aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/bigloo-gc-shebangs.patch18
-rw-r--r--gnu/packages/patches/chicken-CVE-2017-11343.patch57
-rw-r--r--gnu/packages/patches/evince-CVE-2017-1000083.patch109
-rw-r--r--gnu/packages/patches/heimdal-CVE-2017-11103.patch45
-rw-r--r--gnu/packages/patches/heimdal-CVE-2017-6594.patch85
-rw-r--r--gnu/packages/patches/hop-linker-flags.patch60
-rw-r--r--gnu/packages/patches/libusb-0.1-disable-tests.patch15
-rw-r--r--gnu/packages/patches/metabat-fix-compilation.patch39
-rw-r--r--gnu/packages/patches/python-fake-factory-fix-build-32bit.patch36
-rw-r--r--gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch36
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-11334.patch52
-rw-r--r--gnu/packages/patches/quassel-fix-tls-check.patch25
-rw-r--r--gnu/packages/patches/sooperlooper-build-with-wx-30.patch179
-rw-r--r--gnu/packages/patches/spice-CVE-2017-7506.patch158
-rw-r--r--gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch42
15 files changed, 806 insertions, 150 deletions
diff --git a/gnu/packages/patches/bigloo-gc-shebangs.patch b/gnu/packages/patches/bigloo-gc-shebangs.patch
deleted file mode 100644
index 367708610a..0000000000
--- a/gnu/packages/patches/bigloo-gc-shebangs.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Patch shebangs in source that gets unpacked by `configure'.
-
---- bigloo4.1a/gc/install-gc-7.4.0 2014-02-04 14:55:03.000000000 +0100
-+++ bigloo4.1a/gc/install-gc-7.4.0 2014-02-04 14:55:36.000000000 +0100
-@@ -29,10 +29,12 @@ fi
-
- # untar the two versions of the GC
- $tar xfz $src -C ../gc || (echo "$tar xfz $src failed"; exit 1)
--/bin/rm -rf "../gc/$gc"_fth
-+rm -rf "../gc/$gc"_fth
-+find ../gc/$gc -perm /111 -type f | xargs sed -i -e"s|/bin/sh|`type -P sh`|g"
- mv ../gc/$gc "../gc/$gc"_fth || (echo "mv $gc failed"; exit 1)
-
- $tar xfz $src -C ../gc || (echo "$tar xfz $src failed"; exit 1)
-+find ../gc/$gc -perm /111 -type f | xargs sed -i -e"s|/bin/sh|`type -P sh`|g"
-
- # general Bigloo patch
- (cd "../gc/$gc"_fth && $patch -p1 < ../$gc.patch > /dev/null)
diff --git a/gnu/packages/patches/chicken-CVE-2017-11343.patch b/gnu/packages/patches/chicken-CVE-2017-11343.patch
new file mode 100644
index 0000000000..1d46ad50d9
--- /dev/null
+++ b/gnu/packages/patches/chicken-CVE-2017-11343.patch
@@ -0,0 +1,57 @@
+Fix CVE-2017-11343:
+
+https://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11343
+
+Patch copied from upstream mailing list:
+
+http://lists.gnu.org/archive/html/chicken-hackers/2017-06/txtod8Pa1wGU0.txt
+
+From ae2633195cc5f4f61c9da4ac90f0c14c010dcc3d Mon Sep 17 00:00:00 2001
+From: Peter Bex <address@hidden>
+Date: Fri, 30 Jun 2017 15:39:45 +0200
+Subject: [PATCH 2/2] Initialize symbol table after setting up randomization
+
+Otherwise, the symbol table wouldn't be correctly randomized.
+---
+ NEWS | 3 +++
+ runtime.c | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+#diff --git a/NEWS b/NEWS
+#index f4b0e041..6588b30e 100644
+#--- a/NEWS
+#+++ b/NEWS
+#@@ -96,6 +96,9 @@
+# buffer overrun and/or segfault (thanks to Lemonboy).
+# - CVE-2017-9334: `length' no longer crashes on improper lists (fixes
+# #1375, thanks to "megane").
+#+ - The randomization factor of the symbol table was set before
+#+ the random seed was set, causing it to have a fixed value on many
+#+ platforms.
+#
+# - Core Libraries
+# - Unit "posix": If file-lock, file-lock/blocking or file-unlock are
+diff --git a/runtime.c b/runtime.c
+index 81c54dd2..a4580abc 100644
+--- a/runtime.c
++++ b/runtime.c
+@@ -799,7 +799,6 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel)
+ C_initial_timer_interrupt_period = INITIAL_TIMER_INTERRUPT_PERIOD;
+ C_timer_interrupt_counter = INITIAL_TIMER_INTERRUPT_PERIOD;
+ memset(signal_mapping_table, 0, sizeof(int) * NSIG);
+- initialize_symbol_table();
+ C_dlerror = "cannot load compiled code dynamically - this is a statically linked executable";
+ error_location = C_SCHEME_FALSE;
+ C_pre_gc_hook = NULL;
+@@ -816,6 +815,7 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel)
+ callback_continuation_level = 0;
+ gc_ms = 0;
+ (void)C_randomize(C_fix(time(NULL)));
++ initialize_symbol_table();
+
+ if (profiling) {
+ #ifndef C_NONUNIX
+--
+2.11.0
+
diff --git a/gnu/packages/patches/evince-CVE-2017-1000083.patch b/gnu/packages/patches/evince-CVE-2017-1000083.patch
new file mode 100644
index 0000000000..2ca062f337
--- /dev/null
+++ b/gnu/packages/patches/evince-CVE-2017-1000083.patch
@@ -0,0 +1,109 @@
+Fix CVE-2017-1000083.
