archives/gtk-devel-list/2009-June/msg00062.html
--//
--// for details. Until this has been fixed upstream we will use our own implementation
--// of this method, as copied from /gtkmm-2.16.0/gtk/gtkmm/clipboard.cc.
--void ClipboardManagerImpl::_inkscape_wait_for_targets(std::list<Glib::ustring> &listTargets)
--{
-- //Get a newly-allocated array of atoms:
-- GdkAtom* targets = NULL;
-- gint n_targets = 0;
-- gboolean test = gtk_clipboard_wait_for_targets( gtk_clipboard_get(GDK_SELECTION_CLIPBOARD), &targets, &n_targets );
-- if (!test || (targets == NULL)) {
-- return;
-- }
--
-- //Add the targets to the C++ container:
-- for (int i = 0; i < n_targets; i++)
-- {
-- //Convert the atom to a string:
-- gchar* const atom_name = gdk_atom_name(targets[i]);
--
-- Glib::ustring target;
-- if (atom_name) {
-- target = Glib::ScopedPtr<char>(atom_name).get(); //This frees the gchar*.
-- }
--
-- listTargets.push_back(target);
-- }
--}
--
- /* #######################################
- ClipboardManager class
- ####################################### */
-
diff --git a/gnu/packages/patches/kdbusaddons-kinit-file-name.patch b/gnu/packages/patches/kdbusaddons-kinit-file-name.patch
new file mode 100644
index 0000000000..ffed88e043
--- /dev/null
+++ b/gnu/packages/patches/kdbusaddons-kinit-file-name.patch
@@ -0,0 +1,15 @@
+Add placeholder for kinit's store file name.
+
+diff --git a/src/kdeinitinterface.cpp b/src/kdeinitinterface.cpp
+index 22fa5e5..3d40937 100644
+--- a/src/kdeinitinterface.cpp
++++ b/src/kdeinitinterface.cpp
+@@ -52,7 +52,7 @@ void KDEInitInterface::ensureKdeinitRunning()
+ // If not found in system paths, search other paths
+ if (srv.isEmpty()) {
+ const QStringList searchPaths = QStringList()
+- << QCoreApplication::applicationDirPath() // then look where our application binary is located
++ << QString::fromUtf8("@SUBSTITUTEME@/bin") // using QStringLiteral would be more efficient, but breaks guix store reference detection.
+ << QLibraryInfo::location(QLibraryInfo::BinariesPath); // look where exec path is (can be set in qt.conf)
+ srv = QStandardPaths::findExecutable(QStringLiteral("kdeinit5"), searchPaths);
+ if (srv.isEmpty()) {
diff --git a/gnu/packages/patches/khal-disable-failing-tests.patch b/gnu/packages/patches/khal-disable-failing-tests.patch
new file mode 100644
index 0000000000..e2c65df8ce
--- /dev/null
+++ b/gnu/packages/patches/khal-disable-failing-tests.patch
@@ -0,0 +1,33 @@
+Disable some tests that are known to fail:
+
+https://github.com/pimutils/khal/issues/546
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844081
+
+diff --git a/tests/khalendar_test.py b/tests/khalendar_test.py
+index fd8dcc6..17732bf 100644
+--- a/tests/khalendar_test.py
++++ b/tests/khalendar_test.py
+@@ -65,6 +65,7 @@ class TestCalendar(object):
+ else:
+ mtimes[cal] = mtime
+
++ @pytest.mark.xfail
+ def test_db_needs_update(self, coll_vdirs):
+ coll, vdirs = coll_vdirs
+
+@@ -321,6 +322,7 @@ class TestDbCreation(object):
+ CalendarCollection(calendars, dbpath=dbpath, locale=aux.locale)
+
+
++@pytest.mark.xfail
+ def test_default_calendar(coll_vdirs):
+ """test if an update to the vdir is detected by the CalendarCollection"""
+ coll, vdirs = coll_vdirs
+@@ -341,6 +343,7 @@ def test_default_calendar(coll_vdirs):
+ assert len(list(coll.get_events_on(today))) == 0
+
+
++@pytest.mark.xfail
+ def test_only_update_old_event(coll_vdirs, monkeypatch):
+ coll, vdirs = coll_vdirs
+
diff --git a/gnu/packages/patches/libepoxy-gl-null-checks.patch b/gnu/packages/patches/libepoxy-gl-null-checks.patch
new file mode 100644
index 0000000000..bdc4b05989
--- /dev/null
+++ b/gnu/packages/patches/libepoxy-gl-null-checks.patch
@@ -0,0 +1,54 @@
+This patch from <https://bugzilla.redhat.com/show_bug.cgi?id=1395366> adds NULL
+checks to avoid crashes when GL support is missing, as is the case when running
+Xvfb.
+
+Upstream issue: <https://github.com/anholt/libepoxy/issues/72>.
+
+diff -ur libepoxy-1.3.1/src/dispatch_common.c libepoxy-1.3.1/src/dispatch_common.c
+--- libepoxy-1.3.1/src/dispatch_common.c 2015-07-15 19:46:36.000000000 -0400
++++ libepoxy-1.3.1/src/dispatch_common.c 2016-11-16 09:03:52.809066247 -0500
+@@ -348,6 +348,8 @@
+ epoxy_extension_in_string(const char *extension_list, const char *ext)
+ {
+ const char *ptr = extension_list;
++ if (! ptr) return false;
++ if (! ext) return false;
+ int len = strlen(ext);
+
+ /* Make sure that don't just find an extension with our name as a prefix. */
+@@ -380,6 +382,7 @@
+
+ for (i = 0; i < num_extensions; i++) {
+ const char *gl_ext = (const char *)glGetStringi(GL_EXTENSIONS, i);
++ if (! gl_ext) return false;
+ if (strcmp(ext, gl_ext) == 0)
+ return true;
+ }
+diff -ur libepoxy-1.3.1/src/dispatch_egl.c libepoxy-1.3.1/src/dispatch_egl.c
+--- libepoxy-1.3.1/src/dispatch_egl.c 2015-07-15 19:46:36.000000000 -0400
++++ libepoxy-1.3.1/src/dispatch_egl.c 2016-11-16 08:40:34.069358709 -0500
+@@ -46,6 +46,7 @@
+ int ret;
+
+ version_string = eglQueryString(dpy, EGL_VERSION);
++ if (! version_string) return 0;
+ ret = sscanf(version_string, "%d.%d", &major, &minor);
+ assert(ret == 2);
+ return major * 10 + minor;
+diff -ur libepoxy-1.3.1/src/dispatch_glx.c libepoxy-1.3.1/src/dispatch_glx.c
+--- libepoxy-1.3.1/src/dispatch_glx.c 2015-07-15 19:46:36.000000000 -0400
++++ libepoxy-1.3.1/src/dispatch_glx.c 2016-11-16 08:41:03.065730370 -0500
+@@ -57,11 +57,13 @@
+ int ret;
+
+ version_string = glXQueryServerString(dpy, screen, GLX_VERSION);
++ if (! version_string) return 0;
+ ret = sscanf(version_string, "%d.%d", &server_major, &server_minor);
+ assert(ret == 2);
+ server = server_major * 10 + server_minor;
+
+ version_string = glXGetClientString(dpy, GLX_VERSION);
++ if (! version_string) return 0;
+ ret = sscanf(version_string, "%d.%d", &client_major, &client_minor);
+ assert(ret == 2);
+ client = client_major * 10 + client_minor;
diff --git a/gnu/packages/patches/libpng-CVE-2016-10087.patch b/gnu/packages/patches/libpng-CVE-2016-10087.patch
new file mode 100644
index 0000000000..8093b3e448
--- /dev/null
+++ b/gnu/packages/patches/libpng-CVE-2016-10087.patch
@@ -0,0 +1,37 @@
+Fix CVE-2016-10087, a null pointer dereference in png_set_text_2():
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087
+http://seclists.org/oss-sec/2016/q4/777
+
+Patch adapted from upstream source repository:
+
+https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/
+
+From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001
+From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
+Date: Thu, 29 Dec 2016 07:51:33 -0600
+Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in
+ png_set_text_2()
+
+(bug report and patch by Patrick Keshishian).
+---
+ ANNOUNCE | 2 ++
+ CHANGES | 2 ++
+ png.c | 1 +
+ 3 files changed, 5 insertions(+)
+
+diff --git a/png.c b/png.c
+index 8afc28fc2..2e05de159 100644
+--- a/png.c
++++ b/png.c
+@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask,
+ png_free(png_ptr, info_ptr->text);
+ info_ptr->text = NULL;
+ info_ptr->num_text = 0;
++ info_ptr->max_text = 0;
+ }
+ }
+ #endif
+--
+2.11.0
+
diff --git a/gnu/packages/patches/libupnp-CVE-2016-8863.patch b/gnu/packages/patches/libupnp-CVE-2016-8863.patch
new file mode 100644
index 0000000000..9978b39487
--- /dev/null
+++ b/gnu/packages/patches/libupnp-CVE-2016-8863.patch
@@ -0,0 +1,72 @@
+Fix CVE-2016-8863:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863
+https://sourceforge.net/p/pupnp/bugs/133/
+
+Patch copied from upstream source repository:
+
+https://sourceforge.net/p/pupnp/code/ci/9c099c2923ab4d98530ab5204af1738be5bddba7/
+
+From 9c099c2923ab4d98530ab5204af1738be5bddba7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <ukleinek@debian.org>
+Date: Thu, 8 Dec 2016 17:11:53 +0100
+Subject: [PATCH] Fix out-of-bound access in create_url_list() (CVE-2016-8863)
+
+If there is an invalid URL in URLS->buf after a valid one, uri_parse is
+called with out pointing after the allocated memory. As uri_parse writes
+to *out before returning an error the loop in create_url_list must be
+stopped early to prevent an out-of-bound access
+
+Bug: https://sourceforge.net/p/pupnp/bugs/133/
+Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863
+Bug-Debian: https://bugs.debian.org/842093
+Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=1388771
+(cherry picked from commit a0f6e719bc03c4d2fe6a4a42ef6b8761446f520b)
+---
+ upnp/src/gena/gena_device.c | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/upnp/src/gena/gena_device.c b/upnp/src/gena/gena_device.c
+index fb04a29..245c56b 100644
+--- a/upnp/src/gena/gena_device.c
++++ b/upnp/src/gena/gena_device.c
+@@ -1113,7 +1113,7 @@ static int create_url_list(
+ /*! [out] . */
+ URL_list *out)
+ {
+- size_t URLcount = 0;
++ size_t URLcount = 0, URLcount2 = 0;
+ size_t i;
+ int return_code = 0;
+ uri_type temp;
+@@ -1155,16 +1155,23 @@ static int create_url_list(
+ }
+ memcpy( out->URLs, URLS->buff, URLS->size );
+ out->URLs[URLS->size] = 0;
+- URLcount = 0;
+ for( i = 0; i < URLS->size; i++ ) {
+ if( ( URLS->buff[i] == '<' ) && ( i + 1 < URLS->size ) ) {
+ if( ( ( return_code =
+ parse_uri( &out->URLs[i + 1], URLS->size - i + 1,
+- &out->parsedURLs[URLcount] ) ) ==
++ &out->parsedURLs[URLcount2] ) ) ==
+ HTTP_SUCCESS )
+- && ( out->parsedURLs[URLcount].hostport.text.size !=
++ && ( out->parsedURLs[URLcount2].hostport.text.size !=
+ 0 ) ) {
+- URLcount++;
++ URLcount2++;
++ if (URLcount2 >= URLcount)
++ /*
++ * break early here in case there is a bogus URL that
++ * was skipped above. This prevents to access
++ * out->parsedURLs[URLcount] which is beyond the
++ * allocation.
++ */
++ break;
+ } else {
+ if( return_code == UPNP_E_OUTOF_MEMORY ) {
+ free( out->URLs );
+--
+2.11.0
+
diff --git a/gnu/packages/patches/libxml2-CVE-2016-4658.patch b/gnu/packages/patches/libxml2-CVE-2016-4658.patch
new file mode 100644
index 0000000000..a4e1f31fae
--- /dev/null
+++ b/gnu/packages/patches/libxml2-CVE-2016-4658.patch
@@ -0,0 +1,257 @@
+Fix CVE-2016-4658:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
+
+From c1d1f7121194036608bf555f08d3062a36fd344b Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 28 Jun 2016 18:34:52 +0200
+Subject: [PATCH] Disallow namespace nodes in XPointer ranges
+
+Namespace nodes must be copied to avoid use-after-free errors.
+But they don't necessarily have a physical representation in a
+document, so simply disallow them in XPointer ranges.
+
+Found with afl-fuzz.
+
+Fixes CVE-2016-4658.
+---
+ xpointer.c | 149 +++++++++++++++++++++++--------------------------------------
+ 1 file changed, 56 insertions(+), 93 deletions(-)
+
+diff --git a/xpointer.c b/xpointer.c
+index a7b03fbd..694d120e 100644
+--- a/xpointer.c
++++ b/xpointer.c
+@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
+ }
+
+ /**
++ * xmlXPtrNewRangeInternal:
++ * @start: the starting node
++ * @startindex: the start index
++ * @end: the ending point
++ * @endindex: the ending index
++ *
++ * Internal function to create a new xmlXPathObjectPtr of type range
++ *
++ * Returns the newly created object.
++ */
++static xmlXPathObjectPtr
++xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
++ xmlNodePtr end, int endindex) {
++ xmlXPathObjectPtr ret;
++
++ /*
++ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
++ * Disallow them for now.
++ */
++ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
++ return(NULL);
++ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
++ return(NULL);
++
++ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
++ if (ret == NULL) {
++ xmlXPtrErrMemory("allocating range");
++ return(NULL);
++ }
++ memset(ret, 0, sizeof(xmlXPathObject));
++ ret->type = XPATH_RANGE;
++ ret->user = start;
++ ret->index = startindex;
++ ret->user2 = end;
++ ret->index2 = endindex;
++ return(ret);
++}
++
++/**
+ * xmlXPtrNewRange:
+ * @start: the starting node
+ * @startindex: the start index
+@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
+ if (endindex < 0)
+ return(NULL);
+
+- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+- if (ret == NULL) {
+- xmlXPtrErrMemory("allocating range");
+- return(NULL);
+- }
+- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+- ret->type = XPATH_RANGE;
+- ret->user = start;
+- ret->index = startindex;
+- ret->user2 = end;
+- ret->index2 = endindex;
++ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
+ xmlXPtrRangeCheckOrder(ret);
+ return(ret);
+ }
+@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
+ if (end->type != XPATH_POINT)
+ return(NULL);
+
+- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+- if (ret == NULL) {
+- xmlXPtrErrMemory("allocating range");
+- return(NULL);
+- }
+- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+- ret->type = XPATH_RANGE;
+- ret->user = start->user;
+- ret->index = start->index;
+- ret->user2 = end->user;
+- ret->index2 = end->index;
++ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
++ end->index);
+ xmlXPtrRangeCheckOrder(ret);
+ return(ret);
+ }
+@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
+ if (start->type != XPATH_POINT)
+ return(NULL);
+
+- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+- if (ret == NULL) {
+- xmlXPtrErrMemory("allocating range");
+- return(NULL);
+- }
+- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+- ret->type = XPATH_RANGE;
+- ret->user = start->user;
+- ret->index = start->index;
+- ret->user2 = end;
+- ret->index2 = -1;
++ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
+ xmlXPtrRangeCheckOrder(ret);
+ return(ret);
+ }
+@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
+ if (end->type != XPATH_POINT)
+ return(NULL);
+
+- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+- if (ret == NULL) {
+- xmlXPtrErrMemory("allocating range");
+- return(NULL);
+- }
+- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+- ret->type = XPATH_RANGE;
+- ret->user = start;
+- ret->index = -1;
+- ret->user2 = end->user;
+- ret->index2 = end->index;
++ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
+ xmlXPtrRangeCheckOrder(ret);
+ return(ret);
+ }
+@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
+ if (end == NULL)
+ return(NULL);
+
+- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+- if (ret == NULL) {
+- xmlXPtrErrMemory("allocating range");
+- return(NULL);
+- }
+- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+- ret->type = XPATH_RANGE;
+- ret->user = start;
+- ret->index = -1;
+- ret->user2 = end;
+- ret->index2 = -1;
++ ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
+ xmlXPtrRangeCheckOrder(ret);
+ return(ret);
+ }
+@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
+ if (start == NULL)
+ return(NULL);
+
+- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+- if (ret == NULL) {
+- xmlXPtrErrMemory("allocating range");
+- return(NULL);
+- }
+- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+- ret->type = XPATH_RANGE;
+- ret->user = start;
+- ret->index = -1;
+- ret->user2 = NULL;
+- ret->index2 = -1;
++ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
+ return(ret);
+ }
+
+@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
+ */
+ xmlXPathObjectPtr
+ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
++ xmlNodePtr endNode;
++ int endIndex;
+ xmlXPathObjectPtr ret;
+
+ if (start == NULL)
+@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
+ return(NULL);
+ switch (end->type) {
+ case XPATH_POINT:
++ endNode = end->user;
++ endIndex = end->index;
++ break;
+ case XPATH_RANGE:
++ endNode = end->user2;
++ endIndex = end->index2;
+ break;
+ case XPATH_NODESET:
+ /*
+@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
+ */
+ if (end->nodesetval->nodeNr <= 0)
+ return(NULL);
++ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
++ endIndex = -1;
+ break;
+ default:
+ /* TODO */
+ return(NULL);
+ }
+
+- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
+- if (ret == NULL) {
+- xmlXPtrErrMemory("allocating range");
+- return(NULL);
+- }
+- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
+- ret->type = XPATH_RANGE;
+- ret->user = start;
+- ret->index = -1;
+- switch (end->type) {
+- case XPATH_POINT:
+- ret->user2 = end->user;
+- ret->index2 = end->index;
+- break;
+- case XPATH_RANGE:
+- ret->user2 = end->user2;
+- ret->index2 = end->index2;
+- break;
+- case XPATH_NODESET: {
+- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
+- ret->index2 = -1;
+- break;
+- }
+- default:
+- STRANGE
+- return(NULL);
+- }
++ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
+ xmlXPtrRangeCheckOrder(ret);
+ return(ret);
+ }
+--
+2.11.0
+
diff --git a/gnu/packages/patches/libxml2-CVE-2016-5131.patch b/gnu/packages/patches/libxml2-CVE-2016-5131.patch
new file mode 100644
index 0000000000..38938c8e3e
--- /dev/null
+++ b/gnu/packages/patches/libxml2-CVE-2016-5131.patch
@@ -0,0 +1,218 @@
+Fix CVE-2016-5131:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131
+
+Patches copied from upstream source repository (the test suite fails
+without the 2nd patch):
+
+https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
+https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8
+
+From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 28 Jun 2016 14:22:23 +0200
+Subject: [PATCH] Fix XPointer paths beginning with range-to
+
+The old code would invoke the broken xmlXPtrRangeToFunction. range-to
+isn't really a function but a special kind of location step. Remove
+this function and always handle range-to in the XPath code.
