summary refs log tree commit diff
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2017-10-24 22:00:23 +0200
committerMarius Bakke <mbakke@fastmail.com>2017-10-24 22:00:23 +0200
commitca4fd41de892c7055ce140863382c332441b15d3 (patch)
tree39872899c5bc649e11172dccb2f262a56f234661
parent7276eca4dcbe513922d5a778ee5fc8f2b2649642 (diff)
parent648c896ad3b198a1742c1ee8f66a1922aa98c1d8 (diff)
downloadguix-ca4fd41de892c7055ce140863382c332441b15d3.tar.gz
Merge branch 'master' into core-updates
-rw-r--r--Makefile.am1
-rw-r--r--build-aux/build-self.scm1
-rw-r--r--build-aux/compile-all.scm125
-rw-r--r--doc/guix.texi141
-rw-r--r--gnu/local.mk5
-rw-r--r--gnu/packages/animation.scm71
-rw-r--r--gnu/packages/audio.scm27
-rw-r--r--gnu/packages/backup.scm12
-rw-r--r--gnu/packages/base.scm13
-rw-r--r--gnu/packages/bioinformatics.scm5
-rw-r--r--gnu/packages/compression.scm22
-rw-r--r--gnu/packages/curl.scm14
-rw-r--r--gnu/packages/databases.scm8
-rw-r--r--gnu/packages/django.scm3
-rw-r--r--gnu/packages/embedded.scm65
-rw-r--r--gnu/packages/games.scm3
-rw-r--r--gnu/packages/gnupg.scm40
-rw-r--r--gnu/packages/gnuzilla.scm11
-rw-r--r--gnu/packages/graphviz.scm5
-rw-r--r--gnu/packages/haskell.scm1114
-rw-r--r--gnu/packages/icu4c.scm10
-rw-r--r--gnu/packages/java.scm211
-rw-r--r--gnu/packages/linux.scm12
-rw-r--r--gnu/packages/lxqt.scm56
-rw-r--r--gnu/packages/mail.scm2
-rw-r--r--gnu/packages/music.scm38
-rw-r--r--gnu/packages/networking.scm41
-rw-r--r--gnu/packages/patches/glibc-CVE-2017-15670-15671.patch27
-rw-r--r--gnu/packages/patches/icu4c-CVE-2017-14952.patch18
-rw-r--r--gnu/packages/patches/mupdf-CVE-2017-14685.patch34
-rw-r--r--gnu/packages/patches/mupdf-CVE-2017-14686.patch34
-rw-r--r--gnu/packages/patches/mupdf-CVE-2017-14687.patch130
-rw-r--r--gnu/packages/pdf.scm7
-rw-r--r--gnu/packages/perl.scm187
-rw-r--r--gnu/packages/python.scm17
-rw-r--r--gnu/packages/screen.scm4
-rw-r--r--gnu/packages/syncthing.scm39
-rw-r--r--gnu/packages/version-control.scm6
-rw-r--r--gnu/packages/virtualization.scm102
-rw-r--r--gnu/packages/web.scm611
-rw-r--r--gnu/packages/xml.scm158
-rw-r--r--gnu/services.scm37
-rw-r--r--gnu/services/base.scm17
-rw-r--r--guix/build-system/go.scm2
-rw-r--r--guix/build/compile.scm165
-rw-r--r--guix/build/go-build-system.scm10
-rw-r--r--guix/build/pull.scm115
-rw-r--r--guix/discovery.scm8
-rw-r--r--guix/gexp.scm52
-rw-r--r--guix/modules.scm10
50 files changed, 3500 insertions, 346 deletions
diff --git a/Makefile.am b/Makefile.am
index 817421069b..affeb8dda7 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -133,6 +133,7 @@ MODULES =					\
   guix/build/utils.scm				\
   guix/build/union.scm				\
   guix/build/profiles.scm			\
+  guix/build/compile.scm			\
   guix/build/pull.scm				\
   guix/build/rpath.scm				\
   guix/build/cvs.scm				\
diff --git a/build-aux/build-self.scm b/build-aux/build-self.scm
index 4933e02712..ed8ff5f4ce 100644
--- a/build-aux/build-self.scm
+++ b/build-aux/build-self.scm
@@ -245,6 +245,7 @@ Please upgrade to an intermediate version first, for instance with:
     (gexp->derivation "guix-latest" builder
                       #:modules '((guix build pull)
                                   (guix build utils)
+                                  (guix build compile)
 
                                   ;; Closure of (guix modules).
                                   (guix modules)
diff --git a/build-aux/compile-all.scm b/build-aux/compile-all.scm
index fe25c5d065..c7ca5a6f67 100644
--- a/build-aux/compile-all.scm
+++ b/build-aux/compile-all.scm
@@ -17,21 +17,13 @@
 ;;; You should have received a copy of the GNU General Public License
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
-(use-modules (system base target)
-             (system base message)
-             (ice-9 match)
+(use-modules (ice-9 match)
              (ice-9 threads)
+             (srfi srfi-1)
+             (guix build compile)
              (guix build utils))
 
-(define warnings
-  ;; FIXME: 'format' is missing because it reports "non-literal format
-  ;; strings" due to the fact that we use 'G_' instead of '_'.  We'll need
-  ;; help from Guile to solve this.
-  '(unsupported-warning unbound-variable arity-mismatch
-    macro-use-before-definition))                 ;new in 2.2
-
 (define host (getenv "host"))
-
 (define srcdir (getenv "srcdir"))
 
 (define (relative-file file)
@@ -53,61 +45,38 @@
     (or (not (file-exists? go))
         (file-mtime<? go file))))
 
-(define (file->module file)
-  (let* ((relative (relative-file file))
-         (module-path (string-drop-right relative 4)))
-    (map string->symbol
-         (string-split module-path #\/))))
-
-;;; To work around <http://bugs.gnu.org/15602> (FIXME), we want to load all
-;;; files to be compiled first.  We do this via resolve-interface so that the
-;;; top-level of each file (module) is only executed once.
-(define (load-module-file file)
-  (let ((module (file->module file)))
-    (format #t "  LOAD     ~a~%" module)
-    (resolve-interface module)))
-
-(cond-expand
-  (guile-2.2 (use-modules (language tree-il optimize)
-                          (language cps optimize)))
-  (else #f))
-
-(define %default-optimizations
-  ;; Default optimization options (equivalent to -O2 on Guile 2.2).
-  (cond-expand
-    (guile-2.2 (append (tree-il-default-optimization-options)
-                       (cps-default-optimization-options)))
-    (else '())))
-
-(define %lightweight-optimizations
-  ;; Lightweight optimizations (like -O0, but with partial evaluation).
-  (let loop ((opts %default-optimizations)
-             (result '()))
-    (match opts
-      (() (reverse result))
-      ((#:partial-eval? _ rest ...)
-       (loop rest `(#t #:partial-eval? ,@result)))
-      ((kw _ rest ...)
-       (loop rest `(#f ,kw ,@result))))))
-
-(define (optimization-options file)
-  (if (string-contains file "gnu/packages/")
-      %lightweight-optimizations                  ;build faster
-      '()))
-
-(define (compile-file* file output-mutex)
-  (let ((go (scm->go file)))
-    (with-mutex output-mutex
-      (format #t "  GUILEC   ~a~%" go)
-      (force-output))
-    (mkdir-p (dirname go))
-    (with-fluids ((*current-warning-prefix* ""))
-      (with-target host
-        (lambda ()
-          (compile-file file
-                        #:output-file go
-                        #:opts `(#:warnings ,warnings
-                                 ,@(optimization-options file))))))))
+(define* (parallel-job-count #:optional (flags (getenv "MAKEFLAGS")))
+  "Return the number of parallel jobs as determined by FLAGS, the flags passed
+to 'make'."
+  (match flags
+    (#f (current-processor-count))
+    (flags
+     (let ((initial-flags (string-tokenize flags)))
+       (let loop ((flags initial-flags))
+         (match flags
+           (()
+            ;; Note: GNU make prior to version 4.2 would hide "-j" flags from
+            ;; $MAKEFLAGS.  Thus, check for a "--jobserver" flag here and
+            ;; assume we're using all cores if specified.
+            (if (any (lambda (flag)
+                       (string-prefix? "--jobserver" flag))
+                     initial-flags)
+                (current-processor-count)         ;GNU make < 4.2
+                1))                               ;sequential make
+           (("-j" (= string->number count) _ ...)
+            (if (integer? count)
+                count
+                (current-processor-count)))
+           ((head tail ...)
+            (if (string-prefix? "-j" head)
+                (match (string-drop head 2)
+                  (""
+                   (current-processor-count))
+                  ((= string->number count)
+                   (if (integer? count)
+                       count
+                       (current-processor-count))))
+                (loop tail)))))))))
 
 ;; Install a SIGINT handler to give unwind handlers in 'compile-file' an
 ;; opportunity to run upon SIGINT and to remove temporary output files.
@@ -117,16 +86,14 @@
 
 (match (command-line)
   ((_ . files)
-   (let ((files (filter file-needs-compilation? files)))
-     (for-each load-module-file files)
-     (let ((mutex (make-mutex)))
-       ;; Make sure compilation related modules are loaded before starting to
-       ;; compile files in parallel.
-       (compile #f)
-       (par-for-each (lambda (file)
-                       (compile-file* file mutex))
-                     files)))))
-
-;;; Local Variables:
-;;; eval: (put 'with-target 'scheme-indent-function 1)
-;;; End:
+   (compile-files srcdir (getcwd)
+                  (filter file-needs-compilation? files)
+                  #:workers (parallel-job-count)
+                  #:host host
+                  #:report-load (lambda (file total completed)
+                                  (when file
+                                    (format #t "  LOAD     ~a~%" file)))
+                  #:report-compilation (lambda (file total completed)
+                                         (when file
+                                           (format #t "  GUILEC   ~a~%"
+                                                   (scm->go file)))))))
diff --git a/doc/guix.texi b/doc/guix.texi
index 7d7d556697..d7fabe9599 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4990,6 +4990,34 @@ as in:
 This is the declarative counterpart of @code{text-file*}.
 @end deffn
 
+@deffn {Scheme Procedure} file-union @var{name} @var{files}
+Return a @code{<computed-file>} that builds a directory containing all of @var{files}.
+Each item in @var{files} must be a two-element list where the first element is the
+file name to use in the new directory, and the second element is a gexp
+denoting the target file.  Here's an example:
+
+@example
+(file-union "etc"
+            `(("hosts" ,(plain-file "hosts"
+                                    "127.0.0.1 localhost"))
+              ("bashrc" ,(plain-file "bashrc"
+                                     "alias ls='ls --color'"))))
+@end example
+
+This yields an @code{etc} directory containing these two files.
+@end deffn
+
+@deffn {Scheme Procedure} directory-union @var{name} @var{things}
+Return a directory that is the union of @var{things}, where @var{things} is a list of
+file-like objects denoting directories.  For example:
+
+@example
+(directory-union "guile+emacs" (list guile emacs))
+@end example
+
+yields a directory that is the union of the @code{guile} and @code{emacs} packages.
+@end deffn
+
 @deffn {Scheme Procedure} file-append @var{obj} @var{suffix} @dots{}
 Return a file-like object that expands to the concatenation of @var{obj}
 and @var{suffix}, where @var{obj} is a lowerable object and each
@@ -9790,35 +9818,112 @@ Return a service that runs the Guix build daemon according to
 @var{config}.
 @end deffn
 
-@cindex udev-service
-@cindex udev-rule
-@deffn {Scheme Procedure} udev-service [#:udev @var{udev}] [#:rules @var{'()}]
+@deffn {Scheme Procedure} udev-service [#:udev @var{eudev} #:rules @code{'()}]
 Run @var{udev}, which populates the @file{/dev} directory dynamically.
-Additional udev rules can be provided as a list of files through the
-@var{rules} variable.  The procedure @var{udev-rule} simplifies the
-creation of these rule files.
+udev rules can be provided as a list of files through the @var{rules}
+variable.  The procedures @var{udev-rule} and @var{file->udev-rule} from
+@code{(gnu services base)} simplify the creation of such rule files.
+
+@deffn {Scheme Procedure} udev-rule [@var{file-name} @var{contents}]
+Return a udev-rule file named @var{file-name} containing the rules
+defined by the @var{contents} literal.
 
 In the following example, a rule for a USB device is defined to be
-stored in the file @file{90-usb-thing.rules}, and the default
-@var{udev-service} is extended with it.  The rule runs a script upon
-detecting a USB device with a given product identifier.
+stored in the file @file{90-usb-thing.rules}.  The rule runs a script
+upon detecting a USB device with a given product identifier.
 
 @example
 (define %example-udev-rule
-  (udev-rule "90-usb-thing.rules"
-             "ACTION==\"add\", SUBSYSTEM==\"usb\", ATTR@{product@}==\"Example\", RUN+=\"/path/to/script\""))
+  (udev-rule
+    "90-usb-thing.rules"
+    (string-append "ACTION==\"add\", SUBSYSTEM==\"usb\", "
+                   "ATTR@{product@}==\"Example\", "
+                   "RUN+=\"/path/to/script\"")))
+@end example
+@end deffn
+
+Here we show how the default @var{udev-service} can be extended with it.
+
+@example
+(operating-system
+ ;; @dots{}
+ (services
+ (modify-services %desktop-services
+   (udev-service-type config =>
+     (udev-configuration (inherit config)
+      (rules (append (udev-configuration-rules config)
+                     (list %example-udev-rule))))))))
+@end example
+
+@deffn {Scheme Procedure} file->udev-rule [@var{file-name} @var{file}]
+Return a udev file named @var{file-name} containing the rules defined
+within @var{file}, a file-like object.
+
+The following example showcases how we can use an existing rule file.
+
+@example
+(use-modules (guix download)     ;for url-fetch
+             (guix packages)     ;for origin
+             ;; @dots{})
+
+(define %android-udev-rules
+  (file->udev-rule
+    "51-android-udev.rules"
+    (let ((version "20170910"))
+      (origin
+       (method url-fetch)
+       (uri (string-append "https://raw.githubusercontent.com/M0Rf30/"
+                           "android-udev-rules/" version "/51-android.rules"))
+       (sha256
+        (base32 "0lmmagpyb6xsq6zcr2w1cyx9qmjqmajkvrdbhjx32gqf1d9is003"))))))
+@end example
+@end deffn
+
+Additionally, Guix package definitions can be included in @var{rules} in
+order to extend the udev rules with the definitions found under their
+@file{lib/udev/rules.d} sub-directory.  In lieu of the previous
+@var{file->udev-rule} example, we could have used the
+@var{android-udev-rules} package which exists in Guix in the @code{(gnu
+packages android)} module.
+
+The following example shows how to use the @var{android-udev-rules}
+package so that the Android tool @command{adb} can detect devices
+without root privileges.  It also details how to create the
+@code{adbusers} group, which is required for the proper functioning of
+the rules defined within the @var{android-udev-rules} package.  To
+create such a group, we must define it both as part of the
+@var{supplementary-groups} of our @var{user-account} declaration, as
+well as in the @var{groups} field of the @var{operating-system} record.
+
+@example
+(use-modules (gnu packages android)  ;for android-udev-rules
+             (gnu system shadow)     ;for user-group
+             ;; @dots{})
 
 (operating-system
   ;; @dots{}
-  (services (modify-services %desktop-services
-              (udev-service-type config =>
-                (udev-configuration (inherit config)
-                  (rules (append (udev-configuration-rules config)
-                                 (list %example-udev-rule))))))))
+  (users (cons (user-acount
+                ;; @dots{}
+                (supplementary-groups
+                 '("adbusers"   ;for adb
+                   "wheel" "netdev" "audio" "video"))
+                ;; @dots{})))
+
+  (groups (cons (user-group (system? #t) (name "adbusers"))
+                %base-groups))
+
+  ;; @dots{}
+
+  (services
+    (modify-services %desktop-services
+      (udev-service-type config =>
+       (udev-configuration (inherit config)
+       (rules (cons* android-udev-rules
+              (udev-configuration-rules config))))))))
 @end example
 @end deffn
 
-@deffn {Scheme Procedure} urandom-seed-service @var{#f}
+@deffn {Scheme Procedure} urandom-seed-service
 Save some entropy in @var{%random-seed-file} to seed @file{/dev/urandom}
 when rebooting.
 @end deffn
@@ -9930,7 +10035,7 @@ to add @var{device} to the kernel's entropy pool.  The service will fail if
 @cindex session limits
 @cindex ulimit
 @cindex priority
-@deffn {Scheme Procedure} pam-limits-service [#:limits @var{limits}]
+@deffn {Scheme Procedure} pam-limits-service [#:limits @code{'()}]
 
 Return a service that installs a configuration file for the
 @uref{http://linux-pam.org/Linux-PAM-html/sag-pam_limits.html,
diff --git a/gnu/local.mk b/gnu/local.mk
index 5639db1f75..060357ea8f 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -662,6 +662,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/glibc-CVE-2017-1000366-pt1.patch		\
   %D%/packages/patches/glibc-CVE-2017-1000366-pt2.patch		\
   %D%/packages/patches/glibc-CVE-2017-1000366-pt3.patch		\
+  %D%/packages/patches/glibc-CVE-2017-15670-15671.patch		\
   %D%/packages/patches/glibc-bootstrap-system.patch		\
   %D%/packages/patches/glibc-ldd-x86_64.patch			\
   %D%/packages/patches/glibc-locales.patch			\
@@ -729,6 +730,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/hydra-disable-darcs-test.patch		\
   %D%/packages/patches/icecat-avoid-bundled-libraries.patch	\
   %D%/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch	\
+  %D%/packages/patches/icu4c-CVE-2017-14952.patch		\
   %D%/packages/patches/icu4c-reset-keyword-list-iterator.patch	\
   %D%/packages/patches/id3lib-CVE-2007-4460.patch			\
   %D%/packages/patches/ilmbase-fix-tests.patch			\
@@ -866,6 +868,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/mozjs38-version-detection.patch		\
   %D%/packages/patches/mumps-build-parallelism.patch		\
   %D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch	\
+  %D%/packages/patches/mupdf-CVE-2017-14685.patch		\
+  %D%/packages/patches/mupdf-CVE-2017-14686.patch		\
+  %D%/packages/patches/mupdf-CVE-2017-14687.patch		\
   %D%/packages/patches/mupdf-CVE-2017-15587.patch		\
   %D%/packages/patches/mupen64plus-ui-console-notice.patch	\
   %D%/packages/patches/mutt-store-references.patch		\
diff --git a/gnu/packages/animation.scm b/gnu/packages/animation.scm
index faa0d17230..952d3bab0d 100644
--- a/gnu/packages/animation.scm
+++ b/gnu/packages/animation.scm
@@ -19,6 +19,7 @@
 (define-module (gnu packages animation)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix utils)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix build-system gnu)
@@ -34,6 +35,8 @@
   #:use-module (gnu packages image)
   #:use-module (gnu packages imagemagick)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages pulseaudio)
+  #:use-module (gnu packages qt)
   #:use-module (gnu packages video))
 
