diff --git a/Stackage/Config.hs b/Stackage/Config.hs
index 1250a6cf..a28a3060 100644
--- a/Stackage/Config.hs
+++ b/Stackage/Config.hs
@@ -317,12 +317,6 @@ defaultStablePackages ghcVer = unPackageMap $ execWriter $ do
     -- https://github.com/fpco/stackage/issues/153
     addRange "Michael Snoyman" "text" "< 1.0"
 
-    -- https://github.com/fpco/stackage/issues/161
-    addRange "Michael Snoyman" "RSA" "< 1.3"
-
-    -- https://github.com/fpco/stackage/issues/168
-    addRange "Michael Snoyman" "crypto-api" "< 0.13"
-
     -- https://github.com/fpco/stackage/issues/170
     addRange "Michael Snoyman" "aeson" "< 0.7"
 
diff --git a/patching/patches/authenticate-oauth-1.4.0.8.patch b/patching/patches/authenticate-oauth-1.4.0.8.patch
new file mode 100644
index 00000000..d079260e
--- /dev/null
+++ b/patching/patches/authenticate-oauth-1.4.0.8.patch
@@ -0,0 +1,147 @@
+diff -ru orig/authenticate-oauth.cabal new/authenticate-oauth.cabal
+--- orig/authenticate-oauth.cabal	2014-02-21 07:19:28.878548521 +0200
++++ new/authenticate-oauth.cabal	2014-02-21 07:19:28.000000000 +0200
+@@ -19,7 +19,7 @@
+                    , transformers                  >= 0.1      && < 0.4
+                    , bytestring                    >= 0.9
+                    , crypto-pubkey-types           >= 0.1      && < 0.5
+-                   , RSA                           >= 1.2      && < 1.3
++                   , RSA                           >= 1.2      && < 2.1
+                    , time
+                    , data-default
+                    , base64-bytestring             >= 0.1      && < 1.1
+diff -ru orig/Web/Authenticate/OAuth.hs new/Web/Authenticate/OAuth.hs
+--- orig/Web/Authenticate/OAuth.hs	2014-02-21 07:19:28.874548521 +0200
++++ new/Web/Authenticate/OAuth.hs	2014-02-21 07:19:28.000000000 +0200
+@@ -1,5 +1,5 @@
+-{-# LANGUAGE CPP, DeriveDataTypeable, FlexibleContexts, MultiParamTypeClasses #-}
+-{-# LANGUAGE OverloadedStrings, StandaloneDeriving                            #-}
++{-# LANGUAGE DeriveDataTypeable, OverloadedStrings, StandaloneDeriving, FlexibleContexts #-}
++{-# LANGUAGE CPP #-}
+ {-# OPTIONS_GHC -Wall -fno-warn-orphans #-}
+ module Web.Authenticate.OAuth
+     ( -- * Data types
+@@ -15,48 +15,50 @@
+       authorizeUrl, authorizeUrl', getAccessToken, getTemporaryCredential,
+       getTokenCredential, getTemporaryCredentialWithScope,
+       getAccessTokenProxy, getTemporaryCredentialProxy,
+-      getTokenCredentialProxy,
++      getTokenCredentialProxy, 
+       getAccessToken', getTemporaryCredential',
+       -- * Utility Methods
+       paramEncode, addScope, addMaybeProxy
+     ) where
+-import           Blaze.ByteString.Builder     (toByteString, Builder)
+-import           Codec.Crypto.RSA             (ha_SHA1, rsassa_pkcs1_v1_5_sign)
+-import           Control.Exception
+-import           Control.Monad
+-import           Control.Monad.IO.Class       (MonadIO, liftIO)
+-import           Control.Monad.Trans.Control
+-import           Control.Monad.Trans.Resource
+-import           Crypto.Types.PubKey.RSA      (PrivateKey (..), PublicKey (..))
+-import           Data.ByteString.Base64
+-import qualified Data.ByteString.Char8        as BS
+-import qualified Data.ByteString.Lazy.Char8   as BSL
+-import           Data.Char
+-import           Data.Conduit                 (Source, ($$), ($=))
+-import           Data.Conduit.Blaze           (builderToByteString)
+-import qualified Data.Conduit.List            as CL
+-import           Data.Default
+-import           Data.Digest.Pure.SHA
+-import qualified Data.IORef                   as I
+-import           Data.List                    (sortBy)
+-import           Data.Maybe
+-import           Data.Time
+-import           Network.HTTP.Conduit
+-import           Network.HTTP.Types           (SimpleQuery, parseSimpleQuery)
+-import           Network.HTTP.Types           (Header)
+-import           Network.HTTP.Types           (renderSimpleQuery, status200)
+-import           Numeric
+-import           System.Random
+-#if MIN_VERSION_base(4,7,0)
+-import Data.Data hiding (Proxy (..))