+
+The old xmlXPtrRangeToFunction could also be abused to trigger a
+use-after-free error with the potential for remote code execution.
+
+Found with afl-fuzz.
+
+Fixes CVE-2016-5131.
+---
+ result/XPath/xptr/vidbase | 13 ++++++++
+ test/XPath/xptr/vidbase | 1 +
+ xpath.c | 7 ++++-
+ xpointer.c | 76 ++++-------------------------------------------
+ 4 files changed, 26 insertions(+), 71 deletions(-)
+
+diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
+index 8b9e92d6..f19193e7 100644
+--- a/result/XPath/xptr/vidbase
++++ b/result/XPath/xptr/vidbase
+@@ -17,3 +17,16 @@ Object is a Location Set:
+ To node
+ ELEMENT p
+
++
++========================
++Expression: xpointer(range-to(id('chapter2')))
++Object is a Location Set:
++1 : Object is a range :
++ From node
++ /
++ To node
++ ELEMENT chapter
++ ATTRIBUTE id
++ TEXT
++ content=chapter2
++
+diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
+index b1463830..884b1065 100644
+--- a/test/XPath/xptr/vidbase
++++ b/test/XPath/xptr/vidbase
+@@ -1,2 +1,3 @@
+ xpointer(id('chapter1')/p)
+ xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
++xpointer(range-to(id('chapter2')))
+diff --git a/xpath.c b/xpath.c
+index d992841e..5a01b1b3 100644
+--- a/xpath.c
++++ b/xpath.c
+@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
+ lc = 1;
+ break;
+ } else if ((NXT(len) == '(')) {
+- /* Note Type or Function */
++ /* Node Type or Function */
+ if (xmlXPathIsNodeType(name)) {
+ #ifdef DEBUG_STEP
+ xmlGenericError(xmlGenericErrorContext,
+ "PathExpr: Type search\n");
+ #endif
+ lc = 1;
++#ifdef LIBXML_XPTR_ENABLED
++ } else if (ctxt->xptr &&
++ xmlStrEqual(name, BAD_CAST "range-to")) {
++ lc = 1;
++#endif
+ } else {
+ #ifdef DEBUG_STEP
+ xmlGenericError(xmlGenericErrorContext,
+diff --git a/xpointer.c b/xpointer.c
+index 676c5105..d74174a3 100644
+--- a/xpointer.c
++++ b/xpointer.c
+@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
+ ret->here = here;
+ ret->origin = origin;
+
+- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
+- xmlXPtrRangeToFunction);
+ xmlXPathRegisterFunc(ret, (xmlChar *)"range",
+ xmlXPtrRangeFunction);
+ xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
+@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
+ * @nargs: the number of args
+ *
+ * Implement the range-to() XPointer function
++ *
++ * Obsolete. range-to is not a real function but a special type of location
++ * step which is handled in xpath.c.
+ */
+ void
+-xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
+- xmlXPathObjectPtr range;
+- const xmlChar *cur;
+- xmlXPathObjectPtr res, obj;
+- xmlXPathObjectPtr tmp;
+- xmlLocationSetPtr newset = NULL;
+- xmlNodeSetPtr oldset;
+- int i;
+-
+- if (ctxt == NULL) return;
+- CHECK_ARITY(1);
+- /*
+- * Save the expression pointer since we will have to evaluate
+- * it multiple times. Initialize the new set.
+- */
+- CHECK_TYPE(XPATH_NODESET);
+- obj = valuePop(ctxt);
+- oldset = obj->nodesetval;
+- ctxt->context->node = NULL;
+-
+- cur = ctxt->cur;
+- newset = xmlXPtrLocationSetCreate(NULL);
+-
+- for (i = 0; i < oldset->nodeNr; i++) {
+- ctxt->cur = cur;
+-
+- /*
+- * Run the evaluation with a node list made of a single item
+- * in the nodeset.
+- */
+- ctxt->context->node = oldset->nodeTab[i];
+- tmp = xmlXPathNewNodeSet(ctxt->context->node);
+- valuePush(ctxt, tmp);
+-
+- xmlXPathEvalExpr(ctxt);
+- CHECK_ERROR;
+-
+- /*
+- * The result of the evaluation need to be tested to
+- * decided whether the filter succeeded or not
+- */
+- res = valuePop(ctxt);
+- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
+- if (range != NULL) {
+- xmlXPtrLocationSetAdd(newset, range);
+- }
+-
+- /*
+- * Cleanup
+- */
+- if (res != NULL)
+- xmlXPathFreeObject(res);
+- if (ctxt->value == tmp) {
+- res = valuePop(ctxt);
+- xmlXPathFreeObject(res);
+- }
+-
+- ctxt->context->node = NULL;
+- }
+-
+- /*
+- * The result is used as the new evaluation set.
+- */
+- xmlXPathFreeObject(obj);
+- ctxt->context->node = NULL;
+- ctxt->context->contextSize = -1;
+- ctxt->context->proximityPosition = -1;
+- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
++xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
++ int nargs ATTRIBUTE_UNUSED) {
++ XP_ERROR(XPATH_EXPR_ERROR);
+ }
+
+ /**
+--
+2.11.0
+
+From a005199330b86dada19d162cae15ef9bdcb6baa8 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 28 Jun 2016 14:19:58 +0200
+Subject: [PATCH] Fix comparison with root node in xmlXPathCmpNodes
+
+This change has already been made in xmlXPathCmpNodesExt but not in
+xmlXPathCmpNodes.
+---
+ xpath.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/xpath.c b/xpath.c
+index 751665b8..d992841e 100644
+--- a/xpath.c
++++ b/xpath.c
+@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) {
+ * compute depth to root
+ */
+ for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) {
+- if (cur == node1)
++ if (cur->parent == node1)
+ return(1);
+ depth2++;
+ }
+ root = cur;
+ for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) {
+- if (cur == node2)
++ if (cur->parent == node2)
+ return(-1);
+ depth1++;
+ }
+--
+2.11.0
+
diff --git a/gnu/packages/patches/mcrypt-CVE-2012-4409.patch b/gnu/packages/patches/mcrypt-CVE-2012-4409.patch
index 60cf8e0430..3089f962f7 100644
--- a/gnu/packages/patches/mcrypt-CVE-2012-4409.patch
+++ b/gnu/packages/patches/mcrypt-CVE-2012-4409.patch
@@ -3,30 +3,17 @@ From: Tom Callaway <spot@fedoraproject.org>
Date: Fri, 7 Sep 2012 11:39:29 -0400
Subject: apply fix for CVE-2012-4409 (thanks to Raphael Geissert)
----
- mcrypt-CVE-2012-4409.patch | 12 ++++++++++++
- mcrypt.spec | 10 +++++++++-
- 2 files changed, 21 insertions(+), 1 deletion(-)
- create mode 100644 mcrypt-CVE-2012-4409.patch
-
-diff --git a/mcrypt-CVE-2012-4409.patch b/mcrypt-CVE-2012-4409.patch
-new file mode 100644
-index 0000000..747f428
---- /dev/null
-+++ b/mcrypt-CVE-2012-4409.patch
-@@ -0,0 +1,12 @@
-+diff -up mcrypt-2.6.8/src/extra.c.CVE-2012-4409 mcrypt-2.6.8/src/extra.c
-+--- mcrypt-2.6.8/src/extra.c.CVE-2012-4409 2012-09-07 11:00:55.906870746 -0400
-++++ mcrypt-2.6.8/src/extra.c 2012-09-07 11:00:27.967858365 -0400
-+@@ -242,6 +242,8 @@ int check_file_head(FILE * fstream, char
-+ if (m_getbit(0, sflag) != 0) { /* if the first bit is set */
-+ *salt_size = m_setbit(0, sflag, 0);
-+ if (*salt_size > 0) {
-++ if (*salt_size > sizeof(tmp_buf))
-++ err_quit(_("Salt is too long\n"));
-+ fread(tmp_buf, 1, *salt_size,
-+ fstream);
-+ memmove(salt, tmp_buf, *salt_size);
+--- mcrypt-2.6.8/src/extra.c.CVE-2012-4409 2012-09-07 11:00:55.906870746 -0400
++++ mcrypt-2.6.8/src/extra.c 2012-09-07 11:00:27.967858365 -0400
+@@ -242,6 +242,8 @@ int check_file_head(FILE * fstream, char
+ if (m_getbit(0, sflag) != 0) { /* if the first bit is set */
+ *salt_size = m_setbit(0, sflag, 0);
+ if (*salt_size > 0) {
++ if (*salt_size > sizeof(tmp_buf))
++ err_quit(_("Salt is too long\n"));
+ fread(tmp_buf, 1, *salt_size,
+ fstream);
+ memmove(salt, tmp_buf, *salt_size);
--
cgit v0.12
diff --git a/gnu/packages/patches/mcrypt-CVE-2012-4527.patch b/gnu/packages/patches/mcrypt-CVE-2012-4527.patch
index d931dd174b..dfbf048583 100644
--- a/gnu/packages/patches/mcrypt-CVE-2012-4527.patch
+++ b/gnu/packages/patches/mcrypt-CVE-2012-4527.patch
@@ -3,109 +3,97 @@ From: Tom Callaway <spot@fedoraproject.org>
Date: Tue, 30 Oct 2012 15:39:24 -0400
Subject: apply workaround to CVE-2012-4527
----
- mcrypt-CVE-2012-4527-80-width-patch | 91 +++++++++++++++++++++++++++++++++++++
- mcrypt.spec | 10 +++-
- 2 files changed, 100 insertions(+), 1 deletion(-)
- create mode 100644 mcrypt-CVE-2012-4527-80-width-patch
-
-diff --git a/mcrypt-CVE-2012-4527-80-width-patch b/mcrypt-CVE-2012-4527-80-width-patch
-new file mode 100644
-index 0000000..0eb94d8
---- /dev/null
-+++ b/mcrypt-CVE-2012-4527-80-width-patch
-@@ -0,0 +1,91 @@
-+--- mcrypt-2.6.8.orig/src/mcrypt.c
-++++ mcrypt-2.6.8/src/mcrypt.c
-+@@ -41,6 +41,8 @@
-+ # include <time.h>
-+ #endif
-+
-++#define WIDTH 80
-++
-+ static char rcsid[] =
-+ "$Id: mcrypt.c,v 1.2 2007/11/07 17:10:21 nmav Exp $";
-+
-+@@ -482,7 +484,7 @@
-+ #ifdef HAVE_STAT
-+ if (stream_flag == FALSE) {
-+ if (is_normal_file(file[i]) == FALSE) {
-+- sprintf(tmperr,
-++ snprintf(tmperr, WIDTH,
-+ _
-+ ("%s: %s is not a regular file. Skipping...\n"),
-+ program_name, file[i]);
-+@@ -501,7 +503,7 @@
-+ dinfile = file[i];
-+ if ((isatty(fileno((FILE *) (stdin))) == 1)
-+ && (stream_flag == TRUE) && (force == 0)) { /* not a tty */
-+- sprintf(tmperr,
-++ snprintf(tmperr, WIDTH,
-+ _
-+ ("%s: Encrypted data will not be read from a terminal.\n"),
-+ program_name);
-+@@ -520,7 +522,7 @@
-+ einfile = file[i];
-+ if ((isatty(fileno((FILE *) (stdout))) == 1)
-+ && (stream_flag == TRUE) && (force == 0)) { /* not a tty */
-+- sprintf(tmperr,
-++ snprintf(tmperr, WIDTH,
-+ _
-+ ("%s: Encrypted data will not be written to a terminal.\n"),
-+ program_name);
-+@@ -544,7 +546,7 @@
-+ strcpy(outfile, einfile);
-+ /* if file has already the .nc ignore it */
-+ if (strstr(outfile, ".nc") != NULL) {
-+- sprintf(tmperr,
-++ snprintf(tmperr, WIDTH,
-+ _
-+ ("%s: file %s has the .nc suffix... skipping...\n"),
-+ program_name, outfile);
-+@@ -590,10 +592,10 @@
-+
-+ if (x == 0) {
-+ if (stream_flag == FALSE) {
-+- sprintf(tmperr, _("File %s was decrypted.\n"), dinfile);
-++ snprintf(tmperr, WIDTH, _("File %s was decrypted.\n"), dinfile);
-+ err_warn(tmperr);
-+ } else {
-+- sprintf(tmperr, _("Stdin was decrypted.\n"));
-++ snprintf(tmperr, WIDTH, _("Stdin was decrypted.\n"));
-+ err_warn(tmperr);
-+ }
-+ #ifdef HAVE_STAT
-+@@ -610,7 +612,7 @@
-+
-+ } else {
-+ if (stream_flag == FALSE) {
-+- sprintf(tmperr,
-++ snprintf(tmperr, WIDTH,
-+ _
-+ ("File %s was NOT decrypted successfully.\n"),
-+ dinfile);
-+@@ -636,10 +638,10 @@
-+
-+ if (x == 0) {
-+ if (stream_flag == FALSE) {
-+- sprintf(tmperr, _("File %s was encrypted.\n"), einfile);
-++ snprintf(tmperr, WIDTH, _("File %s was encrypted.\n"), einfile);
-+ err_warn(tmperr);
-+ } else {
-+- sprintf(tmperr, _("Stdin was encrypted.\n"));
-++ snprintf(tmperr, WIDTH, _("Stdin was encrypted.\n"));
-+ err_warn(tmperr);
-+ }
-+ #ifdef HAVE_STAT
-+@@ -655,7 +657,7 @@
-+
-+ } else {
-+ if (stream_flag == FALSE) {
-+- sprintf(tmperr,
-++ snprintf(tmperr, WIDTH,
-+ _
-+ ("File %s was NOT encrypted successfully.\n"),
-+ einfile);
---
-cgit v0.12
+--- mcrypt-2.6.8.orig/src/mcrypt.c
++++ mcrypt-2.6.8/src/mcrypt.c
+@@ -41,6 +41,8 @@
+ # include <time.h>
+ #endif
+
++#define WIDTH 80
++
+ static char rcsid[] =
+ "$Id: mcrypt.c,v 1.2 2007/11/07 17:10:21 nmav Exp $";
+
+@@ -482,7 +484,7 @@
+ #ifdef HAVE_STAT
+ if (stream_flag == FALSE) {
+ if (is_normal_file(file[i]) == FALSE) {
+- sprintf(tmperr,
++ snprintf(tmperr, WIDTH,
+ _
+ ("%s: %s is not a regular file. Skipping...\n"),
+ program_name, file[i]);
+@@ -501,7 +503,7 @@
+ dinfile = file[i];
+ if ((isatty(fileno((FILE *) (stdin))) == 1)
+ && (stream_flag == TRUE) && (force == 0)) { /* not a tty */
+- sprintf(tmperr,
++ snprintf(tmperr, WIDTH,
+ _
+ ("%s: Encrypted data will not be read from a terminal.\n"),
+ program_name);
+@@ -520,7 +522,7 @@
+ einfile = file[i];
+ if ((isatty(fileno((FILE *) (stdout))) == 1)
+ && (stream_flag == TRUE) && (force == 0)) { /* not a tty */
+- sprintf(tmperr,
++ snprintf(tmperr, WIDTH,
+ _
+ ("%s: Encrypted data will not be written to a terminal.\n"),
+ program_name);
+@@ -544,7 +546,7 @@
+ strcpy(outfile, einfile);
+ /* if file has already the .nc ignore it */
+ if (strstr(outfile, ".nc") != NULL) {
+- sprintf(tmperr,
++ snprintf(tmperr, WIDTH,
+ _
+ ("%s: file %s has the .nc suffix... skipping...\n"),
+ program_name, outfile);
+@@ -590,10 +592,10 @@
+
+ if (x == 0) {
+ if (stream_flag == FALSE) {
+- sprintf(tmperr, _("File %s was decrypted.\n"), dinfile);
++ snprintf(tmperr, WIDTH, _("File %s was decrypted.\n"), dinfile);
+ err_warn(tmperr);
+ } else {
+- sprintf(tmperr, _("Stdin was decrypted.\n"));
++ snprintf(tmperr, WIDTH, _("Stdin was decrypted.\n"));
+ err_warn(tmperr);
+ }
+ #ifdef HAVE_STAT
+@@ -610,7 +612,7 @@
+
+ } else {
+ if (stream_flag == FALSE) {
+- sprintf(tmperr,
++ snprintf(tmperr, WIDTH,
+ _
+ ("File %s was NOT decrypted successfully.\n"),
+ dinfile);
+@@ -636,10 +638,10 @@
+
+ if (x == 0) {
+ if (stream_flag == FALSE) {
+- sprintf(tmperr, _("File %s was encrypted.\n"), einfile);
++ snprintf(tmperr, WIDTH, _("File %s was encrypted.\n"), einfile);
+ err_warn(tmperr);
+ } else {
+- sprintf(tmperr, _("Stdin was encrypted.\n"));
++ snprintf(tmperr, WIDTH, _("Stdin was encrypted.\n"));
+ err_warn(tmperr);
+ }
+ #ifdef HAVE_STAT
+@@ -655,7 +657,7 @@
+
+ } else {
+ if (stream_flag == FALSE) {
+- sprintf(tmperr,
++ snprintf(tmperr, WIDTH,
+ _
+ ("File %s was NOT encrypted successfully.\n"),
+ einfile);
+-
+git v0.12
diff --git a/gnu/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch b/gnu/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch
new file mode 100644
index 0000000000..e8f841c4fd
--- /dev/null
+++ b/gnu/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch
@@ -0,0 +1,218 @@
+This patch includes
+
+ * mingw-w64-headers/include/winnt.h: compile fixes for1 gcc-4.9.3
+ * mingw-w64-headers/crt/math.h: Likewise
+ * mingw-w64-headers/crt/float.h (FLT_EPSILON,DBL_EPSILON,LDBL_EPSILON): Add
+ symbols.