 (define-public etl
@@ -185,3 +188,71 @@ be capable of producing feature-film quality animation.  It eliminates the
 need for tweening, preventing the need to hand-draw each frame.  This package
 contains the graphical user interface for synfig.")
     (license license:gpl3+)))
+
+(define-public papagayo
+  (let ((commit "e143684b30e59fe4a554f965cb655d23cbe93ee7")
+        (revision "1"))
+    (package
+      (name "papagayo")
+      (version (string-append "2.0b1-" revision "." (string-take commit 9)))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/LostMoho/Papagayo.git")
+                      (commit commit)))
+                (sha256
+                 (base32
+                  "1p9gffjhbph34jhrvgpg93yha75bf88vkvlnk06x1r9601ph5321"))
+                (modules '((guix build utils)))
+                ;; Delete bundled libsndfile sources.
+                (snippet
+                 '(begin
+                    (delete-file-recursively "libsndfile_1.0.19")
+                    (delete-file-recursively "libsndfile_1.0.25")
+                    #t))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:phases
+         (modify-phases %standard-phases
+           (replace 'configure
+             (lambda* (#:key inputs outputs #:allow-other-keys)
+               (let ((libsndfile (assoc-ref inputs "libsndfile")))
+                 ;; Do not use bundled libsndfile sources
+                 (substitute* "Papagayo.pro"
+                   (("else \\{")
+                    (string-append "\nINCLUDEPATH += " libsndfile
+                                   "/include"
+                                   "\nLIBS +=" libsndfile
+                                   "/lib/libsndfile.so\n"
+                                   "win32 {"))))
+               (zero? (system* "qmake"
+                               (string-append "DESTDIR="
+                                              (assoc-ref outputs "out")
+                                              "/bin")))))
+           ;; Ensure that all required Qt plugins are found at runtime.
+           (add-after 'install 'wrap-executable
+             (lambda* (#:key inputs outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (qt '("qt" "qtmultimedia")))
+                 (wrap-program (string-append out "/bin/Papagayo")
+                   `("QT_PLUGIN_PATH" ":" prefix
+                     ,(map (lambda (label)
+                             (string-append (assoc-ref inputs label)
+                                            "/lib/qt5/plugins/"))
+                           qt)))
+                 #t))))))
+      (inputs
+       `(("qt" ,qtbase)
+         ("qtmultimedia" ,qtmultimedia)
+         ("libsndfile" ,libsndfile)))
+      (native-inputs
+       `(("qttools" ,qttools)))
+      (home-page "http://www.lostmarble.com/papagayo/")
+      (synopsis "Lip-syncing for animations")
+      (description
+       "Papagayo is a lip-syncing program designed to help you line up
+phonemes with the actual recorded sound of actors speaking.  Papagayo makes it
+easy to lip sync animated characters by making the process very simple – just
+type in the words being spoken, then drag the words on top of the sound’s
+waveform until they line up with the proper sounds.")
+      (license license:gpl3+))))
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index aaac1c357e..35b60511bc 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -1065,20 +1065,35 @@ PS, and DAB+.")
 (define-public faust-2
   (package
     (inherit faust)
-    (version "2.0.a51")
+    (version "2.1.0")
     (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "mirror://sourceforge/faudiostream/faust-" version ".tgz"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/grame-cncm/faust.git")
+                    (commit (string-append "v"
+                                           (string-map (lambda (c)
+                                                         (if (char=? c #\.) #\- c))
+                                                       version)))))
               (sha256
                (base32
-                "1yryjqfqmxs7lxy95hjgmrncvl9kig3rcsmg0v49ghzz7vs7haxf"))))
+                "06km0ygwxxwgw1lqldccqidxhmjfz8ck0wnbd95qk5sg8sbpc068"))))
     (build-system gnu-build-system)
     (arguments
      (substitute-keyword-arguments (package-arguments faust)
        ((#:make-flags flags)
         `(list (string-append "prefix=" (assoc-ref %outputs "out"))
-               "world"))))
+               "world"))
+       ((#:phases phases)
+        `(modify-phases ,phases
+           ;; Files appear under $out/share/faust that are read-only.  The
+           ;; install phase tries to overwrite them and fails, so we change
+           ;; the permissions first.
+           (add-before 'install 'fix-permissions
+             (lambda* (#:key outputs #:allow-other-keys)
+               (for-each (lambda (file)
+                           (chmod file #o644))
+                         (find-files "architecture/max-msp" ".*"))
+               #t))))))
     (native-inputs
      `(("llvm" ,llvm-with-rtti)
        ("which" ,which)
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index 781cc26078..00328cb344 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -449,13 +449,13 @@ detection, and lossless compression.")
 (define-public borg
   (package
     (name "borg")
-    (version "1.1.0")
+    (version "1.1.1")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "borgbackup" version))
               (sha256
                (base32
-                "0vwyg0b4kxb0rspqwhvgi5c78dzimgkydf03wif27a40qhh1235l"))
+                "0iik5lq349cl87imlwra2pp0j36wjhpn8r1d3778azvvqpyjq2d5"))
               (modules '((guix build utils)))
               (snippet
                '(for-each
@@ -505,7 +505,7 @@ detection, and lossless compression.")
                             "and not test_fuse "
                             "and not test_fuse_allow_damaged_files"))))))
          (add-after 'install 'install-doc
-           (lambda* (#:key outputs #:allow-other-keys)
+           (lambda* (#:key inputs outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
                     (man (string-append out "/share/man/man1"))
                     (misc (string-append out "/share/borg/misc")))
@@ -513,11 +513,11 @@ detection, and lossless compression.")
                          '("docs/misc/create_chunker-params.txt"
                            "docs/misc/internals-picture.txt"
                            "docs/misc/prune-example.txt"))
+               (add-installed-pythonpath inputs outputs)
                (and
-                 (zero? (system* "python3" "setup.py" "build_ext" "--inplace"))
-                 (zero? (system* "make" "-C" "docs" "man"))
+                 (zero? (system* "python3" "setup.py" "build_man"))
                  (begin
-                   (install-file "docs/_build/man/borg.1" man)
+                   (copy-recursively "docs/man" man)
                    #t))))))))
     (native-inputs
      `(("python-cython" ,python-cython)
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index 7e1177db9d..16c6a15a58 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -509,6 +509,7 @@ store.")
   (package
    (name "glibc")
    (version "2.25")
+   (replacement glibc/fixed)
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/glibc/glibc-"
@@ -812,6 +813,15 @@ GLIBC/HURD for a Hurd host"
 (define-syntax glibc
   (identifier-syntax (glibc-for-target)))
 
+(define glibc/fixed
+  (package
+    (inherit glibc)
+    (source (origin
+              (inherit (package-source glibc))
+              (patches (append
+                        (origin-patches (package-source glibc))
+                        (search-patches "glibc-CVE-2017-15670-15671.patch")))))))
+
 ;; Below are old libc versions, which we use mostly to build locale data in
 ;; the old format (which the new libc cannot cope with.)
 
@@ -831,6 +841,7 @@ GLIBC/HURD for a Hurd host"
                                        "glibc-o-largefile.patch"
                                        "glibc-vectorized-strcspn-guards.patch"
                                        "glibc-CVE-2015-5180.patch"
+                                       "glibc-CVE-2017-15670-15671.patch"
                                        "glibc-CVE-2017-1000366-pt1.patch"
                                        "glibc-CVE-2017-1000366-pt2.patch"
                                        "glibc-CVE-2017-1000366-pt3.patch"))))))
@@ -854,6 +865,7 @@ GLIBC/HURD for a Hurd host"
                                        "glibc-CVE-2016-3075.patch"
                                        "glibc-CVE-2016-3706.patch"
                                        "glibc-CVE-2016-4429.patch"
+                                       "glibc-CVE-2017-15670-15671.patch"
                                        "glibc-CVE-2017-1000366-pt1.patch"
                                        "glibc-CVE-2017-1000366-pt2.patch"
                                        "glibc-CVE-2017-1000366-pt3.patch"))))))
@@ -876,6 +888,7 @@ GLIBC/HURD for a Hurd host"
                                        "glibc-CVE-2016-3075.patch"
                                        "glibc-CVE-2016-3706.patch"
                                        "glibc-CVE-2016-4429.patch"
+                                       "glibc-CVE-2017-15670-15671.patch"
                                        "glibc-CVE-2017-1000366-pt1.patch"
                                        "glibc-CVE-2017-1000366-pt2.patch"
                                        "glibc-CVE-2017-1000366-pt3.patch"))))
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index bb8a0f8d40..aaf8b613e0 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -7,6 +7,7 @@
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2016 Raoul Bonnal <ilpuccio.febo@gmail.com>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -3615,7 +3616,7 @@ assembled metagenomic sequence.")
 (define-public miso
   (package
     (name "miso")
-    (version "0.5.3")
+    (version "0.5.4")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -3623,7 +3624,7 @@ assembled metagenomic sequence.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "0x446867az8ir0z8c1vjqffkp0ma37wm4sylixnkhgawllzx8v5w"))
+                "1z3x0vd8ma7pdrnywj7i3kgwl89sdkwrrn62zl7r5calqaq2hyip"))
               (modules '((guix build utils)))
               (snippet
                '(substitute* "setup.py"
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index ab4f86d526..9a1b628809 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -18,6 +18,7 @@
 ;;; Copyright © 2017 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
 ;;; Copyright © 2017 Theodoros Foradis <theodoros@foradis.org>
 ;;; Copyright © 2017 Stefan Reichör <stefan@xsteve.at>
+;;; Copyright © 2017 Petter <petter@mykolab.ch>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1612,3 +1613,24 @@ extract files to standard out).  As @command{atool} invokes external programs
 to handle the archives, not all commands may be supported for a certain type
 of archives.")
     (license license:gpl2+)))
+
+(define-public perl-archive-extract
+  (package
+    (name "perl-archive-extract")
+    (version "0.80")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/B/BI/BINGOS/Archive-Extract-"
+                           version ".tar.gz"))
+       (sha256
+        (base32
+         "1x15j1q6w6z8hqyqgap0lz4qbq2174wfhksy1fdd653ccbaw5jr5"))))
+    (build-system perl-build-system)
+    (home-page "http://search.cpan.org/dist/Archive-Extract/")
+    (synopsis "Generic archive extracting mechanism")
+    (description "It allows you to extract any archive file of the type .tar,
+.tar.gz, .gz, .Z, tar.bz2, .tbz, .bz2, .zip, .xz,, .txz, .tar.xz or .lzma
+without having to worry how it does so, or use different interfaces for each
+type by using either Perl modules, or command-line tools on your system.")
+    (license license:perl-license)))
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index df2310b37c..cad2d6f796 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -44,6 +44,7 @@
   (package
    (name "curl")
    (version "7.56.0")
+   (replacement curl-7.56.1)
    (source (origin
             (method url-fetch)
             (uri (string-append "https://curl.haxx.se/download/curl-"
@@ -130,3 +131,16 @@ tunneling, and so on.")
    (license (license:non-copyleft "file://COPYING"
                                   "See COPYING in the distribution."))
    (home-page "https://curl.haxx.se/")))
+
+(define-public curl-7.56.1
+  (package
+    (inherit curl)
+    (version "7.56.1")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://curl.haxx.se/download/curl-"
+                            version ".tar.xz"))
+        (sha256
+         (base32
+          "1l9r386qz7l7h4n5lysrf1wq93lyc72a7shgg9b8s5d0ycn2ivcf"))))))
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 2d6baea9fa..8ccbba2b1a 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -1582,14 +1582,14 @@ on another machine, accessed via TCP/IP.")
 (define-public python-peewee
   (package
     (name "python-peewee")
-    (version "2.8.3")
+    (version "2.10.2")
       (source
         (origin
         (method url-fetch)
         (uri (pypi-uri "peewee" version))
         (sha256
          (base32
-          "1605bk11s7aap2q4qyba93rx7yfh8b11kk0cqi08z8klx2iar8yd"))))
+          "10f2mrd5hw6rjklrzaix2lsxlgc8vx3xak54arcy6yd791zhchi3"))))
     (build-system python-build-system)
     (arguments
      `(#:tests? #f)) ; Fails to import test data
@@ -1728,13 +1728,13 @@ etc., and an SQL engine for performing simple SQL queries.")
 (define-public python-lmdb
   (package
     (name "python-lmdb")
-    (version "0.92")
+    (version "0.93")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "lmdb" version))
               (sha256
                (base32
-                "01nw6r08jkipx6v92kw49z34wmwikrpvc5j9xawdiyg1n2526wrx"))
+                "0xdpb298fyl68acadbwv5801wcwfpnhc7sm4bnrq1x4bd5dhhsql"))
               (modules '((guix build utils)))
               (snippet
                ;; Delete bundled lmdb source files.
diff --git a/gnu/packages/django.scm b/gnu/packages/django.scm
index c70c074938..f983b1aa10 100644
--- a/gnu/packages/django.scm
+++ b/gnu/packages/django.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -150,7 +151,7 @@ with arguments to the field constructor.")
      `(("python-django" ,python-django)
        ("python-setuptools-scm" ,python-setuptools-scm)))
     (propagated-inputs
-     `(("python-pytest" ,python-pytest)))
+     `(("python-pytest" ,python-pytest-3.0)))
     (home-page "http://pytest-django.readthedocs.org/")
     (synopsis "Django plugin for py.test")
     (description "Pytest-django is a plugin for py.test that provides a set of
diff --git a/gnu/packages/embedded.scm b/gnu/packages/embedded.scm
index e89f5570b0..033d0032e7 100644
--- a/gnu/packages/embedded.scm
+++ b/gnu/packages/embedded.scm
@@ -42,6 +42,8 @@
   #:use-module (gnu packages libusb)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages swig)
   #:use-module (gnu packages texinfo)
   #:use-module (srfi srfi-1))
 
@@ -867,3 +869,66 @@ the Raspberry Pi chip.")
       (synopsis "GCC for VC4")
       (description "This package provides @code{gcc} for VideoCore IV,
 the Raspberry Pi chip."))))
+
+(define-public python2-libmpsse
+  (package
+    (name "python2-libmpsse")
+    (version "1.3")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://storage.googleapis.com/"
+                            "google-code-archive-downloads/v2/"
+                            "code.google.com/libmpsse/"
+                            "libmpsse-" version ".tar.gz"))
+        (sha256
+          (base32
+            "0jq7nhqq3na8675jnpfcar3pd3dp3adhhc4lw900swkla01a1wh8"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("libftdi" ,libftdi)
+       ("python" ,python-2)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("swig" ,swig)
+       ("which" ,base:which)))
+    (arguments
+     `(#:tests? #f ; No tests exist.
+       #:make-flags
+       (list (string-append "CFLAGS=-Wall -fPIC -fno-strict-aliasing -g -O2 "
+                            "$(shell pkg-config --cflags libftdi1)"))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'set-environment-up
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (chdir "src")
+             (setenv "PYDEV" (string-append (assoc-ref inputs "python")
+                             "/include/python2.7"))
+             #t))
+         (add-after 'unpack 'patch-global-variable
+           (lambda _
+             ;; fast_rw_buf was defined in a header file which was making
+             ;; the build not reproducible.
+             (substitute* "src/fast.c"
+               (("^int fast_build_block_buffer") "
+
+unsigned char fast_rw_buf[SPI_RW_SIZE + CMD_SIZE];
+int fast_build_block_buffer"))
+             (substitute* "src/mpsse.h"
+               (("unsigned char fast_rw_buf.*") "
+"))
+             #t))
+         (replace 'install
+           (lambda* (#:key outputs make-flags #:allow-other-keys #:rest args)
+             (let* ((out (assoc-ref outputs "out"))
+                    (out-python (string-append out
+                                               "/lib/python2.7/site-packages"))
+                    (install (assoc-ref %standard-phases 'install)))
+               (install #:make-flags (cons (string-append "PYLIB=" out-python)
+                                           make-flags))))))))
+    (home-page "https://code.google.com/archive/p/libmpsse/")
+    (synopsis "Python library for MPSSE SPI I2C JTAG adapter by FTDI")
+    (description "This package provides a library in order to support the
+MPSSE (Multi-Protocol Synchronous Serial Engine) adapter by FTDI that can do
+SPI, I2C, JTAG.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index 6709f02923..61eed39ef0 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -267,7 +267,8 @@ the others like yourself, that want what you have.")
            (lambda* (#:key outputs #:allow-other-keys)
              (zero? (system* "sh" "install.sh"
                              (assoc-ref outputs "out")))))
-         (replace 'check
+         (delete 'check)
+         (add-after 'install 'check
            (lambda* (#:key outputs #:allow-other-keys)
              (zero? (system* (string-append (assoc-ref outputs "out")
                                             "/bin/cowsay")
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index 70c133881c..e8a44f20b8 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -5,13 +5,14 @@
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
 ;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
 ;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2016 Christopher Baines <mail@cbaines.net>
 ;;; Copyright © 2016 Mike Gerwitz <mtg@gnu.org>
 ;;; Copyright © 2016 Troy Sankey <sankeytms@gmail.com>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017 Petter <petter@mykolab.ch>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -837,3 +838,40 @@ them to transform your existing public key into a secret key.")
 @uref{https://gnupg.org, GnuPG}.  It can be used to encrypt, decrypt, and sign
 files, to verify signatures, and to manage the private and public keys.")
     (license license:gpl3+)))
+
+(define-public perl-gnupg-interface
+  (package
+    (name "perl-gnupg-interface")
+    (version "0.52")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://cpan/authors/id/A/AL/ALEXMV/"
+                                  "GnuPG-Interface-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0dgx8yhdsmhkazcrz14n4flrk1afv7azgl003hl4arxvi1d9yyi4"))))
+    (build-system perl-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         ;; FIXME: This test fails for unknown reasons
+         (add-after 'unpack 'delete-broken-test
+           (lambda _
+             (delete-file "t/encrypt_symmetrically.t")
+             #t)))))
+    (inputs
+     `(("gnupg" ,gnupg-1)))
+    (propagated-inputs
+     `(("perl-moo" ,perl-moo)
+       ("perl-moox-handlesvia" ,perl-moox-handlesvia)
+       ("perl-moox-late" ,perl-moox-late)))
+    (native-inputs
+     `(("which" ,which)
+       ("perl-module-install" ,perl-module-install)))
+    (home-page "http://search.cpan.org/dist/GnuPG-Interface/")
+    (synopsis "Perl interface to GnuPG")
+    (description "@code{GnuPG::Interface} and its associated modules are
+designed to provide an object-oriented method for interacting with GnuPG,
+being able to perform functions such as but not limited to encrypting,
+signing, decryption, verification, and key-listing parsing.")
+    (license license:perl-license)))
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index da74a8dd95..2d607360c2 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -441,7 +441,16 @@ standards.")
         (mozilla-patch "icecat-bug-1368269.patch"        "0cff5e66e0f4" "0jb0wqi7c0ih4441s1908j6gv18v4inh7k2w47h3c9nhz4rgyrw7")
         (mozilla-patch "icecat-CVE-2017-7793.patch"      "6ff3c82962f0" "0bw82034kdmrpznigbavzzsiybzrw8giyf8v0z2cxf6mwl72bf9k")
         (mozilla-patch "icecat-bug-1400399.patch"        "d6f78b1349b7" "0i3gwr2al3xl65yfa3nimvy8dp0jzpx21f6bjw18xwn7zkkh9j54")
-        (mozilla-patch "icecat-bug-1400721.patch"        "285cde398833" "0a1i32zl30wfyw7zkqj595s94n6wdlg5c495m0910pd05pjg3qam")))
+        (mozilla-patch "icecat-bug-1400721.patch"        "285cde398833" "0a1i32zl30wfyw7zkqj595s94n6wdlg5c495m0910pd05pjg3qam")
+        (mozilla-patch "icecat-bug-1395138.patch"        "98b3988592a6" "03wy173lj6mvmh5q92brf596h8676h0zasgqfnndpvsmsiaih120")
+        (mozilla-patch "icecat-bug-1369561.patch"        "47590f0c274b" "0zsys6dcyhfb4a8k2dhsls7425jg6r1ijlrsn1lc5smwyf62zx5v")
+        (mozilla-patch "icecat-bug-1375146.patch"        "55b435cbbb55" "1gcasaqrxa13a55v05bkxl3d1md829kpfhqiaws83wn08x28l0my")
+        (mozilla-patch "icecat-bug-1394530.patch"        "8549cf2dab3e" "168gs32ncavaj9xn4gwhh9i01cbpnhgx9yn333apsrc1gwknpvsr")
+        (mozilla-patch "icecat-bug-1400554.patch"        "349acf56ff49" "1vwn87rdryfjsn809pl50xmr82q98gz3vz9h6clkd905vbd9rwz7")
+        (mozilla-patch "icecat-bug-1400003.patch"        "3af5bf8bdea0" "07az28dnpxr36j7i3llxkrlkrmg0bwk4f3sm75x1f0r1v5575p3p")
+        (mozilla-patch "icecat-bug-1407751.patch"        "592df6088926" "1gy27idik4b6wcg4szww08cmpcljssja8wql6w1d807h7ni65lr7")
+        (mozilla-patch "icecat-bug-1261175.patch"        "77a2d4610275" "13ysbwflnysj4rs45ibckd621s0vyg1s8dvannlvanvrz1g72zcz")
+        (mozilla-patch "icecat-bug-1394265.patch"        "2b30335d0b95" "0hs5cwickvfw7r5dn7y148jgr2b21hl613qp83k56634d0y64qwp")))
       (modules '((guix build utils)))
       (snippet
        '(begin
diff --git a/gnu/packages/graphviz.scm b/gnu/packages/graphviz.scm
index 5f2fcb8602..c71fb74cfb 100644
--- a/gnu/packages/graphviz.scm
+++ b/gnu/packages/graphviz.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Theodoros Foradis <theodoros@foradis.org>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -112,13 +113,13 @@ interfaces for other technical domains.")
 (define-public python-graphviz
   (package
     (name "python-graphviz")
-    (version "0.8")
+    (version "0.8.1")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "graphviz" version ".zip"))
               (sha256
                (base32
-                "0i738qb32w93hraxzjwkvnxmrfwcalhjd14fdbah9f2mk46p5748"))))
+                "00rzqsmq25b0say05vix5xivchdvsv83jl2i8pkryqd0nz4bxzvb"))))
     (build-system python-build-system)
     (native-inputs
      `(("unzip" ,unzip)))
diff --git a/gnu/packages/haskell.scm b/gnu/packages/haskell.scm
index 6864b7df6d..87e60a8861 100644
--- a/gnu/packages/haskell.scm
+++ b/gnu/packages/haskell.scm
@@ -11,6 +11,7 @@
 ;;; Copyright © 2017 Danny Milosavljevic <dannym@scratchpost.org>
 ;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@gmail.com>
 ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
+;;; Copyright © 2017 rsiddharth <s@ricketyspace.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -4282,7 +4283,7 @@ command line options in Haskell.")
 (define-public ghc-base-orphans
   (package
     (name "ghc-base-orphans")
-    (version "0.4.4")
+    (version "0.6")
     (source
      (origin
        (method url-fetch)
@@ -4292,7 +4293,7 @@ command line options in Haskell.")
              ".tar.gz"))
        (sha256
         (base32
-         "0hhgpwjvx7jhvlhsygmmf0q5hv2ymijzz4bjilicw99bmv13qcpl"))))
+         "03mdww5j0gwai7aqlx3m71ldmjcr99jzpkcclzjfclk6a6kjla67"))))
     (build-system haskell-build-system)
     (native-inputs
      `(("ghc-quickcheck" ,ghc-quickcheck)
@@ -5918,14 +5919,14 @@ of a JSON value into a @code{Data.Aeson.Value}.")
 (define-public ghc-conduit
   (package
     (name "ghc-conduit")
-    (version "1.2.5.1")
+    (version "1.2.12.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://hackage.haskell.org/package/"
                                   "conduit/conduit-" version ".tar.gz"))
               (sha256
                (base32
-                "0aq6wswd5dkhdmy7sjhd99mldpq33dqpgbdcwpm94ahvckqxs7v5"))))
+                "0zl6gflh7y36y2vypjhqx13nhkk5y3h12c1zj7kjfclrmwnvnwh0"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-exceptions" ,ghc-exceptions)
@@ -5938,15 +5939,16 @@ of a JSON value into a @code{Data.Aeson.Value}.")
     (native-inputs
      `(("ghc-quickcheck" ,ghc-quickcheck)
        ("ghc-hspec" ,ghc-hspec)
-       ("ghc-safe" ,ghc-safe)))
+       ("ghc-safe" ,ghc-safe)
+       ("ghc-split" ,ghc-split)))
     (home-page "https://github.com/snoyberg/conduit")
     (synopsis "Streaming data library ")
     (description
-     "conduit is a solution to the streaming data problem, allowing for
-production, transformation, and consumption of streams of data in constant
-memory.  It is an alternative to lazy I/O which guarantees deterministic
-resource handling, and fits in the same general solution space as
-enumerator/iteratee and pipes." )
+     "The conduit package is a solution to the streaming data problem,
+allowing for production, transformation, and consumption of streams of data
+in constant memory.  It is an alternative to lazy I/O which guarantees
+deterministic resource handling, and fits in the same general solution
+space as enumerator/iteratee and pipes.")
     (license license:expat)))
 