+-#else
++import Network.HTTP.Conduit
+ import Data.Data
++import qualified Data.ByteString.Char8 as BS
++import qualified Data.ByteString.Lazy.Char8 as BSL
++import Data.Maybe
++import Network.HTTP.Types (parseSimpleQuery, SimpleQuery)
++import Control.Exception
++import Control.Monad
++import Data.List (sortBy)
++import System.Random
++import Data.Char
++import Data.Digest.Pure.SHA
++import Data.ByteString.Base64
++import Data.Time
++import Numeric
++#if MIN_VERSION_RSA(2, 0, 0)
++import Codec.Crypto.RSA (rsassa_pkcs1_v1_5_sign, hashSHA1)
++#else
++import Codec.Crypto.RSA (rsassa_pkcs1_v1_5_sign, ha_SHA1)
+ #endif
++import Crypto.Types.PubKey.RSA (PrivateKey(..), PublicKey(..))
++import Network.HTTP.Types (Header)
++import Blaze.ByteString.Builder (toByteString)
++import Control.Monad.IO.Class (MonadIO)
++import Network.HTTP.Types (renderSimpleQuery, status200)
++import Data.Conduit (($$), ($=), Source)
++import qualified Data.Conduit.List as CL
++import Data.Conduit.Blaze (builderToByteString)
++import Blaze.ByteString.Builder (Builder)
++import Control.Monad.IO.Class (liftIO)
++import Control.Monad.Trans.Control
++import Control.Monad.Trans.Resource
++import Data.Default
++import qualified Data.IORef as I
+ 
+ -- | Data type for OAuth client (consumer).
+---
+--- The constructor for this data type is not exposed.
+--- Instead, you should use the 'def' method or 'newOAuth' function to retrieve a default instance,
++-- 
++-- The constructor for this data type is not exposed. 
++-- Instead, you should use the 'def' method or 'newOAuth' function to retrieve a default instance, 
+ -- and then use the records below to make modifications.
+ -- This approach allows us to add configuration options without breaking backwards compatibility.
+ data OAuth = OAuth { oauthServerName      :: String -- ^ Service name (default: @\"\"@)
+@@ -71,7 +73,7 @@
+                    , oauthAuthorizeUri    :: String
+                    -- ^ Uri to authorize (default: @\"\"@).
+                    --   You MUST specify if you use 'authorizeUrl' or 'authorizeZUrl'';
+-                   --   otherwise you can just leave this empty.
++                   --   otherwise you can just leave this empty. 
+                    , oauthSignatureMethod :: SignMethod
+                    -- ^ Signature Method (default: 'HMACSHA1')
+                    , oauthConsumerKey     :: BS.ByteString
+@@ -188,7 +190,7 @@
+ getTemporaryCredential' hook oa manager = do
+   let req = fromJust $ parseUrl $ oauthRequestUri oa
+       crd = maybe id (insert "oauth_callback") (oauthCallback oa) $ emptyCredential
+-  req' <- signOAuth oa crd $ hook (req { method = "POST" })
++  req' <- signOAuth oa crd $ hook (req { method = "POST" }) 
+   rsp <- httpLbs req' manager
+   if responseStatus rsp == status200
+     then do
+@@ -211,7 +213,7 @@
+               -> String          -- ^ URL to authorize
+ authorizeUrl' f oa cr = oauthAuthorizeUri oa ++ BS.unpack (renderSimpleQuery True queries)
+   where fixed   = ("oauth_token", token cr):f oa cr
+-        queries =
++        queries = 
+           case oauthCallback oa of
+             Nothing       -> fixed
+             Just callback -> ("oauth_callback", callback):fixed
+@@ -346,7 +348,11 @@
+     PLAINTEXT ->
+       return $ BS.intercalate "&" $ map paramEncode [oauthConsumerSecret oa, tokenSecret tok]
+     RSASHA1 pr ->
++#if MIN_VERSION_RSA(2, 0, 0)
++      liftM (encode . toStrict . rsassa_pkcs1_v1_5_sign hashSHA1 pr) (getBaseString tok req)
++#else
+       liftM (encode . toStrict . rsassa_pkcs1_v1_5_sign ha_SHA1 pr) (getBaseString tok req)
++#endif
+ 
+ #if MIN_VERSION_http_conduit(2, 0, 0)
+ addAuthHeader :: BS.ByteString -> Credential -> Request -> Request