+ * mingw-w64-headers/crt/stat.h (S_ISLNK,S_ISSOCK,S_ISUID,S_ISGID,S_ISLINK):
+ Add symbols.
+ (lstat): Add function.
+ * mingw-w64-headers/crt/_mingw_stat64.h: Likewise
+ * mingw-w64-headers/crt/stdlib.h (realpath): Add function.
+
+Needed for building with gcc-4.9.3 and using with cross-libtool-2.4.6.
+
+Upstream status: not yet presented upstream.
+
+index 9c5cf87..74a8541 100644
+--- a/mingw-w64-crt/misc/dirname.c
++++ b/mingw-w64-crt/misc/dirname.c
+@@ -29,6 +29,12 @@
+ #define __cdecl /* this may not be defined. */
+ #endif
+
++char *__cdecl
++realpath(const char *name, char *resolved)
++{
++ return resolved ? strcpy (resolved, name) : strdup (name);
++}
++
+ char * __cdecl
+ dirname(char *path)
+ {
+diff --git a/mingw-w64-headers/crt/_mingw_stat64.h b/mingw-w64-headers/crt/_mingw_stat64.h
+index 17e754c..7d2339b 100644
+--- a/mingw-w64-headers/crt/_mingw_stat64.h
++++ b/mingw-w64-headers/crt/_mingw_stat64.h
+@@ -2,13 +2,17 @@
+
+ #ifdef _USE_32BIT_TIME_T
+ #define _fstat32 _fstat
++#define _lstat32 _lstat
+ #define _stat32 _stat
+ #define _wstat32 _wstat
+ #define _fstat32i64 _fstati64
++#define _lstat32i64 _lstati64
+ #define _stat32i64 _stati64
+ #define _wstat32i64 _wstati64
+ #else
+ #define _fstat _fstat64i32
++#define _lstat _lstat64i32
++#define _lstati64 _lstat64
+ #define _fstati64 _fstat64
+ #define _stat _stat64i32
+ #define _stati64 _stat64
+diff --git a/mingw-w64-headers/crt/float.h b/mingw-w64-headers/crt/float.h
+index 5874f4e..bdf4ead 100644
+--- a/mingw-w64-headers/crt/float.h
++++ b/mingw-w64-headers/crt/float.h
+@@ -22,6 +22,15 @@
+ #if (__GNUC__ < 4)
+ #error Corrupt install of gcc-s internal headers, or search order was changed.
+ #else
++
++ /* From gcc-4.9.3 float.h. */
++ #undef FLT_EPSILON
++ #undef DBL_EPSILON
++ #undef LDBL_EPSILON
++ #define FLT_EPSILON __FLT_EPSILON__
++ #define DBL_EPSILON __DBL_EPSILON__
++ #define LDBL_EPSILON __LDBL_EPSILON__
++
+ /* #include_next <float_ginclude.h> */
+
+ /* Number of decimal digits, q, such that any floating-point number with q
+diff --git a/mingw-w64-headers/crt/math.h b/mingw-w64-headers/crt/math.h
+index 1e970f4..99a332f 100644
+--- a/mingw-w64-headers/crt/math.h
++++ b/mingw-w64-headers/crt/math.h
+@@ -216,6 +216,7 @@ extern "C" {
+ #endif
+ }
+
++#if 0
+ __CRT_INLINE long double __cdecl fabsl (long double x)
+ {
+ #ifdef __arm__
+@@ -226,6 +227,7 @@ extern "C" {
+ return res;
+ #endif
+ }
++#endif
+
+ __CRT_INLINE double __cdecl fabs (double x)
+ {
+@@ -905,7 +907,7 @@ __mingw_choose_expr ( \
+ /* 7.12.7.3 */
+ extern double __cdecl hypot (double, double) __MINGW_ATTRIB_DEPRECATED_MSVC2005; /* in libmoldname.a */
+ extern float __cdecl hypotf (float x, float y);
+-#ifndef __CRT__NO_INLINE
++#if 0 //ndef __CRT__NO_INLINE
+ __CRT_INLINE float __cdecl hypotf (float x, float y) { return (float) hypot ((double)x, (double)y);}
+ #endif
+ extern long double __cdecl hypotl (long double, long double);
+diff --git a/mingw-w64-headers/crt/stdlib.h b/mingw-w64-headers/crt/stdlib.h
+index dfc5ae4..6f0fee3 100644
+--- a/mingw-w64-headers/crt/stdlib.h
++++ b/mingw-w64-headers/crt/stdlib.h
+@@ -8,6 +8,7 @@
+
+ #include <crtdefs.h>
+ #include <limits.h>
++#include <string.h>
+
+ #if defined (__USE_MINGW_ANSI_STDIO) && ((__USE_MINGW_ANSI_STDIO + 0) != 0) && !defined (__USE_MINGW_STRTOX)
+ #define __USE_MINGW_STRTOX 1
+@@ -676,6 +677,8 @@ unsigned long __cdecl _lrotr(unsigned long,int);
+
+ #endif /* !__NO_ISOCEXT */
+
++char *__cdecl realpath (const char *name, char *resolved);
++
+ #ifdef __cplusplus
+ }
+ #endif
+diff --git a/mingw-w64-headers/crt/sys/stat.h b/mingw-w64-headers/crt/sys/stat.h
+index ed60219..d88b4f1 100644
+--- a/mingw-w64-headers/crt/sys/stat.h
++++ b/mingw-w64-headers/crt/sys/stat.h
+@@ -58,16 +58,21 @@ extern "C" {
+ #include <_mingw_stat64.h>
+
+ #define _S_IFMT 0xF000
++#define _S_IFLNK 0xA000
++#define _S_IFSOCK 0xC000
+ #define _S_IFDIR 0x4000
+ #define _S_IFCHR 0x2000
+ #define _S_IFIFO 0x1000
+ #define _S_IFREG 0x8000
++#define _S_ISUID 0x0400
++#define _S_ISGID 0x0200
+ #define _S_IREAD 0x0100
+ #define _S_IWRITE 0x0080
+ #define _S_IEXEC 0x0040
+
+ _CRTIMP int __cdecl _fstat32(int _FileDes,struct _stat32 *_Stat);
+ _CRTIMP int __cdecl _stat32(const char *_Name,struct _stat32 *_Stat);
++ static inline int __cdecl _lstat32(const char *_Name,struct _stat32 *_Stat) {return _stat32(_Name, _Stat);}
+ _CRTIMP int __cdecl _fstat64(int _FileDes,struct _stat64 *_Stat);
+ _CRTIMP int __cdecl _fstat32i64(int _FileDes,struct _stat32i64 *_Stat);
+ int __cdecl _fstat64i32(int _FileDes,struct _stat64i32 *_Stat);
+@@ -97,6 +102,9 @@ extern "C" {
+ _CRTIMP int __cdecl _stat64(const char *_Name,struct _stat64 *_Stat);
+ _CRTIMP int __cdecl _stat32i64(const char *_Name,struct _stat32i64 *_Stat);
+ int __cdecl _stat64i32(const char *_Name,struct _stat64i32 *_Stat);
++ static inline int __cdecl _lstat64(const char *_Name,struct _stat64 *_Stat) {return _stat64(_Name, _Stat);}
++ static inline int __cdecl _lstat32i64(const char *_Name,struct _stat32i64 *_Stat) {return _stat32i64(_Name, _Stat);}
++ static inline int __cdecl _lstat64i32(const char *_Name,struct _stat64i32 *_Stat) {return _stat64i32(_Name, _Stat);}
+ #ifndef __CRT__NO_INLINE
+ __CRT_INLINE int __cdecl _stat64i32(const char *_Name,struct _stat64i32 *_Stat)
+ {
+@@ -132,6 +140,8 @@ extern "C" {
+ #ifndef NO_OLDNAMES
+ #define _S_IFBLK 0x3000 /* Block: Is this ever set under w32? */
+
++#define S_IFLNK _S_IFLNK
++#define S_IFSOCK _S_IFSOCK
+ #define S_IFMT _S_IFMT
+ #define S_IFDIR _S_IFDIR
+ #define S_IFCHR _S_IFCHR
+@@ -162,6 +172,11 @@ extern "C" {
+ #define S_IXOTH (S_IXGRP >> 3)
+ #define S_IRWXO (S_IRWXG >> 3)
+
++#define S_ISUID _S_ISUID
++#define S_ISGID _S_ISGID
++
++#define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK)
++#define S_ISSOCK(m) (((m) & S_IFMT) == S_IFSOCK)
+ #define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR)
+ #define S_ISFIFO(m) (((m) & S_IFMT) == S_IFIFO)
+ #define S_ISCHR(m) (((m) & S_IFMT) == S_IFCHR)
+@@ -174,6 +189,7 @@ extern "C" {
+ int __cdecl stat(const char *_Filename,struct stat *_Stat);
+ int __cdecl fstat(int _Desc,struct stat *_Stat);
+ int __cdecl wstat(const wchar_t *_Filename,struct stat *_Stat);
++static inline int __cdecl lstat(const char *_Filename,struct stat *_Stat){return stat(_Filename, _Stat);}
+
+ #ifndef __CRT__NO_INLINE
+ #ifdef _USE_32BIT_TIME_T
+@@ -262,9 +278,11 @@ __CRT_INLINE int __cdecl
+
+ #if defined(_FILE_OFFSET_BITS) && (_FILE_OFFSET_BITS == 64)
+ #ifdef _USE_32BIT_TIME_T
++#define lstat _lstat32i64
+ #define stat _stat32i64
+ #define fstat _fstat32i64
+ #else
++#define lstat _lstat64
+ #define stat _stat64
+ #define fstat _fstat64
+ #endif
+diff --git a/mingw-w64-headers/include/winnt.h b/mingw-w64-headers/include/winnt.h
+index 52af29b..8626396 100644
+--- a/mingw-w64-headers/include/winnt.h
++++ b/mingw-w64-headers/include/winnt.h
+@@ -6895,7 +6895,12 @@ __buildmemorybarrier()
+ DWORD Reg : 3;
+ DWORD R : 1;
+ DWORD L : 1;
++/* C is used as a const specifier */
++#define save_C C
++#undef C
+ DWORD C : 1;
++#define C save_C
++#undef save_C
+ DWORD StackAdjust : 10;
+ } DUMMYSTRUCTNAME;
+ } DUMMYUNIONNAME;
diff --git a/gnu/packages/patches/multiqc-fix-git-subprocess-error.patch b/gnu/packages/patches/multiqc-fix-git-subprocess-error.patch
new file mode 100644
index 0000000000..87be6142f4
--- /dev/null
+++ b/gnu/packages/patches/multiqc-fix-git-subprocess-error.patch
@@ -0,0 +1,16 @@
+Without this patch, the incorrect exception is caught when 'git' is not in
+PATH. See https://github.com/ewels/MultiQC/pull/377.
+
+diff --git a/multiqc/utils/config.py b/multiqc/utils/config.py
+index 01fa554..4a11793 100755
+--- a/multiqc/utils/config.py
++++ b/multiqc/utils/config.py
+@@ -28,7 +28,7 @@ try:
+ git_hash = subprocess.check_output(['git', 'rev-parse', 'HEAD'], stderr=subprocess.STDOUT)
+ git_hash_short = git_hash[:7]
+ version = '{} ({})'.format(version, git_hash_short)
+-except subprocess.CalledProcessError:
++except (subprocess.CalledProcessError, FileNotFoundError):
+ pass
+ os.chdir(cwd)
+
diff --git a/gnu/packages/patches/mupdf-CVE-2016-6265.patch b/gnu/packages/patches/mupdf-CVE-2016-6265.patch
deleted file mode 100644
index 58f5c3726c..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2016-6265.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Fix CVE-2016-6265 (use after free in pdf_load_xref()).
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6265
-https://security-tracker.debian.org/tracker/CVE-2016-6265
-
-Patch copied from upstream source repository:
-
-http://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958
-
-diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
-index 576c315..3222599 100644
---- a/source/pdf/pdf-xref.c
-+++ b/source/pdf/pdf-xref.c
-@@ -1184,8 +1184,14 @@ pdf_load_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf)
- fz_throw(ctx, FZ_ERROR_GENERIC, "object offset out of range: %d (%d 0 R)", (int)entry->ofs, i);
- }
- if (entry->type == 'o')
-- if (entry->ofs <= 0 || entry->ofs >= xref_len || pdf_get_xref_entry(ctx, doc, entry->ofs)->type != 'n')
-- fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)entry->ofs, i);
-+ {
-+ /* Read this into a local variable here, because pdf_get_xref_entry
-+ * may solidify the xref, hence invalidating "entry", meaning we
-+ * need a stashed value for the throw. */
-+ fz_off_t ofs = entry->ofs;
-+ if (ofs <= 0 || ofs >= xref_len || pdf_get_xref_entry(ctx, doc, ofs)->type != 'n')
-+ fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)ofs, i);
-+ }
- }
- }
-
diff --git a/gnu/packages/patches/mupdf-CVE-2016-6525.patch b/gnu/packages/patches/mupdf-CVE-2016-6525.patch
deleted file mode 100644
index 370af5ade6..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2016-6525.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Fix CVE-2016-6525 (heap overflow in pdf_load_mesh_params()).
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6525
-https://security-tracker.debian.org/tracker/CVE-2016-6525
-
-Patch copied from upstream source repository:
-http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e
-
-diff --git a/source/pdf/pdf-shade.c b/source/pdf/pdf-shade.c
-index 7815b3c..6e25efa 100644
---- a/source/pdf/pdf-shade.c
-+++ b/source/pdf/pdf-shade.c
-@@ -206,7 +206,7 @@ pdf_load_mesh_params(fz_context *ctx, pdf_document *doc, fz_shade *shade, pdf_ob
- obj = pdf_dict_get(ctx, dict, PDF_NAME_Decode);
- if (pdf_array_len(ctx, obj) >= 6)
- {
-- n = (pdf_array_len(ctx, obj) - 4) / 2;
-+ n = fz_mini(FZ_MAX_COLORS, (pdf_array_len(ctx, obj) - 4) / 2);
- shade->u.m.x0 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 0));
- shade->u.m.x1 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 1));
- shade->u.m.y0 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 2));
diff --git a/gnu/packages/patches/mupdf-CVE-2016-7504.patch b/gnu/packages/patches/mupdf-CVE-2016-7504.patch
deleted file mode 100644
index 4bbb4411c0..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2016-7504.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-Fix CVE-2016-7504:
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7504
-http://bugs.ghostscript.com/show_bug.cgi?id=697142
-
-Patch copied from upstream source repository:
-http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=5c337af4b3df80cf967e4f9f6a21522de84b392a
-
-From 5c337af4b3df80cf967e4f9f6a21522de84b392a Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor.andersson@artifex.com>
-Date: Wed, 21 Sep 2016 16:01:08 +0200
-Subject: [PATCH] Fix bug 697142: Stale string pointer stored in regexp object.
-
-Make sure to make a copy of the source pattern string.
-A case we missed when adding short and memory strings to the runtime.
-The code assumed all strings passed to it were either literal or interned.