 (define-public ghc-logging-facade
@@ -9005,4 +9007,1096 @@ contents of the HTTP connection.  It also provides higher-level functions
 which allow you to avoid direct usage of conduits.")
     (license license:bsd-3)))
 
+(define-public ghc-errors
+  (package
+    (name "ghc-errors")
+    (version "2.2.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "errors-" version "/"
+                           "errors-" version ".tar.gz"))
+       (sha256
+        (base32
+         "13sflhglcm5skwrxb48fw96skdcx7ydiy4zg22200733pxhjncpn"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-exceptions" ,ghc-exceptions)
+       ("ghc-text" ,ghc-text)
+       ("ghc-transformers-compat" ,ghc-transformers-compat)
+       ("ghc-unexceptionalio" ,ghc-unexceptionalio)
+       ("ghc-safe" ,ghc-safe)))
+    (home-page "https://github.com/gabriel439/haskell-errors-library")
+    (synopsis "Error handling library for Haskell")
+    (description "This library encourages an error-handling style that
+directly uses the type system, rather than out-of-band exceptions.")
+    (license license:bsd-3)))
+
+(define-public ghc-vector-th-unbox
+  (package
+    (name "ghc-vector-th-unbox")
+    (version "0.2.1.6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "vector-th-unbox-" version "/"
+                           "vector-th-unbox-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0d82x55f5vvr1jvaia382m23rs690lg55pvavv8f4ph0y6kd91xy"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-vector" ,ghc-vector)
+       ("ghc-data-default" ,ghc-data-default)))
+    (home-page "https://github.com/liyang/vector-th-unbox")
+    (synopsis "Deriver for Data.Vector.Unboxed using Template Haskell")
+    (description "This Haskell library provides a Template Haskell
+deriver for unboxed vectors, given a pair of coercion functions to
+and from some existing type with an Unbox instance.")
+    (license license:bsd-3)))
+
+(define-public ghc-erf
+  (package
+    (name "ghc-erf")
+    (version "2.0.0.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "erf-" version "/"
+                           "erf-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0dxk2r32ajmmc05vaxcp0yw6vgv4lkbmh8jcshncn98xgsfbgw14"))))
+    (build-system haskell-build-system)
+    (home-page "https://hackage.haskell.org/package/erf")
+    (synopsis "The error function, erf, and related functions for Haskell")
+    (description "This Haskell library provides a type class for the
+error function, erf, and related functions.  Instances for Float and
+Double.")
+    (license license:bsd-3)))
+
+(define-public ghc-math-functions
+  (package
+    (name "ghc-math-functions")
+    (version "0.2.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "math-functions-" version "/"
+                           "math-functions-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1sv5vabsx332v1lpb6v3jv4zrzvpx1n7yprzd8wlcda5vsc5a6zp"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-vector" ,ghc-vector)
+       ("ghc-vector-th-unbox" ,ghc-vector-th-unbox)))
+    (native-inputs
+     `(("ghc-hunit" ,ghc-hunit)
+       ("ghc-quickcheck" ,ghc-quickcheck)
+       ("ghc-erf" ,ghc-erf)
+       ("ghc-test-framework" ,ghc-test-framework)
+       ("ghc-test-framework-hunit" ,ghc-test-framework-hunit)
+       ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2)))
+    (home-page "https://github.com/bos/math-functions")
+    (synopsis "Special functions and Chebyshev polynomials for Haskell")
+    (description "This Haskell library provides implementations of
+special mathematical functions and Chebyshev polynomials.  These
+functions are often useful in statistical and numerical computing.")
+    (license license:bsd-3)))
+
+(define-public ghc-mwc-random
+  (package
+    (name "ghc-mwc-random")
+    (version "0.13.6.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "mwc-random-" version "/"
+                           "mwc-random-" version ".tar.gz"))
+       (sha256
+        (base32
+         "05j7yh0hh9nxic3dijmzv44kc6gzclvamdph7sq7w19wq57k6pq6"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-primitive" ,ghc-primitive)
+       ("ghc-vector" ,ghc-vector)
+       ("ghc-math-functions" ,ghc-math-functions)))
+    (arguments
+     `(#:tests? #f)) ; FIXME: Test-Suite `spec` fails.
+    (native-inputs
+     `(("ghc-hunit" ,ghc-hunit)
+       ("ghc-quickcheck" ,ghc-quickcheck)
+       ("ghc-test-framework" ,ghc-test-framework)
+       ("ghc-test-framework-hunit" ,ghc-test-framework-hunit)
+       ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2)))
+    (home-page "https://github.com/bos/mwc-random")
+    (synopsis "Random number generation library for Haskell")
+    (description "This Haskell package contains code for generating
+high quality random numbers that follow either a uniform or normal
+distribution.  The generated numbers are suitable for use in
+statistical applications.
+
+The uniform PRNG uses Marsaglia's MWC256 (also known as MWC8222)
+multiply-with-carry generator, which has a period of 2^{8222} and
+fares well in tests of randomness.  It is also extremely fast,
+between 2 and 3 times faster than the Mersenne Twister.")
+    (license license:bsd-3)))
+
+(define-public ghc-vector-algorithms
+  (package
+    (name "ghc-vector-algorithms")
+    (version "0.7.0.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "vector-algorithms-" version "/"
+                           "vector-algorithms-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0w4hf598lpxfg58rnimcqxrbnpqq2jmpjx82qa5md3q6r90hlipd"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-vector" ,ghc-vector)
+       ("ghc-mtl" ,ghc-mtl)
+       ("ghc-mwc-random" ,ghc-mwc-random)))
+    (native-inputs
+     `(("ghc-quickcheck" ,ghc-quickcheck)))
+    (home-page "https://github.com/bos/math-functions")
+    (synopsis "Algorithms for vector arrays in Haskell")
+    (description "This Haskell library algorithms for vector arrays.")
+    (license license:bsd-3)))
+
+(define-public ghc-language-haskell-extract
+  (package
+    (name "ghc-language-haskell-extract")
+    (version "0.2.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "language-haskell-extract-" version "/"
+                           "language-haskell-extract-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1nxcs7g8a1sp91bzpy4cj6s31k5pvc3gvig04cbrggv5cvjidnhl"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-regex-posix" ,ghc-regex-posix)))
+    (home-page "https://github.com/finnsson/template-helper")
+    (synopsis "Haskell module to automatically extract functions from
+the local code")
+    (description "This package contains helper functions on top of
+Template Haskell.
+
+For example, @code{functionExtractor} extracts all functions after a
+regexp-pattern, which can be useful if you wish to extract all functions
+beginning with @code{test} (for a test framework) or all functions beginning
+with @code{wc} (for a web service).")
+    (license license:bsd-3)))
+
+(define-public ghc-test-framework-th
+  (package
+    (name "ghc-test-framework-th")
+    (version "0.2.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "test-framework-th-" version "/"
+                           "test-framework-th-" version ".tar.gz"))
+       (sha256
+        (base32
+         "12lw7yj02jb9s0i7rb98jjam43j2h0gzmnbj9zi933fx7sg0sy4b"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-test-framework" ,ghc-test-framework)
+       ("ghc-language-haskell-extract" ,ghc-language-haskell-extract)
+       ("ghc-haskell-src-exts" ,ghc-haskell-src-exts)
+       ("ghc-regex-posix" ,ghc-regex-posix)))
+    (home-page "https://github.com/finnsson/test-generator")
+    (synopsis "Auto generate the HUnit- and Quickcheck-bulk-code
+using Template Haskell")
+    (description "This library contains two functions:
+@code{defaultMainGenerator} and @code{testGroupGenerator}.
+
+@code{defaultMainGenerator} will extract all functions beginning with
+@code{case_}, @code{prop_}, or @code{test_} in the module and put them in a
+@code{testGroup}.
+
+@code{testGroupGenerator} is like @code{defaultMainGenerator} but without
+@code{defaultMain}.  It is useful if you need a function for the testgroup
+\(e.g. if you want to be able to call the testgroup from another module).")
+    (license license:bsd-3)))
+
+(define-public ghc-abstract-par
+  (package
+    (name "ghc-abstract-par")
+    (version "0.3.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "abstract-par-" version "/"
+                           "abstract-par-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0q6qsniw4wks2pw6wzncb1p1j3k6al5njnvm2v5n494hplwqg2i4"))))
+    (build-system haskell-build-system)
+    (home-page "https://github.com/simonmar/monad-par")
+    (synopsis "Abstract parallelization interface for Haskell")
+    (description "This Haskell package is an abstract interface
+only.  It provides a number of type clasess, but not an
+implementation.  The type classes separate different levels
+of @code{Par} functionality.  See the @code{Control.Monad.Par.Class}
+module for more details.")
+    (license license:bsd-3)))
+
+(define-public ghc-monad-par-extras
+  (package
+    (name "ghc-monad-par-extras")
+    (version "0.3.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "monad-par-extras-" version "/"
+                           "monad-par-extras-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0bl4bd6jzdc5zm20q1g67ppkfh6j6yn8fwj6msjayj621cck67p2"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-abstract-par" ,ghc-abstract-par)
+              ("ghc-cereal" ,ghc-cereal)
+              ("ghc-random" ,ghc-random)
+              ("ghc-mtl" ,ghc-mtl)))
+    (home-page "https://github.com/simonmar/monad-par")
+    (synopsis "Combinators and extra features for Par monads for Haskell")
+    (description "This Haskell package provides additional data structures,
+and other added capabilities layered on top of the @code{Par} monad.")
+    (license license:bsd-3)))
+
+(define-public ghc-abstract-deque
+  (package
+    (name "ghc-abstract-deque")
+    (version "0.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "abstract-deque-" version "/"
+                           "abstract-deque-" version ".tar.gz"))
+       (sha256
+        (base32
+         "18jwswjxwzc9bjiy4ds6hw2a74ki797jmfcifxd2ga4kh7ri1ah9"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-random" ,ghc-random)))
+    (home-page "https://github.com/rrnewton/haskell-lockfree/wiki")
+    (synopsis "Abstract, parameterized interface to mutable Deques for Haskell")
+    (description "This Haskell package provides an abstract interface to
+highly-parameterizable queues/deques.
+
+Background: There exists a feature space for queues that extends between:
+
+@itemize
+@item Simple, single-ended, non-concurrent, bounded queues
+
+@item Double-ended, threadsafe, growable queues with important points
+inbetween (such as the queues used for work-stealing).
+@end itemize
+
+This package includes an interface for Deques that allows the programmer
+to use a single API for all of the above, while using the type-system to
+select an efficient implementation given the requirements (using type families).
+
+This package also includes a simple reference implementation based on
+@code{IORef} and @code{Data.Sequence}.")
+    (license license:bsd-3)))
+
+(define-public ghc-monad-par
+  (package
+    (name "ghc-monad-par")
+    (version "0.3.4.8")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "monad-par-" version "/"
+                           "monad-par-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0ldrzqy24fsszvn2a2nr77m2ih7xm0h9bgkjyv1l274aj18xyk7q"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-abstract-par" ,ghc-abstract-par)
+              ("ghc-abstract-deque" ,ghc-abstract-deque)
+              ("ghc-monad-par-extras" ,ghc-monad-par-extras)
+              ("ghc-mwc-random" ,ghc-mwc-random)
+              ("ghc-parallel" ,ghc-parallel)
+              ("ghc-mtl" ,ghc-mtl)))
+    (native-inputs `(("ghc-quickcheck" ,ghc-quickcheck)
+                     ("ghc-hunit" ,ghc-hunit)
+                     ("ghc-test-framework-hunit" ,ghc-test-framework-hunit)
+                     ("ghc-test-framework-quickcheck2"
+                      ,ghc-test-framework-quickcheck2)
+                     ("ghc-test-framework" ,ghc-test-framework)
+                     ("ghc-test-framework-th" ,ghc-test-framework-th)))
+    (home-page "https://github.com/simonmar/monad-par")
+    (synopsis "Haskell library for parallel programming based on a monad")
+    (description "The @code{Par} monad offers an API for parallel
+programming.  The library works for parallelising both pure and @code{IO}
+computations, although only the pure version is deterministic.  The default
+implementation provides a work-stealing scheduler and supports forking tasks
+that are much lighter weight than IO-threads.")
+    (license license:bsd-3)))
+
+(define-public ghc-statistics
+  (package
+    (name "ghc-statistics")
+    (version "0.14.0.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "statistics-" version "/"
+                           "statistics-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0y27gafkib0x0fn39qfn2rkgsfrm09ng35sbb5dwr7rclhnxz59l"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-aeson" ,ghc-aeson)
+       ("ghc-base-orphans" ,ghc-base-orphans)
+       ("ghc-erf" ,ghc-erf)
+       ("ghc-math-functions" ,ghc-math-functions)
+       ("ghc-monad-par" ,ghc-monad-par)
+       ("ghc-mwc-random" ,ghc-mwc-random)
+       ("ghc-primitive" ,ghc-primitive)
+       ("ghc-vector" ,ghc-vector)
+       ("ghc-vector-algorithms" ,ghc-vector-algorithms)
+       ("ghc-vector-th-unbox" ,ghc-vector-th-unbox)
+       ("ghc-vector-binary-instances" ,ghc-vector-binary-instances)))
+    (native-inputs
+     `(("ghc-hunit" ,ghc-hunit)
+       ("ghc-quickcheck" ,ghc-quickcheck)
+       ("ghc-ieee754", ghc-ieee754)
+       ("ghc-test-framework" ,ghc-test-framework)
+       ("ghc-test-framework-hunit" ,ghc-test-framework-hunit)
+       ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2)))
+    (arguments
+     `(#:tests? #f)) ; FIXME: Test-Suite `spec` fails.
+    (home-page "https://github.com/bos/mwc-random")
+    (synopsis "Haskell library of statistical types, data, and functions")
+    (description "This library provides a number of common functions
+and types useful in statistics.  We focus on high performance, numerical
+robustness, and use of good algorithms.  Where possible, we provide references
+to the statistical literature.
+
+The library's facilities can be divided into four broad categories:
+
+@itemize
+@item Working with widely used discrete and continuous probability
+distributions.  (There are dozens of exotic distributions in use; we focus
+on the most common.)
+
+@item Computing with sample data: quantile estimation, kernel density
+estimation, histograms, bootstrap methods, significance testing,
+and regression and autocorrelation analysis.
+
+@item Random variate generation under several different distributions.
+
+@item Common statistical tests for significant differences between samples.
+@end itemize")
+    (license license:bsd-2)))
+
+(define-public ghc-chunked-data
+  (package
+    (name "ghc-chunked-data")
+    (version "0.3.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "chunked-data-" version "/"
+                           "chunked-data-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0bszq6fijnr4pmadzz89smj7kfmzx0ca3wd9ga8gv0in9jk9vgp1"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-vector" ,ghc-vector)
+              ("ghc-semigroups" ,ghc-semigroups)))
+    (home-page "https://github.com/snoyberg/mono-traversable")
+    (synopsis "Typeclasses for dealing with various chunked data
+representations for Haskell")
+    (description "This Haskell package was originally present in
+classy-prelude.")
+    (license license:expat)))
+
+(define-public ghc-base-prelude
+  (package
+    (name "ghc-base-prelude")
+    (version "1.2.0.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "base-prelude-" version "/"
+                           "base-prelude-" version ".tar.gz"))
+       (sha256
+        (base32
+         "17hivs7lmsglagdlzxd9q9zsddmgqin2788mpq911zwnb57lj6l1"))))
+    (build-system haskell-build-system)
+    (home-page "https://github.com/nikita-volkov/base-prelude")
+    (synopsis "The most complete prelude formed solely from the Haskell's base
+package")
+    (description "This Haskell package aims to reexport all the non-conflicting
+and most general definitions from the \"base\" package.
+
+This includes APIs for applicatives, arrows, monoids, foldables, traversables,
+exceptions, generics, ST, MVars and STM.
+
+This package will never have any dependencies other than \"base\".
+
+Versioning policy:
+
+The versioning policy of this package deviates from PVP in the sense
+that its exports in part are transitively determined by the version of \"base\".
+Therefore it's recommended for the users of @code{ghc-base-prelude} to specify
+the bounds of \"base\" as well.")
+    (license license:expat)))
+
+(define-public ghc-tuple-th
+  (package
+    (name "ghc-tuple-th")
+    (version "0.2.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "tuple-th-" version "/"
+                           "tuple-th-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1mrl4vvxmby7sf1paf7hklzidnr6wq55822i73smqyz0xpf3gsjn"))))
+    (build-system haskell-build-system)
+    (home-page "https://github.com/DanielSchuessler/tuple-th")
+    (synopsis "Generate utility functions for tuples of statically known size
+for Haskell")
+    (description "This Haskell package contains Template Haskell functions for
+generating functions similar to those in @code{Data.List} for tuples of
+statically known size.")
+    (license license:bsd-3)))
+
+(define-public ghc-contravariant-extras
+  (package
+    (name "ghc-contravariant-extras")
+    (version "0.3.3.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "contravariant-extras-" version "/"
+                           "contravariant-extras-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1mbrgjybdx8fjdck4ldwi8955w4qnmm0ql56zix7dyn0s7s9spgk"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-tuple-th" ,ghc-tuple-th)
+              ("ghc-contravariant" ,ghc-contravariant)
+              ("ghc-base-prelude",ghc-base-prelude)))
+    (home-page "https://github.com/nikita-volkov/contravariant-extras")
+    (synopsis "Extras for the @code{ghc-contravariant} Haskell package")
+    (description "This Haskell package provides extras for the
+@code{ghc-contravariant} package.")
+    (license license:expat)))
+
+(define-public ghc-monadrandom
+  (package
+    (name "ghc-monadrandom")
+    (version "0.4.2.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "MonadRandom-" version "/"
+                           "MonadRandom-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1h1nhswrcmhy3mq6vd530p0df51fcnnf4csbwnljar7cf0mb2h6y"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-transformers-compat" ,ghc-transformers-compat)
+              ("ghc-mtl" ,ghc-mtl)
+              ("ghc-primitive" ,ghc-primitive)
+              ("ghc-fail" ,ghc-fail)
+              ("ghc-random" ,ghc-random)))
+    (home-page "https://github.com/byorgey/MonadRandom")
+    (synopsis "Random-number generation monad for Haskell")
+    (description "This Haskell package provides support for computations
+which consume random values.")
+    (license license:bsd-3)))
+
+(define-public ghc-either
+  (package
+    (name "ghc-either")
+    (version "4.4.1.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "either-" version "/"
+                           "either-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1lrlwqqnm6ibfcydlv5qvvssw7bm0c6yypy0rayjzv1znq7wp1xh"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-bifunctors" ,ghc-bifunctors)
+              ("ghc-exceptions" ,ghc-exceptions)
+              ("ghc-free" ,ghc-free)
+              ("ghc-monad-control" ,ghc-monad-control)
+              ("ghc-manodrandom" ,ghc-monadrandom)
+              ("ghc-mtl" ,ghc-mtl)
+              ("ghc-mmorph" ,ghc-mmorph)
+              ("ghc-profunctors" ,ghc-profunctors)
+              ("ghc-semigroups" ,ghc-semigroups)
+              ("ghc-semigroupoids" ,ghc-semigroupoids)
+              ("ghc-transformers-base" ,ghc-transformers-base)))
+    (home-page "https://github.com/ekmett/either")
+    (synopsis "Provides an either monad transformer for Haskell")
+    (description "This Haskell package provides an either monad transformer.")
+    (license license:bsd-3)))
+
+(define-public ghc-entropy
+  (package
+    (name "ghc-entropy")
+    (version "0.3.8")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "entropy-" version "/"
+                           "entropy-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1l3lfigqvdlmxkz1wl7zdkmc0i2r5p6z4xzhiw8xdsbsw7aljfkl"))))
+    (build-system haskell-build-system)
+    (home-page "https://github.com/TomMD/entropy")
+    (synopsis "Provides platform independent entropy source for Haskell")
+    (description "This Haskell package provides a platform independent method
+to obtain cryptographically strong entropy.")
+    (license license:bsd-3)))
+
+(define-public ghc-crypto-api
+  (package
+    (name "ghc-crypto-api")
+    (version "0.13.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "crypto-api-" version "/"
+                           "crypto-api-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1vc27qcgbg7hf50rkqhlrs58zn1888ilh4b6wrrm07bnm48xacak"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-cereal" ,ghc-cereal)
+              ("ghc-tagged" ,ghc-tagged)
+              ("ghc-entropy" ,ghc-entropy)))
+    (home-page "https://github.com/TomMD/crypto-api")
+    (synopsis "Provides generic interface for cryptographic operations
+for Haskell")
+    (description "This Haskell package provides a generic interface for
+cryptographic operations (hashes, ciphers, randomness).
+
+Maintainers of hash and cipher implementations are encouraged to add instances
+for the classes defined in @code{Crypto.Classes}.  @code{Crypto} users are
+similarly encouraged to use the interfaces defined in the @code{Classes} module.
+
+Any concepts or functions of general use to more than one cryptographic
+algorithm (ex: padding) is within scope of this package.")
+    (license license:bsd-3)))
+
+(define-public ghc-crypto-api-tests
+  (package
+    (name "ghc-crypto-api-tests")
+    (version "0.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "crypto-api-tests-" version "/"
+                           "crypto-api-tests-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0w3j43jdrlj28jryp18hc6q84nkl2yf4vs1hhgrsk7gb9kfyqjpl"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2)
+              ("ghc-crypto-api" ,ghc-crypto-api)
+              ("ghc-cereal" ,ghc-cereal)
+              ("ghc-test-framework" ,ghc-test-framework)
+              ("ghc-test-framework-hunit" ,ghc-test-framework-hunit)
+              ("ghc-hunit" ,ghc-hunit)
+              ("ghc-quickcheck" ,ghc-quickcheck)))
+    (home-page "https://github.com/TomMD/crypto-api-tests")
+    (synopsis "Test framework and KATs for cryptographic operations for Haskell")
+    (description "This Haskell package provides a test framework for hash and
+cipher operations using the crypto-api interface.  Known answer tests (KATs)
+for common cryptographic algorithms are included.")
+    (license license:bsd-3)))
+
+(define-public ghc-pretty-hex
+  (package
+    (name "ghc-pretty-hex")
+    (version "1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "pretty-hex-" version "/"
+                           "pretty-hex-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0ylwkvvjvmpprha9nx83xb8gkhyanhk5fffc0r7lb96n4ch5z6pz"))))
+    (build-system haskell-build-system)
+    (home-page "https://github.com/GaloisInc/hexdump")
+    (synopsis "Haskell library for hex dumps of ByteStrings")
+    (description "This Haskell library generates pretty hex dumps of
+ByteStrings in the style of other common *nix hex dump tools.")
+    (license license:bsd-3)))
+
+(define-public ghc-puremd5
+  (package
+    (name "ghc-puremd5")
+    (version "2.1.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "pureMD5-" version "/"
+                           "pureMD5-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0zdilz41cla2ck7mcw1a9702gyg2abq94mqahr4vci9sbs53bwxy"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-cereal" ,ghc-cereal)
+              ("ghc-crypto-api" ,ghc-crypto-api)
+              ("ghc-tagged" ,ghc-tagged)))
+    (native-inputs `(("ghc-crypto-api-tests" ,ghc-crypto-api-tests)
+                     ("ghc-quickcheck" ,ghc-quickcheck)
+                     ("ghc-test-framework" ,ghc-test-framework)
+                     ("ghc-test-framework-quickcheck2"
+                      ,ghc-test-framework-quickcheck2)
+                     ("ghc-pretty-hex" ,ghc-pretty-hex)))
+    (home-page "https://github.com/TomMD/pureMD5")
+    (synopsis "Haskell implementation of the MD5 hash algorithm")
+    (description "This package provides a Haskell-only implementation of
+the MD5 digest (hash) algorithm.  This now supports the @code{crypto-api} class
+interface.")
+    (license license:bsd-3)))
+
+(define-public ghc-cryptohash-md5
+  (package
+    (name "ghc-cryptohash-md5")
+    (version "0.11.100.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "cryptohash-md5-" version "/"
+                           "cryptohash-md5-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1y8q7s2bn4gdknw1wjikdnar2b5pgz3nv3220lxrlgpsf23x82vi"))))
+    (build-system haskell-build-system)
+    (arguments
+     `(#:tests? #f)) ; tests require old version of ghc-hunit (0.9)
+    (native-inputs `(("ghc-base16-bytestring" ,ghc-base16-bytestring)
+                     ("ghc-puremd5" ,ghc-puremd5)
+                     ("ghc-tasty" ,ghc-tasty)
+                     ("ghc-tasty-quickcheck" ,ghc-tasty-quickcheck)
+                     ("ghc-hunit" ,ghc-hunit)))
+    (home-page "https://github.com/hvr/cryptohash-md5")
+    (synopsis "MD5 implementation for Haskell")
+    (description "This Haskell package provides implementation of MD5.")
+    (license license:bsd-3)))
+
+(define-public ghc-cryptohash-sha1
+  (package
+    (name "ghc-cryptohash-sha1")
+    (version "0.11.100.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "cryptohash-sha1-" version "/"
+                           "cryptohash-sha1-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1aqdxdhxhl9jldh951djpwxx8z7gzaqspxl7iwpl84i5ahrsyy9w"))))
+    (build-system haskell-build-system)
+    (arguments
+     `(#:tests? #f)) ; tests require old version of ghc-hunit (0.9)
+    (native-inputs `(("ghc-base16-bytestring" ,ghc-base16-bytestring)
+                     ("ghc-sha" ,ghc-sha)
+                     ("ghc-tasty" ,ghc-tasty)
+                     ("ghc-tasty-quickcheck" ,ghc-tasty-quickcheck)
+                     ("ghc-hunit" ,ghc-hunit)))
+    (home-page "https://github.com/hvr/cryptohash-sha1")
+    (synopsis "SHA-1 implementation for Haskell")
+    (description "This Haskell package provides an incremental and one-pass,
+pure API to the @uref{https://en.wikipedia.org/wiki/SHA-1, SHA-1 hash algorithm},
+including @uref{https://en.wikipedia.org/wiki/HMAC, HMAC support}, with
+performance close to the fastest implementations available in other languages.
+
+The implementation is made in C with a haskell FFI wrapper that hides
+the C implementation.")
+    (license license:bsd-3)))
+
+(define-public ghc-network-info
+  (package
+    (name "ghc-network-info")
+    (version "0.2.0.8")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "network-info-" version "/"
+                           "network-info-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0xndvg776241fgjmynxfpy81f1csjmh8dg33yf0c8m71ychz3pzc"))))
+    (build-system haskell-build-system)
+    (home-page "https://github.com/jystic/network-info")
+    (synopsis "Access the local computer's basic network configuration")
+    (description "This Haskell library provides simple read-only access to the
+local computer's networking configuration.  It is currently capable of
+getting a list of all the network interfaces and their respective
+IPv4, IPv6 and MAC addresses.")
+    (license license:bsd-3)))
+
+(define-public ghc-uuid-types
+  (package
+    (name "ghc-uuid-types")
+    (version "1.0.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "uuid-types-" version "/"
+                           "uuid-types-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1zdka5jnm1h6k36w3nr647yf3b5lqb336g3fkprhd6san9x52xlj"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-hashable" ,ghc-hashable)
+              ("ghc-random" ,ghc-random)
+              ("ghc-text" ,ghc-text)))
+    (native-inputs `(("ghc-hunit" ,ghc-hunit)
+                     ("ghc-quickcheck" ,ghc-quickcheck)
+                     ("ghc-tasty" ,ghc-tasty)
+                     ("ghc-tasty-hunit" ,ghc-tasty-hunit)
+                     ("ghc-tasty-quickcheck" ,ghc-tasty-quickcheck)))
+    (home-page "https://github.com/hvr/uuid")
+    (synopsis "Haskell type definitions for UUIDs")
+    (description "This Haskell library contains type definitions for
+@dfn{Universally Unique Identifiers} or
+@uref{http://en.wikipedia.org/wiki/UUID, UUIDs}, and basic conversion
+functions.")
+    (license license:bsd-3)))
+
+(define-public ghc-uuid
+  (package
+    (name "ghc-uuid")
+    (version "1.3.13")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "uuid-" version "/"
+                           "uuid-" version ".tar.gz"))
+       (sha256
+        (base32
+         "09xhk42yhxvqmka0iqrv3338asncz8cap3j0ic0ps896f2581b6z"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-cryptohash-sha1" ,ghc-cryptohash-sha1)
+              ("ghc-cryptohash-md5" ,ghc-cryptohash-md5)
+              ("ghc-entropy" ,ghc-entropy)
+              ("ghc-network-info" ,ghc-network-info)
+              ("ghc-random" ,ghc-random)
+              ("ghc-text" ,ghc-text)
+              ("ghc-uuid-types" ,ghc-uuid-types)))
+    (native-inputs `(("ghc-hunit" ,ghc-hunit)
+                     ("ghc-quickcheck" ,ghc-quickcheck)
+                     ("ghc-tasty" ,ghc-tasty)
+                     ("ghc-tasty-hunit" ,ghc-tasty-hunit)
+                     ("ghc-tasty-quickcheck" ,ghc-tasty-quickcheck)))
+    (home-page "https://github.com/hvr/uuid")
+    (synopsis "Haskell library to create, compare, parse, and print UUIDs")
+    (description "This Haskell library provides utilities creating, comparing,
+parsing and printing @dfn{Universally Unique Identifiers} or UUIDs.")
+    (license license:bsd-3)))
+
+(define-public ghc-rebase
+  (package
+    (name "ghc-rebase")
+    (version "1.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "rebase-" version "/"
+                           "rebase-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1qkhnpcc4g2vd6jmbf3b6psqkan6hyawqzrwzqdd931hsb02l6ia"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-stm" ,ghc-stm)
+              ("ghc-hashable" ,ghc-hashable)
+              ("ghc-vector" ,ghc-vector)
+              ("ghc-unordered-containers" ,ghc-unordered-containers)
+              ("ghc-text" ,ghc-text)
+              ("ghc-scientific" ,ghc-scientific)
+              ("ghc-uuid" ,ghc-uuid)
+              ("ghc-dlist" ,ghc-dlist)
+              ("ghc-void" ,ghc-void)
+              ("ghc-bifunctors" ,ghc-bifunctors)
+              ("ghc-profunctors" ,ghc-profunctors)
+              ("ghc-contravariant" ,ghc-contravariant)
+              ("ghc-contravariant-extras" ,ghc-contravariant-extras)
+              ("ghc-semigroups" ,ghc-semigroups)
+              ("ghc-mtl" ,ghc-mtl)
+              ("ghc-either" ,ghc-either)
+              ("ghc-fail" ,ghc-fail)
+              ("ghc-base-prelude" ,ghc-base-prelude)))
+    (home-page "https://github.com/nikita-volkov/rebase")
+    (synopsis "Progressive alternative to the base package
+for Haskell")
+    (description "This Haskell package is intended for those who are
+tired of keeping long lists of dependencies to the same essential libraries
+in each package as well as the endless imports of the same APIs all over again.
+
+It also supports the modern tendencies in the language.
+
+To solve those problems this package does the following:
+
+@itemize
+@item Reexport the original APIs under the @code{Rebase} namespace.
+
+@item Export all the possible non-conflicting symbols from the
+@code{Rebase.Prelude} module.
+
+@item Give priority to the modern practices in the conflicting cases.
+@end itemize
+
+The policy behind the package is only to reexport the non-ambiguous and
+non-controversial APIs, which the community has obviously settled on.
+The package is intended to rapidly evolve with the contribution from
+the community, with the missing features being added with pull-requests.")
+    (license license:expat)))
+
+(define-public ghc-vector-builder
+  (package
+    (name "ghc-vector-builder")
+    (version "0.3.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "vector-builder-" version "/"
+                           "vector-builder-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1l6sfgd2s107zkp1qd1w6jdjcbznp31769qf99pxar087f697wvp"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-vector" ,ghc-vector)
+              ("ghc-semigroups" ,ghc-semigroups)
+              ("ghc-base-prelude" ,ghc-base-prelude)))
+    (native-inputs `(("ghc-tasty" ,ghc-tasty)
+                     ("ghc-tasty-hunit" ,ghc-tasty-hunit)
+                     ("ghc-tasty-quickcheck" ,ghc-tasty-quickcheck)
+                     ("ghc-hunit" ,ghc-hunit)
+                     ("ghc-quickcheck-instances" ,ghc-quickcheck-instances)
+                     ("ghc-rebase" ,ghc-rebase)))
+    (home-page "https://github.com/nikita-volkov/vector-builder")
+    (synopsis "Vector builder for Haskell")
+    (description "This Haskell package provides an API for constructing vectors.
+It provides the composable @code{Builder} abstraction, which has instances of the
+@code{Monoid} and @code{Semigroup} classes.
+
+You would first use the @code{Builder} abstraction to specify the structure of
+the vector; then you can execute the builder to actually produce the
+vector. ")
+    (license license:expat)))
+
+(define-public ghc-foldl
+  (package
+    (name "ghc-foldl")
+    (version "1.3.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "foldl-" version "/"
+                           "foldl-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1z3xjz4khs2kr3mqkbh7dz4kd6gkdk2r67wjkvrxnmp533aqh90n"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-mwc-randam" ,ghc-mwc-random)
+              ("ghc-primitive" ,ghc-primitive)
+              ("ghc-text" ,ghc-text)
+              ("ghc-vector" ,ghc-vector)
+              ("ghc-unordered-containers" ,ghc-unordered-containers)
+              ("ghc-hashable" ,ghc-hashable)
+              ("ghc-contravariant" ,ghc-contravariant)
+              ("ghc-profunctors" ,ghc-profunctors)
+              ("ghc-comonad" ,ghc-comonad)
+              ("ghc-vector-builder" ,ghc-vector-builder)))
+    (home-page "https://github.com/Gabriel439/Haskell-Foldl-Library")
+    (synopsis "Composable, streaming, and efficient left folds for Haskell")
+    (description "This Haskell library provides strict left folds that stream
+in constant memory, and you can combine folds using @code{Applicative} style
+to derive new folds.  Derived folds still traverse the container just once
+and are often as efficient as hand-written folds.")
+    (license license:bsd-3)))
+
+(define-public ghc-mono-traversable
+  (package
+    (name "ghc-mono-traversable")
+    (version "1.0.2.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "mono-traversable-" version "/"
+                           "mono-traversable-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0smirpwika7d5a98h20jr9jqg41n7vqfy7k31crmn449qfig9ljf"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-unordered-containers" ,ghc-unordered-containers)
+              ("ghc-hashable" ,ghc-hashable)
+              ("ghc-text" ,ghc-text)
+              ("ghc-vector" ,ghc-vector)
+              ("ghc-vector-algorithms" ,ghc-vector-algorithms)
+              ("ghc-split" ,ghc-split)))
+    (native-inputs `(("ghc-hspec" ,ghc-hspec)
+                     ("ghc-hunit",ghc-hunit)
+                     ("ghc-quickcheck" ,ghc-quickcheck)
+                     ("ghc-semigroups" ,ghc-semigroups)
+                     ("ghc-foldl" ,ghc-foldl)))
+    (home-page "https://github.com/snoyberg/mono-traversable")
+    (synopsis "Haskell classes for mapping, folding, and traversing monomorphic
+containers")
+    (description "This Haskell package provides Monomorphic variants of the
+Functor, Foldable, and Traversable typeclasses.  If you understand Haskell's
+basic typeclasses, you understand mono-traversable.  In addition to what
+you are used to, it adds on an IsSequence typeclass and has code for marking
+data structures as non-empty.")
+    (license license:expat)))
+
+(define-public ghc-conduit-combinators
+  (package
+    (name "ghc-conduit-combinators")
+    (version "1.1.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "conduit-combinators-" version "/"
+                           "conduit-combinators-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0609miq03lq9visfb2dqqsxghmvgzm24pq39mqby1jnnah6yh8m0"))))
+    (build-system haskell-build-system)
+    (inputs `(("ghc-conduit" ,ghc-conduit)
+              ("ghc-conduit-extra" ,ghc-conduit-extra)
+              ("ghc-transformers-base" ,ghc-transformers-base)
+              ("ghc-primitive" ,ghc-primitive)
+              ("ghc-vector" ,ghc-vector)
+              ("ghc-text" ,ghc-text)
+              ("ghc-void" ,ghc-void)
+              ("ghc-mwc-random" ,ghc-mwc-random)
+              ("ghc-unix-compat" ,ghc-unix-compat)
+              ("ghc-base16-bytestring" ,ghc-base16-bytestring)
+              ("ghc-base64-bytestring" ,ghc-base64-bytestring)
+              ("ghc-resourcet" ,ghc-resourcet)
+              ("ghc-monad-control" ,ghc-monad-control)
+              ("ghc-chunked-data" ,ghc-chunked-data)
+              ("ghc-mono-traversable" ,ghc-mono-traversable)))
+    (native-inputs `(("ghc-hspec" ,ghc-hspec)
+                     ("ghc-silently" ,ghc-silently)
+                     ("ghc-mtl" ,ghc-mtl)
+                     ("ghc-safe" ,ghc-safe)
+                     ("ghc-quickcheck" ,ghc-quickcheck)))
+    (home-page "https://github.com/snoyberg/mono-traversable")
+    (synopsis "Commonly used conduit functions, for both chunked and
+unchunked data")
+    (description "This Haskell package provides a replacement for Data.Conduit.List,
+as well as a convenient Conduit module.")
+    (license license:expat)))
+
+(define-public ghc-aws
+  (package
+    (name "ghc-aws")
+    (version "0.17.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/"
+                           "aws-" version "/aws-" version ".tar.gz"))
+       (sha256 (base32
+                "1q4qh58vj8447a4fl88n3nkpdc4yv293qsh02w6zvszd6ch61yh7"))))
+    (build-system haskell-build-system)
+    (arguments `(#:tests? #f)) ; Tests require AWS credentials.
+    (inputs
+     `(("ghc-aeson" ,ghc-aeson)
+       ("ghc-attoparsec" ,ghc-attoparsec)
+       ("ghc-base16-bytestring" ,ghc-base16-bytestring)
+       ("ghc-base64-bytestring" ,ghc-base64-bytestring)
+       ("ghc-blaze-builder" ,ghc-blaze-builder)
+       ("ghc-byteable" ,ghc-byteable)
+       ("ghc-case-insensitive" ,ghc-case-insensitive)
+       ("ghc-cereal" ,ghc-cereal)
+       ("ghc-conduit" ,ghc-conduit)
+       ("ghc-conduit-extra" ,ghc-conduit-extra)
+       ("ghc-cryptohash" ,ghc-cryptohash)
+       ("ghc-data-default" ,ghc-data-default)
+       ("ghc-http-conduit" ,ghc-http-conduit)
+       ("ghc-http-types" ,ghc-http-types)
+       ("ghc-monad-control" ,ghc-monad-control)
+       ("ghc-mtl" ,ghc-mtl)
+       ("ghc-network" ,ghc-network)
+       ("ghc-old-locale" ,ghc-old-locale)
+       ("ghc-safe" ,ghc-safe)
+       ("ghc-scientific" ,ghc-scientific)
+       ("ghc-tagged" ,ghc-tagged)
+       ("ghc-text" ,ghc-text)
+       ("ghc-unordered-containers" ,ghc-unordered-containers)
+       ("ghc-utf8-string" ,ghc-utf8-string)
+       ("ghc-vector" ,ghc-vector)
+       ("ghc-xml-conduit" ,ghc-xml-conduit)))
+    (native-inputs
+     `(("ghc-quickcheck" ,ghc-quickcheck)
+       ("ghc-errors" ,ghc-errors)
+       ("ghc-http-client" ,ghc-http-client)
+       ("ghc-http-client-tls" ,ghc-http-client-tls)
+       ("ghc-quickcheck-instances" ,ghc-quickcheck-instances)
+       ("ghc-tasty" ,ghc-tasty)
+       ("ghc-tasty-quickcheck" ,ghc-tasty-quickcheck)
+       ("ghc-tasty-hunit" ,ghc-tasty-hunit)
+       ("ghc-conduit-combinators" ,ghc-conduit-combinators)))
+    (home-page "https://github.com/aristidb/aws")
+    (synopsis "Amazon Web Services for Haskell")
+    (description "This package attempts to provide support for using
+Amazon Web Services like S3 (storage), SQS (queuing) and others to
+Haskell programmers.  The ultimate goal is to support all Amazon
+Web Services.")
+    (license license:bsd-3)))
+
 ;;; haskell.scm ends here
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 3461285850..55bc9f2035 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -32,6 +32,7 @@
 (define-public icu4c
   (package
    (name "icu4c")
+   (replacement icu4c-fixed)
    (version "58.2")
    (source (origin
             (method url-fetch)
@@ -70,6 +71,15 @@ C/C++ part.")
    (license x11)
    (home-page "http://site.icu-project.org/")))
 
