10 files changed, 306 insertions, 263 deletions
diff --git a/gnu/packages/patches/classpath-aarch64-support.patch b/gnu/packages/patches/classpath-aarch64-support.patch
new file mode 100644
index 0000000000..6fdac0c4fb
--- /dev/null
+++ b/gnu/packages/patches/classpath-aarch64-support.patch
@@ -0,0 +1,29 @@
+This is modeled after the ia64 support. Aarch64 can be either big endian
+or little endian, so we add the case for both.
+
+---
+ native/fdlibm/ieeefp.h | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/native/fdlibm/ieeefp.h b/native/fdlibm/ieeefp.h
+index 1a9740f..73455c0 100644
+--- a/native/fdlibm/ieeefp.h
++++ b/native/fdlibm/ieeefp.h
+@@ -27,6 +27,14 @@
+ #endif
+ #endif
+ 
++#ifdef __aarch64__
++#ifdef __BIG_ENDIAN__
++#define __IEEE_BIG_ENDIAN
++#else
++#define __IEEE_LITTLE_ENDIAN
++#endif
++#endif
++
+ #ifdef __hppa__
+ #define __IEEE_BIG_ENDIAN
+ #endif
+-- 
+2.16.3
+
diff --git a/gnu/packages/patches/hwloc-tests-without-sysfs.patch b/gnu/packages/patches/hwloc-tests-without-sysfs.patch
deleted file mode 100644
index ea6ec41616..0000000000
--- a/gnu/packages/patches/hwloc-tests-without-sysfs.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Fix a test failure in the build environment, where /sys is missing.
-From <https://github.com/bgoglin/hwloc/commit/a2cc4f2e2bf4a8bbdd61b578a62e27e7482799cf.patch>.
-
-From a2cc4f2e2bf4a8bbdd61b578a62e27e7482799cf Mon Sep 17 00:00:00 2001
-From: Brice Goglin <Brice.Goglin@inria.fr>
-Date: Tue, 6 Feb 2018 17:13:26 +0100
-Subject: [PATCH] linux: honor the filtering cores and packages when reading
- topology from cpuinfo
-
-Caused a make check crash in lstopo --filter all:none in chroot without sysfs.
-
-Thanks to Ludovic Courtes for the report.
-
-Signed-off-by: Brice Goglin <Brice.Goglin@inria.fr>
----
- hwloc/topology-linux.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/hwloc/topology-linux.c b/hwloc/topology-linux.c
-index 290da0d72..e1bbf94e1 100644
---- a/hwloc/topology-linux.c
-+++ b/hwloc/topology-linux.c
-@@ -4101,7 +4101,8 @@ look_cpuinfo(struct hwloc_topology *topology,
-     }
-   /* create package objects */
-   hwloc_debug("%u pkgs%s\n", numpkgs, missingpkg ? ", but some missing package" : "");
--  if (!missingpkg && numpkgs>0) {
-+  if (!missingpkg && numpkgs>0
-+      && hwloc_filter_check_keep_object_type(topology, HWLOC_OBJ_PACKAGE)) {
-     for (i = 0; i < numpkgs; i++) {
-       struct hwloc_obj *obj = hwloc_alloc_setup_object(topology, HWLOC_OBJ_PACKAGE, Lpkg_to_Ppkg[i]);
-       int doneinfos = 0;
-@@ -4145,7 +4146,8 @@ look_cpuinfo(struct hwloc_topology *topology,
-     }
-   /* create Core objects */
-   hwloc_debug("%u cores%s\n", numcores, missingcore ? ", but some missing core" : "");
--  if (!missingcore && numcores>0) {
-+  if (!missingcore && numcores>0
-+      && hwloc_filter_check_keep_object_type(topology, HWLOC_OBJ_CORE)) {
-     for (i = 0; i < numcores; i++) {
-       struct hwloc_obj *obj = hwloc_alloc_setup_object(topology, HWLOC_OBJ_CORE, Lcore_to_Pcore[i]);