+
+http://seclists.org/oss-sec/2017/q3/128
+https://bugzilla.gnome.org/show_bug.cgi?id=784630
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/evince/commit/?id=717df38fd8509bf883b70d680c9b1b3cf36732ee
+
+From 717df38fd8509bf883b70d680c9b1b3cf36732ee Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <hadess@hadess.net>
+Date: Thu, 6 Jul 2017 20:02:00 +0200
+Subject: comics: Remove support for tar and tar-like commands
+
+diff --git a/backend/comics/comics-document.c b/backend/comics/comics-document.c
+index 4c74731..641d785 100644
+--- a/backend/comics/comics-document.c
++++ b/backend/comics/comics-document.c
+@@ -56,8 +56,7 @@ typedef enum
+ RARLABS,
+ GNAUNRAR,
+ UNZIP,
+- P7ZIP,
+- TAR
++ P7ZIP
+ } ComicBookDecompressType;
+
+ typedef struct _ComicsDocumentClass ComicsDocumentClass;
+@@ -117,9 +116,6 @@ static const ComicBookDecompressCommand command_usage_def[] = {
+
+ /* 7zip */
+ {NULL , "%s l -- %s" , "%s x -y %s -o%s", FALSE, OFFSET_7Z},
+-
+- /* tar */
+- {"%s -xOf" , "%s -tf %s" , NULL , FALSE, NO_OFFSET}
+ };
+
+ static GSList* get_supported_image_extensions (void);
+@@ -364,13 +360,6 @@ comics_check_decompress_command (gchar *mime_type,
+ comics_document->command_usage = GNAUNRAR;
+ return TRUE;
+ }
+- comics_document->selected_command =
+- g_find_program_in_path ("bsdtar");
+- if (comics_document->selected_command) {
+- comics_document->command_usage = TAR;
+- return TRUE;
+- }
+-
+ } else if (g_content_type_is_a (mime_type, "application/x-cbz") ||
+ g_content_type_is_a (mime_type, "application/zip")) {
+ /* InfoZIP's unzip program */
+@@ -396,12 +385,6 @@ comics_check_decompress_command (gchar *mime_type,
+ comics_document->command_usage = P7ZIP;
+ return TRUE;
+ }
+- comics_document->selected_command =
+- g_find_program_in_path ("bsdtar");
+- if (comics_document->selected_command) {
+- comics_document->command_usage = TAR;
+- return TRUE;
+- }
+
+ } else if (g_content_type_is_a (mime_type, "application/x-cb7") ||
+ g_content_type_is_a (mime_type, "application/x-7z-compressed")) {
+@@ -425,27 +408,6 @@ comics_check_decompress_command (gchar *mime_type,
+ comics_document->command_usage = P7ZIP;
+ return TRUE;
+ }
+- comics_document->selected_command =
+- g_find_program_in_path ("bsdtar");
+- if (comics_document->selected_command) {
+- comics_document->command_usage = TAR;
+- return TRUE;
+- }
+- } else if (g_content_type_is_a (mime_type, "application/x-cbt") ||
+- g_content_type_is_a (mime_type, "application/x-tar")) {
+- /* tar utility (Tape ARchive) */
+- comics_document->selected_command =
+- g_find_program_in_path ("tar");
+- if (comics_document->selected_command) {
+- comics_document->command_usage = TAR;
+- return TRUE;
+- }
+- comics_document->selected_command =
+- g_find_program_in_path ("bsdtar");
+- if (comics_document->selected_command) {
+- comics_document->command_usage = TAR;
+- return TRUE;
+- }
+ } else {
+ g_set_error (error,
+ EV_DOCUMENT_ERROR,
+diff --git a/configure.ac b/configure.ac
+index 9e9f831..7eb0f1f 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -795,7 +795,7 @@ AC_SUBST(TIFF_MIME_TYPES)
+ AC_SUBST(APPDATA_TIFF_MIME_TYPES)
+ AM_SUBST_NOTMAKE(APPDATA_TIFF_MIME_TYPES)
+ if test "x$enable_comics" = "xyes"; then
+- COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-cbt;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;application/x-ext-cbt"
++ COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;"
+ APPDATA_COMICS_MIME_TYPES=$(echo "<mimetype>$COMICS_MIME_TYPES</mimetype>" | sed -e 's/;/<\/mimetype>\n <mimetype>/g')
+ if test -z "$EVINCE_MIME_TYPES"; then
+ EVINCE_MIME_TYPES="${COMICS_MIME_TYPES}"
+--
+cgit v0.12
+
diff --git a/gnu/packages/patches/heimdal-CVE-2017-11103.patch b/gnu/packages/patches/heimdal-CVE-2017-11103.patch
new file mode 100644
index 0000000000..d76f0df369
--- /dev/null
+++ b/gnu/packages/patches/heimdal-CVE-2017-11103.patch
@@ -0,0 +1,45 @@
+Fix CVE-2017-11103:
+
+https://orpheus-lyre.info/
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103
+https://security-tracker.debian.org/tracker/CVE-2017-11103
+
+Patch lifted from upstream source repository:
+
+https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea
+
+From 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea Mon Sep 17 00:00:00 2001
+From: Jeffrey Altman <jaltman@secure-endpoints.com>
+Date: Wed, 12 Apr 2017 15:40:42 -0400
+Subject: [PATCH] CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
+
+In _krb5_extract_ticket() the KDC-REP service name must be obtained from
+encrypted version stored in 'enc_part' instead of the unencrypted version
+stored in 'ticket'. Use of the unecrypted version provides an
+opportunity for successful server impersonation and other attacks.
+
+Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
+
+Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c
+---
+ lib/krb5/ticket.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/krb5/ticket.c b/lib/krb5/ticket.c
+index d95d96d1b..b8d81c6ad 100644
+--- a/lib/krb5/ticket.c
++++ b/lib/krb5/ticket.c
+@@ -705,8 +705,8 @@ _krb5_extract_ticket(krb5_context context,
+ /* check server referral and save principal */
+ ret = _krb5_principalname2krb5_principal (context,
+ &tmp_principal,
+- rep->kdc_rep.ticket.sname,
+- rep->kdc_rep.ticket.realm);
++ rep->enc_part.sname,
++ rep->enc_part.srealm);
+ if (ret)
+ goto out;
+ if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){
+--
+2.13.3
+
diff --git a/gnu/packages/patches/heimdal-CVE-2017-6594.patch b/gnu/packages/patches/heimdal-CVE-2017-6594.patch
new file mode 100644
index 0000000000..714af60304
--- /dev/null
+++ b/gnu/packages/patches/heimdal-CVE-2017-6594.patch
@@ -0,0 +1,85 @@
+Fix CVE-2017-6594:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6594
+https://security-tracker.debian.org/tracker/CVE-2017-6594
+
+Patch lifted from upstream source repository:
+
+https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837
+
+To apply the patch to Heimdal 1.5.3 release tarball, the changes to 'NEWS' and
+files in 'tests/' are removed, and hunk #4 of 'kdc/krb5tgs.c' is modified.