+(define icu4c-fixed
+  (package
+    (inherit icu4c)
+    (source (origin
+              (inherit (package-source icu4c))
+              (patches (append
+                         (origin-patches (package-source icu4c))
+                         (search-patches "icu4c-CVE-2017-14952.patch")))))))
+
 (define-public java-icu4j
   (package
     (name "java-icu4j")
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index 45cb16f1f6..ff5f1c9ae6 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -54,6 +54,7 @@
   #:use-module (gnu packages image)
   #:use-module (gnu packages libffi)
   #:use-module (gnu packages linux) ;alsa
+  #:use-module (gnu packages web)
   #:use-module (gnu packages wget)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages perl)
@@ -6020,3 +6021,213 @@ provides low-level abstractions (@code{JsonParser}, @code{JsonGenerator},
 @code{JsonFactory}) as well as small number of higher level overrides needed to
 make data-binding work.")
     (license license:asl2.0))); found on wiki.fasterxml.com/JacksonLicensing
+
+(define-public java-hdrhistogram
+  (package
+    (name "java-hdrhistogram")
+    (version "2.1.9")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/HdrHistogram/HdrHistogram/"
+                                  "archive/HdrHistogram-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1sicbmc3sr42nw93qbkb26q9rn33ag33k6k77phjc3j5h5gjffqv"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:jar-name "java-hdrhistogram.jar"
+       #:source-dir "src/main/java"
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'set-version
+           (lambda _
+             (let* ((version-java "src/main/java/org/HdrHistogram/Version.java")
+                    (template (string-append version-java ".template")))
+               (copy-file template version-java)
+               (substitute* version-java
+                 (("\\$VERSION\\$") ,version)
+                 (("\\$BUILD_TIME\\$") "0"))
+               #t))))))
+    (native-inputs
+     `(("junit" ,java-junit)
+       ("hamcrest" ,java-hamcrest-core)))
+    (home-page "https://hdrhistogram.github.io/HdrHistogram")
+    (synopsis "High dynamic range histogram")
+    (description "Hdrhistogram allows to create histograms that support
+recording and analyzing sampled data value counts across a configurable integer
+value range with configurable value precision within the range.  Value precision
+is expressed as the number of significant digits in the value recording, and
+provides control over value quantization behavior across the value range and
+the subsequent value resolution at any given level.")
+    (license license:public-domain)))
+
+(define-public java-aopalliance
+  (package
+    (name "java-aopalliance")
+    (version "1.0")
+    (source (origin
+              (method git-fetch)
+              ;; Note: this git repository is not official, but contains the
+              ;; source code that is in the CVS repository.  Downloading the
+              ;; tarball from sourceforge is undeterministic, and the cvs download
+              ;; fails.
+              (uri (git-reference
+                     (url "https://github.com/hoverruan/aopalliance")
+                     (commit "0d7757ae204e5876f69431421fe9bc2a4f01e8a0")))
+              (file-name (string-append name "-" version))
+              (sha256
+               (base32
+                "0rsg2b0v3hxlq2yk1i3m2gw3xwq689j3cwx9wbxvqfpdcjbca0qr"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:jar-name "java-aopalliance.jar"
+       #:jdk ,icedtea-8
+       #:tests? #f; no tests
+       #:source-dir "aopalliance/src/main"))
+    (home-page "http://aopalliance.sourceforge.net")
+    (synopsis "Aspect-Oriented Programming")
+    (description "The AOP Alliance project is a joint project between several
+software engineering people who are interested in Aspect-Oriented Programming
+(AOP) and Java.")
+    (license license:public-domain)))
+
+(define-public java-javax-inject
+  (package
+    (name "java-javax-inject")
+    (version "tck-1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/javax-inject/javax-inject/"
+                                  "archive/javax.inject-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1ydrlvh2r7vr1g7lhjwy3w2dggpj9h6pix1lakkkgdywb365n6g0"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:jar-name "java-javax-inject.jar"
+       #:jdk ,icedtea-8
+       #:tests? #f)); no tests
+    (home-page "http://github.com/javax-inject/javax-inject")
+    (synopsis "JSR-330: Dependency Injection for Java")
+    (description "This package specifies a means for obtaining objects in such
+a way as to maximize reusability, testability and maintainability compared to
+traditional approaches such as constructors, factories, and service locators
+(e.g., JNDI).  This process, known as dependency injection, is beneficial to
+most nontrivial applications.
+
+Many types depend on other types.  For example, a @var{Stopwatch} might depend
+on a @var{TimeSource}.  The types on which a type depends are known as its
+dependencies.  The process of finding an instance of a dependency to use at run
+time is known as resolving the dependency.  If no such instance can be found,
+the dependency is said to be unsatisfied, and the application is broken.")
+    (license license:asl2.0)))
+
+(define-public java-guice
+  (package
+    (name "java-guice")
+    (version "4.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/google/guice/archive/"
+                                  version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0dwmqjzlavb144ywqqglj3h68hqszkff8ai0a42hyb5il0qh4rbp"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:jar-name "java-guice.jar"
+       #:jdk ,icedtea-8
+       #:tests? #f; FIXME: tests are not in a java sub directory
+       #:source-dir "core/src"))
+    (inputs
+     `(("guava" ,java-guava)
+       ("java-cglib" ,java-cglib)
+       ("java-aopalliance" ,java-aopalliance)
+       ("java-javax-inject" ,java-javax-inject)
+       ("java-asm" ,java-asm)))
+    (home-page "https://github.com/google/guice")
+    (synopsis "Lightweight dependency injection framework")
+    (description "Guice is a lightweight dependency injection framework fo
+Java 6 and above.")
+    (license license:asl2.0)))
+
+(define-public java-guice-servlet
+  (package
+    (inherit java-guice)
+    (name "java-guice-servlet")
+    (arguments
+     `(#:jar-name "guice-servlet.jar"
+       #:source-dir "extensions/servlet/src/"
+       #:jdk ,icedtea-8
+       #:tests? #f)); FIXME: not in a java subdir
+    (inputs
+     `(("guice" ,java-guice)
+       ("servlet" ,java-tomcat)
+       ,@(package-inputs java-guice)))))
+
+(define-public java-assertj
+  (package
+    (name "java-assertj")
+    (version "3.8.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/joel-costigliola/"
+                                  "assertj-core/archive/"
+                                  "assertj-core-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1kf124fxskf548rklkg86294w2x6ajqrff94rrhyqns31danqkfz"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:jar-name "java-assertj.jar"
+       #:jdk ,icedtea-8
+       #:source-dir "src/main/java"
+       #:tests? #f)); depends on tng-junit which depends on assertj
+    (inputs
+     `(("cglib" ,java-cglib)
+       ("junit" ,java-junit)
+       ("hamcrest" ,java-hamcrest-core)))
+    (native-inputs
+     `(("mockito" ,java-mockito-1)))
+    (home-page "https://joel-costigliola.github.io/assertj/index.html")
+    (synopsis "Fluent assertions for java")
+    (description "AssertJ core is a Java library that provides a fluent
+interface for writing assertions.  Its main goal is to improve test code
+readability and make maintenance of tests easier.")
+    (license license:asl2.0)))
+
+(define-public java-jboss-javassist
+  (package
+    (name "java-jboss-javassist")
+    (version "3.21.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/jboss-javassist/javassist/"
+                                  "archive/rel_"
+                                  (string-map (lambda (x) (if (eq? x #\.) #\_ x)) version)
+                                  "_ga.tar.gz"))
+              (sha256
+               (base32
+                "10lpcr3sbf7y6fq6fc2h2ik7rqrivwcy4747bg0kxhwszil3cfmf"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:jar-name "java-jboss-javassist.jar"
+       #:jdk ,icedtea-8
+       #:source-dir "src/main"
+       #:tests? #f; FIXME: requires junit-awtui and junit-swingui from junit3
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'remove-binary
+           (lambda _
+             (delete-file "javassist.jar")
+             #t)))))
+    (native-inputs
+     `(("junit" ,java-junit)))
+    (home-page "https://github.com/jboss-javassist/javassist")
+    (synopsis "Java bytecode engineering toolkit")
+    (description "Javassist (JAVA programming ASSISTant) makes Java bytecode
+manipulation simple.  It is a class library for editing bytecodes in Java; it
+enables Java programs to define a new class at runtime and to modify a class
+file when the JVM loads it.")
+    (license (list license:gpl2 license:cddl1.0)))); either gpl2 only or cddl.
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 289ec440f4..45a4146cd7 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -368,8 +368,8 @@ It has been modified to remove all non-free binary blobs.")
 
