diff --git a/community/mplayer-vaapi/PKGBUILD b/community/mplayer-vaapi/PKGBUILD
index 9cedab21b..8848a3033 100644
--- a/community/mplayer-vaapi/PKGBUILD
+++ b/community/mplayer-vaapi/PKGBUILD
@@ -8,7 +8,7 @@
 
 pkgname=mplayer-vaapi
 pkgver=35107
-pkgrel=6
+pkgrel=7
 pkgdesc="A movie player, compiled with vaapi support"
 arch=('i686' 'x86_64')
 url="http://gitorious.org/vaapi/mplayer"
@@ -25,18 +25,27 @@ conflicts=('mplayer')
 backup=('etc/mplayer/codecs.conf' 'etc/mplayer/input.conf')
 source=(http://pkgbuild.com/~foutrelis/mplayer-vaapi-$pkgver.tar.xz
         cdio-includes.patch
-        tweak-desktop-file.patch)
+        tweak-desktop-file.patch
+        subreader-fix-srt-parsing.patch)
 options=('!buildflags' '!emptydirs')
 install=mplayer-vaapi.install
 sha256sums=('a6c645625cc2cd6ca48764db302c926049f831e757857ece351b37b674e05e56'
             '72e6c654f9733953ad2466d0ea1a52f23e753791d8232d90f13293eb1b358720'
-            '5a09fb462729a4e573568f9e8c1f57dbe7f69c0b68cfa4f6d70b3e52c450d93b')
+            '5a09fb462729a4e573568f9e8c1f57dbe7f69c0b68cfa4f6d70b3e52c450d93b'
+            '69127a5576e4f1f62f688215bd2ec0e052ddcb36292c7a1766c146ff122cb092')
 
-build() {
+prepare() {
   cd "$srcdir/mplayer-vaapi-$pkgver"
 
   patch -d etc -Np0 -i "$srcdir/tweak-desktop-file.patch"
 