+
+From b1e699103f08d6a0ca46a122193c9da65f6cf837 Mon Sep 17 00:00:00 2001
+From: Viktor Dukhovni <viktor@twosigma.com>
+Date: Wed, 10 Aug 2016 23:31:14 +0000
+Subject: [PATCH] Fix transit path validation CVE-2017-6594
+
+Commit f469fc6 (2010-10-02) inadvertently caused the previous hop realm
+to not be added to the transit path of issued tickets. This may, in
+some cases, enable bypass of capath policy in Heimdal versions 1.5
+through 7.2.
+
+Note, this may break sites that rely on the bug. With the bug some
+incomplete [capaths] worked, that should not have. These may now break
+authentication in some cross-realm configurations.
+---
+ NEWS | 14 ++++++++++++++
+ kdc/krb5tgs.c | 12 ++++++++++--
+ tests/kdc/check-kdc.in | 17 +++++++++++++++++
+ tests/kdc/krb5.conf.in | 4 ++++
+ 4 files changed, 45 insertions(+), 2 deletions(-)
+
+diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c
+index 6048b9c55..98503812f 100644
+--- a/kdc/krb5tgs.c
++++ b/kdc/krb5tgs.c
+@@ -655,8 +655,12 @@ fix_transited_encoding(krb5_context context,
+ "Decoding transited encoding");
+ return ret;
+ }
++
++ /*
++ * If the realm of the presented tgt is neither the client nor the server
++ * realm, it is a transit realm and must be added to transited set.
++ */
+ if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)) {
+- /* not us, so add the previous realm to transited set */
+ if (num_realms + 1 > UINT_MAX/sizeof(*realms)) {
+ ret = ERANGE;
+ goto free_realms;
+@@ -737,6 +741,7 @@ tgs_make_reply(krb5_context context,
+ const char *server_name,
+ hdb_entry_ex *client,
+ krb5_principal client_principal,
++ const char *tgt_realm,
+ hdb_entry_ex *krbtgt,
+ krb5_enctype krbtgt_etype,
+ krb5_principals spp,
+@@ -798,7 +803,7 @@ tgs_make_reply(krb5_context context,
+ &tgt->transited, &et,
+ krb5_principal_get_realm(context, client_principal),
+ krb5_principal_get_realm(context, server->entry.principal),
+- krb5_principal_get_realm(context, krbtgt->entry.principal));
++ tgt_realm);
+ if(ret)
+ goto out;
+
+@@ -1519,4 +1524,6 @@ tgs_build_reply(krb5_context context,
+ krb5_keyblock sessionkey;
+ krb5_kvno kvno;
+ krb5_data rspac;
++ const char *tgt_realm = /* Realm of TGT issuer */
++ krb5_principal_get_realm(context, krbtgt->entry.principal);
+
+@@ -2324,6 +2331,7 @@ server_lookup:
+ spn,
+ client,
+ cp,
++ tgt_realm,
+ krbtgt_out,
+ tkey_sign->key.keytype,
+ spp,
+--
+2.13.3
+
diff --git a/gnu/packages/patches/hop-linker-flags.patch b/gnu/packages/patches/hop-linker-flags.patch
deleted file mode 100644
index f1f5dbfbd9..0000000000
--- a/gnu/packages/patches/hop-linker-flags.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-Make hop's link rules honor flags set by the --blflags configure argument.
-
---- hop-2.4.0/src/Makefile 2015-05-05 19:41:04.800151036 -0500
-+++ hop-2.4.0/src/Makefile 2015-05-05 19:40:40.916150417 -0500
-@@ -69,10 +69,10 @@
- $(MAKE) link.$(LINK) DEST=$@
-
- link.dynamic:
-- @ $(call link,$(BIGLOO),$(BCFLAGS),$(BCFLAGSDEV),$(OBJECTS),-o,$(DEST))
-+ @ $(call link,$(BIGLOO),$(BCFLAGS) $(BLFLAGS),$(BCFLAGSDEV),$(OBJECTS),-o,$(DEST))
-
- link.static:
-- @ $(call link,$(BIGLOO),$(BCFLAGS),$(BCFLAGSDEV),-static-all-bigloo $(OBJECTS),-o,$(DEST))
-+ @ $(call link,$(BIGLOO),$(BCFLAGS) $(BLFLAGS),$(BCFLAGSDEV),-static-all-bigloo $(OBJECTS),-o,$(DEST))
-
- link.library:
- echo "***ERROR: link.library not currently supported!"
---- hop-2.4.0/hopc/Makefile 2013-01-30 07:17:59.000000000 -0600
-+++ hop-2.4.0/hopc/Makefile 2015-05-05 19:45:21.876157699 -0500
-@@ -62,7 +62,7 @@
- mkdir -p $@
-
- $(BUILDBINDIR)/$(EXEC): .afile .etags $(OBJECTS)
-- @ $(call link,$(BIGLOO),$(BCFLAGS),,$(OBJECTS),-o,$@)
-+ @ $(call link,$(BIGLOO),$(BCFLAGS) $(BLFLAGS),$(BCFLAGSDEV),$(OBJECTS),-o,$@)
-
- $(BUILDBINDIR)/$(EXEC).jar: .afile .etags .jfile $(BGL_CLASSES) META-INF/MANIFEST.MF jvm-stdlibs jvm-share jvm-lib
- $(JAR) $@ META-INF/MANIFEST.MF -C o/class_s .