 (define %intel-compatible-systems '("x86_64-linux" "i686-linux"))
 
-(define %linux-libre-version "4.13.8")
-(define %linux-libre-hash "0qi2n5lczqwq2v0q5zl08ac3x4lixpj1dmb0kza6hsllmx8hbybw")
+(define %linux-libre-version "4.13.9")
+(define %linux-libre-hash "1ymsdvm4djh7hg2wmn2v11w380i0ss9nkp4slfrgihdvn6yp5gbv")
 
 (define-public linux-libre
   (make-linux-libre %linux-libre-version
@@ -378,14 +378,14 @@ It has been modified to remove all non-free binary blobs.")
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.9
-  (make-linux-libre "4.9.57"
-                    "02ldxzbazdbhvgkwxl6xblkwj75s5cm33fpm77kv394w35jan3by"
+  (make-linux-libre "4.9.58"
+                    "0f1yxdvzdr1zfkh86i9z0p7ywdlz0blxnd11wbnw763qyk3qydyk"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.4
-  (make-linux-libre "4.4.93"
-                    "1llpqkm7vvwi5fm92y4n6qrc89ps7kdfl83s7m38a2yivm3kgzr6"
+  (make-linux-libre "4.4.94"
+                    "0g63is8d2k1mf1kaljkll79n7gzh4qn0fmrm2r9sab2sq41hch1m"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
diff --git a/gnu/packages/lxqt.scm b/gnu/packages/lxqt.scm
index a73a875594..a4108f55b2 100644
--- a/gnu/packages/lxqt.scm
+++ b/gnu/packages/lxqt.scm
@@ -90,62 +90,6 @@ in Qt.")
 components of the LXQt desktop environment.")
     (license lgpl2.1+)))
 
-
-(define-public lxqt-common
-  (package
-    (name "lxqt-common")
-    (version "0.9.1")
-    (source
-     (origin
-       (method url-fetch)
-       (uri
-         (string-append "https://github.com/lxde/" name
-                        "/archive/" version ".tar.gz"))
-       (file-name (string-append name "-" version ".tar.gz"))
-       (sha256
-        (base32
-         "1vd3zarvl44l3y6wn7kgxcd2f1bygsmk5bcfqwa3568cq3b57aw0"))))
-    (build-system cmake-build-system)
-    (arguments
-     `(#:tests? #f ; no check target
-       #:phases
-        (modify-phases %standard-phases
-          (add-before 'configure 'fix-installation-paths
-           (lambda _
-             ;; The variable LXQT_ETC_XDG_DIR is set in
-             ;; liblxqt-0.9.0/share/cmake/lxqt/lxqt-config.cmake
-             ;; to the Qt5 installation directory, followed by "/etc/xdg".
-             ;; We need to have it point to the current installation
-             ;; directory instead.
-             (substitute* '("config/CMakeLists.txt"
-                            "menu/CMakeLists.txt")
-               (("\\$\\{LXQT_ETC_XDG_DIR\\}")
-                "${CMAKE_INSTALL_PREFIX}/etc/xdg")
-               ;; In the same file, LXQT_SHARE_DIR is set to the installation
-               ;; directory of liblxqt, followed by "/share/lxqt".
-               (("\\$\\{LXQT_SHARE_DIR\\}")
-                "${CMAKE_INSTALL_PREFIX}/share/lxqt"))
-             ;; Replace absolute directories.
-             (substitute* "autostart/CMakeLists.txt"
-               (("/etc/xdg")
-                "${CMAKE_INSTALL_PREFIX}/etc/xdg"))
-             (substitute* "xsession/CMakeLists.txt"
-               (("/usr/share")
-                "${CMAKE_INSTALL_PREFIX}/share")))))))
-    (inputs
-     `(("kwindowsystem" ,kwindowsystem)
-       ("liblxqt" ,liblxqt)
-       ("libqtxdg" ,libqtxdg)
-       ("qtbase" ,qtbase)
-       ("qttools" ,qttools)
-       ("qtx11extras" ,qtx11extras)))
-    (home-page "http://lxqt.org/")
-    (synopsis "Common files for LXQt")
-    (description "lxqt-common provides the desktop integration files
-(themes, icons, configuration files etc.) for the LXQt
-desktop environment.")
-    (license lgpl2.1+)))
-
 (define-public lxqt-session
   (package
     (name "lxqt-session")
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index acbb68b51b..e9a7283cf2 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -48,6 +48,7 @@
   #:use-module (gnu packages backup)
   #:use-module (gnu packages bash)
   #:use-module (gnu packages bison)
+  #:use-module (gnu packages calendar)
   #:use-module (gnu packages crypto)
   #:use-module (gnu packages curl)
   #:use-module (gnu packages cyrus-sasl)
@@ -939,6 +940,7 @@ compresses it.")
               ("libarchive" ,libarchive)
               ("libcanberra" ,libcanberra)
               ("libetpan" ,libetpan)
+              ("libical" ,libical)
               ("libnotify" ,libnotify)
               ("libsm" ,libsm)
               ("libxml2" ,libxml2)
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index ea1904596e..6aca39cedd 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -3296,3 +3296,41 @@ based around a MIDI sequencer that features a rich understanding of music
 notation and includes basic support for digital audio.")
     (home-page "http://www.rosegardenmusic.com/")
     (license license:gpl2)))
+
+(define-public sorcer
+  (package
+    (name "sorcer")
+    (version "1.1.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/openAVproductions/"
+                                  "openAV-Sorcer/archive/release-"
+                                  version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "07iyqj28wm0xc4arrq893bm12xjpz65db7ynrlmf6w8krg8wjmd0"))))
+    (build-system cmake-build-system)
+    (arguments
+     `(#:tests? #f                      ; no tests included
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'build-faust-sources
+           (lambda* (#:key inputs #:allow-other-keys)
+             (with-directory-excursion "faust"
+               (delete-file "main.cpp")
+               (zero? (system* "faust" "-i"
+                               "-a" "lv2synth.cpp"
+                               "-o" "main.cpp" "main.dsp"))))))))
+    (inputs
+     `(("boost" ,boost)
+       ("lv2" ,lv2)
+       ("ntk" ,ntk)))
+    (native-inputs
+     `(("faust" ,faust)
+       ("pkg-config" ,pkg-config)))
+    (home-page "http://openavproductions.com/sorcer/")
+    (synopsis "Wavetable LV2 plugin synth")
+    (description "Sorcer is a wavetable LV2 plugin synthesizer, targeted at
+the electronic or dubstep genre.")
+    (license license:gpl3+)))
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 265455e5b2..a6c1042978 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -48,6 +48,7 @@
   #:use-module (gnu packages adns)
   #:use-module (gnu packages algebra)
   #:use-module (gnu packages audio)
+  #:use-module (gnu packages autotools)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages check)
   #:use-module (gnu packages code)
@@ -55,6 +56,7 @@
   #:use-module (gnu packages curl)
   #:use-module (gnu packages databases)
   #:use-module (gnu packages dejagnu)
+  #:use-module (gnu packages documentation)
   #:use-module (gnu packages flex)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages glib)
@@ -1494,3 +1496,42 @@ interface and a programmable text output for scripting.")
     ;; Update the license field when upstream responds.
     (license (list license:bsd-2
                    license:expat))))
+
+(define-public libnet
+  (package
+    (name "libnet")
+    (version "1.1.6")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/sam-github/libnet/"
+                                  "archive/libnet-" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0l4gbzzvr199fzczzricjz7b825i7dlk6sgl5p5alnkcagmq0xys"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'chdir
+           (lambda _ (chdir "libnet") #t))
+         (add-after 'chdir 'bootstrap
+           (lambda _ (zero? (system* "autoreconf" "-vif"))))
+         (add-before 'build 'build-doc
+           (lambda* (#:key make-flags #:allow-other-keys)
+             (zero? (apply system* "make" "-C" "doc" "doc"
+                           make-flags)))))))
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)
+       ("doxygen" ,doxygen)))
+    (home-page "https://sourceforge.net/projects/libnet-dev/")
+    (synopsis "Framework for low-level network packet construction")
+    (description
+     "Libnet provides a fairly portable framework for network packet
+construction and injection.  It features portable packet creation interfaces
+at the IP layer and link layer, as well as a host of supplementary
+functionality.  Using libnet, quick and simple packet assembly applications
+can be whipped up with little effort.")
+    (license license:bsd-2)))
diff --git a/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch b/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch
new file mode 100644
index 0000000000..76d688c517
--- /dev/null
+++ b/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch
@@ -0,0 +1,27 @@
+Fix CVE-2017-15670:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670
+https://sourceware.org/bugzilla/show_bug.cgi?id=22320
+https://bugzilla.redhat.com/show_bug.cgi?id=1504804
+
+And CVE-2017-15671:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671
+https://sourceware.org/bugzilla/show_bug.cgi?id=22325
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15671
+
+Copied from upstream:
+<https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=2d1bd71ec70a31b01d01b734faa66bb1ed28961f>
+
+diff --git a/posix/glob.c b/posix/glob.c
+--- a/posix/glob.c
++++ b/posix/glob.c
+@@ -843,7 +843,7 @@
+ 		  *p = '\0';
+ 		}
+ 	      else
+-		*((char *) mempcpy (newp, dirname + 1, end_name - dirname))
++		*((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
+ 		  = '\0';
+ 	      user_name = newp;
+ 	    }
diff --git a/gnu/packages/patches/icu4c-CVE-2017-14952.patch b/gnu/packages/patches/icu4c-CVE-2017-14952.patch
new file mode 100644
index 0000000000..564f69d01d
--- /dev/null
+++ b/gnu/packages/patches/icu4c-CVE-2017-14952.patch
@@ -0,0 +1,18 @@
+Fix CVE-2017-14952:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952
+
+Patch copied from upstream source repository:
+
+http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp#file0
+
+Index: trunk/icu4c/source/i18n/zonemeta.cpp
+===================================================================
+--- icu/source/i18n/zonemeta.cpp	(revision 40283)
++++ icu/source/i18n/zonemeta.cpp	(revision 40324)
+@@ -691,5 +691,4 @@
+                     if (U_FAILURE(status)) {
+                         delete mzMappings;
+-                        deleteOlsonToMetaMappingEntry(entry);
+                         uprv_free(entry);
+                         break;
diff --git a/gnu/packages/patches/mupdf-CVE-2017-14685.patch b/gnu/packages/patches/mupdf-CVE-2017-14685.patch
new file mode 100644
index 0000000000..3fcce5fedf
--- /dev/null
+++ b/gnu/packages/patches/mupdf-CVE-2017-14685.patch
@@ -0,0 +1,34 @@
+Fix CVE-2017-14685:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685
+
+Patch copied from upstream source repository:
+
+https://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a
+
+From ab1a420613dec93c686acbee2c165274e922f82a Mon Sep 17 00:00:00 2001
+From: Tor Andersson <tor.andersson@artifex.com>
+Date: Tue, 19 Sep 2017 15:23:04 +0200
+Subject: [PATCH] Fix 698539: Don't use xps font if it could not be loaded.
+
+xps_load_links_in_glyphs did not cope with font loading failures.
+---
+ source/xps/xps-link.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/source/xps/xps-link.c b/source/xps/xps-link.c
+index c07e0d7..c26a8d9 100644
+--- a/source/xps/xps-link.c
++++ b/source/xps/xps-link.c
+@@ -91,6 +91,8 @@ xps_load_links_in_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ct
+ 			bidi_level = atoi(bidi_level_att);
+ 
+ 		font = xps_lookup_font(ctx, doc, base_uri, font_uri_att, style_att);
++		if (!font)
++			return;
+ 		text = xps_parse_glyphs_imp(ctx, doc, &local_ctm, font, fz_atof(font_size_att),
+ 				fz_atof(origin_x_att), fz_atof(origin_y_att),
+ 				is_sideways, bidi_level, indices_att, unicode_att);
+-- 
+2.9.1
+
diff --git a/gnu/packages/patches/mupdf-CVE-2017-14686.patch b/gnu/packages/patches/mupdf-CVE-2017-14686.patch
new file mode 100644
index 0000000000..e462a6ffeb
--- /dev/null
+++ b/gnu/packages/patches/mupdf-CVE-2017-14686.patch
@@ -0,0 +1,34 @@
+Fix CVE-2017-14686:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14686
+
+Patch copied from upstream source repository:
+
+https://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1
+
+From 0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1 Mon Sep 17 00:00:00 2001
+From: Tor Andersson <tor.andersson@artifex.com>
+Date: Tue, 19 Sep 2017 16:33:38 +0200
+Subject: [PATCH] Fix 698540: Check name, comment and meta size field signs.
+
+---
+ source/fitz/unzip.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/source/fitz/unzip.c b/source/fitz/unzip.c
+index f2d4f32..0bcce0f 100644
+--- a/source/fitz/unzip.c
++++ b/source/fitz/unzip.c
+@@ -141,6 +141,9 @@ static void read_zip_dir_imp(fz_context *ctx, fz_zip_archive *zip, int start_off
+ 		(void) fz_read_int32_le(ctx, file); /* ext file atts */
+ 		offset = fz_read_int32_le(ctx, file);
+ 
++		if (namesize < 0 || metasize < 0 || commentsize < 0)
++			fz_throw(ctx, FZ_ERROR_GENERIC, "invalid size in zip entry");
++
+ 		name = fz_malloc(ctx, namesize + 1);
+ 		n = fz_read(ctx, file, (unsigned char*)name, namesize);
+ 		if (n < (size_t)namesize)
+-- 
+2.9.1
+
diff --git a/gnu/packages/patches/mupdf-CVE-2017-14687.patch b/gnu/packages/patches/mupdf-CVE-2017-14687.patch
new file mode 100644
index 0000000000..cdc41df813
--- /dev/null
+++ b/gnu/packages/patches/mupdf-CVE-2017-14687.patch
@@ -0,0 +1,130 @@
+Fix CVE-2017-14687:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687
+
+Patch copied from upstream source repository:
+
+https://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28
+
+From 2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 Mon Sep 17 00:00:00 2001
+From: Tor Andersson <tor.andersson@artifex.com>
+Date: Tue, 19 Sep 2017 17:17:12 +0200
+Subject: [PATCH] Fix 698558: Handle non-tags in tag name comparisons.
+
+Use fz_xml_is_tag instead of fz_xml_tag && !strcmp idiom.
+---
+ source/html/css-apply.c   | 2 +-
+ source/svg/svg-run.c      | 2 +-
+ source/xps/xps-common.c   | 6 +++---
+ source/xps/xps-glyphs.c   | 2 +-
+ source/xps/xps-path.c     | 4 ++--
+ source/xps/xps-resource.c | 2 +-
+ 6 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/source/html/css-apply.c b/source/html/css-apply.c
+index de55490..6a91df0 100644
+--- a/source/html/css-apply.c
++++ b/source/html/css-apply.c
+@@ -328,7 +328,7 @@ match_selector(fz_css_selector *sel, fz_xml *node)
+ 
+ 	if (sel->name)
+ 	{
+-		if (strcmp(sel->name, fz_xml_tag(node)))
++		if (!fz_xml_is_tag(node, sel->name))
+ 			return 0;
+ 	}
+ 
+diff --git a/source/svg/svg-run.c b/source/svg/svg-run.c
+index f974c67..5302c64 100644
+--- a/source/svg/svg-run.c
++++ b/source/svg/svg-run.c
+@@ -1044,7 +1044,7 @@ svg_run_use(fz_context *ctx, fz_device *dev, svg_document *doc, fz_xml *root, co
+ 		fz_xml *linked = fz_tree_lookup(ctx, doc->idmap, xlink_href_att + 1);
+ 		if (linked)
+ 		{
+-			if (!strcmp(fz_xml_tag(linked), "symbol"))
++			if (fz_xml_is_tag(linked, "symbol"))
+ 				svg_run_use_symbol(ctx, dev, doc, root, linked, &local_state);
+ 			else
+ 				svg_run_element(ctx, dev, doc, linked, &local_state);
+diff --git a/source/xps/xps-common.c b/source/xps/xps-common.c
+index cc7fed9..f2f9b93 100644
+--- a/source/xps/xps-common.c
++++ b/source/xps/xps-common.c
+@@ -47,7 +47,7 @@ xps_parse_brush(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, const
+ 	else if (fz_xml_is_tag(node, "RadialGradientBrush"))
+ 		xps_parse_radial_gradient_brush(ctx, doc, ctm, area, base_uri, dict, node);
+ 	else
+-		fz_warn(ctx, "unknown brush tag: %s", fz_xml_tag(node));
++		fz_warn(ctx, "unknown brush tag");
+ }
+ 
+ void
+@@ -85,7 +85,7 @@ xps_begin_opacity(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, cons
+ 	if (opacity_att)
+ 		opacity = fz_atof(opacity_att);
+ 
+-	if (opacity_mask_tag && !strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush"))
++	if (fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush"))
+ 	{
+ 		char *scb_opacity_att = fz_xml_att(opacity_mask_tag, "Opacity");
+ 		char *scb_color_att = fz_xml_att(opacity_mask_tag, "Color");
+@@ -129,7 +129,7 @@ xps_end_opacity(fz_context *ctx, xps_document *doc, char *base_uri, xps_resource
+ 
+ 	if (opacity_mask_tag)
+ 	{
+-		if (strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush"))
++		if (!fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush"))
+ 			fz_pop_clip(ctx, dev);
+ 	}
+ }
+diff --git a/source/xps/xps-glyphs.c b/source/xps/xps-glyphs.c
+index 29dc5b3..5b26d78 100644
+--- a/source/xps/xps-glyphs.c
++++ b/source/xps/xps-glyphs.c
+@@ -592,7 +592,7 @@ xps_parse_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ctm,
+ 
+ 	/* If it's a solid color brush fill/stroke do a simple fill */
+ 
+-	if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush"))
++	if (fz_xml_is_tag(fill_tag, "SolidColorBrush"))
+ 	{
+ 		fill_opacity_att = fz_xml_att(fill_tag, "Opacity");
+ 		fill_att = fz_xml_att(fill_tag, "Color");
+diff --git a/source/xps/xps-path.c b/source/xps/xps-path.c
+index 6faeb0c..021d202 100644
+--- a/source/xps/xps-path.c
++++ b/source/xps/xps-path.c
+@@ -879,14 +879,14 @@ xps_parse_path(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, char *b
+ 	if (!data_att && !data_tag)
+ 		return;
+ 
+-	if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush"))
++	if (fz_xml_is_tag(fill_tag, "SolidColorBrush"))
+ 	{
+ 		fill_opacity_att = fz_xml_att(fill_tag, "Opacity");
+ 		fill_att = fz_xml_att(fill_tag, "Color");
+ 		fill_tag = NULL;
+ 	}
+ 
+-	if (stroke_tag && !strcmp(fz_xml_tag(stroke_tag), "SolidColorBrush"))
++	if (fz_xml_is_tag(stroke_tag, "SolidColorBrush"))
+ 	{
+ 		stroke_opacity_att = fz_xml_att(stroke_tag, "Opacity");
+ 		stroke_att = fz_xml_att(stroke_tag, "Color");
+diff --git a/source/xps/xps-resource.c b/source/xps/xps-resource.c
+index c2292e6..8e81ab8 100644
+--- a/source/xps/xps-resource.c
++++ b/source/xps/xps-resource.c
+@@ -84,7 +84,7 @@ xps_parse_remote_resource_dictionary(fz_context *ctx, xps_document *doc, char *b
+ 	if (!xml)
+ 		return NULL;
+ 
+-	if (strcmp(fz_xml_tag(xml), "ResourceDictionary"))
++	if (!fz_xml_is_tag(xml, "ResourceDictionary"))
+ 	{
+ 		fz_drop_xml(ctx, xml);
+ 		fz_throw(ctx, FZ_ERROR_GENERIC, "expected ResourceDictionary element");
+-- 
+2.9.1
+
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 6dbba2c7ec..f3df7c1045 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -7,7 +7,7 @@
 ;;; Coypright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Coypright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Coypright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
-;;; Coypright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Coypright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Coypright © 2016 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2016 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
@@ -576,6 +576,9 @@ extracting content or merging files.")
          (base32
           "02phamcchgsmvjnb3ir7r5sssvx9fcrscn297z73b82n1jl79510"))
         (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch"
+                                 "mupdf-CVE-2017-14685.patch"
+                                 "mupdf-CVE-2017-14686.patch"
+                                 "mupdf-CVE-2017-14687.patch"
                                  "mupdf-CVE-2017-15587.patch"))
         (modules '((guix build utils)))
         (snippet
@@ -747,7 +750,7 @@ vector formats.")
     (build-system python-build-system)
 