-       obj->cpuset = hwloc_bitmap_alloc();
diff --git a/gnu/packages/patches/libusb-for-axoloti.patch b/gnu/packages/patches/libusb-for-axoloti.patch
index 2c07d767d9..76a45e801d 100644
--- a/gnu/packages/patches/libusb-for-axoloti.patch
+++ b/gnu/packages/patches/libusb-for-axoloti.patch
@@ -1,14 +1,14 @@
-diff -rp -u4 libusb-1.0.19-orig/libusb/descriptor.c libusb-1.0.19/libusb/descriptor.c
---- libusb-1.0.19-orig/libusb/descriptor.c	2015-05-12 00:15:19 +0200
-+++ libusb-1.0.19/libusb/descriptor.c	2015-05-12 00:17:09 +0200
-@@ -1181,9 +1181,9 @@ int API_EXPORTED libusb_get_string_descr
+diff -rpu4 libusb-1.0.22.orig/libusb/descriptor.c libusb-1.0.22/libusb/descriptor.c
+--- libusb-1.0.22.orig/libusb/descriptor.c	2018-03-17 08:23:37.000000000 +0100
++++ libusb-1.0.22/libusb/descriptor.c	2018-03-29 10:36:09.968429473 +0200
+@@ -1173,9 +1173,9 @@ int API_EXPORTED libusb_get_string_descr
  	if (tbuf[1] != LIBUSB_DT_STRING)
  		return LIBUSB_ERROR_IO;
  
  	if (tbuf[0] > r)
 -		return LIBUSB_ERROR_IO;
-+            tbuf[0] = r;
++		tbuf[0] = r;
  
- 	for (di = 0, si = 2; si < tbuf[0]; si += 2) {
+ 	di = 0;
+ 	for (si = 2; si < tbuf[0]; si += 2) {
  		if (di >= (length - 1))
- 			break;
diff --git a/gnu/packages/patches/links-CVE-2017-11114.patch b/gnu/packages/patches/links-CVE-2017-11114.patch
deleted file mode 100644
index c5ac9884b5..0000000000
--- a/gnu/packages/patches/links-CVE-2017-11114.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-Fix CVE-2017-11114:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11114
-http://seclists.org/fulldisclosure/2017/Jul/76
-
-Patch copied from Debian:
-
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870299#12
-
-Origin: upstream, commit: fee5dca79a93a37024e494b985386a5fe60bc1b7
-Origin: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870299#12
-Author: Mikulas Patocka <mikulas@twibright.com>
-Date:   Wed Aug 2 20:13:29 2017 +0200
-Subject: Fix read out of memory in case of corrupted UTF-8 data
-
----
- charsets.c |   37 +------------------------------------
- links.h    |    9 ++++-----
- 2 files changed, 5 insertions(+), 41 deletions(-)
-
-Index: links-2.14/charsets.c
-===================================================================
---- links-2.14.orig/charsets.c
-+++ links-2.14/charsets.c
-@@ -215,41 +215,6 @@ static struct conv_table *get_translatio
- 	return utf_table;
- }
- 
--unsigned short int utf8_2_uni_table[0x200] = {
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 128,	0, 0, 0, 192,	0,
--	0, 0, 256,	0, 0, 0, 320,	0, 0, 0, 384,	0, 0, 0, 448,	0,
--	0, 0, 512,	0, 0, 0, 576,	0, 0, 0, 640,	0, 0, 0, 704,	0,
--	0, 0, 768,	0, 0, 0, 832,	0, 0, 0, 896,	0, 0, 0, 960,	0,
--	0, 0, 1024,	0, 0, 0, 1088,	0, 0, 0, 1152,	0, 0, 0, 1216,	0,
--	0, 0, 1280,	0, 0, 0, 1344,	0, 0, 0, 1408,	0, 0, 0, 1472,	0,
--	0, 0, 1536,	0, 0, 0, 1600,	0, 0, 0, 1664,	0, 0, 0, 1728,	0,
--	0, 0, 1792,	0, 0, 0, 1856,	0, 0, 0, 1920,	0, 0, 0, 1984,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