+  # http://bugzilla.mplayerhq.hu/show_bug.cgi?id=2139
+  patch -Np1 -i "$srcdir/subreader-fix-srt-parsing.patch"
+}
+
+build() {
+  cd "$srcdir/mplayer-vaapi-$pkgver"
+
   ./configure \
     --prefix=/usr \
     --disable-gui \
diff --git a/community/mplayer-vaapi/subreader-fix-srt-parsing.patch b/community/mplayer-vaapi/subreader-fix-srt-parsing.patch
new file mode 100644
index 000000000..84f2de4d9
--- /dev/null
+++ b/community/mplayer-vaapi/subreader-fix-srt-parsing.patch
@@ -0,0 +1,60 @@
+From d98e61ea438db66323734ad1b6bea66411a3c97b Mon Sep 17 00:00:00 2001
+From: wm4 <wm4@nowhere>
+Date: Tue, 30 Apr 2013 00:09:31 +0200
+Subject: [PATCH] subreader: fix out of bound write access when parsing .srt
+
+This broke .srt subtitles on gcc-4.8. The breakage was relatively
+subtle: it set all hour components to 0, while everything else was
+parsed successfully.
+
+But the problem is really that sscanf wrote 1 byte past the sep
+variable (or more, for invalid/specially prepared input). The %[..]
+format specifier is unbounded. Fix that by letting sscanf drop the
+parsed contents with "*", and also make it skip only one input
+character by adding "1" (=> "%*1[...").
+
+The out of bound write could easily lead to security issues.
+
+Also, this change makes .srt subtitle parsing slightly more strict.
+Strictly speaking this is an unrelated change, but do it anyway. It's
+more correct.
+---
+ sub/subreader.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+ (foutrelis: adjusted variable names in first hunk to apply to mplayer)
+
+diff --git a/sub/subreader.c b/sub/subreader.c
+index 23da4c7..0f1b6c9 100644
+--- a/sub/subreader.c
++++ b/sub/subreader.c
+@@ -386,14 +386,14 @@ static subtitle *sub_ass_read_line_subviewer(stream_t *st, subtitle *current,
+     int h1, m1, s1, ms1, h2, m2, s2, ms2, j = 0;
+ 
+     while (!current->text[0]) {
+-        char line[LINE_LEN + 1], full_line[LINE_LEN + 1], sep;
++        char line[LINE_LEN + 1], full_line[LINE_LEN + 1];
+         int i;
+ 
+         /* Parse SubRip header */
+         if (!stream_read_line(st, line, LINE_LEN, utf16))
+             return NULL;
+-        if (sscanf(line, "%d:%d:%d%[,.:]%d --> %d:%d:%d%[,.:]%d",
+-                     &h1, &m1, &s1, &sep, &ms1, &h2, &m2, &s2, &sep, &ms2) < 10)
++        if (sscanf(line, "%d:%d:%d%*1[,.:]%d --> %d:%d:%d%*1[,.:]%d",
++                     &h1, &m1, &s1, &ms1, &h2, &m2, &s2, &ms2) < 8)
+             continue;
+ 
+         current->start = a1 * 360000 + a2 * 6000 + a3 * 100 + a4 / 10;
+@@ -450,7 +450,7 @@ static subtitle *sub_read_line_subviewer(stream_t *st,subtitle *current,
+         return sub_ass_read_line_subviewer(st, current, args);
+     while (!current->text[0]) {
+ 	if (!stream_read_line (st, line, LINE_LEN, utf16)) return NULL;
+-	if ((len=sscanf (line, "%d:%d:%d%[,.:]%d --> %d:%d:%d%[,.:]%d",&a1,&a2,&a3,(char *)&i,&a4,&b1,&b2,&b3,(char *)&i,&b4)) < 10)
++	if ((len=sscanf (line, "%d:%d:%d%*1[,.:]%d --> %d:%d:%d%*1[,.:]%d",&a1,&a2,&a3,&a4,&b1,&b2,&b3,&b4)) < 8)
+ 	    continue;
+ 	current->start = a1*360000+a2*6000+a3*100+a4/10;
+ 	current->end   = b1*360000+b2*6000+b3*100+b4/10;
+-- 
+1.8.1.6
+
diff --git a/community/pdns-recursor/PKGBUILD b/community/pdns-recursor/PKGBUILD
new file mode 100644
index 000000000..915920e3b
--- /dev/null
+++ b/community/pdns-recursor/PKGBUILD
@@ -0,0 +1,46 @@
+# $Id: PKGBUILD 90828 2013-05-14 12:04:07Z arodseth $
+# Maintainer: Alexander Rødseth <rodseth@gmail.com>
+# Contributor: Jan de Groot <jgc@archlinux.org>
+# Contributor: Jan Steffens <heftig@archlinux.org>
+
+# Kevin Mihelich <kevin@archlinuxarm.org>
+#  - fix for aeskey.c on ARM (http://wiki.powerdns.com/trac/changeset/3162/)
+
+pkgname=pdns-recursor
+pkgver=3.5
+pkgrel=2
+pkgdesc='PowerDNS recursor'