----
- jsgc.c | 4 +++-
- jsi.h | 1 +
- jsregexp.c | 2 +-
- jsrun.c | 8 ++++++++
- jsvalue.h | 2 +-
- 5 files changed, 14 insertions(+), 3 deletions(-)
-
-diff --git a/jsgc.c b/jsgc.c
-index 9bd6482..4f7e7dc 100644
---- a/thirdparty/mujs/jsgc.c
-+++ b/thirdparty/mujs/jsgc.c
-@@ -44,8 +44,10 @@ static void jsG_freeobject(js_State *J, js_Object *obj)
- {
- if (obj->head)
- jsG_freeproperty(J, obj->head);
-- if (obj->type == JS_CREGEXP)
-+ if (obj->type == JS_CREGEXP) {
-+ js_free(J, obj->u.r.source);
- js_regfree(obj->u.r.prog);
-+ }
- if (obj->type == JS_CITERATOR)
- jsG_freeiterator(J, obj->u.iter.head);
- if (obj->type == JS_CUSERDATA && obj->u.user.finalize)
-diff --git a/jsi.h b/jsi.h
-index 7d9f7c7..e855045 100644
---- a/thirdparty/mujs/jsi.h
-+++ b/thirdparty/mujs/jsi.h
-@@ -79,6 +79,7 @@ typedef unsigned short js_Instruction;
-
- /* String interning */
-
-+char *js_strdup(js_State *J, const char *s);
- const char *js_intern(js_State *J, const char *s);
- void jsS_dumpstrings(js_State *J);
- void jsS_freestrings(js_State *J);
-diff --git a/jsregexp.c b/jsregexp.c
-index 2a056b7..a2d5156 100644
---- a/thirdparty/mujs/jsregexp.c
-+++ b/thirdparty/mujs/jsregexp.c
-@@ -21,7 +21,7 @@ void js_newregexp(js_State *J, const char *pattern, int flags)
- js_syntaxerror(J, "regular expression: %s", error);
-
- obj->u.r.prog = prog;
-- obj->u.r.source = pattern;
-+ obj->u.r.source = js_strdup(J, pattern);
- obj->u.r.flags = flags;
- obj->u.r.last = 0;
- js_pushobject(J, obj);
-diff --git a/jsrun.c b/jsrun.c
-index 2648c4c..ee80845 100644
---- a/thirdparty/mujs/jsrun.c
-+++ b/thirdparty/mujs/jsrun.c
-@@ -45,6 +45,14 @@ void *js_realloc(js_State *J, void *ptr, int size)
- return ptr;
- }
-
-+char *js_strdup(js_State *J, const char *s)
-+{
-+ int n = strlen(s) + 1;
-+ char *p = js_malloc(J, n);
-+ memcpy(p, s, n);
-+ return p;
-+}
-+
- void js_free(js_State *J, void *ptr)
- {
- J->alloc(J->actx, ptr, 0);
-diff --git a/jsvalue.h b/jsvalue.h
-index 6cfbd89..8fb5016 100644
---- a/thirdparty/mujs/jsvalue.h
-+++ b/thirdparty/mujs/jsvalue.h
-@@ -71,7 +71,7 @@ struct js_String
- struct js_Regexp
- {
- void *prog;
-- const char *source;
-+ char *source;
- unsigned short flags;
- unsigned short last;
- };
---
-2.10.2
-
diff --git a/gnu/packages/patches/mupdf-CVE-2016-7505.patch b/gnu/packages/patches/mupdf-CVE-2016-7505.patch
deleted file mode 100644
index 15e4f374d6..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2016-7505.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Fix CVE-2016-7505:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7505
-http://bugs.ghostscript.com/show_bug.cgi?id=697140
-
-Patch copied from upstream source repository:
-http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=8c805b4eb19cf2af689c860b77e6111d2ee439d5
-
-From 8c805b4eb19cf2af689c860b77e6111d2ee439d5 Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor.andersson@artifex.com>
-Date: Wed, 21 Sep 2016 15:21:04 +0200
-Subject: [PATCH] Fix bug 697140: Overflow check in ascii division in strtod.
-
----
- jsdtoa.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/jsdtoa.c b/jsdtoa.c
-index 2e52368..920c1a7 100644
---- a/thirdparty/mujs/jsdtoa.c
-+++ b/thirdparty/mujs/jsdtoa.c
-@@ -735,6 +735,7 @@ xx:
- n -= c<<b;
- *p++ = c + '0';
- (*na)++;
-+ if (*na >= Ndig) break; /* abort if overflowing */
- }
- *p = 0;
- }
---
-2.10.2
-
diff --git a/gnu/packages/patches/mupdf-CVE-2016-7506.patch b/gnu/packages/patches/mupdf-CVE-2016-7506.patch
deleted file mode 100644
index 733249acaa..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2016-7506.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Fix CVE-2016-7506:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7506
-http://bugs.ghostscript.com/show_bug.cgi?id=697141
-
-Patch copied from upstream source repository:
-http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=5000749f5afe3b956fc916e407309de840997f4a
-
-From 5000749f5afe3b956fc916e407309de840997f4a Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor.andersson@artifex.com>
-Date: Wed, 21 Sep 2016 16:02:11 +0200
-Subject: [PATCH] Fix bug 697141: buffer overrun in regexp string substitution.
-
-A '$' escape at the end of the string would read past the zero terminator
-when looking for the escaped character.
----
- jsstring.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/jsstring.c b/jsstring.c
-index 66f6a89..0209a8e 100644
---- a/thirdparty/mujs/jsstring.c
-+++ b/thirdparty/mujs/jsstring.c
-@@ -421,6 +421,7 @@ loop:
- while (*r) {
- if (*r == '$') {
- switch (*(++r)) {
-+ case 0: --r; /* end of string; back up and fall through */
- case '$': js_putc(J, &sb, '$'); break;
- case '`': js_putm(J, &sb, source, s); break;
- case '\'': js_puts(J, &sb, s + n); break;
-@@ -516,6 +517,7 @@ static void Sp_replace_string(js_State *J)
- while (*r) {
- if (*r == '$') {
- switch (*(++r)) {
-+ case 0: --r; /* end of string; back up and fall through */
- case '$': js_putc(J, &sb, '$'); break;
- case '&': js_putm(J, &sb, s, s + n); break;
- case '`': js_putm(J, &sb, source, s); break;
---
-2.10.2
-
diff --git a/gnu/packages/patches/mupdf-CVE-2016-7563.patch b/gnu/packages/patches/mupdf-CVE-2016-7563.patch
deleted file mode 100644
index 288c9ab2df..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2016-7563.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Fix CVE-2016-7563:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7563
-http://bugs.ghostscript.com/show_bug.cgi?id=697136
-
-Patch copied from upstream source repository:
-http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=f8234d830e17fc5e8fe09eb76d86dad3f6233c59
-
-From f8234d830e17fc5e8fe09eb76d86dad3f6233c59 Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor.andersson@artifex.com>
-Date: Tue, 20 Sep 2016 17:11:32 +0200
-Subject: [PATCH] Fix bug 697136.
-
-We were unconditionally reading the next character if we encountered
-a '*' in a multi-line comment; possibly reading past the end of
-the input.
----
- jslex.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/jslex.c b/jslex.c
-index 7b80800..cbd0eeb 100644
---- a/thirdparty/mujs/jslex.c
-+++ b/thirdparty/mujs/jslex.c
-@@ -225,7 +225,8 @@ static int lexcomment(js_State *J)
- if (jsY_accept(J, '/'))
- return 0;
- }
-- jsY_next(J);
-+ else
-+ jsY_next(J);
- }
- return -1;
- }
---
-2.10.2
-
diff --git a/gnu/packages/patches/mupdf-CVE-2016-7564.patch b/gnu/packages/patches/mupdf-CVE-2016-7564.patch
deleted file mode 100644
index c2ce33d1df..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2016-7564.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Fix CVE-2016-7564:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7564
-http://bugs.ghostscript.com/show_bug.cgi?id=697137
-
-Patch copied from upstream source repository:
-http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=a3a4fe840b80706c706e86160352af5936f292d8
-
-From a3a4fe840b80706c706e86160352af5936f292d8 Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor.andersson@artifex.com>
-Date: Tue, 20 Sep 2016 17:19:06 +0200
-Subject: [PATCH] Fix bug 697137: off by one in string length calculation.
-
-We were not allocating space for the terminating zero byte.
----
- jsfunction.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/jsfunction.c b/jsfunction.c
-index 8b5b18e..28f7aa7 100644
---- a/thirdparty/mujs/jsfunction.c
-+++ b/thirdparty/mujs/jsfunction.c
-@@ -61,7 +61,7 @@ static void Fp_toString(js_State *J)
- n += strlen(F->name);
- for (i = 0; i < F->numparams; ++i)
- n += strlen(F->vartab[i]) + 1;
-- s = js_malloc(J, n);
-+ s = js_malloc(J, n + 1);
- strcpy(s, "function ");
- strcat(s, F->name);
- strcat(s, "(");
---
-2.10.2
-
diff --git a/gnu/packages/patches/mupdf-CVE-2016-8674.patch b/gnu/packages/patches/mupdf-CVE-2016-8674.patch
deleted file mode 100644
index 2a35619761..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2016-8674.patch
+++ /dev/null
@@ -1,165 +0,0 @@
-Fix CVE-2016-8674 (use-after-free in pdf_to_num()).
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8674
-https://security-tracker.debian.org/tracker/CVE-2016-8674
-
-Patch adapted from upstream source repository:
-http://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec
-
-diff --git a/include/mupdf/pdf/document.h b/include/mupdf/pdf/document.h
-index f8ef0cd..e8345b7 100644
---- a/include/mupdf/pdf/document.h
-+++ b/include/mupdf/pdf/document.h
-@@ -258,6 +258,10 @@ struct pdf_document_s
- fz_font **type3_fonts;
-
- pdf_resource_tables *resources;
-+
-+ int orphans_max;
-+ int orphans_count;
-+ pdf_obj **orphans;
- };
-
- /*
-diff --git a/include/mupdf/pdf/object.h b/include/mupdf/pdf/object.h
-index 346a2f1..02d4119 100644
---- a/include/mupdf/pdf/object.h
-+++ b/include/mupdf/pdf/object.h
-@@ -109,6 +109,7 @@ pdf_obj *pdf_dict_gets(fz_context *ctx, pdf_obj *dict, const char *key);
- pdf_obj *pdf_dict_getsa(fz_context *ctx, pdf_obj *dict, const char *key, const char *abbrev);
- void pdf_dict_put(fz_context *ctx, pdf_obj *dict, pdf_obj *key, pdf_obj *val);
- void pdf_dict_put_drop(fz_context *ctx, pdf_obj *dict, pdf_obj *key, pdf_obj *val);
-+void pdf_dict_get_put_drop(fz_context *ctx, pdf_obj *dict, pdf_obj *key, pdf_obj *val, pdf_obj **old_val);
- void pdf_dict_puts(fz_context *ctx, pdf_obj *dict, const char *key, pdf_obj *val);
- void pdf_dict_puts_drop(fz_context *ctx, pdf_obj *dict, const char *key, pdf_obj *val);
- void pdf_dict_putp(fz_context *ctx, pdf_obj *dict, const char *path, pdf_obj *val);
-diff --git a/source/pdf/pdf-object.c b/source/pdf/pdf-object.c
-index f2e4551..a0d0d8e 100644
---- a/source/pdf/pdf-object.c
-+++ b/source/pdf/pdf-object.c
-@@ -1240,9 +1240,13 @@ pdf_dict_geta(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *abbrev)
- return pdf_dict_get(ctx, obj, abbrev);
- }
-
--void
--pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val)
-+static void
-+pdf_dict_get_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val, pdf_obj **old_val)
- {
-+
-+ if (old_val)
-+ *old_val = NULL;
-+
- RESOLVE(obj);
- if (obj >= PDF_OBJ__LIMIT)
- {
-@@ -1282,7 +1286,10 @@ pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val)
- {
- pdf_obj *d = DICT(obj)->items[i].v;
- DICT(obj)->items[i].v = pdf_keep_obj(ctx, val);
-- pdf_drop_obj(ctx, d);
-+ if (old_val)
-+ *old_val = d;
-+ else
-+ pdf_drop_obj(ctx, d);
- }
- }
- else
-@@ -1305,10 +1312,27 @@ pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val)
- }
-
- void
-+pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val)
-+{
-+ pdf_dict_get_put(ctx, obj, key, val, NULL);
-+}
-+
-+void
- pdf_dict_put_drop(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val)
- {
- fz_try(ctx)
-- pdf_dict_put(ctx, obj, key, val);
-+ pdf_dict_get_put(ctx, obj, key, val, NULL);
-+ fz_always(ctx)
-+ pdf_drop_obj(ctx, val);
-+ fz_catch(ctx)
-+ fz_rethrow(ctx);
-+}
-+
-+void
-+pdf_dict_get_put_drop(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val, pdf_obj **old_val)
-+{
-+ fz_try(ctx)
-+ pdf_dict_get_put(ctx, obj, key, val, old_val);
- fz_always(ctx)
- pdf_drop_obj(ctx, val);
- fz_catch(ctx)
-diff --git a/source/pdf/pdf-repair.c b/source/pdf/pdf-repair.c
-index fdd4648..212c8b7 100644
---- a/source/pdf/pdf-repair.c
-+++ b/source/pdf/pdf-repair.c
-@@ -259,6 +259,27 @@ pdf_repair_obj_stm(fz_context *ctx, pdf_document *doc, int num, int gen)
- }
- }
-
-+static void
-+orphan_object(fz_context *ctx, pdf_document *doc, pdf_obj *obj)
-+{
-+ if (doc->orphans_count == doc->orphans_max)
-+ {
-+ int new_max = (doc->orphans_max ? doc->orphans_max*2 : 32);
-+
-+ fz_try(ctx)
-+ {
-+ doc->orphans = fz_resize_array(ctx, doc->orphans, new_max, sizeof(*doc->orphans));
-+ doc->orphans_max = new_max;
-+ }
-+ fz_catch(ctx)
-+ {
-+ pdf_drop_obj(ctx, obj);
-+ fz_rethrow(ctx);
-+ }
-+ }
-+ doc->orphans[doc->orphans_count++] = obj;
-+}
-+
- void
- pdf_repair_xref(fz_context *ctx, pdf_document *doc)
- {
-@@ -520,12 +541,13 @@ pdf_repair_xref(fz_context *ctx, pdf_document *doc)
- /* correct stream length for unencrypted documents */
- if (!encrypt && list[i].stm_len >= 0)
- {
-+ pdf_obj *old_obj = NULL;
- dict = pdf_load_object(ctx, doc, list[i].num, list[i].gen);
-
- length = pdf_new_int(ctx, doc, list[i].stm_len);
-- pdf_dict_put(ctx, dict, PDF_NAME_Length, length);
-- pdf_drop_obj(ctx, length);
--
-+ pdf_dict_get_put_drop(ctx, dict, PDF_NAME_Length, length, &old_obj);
-+ if (old_obj)
-+ orphan_object(ctx, doc, old_obj);
- pdf_drop_obj(ctx, dict);
- }
- }
-diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
-index 3de1cd2..6682741 100644
---- a/source/pdf/pdf-xref.c
-+++ b/source/pdf/pdf-xref.c
-@@ -1626,6 +1626,12 @@ pdf_close_document(fz_context *ctx, pdf_document *doc)
-
- pdf_drop_resource_tables(ctx, doc);
-
-+ for (i = 0; i < doc->orphans_count; i++)
-+ {
-+ pdf_drop_obj(ctx, doc->orphans[i]);
-+ }
-+ fz_free(ctx, doc->orphans);
-+
- fz_free(ctx, doc);
- }
-
---
-2.10.1
-
diff --git a/gnu/packages/patches/mupdf-CVE-2016-9017.patch b/gnu/packages/patches/mupdf-CVE-2016-9017.patch
deleted file mode 100644
index 1e2b7c3258..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2016-9017.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-Fix CVE-2016-9017:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9107
-http://bugs.ghostscript.com/show_bug.cgi?id=697171
-
-Patch copied from upstream source repository:
-http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=a5c747f1d40e8d6659a37a8d25f13fb5acf8e767
-
-From a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor.andersson@artifex.com>
-Date: Tue, 25 Oct 2016 14:08:27 +0200
-Subject: [PATCH] Fix 697171: missed an operand in the bytecode debugger dump.
-
----
- jscompile.h | 2 +-
- jsdump.c | 1 +
- 2 files changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/jscompile.h b/jscompile.h
-index 802cc9e..3054d13 100644
---- a/thirdparty/mujs/jscompile.h
-+++ b/thirdparty/mujs/jscompile.h
-@@ -21,7 +21,7 @@ enum js_OpCode
-
- OP_NEWARRAY,
- OP_NEWOBJECT,
-- OP_NEWREGEXP,
-+ OP_NEWREGEXP, /* -S,opts- <regexp> */
-
- OP_UNDEF,
- OP_NULL,
-diff --git a/jsdump.c b/jsdump.c
-index 1c51c29..37ad88c 100644
---- a/thirdparty/mujs/jsdump.c
-+++ b/thirdparty/mujs/jsdump.c
-@@ -750,6 +750,7 @@ void jsC_dumpfunction(js_State *J, js_Function *F)
- case OP_INITVAR:
- case OP_DEFVAR:
- case OP_GETVAR:
-+ case OP_HASVAR:
- case OP_SETVAR:
- case OP_DELVAR:
- case OP_GETPROP_S:
---
-2.10.2
-
diff --git a/gnu/packages/patches/mupdf-CVE-2016-9136.patch b/gnu/packages/patches/mupdf-CVE-2016-9136.patch
deleted file mode 100644
index 1f68839a52..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2016-9136.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Fix CVE-2016-9136:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9136
-http://bugs.ghostscript.com/show_bug.cgi?id=697244
-
-Patch copied from upstream source repository:
-http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=a0ceaf5050faf419401fe1b83acfa950ec8a8a89
-From a0ceaf5050faf419401fe1b83acfa950ec8a8a89 Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor.andersson@artifex.com>
-Date: Mon, 31 Oct 2016 13:05:37 +0100
-Subject: [PATCH] Fix 697244: Check for incomplete escape sequence at end of
- input.
-
----
- jslex.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/jslex.c b/jslex.c
-index cbd0eeb..aaafdac 100644
---- a/thirdparty/mujs/jslex.c
-+++ b/thirdparty/mujs/jslex.c
-@@ -377,6 +377,7 @@ static int lexescape(js_State *J)
- return 0;
-
- switch (J->lexchar) {
-+ case 0: jsY_error(J, "unterminated escape sequence");
- case 'u':
- jsY_next(J);
- if (!jsY_ishex(J->lexchar)) return 1; else { x |= jsY_tohex(J->lexchar) << 12; jsY_next(J); }
---
-2.10.2
-
diff --git a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch b/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch
index cd8136b701..d97c1cb348 100644
--- a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch
+++ b/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch
@@ -27,12 +27,3 @@ index 6b92e5c..72dea50 100644
#include <openjpeg.h>
static void fz_opj_error_callback(const char *msg, void *client_data)
-@@ -117,7 +109,7 @@ fz_load_jpx(fz_context *ctx, unsigned char *data, int size, fz_colorspace *defcs
- opj_stream_set_read_function(stream, fz_opj_stream_read);
- opj_stream_set_skip_function(stream, fz_opj_stream_skip);
- opj_stream_set_seek_function(stream, fz_opj_stream_seek);
-- opj_stream_set_user_data(stream, &sb);
-+ opj_stream_set_user_data(stream, &sb, NULL);
- /* Set the length to avoid an assert */
- opj_stream_set_user_data_length(stream, size);
-
diff --git a/gnu/packages/patches/nasm-no-ps-pdf.patch b/gnu/packages/patches/nasm-no-ps-pdf.patch
deleted file mode 100644
index b03b57a6ed..0000000000
--- a/gnu/packages/patches/nasm-no-ps-pdf.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Avoid building PS and PDF docs, which do not build bit-reproducible. NASM
-already installs doc in info and html.