--};
--
- unsigned char utf_8_1[256] = {
- 	6, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
- 	7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
-@@ -269,7 +234,7 @@ unsigned char utf_8_1[256] = {
- 	3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 6, 6,
- };
- 
--static_const unsigned min_utf_8[9] = {
-+static_const unsigned min_utf_8[8] = {
- 	0, 0x4000000, 0x200000, 0x10000, 0x800, 0x80, 0x100, 0x1,
- };
- 
-Index: links-2.14/links.h
-===================================================================
---- links-2.14.orig/links.h
-+++ links-2.14/links.h
-@@ -3906,15 +3906,14 @@ unsigned char *cp_strchr(int charset, un
- void init_charset(void);
- 
- unsigned get_utf_8(unsigned char **p);
--extern unsigned short int utf8_2_uni_table[0x200];
- #define GET_UTF_8(s, c)							\
- do {									\
- 	if ((unsigned char)(s)[0] < 0x80)				\
- 		(c) = (s)++[0];						\
--	else if (((c) = utf8_2_uni_table[((unsigned char)(s)[0] << 2) +	\
--				((unsigned char)(s)[1] >> 6) - 0x200]))	\
--		(c) += (unsigned char)(s)[1] & 0x3f, (s) += 2;		\
--	else								\
-+	else if ((unsigned char)(s)[0] >= 0xc2 && (unsigned char)(s)[0] < 0xe0 &&\
-+	         ((unsigned char)(s)[1] & 0xc0) == 0x80) {		\
-+		(c) = (unsigned char)(s)[0] * 0x40 + (unsigned char)(s)[1], (c) -= 0x3080, (s) += 2;\
-+	} else								\
- 		(c) = get_utf_8(&(s));					\
- } while (0)
- #define FWD_UTF_8(s)							\
diff --git a/gnu/packages/patches/lyx-2.2.3-fix-test.patch b/gnu/packages/patches/lyx-2.2.3-fix-test.patch
new file mode 100644
index 0000000000..10b7d2a3a9
--- /dev/null
+++ b/gnu/packages/patches/lyx-2.2.3-fix-test.patch
@@ -0,0 +1,13 @@
+See https://www.lyx.org/trac/ticket/10800#comment:17
+diff --git a/src/tex2lyx/test/test-structure.lyx.lyx b/src/tex2lyx/test/test-structure.lyx.lyx
+index feff755cd2..2c7f2ace5c 100644
+--- a/src/tex2lyx/test/test-structure.lyx.lyx
++++ b/src/tex2lyx/test/test-structure.lyx.lyx
+@@ -212,7 +212,7 @@ This causes the
+ \begin_inset Flex Flex:Strong
+ status collapsed
+ 
+-\begin_layout Standard
++\begin_layout Plain Layout
+ logikalmkup
+ \end_layout
diff --git a/gnu/packages/patches/mupdf-CVE-2018-1000051.patch b/gnu/packages/patches/mupdf-CVE-2018-1000051.patch
new file mode 100644
index 0000000000..bb78c46f80
--- /dev/null
+++ b/gnu/packages/patches/mupdf-CVE-2018-1000051.patch
@@ -0,0 +1,88 @@
+Fix CVE-2018-1000051:
+
+https://bugs.ghostscript.com/show_bug.cgi?id=698873
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000051
+
+Patch copied from upstream source repository:
+
+https://git.ghostscript.com/?p=mupdf.git;a=commit;h=321ba1de287016b0036bf4a56ce774ad11763384
+
+From 321ba1de287016b0036bf4a56ce774ad11763384 Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Tue, 19 Dec 2017 23:47:47 +0100
+Subject: [PATCH] Bug 698825: Do not drop borrowed colorspaces.
+
+Previously the borrowed colorspace was dropped when updating annotation
+appearances, leading to use after free warnings from valgrind/ASAN.