---- hop-2.4.0/hophz/Makefile 2013-01-30 07:17:59.000000000 -0600
-+++ hop-2.4.0/hophz/Makefile 2015-05-05 19:59:42.996180030 -0500
-@@ -16,9 +16,6 @@
- -include ../etc/Makefile.hopconfig
- -include ../etc/Makefile.version
-
--BLFLAGS =
--BLINKFLAGS = -suffix hop
--
- #*---------------------------------------------------------------------*/
- #* Target and Project */
- #*---------------------------------------------------------------------*/
-@@ -72,7 +69,7 @@
- mkdir -p $@
-
- $(BUILDBINDIR)/$(EXEC): .afile .etags $(OBJECTS)
-- @ $(call link,$(BIGLOO),$(BCFLAGS),$(BLINKFLAGS),$(OBJECTS),-o,$@)
-+ @ $(call link,$(BIGLOO),$(BCFLAGS) $(BLFLAGS),$(BCFLAGSDEV),$(OBJECTS),-o,$@)
-
- $(BUILDBINDIR)/$(EXEC).jar: .afile .etags .jfile $(BGL_CLASSES) META-INF/MANIFEST.MF jvm-stdlibs jvm-share jvm-lib
- @ $(JAR) $@ META-INF/MANIFEST.MF -C o/class_s .
---- hop-2.4.0/hopsh/Makefile 2013-01-30 07:17:59.000000000 -0600
-+++ hop-2.4.0/hopsh/Makefile 2015-05-05 19:46:36.060159626 -0500
-@@ -60,7 +60,7 @@
- mkdir -p $@
-
- $(BUILDBINDIR)/$(EXEC): .afile .etags $(OBJECTS)
-- @ $(call link,$(BIGLOO),$(BCFLAGS),$(BCFLAGSDEV),$(OBJECTS),-o,$@)
-+ @ $(call link,$(BIGLOO),$(BCFLAGS) $(BLFLAGS),$(BCFLAGSDEV),$(OBJECTS),-o,$@)
-
- $(BUILDBINDIR)/$(EXEC).jar: .afile .etags .jfile $(BGL_CLASSES) META-INF/MANIFEST.MF jvm-stdlibs jvm-share jvm-lib
- @ $(JAR) $@ META-INF/MANIFEST.MF -C o/class_s .
diff --git a/gnu/packages/patches/libusb-0.1-disable-tests.patch b/gnu/packages/patches/libusb-0.1-disable-tests.patch
new file mode 100644
index 0000000000..37dd8bd111
--- /dev/null
+++ b/gnu/packages/patches/libusb-0.1-disable-tests.patch
@@ -0,0 +1,15 @@
+Disable tests who fail because they have to run as root.
+
+--- libusb-0.1.12/tests/Makefile.in 2006-03-04 03:54:06.000000000 +0100
++++ libusb-0.1.12/tests/Makefile.in 2017-07-13 16:17:45.201728019 +0200
+@@ -255,8 +255,8 @@
+ hub_strings_LDADD = $(top_builddir)/libusbpp.la @OSLIBS@
+ driver_name_SOURCES = driver_name.cpp
+ driver_name_LDADD = $(top_builddir)/libusbpp.la @OSLIBS@
+-TESTS = testlibusb descriptor_test id_test find_hubs find_mice \
+- get_resolution hub_strings $(OS_SPECIFIC)
++TESTS = testlibusb descriptor_test id_test find_hubs find_mice
++ #get_resolution hub_strings $(OS_SPECIFIC)
+
+ XFAIL_TESTS = get_resolution hub_strings $(OS_SPECIFIC_XFAIL)
+ all: all-am
diff --git a/gnu/packages/patches/metabat-fix-compilation.patch b/gnu/packages/patches/metabat-fix-compilation.patch
new file mode 100644
index 0000000000..7086a96e86
--- /dev/null
+++ b/gnu/packages/patches/metabat-fix-compilation.patch
@@ -0,0 +1,39 @@
+This patch changes metabat so that (1) it is not build statically, (2) it uses
+shared libraries rather than static libraries where possible.
+
+diff --git a/SConstruct b/SConstruct
+index 69cdc0a..ac99bcb 100644
+--- a/SConstruct
++++ b/SConstruct
+@@ -26,8 +26,6 @@ debug = ARGUMENTS.get('DEBUG', None)
+ build_flags = ['-Wall', '-g', '-std=c++11', '-fopenmp']
+ link_flags = ['-lstdc++', '-lm', '-fopenmp']
+
+-if platform.platform(True, True).find('Darwin') == -1:
+- link_flags.extend(['-static', '-static-libgcc', '-static-libstdc++'])
+
+ if debug is None:
+ build_flags.extend(['-O3', '-DNDEBUG', '-Wno-unknown-pragmas', '-Wno-deprecated-declarations', '-Wno-overflow', '-Wno-unused-variable'])
+@@ -110,17 +108,17 @@ def findStaticOrShared( lib, testPaths, static_source_list, link_flag_list, stat
+ for path in testPaths:
+ if not os.path.isdir(path):
+ continue
++ for testfile in ('%s/lib%s.so' % (path, lib), '%s/lib%s.dylib' % (path, lib)):
++ if os.path.isfile(testfile):
++ print "Found shared library %s as %s" % (lib, testfile)
++ link_flag_list.extend( ["-L%s" % (path), "-l%s" % (lib) ] )
++ return
+ for suffix in staticSuffixes:
+ testfile = '%s/lib%s%s' % (path, lib, suffix)
+ if os.path.isfile(testfile):
+ static_source_list.append(testfile)
+ print "Found static library %s as %s" % (lib, testfile)
+ return
+- for testfile in ('%s/lib%s.so' % (path, lib), '%s/lib%s.dylib' % (path, lib)):
+- if os.path.isfile(testfile):
+- print "Found shared library %s as %s" % (lib, testfile)
+- link_flag_list.extend( ["-L%s" % (path), "-l%s" % (lib) ] )
+- return
+ print "Could not find library for %s!!! Looked in %s" % (lib, testPaths)
+ return
+
diff --git a/gnu/packages/patches/python-fake-factory-fix-build-32bit.patch b/gnu/packages/patches/python-fake-factory-fix-build-32bit.patch
deleted file mode 100644
index cb60896fad..0000000000
--- a/gnu/packages/patches/python-fake-factory-fix-build-32bit.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-These tests fail on 32-bit due to an overflow.