+url='https://www.powerdns.com/'
+license=('GPL')
+arch=('x86_64' 'i686')
+depends=('gcc-libs' 'lua51')
+makedepends=('boost')
+backup=('etc/powerdns/recursor.conf')
+source=("http://downloads.powerdns.com/releases/$pkgname-$pkgver.tar.bz2"
+        'pdns-recursor.service'
+        'arm.patch')
+sha256sums=('02ea398aa0e95ef4c9caf478eb3836598eabcd5c99ccb7e2e7c265d716089549'
+            '51688d9576736fdf210048098fa96c8710bfbd6a63eb4d69d20bac57b299b5f9'
+            'ff51af1648d6049f58887ca4f84fa41955ab5df8156d8a00b4b3b148e2bd789f')
+
+build() {
+  cd "$srcdir/$pkgname-$pkgver"
+
+  patch -p5 -i "$srcdir/arm.patch"
+
+  make LUA=1 \
+    LUA_CPPFLAGS_CONFIG="$(pkg-config --cflags lua5.1)" \
+    LUA_LIBS_CONFIG="$(pkg-config --libs lua5.1)"
+}
+
+package() {
+  cd "$srcdir/$pkgname-$pkgver"
+
+  make SBINDIR="/usr/bin" DESTDIR="$pkgdir" install
+  mv "$pkgdir/etc/powerdns/recursor.conf-dist" "$pkgdir/etc/powerdns/recursor.conf"
+  rm -r "$pkgdir/etc/init.d"
+  install -Dm644 "$srcdir/pdns-recursor.service" \
+    "$pkgdir/usr/lib/systemd/system/pdns-recursor.service"
+}
+
+# vim:set ts=2 sw=2 et:
diff --git a/community/pdns-recursor/arm.patch b/community/pdns-recursor/arm.patch
new file mode 100644
index 000000000..ae03b5565
--- /dev/null
+++ b/community/pdns-recursor/arm.patch
@@ -0,0 +1,28 @@
+Index: trunk/pdns/pdns/aes/aeskey.c
+===================================================================
+--- a/trunk/pdns/pdns/aes/aeskey.c
++++ b/trunk/pdns/pdns/aes/aeskey.c
+@@ -489,4 +489,5 @@
+ }
+ 
++#if 0
+ AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1])
+ {   uint_32t    ss[9];
+@@ -537,4 +538,5 @@
+     return EXIT_SUCCESS;
+ }
++#endif
+ 
+ #endif
+@@ -542,4 +544,5 @@
+ #if defined( AES_VAR )
+ 
++#if 0
+ AES_RETURN aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1])
+ {
+@@ -552,4 +555,5 @@
+     }
+ }
++#endif
+ 
+ #endif
diff --git a/community/pdns-recursor/pdns-recursor.service b/community/pdns-recursor/pdns-recursor.service
new file mode 100644
index 000000000..e8d23ccd0
--- /dev/null
+++ b/community/pdns-recursor/pdns-recursor.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=PowerDNS recursing nameserver
+After=network.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/pdns_recursor --daemon
+
+[Install]
+WantedBy=multi-user.target
diff --git a/extra/mplayer/PKGBUILD b/extra/mplayer/PKGBUILD
index 8bfc89090..5ccf36cad 100644
--- a/extra/mplayer/PKGBUILD
+++ b/extra/mplayer/PKGBUILD
@@ -10,7 +10,7 @@
 pkgbase=mplayer
 pkgname=('mplayer' 'mencoder')
 pkgver=35920
-pkgrel=2
+pkgrel=3
 arch=('i686' 'x86_64')
 makedepends=('libxxf86dga' 'libxxf86vm' 'libmad' 'cdparanoia' 'libxinerama' 'sdl' 'lame' 'libtheora' 'xvidcore' 'libmng' 'libxss' 'libgl' 'smbclient'
 'aalib' 'jack' 'libcaca' 'x264' 'faac' 'faad2' 'lirc-utils'  'libxvmc' 'enca' 'libvdpau' 'opencore-amr' 'libdca' 'a52dec' 'schroedinger' 'libvpx'
@@ -18,14 +18,22 @@ makedepends=('libxxf86dga' 'libxxf86vm' 'libmad' 'cdparanoia' 'libxinerama' 'sdl
 license=('GPL')
 url="http://www.mplayerhq.hu/"
 options=(!emptydirs)
-source=(ftp://mirrors.kernel.org/archlinux/other/$pkgbase/$pkgbase-$pkgver.tar.xz mplayer.desktop cdio-includes.patch)
+source=(ftp://mirrors.kernel.org/archlinux/other/$pkgbase/$pkgbase-$pkgver.tar.xz mplayer.desktop cdio-includes.patch subreader-fix-srt-parsing.patch)
 md5sums=('5f96e829d711e7d1ea65e324710dca50'
          'c0d6ef795cf6de48e3b87ff7c23f0319'
-         '7b5be7191aafbea64218dc4916343bbc')
+         '7b5be7191aafbea64218dc4916343bbc'
+         '7cb6019018a95dcc3d1231e1aaa8bbdb')
+
+prepare() {
+    cd "$srcdir/$pkgbase"
+    patch -Np0 -i ../cdio-includes.patch
+
+    # http://bugzilla.mplayerhq.hu/show_bug.cgi?id=2139
+    patch -Np1 -i ../subreader-fix-srt-parsing.patch
+}
 