+---
+ source/pdf/pdf-appearance.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/source/pdf/pdf-appearance.c b/source/pdf/pdf-appearance.c
+index 70f684f4..d7a1dddd 100644
+--- a/source/pdf/pdf-appearance.c
++++ b/source/pdf/pdf-appearance.c
+@@ -2170,7 +2170,6 @@ void pdf_update_free_text_annot_appearance(fz_context *ctx, pdf_document *doc, p
+ 	fz_device *dev = NULL;
+ 	font_info font_rec;
+ 	fz_text *text = NULL;
+-	fz_colorspace *cs = NULL;
+ 	fz_matrix page_ctm;
+ 
+ 	pdf_page_transform(ctx, annot->page, NULL, &page_ctm);
+@@ -2184,11 +2183,11 @@ void pdf_update_free_text_annot_appearance(fz_context *ctx, pdf_document *doc, p
+ 	fz_var(dlist);
+ 	fz_var(dev);
+ 	fz_var(text);
+-	fz_var(cs);
+ 	fz_try(ctx)
+ 	{
+ 		char *contents = pdf_to_str_buf(ctx, pdf_dict_get(ctx, obj, PDF_NAME_Contents));
+ 		char *da = pdf_to_str_buf(ctx, pdf_dict_get(ctx, obj, PDF_NAME_DA));
++		fz_colorspace *cs;
+ 		fz_point pos;
+ 		fz_rect rect;
+ 
+@@ -2223,7 +2222,6 @@ void pdf_update_free_text_annot_appearance(fz_context *ctx, pdf_document *doc, p
+ 		fz_drop_display_list(ctx, dlist);
+ 		font_info_fin(ctx, &font_rec);
+ 		fz_drop_text(ctx, text);
+-		fz_drop_colorspace(ctx, cs);
+ 	}
+ 	fz_catch(ctx)
+ 	{
+@@ -2359,7 +2357,6 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot
+ 	fz_device *dev = NULL;
+ 	font_info font_rec;
+ 	fz_text *text = NULL;
+-	fz_colorspace *cs = NULL;
+ 	fz_path *path = NULL;
+ 	fz_buffer *fzbuf = NULL;
+ 	fz_matrix page_ctm;
+@@ -2375,7 +2372,6 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot
+ 	fz_var(dlist);
+ 	fz_var(dev);
+ 	fz_var(text);
+-	fz_var(cs);
+ 	fz_var(fzbuf);
+ 	fz_try(ctx)
+ 	{
+@@ -2384,6 +2380,7 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot
+ 		fz_rect logo_bounds;
+ 		fz_matrix logo_tm;
+ 		fz_rect rect;
++		fz_colorspace *cs = fz_device_rgb(ctx); /* Borrowed reference */
+ 
+ 		pdf_to_rect(ctx, pdf_dict_get(ctx, annot->obj, PDF_NAME_Rect), &annot_rect);
+ 		rect = annot_rect;
+@@ -2396,7 +2393,6 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot
+ 		fz_bound_path(ctx, path, NULL, &fz_identity, &logo_bounds);
+ 		center_rect_within_rect(&logo_bounds, &rect, &logo_tm);
+ 		fz_concat(&logo_tm, &logo_tm, &page_ctm);
+-		cs = fz_device_rgb(ctx); /* Borrowed reference */
+ 		fz_fill_path(ctx, dev, path, 0, &logo_tm, cs, logo_color, 1.0f, NULL);
+ 
+ 		get_font_info(ctx, doc, dr, da, &font_rec);
+-- 
+2.16.3
+
diff --git a/gnu/packages/patches/mupdf-CVE-2018-6544.patch b/gnu/packages/patches/mupdf-CVE-2018-6544.patch
new file mode 100644
index 0000000000..b2c8f849f3
--- /dev/null
+++ b/gnu/packages/patches/mupdf-CVE-2018-6544.patch
@@ -0,0 +1,109 @@
+Fix CVE-2018-6544:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6544
+https://bugs.ghostscript.com/show_bug.cgi?id=698830
+https://bugs.ghostscript.com/show_bug.cgi?id=698965 
+
+Patches copied from upstream source repository:
+
+https://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d
+https://git.ghostscript.com/?p=mupdf.git;h=b03def134988da8c800adac1a38a41a1f09a1d89
+
+From b03def134988da8c800adac1a38a41a1f09a1d89 Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Thu, 1 Feb 2018 16:36:14 +0100
+Subject: [PATCH] Bug 698830: Avoid recursion when loading object streams
+ objects.