-
-Upstream bug URL: https://github.com/joke2k/faker/issues/408
-
-diff --git a/faker/tests/__init__.py b/faker/tests/__init__.py
-index 6026772..58b6b83 100644
---- a/faker/tests/__init__.py
-+++ b/faker/tests/__init__.py
-@@ -384,7 +384,6 @@ class FactoryTestCase(unittest.TestCase):
- provider = Provider
- # test century
- self.assertTrue(self._datetime_to_time(provider.date_time_this_century(after_now=False)) <= self._datetime_to_time(datetime.datetime.now()))
-- self.assertTrue(self._datetime_to_time(provider.date_time_this_century(before_now=False, after_now=True)) >= self._datetime_to_time(datetime.datetime.now()))
- # test decade
- self.assertTrue(self._datetime_to_time(provider.date_time_this_decade(after_now=False)) <= self._datetime_to_time(datetime.datetime.now()))
- self.assertTrue(self._datetime_to_time(provider.date_time_this_decade(before_now=False, after_now=True)) >= self._datetime_to_time(datetime.datetime.now()))
-@@ -413,8 +412,6 @@ class FactoryTestCase(unittest.TestCase):
-
- # ensure all methods provide timezone aware datetimes
- with self.assertRaises(TypeError):
-- provider.date_time_this_century(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now()
-- with self.assertRaises(TypeError):
- provider.date_time_this_decade(after_now=False, tzinfo=utc) <= datetime.datetime.now()
- with self.assertRaises(TypeError):
- provider.date_time_this_year(after_now=False, tzinfo=utc) <= datetime.datetime.now()
-@@ -423,7 +420,6 @@ class FactoryTestCase(unittest.TestCase):
-
- # test century
- self.assertTrue(provider.date_time_this_century(after_now=False, tzinfo=utc) <= datetime.datetime.now(utc))
-- self.assertTrue(provider.date_time_this_century(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now(utc))
- # test decade
- self.assertTrue(provider.date_time_this_decade(after_now=False, tzinfo=utc) <= datetime.datetime.now(utc))
- self.assertTrue(provider.date_time_this_decade(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now(utc))
---
-2.11.1
-
diff --git a/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch b/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch
deleted file mode 100644
index 06b2f4fe03..0000000000
--- a/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Resolves a test failure on 32-bit platforms.
-
-https://github.com/pyca/pyopenssl/issues/657
-
-Patch copied from upstream source repository:
-
-https://github.com/pyca/pyopenssl/commit/ecc0325479c0d5c5f2ca88b4550e87cdb59d6c95
-
-From ecc0325479c0d5c5f2ca88b4550e87cdb59d6c95 Mon Sep 17 00:00:00 2001
-From: Alex Gaynor <alex.gaynor@gmail.com>
-Date: Thu, 6 Jul 2017 22:14:44 -0400
-Subject: [PATCH] Fixed #657 -- handle OverflowErrors on large allocation
- requests
-
----
- tests/test_rand.py | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/tests/test_rand.py b/tests/test_rand.py
-index bdd3af08..6adf72a1 100644
---- a/tests/test_rand.py
-+++ b/tests/test_rand.py
-@@ -32,10 +32,10 @@ def test_bytes_wrong_args(self, args):
-
- def test_insufficient_memory(self):
- """
-- `OpenSSL.rand.bytes` raises `MemoryError` if more bytes are requested
-- than will fit in memory.
-+ `OpenSSL.rand.bytes` raises `MemoryError` or `OverflowError` if more
-+ bytes are requested than will fit in memory.
- """
-- with pytest.raises(MemoryError):
-+ with pytest.raises((MemoryError, OverflowError)):
- rand.bytes(sys.maxsize)
-
- def test_bytes(self):
diff --git a/gnu/packages/patches/qemu-CVE-2017-11334.patch b/gnu/packages/patches/qemu-CVE-2017-11334.patch
new file mode 100644
index 0000000000..cb68c803aa
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-11334.patch
@@ -0,0 +1,52 @@
+Fix CVE-2017-11334:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1471638
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11334
+
+Patch copied from upstream source repository:
+
+http://git.qemu.org/?p=qemu.git;a=commitdiff;h=04bf2526ce87f21b32c9acba1c5518708c243ad0
+
+From 04bf2526ce87f21b32c9acba1c5518708c243ad0 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Wed, 12 Jul 2017 18:08:40 +0530
+Subject: [PATCH] exec: use qemu_ram_ptr_length to access guest ram
+
+When accessing guest's ram block during DMA operation, use
+'qemu_ram_ptr_length' to get ram block pointer. It ensures
+that DMA operation of given length is possible; And avoids
+any OOB memory access situations.
+
+Reported-by: Alex <broscutamaker@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-Id: <20170712123840.29328-1-ppandit@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ exec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/exec.c b/exec.c
+index a083ff89ad..ad103ce483 100644
+--- a/exec.c
++++ b/exec.c
+@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
+ }
+ } else {
+ /* RAM case */
+- ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
+ memcpy(ptr, buf, l);
+ invalidate_and_set_dirty(mr, addr1, l);
+ }
+@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
+ }
+ } else {
+ /* RAM case */
+- ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
+ memcpy(buf, ptr, l);
+ }
+
+--
+2.13.3
+
diff --git a/gnu/packages/patches/quassel-fix-tls-check.patch b/gnu/packages/patches/quassel-fix-tls-check.patch
new file mode 100644
index 0000000000..057bc02a14
--- /dev/null
+++ b/gnu/packages/patches/quassel-fix-tls-check.patch
@@ -0,0 +1,25 @@
+This allows quasselclient to connect to SSL-enabled quasselcore instances.
+
+The check in qglobal.h requires -fPIC (not -fPIE as it is now). When this check
+fails SSL / TLS is disabled.
+
+This patch comes from the upstream source repository [0] and can be
+removed when the next version is packaged.
+
+[0] https://github.com/quassel/quassel/commit/4768c9e99f99b581d4e32e797db91d0182391696
+
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -428,6 +428,11 @@ endif()
+ cmake_push_check_state(RESET)
+ set(CMAKE_REQUIRED_INCLUDES ${QT_INCLUDES} ${Qt5Core_INCLUDE_DIRS})
+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${Qt5Core_EXECUTABLE_COMPILE_FLAGS}")
++
++if (USE_QT5 AND Qt5_POSITION_INDEPENDENT_CODE)
++ set(CMAKE_REQUIRED_FLAGS "-fPIC -DQT_NO_VERSION_TAGGING")
++endif()
++
+ check_cxx_source_compiles("
+ #include \"qglobal.h\"
+ #if defined QT_NO_SSL
+
diff --git a/gnu/packages/patches/sooperlooper-build-with-wx-30.patch b/gnu/packages/patches/sooperlooper-build-with-wx-30.patch
new file mode 100644
index 0000000000..43f4b9be69
--- /dev/null
+++ b/gnu/packages/patches/sooperlooper-build-with-wx-30.patch
@@ -0,0 +1,179 @@
+Downloaded from https://anonscm.debian.org/cgit/pkg-multimedia/sooperlooper.git/plain/debian/patches/04-build_with_wx_30.patch -O gnu/packages/patches/sooperlooper-build-with-wx-30.patch
+
+Author: Jaromír Mikeš <mira.mikes@seznam.cz>, Olly Betts <olly@survex.com>
+Description: build against wx 3.0.