-
---- nasm-2.12.01/doc/Makefile.in.orig 2016-06-21 18:02:59.483484829 +0200
-+++ nasm-2.12.01/doc/Makefile.in 2016-06-21 18:03:46.700151410 +0200
-@@ -27,7 +27,7 @@
- PS2PDF = @PS2PDF@ # Part of GhostScript
-
- SRCS = nasmdoc.src inslist.src changes.src
--OUT = info html nasmdoc.txt nasmdoc.ps nasmdoc.pdf
-+OUT = info html nasmdoc.txt
-
- # exports
- export srcdir
-@@ -100,4 +100,4 @@
- $(INSTALL_DATA) info/* $(INSTALLROOT)$(infodir)
- mkdir -p $(INSTALLROOT)$(docdir)/html
- $(INSTALL_DATA) html/* $(INSTALLROOT)$(docdir)/html
-- $(INSTALL_DATA) nasmdoc.ps nasmdoc.pdf nasmdoc.txt $(INSTALLROOT)$(docdir)
-+ $(INSTALL_DATA) nasmdoc.txt $(INSTALLROOT)$(docdir)
diff --git a/gnu/packages/patches/netcdf-config-date.patch b/gnu/packages/patches/netcdf-config-date.patch
deleted file mode 100644
index 5054612e95..0000000000
--- a/gnu/packages/patches/netcdf-config-date.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Honor SOURCE_DATE_EPOCH when exporting configuration date.
-Autoconf-level patch submitted upstream on Fri Apr 15 23:07:42 UTC 2016
-
---- a/configure
-+++ b/configure
-@@ -2866,7 +2866,17 @@
-
-
- # Configuration Date
-- CONFIG_DATE="`date`"
-+ CONFIG_DATE="`date -u`"
-+if test -n "$SOURCE_DATE_EPOCH"; then
-+ CONFIG_DATE=`date -u -d "@$SOURCE_DATE_EPOCH" 2>/dev/null \
-+ || date -u -r "$SOURCE_DATE_EPOCH" 2>/dev/null`
-+ if test -z "$CONFIG_DATE"; then
-+ as_fn_error $? "malformed SOURCE_DATE_EPOCH" "$LINENO" 5
-+ fi
-+fi
-+cat >>confdefs.h <<_ACEOF
-+#define CONFIG_DATE "$CONFIG_DATE"
-+_ACEOF
-
- # Find out about the host we're building on.
- ac_aux_dir=
---- a/libdispatch/derror.c
-+++ b/libdispatch/derror.c
-@@ -13,7 +13,7 @@
- #endif
-
- /* Tell the user the version of netCDF. */
--static const char nc_libvers[] = PACKAGE_VERSION " of "__DATE__" "__TIME__" $";
-+static const char nc_libvers[] = PACKAGE_VERSION " of "CONFIG_DATE" $";
-
- /**
- \defgroup lib_version Library Version
---- a/config.h.in
-+++ b/config.h.in
-@@ -393,6 +393,9 @@
- /* Define to the version of this package. */
- #undef PACKAGE_VERSION
-
-+/* Define to the configuration date */
-+#undef CONFIG_DATE
-+
- /* The size of `double', as computed by sizeof. */
- #undef SIZEOF_DOUBLE
-
diff --git a/gnu/packages/patches/netcdf-date-time.patch b/gnu/packages/patches/netcdf-date-time.patch
new file mode 100644
index 0000000000..a4e7925aa1
--- /dev/null
+++ b/gnu/packages/patches/netcdf-date-time.patch
@@ -0,0 +1,11 @@
+--- a/libdispatch/derror.c
++++ b/libdispatch/derror.c
+@@ -13,7 +13,7 @@
+ #endif
+
+ /* Tell the user the version of netCDF. */
+-static const char nc_libvers[] = PACKAGE_VERSION " of "__DATE__" "__TIME__" $";
++static const char nc_libvers[] = PACKAGE_VERSION" $";
+
+ /**
+ \defgroup lib_version Library Version
diff --git a/gnu/packages/patches/netcdf-tst_h_par.patch b/gnu/packages/patches/netcdf-tst_h_par.patch
new file mode 100644
index 0000000000..ac14a4c0a2
--- /dev/null
+++ b/gnu/packages/patches/netcdf-tst_h_par.patch
@@ -0,0 +1,21 @@
+From a83702834938b23cc2e843589aa223e2024a7e6f Mon Sep 17 00:00:00 2001
+From: Orion Poplawski <orion@cora.nwra.com>
+Date: Tue, 29 Nov 2016 11:48:01 -0700
+Subject: [PATCH] Add missing #include "err_macros.h" to tst_h_par.c
+
+---
+ h5_test/tst_h_par.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/h5_test/tst_h_par.c b/h5_test/tst_h_par.c
+index c3da7f4..a419d55 100644
+--- a/h5_test/tst_h_par.c
++++ b/h5_test/tst_h_par.c
+@@ -11,6 +11,7 @@
+ $Id: tst_h_par.c,v 1.15 2010/05/25 13:53:04 ed Exp $
+ */
+ #include <nc_tests.h>
++#include "err_macros.h"
+ #include <hdf5.h>
+
+ /* Defining USE_MPE causes the MPE trace library to be used (and you
diff --git a/gnu/packages/patches/ocaml-Add-a-.file-directive.patch b/gnu/packages/patches/ocaml-Add-a-.file-directive.patch
new file mode 100644
index 0000000000..07842e9c32
--- /dev/null
+++ b/gnu/packages/patches/ocaml-Add-a-.file-directive.patch
@@ -0,0 +1,96 @@
+From: Stephane Glondu <steph@glondu.net>
+Date: Sun, 16 Aug 2015 20:59:14 +0200
+Subject: Add a .file directive to generated .s files
+
+When no .file directive is given, the toolchain records the filename
+of the .o file, which is sometimes random, making generated objects
+non-deterministic.
+
+We use Location.input_name for adding .file directives to assembly
+files. Note: when the file is preprocessed, this reference holds the
+name of the temporary file. Hence, files compiled with -pp are still
+not deterministic.
+
+Bug-Debian: https://bugs.debian.org/795784
+Bug-Debian: https://bugs.debian.org/796336
+---
+ asmcomp/amd64/emit.mlp | 1 +
+ asmcomp/arm/emit.mlp | 1 +
+ asmcomp/arm64/emit.mlp | 1 +
+ asmcomp/i386/emit.mlp | 1 +
+ asmcomp/power/emit.mlp | 1 +
+ asmcomp/sparc/emit.mlp | 1 +
+ 6 files changed, 6 insertions(+)
+
+diff --git a/asmcomp/amd64/emit.mlp b/asmcomp/amd64/emit.mlp
+index d56d0f5..4d7aa30 100644
+--- a/asmcomp/amd64/emit.mlp
++++ b/asmcomp/amd64/emit.mlp
+@@ -794,6 +794,7 @@ let data l =
+ let begin_assembly() =
+ reset_debug_info(); (* PR#5603 *)
+ float_constants := [];
++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`;
+ if !Clflags.dlcode then begin
+ (* from amd64.S; could emit these constants on demand *)
+ if macosx then
+diff --git a/asmcomp/arm/emit.mlp b/asmcomp/arm/emit.mlp
+index 4948fb2..6f30fba 100644
+--- a/asmcomp/arm/emit.mlp
++++ b/asmcomp/arm/emit.mlp
+@@ -892,6 +892,7 @@ let data l =
+
+ let begin_assembly() =
+ reset_debug_info();
++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`;
+ ` .syntax unified\n`;
+ begin match !arch with
+ | ARMv4 -> ` .arch armv4t\n`
+diff --git a/asmcomp/arm64/emit.mlp b/asmcomp/arm64/emit.mlp
+index 750c2b2..5afbb8a 100644
+--- a/asmcomp/arm64/emit.mlp
++++ b/asmcomp/arm64/emit.mlp
+@@ -942,6 +942,7 @@ let data l =
+
+ let begin_assembly() =
+ reset_debug_info();
++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`;
+ let lbl_begin = Compilenv.make_symbol (Some "data_begin") in
+ ` .data\n`;
+ ` .globl {emit_symbol lbl_begin}\n`;
+diff --git a/asmcomp/i386/emit.mlp b/asmcomp/i386/emit.mlp
+index 98df5f9..531150f 100644
+--- a/asmcomp/i386/emit.mlp
++++ b/asmcomp/i386/emit.mlp
+@@ -986,6 +986,7 @@ let data l =
+ let begin_assembly() =
+ reset_debug_info(); (* PR#5603 *)
+ float_constants := [];
++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`;
+ let lbl_begin = Compilenv.make_symbol (Some "data_begin") in
+ ` .data\n`;
+ ` .globl {emit_symbol lbl_begin}\n`;
+diff --git a/asmcomp/power/emit.mlp b/asmcomp/power/emit.mlp
+index 4344085..343132b 100644
+--- a/asmcomp/power/emit.mlp
++++ b/asmcomp/power/emit.mlp
+@@ -887,6 +887,7 @@ let data l =
+ let begin_assembly() =
+ defined_functions := StringSet.empty;
+ external_functions := StringSet.empty;
++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`;
+ (* Emit the beginning of the segments *)
+ let lbl_begin = Compilenv.make_symbol (Some "data_begin") in
+ emit_string data_space;
+diff --git a/asmcomp/sparc/emit.mlp b/asmcomp/sparc/emit.mlp
+index 877a3d5..7b041e9 100644
+--- a/asmcomp/sparc/emit.mlp
++++ b/asmcomp/sparc/emit.mlp
+@@ -727,6 +727,7 @@ let data l =
+ (* Beginning / end of an assembly file *)
+
+ let begin_assembly() =
++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`;
+ let lbl_begin = Compilenv.make_symbol (Some "data_begin") in
+ ` .data\n`;
+ ` .global {emit_symbol lbl_begin}\n`;
diff --git a/gnu/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch b/gnu/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch
new file mode 100644
index 0000000000..2056b42356
--- /dev/null
+++ b/gnu/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch
@@ -0,0 +1,125 @@
+From 26cac62fe0154cf65c06faaee10805531e9dade8 Mon Sep 17 00:00:00 2001
+From: Julien Lepiller <julien@lepiller.eu>
+Date: Wed, 14 Dec 2016 14:14:59 +0100
+Subject: [PATCH] fix camlp4 in another directory
+
+---
+ Makefile | 11 ++++++-----
+ configure | 13 ++++++++++++-
+ myocamlbuild.ml | 2 +-
+ 3 files changed, 19 insertions(+), 7 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 4a8ce17..d94a6d5 100644
+--- a/Makefile
++++ b/Makefile
+@@ -25,7 +25,7 @@ PATH_BUILD=$(PATH_BASE)/_build
+ PATH_OCAMLDOC=$(PATH_BASE)/ocamldoc
+ PATH_SRC=$(PATH_BASE)/src
+ PATH_TESTS=$(PATH_BASE)/tests
+-PATH_INSTALL=$(PATH_OCAML_PREFIX)/lib/ocaml/bisect
++PATH_INSTALL=$(PREFIX)/lib/ocaml/bisect
+
+
+ # DEFINITIONS
+@@ -33,7 +33,8 @@ PATH_INSTALL=$(PATH_OCAML_PREFIX)/lib/ocaml/bisect
+ PROJECT_NAME=bisect
+ OCAMLBUILD=$(PATH_OCAML_PREFIX)/bin/ocamlbuild
+ OCAMLBUILD_ENV=WARNINGS=$(WARNINGS) PATH_OCAML_PREFIX=$(PATH_OCAML_PREFIX)
+-OCAMLBUILD_FLAGS=-classic-display -no-links
++CAMLP4_INCLUDE=$(shell test -z $(CAMLP4_LIBDIR) || echo "-cflags -I,$(CAMLP4_LIBDIR)")
++OCAMLBUILD_FLAGS=-classic-display -no-links $(CAMLP4_INCLUDE)
+ MODULES_ODOCL=$(PROJECT_NAME).odocl
+ MODULES_MLPACK=$(PROJECT_NAME).mlpack
+ MODULES_MLPACK_PP=$(PROJECT_NAME)_pp.mlpack
+@@ -80,11 +81,11 @@ veryclean: clean
+ rm -f $(PATH_OCAMLDOC)/*.html $(PATH_OCAMLDOC)/*.css
+
+ install: FORCE
+- cp $(PATH_BUILD)/src/report/report.byte $(PATH_OCAML_PREFIX)/bin/bisect-report; \
++ cp $(PATH_BUILD)/src/report/report.byte $(PREFIX)/bin/bisect-report; \
+ if [ "$(PPX)" = "TRUE" ]; then \
+- cp $(PATH_BUILD)/src/syntax/bisect_ppx.byte $(PATH_OCAML_PREFIX)/bin; \
++ cp $(PATH_BUILD)/src/syntax/bisect_ppx.byte $(PREFIX)/bin; \
+ fi; \
+- (test -x $(PATH_OCAML_PREFIX)/bin/ocamlopt && cp $(PATH_BUILD)/src/report/report.native $(PATH_OCAML_PREFIX)/bin/bisect-report.opt || true); \
++ (test -x $(PATH_OCAML_PREFIX)/bin/ocamlopt && cp $(PATH_BUILD)/src/report/report.native $(PREFIX)/bin/bisect-report.opt || true); \
+ if [ -x "$(PATH_OCAMLFIND)" ]; then \
+ $(PATH_OCAMLFIND) query $(PROJECT_NAME) && $(PATH_OCAMLFIND) remove $(PROJECT_NAME) || true; \
+ $(PATH_OCAMLFIND) install $(PROJECT_NAME) META -optional \
+diff --git a/configure b/configure
+index bb7ebf4..61a3095 100755
+--- a/configure
++++ b/configure
+@@ -21,7 +21,9 @@
+ # default values
+ ocamlbuild=`which ocamlbuild || echo '/usr/local/bin/ocamlbuild'`
+ bin_path=`dirname $ocamlbuild`
++prefix=''
+ ocaml_prefix=`dirname $bin_path`
++camlp4_prefix=`dirname $(dirname $(which camlp4of))`
+ ocamlfind=`which ocamlfind 2> /dev/null || echo ''`
+ native_dynlink='TRUE'
+ devel='FALSE'
+@@ -32,8 +34,12 @@ ppx='FALSE'
+ while [ $# -gt 0 ]
+ do
+ case "$1" in
++ -prefix)
++ prefix="$2"; shift;;
+ -ocaml-prefix)
+ ocaml_prefix="$2"; shift;;
++ -camlp4-prefix)
++ camlp4_prefix="$2"; shift;;
+ -ocamlfind)
+ ocamlfind="$2"; shift;;
+ -no-native-dynlink)
+@@ -45,7 +51,7 @@ do
+ -ppx)
+ ppx='TRUE';;
+ *)
+- echo "usage: $0 [-ocaml-prefix <path>] [-ocamlfind <path>] [-no-native-dynlink] [-devel]";
++ echo "usage: $0 [-prefix <path>] [-ocaml-prefix <path>] [-ocamlfind <path>] [-no-native-dynlink] [-devel]";
+ exit 1;;
+ esac
+ shift
+@@ -57,6 +63,9 @@ if [ "$no_camlp4" = "TRUE" -a "$ppx" = "FALSE" ]; then
+ exit 1
+ fi
+
++# prefix default value
++test -z $prefix && prefix=$ocaml_prefix
++
+ # make options
+ make_quiet=`make -f - <<EOF
+ default: gnumake
+@@ -67,11 +76,13 @@ EOF`
+ # file creation
+ echo "# timestamp: `date`" > Makefile.config
+ echo "PATH_OCAML_PREFIX=$ocaml_prefix" >> Makefile.config
++echo "PATH_CAMLP4_PREFIX=$camlp4_prefix" >> Makefile.config
+ echo "PATH_OCAMLFIND=$ocamlfind" >> Makefile.config
+ echo "NATIVE_DYNLINK=$native_dynlink" >> Makefile.config
+ echo "WARNINGS=$devel" >> Makefile.config
+ echo "NO_CAMLP4=$no_camlp4" >> Makefile.config
+ echo "PPX=$ppx" >> Makefile.config
+ echo "MAKE_QUIET=$make_quiet" >> Makefile.config
++echo "PREFIX=$prefix" >> Makefile.config
+ echo "" >> Makefile.config
+ echo 'Makefile.config successfully created'
+diff --git a/myocamlbuild.ml b/myocamlbuild.ml
+index 8aa25fd..09a7d48 100644
+--- a/myocamlbuild.ml
++++ b/myocamlbuild.ml
+@@ -70,7 +70,7 @@ let () =
+ | After_rules ->
+ let camlp4of =
+ try
+- let path_bin = Filename.concat (Sys.getenv "PATH_OCAML_PREFIX") "bin" in
++ let path_bin = Filename.concat (Sys.getenv "PATH_CAMLP4_PREFIX") "bin" in
+ Filename.concat path_bin "camlp4of"
+ with _ -> "camlp4of" in
+ flag ["ocaml"; "compile"; "pp_camlp4of"] (S[A"-pp"; A camlp4of]);
+--
+2.7.4
+
diff --git a/gnu/packages/patches/ocaml-bitstring-fix-configure.patch b/gnu/packages/patches/ocaml-bitstring-fix-configure.patch
new file mode 100644
index 0000000000..c358bf3d6b
--- /dev/null
+++ b/gnu/packages/patches/ocaml-bitstring-fix-configure.patch
@@ -0,0 +1,53 @@
+From 0aaddfceeea3e89df196ab1846da54d09713a512 Mon Sep 17 00:00:00 2001
+From: Julien Lepiller <julien@lepiller.eu>
+Date: Thu, 15 Dec 2016 21:17:31 +0100
+Subject: [PATCH] fix configure
+
+---
+ Makefile.in | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index d040f4c..85e0b38 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -32,6 +32,7 @@ BISECT_REPORT = @BISECT_REPORT@
+ BYTESWAP_H = @BYTESWAP_H@
+
+ OCAMLLIB = @OCAMLLIB@
++BISECTLIB = $(shell if test -z $${BISECTLIB}; then echo $(OCAMLLIB); else echo $${BISECTLIB}; fi)
+ top_srcdir = @top_srcdir@
+
+ pkg_cil = @OCAML_PKG_cil@
+@@ -47,9 +48,9 @@ OCAMLOPTPACKAGES = $(OCAMLCPACKAGES)
+ OCAMLOPTLIBS = -linkpkg
+
+ ifneq ($(enable_coverage),no)
+-OCAMLCFLAGS += -I +bisect -pp 'camlp4o $(OCAMLLIB)/bisect/instrument.cma'
++OCAMLCFLAGS += -I +bisect -pp 'camlp4o $(BISECTLIB)/bisect/instrument.cma'
+ OCAMLCLIBS += -I +bisect bisect.cma
+-OCAMLOPTFLAGS += -I +bisect -pp 'camlp4o $(OCAMLLIB)/bisect/instrument.cma'
++OCAMLOPTFLAGS += -I +bisect -pp 'camlp4o $(BISECTLIB)/bisect/instrument.cma'
+ OCAMLOPTLIBS += -I +bisect bisect.cmxa
+ endif
+
+@@ -110,7 +111,7 @@ bitstring_persistent.cmi: bitstring_persistent.mli
+ -I +camlp4 -pp camlp4of -c $<
+
+ pa_bitstring.cmo: pa_bitstring.ml bitstring.cma bitstring_persistent.cma
+- $(OCAMLFIND) ocamlc bitstring.cma -I +camlp4 dynlink.cma camlp4lib.cma \
++ $(OCAMLFIND) ocamlc $(OCAMLCFLAGS) bitstring.cma -I +camlp4 dynlink.cma camlp4lib.cma \
+ -pp camlp4of -c $< -o $@
+
+ bitstring-objinfo: bitstring_objinfo.cmo bitstring.cma bitstring_persistent.cma
+@@ -133,7 +134,7 @@ byteswap.h: byteswap.in.h
+ ifeq ($(enable_coverage),no)
+ PP = -pp 'camlp4o bitstring.cma bitstring_persistent.cma pa_bitstring.cmo'
+ else
+-PP = -pp 'camlp4o $(OCAMLLIB)/bisect/bisect.cma bitstring.cma bitstring_persistent.cma pa_bitstring.cmo'