+
+If there were indirect references in the object stream dictionary and
+one of those indirect references referred to an object inside the object
+stream itself, mupdf would previously enter recursion only bounded by the
+exception stack. After this commit the object stream is checked if it is
+marked immediately after being loaded. If it is marked then we terminate
+the recursion at this point, if it is not marked then mark it and
+attempt to load the desired object within. We also take care to unmark
+the stream object when done or upon exception.
+---
+ source/pdf/pdf-xref.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
+index 723b543c..ed09094c 100644
+--- a/source/pdf/pdf-xref.c
++++ b/source/pdf/pdf-xref.c
+@@ -1576,6 +1576,19 @@ pdf_load_obj_stm(fz_context *ctx, pdf_document *doc, int num, pdf_lexbuf *buf, i
+ 	{
+ 		objstm = pdf_load_object(ctx, doc, num);
+ 
++		if (pdf_obj_marked(ctx, objstm))
++			fz_throw(ctx, FZ_ERROR_GENERIC, "recursive object stream lookup");
++	}
++	fz_catch(ctx)
++	{
++		pdf_drop_obj(ctx, objstm);
++		fz_rethrow(ctx);
++	}
++
++	fz_try(ctx)
++	{
++		pdf_mark_obj(ctx, objstm);
++
+ 		count = pdf_to_int(ctx, pdf_dict_get(ctx, objstm, PDF_NAME_N));
+ 		first = pdf_to_int(ctx, pdf_dict_get(ctx, objstm, PDF_NAME_First));
+ 
+@@ -1655,6 +1668,7 @@ pdf_load_obj_stm(fz_context *ctx, pdf_document *doc, int num, pdf_lexbuf *buf, i
+ 		fz_drop_stream(ctx, stm);
+ 		fz_free(ctx, ofsbuf);
+ 		fz_free(ctx, numbuf);
++		pdf_unmark_obj(ctx, objstm);
+ 		pdf_drop_obj(ctx, objstm);
+ 	}
+ 	fz_catch(ctx)
+-- 
+2.16.3
+
+From 26527eef77b3e51c2258c8e40845bfbc015e405d Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Mon, 29 Jan 2018 02:00:48 +0100
+Subject: [PATCH] Bug 698830: Don't drop unkept stream if running out of error
+ stack.
+
+Under normal conditions where fz_keep_stream() is called inside
+fz_try() we may call fz_drop_stream() in fz_catch() upon exceptions.
+The issue comes when fz_keep_stream() has not yet been called but is
+dropped in fz_catch(). This happens in the PDF from the bug when
+fz_try() runs out of exception stack, and next the code in fz_catch()
+runs, dropping the caller's reference to the filter chain stream!
+
+The simplest way of fixing this it to always keep the filter chain
+stream before fz_try() is called. That way fz_catch() may drop the
+stream whether an exception has occurred or if the fz_try() ran out of
+exception stack.
+---
+ source/pdf/pdf-stream.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/source/pdf/pdf-stream.c b/source/pdf/pdf-stream.c
+index c89da5c4..c6ba7ad3 100644
+--- a/source/pdf/pdf-stream.c
++++ b/source/pdf/pdf-stream.c
+@@ -303,14 +303,13 @@ pdf_open_raw_filter(fz_context *ctx, fz_stream *chain, pdf_document *doc, pdf_ob
+ 		*orig_gen = 0;
+ 	}
+ 
+-	fz_var(chain);
++	chain = fz_keep_stream(ctx, chain);
+ 
+ 	fz_try(ctx)
+ 	{
+ 		len = pdf_to_int(ctx, pdf_dict_get(ctx, stmobj, PDF_NAME_Length));
+ 
+-		/* don't close chain when we close this filter */
+-		chain2 = fz_keep_stream(ctx, chain);
++		chain2 = chain;
+ 		chain = NULL;
+ 		chain = fz_open_null(ctx, chain2, len, offset);
+ 
+-- 
+2.16.3
+
diff --git a/gnu/packages/patches/shepherd-close-fds.patch b/gnu/packages/patches/shepherd-close-fds.patch
deleted file mode 100644
index 2078b15265..0000000000
--- a/gnu/packages/patches/shepherd-close-fds.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-commit 3e346a2a84b099766ea8a3a4a4549f6172483062
-Author: Ludovic Courtès <ludo@gnu.org>
-Date:   Sun Dec 3 22:30:03 2017 +0100
-
-    service: In 'exec-command', close open ports before 'execl'.