     ;; TODO: Add dependency on pdftk.
-    (inputs `(("python-pygame" ,python-pygame)
+    (inputs `(("python2-pygame" ,python2-pygame)
               ("python2-pillow" ,python2-pillow)
               ("sdl" ,sdl)
               ("xpdf" ,xpdf)))
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index 0935cb45ba..438ccdf3f9 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -2378,6 +2378,29 @@ based memory management, circular references will cause memory leaks.")
 equivalent of \"$@{^GLOBAL_PHASE@} eq 'DESTRUCT'\" for older perls.")
     (license (package-license perl))))
 
+(define-public perl-devel-hide
+  (package
+    (name "perl-devel-hide")
+    (version "0.0009")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/F/FE/FERREIRA/Devel-Hide-"
+                           version ".tar.gz"))
+       (sha256
+        (base32
+         "1phnzbw58v6551nhv6sg86m72nx9w5j4msh1hg4jvkakkq5w9pki"))))
+    (build-system perl-build-system)
+    (propagated-inputs
+     `(("perl-test-pod" ,perl-test-pod)
+       ("perl-test-pod-coverage" ,perl-test-pod-coverage)))
+    (home-page "http://search.cpan.org/dist/Devel-Hide/")
+    (synopsis "Forces the unavailability of specified Perl modules (for testing)")
+    (description "Given a list of Perl modules/filenames, this module makes
+@code{require} and @code{use} statements fail (no matter whether the specified
+files/modules are installed or not).")
+    (license (package-license perl))))
+
 (define-public perl-devel-lexalias
   (package
     (name "perl-devel-lexalias")
@@ -6059,6 +6082,32 @@ Module::Build project, but has been externalized here for general use.")
                               "Probe-Perl-" version))
     (license (package-license perl))))
 
+(define-public perl-proc-invokeeditor
+  (package
+    (name "perl-proc-invokeeditor")
+    (version "1.13")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/M/MS/MSTEVENS/Proc-InvokeEditor-"
+                           version ".tar.gz"))
+       (sha256
+        (base32
+         "0xc1416kvhq904ribpwh2lbxryh41dzl2glzpgr32b68s4fbwbaa"))))
+    (build-system perl-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'set-EDITOR
+           (lambda _ (setenv "EDITOR" "echo") #t)))))
+    (propagated-inputs
+     `(("perl-carp-assert" ,perl-carp-assert)))
+    (home-page "http://search.cpan.org/dist/Proc-InvokeEditor/")
+    (synopsis "Interface to external editor from Perl")
+    (description "This module provides the ability to supply some text to an
+external text editor, have it edited by the user, and retrieve the results.")
+    (license (package-license perl))))
+
 (define-public perl-readonly
   (package
     (name "perl-readonly")
@@ -6294,6 +6343,27 @@ compact.")
 arrays by one or multiple calculated keys.")
     (license (package-license perl))))
 
+(define-public perl-sort-naturally
+  (package
+    (name "perl-sort-naturally")
+    (version "1.03")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/B/BI/BINGOS/Sort-Naturally-"
+                           version ".tar.gz"))
+       (sha256
+        (base32
+         "0ip7q5g8d3lr7ri3ffcbrpk1hzzsiwgsn14k10k7hnjphxf1raza"))))
+    (build-system perl-build-system)
+    (home-page "http://search.cpan.org/dist/Sort-Naturally/")
+    (synopsis "Sort lexically, but sort numeral parts numerically")
+    (description "This module exports two functions, @code{nsort} and
+@code{ncmp}; they are used in implementing a \"natural sorting\" algorithm.
+Under natural sorting, numeric substrings are compared numerically, and other
+word-characters are compared lexically.")
+    (license (package-license perl))))
+
 (define-public perl-specio
   (package
     (name "perl-specio")
@@ -6888,6 +6958,50 @@ other terminal related features, including retrieval/modification of the
 screen size, and retrieval/modification of the control characters.")
     (license (package-license perl))))
 
+(define-public perl-term-size-any
+  (package
+    (name "perl-term-size-any")
+    (version "0.002")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/F/FE/FERREIRA/"
+                           "Term-Size-Any-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1lnynd8pwjp3g85bl4nav6yigg2lag3sx5da989j7a733bdmzyk4"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-devel-hide" ,perl-devel-hide)))
+    (propagated-inputs
+     `(("perl-term-size-perl" ,perl-term-size-perl)))
+    (home-page "http://search.cpan.org/dist/Term-Size-Any/")
+    (synopsis "Retrieve terminal size")
+    (description "This is a unified interface to retrieve terminal size.  It
+loads one module of a list of known alternatives, each implementing some way
+to get the desired terminal information.  This loaded module will actually do
+the job on behalf of @code{Term::Size::Any}.")
+    (license (package-license perl))))
+
+(define-public perl-term-size-perl
+  (package
+    (name "perl-term-size-perl")
+    (version "0.029")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/F/FE/FERREIRA/"
+                           "Term-Size-Perl-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1rvm91bhdlxfwx5zka023p7szf2s7gm16wl27qiivvj66svsl6lc"))))
+    (build-system perl-build-system)
+    (home-page "http://search.cpan.org/dist/Term-Size-Perl/")
+    (synopsis "Perl extension for retrieving terminal size (Perl version)")
+    (description "This is yet another implementation of @code{Term::Size}.
+Now in pure Perl, with the exception of a C probe run at build time.")
+    (license (package-license perl))))
+
 (define-public perl-term-table
   (package
     (name "perl-term-table")
@@ -7782,6 +7896,32 @@ makes fork(2) safe to use in test cases.")
                               "Test-Simple-" version))
     (license (package-license perl))))
 
+(define-public perl-test-taint
+  (package
+    (name "perl-test-taint")
+    (version "1.06")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/P/PE/PETDANCE/Test-Taint-"
+                           version ".tar.gz"))
+       (sha256
+        (base32
+         "01rip5d7gdr1c7lq6yczzkqfd0500nfa977ryigylj6jj75526vj"))))
+    (build-system perl-build-system)
+    (home-page "http://search.cpan.org/dist/Test-Taint/")
+    (synopsis "Checks for taintedness of variables")
+    (description "Tainted data is data that comes from an unsafe source, such
+as the command line, or, in the case of web apps, any @code{GET} or
+@code{POST} transactions.  Read the @code{perlsec} man page for details on why
+tainted data is bad, and how to untaint the data.
+
+When you're writing unit tests for code that deals with tainted data, you'll
+want to have a way to provide tainted data for your routines to handle, and
+easy ways to check and report on the taintedness of your data, in standard
+@code{Test::More} style.")
+    (license (package-license perl))))
+
 (define-public perl-test-tester
   (package
     (name "perl-test-tester")
@@ -8575,6 +8715,53 @@ distributed as part of @code{Type::Tiny} but has since been spun off), and can
 be used with Moose, Mouse and Moo (or none of the above).")
     (license (package-license perl))))
 
+(define-public perl-type-tiny-xs
+  (package
+    (name "perl-type-tiny-xs")
+    (version "0.012")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/T/TO/TOBYINK/Type-Tiny-XS-"
+                           version ".tar.gz"))
+       (sha256
+        (base32
+         "05nbr898cvjjh1wsy55l84zasx65gijdxc6dnn558ihns8zx6gm9"))))
+    (build-system perl-build-system)
+    (home-page "http://search.cpan.org/dist/Type-Tiny-XS/")
+    (synopsis "Provides an XS boost for some of Type::Tiny's built-in type constraints")
+    (description "This module is optionally used by @code{Type::Tiny} to
+provide faster, C-based implementations of some type constraints.  This
+package has only core dependencies, and does not depend on @code{Type::Tiny},
+so other data validation frameworks might also consider using it.")
+    (license perl-license)))
+
+(define-public perl-types-path-tiny
+  (package
+    (name "perl-types-path-tiny")
+    (version "0.005")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/D/DA/DAGOLDEN/"
+                           "Types-Path-Tiny-" version ".tar.gz"))
+       (sha256
+        (base32
+         "09nf167ssi4rgj8hhzylwp3zdx61njdpyfri43arcmk9aqn7f0pp"))))
+    (build-system perl-build-system)
+    (propagated-inputs
+     `(("perl-file-pushd" ,perl-file-pushd)
+       ("perl-path-tiny" ,perl-path-tiny)
+       ("perl-type-tiny" ,perl-type-tiny)
+       ("perl-exporter-tiny" ,perl-exporter-tiny)))
+    (home-page "http://search.cpan.org/dist/Types-Path-Tiny/")
+    (synopsis "Types and coercions for Moose and Moo")
+    (description "This module provides @code{Path::Tiny} types for Moose, Moo,
+etc.  It handles two important types of coercion: coercing objects with
+overloaded stringification, and coercing to absolute paths.  It also can check
+to ensure that files or directories exist.")
+    (license artistic2.0)))
+
 (define-public perl-types-serialiser
   (package
     (name "perl-types-serialiser")
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 0b62c4a628..de9b321fb7 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -3191,14 +3191,14 @@ logging and tracing of the execution.")
 (define-public python-docutils
   (package
     (name "python-docutils")
-    (version "0.13.1")
+    (version "0.14")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "docutils" version))
        (sha256
         (base32
-         "1gkma47i609jfs7dssxn4y9vsz06qi0l5q41nws0zgkpnrghz33i"))))
+         "0x22fs3pdmr42kvz6c654756wja305qv6cx1zbhwlagvxgr4xrji"))))
     (build-system python-build-system)
     (arguments
      '(#:tests? #f)) ; no setup.py test command
@@ -8624,10 +8624,7 @@ simulation, statistical modeling, machine learning and much more.")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append
-             "https://pypi.python.org/packages/source/c/chardet/chardet-"
-             version
-             ".tar.gz"))
+       (uri (pypi-uri "chardet" version))
        (sha256
         (base32
          "1bpalpia6r5x1kknbk11p1fzph56fmmnp405ds8icksd3knr5aw4"))))
@@ -13172,18 +13169,14 @@ from Facebook.")
          (base32
           "09zhac7igh9ixdz0ay6csy35b40l1jwbf2wrbxmgxwfhy51iy06q"))))
     (build-system python-build-system)
-    (native-inputs
-     `(("python-django-filter" ,python-django-filter)
-       ("python-mock" ,python-mock)
-       ("python-psycopg2" ,python-psycopg2)
-       ("python-pytest-django" ,python-pytest-django)
-       ("python-sqlalchemy-utils" ,python-sqlalchemy-utils)))
     (propagated-inputs
      `(("python-graphql-core" ,python-graphql-core)
        ("python-graphql-relay" ,python-graphql-relay)
        ("python-iso8601" ,python-iso8601)
        ("python-promise" ,python-promise)
        ("python-six" ,python-six)))
+    (arguments
+     `(#:tests? #f))                    ; no tests/ in the PyPI tarball
     (home-page "http://graphene-python.org/")
     (synopsis "GraphQL Framework for Python")
     (description
diff --git a/gnu/packages/screen.scm b/gnu/packages/screen.scm
index 0a92b73e34..5622d37877 100644
--- a/gnu/packages/screen.scm
+++ b/gnu/packages/screen.scm
@@ -38,13 +38,13 @@
 (define-public screen
   (package
     (name "screen")
-    (version "4.6.1")
+    (version "4.6.2")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/screen/screen-"
                                  version ".tar.gz"))
              (sha256
-              (base32 "0r3wpfxnr5kw73b8ndja26jk03nfbks06iyfmgb5aqb2rdkazadb"))))
+              (base32 "0fps0fsipfbh7c2cnp7rjw9n79j0ysq21mk8hzifa33a1r924s8v"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("makeinfo" ,texinfo)))
diff --git a/gnu/packages/syncthing.scm b/gnu/packages/syncthing.scm
index b4bc1e0a8a..b23339de12 100644
--- a/gnu/packages/syncthing.scm
+++ b/gnu/packages/syncthing.scm
@@ -38,9 +38,15 @@
                (base32
                 "07mrvd3vq0p4f550dpq73xg1vpa2h7xxz7vq07sjw0whapknkw9f"))))
     (build-system go-build-system)
+    ;; The primary Syncthing executable goes to "out", while the auxiliary
+    ;; server programs and utility tools go to "utils".  This reduces the size
+    ;; of "out" by ~80 MiB.
+    (outputs '("out" "utils"))
     (arguments
      `(#:import-path "github.com/syncthing/syncthing"
        #:unpack-path "github.com/syncthing"
+       ;; We don't need to install the source code for end-user applications.
+       #:install-source? #f
        #:phases
        (modify-phases %standard-phases
          (add-after 'unpack 'delete-bundled-source-code
@@ -55,9 +61,6 @@
                           "src/github.com/syncthing/syncthing/vendor/github.com/cznic")
              #t))
 
-         ;; We don't need to install the source code for end-user applications.
-         (delete 'install-source)
-
          (add-before 'build 'increase-test-timeout
            (lambda _
              (substitute* "src/github.com/syncthing/syncthing/build.go"
@@ -75,21 +78,39 @@
                (zero? (system* "go" "run" "build.go" "test")))))
 
          (replace 'install
-           (lambda _
-             (copy-recursively "src/github.com/syncthing/syncthing/bin/"
-                               (string-append (assoc-ref %outputs "out") "/bin"))
-             #t))
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out"))
+                   (utils (assoc-ref outputs "utils"))
+                   (src "src/github.com/syncthing/syncthing/bin/"))
+               (install-file (string-append src "/syncthing")
+                             (string-append out "/bin"))
+               (delete-file (string-append src "/syncthing"))
+               (copy-recursively "src/github.com/syncthing/syncthing/bin/"
+                                 (string-append utils "/bin"))
+               #t)))
 
          (add-after 'install 'install-docs
            (lambda* (#:key outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
-                    (man (string-append out "/share/man/man"))
+                    (utils (assoc-ref outputs "utils"))
+                    (man "/share/man")
+                    (man-section (string-append man "/man"))
                     (src "src/github.com/syncthing/syncthing/man/"))
+               ;; Install all the man pages to "out".
                (for-each
                  (lambda (file)
                    (install-file file
-                                 (string-append man (string-take-right file 1))))
+                                 (string-append out man-section
+                                                (string-take-right file 1))))
                  (find-files src "\\.[1-9]"))
+               ;; Copy all the man pages to "utils"
+               (copy-recursively (string-append out man)
+                                 (string-append utils man))
+               ;; Delete extraneous man pages from "out" and "utils",
+               ;; respectively.
+               (delete-file (string-append out man "/man1/stdiscosrv.1"))
+               (delete-file (string-append out man "/man1/strelaysrv.1"))
+               (delete-file (string-append utils man "/man1/syncthing.1"))
              #t))))))
     ;; When updating Syncthing, check 'vendor/manifest' in the source
     ;; distribution to ensure we are using the correct versions of these
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 8038024b38..8480f74fec 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -124,14 +124,14 @@ as well as the classic centralized workflow.")
    (name "git")
    ;; XXX When updating Git, check if the special 'git:src' input to cgit needs
    ;; to be updated as well.
-   (version "2.14.2")
+   (version "2.14.3")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://kernel.org/software/scm/git/git-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "18f70gfzwqd210806hmf94blcd7yv5h9ka6xqkpd2jhijqwp5sah"))))
+              "078m0za5gyzcah5iaxdwx663yvdp8byvjc8rpzjzcrr4sl6rcc2k"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("native-perl" ,perl)
@@ -145,7 +145,7 @@ as well as the classic centralized workflow.")
           (sha256
 
            (base32
-            "1z05a7hxxndyby3dbj3gaw91sjwmky5d1yph96jmj0fhx78m1lvd"))))))
+            "00dh878pwl94p6syh6zgwn7f0zv2bl5xny3pnr390lzxpa9ks3jv"))))))
    (inputs
     `(("curl" ,curl)
       ("expat" ,expat)
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index 8fce545dbe..c8ab607028 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;; Copyright © 2017 Andy Patterson <ajpatter@uwaterloo.ca>
 ;;;
@@ -32,6 +32,8 @@
   #:use-module (gnu packages cyrus-sasl)
   #:use-module (gnu packages disk)
   #:use-module (gnu packages dns)
+  #:use-module (gnu packages docbook)
+  #:use-module (gnu packages documentation)
   #:use-module (gnu packages gl)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnome)
@@ -40,9 +42,11 @@
   #:use-module (gnu packages libusb)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages networking)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages polkit)
+  #:use-module (gnu packages protobuf)
   #:use-module (gnu packages python)
   #:use-module (gnu packages selinux)
   #:use-module (gnu packages sdl)
@@ -55,7 +59,7 @@
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system python)
   #:use-module (guix download)
-  #:use-module ((guix licenses) #:select (gpl2 gpl2+ lgpl2.1+))
+  #:use-module ((guix licenses) #:select (gpl2 gpl2+ lgpl2.1 lgpl2.1+))
   #:use-module (guix packages)
   #:use-module (guix utils)
   #:use-module (srfi srfi-1))
@@ -573,3 +577,97 @@ virtual machines through libvirt.  It primarily targets KVM VMs, but also
 manages Xen and LXC (Linux containers).  It presents a summary view of running
 domains, their live performance and resource utilization statistics.")
     (license gpl2+)))
+
+(define-public criu
+  (package
+    (name "criu")
+    (version "3.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://download.openvz.org/criu/criu-"
+                                  version ".tar.bz2"))
+              (sha256
+               (base32
+                "1w0ybla7ac0ql0jzh0vxdf2w9amqp88jcg0na3b33r3hq8acry6x"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:test-target "test"
+       #:tests? #f ; tests require mounting as root
+       #:make-flags
+       (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
+             (string-append "LIBDIR=" (assoc-ref %outputs "out")
+                            "/lib"))
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key inputs #:allow-other-keys)
+             ;; The includes for libnl are located in a sub-directory.
+             (setenv "C_INCLUDE_PATH"
+                     (string-append (assoc-ref inputs "libnl")
+                                    "/include/libnl3:"
+                                    (getenv "C_INCLUDE_PATH")))
+             ;; Prevent xmlto from failing the install phase.
+             (substitute* "Documentation/Makefile"
+               (("XMLTO.*:=.*")
+                (string-append "XMLTO:="
+                               (assoc-ref inputs "xmlto")
+                               "/bin/xmlto"
+                               " --skip-validation "
+                               " -x "
+                               (assoc-ref inputs "docbook-xsl")
+                               "/xml/xsl/docbook-xsl-"
+                               ,(package-version docbook-xsl)
+                               "/manpages/docbook.xsl")))
+             #t))
+         (add-before 'build 'fix-symlink
+           (lambda* (#:key inputs #:allow-other-keys)
+             ;; The file 'images/google/protobuf/descriptor.proto' points to
+             ;; /usr/include/..., which obviously does not exist.
+             (let* ((file "google/protobuf/descriptor.proto")
+                    (target (string-append "images/" file))
+                    (source (string-append (assoc-ref inputs "protobuf")
+                                           "/include/" file)))
+               (delete-file target)
+               (symlink source target)
+               #t)))
+         (add-after 'install 'wrap
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             ;; Make sure 'crit' runs with the correct PYTHONPATH.
+             (let* ((out (assoc-ref outputs "out"))
+                    (path (string-append out
+                                         "/lib/python"
+                                         (string-take (string-take-right
+                                                       (assoc-ref inputs "python") 5) 3)
+                                         "/site-packages:"
+                                         (getenv "PYTHONPATH"))))
+               (wrap-program (string-append out "/bin/crit")
+                 `("PYTHONPATH" ":" prefix (,path))))
+             #t)))))
+    (inputs
+     `(("protobuf" ,protobuf)
+       ("python" ,python-2)
+       ("python2-protobuf" ,python2-protobuf)
+       ("python2-ipaddr" ,python2-ipaddr)
+       ("iproute" ,iproute)
+       ("libaio" ,libaio)
+       ("libcap" ,libcap)
+       ("libnet" ,libnet)
+       ("libnl" ,libnl)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("perl" ,perl)
+       ("protobuf-c" ,protobuf-c)
+       ("asciidoc" ,asciidoc)
+       ("xmlto" ,xmlto)
+       ("docbook-xml" ,docbook-xml)
+       ("docbook-xsl" ,docbook-xsl)))
+    (home-page "https://criu.org")
+    (synopsis "Checkpoint and restore in user space")
+    (description "Using this tool, you can freeze a running application (or
+part of it) and checkpoint it to a hard drive as a collection of files.  You
+can then use the files to restore and run the application from the point it
+was frozen at.  The distinctive feature of the CRIU project is that it is
+mainly implemented in user space.")
+    ;; The project is licensed under GPLv2; files in the lib/ directory are
+    ;; LGPLv2.1.
+    (license (list gpl2 lgpl2.1))))
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index c7b44fafa1..9fc47969ae 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -20,6 +20,7 @@
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net>
+;;; Copyright © 2017 Petter <petter@mykolab.ch>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -52,6 +53,7 @@
   #:use-module (guix build-system r)
   #:use-module (guix build-system trivial)
   #:use-module (guix build-system python)
+  #:use-module (guix build-system ant)
   #:use-module (gnu packages)
   #:use-module (gnu packages apr)
   #:use-module (gnu packages check)
@@ -2890,6 +2892,35 @@ contains modules that are of more general use and even classes that
 help you implement simple HTTP servers.")
     (home-page "http://search.cpan.org/dist/libwww-perl/")))
 