++PP = -pp 'camlp4o $(BISECTLIB)/bisect/bisect.cma bitstring.cma bitstring_persistent.cma pa_bitstring.cmo'
+ endif
+
+ check: test
+--
+2.11.0
diff --git a/gnu/packages/patches/onionshare-fix-install-paths.patch b/gnu/packages/patches/onionshare-fix-install-paths.patch
deleted file mode 100644
index 721b89f04b..0000000000
--- a/gnu/packages/patches/onionshare-fix-install-paths.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 7afdd3366711a0c508bfb9323af8f4268ab77c9b Mon Sep 17 00:00:00 2001
-From: Efraim Flashner <efraim@flashner.co.il>
-Date: Thu, 21 Jul 2016 13:22:45 +0300
-Subject: [PATCH] patch
-
----
- setup.py | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/setup.py b/setup.py
-index 8ae56fe..8b245c9 100644
---- a/setup.py
-+++ b/setup.py
-@@ -91,15 +91,15 @@ setup(
- include_package_data=True,
- scripts=['install/scripts/onionshare', 'install/scripts/onionshare-gui'],
- data_files=[
-- (os.path.join(sys.prefix, 'share/applications'), ['install/onionshare.desktop']),
-- (os.path.join(sys.prefix, 'share/appdata'), ['install/onionshare.appdata.xml']),
-- (os.path.join(sys.prefix, 'share/pixmaps'), ['install/onionshare80.xpm']),
-- (os.path.join(sys.prefix, 'share/onionshare'), [
-+ ('share/applications', ['install/onionshare.desktop']),
-+ ('share/appdata', ['install/onionshare.appdata.xml']),
-+ ('share/pixmaps', ['install/onionshare80.xpm']),
-+ ('share/onionshare', [
- 'resources/version.txt',
- 'resources/wordlist.txt'
- ]),
-- (os.path.join(sys.prefix, 'share/onionshare/images'), images),
-- (os.path.join(sys.prefix, 'share/onionshare/locale'), locale),
-- (os.path.join(sys.prefix, 'share/onionshare/html'), html)
-+ ('share/onionshare/images', images),
-+ ('share/onionshare/locale', locale),
-+ ('share/onionshare/html', html)
- ]
- )
---
-2.9.1
-
diff --git a/gnu/packages/patches/openjpeg-CVE-2015-6581.patch b/gnu/packages/patches/openjpeg-CVE-2015-6581.patch
deleted file mode 100644
index 7ce03501f4..0000000000
--- a/gnu/packages/patches/openjpeg-CVE-2015-6581.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0 Mon Sep 17 00:00:00 2001
-From: Matthieu Darbois <mayeut@users.noreply.github.com>
-Date: Tue, 19 May 2015 21:57:27 +0000
-Subject: [PATCH] [trunk] Correct potential double free on malloc failure in
- opj_j2k_copy_default_tcp_and_create_tcp (fixes issue 492)
-
----
- src/lib/openjp2/j2k.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
-index 8c62a39..cbdd368 100644
---- a/src/lib/openjp2/j2k.c
-+++ b/src/lib/openjp2/j2k.c
-@@ -7365,6 +7365,12 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2
- l_tcp->cod = 0;
- l_tcp->ppt = 0;
- l_tcp->ppt_data = 00;
-+ /* Remove memory not owned by this tile in case of early error return. */
-+ l_tcp->m_mct_decoding_matrix = 00;
-+ l_tcp->m_nb_max_mct_records = 0;
-+ l_tcp->m_mct_records = 00;
-+ l_tcp->m_nb_max_mcc_records = 0;
-+ l_tcp->m_mcc_records = 00;
- /* Reconnect the tile-compo coding parameters pointer to the current tile coding parameters*/
- l_tcp->tccps = l_current_tccp;
-
-@@ -7402,6 +7408,8 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2
-
- ++l_src_mct_rec;
- ++l_dest_mct_rec;
-+ /* Update with each pass to free exactly what has been allocated on early return. */
-+ l_tcp->m_nb_max_mct_records += 1;
- }
-
- /* Get the mcc_record of the dflt_tile_cp and copy them into the current tile cp*/
-@@ -7411,6 +7419,7 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2
- return OPJ_FALSE;
- }
- memcpy(l_tcp->m_mcc_records,l_default_tcp->m_mcc_records,l_mcc_records_size);
-+ l_tcp->m_nb_max_mcc_records = l_default_tcp->m_nb_max_mcc_records;
-
- /* Copy the mcc record data from dflt_tile_cp to the current tile*/
- l_src_mcc_rec = l_default_tcp->m_mcc_records;
---
-2.5.0
-
diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch b/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch
new file mode 100644
index 0000000000..3f637fa88b
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch
@@ -0,0 +1,245 @@
+From cadff5fb6e73398de26a92e96d3d7cac893af255 Mon Sep 17 00:00:00 2001
+From: szukw000 <szukw000@arcor.de>
+Date: Fri, 9 Dec 2016 08:29:55 +0100
+Subject: [PATCH] These changes repair bugs of #871 and #872
+
+email from http://openwall.com/lists/oss-security/2016/12/09/4
+patch is against openjpeg-2.1.2, applies cleanly to 2.1.1.
+
+---
+ src/bin/jp2/converttif.c | 107 +++++++++++++++++++++++++++++++----------------
+ 1 file changed, 70 insertions(+), 37 deletions(-)
+
+diff --git a/src/bin/jp2/converttif.c b/src/bin/jp2/converttif.c
+index 143d3be..c690f8b 100644
+--- a/src/bin/jp2/converttif.c
++++ b/src/bin/jp2/converttif.c
+@@ -553,20 +553,18 @@ static void tif_32sto16u(const OPJ_INT32* pSrc, OPJ_UINT16* pDst, OPJ_SIZE_T len
+
+ int imagetotif(opj_image_t * image, const char *outfile)
+ {
+- int width, height;
+- int bps,adjust, sgnd;
+- int tiPhoto;
++ uint32 width, height, bps, tiPhoto;
++ int adjust, sgnd;
+ TIFF *tif;
+ tdata_t buf;
+- tsize_t strip_size;
++ tmsize_t strip_size, rowStride;
+ OPJ_UINT32 i, numcomps;
+- OPJ_SIZE_T rowStride;
+ OPJ_INT32* buffer32s = NULL;
+ OPJ_INT32 const* planes[4];
+ convert_32s_PXCX cvtPxToCx = NULL;
+ convert_32sXXx_C1R cvt32sToTif = NULL;
+
+- bps = (int)image->comps[0].prec;
++ bps = (uint32)image->comps[0].prec;
+ planes[0] = image->comps[0].data;
+
+ numcomps = image->numcomps;
+@@ -674,13 +672,13 @@ int imagetotif(opj_image_t * image, const char *outfile)
+ break;
+ }
+ sgnd = (int)image->comps[0].sgnd;
+- adjust = sgnd ? 1 << (image->comps[0].prec - 1) : 0;
+- width = (int)image->comps[0].w;
+- height = (int)image->comps[0].h;
++ adjust = sgnd ? (int)(1 << (image->comps[0].prec - 1)) : 0;
++ width = (uint32)image->comps[0].w;
++ height = (uint32)image->comps[0].h;
+
+ TIFFSetField(tif, TIFFTAG_IMAGEWIDTH, width);
+ TIFFSetField(tif, TIFFTAG_IMAGELENGTH, height);
+- TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, numcomps);
++ TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, (uint32)numcomps);
+ TIFFSetField(tif, TIFFTAG_BITSPERSAMPLE, bps);
+ TIFFSetField(tif, TIFFTAG_ORIENTATION, ORIENTATION_TOPLEFT);
+ TIFFSetField(tif, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG);
+@@ -688,8 +686,8 @@ int imagetotif(opj_image_t * image, const char *outfile)
+ TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, 1);
+
+ strip_size = TIFFStripSize(tif);
+- rowStride = ((OPJ_SIZE_T)width * numcomps * (OPJ_SIZE_T)bps + 7U) / 8U;
+- if (rowStride != (OPJ_SIZE_T)strip_size) {
++ rowStride = (width * numcomps * bps + 7U) / 8U;
++ if (rowStride != strip_size) {
+ fprintf(stderr, "Invalid TIFF strip size\n");
+ TIFFClose(tif);
+ return 1;
+@@ -699,7 +697,7 @@ int imagetotif(opj_image_t * image, const char *outfile)
+ TIFFClose(tif);
+ return 1;
+ }
+- buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)width * numcomps * sizeof(OPJ_INT32));
++ buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof(OPJ_INT32)));
+ if (buffer32s == NULL) {
+ _TIFFfree(buf);
+ TIFFClose(tif);
+@@ -1211,20 +1209,19 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+ TIFF *tif;
+ tdata_t buf;
+ tstrip_t strip;
+- tsize_t strip_size;
++ tmsize_t strip_size;
+ int j, currentPlane, numcomps = 0, w, h;
+ OPJ_COLOR_SPACE color_space = OPJ_CLRSPC_UNKNOWN;
+ opj_image_cmptparm_t cmptparm[4]; /* RGBA */
+ opj_image_t *image = NULL;
+ int has_alpha = 0;
+- unsigned short tiBps, tiPhoto, tiSf, tiSpp, tiPC;
+- unsigned int tiWidth, tiHeight;
++ uint32 tiBps, tiPhoto, tiSf, tiSpp, tiPC, tiWidth, tiHeight;
+ OPJ_BOOL is_cinema = OPJ_IS_CINEMA(parameters->rsiz);
+ convert_XXx32s_C1R cvtTifTo32s = NULL;
+ convert_32s_CXPX cvtCxToPx = NULL;
+ OPJ_INT32* buffer32s = NULL;
+ OPJ_INT32* planes[4];
+- OPJ_SIZE_T rowStride;
++ tmsize_t rowStride;
+
+ tif = TIFFOpen(filename, "r");
+
+@@ -1243,22 +1240,35 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+ TIFFGetField(tif, TIFFTAG_SAMPLESPERPIXEL, &tiSpp);
+ TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &tiPhoto);
+ TIFFGetField(tif, TIFFTAG_PLANARCONFIG, &tiPC);
+- w= (int)tiWidth;
+- h= (int)tiHeight;
+-
+- if(tiBps > 16U) {
+- fprintf(stderr,"tiftoimage: Bits=%d, Only 1 to 16 bits implemented\n",tiBps);
+- fprintf(stderr,"\tAborting\n");
++
++ if(tiSpp == 0 || tiSpp > 4) { /* should be 1 ... 4 */
++ fprintf(stderr,"tiftoimage: Bad value for samples per pixel == %hu.\n"
++ "\tAborting.\n", tiSpp);
++ TIFFClose(tif);
++ return NULL;
++ }
++ if(tiBps > 16U || tiBps == 0) {
++ fprintf(stderr,"tiftoimage: Bad values for Bits == %d.\n"
++ "\tMax. 16 Bits are allowed here.\n\tAborting.\n",tiBps);
+ TIFFClose(tif);
+ return NULL;
+ }
+ if(tiPhoto != PHOTOMETRIC_MINISBLACK && tiPhoto != PHOTOMETRIC_RGB) {
+- fprintf(stderr,"tiftoimage: Bad color format %d.\n\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto);
++ fprintf(stderr,"tiftoimage: Bad color format %d.\n"
++ "\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto);
+ fprintf(stderr,"\tAborting\n");
+ TIFFClose(tif);
+ return NULL;
+ }
+-
++ if(tiWidth == 0 || tiHeight == 0) {
++ fprintf(stderr,"tiftoimage: Bad values for width(%u) "
++ "and/or height(%u)\n\tAborting.\n",tiWidth,tiHeight);
++ TIFFClose(tif);
++ return NULL;
++ }
++ w= (int)tiWidth;
++ h= (int)tiHeight;
++
+ switch (tiBps) {
+ case 1:
+ case 2:
+@@ -1312,7 +1322,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+
+ TIFFGetFieldDefaulted(tif, TIFFTAG_EXTRASAMPLES,
+ &extrasamples, &sampleinfo);
+-
++
+ if(extrasamples >= 1)
+ {
+ switch(sampleinfo[0])
+@@ -1333,7 +1343,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+ else /* extrasamples == 0 */
+ if(tiSpp == 4 || tiSpp == 2) has_alpha = 1;
+ }
+-
++
+ /* initialize image components */
+ memset(&cmptparm[0], 0, 4 * sizeof(opj_image_cmptparm_t));
+
+@@ -1346,7 +1356,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+ } else {
+ is_cinema = 0U;
+ }
+-
++
+ if(tiPhoto == PHOTOMETRIC_RGB) /* RGB(A) */
+ {
+ numcomps = 3 + has_alpha;
+@@ -1384,10 +1394,24 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+ image->x0 = (OPJ_UINT32)parameters->image_offset_x0;
+ image->y0 = (OPJ_UINT32)parameters->image_offset_y0;
+ image->x1 = !image->x0 ? (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1 :
+- image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1;
++ image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1;
++ if(image->x1 <= image->x0) {
++ fprintf(stderr,"tiftoimage: Bad value for image->x1(%d) vs. "
++ "image->x0(%d)\n\tAborting.\n",image->x1,image->x0);
++ TIFFClose(tif);
++ opj_image_destroy(image);
++ return NULL;
++ }
+ image->y1 = !image->y0 ? (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1 :
+- image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1;
+-
++ image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1;
++ if(image->y1 <= image->y0) {
++ fprintf(stderr,"tiftoimage: Bad value for image->y1(%d) vs. "
++ "image->y0(%d)\n\tAborting.\n",image->y1,image->y0);
++ TIFFClose(tif);
++ opj_image_destroy(image);
++ return NULL;
++ }
++
+ for(j = 0; j < numcomps; j++)
+ {
+ planes[j] = image->comps[j].data;
+@@ -1395,15 +1419,15 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+ image->comps[numcomps - 1].alpha = (OPJ_UINT16)(1 - (numcomps & 1));
+
+ strip_size = TIFFStripSize(tif);
+-
++
+ buf = _TIFFmalloc(strip_size);
+ if (buf == NULL) {
+ TIFFClose(tif);
+ opj_image_destroy(image);
+ return NULL;
+ }
+- rowStride = ((OPJ_SIZE_T)w * tiSpp * tiBps + 7U) / 8U;
+- buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)w * tiSpp * sizeof(OPJ_INT32));
++ rowStride = (w * tiSpp * tiBps + 7U) / 8U;
++ buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(w * tiSpp * sizeof(OPJ_INT32)));
+ if (buffer32s == NULL) {
+ _TIFFfree(buf);
+ TIFFClose(tif);
+@@ -1421,11 +1445,20 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+ for(; (h > 0) && (strip < TIFFNumberOfStrips(tif)); strip++)
+ {
+ const OPJ_UINT8 *dat8;
+- OPJ_SIZE_T ssize;
++ tmsize_t ssize;
+
+- ssize = (OPJ_SIZE_T)TIFFReadEncodedStrip(tif, strip, buf, strip_size);
++ ssize = TIFFReadEncodedStrip(tif, strip, buf, strip_size);
++ if(ssize < 1 || ssize > strip_size) {
++ fprintf(stderr,"tiftoimage: Bad value for ssize(%ld) "
++ "vs. strip_size(%ld).\n\tAborting.\n",ssize,strip_size);
++ _TIFFfree(buf);
++ _TIFFfree(buffer32s);
++ TIFFClose(tif);
++ opj_image_destroy(image);
++ return NULL;
++ }
+ dat8 = (const OPJ_UINT8*)buf;
+-
++
+ while (ssize >= rowStride) {
+ cvtTifTo32s(dat8, buffer32s, (OPJ_SIZE_T)w * tiSpp);
+ cvtCxToPx(buffer32s, planes, (OPJ_SIZE_T)w);
diff --git a/gnu/packages/patches/openssh-memory-exhaustion.patch b/gnu/packages/patches/openssh-memory-exhaustion.patch
deleted file mode 100644
index 91fe294ca4..0000000000
--- a/gnu/packages/patches/openssh-memory-exhaustion.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Fix a memory exhaustion bug in the key exchange, whereby an unauthenticated user
-could potentially consume 38400 MB of memory on the server:
-
-http://seclists.org/oss-sec/2016/q4/185
-
-Patch adapted from upstream source repository:
-
-https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad
-
-From ec165c392ca54317dbe3064a8c200de6531e89ad Mon Sep 17 00:00:00 2001
-From: "markus@openbsd.org" <markus@openbsd.org>
-Date: Mon, 10 Oct 2016 19:28:48 +0000
-Subject: [PATCH] upstream commit
-
-Unregister the KEXINIT handler after message has been
-received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
-allocation of up to 128MB -- until the connection is closed. Reported by
-shilei-c at 360.cn
-
-Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05
----
- kex.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/kex.c b/kex.c
-index 3f97f8c..6a94bc5 100644
---- a/kex.c
-+++ b/kex.c
-@@ -481,6 +481,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
- if (kex == NULL)
- return SSH_ERR_INVALID_ARGUMENT;
-
-+ ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
- ptr = sshpkt_ptr(ssh, &dlen);
- if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)
- return r;
---
-2.10.1
-
diff --git a/gnu/packages/patches/python-2.7-site-prefixes.patch b/gnu/packages/patches/python-2.7-site-prefixes.patch
new file mode 100644
index 0000000000..9e3066508f
--- /dev/null
+++ b/gnu/packages/patches/python-2.7-site-prefixes.patch
@@ -0,0 +1,26 @@
+Add all /gnu/store/ prefixes found in PYTHONPATH to the prefixes where
+site-packages (and .pth files) are searched.