-    
-    This gets rid of annoying "Bad file descriptor" warnings from shepherd.
-    
-    * modules/shepherd/service.scm (exec-command): In 'loop', invoke
-    'close-port' and the ports returned by (fdes->ports i).
-
-diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm
-index b2d8bc5..0ad28a0 100644
---- a/modules/shepherd/service.scm
-+++ b/modules/shepherd/service.scm
-@@ -1,5 +1,5 @@
- ;; service.scm -- Representation of services.
--;; Copyright (C) 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
-+;; Copyright (C) 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
- ;; Copyright (C) 2002, 2003 Wolfgang Järling <wolfgang@pro-linux.de>
- ;; Copyright (C) 2014 Alex Sassmannshausen <alex.sassmannshausen@gmail.com>
- ;; Copyright (C) 2016 Alex Kost <alezost@gmail.com>
-@@ -744,6 +744,14 @@ false."
- 
-        (let loop ((i 3))
-          (when (< i max-fd)
-+           ;; First try to close any ports associated with file descriptor I.
-+           ;; Otherwise the finalization thread might get around to closing
-+           ;; those ports eventually, which will raise an EBADF exception (on
-+           ;; 2.2), leading to messages like "error in the finalization
-+           ;; thread: Bad file descriptor".
-+           (for-each (lambda (port)
-+                       (catch-system-error (close-port port)))
-+                     (fdes->ports i))
-            (catch-system-error (close-fdes i))
-            (loop (+ i 1)))))
diff --git a/gnu/packages/patches/shepherd-herd-status-sorted.patch b/gnu/packages/patches/shepherd-herd-status-sorted.patch
deleted file mode 100644
index c6b9d870eb..0000000000
--- a/gnu/packages/patches/shepherd-herd-status-sorted.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From cc9564586729a5bb90dd5d2722b543fdde9ab821 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
-Date: Sun, 4 Feb 2018 21:56:36 +0100
-Subject: [PATCH] herd: 'herd status' now sorts the result.
-
-Partly fixes <https://bugs.gnu.org/30299>.
-Reported by Mark H Weaver <mhw@netris.org>.
-
-Previously 'tests/basic.sh' could occasionally fail on:
-
-  test "`$herd status`" == "$pristine_status"
-
-because the order of stopped services were not always the same.  Indeed,
-those services come from 'service-list' on the shepherd side, which uses
-'hash-fold' to traverse the service hash table, and the traversal order
-of 'hash-fold' is undefined.
-
-* modules/shepherd/scripts/herd.scm (display-status-summary)[service<?]:
-New procedure.
-[display-services]: Call 'sort' and use the above.
----
- modules/shepherd/scripts/herd.scm | 8 ++++++--
- modules/shepherd/service.scm      | 5 +++--
- 2 files changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/modules/shepherd/scripts/herd.scm b/modules/shepherd/scripts/herd.scm
-index ebcd1e1..697446c 100644
---- a/modules/shepherd/scripts/herd.scm
-+++ b/modules/shepherd/scripts/herd.scm
-@@ -1,5 +1,5 @@
- ;; herd.scm -- The program to herd the Shepherd.
--;; Copyright (C) 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org>
-+;; Copyright (C) 2013, 2014, 2016, 2018 Ludovic Courtès <ludo@gnu.org>
- ;; Copyright (C) 2002, 2003 Wolfgang Jährling <wolfgang@pro-linux.de>
- ;;
- ;; This file is part of the GNU Shepherd.
-@@ -46,13 +46,17 @@ of pairs."
- 
- (define (display-status-summary services)
-   "Display a summary of the status of all of SERVICES."