+Forwarded: yes
+
+Index: sooperlooper/src/gui/main_panel.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/main_panel.cpp
++++ sooperlooper/src/gui/main_panel.cpp
+@@ -448,7 +448,7 @@ MainPanel::init_loopers (int count)
+ while (count < (int)_looper_panels.size()) {
+ looperpan = _looper_panels.back();
+ _looper_panels.pop_back();
+- _main_sizer->Remove(looperpan);
++ _main_sizer->Detach(looperpan);
+ looperpan->Destroy();
+ }
+ }
+@@ -1277,7 +1277,7 @@ void MainPanel::misc_action (bool releas
+ }
+
+
+- wxString filename = do_file_selector (wxT("Choose file to save loop"), wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"), wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT);
++ wxString filename = do_file_selector (wxT("Choose file to save loop"), wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"), wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT);
+
+ if ( !filename.empty() )
+ {
+@@ -1296,7 +1296,7 @@ void MainPanel::misc_action (bool releas
+ index = 0;
+ }
+
+- wxString filename = do_file_selector (wxT("Choose file to open"), wxT(""), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR);
++ wxString filename = do_file_selector (wxT("Choose file to open"), wxT(""), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR);
+
+ if ( !filename.empty() )
+ {
+@@ -1408,7 +1408,7 @@ void MainPanel::set_curr_loop (int index
+
+ void MainPanel::do_load_session ()
+ {
+- wxString filename = do_file_selector (wxT("Choose session to load"), wxT("*.slsess"), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR);
++ wxString filename = do_file_selector (wxT("Choose session to load"), wxT("*.slsess"), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR);
+
+ if ( !filename.empty() )
+ {
+@@ -1419,7 +1419,7 @@ void MainPanel::do_load_session ()
+
+ void MainPanel::do_save_session (bool write_audio)
+ {
+- wxString filename = do_file_selector (wxT("Choose file to save session"), wxT("slsess"), wxT("*.slsess"), wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT);
++ wxString filename = do_file_selector (wxT("Choose file to save session"), wxT("slsess"), wxT("*.slsess"), wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT);
+
+ if ( !filename.empty() )
+ {
+Index: sooperlooper/src/gui/pix_button.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/pix_button.cpp
++++ sooperlooper/src/gui/pix_button.cpp
+@@ -250,7 +250,7 @@ PixButton::OnMouseEvents (wxMouseEvent &
+ pt.x += bounds.x;
+ pt.y += bounds.y;
+
+- if (bounds.Inside(pt)) {
++ if (bounds.Contains(pt)) {
+ clicked (get_mouse_button(ev)); // emit
+
+ if (ev.MiddleUp() && ev.ControlDown()) {
+Index: sooperlooper/src/gui/looper_panel.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/looper_panel.cpp
++++ sooperlooper/src/gui/looper_panel.cpp
+@@ -1428,7 +1428,7 @@ LooperPanel::clicked_events (int button,
+ if (cmd == wxT("save"))
+ {
+ wxString filename = _mainpanel->do_file_selector (wxT("Choose file to save loop"),
+- wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"), wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT);
++ wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"), wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT);
+
+ if ( !filename.empty() )
+ {
+@@ -1442,7 +1442,7 @@ LooperPanel::clicked_events (int button,
+ }
+ else if (cmd == wxT("load"))
+ {
+- wxString filename = _mainpanel->do_file_selector(wxT("Choose file to open"), wxT(""), wxT("Audio files (*.wav,*.aif)|*.wav;*.WAV;*.Wav;*.aif;*.aiff;*.AIF;*.AIFF|All files (*.*)|*.*"), wxOPEN|wxCHANGE_DIR);
++ wxString filename = _mainpanel->do_file_selector(wxT("Choose file to open"), wxT(""), wxT("Audio files (*.wav,*.aif)|*.wav;*.WAV;*.Wav;*.aif;*.aiff;*.AIF;*.AIFF|All files (*.*)|*.*"), wxFD_OPEN|wxFD_CHANGE_DIR);
+
+ if ( !filename.empty() )
+ {
+Index: sooperlooper/src/gui/keyboard_target.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/keyboard_target.cpp
++++ sooperlooper/src/gui/keyboard_target.cpp
+@@ -553,10 +553,10 @@ KeyboardTarget::keycode_from_name (const
+ keycode = WXK_RETURN;
+ }
+ else if ( keyname == wxT("PGUP") ) {
+- keycode = WXK_PRIOR;
++ keycode = WXK_PAGEUP;
+ }
+ else if ( keyname == wxT("PGDN") ) {
+- keycode = WXK_NEXT;
++ keycode = WXK_PAGEDOWN;
+ }
+ else if ( keyname == wxT("LEFT") ) {
+ keycode = WXK_LEFT;
+@@ -630,10 +630,10 @@ wxString KeyboardTarget::name_from_keyco
+ case WXK_RETURN:
+ text += wxT("return");
+ break;
+- case WXK_PRIOR:
++ case WXK_PAGEUP:
+ text += wxT("pageup");
+ break;
+- case WXK_NEXT:
++ case WXK_PAGEDOWN:
+ text += wxT("pagedown");
+ break;
+ case WXK_LEFT:
+Index: sooperlooper/src/gui/check_box.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/check_box.cpp
++++ sooperlooper/src/gui/check_box.cpp
+@@ -237,7 +237,7 @@ CheckBox::OnMouseEvents (wxMouseEvent &e
+ }
+ else if (ev.LeftUp())
+ {
+- if (bounds.Inside(ev.GetPosition())) {
++ if (bounds.Contains(ev.GetPosition())) {
+ // toggle value
+ _value = !_value;
+
+Index: sooperlooper/src/gui/midi_bind_panel.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/midi_bind_panel.cpp
++++ sooperlooper/src/gui/midi_bind_panel.cpp
+@@ -880,7 +880,7 @@ void MidiBindPanel::on_button (wxCommand
+ }
+ else if (ev.GetId() == ID_LoadButton)
+ {
+- wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to open"), wxT(""), wxT("*.slb"), wxOPEN|wxCHANGE_DIR);
++ wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to open"), wxT(""), wxT("*.slb"), wxFD_OPEN|wxFD_CHANGE_DIR);
+ if ( !filename.empty() )
+ {
+ _parent->get_loop_control().load_midi_bindings(filename, _append_check->GetValue());
+@@ -888,7 +888,7 @@ void MidiBindPanel::on_button (wxCommand
+ }
+ else if (ev.GetId() == ID_SaveButton)
+ {
+- wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to save"), wxT(""), wxT("*.slb"), wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT);
++ wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to save"), wxT(""), wxT("*.slb"), wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT);
+
+ if ( !filename.empty() )
+ {
+Index: sooperlooper/src/gui/config_panel.cpp
+===================================================================
+--- sooperlooper.orig/src/gui/config_panel.cpp
++++ sooperlooper/src/gui/config_panel.cpp
+@@ -378,7 +378,7 @@ void ConfigPanel::on_button (wxCommandEv
+ else if (ev.GetId() == ID_MidiBrowseButton) {
+
+ _parent->get_keyboard().set_enabled(false);
+- wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to use"), wxT(""), wxT("*.slb"), wxOPEN|wxCHANGE_DIR);
++ wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to use"), wxT(""), wxT("*.slb"), wxFD_OPEN|wxFD_CHANGE_DIR);
+ _parent->get_keyboard().set_enabled(true);
+
+ if ( !filename.empty() )
+@@ -389,8 +389,8 @@ void ConfigPanel::on_button (wxCommandEv
+ else if (ev.GetId() == ID_SessionBrowseButton) {
+
+ _parent->get_keyboard().set_enabled(false);
+- wxString filename = _parent->do_file_selector(wxT("Choose session file to use"), wxT(""), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR);
+- //wxString filename = wxFileSelector(wxT("Choose session file to use"), wxT(""), wxT(""), wxT(""), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR);
++ wxString filename = _parent->do_file_selector(wxT("Choose session file to use"), wxT(""), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR);
++ //wxString filename = wxFileSelector(wxT("Choose session file to use"), wxT(""), wxT(""), wxT(""), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR);
+ _parent->get_keyboard().set_enabled(true);
+
+ if ( !filename.empty() )
diff --git a/gnu/packages/patches/spice-CVE-2017-7506.patch b/gnu/packages/patches/spice-CVE-2017-7506.patch
new file mode 100644
index 0000000000..37d8f02831
--- /dev/null
+++ b/gnu/packages/patches/spice-CVE-2017-7506.patch
@@ -0,0 +1,158 @@
+Fix CVE-2017-7506:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1452606
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7506
+
+Patches copied from Debian spice package version
+'spice_0.12.8-2.1+deb9u1.debian.tar.xz':
+http://security.debian.org/debian-security/pool/updates/main/s/spice/spice_0.12.8-2.1+deb9u1.debian.tar.xz
+
+The patches had to be adapted to apply to the latest spice tarball, and
+are based on these upstream commits:
+
+https://cgit.freedesktop.org/spice/spice/commit/?id=111ab38611cef5012f1565a65fa2d8a8a05cce37
+https://cgit.freedesktop.org/spice/spice/commit/?id=571cec91e71c2aae0d5f439ea2d8439d0c3d75eb
+https://cgit.freedesktop.org/spice/spice/commit/?id=fbbcdad773e2791cfb988f4748faa41943551ca6
+
+From 257f69d619fed407493156c8a7b952abc8a51314 Mon Sep 17 00:00:00 2001
+Date: Mon, 15 May 2017 15:57:28 +0100
+Subject: [spice-server 1/3] reds: Disconnect when receiving overly big
+ ClientMonitorsConfig
+
+Total message size received from the client was unlimited. There is
+a 2kiB size check on individual agent messages, but the MonitorsConfig
+message can be split in multiple chunks, and the size of the
+non-chunked MonitorsConfig message was never checked. This could easily
+lead to memory exhaustion on the host.
+
+---
+ server/reds.c | 25 +++++++++++++++++++++++--
+ 1 file changed, 23 insertions(+), 2 deletions(-)
+
+diff --git a/server/reds.c b/server/reds.c
+index f439a3668..7be85fdfc 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -993,19 +993,34 @@ static void reds_client_monitors_config_cleanup(void)
+ static void reds_on_main_agent_monitors_config(
+ MainChannelClient *mcc, void *message, size_t size)
+ {
++ const unsigned int MAX_MONITORS = 256;
++ const unsigned int MAX_MONITOR_CONFIG_SIZE =
++ sizeof(VDAgentMonitorsConfig) + MAX_MONITORS * sizeof(VDAgentMonConfig);
++
+ VDAgentMessage *msg_header;
+ VDAgentMonitorsConfig *monitors_config;
+ RedsClientMonitorsConfig *cmc = &reds->client_monitors_config;
+
++ // limit size of message sent by the client as this can cause a DoS through
++ // memory exhaustion, or potentially some integer overflows
++ if (sizeof(VDAgentMessage) + MAX_MONITOR_CONFIG_SIZE - cmc->buffer_size < size) {
++ goto overflow;
++ }
+ cmc->buffer_size += size;
+ cmc->buffer = realloc(cmc->buffer, cmc->buffer_size);
+ spice_assert(cmc->buffer);
+ cmc->mcc = mcc;
+ memcpy(cmc->buffer + cmc->buffer_pos, message, size);
+ cmc->buffer_pos += size;
++ if (sizeof(VDAgentMessage) > cmc->buffer_size) {
++ spice_debug("not enough data yet. %d", cmc->buffer_size);
++ return;
++ }
+ msg_header = (VDAgentMessage *)cmc->buffer;
+- if (sizeof(VDAgentMessage) > cmc->buffer_size ||
+- msg_header->size > cmc->buffer_size - sizeof(VDAgentMessage)) {
++ if (msg_header->size > MAX_MONITOR_CONFIG_SIZE) {
++ goto overflow;
++ }
++ if (msg_header->size > cmc->buffer_size - sizeof(VDAgentMessage)) {
+ spice_debug("not enough data yet. %d", cmc->buffer_size);
+ return;
+ }
+@@ -1013,6 +1028,12 @@ static void reds_on_main_agent_monitors_config(
+ spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
+ red_dispatcher_client_monitors_config(monitors_config);
+ reds_client_monitors_config_cleanup();
++ return;
++
++overflow:
++ spice_warning("received invalid MonitorsConfig request from client, disconnecting");
++ red_channel_client_disconnect(main_channel_client_get_base(mcc));
++ reds_client_monitors_config_cleanup();
+ }
+
+ void reds_on_main_agent_data(MainChannelClient *mcc, void *message, size_t size)
+--
+2.13.0
+From ff2b4ef70181087d5abd50bad76d026ec5088a93 Mon Sep 17 00:00:00 2001
+Date: Mon, 15 May 2017 15:57:28 +0100
+Subject: [spice-server 2/3] reds: Avoid integer overflows handling monitor
+ configuration
+
+Avoid VDAgentMessage::size integer overflows.