+
+*** Python-2.7.11/Lib/site.py.orig 2016-10-17 23:27:23.746149690 +0200
+--- Python-2.7.11/Lib/site.py 2016-10-17 23:44:51.930871644 +0200
+***************
+*** 65,70 ****
+--- 65,82 ----
+
+ # Prefixes for site-packages; add additional prefixes like /usr/local here
+ PREFIXES = [sys.prefix, sys.exec_prefix]
++ # Guix: Add all /gnu/store-paths in PYTHONPATH--these are all
++ # "prefixes". This is required to search .pth files in all python
++ # packages contained in /gnu/store which is required to make
++ # .pth-defined namespace packages work.
++ # This is necessary if the packages are not merged into a single
++ # `site-packages` directory (like when using `guix environment`) but
++ # listed in PYTHONPATH (like when running `guix build`).
++ for p in sys.path:
++ if p.startswith('/gnu/store/'):
++ PREFIXES.append(p[:p.find('/', 44)]) # find first pathsep after hash
++ del p
++
+ # Enable per user site-packages directory
+ # set it to False to disable the feature or True to force the feature
+ ENABLE_USER_SITE = None
diff --git a/gnu/packages/patches/python-dendropy-exclude-failing-tests.patch b/gnu/packages/patches/python-dendropy-exclude-failing-tests.patch
deleted file mode 100644
index 288a58b06f..0000000000
--- a/gnu/packages/patches/python-dendropy-exclude-failing-tests.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff --git a/dendropy/test/test_phylogenetic_distance_matrix.py b/dendropy/test/test_phylogenetic_distance_matrix.py
-index 10c05f5..a18ba52 100644
---- a/dendropy/test/test_phylogenetic_distance_matrix.py
-+++ b/dendropy/test/test_phylogenetic_distance_matrix.py
-@@ -793,7 +793,7 @@ class PdmUpgmaTree(PdmTreeChecker, unittest.TestCase):
- expected_tree=expected_tree)
-
- class NodeToNodeDistancesTest(unittest.TestCase):
--
-+ @unittest.expectedFailure
- def test_distances(self):
- ## get distances from ape
- # library(ape)
-@@ -825,6 +825,7 @@ class NodeToNodeDistancesTest(unittest.TestCase):
- e = reference_table[nd1.label, nd2.label]
- self.assertAlmostEqual(d, e)
-
-+ @unittest.expectedFailure
- def test_mrca(self):
- test_runs = [
- "hiv1.newick",
diff --git a/gnu/packages/patches/python-pycrypto-CVE-2013-7459.patch b/gnu/packages/patches/python-pycrypto-CVE-2013-7459.patch
new file mode 100644
index 0000000000..3570b94e9b
--- /dev/null
+++ b/gnu/packages/patches/python-pycrypto-CVE-2013-7459.patch
@@ -0,0 +1,97 @@
+Fix CVE-2013-7459:
+
+https://github.com/dlitz/pycrypto/issues/176
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7459
+
+Copied from Debian:
+
+https://anonscm.debian.org/cgit/collab-maint/python-crypto.git/commit/?id=0de2243837ed369a086f15c50cca2be85bdfab9d
+
+Debian adapts this upstream commit:
+
+https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
+
+From 8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 Mon Sep 17 00:00:00 2001
+From: Legrandin <helderijs@gmail.com>
+Date: Sun, 22 Dec 2013 22:24:46 +0100
+Subject: [PATCH] Throw exception when IV is used with ECB or CTR
+
+The IV parameter is currently ignored when initializing
+a cipher in ECB or CTR mode.
+
+For CTR mode, it is confusing: it takes some time to see
+that a different parameter is needed (the counter).
+
+For ECB mode, it is outright dangerous.
+
+This patch forces an exception to be raised.
+---
+ lib/Crypto/SelfTest/Cipher/common.py | 31 +++++++++++++++++++++++--------
+ src/block_template.c | 11 +++++++++++
+ 2 files changed, 34 insertions(+), 8 deletions(-)
+
+--- a/lib/Crypto/SelfTest/Cipher/common.py
++++ b/lib/Crypto/SelfTest/Cipher/common.py
+@@ -239,19 +239,34 @@ class RoundtripTest(unittest.TestCase):
+ return """%s .decrypt() output of .encrypt() should not be garbled""" % (self.module_name,)
+
+ def runTest(self):
+- for mode in (self.module.MODE_ECB, self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB, self.module.MODE_OPENPGP):
++
++ ## ECB mode
++ mode = self.module.MODE_ECB
++ encryption_cipher = self.module.new(a2b_hex(self.key), mode)
++ ciphertext = encryption_cipher.encrypt(self.plaintext)
++ decryption_cipher = self.module.new(a2b_hex(self.key), mode)
++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
++ self.assertEqual(self.plaintext, decrypted_plaintext)
++
++ ## OPENPGP mode
++ mode = self.module.MODE_OPENPGP
++ encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
++ eiv_ciphertext = encryption_cipher.encrypt(self.plaintext)
++ eiv = eiv_ciphertext[:self.module.block_size+2]
++ ciphertext = eiv_ciphertext[self.module.block_size+2:]
++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv)
++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
++ self.assertEqual(self.plaintext, decrypted_plaintext)
++
++ ## All other non-AEAD modes (but CTR)
++ for mode in (self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB):
+ encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+ ciphertext = encryption_cipher.encrypt(self.plaintext)
+-
+- if mode != self.module.MODE_OPENPGP:
+- decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+- else:
+- eiv = ciphertext[:self.module.block_size+2]
+- ciphertext = ciphertext[self.module.block_size+2:]
+- decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv)
++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+ decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
+ self.assertEqual(self.plaintext, decrypted_plaintext)
+
++
+ class PGPTest(unittest.TestCase):
+ def __init__(self, module, params):
+ unittest.TestCase.__init__(self)
+--- a/src/block_template.c
++++ b/src/block_template.c
+@@ -170,6 +170,17 @@ ALGnew(PyObject *self, PyObject *args, P
+ "Key cannot be the null string");
+ return NULL;
+ }
++ if (IVlen != 0 && mode == MODE_ECB)
++ {
++ PyErr_Format(PyExc_ValueError, "ECB mode does not use IV");
++ return NULL;
++ }
++ if (IVlen != 0 && mode == MODE_CTR)
++ {
++ PyErr_Format(PyExc_ValueError,
++ "CTR mode needs counter parameter, not IV");
++ return NULL;
++ }
+ if (IVlen != BLOCK_SIZE && mode != MODE_ECB && mode != MODE_CTR)
+ {
+ PyErr_Format(PyExc_ValueError,
diff --git a/gnu/packages/patches/python-rarfile-fix-tests.patch b/gnu/packages/patches/python-rarfile-fix-tests.patch
deleted file mode 100644
index 8ae8894009..0000000000
--- a/gnu/packages/patches/python-rarfile-fix-tests.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-There is no test.sh, but there are test1.sh and test2.sh.
-
-diff --git a/test/Makefile b/test/Makefile
-index 027bc5f..5383db3 100644
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -1,5 +1,6 @@
- test:
-- ./test.sh
-+ ./test1.sh
-+ ./test2.sh
-
- clean:
- rm -rf __pycache__
diff --git a/gnu/packages/patches/qemu-CVE-2016-8576.patch b/gnu/packages/patches/qemu-CVE-2016-8576.patch
deleted file mode 100644
index 5031b59d81..0000000000
--- a/gnu/packages/patches/qemu-CVE-2016-8576.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 20009bdaf95d10bf748fa69b104672d3cfaceddf Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Fri, 7 Oct 2016 10:15:29 +0200
-Subject: [PATCH] xhci: limit the number of link trbs we are willing to process
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
----
- hw/usb/hcd-xhci.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
-index 726435c..ee4fa48 100644
---- a/hw/usb/hcd-xhci.c
-+++ b/hw/usb/hcd-xhci.c
-@@ -54,6 +54,8 @@
- * to the specs when it gets them */
- #define ER_FULL_HACK
-
-+#define TRB_LINK_LIMIT 4
-+
- #define LEN_CAP 0x40
- #define LEN_OPER (0x400 + 0x10 * MAXPORTS)
- #define LEN_RUNTIME ((MAXINTRS + 1) * 0x20)
-@@ -1000,6 +1002,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
- dma_addr_t *addr)
- {
- PCIDevice *pci_dev = PCI_DEVICE(xhci);
-+ uint32_t link_cnt = 0;
-
- while (1) {
- TRBType type;
-@@ -1026,6 +1029,9 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
- ring->dequeue += TRB_SIZE;
- return type;
- } else {
-+ if (++link_cnt > TRB_LINK_LIMIT) {
-+ return 0;
-+ }
- ring->dequeue = xhci_mask64(trb->parameter);
- if (trb->control & TRB_LK_TC) {
- ring->ccs = !ring->ccs;
-@@ -1043,6 +1049,7 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
- bool ccs = ring->ccs;
- /* hack to bundle together the two/three TDs that make a setup transfer */
- bool control_td_set = 0;
-+ uint32_t link_cnt = 0;
-
- while (1) {
- TRBType type;
-@@ -1058,6 +1065,9 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
- type = TRB_TYPE(trb);
-
- if (type == TR_LINK) {
-+ if (++link_cnt > TRB_LINK_LIMIT) {
-+ return -length;
-+ }
- dequeue = xhci_mask64(trb.parameter);
- if (trb.control & TRB_LK_TC) {
- ccs = !ccs;
---
-1.8.3.1
-
diff --git a/gnu/packages/patches/qemu-CVE-2016-8577.patch b/gnu/packages/patches/qemu-CVE-2016-8577.patch
deleted file mode 100644
index c4132d2fb1..0000000000
--- a/gnu/packages/patches/qemu-CVE-2016-8577.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Subject: [Qemu-devel] [PATCH] 9pfs: fix potential host memory leak in v9fs_read
-From: Li Qiang <liq3ea@gmail.com>
-
-In 9pfs read dispatch function, it doesn't free two QEMUIOVector
-object thus causing potential memory leak. This patch avoid this.
-
-Signed-off-by: Li Qiang <liq3ea@gmail.com>
----
- hw/9pfs/9p.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
-index 119ee58..543a791 100644
---- a/hw/9pfs/9p.c
-+++ b/hw/9pfs/9p.c
-@@ -1826,14 +1826,15 @@ static void v9fs_read(void *opaque)
- if (len < 0) {
- /* IO error return the error */
- err = len;
-- goto out;
-+ goto out_free_iovec;
- }
- } while (count < max_count && len > 0);
- err = pdu_marshal(pdu, offset, "d", count);
- if (err < 0) {
-- goto out;
-+ goto out_free_iovec;
- }
- err += offset + count;
-+out_free_iovec:
- qemu_iovec_destroy(&qiov);
- qemu_iovec_destroy(&qiov_full);
- } else if (fidp->fid_type == P9_FID_XATTR) {
---
-1.8.3.1
-
diff --git a/gnu/packages/patches/qemu-CVE-2016-8578.patch b/gnu/packages/patches/qemu-CVE-2016-8578.patch
deleted file mode 100644
index 92ba365727..0000000000
--- a/gnu/packages/patches/qemu-CVE-2016-8578.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: Li Qiang <liq3ea@gmail.com>
-
-In 9pfs function v9fs_iov_vunmarshal, it will not allocate space
-for empty string. This will cause several NULL pointer dereference
-issues. this patch fix this issue.
-
-Signed-off-by: Li Qiang <liq3ea@gmail.com>
----
- fsdev/9p-iov-marshal.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c
-index 663cad5..1d16f8d 100644
---- a/fsdev/9p-iov-marshal.c
-+++ b/fsdev/9p-iov-marshal.c
-@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset,
- str->data = g_malloc(str->size + 1);
- copied = v9fs_unpack(str->data, out_sg, out_num, offset,
- str->size);
-- if (copied > 0) {
-+ if (copied >= 0) {
- str->data[str->size] = 0;
- } else {
- v9fs_string_free(str);
---
-1.8.3.1
-
diff --git a/gnu/packages/patches/readline-7.0-mingw.patch b/gnu/packages/patches/readline-7.0-mingw.patch
new file mode 100644
index 0000000000..1dc491d556
--- /dev/null
+++ b/gnu/packages/patches/readline-7.0-mingw.patch
@@ -0,0 +1,28 @@
+Configure checks for chown; add missing shields in code.
+
+Upstream status: not yet presented upstream.
+
+--- readline-7.0/histfile.c.orig 2016-12-06 20:04:10.058901731 +0100
++++ readline-7.0/histfile.c 2016-12-06 20:05:09.220083801 +0100
+@@ -610,8 +610,10 @@
+ user is running this, it's a no-op. If the shell is running after sudo
+ with a shared history file, we don't want to leave the history file
+ owned by root. */
++#if HAVE_CHOWN
+ if (rv == 0 && exists)
+ r = chown (filename, finfo.st_uid, finfo.st_gid);
++#endif
+
+ xfree (filename);
+ FREE (tempname);
+@@ -757,8 +759,10 @@
+ user is running this, it's a no-op. If the shell is running after sudo
+ with a shared history file, we don't want to leave the history file
+ owned by root. */
++#if HAVE_CHOWN
+ if (rv == 0 && exists)
+ mode = chown (histname, finfo.st_uid, finfo.st_gid);
++#endif
+
+ FREE (histname);
+ FREE (tempname);
diff --git a/gnu/packages/patches/ruby-symlinkfix.patch b/gnu/packages/patches/ruby-symlinkfix.patch
deleted file mode 100644
index 16beecc97a..0000000000
--- a/gnu/packages/patches/ruby-symlinkfix.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-Fix symlinks to '..' to fix rubygems improperly expanding symlinked
-paths. Without this fix, some gems fail to install. This patch is applied in
-rubygems 2.5.2, but ruby version 2.3.1 bundles an older version of rubygems
-(2.5.1).
-
---- a/lib/rubygems/package.rb
-+++ b/lib/rubygems/package.rb
-@@ -383,7 +383,7 @@ def extract_tar_gz io, destination_dir, pattern = "*" # :nodoc:
- FileUtils.chmod entry.header.mode, destination
- end if entry.file?
-
-- File.symlink(install_location(entry.header.linkname, destination_dir), destination) if entry.symlink?
-+ File.symlink(entry.header.linkname, destination) if entry.symlink?
-
- verbose destination
- end
-diff --git a/test/rubygems/test_gem_package.rb b/test/rubygems/test_gem_package.rb
-index 7848bc2..f287bd3 100644
---- a/test/rubygems/test_gem_package.rb
-+++ b/test/rubygems/test_gem_package.rb
-@@ -428,19 +428,25 @@ def test_extract_tar_gz_absolute
- "#{@destination} is not allowed", e.message)
- end
-
-- def test_extract_tar_gz_symlink_absolute
-+ def test_extract_tar_gz_symlink_relative_path
-+ skip 'symlink not supported' if Gem.win_platform?