+(define-public perl-lwp-online
+  (package
+    (name "perl-lwp-online")
+    (version "1.08")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/A/AD/ADAMK/LWP-Online-"
+             version ".tar.gz"))
+       (sha256
+        (base32
+         "176f6vbk1018i0y7xj9d406ndbjgwzan2j9nihxnsahzg2vr2vz2"))))
+    (build-system perl-build-system)
+    (propagated-inputs
+     `(("perl-libwww" ,perl-libwww)
+       ("perl-uri" ,perl-uri)))
+    (native-inputs
+     `(("perl-module-install" ,perl-module-install)))
+    (home-page "http://search.cpan.org/dist/LWP-Online/")
+    (synopsis "Checks whether your process has access to the web")
+    (description "This module attempts to answer, as accurately as it can, one
+of the nastiest technical questions there is: am I on the internet?
+
+A host of networking and security issues make this problem very difficult.
+There are firewalls, proxies (both well behaved and badly behaved).  We might
+not have DNS.  We might not have a network card at all!")
+    (license l:perl-license)))
+
 (define-public perl-lwp-mediatypes
   (package
     (name "perl-lwp-mediatypes")
@@ -5384,3 +5415,583 @@ collection creation and deletion, and locking operations.")
      "Py-ubjson is a Python module providing an Universal Binary JSON
 encoder/decoder based on the draft-12 specification for UBJSON.")
     (license l:asl2.0)))
+
+(define-public java-tomcat
+  (package
+    (name "java-tomcat")
+    (version "8.5.23")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://apache/tomcat/tomcat-8/v"
+                                  version "/src/apache-tomcat-" version "-src.tar.gz"))
+              (sha256
+               (base32
+                "1m6b1dikib46kbgz9gf0p6svi00nsw62b9kgjzn6sda151skbbza"))))
+    (build-system ant-build-system)
+    (inputs
+     `(("java-eclipse-jdt-core" ,java-eclipse-jdt-core)))
+    (native-inputs
+     `(("java-junit" ,java-junit)))
+    (arguments
+     `(#:build-target "package"
+       #:tests? #f; requires downloading some files.
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'prevent-download
+           (lambda _
+             ;; This directory must exist
+             (mkdir "downloads")
+             ;; We patch build.xml so it doesn't download any dependency, because
+             ;; we already have all of them.
+             (substitute* "build.xml"
+               (("download-compile,") "")
+               (("depends=\"validate\"") "depends=\"build-prepare\"")
+               ((",download-validate") ""))
+             #t))
+         (add-after 'unpack 'generate-properties
+           (lambda _
+             ;; This could have been passed to make-flags, but getcwd returns
+             ;; a different directory then.
+             (with-output-to-file "build.properties"
+               (lambda _
+                 (display
+                   (string-append "base.path=" (getcwd) "/downloads\n"))))
+             #t))
+         (replace 'install
+           (install-jars "output/build/lib")))))
+    (home-page "https://tomcat.apache.org")
+    (synopsis "Java Servlet, JavaServer Pages, Java Expression Language and Java
+WebSocket")
+    (description "Apache Tomcat is a free implementation of the Java
+Servlet, JavaServer Pages, Java Expression Language and Java WebSocket
+technologies.")
+    (license l:asl2.0)))
+
+(define-public java-eclipse-jetty-test-helper
+  (package
+    (name "java-eclipse-jetty-test-helper")
+    (version "4.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/eclipse/jetty.toolchain/"
+                                  "archive/jetty-test-helper-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1jd6r9wc26fa11si4rn2gvy8ml8q4zw1nr6v04mjp8wvwpgvzwx5"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:jar-name "eclipse-jetty-test-helper.jar"
+       #:source-dir "src/main/java"
+       #:test-dir "src/test"
+       #:jdk ,icedtea-8
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'chdir
+           (lambda _
+             (chdir "jetty-test-helper")))
+         (add-before 'build 'fix-paths
+           (lambda _
+             ;; TODO:
+             ;; This file assumes that the build directory is named "target"
+             ;; but it is not the case with our ant-build-system. Once we have
+             ;; maven though, we will have to rebuild this package because this
+             ;; assumption is correct with maven-build-system.
+             (substitute*
+               "src/main/java/org/eclipse/jetty/toolchain/test/MavenTestingUtils.java"
+               (("\"target\"") "\"build\"")
+               (("\"tests\"") "\"test-classes\""))
+             ;; Tests assume we are building with maven, so that the build
+             ;; directory is named "target", and not "build".
+             (with-directory-excursion "src/test/java/org/eclipse/jetty/toolchain/test"
+               (substitute* '("FSTest.java" "OSTest.java" "TestingDirTest.java"
+                              "MavenTestingUtilsTest.java")
+                 (("target/tests") "build/test-classes")
+                 (("\"target") "\"build")))
+             #t)))))
+    (inputs
+     `(("junit" ,java-junit)
+       ("hamcrest" ,java-hamcrest-all)))
+    (home-page "https://www.eclipse.org/jetty/")
+    (synopsis "Helper classes for jetty tests")
+    (description "This packages contains helper classes for testing the Jetty
+Web Server.")
+    ;; This program is licensed under both epl and asl.
+    (license (list l:epl1.0 l:asl2.0))))
+
+(define-public java-eclipse-jetty-perf-helper
+  (package
+    (inherit java-eclipse-jetty-test-helper)
+    (name "java-eclipse-jetty-perf-helper")
+    (arguments
+     `(#:jar-name "eclipse-jetty-perf-helper.jar"
+       #:source-dir "src/main/java"
+       #:tests? #f; no tests
+       #:jdk ,icedtea-8
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'chdir
+           (lambda _
+             (chdir "jetty-perf-helper")
+             #t)))))
+    (inputs
+     `(("hdrhistogram" ,java-hdrhistogram)))))
+
+(define-public java-eclipse-jetty-util
+  (package
+    (name "java-eclipse-jetty-util")
+    (version "9.4.6")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/eclipse/jetty.project/"
+                                  "archive/jetty-" version ".v20170531.tar.gz"))
+              (sha256
+               (base32
+                "0x7kbdvkmgr6kbsmbwiiyv3bb0d6wk25frgvld9cf8540136z9p1"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:jar-name "eclipse-jetty-util.jar"
+       #:source-dir "src/main/java"
+       #:test-exclude
+       (list "**/Abstract*.java"
+             ;; requires network
+             "**/InetAddressSetTest.java"
+             ;; Assumes we are using maven
+             "**/TypeUtilTest.java"
+             ;; Error on the style of log
+             "**/StdErrLogTest.java")
+       #:jdk ,icedtea-8
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'chdir
+           (lambda _
+             (chdir "jetty-util")
+             #t)))))
+    (inputs
+     `(("slf4j" ,java-slf4j-api)
+       ("servlet" ,java-tomcat)))
+    (native-inputs
+     `(("junit" ,java-junit)
+       ("hamcrest" ,java-hamcrest-all)
+       ("perf-helper" ,java-eclipse-jetty-perf-helper)
+       ("test-helper" ,java-eclipse-jetty-test-helper)))
+    (home-page "https://www.eclipse.org/jetty/")
+    (synopsis "Utility classes for Jetty")
+    (description "The Jetty Web Server provides an HTTP server and Servlet
+container capable of serving static and dynamic content either from a standalone
+or embedded instantiation.  This package provides utility classes.")
+    (license (list l:epl1.0 l:asl2.0))))
+
+;; This version is required by maven-wagon
+(define-public java-eclipse-jetty-util-9.2
+  (package
+    (inherit java-eclipse-jetty-util)
+    (version "9.2.22")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/eclipse/jetty.project/"
+                                  "archive/jetty-" version ".v20170606.tar.gz"))
+              (sha256
+               (base32
+                "1i51qlsd7h06d35kx5rqpzbfadbcszycx1iwr6vz7qc9gf9f29la"))))
+    (arguments
+     `(#:jar-name "eclipse-jetty-util.jar"
+       #:source-dir "src/main/java"
+       #:jdk ,icedtea-8
+       #:test-exclude
+       (list "**/Abstract*.java"
+             ;; requires network
+             "**/InetAddressSetTest.java"
+             ;; Assumes we are using maven
+             "**/TypeUtilTest.java"
+             ;; We don't have an implementation for slf4j
+             "**/LogTest.java"
+             ;; Error on the style of log
+             "**/StdErrLogTest.java")
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'chdir
+           (lambda _
+             (chdir "jetty-util")
+             #t))
+         (add-before 'build 'fix-test-sources
+           (lambda _
+             ;; We need to fix issues caused by changes in newer versions of
+             ;; jetty-test-helper
+             (let ((src "src/test/java/org/eclipse/jetty/util/resource"))
+               (substitute* (string-append src "/AbstractFSResourceTest.java")
+                 (("testdir.getDir\\(\\)") "testdir.getPath().toFile()")
+                 (("testdir.getFile\\(\"foo\"\\)")
+                  "testdir.getPathFile(\"foo\").toFile()")
+                 (("testdir.getFile\\(name\\)")
+                  "testdir.getPathFile(name).toFile()")))
+             #t)))))))
+
+(define-public java-eclipse-jetty-io
+  (package
+    (inherit java-eclipse-jetty-util)
+    (name "java-eclipse-jetty-io")
+    (arguments
+     `(#:jar-name "eclipse-jetty-io.jar"
+       #:source-dir "src/main/java"
+       #:jdk ,icedtea-8
+       #:test-exclude (list "**/Abstract*.java"
+                            ;; Abstract class
+                            "**/EndPointTest.java")
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'chdir
+           (lambda _
+             (chdir "jetty-io")
+             #t)))))
+    (inputs
+     `(("slf4j" ,java-slf4j-api)
+       ("servlet" ,java-tomcat)
+       ("util" ,java-eclipse-jetty-util)))
+    (synopsis "Jetty :: IO Utility")
+    (description "The Jetty Web Server provides an HTTP server and Servlet
+container capable of serving static and dynamic content either from a standalone
+or embedded instantiation.  This package provides IO-related utility classes.")))
+
+(define-public java-eclipse-jetty-io-9.2
+  (package
+    (inherit java-eclipse-jetty-io)
+    (version (package-version java-eclipse-jetty-util-9.2))
+    (source (package-source java-eclipse-jetty-util-9.2))
+    (inputs
+     `(("util" ,java-eclipse-jetty-util-9.2)
+       ,@(package-inputs java-eclipse-jetty-util-9.2)))
+    (native-inputs
+     `(("mockito" ,java-mockito-1)
+       ("cglib" ,java-cglib)
+       ("objenesis" ,java-objenesis)
+       ("asm" ,java-asm)
+       ,@(package-native-inputs java-eclipse-jetty-util-9.2)))))
+
+(define-public java-eclipse-jetty-http
+  (package
+    (inherit java-eclipse-jetty-util)
+    (name "java-eclipse-jetty-http")
+    (arguments
+     `(#:jar-name "eclipse-jetty-http.jar"
+       #:source-dir "src/main/java"
+       #:jdk ,icedtea-8
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'chdir
+           (lambda _
+             (chdir "jetty-http")
+             #t))
+         (add-before 'build 'copy-resources
+           (lambda _
+             (mkdir-p "build/classes")
+             (copy-recursively "src/main/resources/" "build/classes/")
+             #t)))))
+    (inputs
+     `(("slf4j" ,java-slf4j-api)
+       ("servlet" ,java-tomcat)
+       ("io" ,java-eclipse-jetty-io)
+       ("util" ,java-eclipse-jetty-util)))
+    (synopsis "Jetty :: Http Utility")
+    (description "The Jetty Web Server provides an HTTP server and Servlet
+container capable of serving static and dynamic content either from a standalone
+or embedded instantiation.  This package provides HTTP-related utility classes.")))
+
+(define-public java-eclipse-jetty-http-9.2
+  (package
+    (inherit java-eclipse-jetty-http)
+    (version (package-version java-eclipse-jetty-util-9.2))
+    (source (package-source java-eclipse-jetty-util-9.2))
+    (inputs
+     `(("util" ,java-eclipse-jetty-util-9.2)
+       ("io" ,java-eclipse-jetty-io-9.2)
+       ,@(package-inputs java-eclipse-jetty-util-9.2)))))
+
+(define-public java-eclipse-jetty-jmx
+  (package
+    (inherit java-eclipse-jetty-util)
+    (name "java-eclipse-jetty-jmx")
+    (arguments
+     `(#:jar-name "eclipse-jetty-jmx.jar"
+       #:source-dir "src/main/java"
+       #:jdk ,icedtea-8
+       #:tests? #f; FIXME: requires com.openpojo.validation
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'chdir
+           (lambda _
+             (chdir "jetty-jmx")
+             #t)))))
+    (inputs
+     `(("slf4j" ,java-slf4j-api)
+       ("servlet" ,java-tomcat)
+       ("util" ,java-eclipse-jetty-util)))
+    (synopsis "Jetty :: JMX Management")
+    (description "The Jetty Web Server provides an HTTP server and Servlet
+container capable of serving static and dynamic content either from a standalone
+or embedded instantiation.  This package provides the JMX management.")))
+
+(define-public java-eclipse-jetty-jmx-9.2
+  (package
+    (inherit java-eclipse-jetty-jmx)
+    (version (package-version java-eclipse-jetty-util-9.2))
+    (source (package-source java-eclipse-jetty-util-9.2))
+    (inputs
+     `(("util" ,java-eclipse-jetty-util-9.2)
+       ,@(package-inputs java-eclipse-jetty-util-9.2)))))
+
+(define java-eclipse-jetty-http-test-classes
+  (package
+    (inherit java-eclipse-jetty-util)
+    (name "java-eclipse-jetty-http-test-classes")
+    (arguments
+     `(#:jar-name "eclipse-jetty-http.jar"
+       #:source-dir "src/test"
+       #:tests? #f
+       #:jdk ,icedtea-8
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'chdir
+           (lambda _
+             (chdir "jetty-http"))))))
+    (inputs
+     `(("slf4j" ,java-slf4j-api)
+       ("servlet" ,java-tomcat)
+       ("http" ,java-eclipse-jetty-http)
+       ("io" ,java-eclipse-jetty-io)
+       ("util" ,java-eclipse-jetty-util)))))
+
+(define java-eclipse-jetty-http-test-classes-9.2
+  (package
+    (inherit java-eclipse-jetty-http-test-classes)
+    (version (package-version java-eclipse-jetty-util-9.2))
+    (source (package-source java-eclipse-jetty-util-9.2))
+    (inputs
+     `(("http" ,java-eclipse-jetty-http-9.2)
+       ,@(package-inputs java-eclipse-jetty-http-9.2)))))
+
+(define-public java-eclipse-jetty-server
+  (package
+    (inherit java-eclipse-jetty-util)
+    (name "java-eclipse-jetty-server")
+    (arguments
+     `(#:jar-name "eclipse-jetty-server.jar"
+       #:source-dir "src/main/java"
+       #:jdk ,icedtea-8
+       #:tests? #f; requires a mockito version we don't have
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'chdir
+           (lambda _
+             (chdir "jetty-server")
+             #t))
+         (add-before 'build 'fix-source
+           (lambda _
+             ;; Explicit casts to prevent build failures
+             (substitute* "src/main/java/org/eclipse/jetty/server/Request.java"
+               (("append\\(LazyList")
+                "append((CharSequence)LazyList"))
+             (substitute*
+               "src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java"
+               (((string-append
+                   "Class<\\? extends EventListener> clazz = _classLoader==null"
+                   "\\?Loader.loadClass\\(ContextHandler.class,className\\):"
+                   "_classLoader.loadClass\\(className\\);"))
+                (string-append "Class<? extends EventListener> clazz = "
+                               "(Class<? extends EventListener>) "
+                               "(_classLoader==null?Loader.loadClass("
+                               "ContextHandler.class,className):"
+                               "_classLoader.loadClass(className));")))
+             #t)))))
+    (inputs
+     `(("slf4j" ,java-slf4j-api)
+       ("servlet" ,java-tomcat)
+       ("http" ,java-eclipse-jetty-http)
+       ("io" ,java-eclipse-jetty-io)
+       ("jmx" ,java-eclipse-jetty-jmx)
+       ("util" ,java-eclipse-jetty-util)))
+    (native-inputs
+     `(("test-classes" ,java-eclipse-jetty-http-test-classes)
+       ,@(package-native-inputs java-eclipse-jetty-util)))
+    (synopsis "Core jetty server artifact")
+    (description "The Jetty Web Server provides an HTTP server and Servlet
+container capable of serving static and dynamic content either from a standalone
+or embedded instantiation.  This package provides the core jetty server
+artifact.")))
+
+(define-public java-eclipse-jetty-server-9.2
+  (package
+    (inherit java-eclipse-jetty-server)
+    (version (package-version java-eclipse-jetty-util-9.2))
+    (source (package-source java-eclipse-jetty-util-9.2))
+    (inputs
+     `(("util" ,java-eclipse-jetty-util-9.2)
+       ("jmx" ,java-eclipse-jetty-jmx-9.2)
+       ("io" ,java-eclipse-jetty-io-9.2)
+       ("http" ,java-eclipse-jetty-http-9.2)
+       ,@(package-inputs java-eclipse-jetty-util-9.2)))
+    (native-inputs
+     `(("test-classes" ,java-eclipse-jetty-http-test-classes-9.2)
+       ,@(package-native-inputs java-eclipse-jetty-util-9.2)))))
+
+(define-public java-eclipse-jetty-security
+  (package
+    (inherit java-eclipse-jetty-util)
+    (name "java-eclipse-jetty-security")
+    (arguments
+     `(#:jar-name "eclipse-jetty-security.jar"
+       #:source-dir "src/main/java"
+       #:jdk ,icedtea-8
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'chdir
+           (lambda _
+             (chdir "jetty-security")
+             #t)))))
+    (inputs
+     `(("slf4j" ,java-slf4j-api)
+       ("servlet" ,java-tomcat)
+       ("http" ,java-eclipse-jetty-http)
+       ("server" ,java-eclipse-jetty-server)
+       ("util" ,java-eclipse-jetty-util)))
+    (native-inputs
+     `(("io" ,java-eclipse-jetty-io)
+       ,@(package-native-inputs java-eclipse-jetty-util)))
+    (synopsis "Jetty security infrastructure")
+    (description "The Jetty Web Server provides an HTTP server and Servlet
+container capable of serving static and dynamic content either from a standalone
+or embedded instantiation.  This package provides the core jetty security
+infrastructure")))
+
+(define-public java-eclipse-jetty-security-9.2
+  (package
+    (inherit java-eclipse-jetty-security)
+    (version (package-version java-eclipse-jetty-util-9.2))
+    (source (package-source java-eclipse-jetty-util-9.2))
+    (inputs
+     `(("util" ,java-eclipse-jetty-util-9.2)
+       ("http" ,java-eclipse-jetty-http-9.2)
+       ("server" ,java-eclipse-jetty-server-9.2)
+       ,@(package-inputs java-eclipse-jetty-util-9.2)))
+    (native-inputs
+     `(("io" ,java-eclipse-jetty-io-9.2)
+       ,@(package-native-inputs java-eclipse-jetty-util-9.2)))))
+
+(define-public java-eclipse-jetty-servlet
+  (package
+    (inherit java-eclipse-jetty-util)
+    (name "java-eclipse-jetty-servlet")
+    (arguments
+     `(#:jar-name "eclipse-jetty-servlet.jar"
+       #:source-dir "src/main/java"
+       #:jdk ,icedtea-8
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'chdir
+           (lambda _
+             (chdir "jetty-servlet")
+             #t)))))
+    (inputs
+     `(("slf4j" ,java-slf4j-api)
+       ("servlet" ,java-tomcat)
+       ("http" ,java-eclipse-jetty-http)
+       ("http-test" ,java-eclipse-jetty-http-test-classes)
+       ("io" ,java-eclipse-jetty-io)
+       ("jmx" ,java-eclipse-jetty-jmx)
+       ("security" ,java-eclipse-jetty-security)
+       ("server" ,java-eclipse-jetty-server)
+       ("util" ,java-eclipse-jetty-util)))
+    (synopsis "Jetty Servlet Container")
+    (description "The Jetty Web Server provides an HTTP server and Servlet
+container capable of serving static and dynamic content either from a standalone
+or embedded instantiation.  This package provides the core jetty servlet
+container.")))
+
+(define-public java-eclipse-jetty-servlet-9.2
+  (package
+    (inherit java-eclipse-jetty-servlet)
+    (version (package-version java-eclipse-jetty-util-9.2))
+    (source (package-source java-eclipse-jetty-util-9.2))
+    (arguments
+     `(#:jar-name "eclipse-jetty-servlet.jar"
+       #:source-dir "src/main/java"
+       #:jdk ,icedtea-8
+       #:tests? #f; doesn't work
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'chdir
+           (lambda _
+             (chdir "jetty-servlet")
+             #t)))))
+    (inputs
+     `(("util" ,java-eclipse-jetty-util-9.2)
+       ("jmx" ,java-eclipse-jetty-jmx-9.2)
+       ("io" ,java-eclipse-jetty-io-9.2)
+       ("http" ,java-eclipse-jetty-http-9.2)
+       ("security" ,java-eclipse-jetty-security-9.2)
+       ("http-test" ,java-eclipse-jetty-http-test-classes-9.2)
+       ("server" ,java-eclipse-jetty-server-9.2)
+       ,@(package-inputs java-eclipse-jetty-util-9.2)))))
+
+(define-public tidyp
+  (package
+    (name "tidyp")
+    (version "1.04")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/downloads/petdance/tidyp/tidyp-"
+                           version ".tar.gz"))
+       (sha256
+        (base32
+         "0f5ky0ih4vap9c6j312jn73vn8m2bj69pl2yd3a5nmv35k9zmc10"))))
+    (build-system gnu-build-system)
+    ;; ./test-thing.sh tries to run ./testall.sh, which is not included.
+    (arguments `(#:tests? #f))
+    (home-page "http://www.tidyp.com/")
+    (synopsis "Validate HTML")
+    (description "Tidyp is a program that can validate your HTML, as well as
+modify it to be more clean and standard.  tidyp does not validate HTML 5.
+
+libtidyp is the library on which the program is based.  It can be used by any
+other program that can interface to it.  The Perl module @code{HTML::Tidy} is
+based on this library, allowing Perl programmers to easily validate HTML.")
+    ;; See htmldoc/license.html
+    (license l:bsd-3)))
+
+(define-public perl-html-tidy
+  (package
+    (name "perl-html-tidy")
+    (version "1.60")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/P/PE/PETDANCE/HTML-Tidy-"
+                           version ".tar.gz"))
+       (sha256
+        (base32
+         "1iyp2fd6j75cn1xvcwl2lxr8qpjxssy2360cyqn6g3kzd1fzdyxw"))))
+    (build-system perl-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'fix-tidyp-paths
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "Makefile.PL"
+               (("^my \\$inc = \"" line)
+                (string-append line
+                               "-I" (assoc-ref inputs "tidyp") "/include/tidyp "))
+               (("-L/usr/lib")
+                (string-append
+                 "-L" (assoc-ref inputs "tidyp") "/lib")))
+             #t)))))
+    (inputs
+     `(("perl-libwww" ,perl-libwww)
+       ("tidyp" ,tidyp)))
+    (native-inputs
+     `(("perl-test-exception" ,perl-test-exception)))
+    (home-page "http://search.cpan.org/dist/HTML-Tidy/")
+    (synopsis "(X)HTML validation in a Perl object")
+    (description "@code{HTML::Tidy} is an HTML checker in a handy dandy
+object.  It's meant as a replacement for @code{HTML::Lint}, which is written
+in Perl but is not nearly as capable as @code{HTML::Tidy}.")
+    (license l:artistic2.0)))
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 1dc7530969..13eb608144 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -17,6 +17,7 @@
 ;;; Copyright © 2017 Adriano Peluso <catonano@gmail.com>
 ;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net>
 ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
+;;; Copyright © 2017 Petter <petter@mykolab.ch>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1235,3 +1236,160 @@ This framework aids the development of XML systems with minimal effort and
 reduced errors.  It offers full object serialization and deserialization,
 maintaining each reference encountered.")
     (license license:asl2.0)))
+
+(define-public perl-xml-xpathengine
+  (package
+    (name "perl-xml-xpathengine")
+    (version "0.14")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://cpan/authors/id/M/MI/MIROD/"
+                                  "XML-XPathEngine-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0r72na14bmsxfd16s9nlza155amqww0k8wsa9x2a3sqbpp5ppznj"))))
+    (build-system perl-build-system)
+    (home-page "http://search.cpan.org/dist/XML-XPathEngine/")
+    (synopsis "Re-usable XPath engine for DOM-like trees")
+    (description
+     "This module provides an XPath engine, that can be re-used by other
+modules/classes that implement trees.
+
+In order to use the XPath engine, nodes in the user module need to mimick DOM
+nodes.  The degree of similitude between the user tree and a DOM dictates how
+much of the XPath features can be used.  A module implementing all of the DOM
+should be able to use this module very easily (you might need to add the
+@code{cmp} method on nodes in order to get ordered result sets).")
+    (license license:perl-license)))
+
+(define-public perl-tree-xpathengine
+  (package
+    (name "perl-tree-xpathengine")
+    (version "0.05")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://cpan/authors/id/M/MI/MIROD/"
+                                  "Tree-XPathEngine-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1vbbw8wxm79r3xbra8narw1dqvm34510q67wbmg2zmj6zd1k06r9"))))
+    (build-system perl-build-system)
+    (home-page "http://search.cpan.org/dist/Tree-XPathEngine/")
+    (synopsis "Re-usable XPath engine")
+    (description
+     "This module provides an XPath engine, that can be re-used by other
+module/classes that implement trees.  It is designed to be compatible with
+@code{Class::XPath}, ie it passes its tests if you replace @code{Class::XPath}
+by @code{Tree::XPathEngine}.")
+    (license license:perl-license)))
+
+(define-public perl-xml-filter-buffertext
+  (package
+    (name "perl-xml-filter-buffertext")
+    (version "1.01")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/R/RB/RBERJON/"
+                           "XML-Filter-BufferText-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0p5785c1dsk6kdp505vapb5h54k8krrz8699hpgm9igf7dni5llg"))))
+    (build-system perl-build-system)
+    (propagated-inputs
+     `(("perl-xml-sax-base" ,perl-xml-sax-base)))
+    (home-page "http://search.cpan.org/dist/XML-Filter-BufferText/")
+    (synopsis "Filter to put all characters() in one event")
+    (description "This is a very simple filter.  One common cause of
+grief (and programmer error) is that XML parsers aren't required to provide
+character events in one chunk.  They can, but are not forced to, and most
+don't.  This filter does the trivial but oft-repeated task of putting all
+characters into a single event.")
+    (license license:perl-license)))
+
+(define-public perl-xml-sax-writer
+  (package
+    (name "perl-xml-sax-writer")
+    (version "0.57")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "mirror://cpan/authors/id/P/PE/PERIGRIN/"
+                    "XML-SAX-Writer-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1w1cd1ybxdvhmnxdlkywi3x5ka3g4md42kyynksjc09vyizd0q9x"))))
+    (build-system perl-build-system)
+    (propagated-inputs
+     `(("perl-libxml" ,perl-libxml)
+       ("perl-xml-filter-buffertext" ,perl-xml-filter-buffertext)
+       ("perl-xml-namespacesupport", perl-xml-namespacesupport)
+       ("perl-xml-sax-base" ,perl-xml-sax-base)))
+    (home-page "http://search.cpan.org/dist/XML-SAX-Writer/")
+    (synopsis "SAX2 XML Writer")
+    (description
+     "This is an XML writer that understands SAX2.  It is based on
+@code{XML::Handler::YAWriter}.")
+    (license license:perl-license)))
+
+(define-public perl-xml-handler-yawriter
+  (package
+    (name "perl-xml-handler-yawriter")
+    (version "0.23")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/K/KR/KRAEHE/"
+                           "XML-Handler-YAWriter-" version ".tar.gz"))
+       (sha256
+        (base32
+         "11d45a1sz862va9rry3p2m77pwvq3kpsvgwhc5ramh9mbszbnk77"))))
+    (build-system perl-build-system)
+    (propagated-inputs
+     `(("perl-libxml" ,perl-libxml)))
+    (home-page "http://search.cpan.org/dist/XML-Handler-YAWriter/")
+    (synopsis "Yet another Perl SAX XML Writer")
+    (description "YAWriter implements Yet Another @code{XML::Handler::Writer}.
+It provides a flexible escaping technique and pretty printing.")
+    (license license:perl-license)))
+
+(define-public perl-xml-twig
+  (package
+    (name "perl-xml-twig")
+    (version "3.52")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://cpan/authors/id/M/MI/MIROD/"
+                                  "XML-Twig-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1bc0hrz4jp6199hi29sdxmb9gyy45whla9hd19yqfasgq8k5ixzy"))))
+    (build-system perl-build-system)
+    (inputs
+     `(("expat" ,expat)))
+    (propagated-inputs
+     `(("perl-html-tidy" ,perl-html-tidy)
+       ("perl-html-tree" ,perl-html-tree)
+       ("perl-io-captureoutput" ,perl-io-captureoutput)
+       ("perl-io-string" ,perl-io-string)
+       ("perl-io-stringy" ,perl-io-stringy)
+       ("perl-libxml" ,perl-libxml)
+       ("perl-xml-filter-buffertext" ,perl-xml-filter-buffertext)
+       ("perl-xml-handler-yawriter" ,perl-xml-handler-yawriter)
+       ("perl-xml-parser" ,perl-xml-parser)
+       ("perl-xml-sax-writer" ,perl-xml-sax-writer)
+       ("perl-xml-simple" ,perl-xml-simple)
+       ("perl-xml-xpathengine" ,perl-xml-xpathengine)
+       ("perl-test-pod", perl-test-pod)
+       ("perl-tree-xpathengine" ,perl-tree-xpathengine)))
+    (home-page "http://search.cpan.org/dist/XML-Twig/")
+    (synopsis "Perl module for processing huge XML documents in tree mode")
+    (description "@code{XML::Twig} is an XML transformation module.  Its
+strong points: can be used to process huge documents while still being in tree
+mode; not bound by DOM or SAX, so it is very perlish and offers a very
+comprehensive set of methods; simple to use; DWIMs as much as possible.
+
+What it doesn't offer: full SAX support (it can export SAX, but only reads
+XML), full XPath support (unless you use @code{XML::Twig::XPath}), nor DOM
+support.")
+    (license license:perl-license)))
diff --git a/gnu/services.scm b/gnu/services.scm
index 0bd3620852..50be28a382 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -95,10 +95,7 @@
 