+
+---
+ server/reds.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/server/reds.c b/server/reds.c
+index 7be85fdfc..e1c8c1086 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -1024,6 +1024,9 @@ static void reds_on_main_agent_monitors_config(
+ spice_debug("not enough data yet. %d", cmc->buffer_size);
+ return;
+ }
++ if (msg_header->size < sizeof(VDAgentMonitorsConfig)) {
++ goto overflow;
++ }
+ monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header));
+ spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
+ red_dispatcher_client_monitors_config(monitors_config);
+--
+2.13.0
+From 8cc3d7df2792751939cc832f4110c57e2addfca5 Mon Sep 17 00:00:00 2001
+Date: Mon, 15 May 2017 15:57:28 +0100
+Subject: [spice-server 3/3] reds: Avoid buffer overflows handling monitor
+ configuration
+
+It was also possible for a malicious client to set
+VDAgentMonitorsConfig::num_of_monitors to a number larger
+than the actual size of VDAgentMOnitorsConfig::monitors.
+This would lead to buffer overflows, which could allow the guest to
+read part of the host memory. This might cause write overflows in the
+host as well, but controlling the content of such buffers seems
+complicated.
+
+---
+ server/reds.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/server/reds.c b/server/reds.c
+index e1c8c1086..3a42c3755 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -1000,6 +1000,7 @@ static void reds_on_main_agent_monitors_config(
+ VDAgentMessage *msg_header;
+ VDAgentMonitorsConfig *monitors_config;
+ RedsClientMonitorsConfig *cmc = &reds->client_monitors_config;
++ uint32_t max_monitors;
+
+ // limit size of message sent by the client as this can cause a DoS through
+ // memory exhaustion, or potentially some integer overflows
+@@ -1028,6 +1029,12 @@ static void reds_on_main_agent_monitors_config(
+ goto overflow;
+ }
+ monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header));
++ // limit the monitor number to avoid buffer overflows
++ max_monitors = (msg_header->size - sizeof(VDAgentMonitorsConfig)) /
++ sizeof(VDAgentMonConfig);
++ if (monitors_config->num_of_monitors > max_monitors) {
++ goto overflow;
++ }
+ spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
+ red_dispatcher_client_monitors_config(monitors_config);
+ reds_client_monitors_config_cleanup();
+--
+2.13.0
diff --git a/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch b/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch
new file mode 100644
index 0000000000..db3c56861b
--- /dev/null
+++ b/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch
@@ -0,0 +1,42 @@
+https://github.com/supertuxkart/stk-code/commit/5e05f1178ce6bc5f3a653b55ab3dc6d016196341.patch
+
+From 5e05f1178ce6bc5f3a653b55ab3dc6d016196341 Mon Sep 17 00:00:00 2001
+From: Deve <deveee@gmail.com>
+Date: Mon, 3 Oct 2016 23:26:09 +0200
+Subject: [PATCH] Fixed compiler error on Linux with non-x86 64bit platforms,
+ e.g. arm64, mips, and s390x architectures
+
+This modification is already applied in upstream angelscript repository:
+https://sourceforge.net/p/angelscript/code/2353/
+
+Thanks to Adrian Bunk and Andreas Jonsson
+---
+ lib/angelscript/projects/cmake/CMakeLists.txt | 1 +
+ lib/angelscript/source/as_config.h | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/angelscript/projects/cmake/CMakeLists.txt b/lib/angelscript/projects/cmake/CMakeLists.txt
+index e93971315e..755d8378c3 100644
+--- a/lib/angelscript/projects/cmake/CMakeLists.txt
++++ b/lib/angelscript/projects/cmake/CMakeLists.txt
+@@ -67,6 +67,7 @@ set(ANGELSCRIPT_SOURCE
+ ../../source/as_builder.cpp
+ ../../source/as_bytecode.cpp
+ ../../source/as_callfunc.cpp
++ ../../source/as_callfunc_mips.cpp
+ ../../source/as_callfunc_x86.cpp
+ ../../source/as_callfunc_x64_gcc.cpp
+ ../../source/as_callfunc_x64_msvc.cpp
+diff --git a/lib/angelscript/source/as_config.h b/lib/angelscript/source/as_config.h
+index cb05bffbd5..5bb5b8e800 100644
+--- a/lib/angelscript/source/as_config.h
++++ b/lib/angelscript/source/as_config.h
+@@ -844,7 +844,7 @@
+ #define THISCALL_PASS_OBJECT_POINTER_ON_THE_STACK
+ #define AS_X86
+ #undef AS_NO_THISCALL_FUNCTOR_METHOD
+- #elif defined(__LP64__) && !defined(__arm64__)
++ #elif defined(__x86_64__)
+ #define AS_X64_GCC
+ #undef AS_NO_THISCALL_FUNCTOR_METHOD
+ #define HAS_128_BIT_PRIMITIVES