 build() {
     cd "$srcdir/$pkgbase"
-    patch -Np0 -i ../cdio-includes.patch
 
     ./configure --prefix=/usr \
         --enable-armv5te \
diff --git a/extra/mplayer/subreader-fix-srt-parsing.patch b/extra/mplayer/subreader-fix-srt-parsing.patch
new file mode 100644
index 000000000..84f2de4d9
--- /dev/null
+++ b/extra/mplayer/subreader-fix-srt-parsing.patch
@@ -0,0 +1,60 @@
+From d98e61ea438db66323734ad1b6bea66411a3c97b Mon Sep 17 00:00:00 2001
+From: wm4 <wm4@nowhere>
+Date: Tue, 30 Apr 2013 00:09:31 +0200
+Subject: [PATCH] subreader: fix out of bound write access when parsing .srt
+
+This broke .srt subtitles on gcc-4.8. The breakage was relatively
+subtle: it set all hour components to 0, while everything else was
+parsed successfully.
+
+But the problem is really that sscanf wrote 1 byte past the sep
+variable (or more, for invalid/specially prepared input). The %[..]
+format specifier is unbounded. Fix that by letting sscanf drop the
+parsed contents with "*", and also make it skip only one input
+character by adding "1" (=> "%*1[...").
+
+The out of bound write could easily lead to security issues.
+
+Also, this change makes .srt subtitle parsing slightly more strict.
+Strictly speaking this is an unrelated change, but do it anyway. It's
+more correct.
+---
+ sub/subreader.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+ (foutrelis: adjusted variable names in first hunk to apply to mplayer)
+
+diff --git a/sub/subreader.c b/sub/subreader.c
+index 23da4c7..0f1b6c9 100644
+--- a/sub/subreader.c
++++ b/sub/subreader.c
+@@ -386,14 +386,14 @@ static subtitle *sub_ass_read_line_subviewer(stream_t *st, subtitle *current,
+     int h1, m1, s1, ms1, h2, m2, s2, ms2, j = 0;
+ 
+     while (!current->text[0]) {
+-        char line[LINE_LEN + 1], full_line[LINE_LEN + 1], sep;
++        char line[LINE_LEN + 1], full_line[LINE_LEN + 1];
+         int i;
+ 
+         /* Parse SubRip header */
+         if (!stream_read_line(st, line, LINE_LEN, utf16))
+             return NULL;
+-        if (sscanf(line, "%d:%d:%d%[,.:]%d --> %d:%d:%d%[,.:]%d",
+-                     &h1, &m1, &s1, &sep, &ms1, &h2, &m2, &s2, &sep, &ms2) < 10)
++        if (sscanf(line, "%d:%d:%d%*1[,.:]%d --> %d:%d:%d%*1[,.:]%d",
++                     &h1, &m1, &s1, &ms1, &h2, &m2, &s2, &ms2) < 8)
+             continue;
+ 
+         current->start = a1 * 360000 + a2 * 6000 + a3 * 100 + a4 / 10;
+@@ -450,7 +450,7 @@ static subtitle *sub_read_line_subviewer(stream_t *st,subtitle *current,
+         return sub_ass_read_line_subviewer(st, current, args);
+     while (!current->text[0]) {
+ 	if (!stream_read_line (st, line, LINE_LEN, utf16)) return NULL;
+-	if ((len=sscanf (line, "%d:%d:%d%[,.:]%d --> %d:%d:%d%[,.:]%d",&a1,&a2,&a3,(char *)&i,&a4,&b1,&b2,&b3,(char *)&i,&b4)) < 10)
++	if ((len=sscanf (line, "%d:%d:%d%*1[,.:]%d --> %d:%d:%d%*1[,.:]%d",&a1,&a2,&a3,&a4,&b1,&b2,&b3,&b4)) < 8)
+ 	    continue;
+ 	current->start = a1*360000+a2*6000+a3*100+a4/10;
+ 	current->end   = b1*360000+b2*6000+b3*100+b4/10;
+-- 
+1.8.1.6
+
diff --git a/extra/xulrunner/PKGBUILD b/extra/xulrunner/PKGBUILD
index 82ac22b59..01c1cab8a 100644
--- a/extra/xulrunner/PKGBUILD
+++ b/extra/xulrunner/PKGBUILD
@@ -8,8 +8,8 @@
 highmem=1
 
 pkgname=xulrunner
-pkgver=20.0
-pkgrel=2
+pkgver=21.0
+pkgrel=1
 pkgdesc="Mozilla Runtime Environment"
 arch=('i686' 'x86_64')
 license=('MPL' 'GPL' 'LGPL')
@@ -22,6 +22,10 @@ source=(ftp://ftp.mozilla.org/pub/mozilla.org/xulrunner/releases/$pkgver/source/
         shared-libs.patch)
 options=('!emptydirs')
 replaces=('xulrunner-oss')
+sha256sums=('c3623bc243bd57c7267eacac658993f5f635f639235bea9ed8fce9b52e59be64'
+            '1b2a674d175e017282e7ef968364582d70a6034a9e0e2c0220f90572f3806428'
+            '23485d937035648add27a7657f6934dc5b295e886cdb0506eebd02a43d07f269'
+            'e2b4a00d14f4ba69c62b3f9ef9908263fbab179ba8004197cbc67edbd916fdf1')
 
 prepare() {
   cd "$srcdir/mozilla-release"
@@ -67,7 +71,3 @@ package() {
   sed -i 's|!/usr/bin/env python$|!/usr/bin/env python2|' \
     "$pkgdir"/usr/lib/xulrunner-devel-$pkgver/sdk/bin/{xpt,header,typelib,xpidl}.py
 }
-md5sums=('1b8a1907919eb805f390a05216f2d8d0'
-         'ff653a78963f4801df788f4fc0a02867'
-         '27271ce647a83906ef7a24605e840d61'
-         '52e52f840a49eb1d14be1c0065b03a93')