-+  (define (service<? service1 service2)
-+    (string<? (symbol->string (service-canonical-name service1))
-+              (symbol->string (service-canonical-name service2))))
-+
-   (define (display-services header bullet services)
-     (unless (null? services)
-       (display header)
-       (for-each (lambda (service)
-                   (format #t " ~a ~a~%" bullet
-                           (service-canonical-name service)))
--                services)))
-+                (sort services service<?))))      ;get deterministic output
-   (call-with-values
-       (lambda ()
-         (partition (match-lambda
-diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm
-index 0ad28a0..83600e4 100644
---- a/modules/shepherd/service.scm
-+++ b/modules/shepherd/service.scm
-@@ -1,5 +1,5 @@
- ;; service.scm -- Representation of services.
--;; Copyright (C) 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
-+;; Copyright (C) 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
- ;; Copyright (C) 2002, 2003 Wolfgang Järling <wolfgang@pro-linux.de>
- ;; Copyright (C) 2014 Alex Sassmannshausen <alex.sassmannshausen@gmail.com>
- ;; Copyright (C) 2016 Alex Kost <alezost@gmail.com>
-@@ -949,7 +949,8 @@ Return #f if service is not found."
-                  %services))
- 
- (define (service-list)
--  "Return the list of services currently defined."
-+  "Return the list of services currently defined.  Note: The order of the list
-+returned in unspecified."
-   (hash-fold (lambda (name services result)
-                (let ((service (lookup-canonical-service name services)))
-                  (if service
--- 
-2.16.1
-
diff --git a/gnu/packages/patches/translate-shell-fix-curl-tests.patch b/gnu/packages/patches/translate-shell-fix-curl-tests.patch
new file mode 100644
index 0000000000..33731462b8
--- /dev/null
+++ b/gnu/packages/patches/translate-shell-fix-curl-tests.patch
@@ -0,0 +1,60 @@
+This patch fixes Curl related tests for 'translate-shell'.
+
+Upstream bug URL:
+
+https://github.com/soimort/translate-shell/issues/221
+
+From bb9f32d3145125ba664b6b05bf0a2fd34108e9d2 Mon Sep 17 00:00:00 2001
+From: Mort Yao <soi@mort.ninja>
+Date: Sun, 25 Mar 2018 03:14:33 +0200
+Subject: [PATCH] TestUtils: perform curl-related tests only if NETWORK_ACCESS
+ is set to yes (#221)
+
+---
+ test/TestUtils.awk | 32 +++++++++++++++++---------------
+ 1 file changed, 17 insertions(+), 15 deletions(-)
+
+diff --git a/test/TestUtils.awk b/test/TestUtils.awk
+index 08bb2e9..1c141e5 100644
+--- a/test/TestUtils.awk
++++ b/test/TestUtils.awk
+@@ -30,22 +30,24 @@ BEGIN {
+         assertTrue(newerVersion("2", "1.9.9999"))
+     }
+ 
+-    T("curl()", 1)
+-    {
+-        delete tokens; delete ast
+-        tokenize(tokens, curl("https://httpbin.org/get"))
+-        parseJson(ast, tokens)
+-        assertEqual(unparameterize(ast[0 SUBSEP "url"]),
+-                    "https://httpbin.org/get")
+-    }
++    if (yn(ENVIRON["NETWORK_ACCESS"])) { # if network access enabled
++        T("curl()", 1)
++        {
++            delete tokens; delete ast
++            tokenize(tokens, curl("https://httpbin.org/get"))
++            parseJson(ast, tokens)
++            assertEqual(unparameterize(ast[0 SUBSEP "url"]),
++                        "https://httpbin.org/get")
++        }
+ 
+-    T("curlPost()", 1)
+-    {
+-        delete tokens; delete ast
+-        tokenize(tokens, curlPost("https://httpbin.org/post", "fizz=buzz"))
+-        parseJson(ast, tokens)
+-        assertEqual(unparameterize(ast[0 SUBSEP "url"]),
+-                    "https://httpbin.org/post")
++        T("curlPost()", 1)
++        {
++            delete tokens; delete ast
++            tokenize(tokens, curlPost("https://httpbin.org/post", "fizz=buzz"))
++            parseJson(ast, tokens)
++            assertEqual(unparameterize(ast[0 SUBSEP "url"]),
++                        "https://httpbin.org/post")
++        }
+     }
+ 
+     T("dump()", 3)