-+
- package = Gem::Package.new @gem
-
- tgz_io = util_tar_gz do |tar|
-- tar.add_symlink 'code.rb', '/absolute.rb', 0644
-+ tar.add_file 'relative.rb', 0644 do |io| io.write 'hi' end
-+ tar.mkdir 'lib', 0755
-+ tar.add_symlink 'lib/foo.rb', '../relative.rb', 0644
- end
-
-- e = assert_raises Gem::Package::PathError do
-- package.extract_tar_gz tgz_io, @destination
-- end
-+ package.extract_tar_gz tgz_io, @destination
-
-- assert_equal("installing into parent path /absolute.rb of " +
-- "#{@destination} is not allowed", e.message)
-+ extracted = File.join @destination, 'lib/foo.rb'
-+ assert_path_exists extracted
-+ assert_equal '../relative.rb',
-+ File.readlink(extracted)
-+ assert_equal 'hi',
-+ File.read(extracted)
- end
-
- def test_extract_tar_gz_directory
diff --git a/gnu/packages/patches/seq24-rename-mutex.patch b/gnu/packages/patches/seq24-rename-mutex.patch
new file mode 100644
index 0000000000..ddc5910119
--- /dev/null
+++ b/gnu/packages/patches/seq24-rename-mutex.patch
@@ -0,0 +1,124 @@
+The custom mutex definition in Seq24 clashes with the mutex defined in gtkmm.
+This patch renames the custom definition.
+
+See https://bugs.launchpad.net/seq24/+bug/1647614 for upstream bug report.
+
+diff --git a/src/midibus.h b/src/midibus.h
+index 2cdf8e8..1bb02bd 100644
+--- a/src/midibus.h
++++ b/src/midibus.h
+@@ -90,7 +90,7 @@ class midibus
+
+
+ /* locking */
+- mutex m_mutex;
++ seq24mutex m_mutex;
+
+ /* mutex */
+ void lock();
+@@ -208,7 +208,7 @@ class mastermidibus
+ sequence *m_seq;
+
+ /* locking */
+- mutex m_mutex;
++ seq24mutex m_mutex;
+
+ /* mutex */
+ void lock();
+diff --git a/src/midibus_portmidi.h b/src/midibus_portmidi.h
+index 0119e9c..8c6a27a 100644
+--- a/src/midibus_portmidi.h
++++ b/src/midibus_portmidi.h
+@@ -65,7 +65,7 @@ class midibus
+ long m_lasttick;
+
+ /* locking */
+- mutex m_mutex;
++ seq24mutex m_mutex;
+
+ /* mutex */
+ void lock();
+@@ -164,7 +164,7 @@ class mastermidibus
+ sequence *m_seq;
+
+ /* locking */
+- mutex m_mutex;
++ seq24mutex m_mutex;
+
+ /* mutex */
+ void lock();
+diff --git a/src/mutex.cpp b/src/mutex.cpp
+index b3f23fd..914114f 100644
+--- a/src/mutex.cpp
++++ b/src/mutex.cpp
+@@ -20,23 +20,23 @@
+
+ #include "mutex.h"
+
+-const pthread_mutex_t mutex::recmutex = PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP;
++const pthread_mutex_t seq24mutex::recmutex = PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP;
+ const pthread_cond_t condition_var::cond = PTHREAD_COND_INITIALIZER;
+
+-mutex::mutex( )
++seq24mutex::seq24mutex( )
+ {
+ m_mutex_lock = recmutex;
+ }
+
+ void
+-mutex::lock( )
++seq24mutex::lock( )
+ {
+ pthread_mutex_lock( &m_mutex_lock );
+ }
+
+
+ void
+-mutex::unlock( )
++seq24mutex::unlock( )
+ {
+ pthread_mutex_unlock( &m_mutex_lock );
+ }
+diff --git a/src/mutex.h b/src/mutex.h
+index 399f8a3..4f1b867 100644
+--- a/src/mutex.h
++++ b/src/mutex.h
+@@ -24,7 +24,7 @@
+
+ #include <pthread.h>
+
+-class mutex {
++class seq24mutex {
+
+ private:
+
+@@ -37,14 +37,14 @@ protected:
+
+ public:
+
+- mutex();
++ seq24mutex();
+
+ void lock();
+ void unlock();
+
+ };
+
+-class condition_var : public mutex {
++class condition_var : public seq24mutex {
+
+ private:
+
+diff --git a/src/sequence.h b/src/sequence.h
+index 2943946..9da8700 100644
+--- a/src/sequence.h
++++ b/src/sequence.h
+@@ -153,7 +153,7 @@ class sequence
+ long m_rec_vol;
+
+ /* locking */
+- mutex m_mutex;
++ seq24mutex m_mutex;
+
+ /* used to idenfity which events are ours in the out queue */
+ //unsigned char m_tag;
diff --git a/gnu/packages/patches/slock-CVE-2016-6866.patch b/gnu/packages/patches/slock-CVE-2016-6866.patch
deleted file mode 100644
index 2f94b8c1a9..0000000000
--- a/gnu/packages/patches/slock-CVE-2016-6866.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-Fix CVE-2016-6866.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6866
-https://security-tracker.debian.org/tracker/CVE-2016-6866
-
-Copied from upstream source repository:
-http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29
-
-From d8bec0f6fdc8a246d78cb488a0068954b46fcb29 Mon Sep 17 00:00:00 2001
-From: Markus Teich <markus.teich@stusta.mhn.de>
-Date: Tue, 30 Aug 2016 22:59:06 +0000
-Subject: fix CVE-2016-6866
-
----
-diff --git a/slock.c b/slock.c
-index 847b328..8ed59ca 100644
---- a/slock.c
-+++ b/slock.c
-@@ -123,7 +123,7 @@ readpw(Display *dpy)
- readpw(Display *dpy, const char *pws)
- #endif
- {
-- char buf[32], passwd[256];
-+ char buf[32], passwd[256], *encrypted;
- int num, screen;
- unsigned int len, color;
- KeySym ksym;
-@@ -159,7 +159,11 @@ readpw(Display *dpy, const char *pws)
- #ifdef HAVE_BSD_AUTH
- running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd);
- #else
-- running = !!strcmp(crypt(passwd, pws), pws);
-+ errno = 0;
-+ if (!(encrypted = crypt(passwd, pws)))
-+ fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
-+ else
-+ running = !!strcmp(encrypted, pws);
- #endif
- if (running) {
- XBell(dpy, 100);
-@@ -312,6 +316,8 @@ main(int argc, char **argv) {
-
- #ifndef HAVE_BSD_AUTH
- pws = getpw();
-+ if (strlen(pws) < 2)
-+ die("slock: failed to get user password hash.\n");
- #endif
-
- if (!(dpy = XOpenDisplay(NULL)))
---
-cgit v0.9.0.3-65-g4555
diff --git a/gnu/packages/patches/tcsh-fix-out-of-bounds-read.patch b/gnu/packages/patches/tcsh-fix-out-of-bounds-read.patch
new file mode 100644
index 0000000000..48c294f78e
--- /dev/null
+++ b/gnu/packages/patches/tcsh-fix-out-of-bounds-read.patch
@@ -0,0 +1,31 @@
+Fix out-of-bounds read in c_substitute():
+
+http://seclists.org/oss-sec/2016/q4/612
+
+Patch copied from upstream source repository:
+
+https://github.com/tcsh-org/tcsh/commit/6a542dc4fb2ba26518a47e9b3a9bcd6a91b94596
+
+From 6a542dc4fb2ba26518a47e9b3a9bcd6a91b94596 Mon Sep 17 00:00:00 2001
+From: christos <christos>
+Date: Fri, 2 Dec 2016 16:59:28 +0000
+Subject: [PATCH] Fix out of bounds read (Brooks Davis) (reproduce by starting
+ tcsh and hitting tab at the prompt)
+
+---
+ ed.chared.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ed.chared.c b/ed.chared.c
+index 1277e53..310393e 100644
+--- ed.chared.c
++++ ed.chared.c
+@@ -750,7 +750,7 @@ c_substitute(void)
+ /*
+ * If we found a history character, go expand it.
+ */
+- if (HIST != '\0' && *p == HIST)
++ if (p >= InputBuf && HIST != '\0' && *p == HIST)
+ nr_exp = c_excl(p);
+ else
+ nr_exp = 0;
diff --git a/gnu/packages/patches/unrtf-CVE-2016-10091.patch b/gnu/packages/patches/unrtf-CVE-2016-10091.patch
new file mode 100644
index 0000000000..badd1b8ed6
--- /dev/null
+++ b/gnu/packages/patches/unrtf-CVE-2016-10091.patch
@@ -0,0 +1,189 @@
+Fix CVE-2016-10091 (stack-based buffer overflows in cmd_* functions):
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10091
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849705
+http://seclists.org/oss-sec/2016/q4/787
+
+Patch adapted from Debian:
+
+https://anonscm.debian.org/cgit/collab-maint/unrtf.git/commit/?h=jessie&id=7500a48fb0fbad3ab963fb17560b2f90a8a485c8
+
+The Debian patch adapts this upstream commit so that it can be applied
+to the 0.21.9 release tarball:
+
+http://hg.savannah.gnu.org/hgweb/unrtf/rev/3b16893a6406
+
+From 7dd568ed8a6a5acb6c04f2b40f457d63a00435f3 Mon Sep 17 00:00:00 2001
+From: Willi Mann <willi@debian.org>
+Date: Sat, 31 Dec 2016 20:31:38 +0100
+Subject: [PATCH] Add patch from upstream to fix CVE-2016-10091 (buffer
+ overflow in various cmd_ functions)
+
+diff --git a/src/attr.c b/src/attr.c
+index 02b5c81..e2951ea 100644
+--- a/src/attr.c
++++ b/src/attr.c
+@@ -746,7 +746,7 @@ char *
+ assemble_string(char *string, int nr)
+ {
+
+- char *s, tmp[12];/* Number of characters that can be in int type (including '\0') - AF */
++ char *s, tmp[20];
+ int i = 0, j = 0;
+
+ if (string == NULL)
+@@ -762,7 +762,7 @@ assemble_string(char *string, int nr)
+ }
+
+ if (string[i] != '\0') {
+- sprintf(tmp, "%d", nr);
++ snprintf(tmp, 20, "%d", nr);
+ strcpy(&s[j], tmp);
+ j = j + strlen(tmp);
+ }
+diff --git a/src/convert.c b/src/convert.c
+index c76d7d6..8eacdcb 100644
+--- a/src/convert.c
++++ b/src/convert.c
+@@ -472,7 +472,7 @@ static const int fcharsetparmtocp(int parm)
+ }
+
+ // Translate code page to encoding name hopefully suitable as iconv input
+-static char *cptoencoding(parm)
++static char *cptoencoding(int parm)
+ {
+ // Note that CP0 is supposed to mean current system default, which does
+ // not make any sense as a stored value, we don't handle it.
+@@ -964,7 +964,7 @@ cmd_cf (Word *w, int align, char has_param, int num)
+ }
+ else
+ {
+- sprintf(str,"#%02x%02x%02x",
++ snprintf(str, 40, "#%02x%02x%02x",
+ color_table[num].r,
+ color_table[num].g,
+ color_table[num].b);
+@@ -993,7 +993,7 @@ cmd_cb (Word *w, int align, char has_param, int num)
+ }
+ else
+ {
+- sprintf(str,"#%02x%02x%02x",
++ snprintf(str, 40, "#%02x%02x%02x",
+ color_table[num].r,
+ color_table[num].g,
+ color_table[num].b);
+@@ -1018,7 +1018,7 @@ cmd_fs (Word *w, int align, char has_param, int points) {
+ /* Note, fs20 means 10pt */
+ points /= 2;
+
+- sprintf(str,"%d",points);
++ snprintf(str, 20, "%d", points);
+ attr_push(ATTR_FONTSIZE,str);
+
+ return FALSE;
+@@ -1166,7 +1166,7 @@ cmd_f (Word *w, int align, char has_param, int num)
+ {
+ // TOBEDONE: WHAT'S THIS ???
+ name = my_malloc(12);
+- sprintf(name, "%d", num);
++ snprintf(name, 12, "%d", num);
+ }
+
+ /* we are going to output entities, so should not output font */
+@@ -1218,7 +1218,7 @@ cmd_highlight (Word *w, int align, char has_param, int num)
+ }
+ else
+ {
+- sprintf(str,"#%02x%02x%02x",
++ snprintf(str, 40, "#%02x%02x%02x",
+ color_table[num].r,
+ color_table[num].g,
+ color_table[num].b);
+@@ -1373,9 +1373,9 @@ cmd_ftech (Word *w, int align, char has_param, int param) {
+
+ static int
+ cmd_expand (Word *w, int align, char has_param, int param) {
+- char str[10];
++ char str[20];
+ if (has_param) {
+- sprintf(str, "%d", param/4);
++ snprintf(str, 20, "%d", param / 4);
+ if (!param)
+ attr_pop(ATTR_EXPAND);
+ else
+@@ -1394,7 +1394,7 @@ cmd_expand (Word *w, int align, char has_param, int param) {
+
+ static int
+ cmd_emboss (Word *w, int align, char has_param, int param) {
+- char str[10];
++ char str[20];
+ if (has_param && !param)
+ #ifdef SUPPORT_UNNESTED
+ attr_find_pop(ATTR_EMBOSS);
+@@ -1403,7 +1403,7 @@ cmd_emboss (Word *w, int align, char has_param, int param) {
+ #endif
+ else
+ {
+- sprintf(str, "%d", param);
++ snprintf(str, 20, "%d", param);
+ attr_push(ATTR_EMBOSS, str);
+ }
+ return FALSE;
+@@ -1419,12 +1419,12 @@ cmd_emboss (Word *w, int align, char has_param, int param) {
+
+ static int
+ cmd_engrave (Word *w, int align, char has_param, int param) {
+- char str[10];
++ char str[20];
+ if (has_param && !param)
+ attr_pop(ATTR_ENGRAVE);
+ else
+ {
+- sprintf(str, "%d", param);
++ snprintf(str, 20, "%d", param);
+ attr_push(ATTR_ENGRAVE, str);
+ }
+ return FALSE;
+@@ -1976,7 +1976,7 @@ static int cmd_u (Word *w, int align, char has_param, int param) {
+
+ short done=0;
+ long unicode_number = (long) param; /* On 16bit architectures int is too small to store unicode characters. - AF */
+- char tmp[12]; /* Number of characters that can be in int type (including '\0'). If int size is greater than 4 bytes change this value. - AF */
++ char tmp[20]; /* Number of characters that can be in int type (including '\0'). If int size is greater than 4 bytes change this value. - AF */
+ const char *alias;
+ #define DEBUG 0
+ #if DEBUG
+@@ -2006,7 +2006,7 @@ static int cmd_u (Word *w, int align, char has_param, int param) {
+ /* RTF spec: Unicode values beyond 32767 are represented by negative numbers */
+ unicode_number += 65536;
+ }
+- sprintf(tmp, "%ld", unicode_number);
++ snprintf(tmp, 20, "%ld", unicode_number);
+
+ if (safe_printf(1, op->unisymbol_print, tmp)) fprintf(stderr, TOO_MANY_ARGS, "unisymbol_print");
+ done++;
+diff --git a/src/output.c b/src/output.c
+index 86d8b5c..4cdbfa6 100644
+--- a/src/output.c
++++ b/src/output.c
+@@ -320,7 +320,7 @@ op_begin_std_fontsize (OutputPersonality *op, int size)
+ if (!found_std_expr) {
+ if (op->fontsize_begin) {
+ char expr[16];
+- sprintf (expr, "%d", size);
++ snprintf(expr, 16, "%d", size);
+ if (safe_printf (1, op->fontsize_begin, expr)) fprintf(stderr, TOO_MANY_ARGS, "fontsize_begin");
+ } else {
+ /* If we cannot write out a change for the exact
+@@ -440,7 +440,7 @@ op_end_std_fontsize (OutputPersonality *op, int size)
+ if (!found_std_expr) {
+ if (op->fontsize_end) {
+ char expr[16];
+- sprintf (expr, "%d", size);
++ snprintf(expr, 16, "%d", size);
+ if (safe_printf(1, op->fontsize_end, expr)) fprintf(stderr, TOO_MANY_ARGS, "fontsize_end");
+ } else {
+ /* If we cannot write out a change for the exact
+-
+.11.0
+
diff --git a/gnu/packages/patches/vtk-mesa-10.patch b/gnu/packages/patches/vtk-mesa-10.patch
deleted file mode 100644
index bc60af68c4..0000000000
--- a/gnu/packages/patches/vtk-mesa-10.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix build against new mesa. See:
-
- https://bugs.freedesktop.org/show_bug.cgi?id=83631
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765938
-
-Description: fixes FTBFS against new libjpeg-turbo
-Author: Ondřej Surý <ondrej@debian.org>
-Bug-Debian: https://bugs.debian.org/765938
-Reviewed-By: Anton Gladky <gladk@debian.org>
-Last-Update: 2014-10-22
-
-Index: vtk6-6.1.0+dfsg2/Rendering/OpenGL/vtkOpenGL.h
-===================================================================
---- vtk6-6.1.0+dfsg2.orig/Rendering/OpenGL/vtkOpenGL.h
-+++ vtk6-6.1.0+dfsg2/Rendering/OpenGL/vtkOpenGL.h
-@@ -20,6 +20,7 @@
-
- // To prevent gl.h to include glext.h provided by the system
- #define GL_GLEXT_LEGACY
-+#define GLX_GLEXT_LEGACY
- #if defined(__APPLE__) && (defined(VTK_USE_CARBON) || defined(VTK_USE_COCOA))
- # include <OpenGL/gl.h> // Include OpenGL API.
- #else
-Index: vtk6-6.1.0+dfsg2/Rendering/OpenGL/vtkXOpenGLRenderWindow.cxx
-===================================================================
---- vtk6-6.1.0+dfsg2.orig/Rendering/OpenGL/vtkXOpenGLRenderWindow.cxx
-+++ vtk6-6.1.0+dfsg2/Rendering/OpenGL/vtkXOpenGLRenderWindow.cxx
-@@ -27,7 +27,7 @@
-
- // define GLX_GLXEXT_LEGACY to prevent glx.h to include glxext.h provided by
- // the system
--//#define GLX_GLXEXT_LEGACY
-+#define GLX_GLXEXT_LEGACY
- #include "GL/glx.h"
-
- #include "vtkgl.h"