             %boot-service
             %activation-service
-            etc-service
-
-            file-union                        ;XXX: for lack of a better place
-            directory-union))
+            etc-service))
 
 ;;; Comment:
 ;;;
@@ -388,38 +385,6 @@ boot."
                  (list (service-extension boot-service-type
                                           cleanup-gexp)))))
 
-(define* (file-union name files)                  ;FIXME: Factorize.
-  "Return a <computed-file> that builds a directory containing all of FILES.
-Each item in FILES must be a list where the first element is the file name to
-use in the new directory, and the second element is a gexp denoting the target
-file."
-  (computed-file name
-                 #~(begin
-                     (mkdir #$output)
-                     (chdir #$output)
-                     #$@(map (match-lambda
-                               ((target source)
-                                #~(begin
-                                    ;; Stat the source to abort early if it
-                                    ;; does not exist.
-                                    (stat #$source)
-
-                                    (symlink #$source #$target))))
-                             files))))
-
-(define (directory-union name things)
-  "Return a directory that is the union of THINGS."
-  (match things
-    ((one)
-     ;; Only one thing; return it.
-     one)
-    (_
-     (computed-file name
-                    (with-imported-modules '((guix build union))
-                      #~(begin
-                          (use-modules (guix build union))
-                          (union-build #$output '#$things)))))))
-
 (define* (activation-service->script service)
   "Return as a monadic value the activation script for SERVICE, a service of
 ACTIVATION-SCRIPT-TYPE."
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 541ca76f14..b605614ab6 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -71,6 +71,7 @@
             udev-service-type
             udev-service
             udev-rule
+            file->udev-rule
 
             login-configuration
             login-configuration?
@@ -1630,6 +1631,22 @@ item of @var{packages}."
                          (lambda (port)
                            (display #$contents port)))))))
 
+(define (file->udev-rule file-name file)
+  "Return a directory with a udev rule file FILE-NAME which is a copy of FILE."
+  (computed-file file-name
+                 (with-imported-modules '((guix build utils))
+                   #~(begin
+                       (use-modules (guix build utils))
+
+                       (define rules.d
+                         (string-append #$output "/lib/udev/rules.d"))
+
+                       (define file-copy-dest
+                         (string-append rules.d "/" #$file-name))
+
+                       (mkdir-p rules.d)
+                       (copy-file #$file file-copy-dest)))))
+
 (define kvm-udev-rule
   ;; Return a directory with a udev rule that changes the group of /dev/kvm to
   ;; "kvm" and makes it #o660.  Apparently QEMU-KVM used to ship this rule,
diff --git a/guix/build-system/go.scm b/guix/build-system/go.scm
index 43599df6f4..ec447d2a28 100644
--- a/guix/build-system/go.scm
+++ b/guix/build-system/go.scm
@@ -78,6 +78,7 @@
                                %standard-phases))
                    (outputs '("out"))
                    (search-paths '())
+                   (install-source? #t)
                    (import-path "")
                    (unpack-path "")
                    (tests? #t)
@@ -102,6 +103,7 @@
                 #:outputs %outputs
                 #:search-paths ',(map search-path-specification->sexp
                                       search-paths)
+                #:install-source? ,install-source?
                 #:import-path ,import-path
                 #:unpack-path ,unpack-path
                 #:tests? ,tests?
diff --git a/guix/build/compile.scm b/guix/build/compile.scm
new file mode 100644
index 0000000000..ea0c36fa33
--- /dev/null
+++ b/guix/build/compile.scm
@@ -0,0 +1,165 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2013, 2014, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (guix build compile)
+  #:use-module (ice-9 match)
+  #:use-module (ice-9 format)
+  #:use-module (ice-9 threads)
+  #:use-module (system base target)
+  #:use-module (system base compile)
+  #:use-module (system base message)
+  #:use-module (guix modules)
+  #:use-module (guix build utils)
+  #:export (%default-optimizations
+            %lightweight-optimizations
+            compile-files))
+
+;;; Commentary:
+;;;
+;;; Support code to compile Guile code as efficiently as possible (both with
+;;; Guile 2.0 and 2.2).
+;;;
+;;; Code:
+
+(cond-expand
+  (guile-2.2 (use-modules (language tree-il optimize)
+                          (language cps optimize)))
+  (else #f))
+
+(define %default-optimizations
+  ;; Default optimization options (equivalent to -O2 on Guile 2.2).
+  (cond-expand
+    (guile-2.2 (append (tree-il-default-optimization-options)
+                       (cps-default-optimization-options)))
+    (else '())))
+
+(define %lightweight-optimizations
+  ;; Lightweight optimizations (like -O0, but with partial evaluation).
+  (let loop ((opts %default-optimizations)
+             (result '()))
+    (match opts
+      (() (reverse result))
+      ((#:partial-eval? _ rest ...)
+       (loop rest `(#t #:partial-eval? ,@result)))
+      ((kw _ rest ...)
+       (loop rest `(#f ,kw ,@result))))))
+
+(define %warnings
+  ;; FIXME: 'format' is missing because it reports "non-literal format
+  ;; strings" due to the fact that we use 'G_' instead of '_'.  We'll need
+  ;; help from Guile to solve this.
+  '(unsupported-warning unbound-variable arity-mismatch
+    macro-use-before-definition))                 ;new in 2.2
+
+(define (optimization-options file)
+  "Return the default set of optimizations options for FILE."
+  (if (string-contains file "gnu/packages/")
+      %lightweight-optimizations                  ;build faster
+      '()))
+
+(define (scm->go file)
+  "Strip the \".scm\" suffix from FILE, and append \".go\"."
+  (string-append (string-drop-right file 4) ".go"))
+
+(define* (load-files directory files
+                     #:key
+                     (report-load (const #f))
+                     (debug-port (%make-void-port "w")))
+  "Load FILES, a list of relative file names, from DIRECTORY."
+  (define total
+    (length files))
+
+  (let loop ((files files)
+             (completed 0))
+    (match files
+      (()
+       (unless (zero? total)
+         (report-load #f total completed))
+       *unspecified*)
+      ((file files ...)
+       (report-load file total completed)
+       (format debug-port "~%loading '~a'...~%" file)
+
+       (parameterize ((current-warning-port debug-port))
+         (resolve-interface (file-name->module-name file)))
+
+       (loop files (+ 1 completed))))))
+
+(define-syntax-rule (with-augmented-search-path path item body ...)
+  "Within the dynamic extent of BODY, augment PATH by adding ITEM to the
+front."
+  (let ((initial-value path))
+    (dynamic-wind
+      (lambda ()
+        (set! path (cons item path)))
+      (lambda ()
+        body ...)
+      (lambda ()
+        (set! path initial-value)))))
+
+(define* (compile-files source-directory build-directory files
+                        #:key
+                        (host %host-type)
+                        (workers (current-processor-count))
+                        (optimization-options optimization-options)
+                        (warning-options `(#:warnings ,%warnings))
+                        (report-load (const #f))
+                        (report-compilation (const #f))
+                        (debug-port (%make-void-port "w")))
+  "Compile FILES, a list of source files taken from SOURCE-DIRECTORY, to
+BUILD-DIRECTORY, using up to WORKERS parallel workers.  The resulting object
+files are for HOST, a GNU triplet such as \"x86_64-linux-gnu\"."
+  (define progress-lock (make-mutex))
+  (define total (length files))
+  (define completed 0)
+
+  (define (build file)
+    (with-mutex progress-lock
+      (report-compilation file total completed))
+    (with-fluids ((*current-warning-prefix* ""))
+      (with-target host
+        (lambda ()
+          (compile-file file
+                        #:output-file (string-append build-directory "/"
+                                                     (scm->go file))
+                        #:opts (append warning-options
+                                       (optimization-options file))))))
+    (with-mutex progress-lock
+      (set! completed (+ 1 completed))))
+
+  (with-augmented-search-path %load-path source-directory
+    (with-augmented-search-path %load-compiled-path build-directory
+      ;; FIXME: To work around <https://bugs.gnu.org/15602>, we first load all
+      ;; of FILES.
+      (load-files source-directory files
+                  #:report-load report-load
+                  #:debug-port debug-port)
+
+      ;; Make sure compilation related modules are loaded before starting to
+      ;; compile files in parallel.
+      (compile #f)
+
+      (n-par-for-each workers build files)
+      (unless (zero? total)
+        (report-compilation #f total total)))))
+
+;;; Local Variables:
+;;; eval: (put 'with-augmented-search-path 'scheme-indent-function 2)
+;;; eval: (put 'with-target 'scheme-indent-function 1)
+;;; End:
diff --git a/guix/build/go-build-system.scm b/guix/build/go-build-system.scm
index 7f04e3db8c..72af6ce7b6 100644
--- a/guix/build/go-build-system.scm
+++ b/guix/build/go-build-system.scm
@@ -126,13 +126,14 @@ unset.  When SOURCE is a directory, copy it instead of unpacking."
         (zero? (system* "unzip" "-d" dest source))
         (zero? (system* "tar" "-C" dest "-xvf" source))))))
 
-(define* (install-source #:key outputs #:allow-other-keys)
+(define* (install-source #:key install-source? outputs #:allow-other-keys)
   "Install the source code to the output directory."
   (let* ((out (assoc-ref outputs "out"))
          (source "src")
          (dest (string-append out "/" source)))
-    (copy-recursively source dest #:keep-mtime? #t)
-    #t))
+    (if install-source?
+      (copy-recursively source dest #:keep-mtime? #t)
+      #t)))
 
 (define (go-package? name)
   (string-prefix? "go-" name))
@@ -179,6 +180,9 @@ respectively."
     (zero? (system* "go" "install"
                     "-v" ; print the name of packages as they are compiled
                     "-x" ; print each command as it is invoked
+                    ;; Respectively, strip the symbol table and debug
+                    ;; information, and the DWARF symbol table.
+                    "-ldflags=-s -w"
                     import-path))
     (begin
       (display (string-append "Building '" import-path "' failed.\n"
diff --git a/guix/build/pull.scm b/guix/build/pull.scm
index 1ae35ab382..3573241a7e 100644
--- a/guix/build/pull.scm
+++ b/guix/build/pull.scm
@@ -20,11 +20,10 @@
 (define-module (guix build pull)
   #:use-module (guix modules)
   #:use-module (guix build utils)
-  #:use-module (system base compile)
+  #:use-module (guix build compile)
   #:use-module (ice-9 ftw)
   #:use-module (ice-9 match)
   #:use-module (ice-9 format)
-  #:use-module (ice-9 threads)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-11)
   #:use-module (srfi srfi-26)
@@ -63,34 +62,6 @@ available, false otherwise."
                      (string-prefix? gnu  b))
                 (string<? a b))))))
 
-(cond-expand
-  (guile-2.2 (use-modules (language tree-il optimize)
-                          (language cps optimize)))
-  (else #f))
-
-(define %default-optimizations
-  ;; Default optimization options (equivalent to -O2 on Guile 2.2).
-  (cond-expand
-    (guile-2.2 (append (tree-il-default-optimization-options)
-                       (cps-default-optimization-options)))
-    (else '())))
-
-(define %lightweight-optimizations
-  ;; Lightweight optimizations (like -O0, but with partial evaluation).
-  (let loop ((opts %default-optimizations)
-             (result '()))
-    (match opts
-      (() (reverse result))
-      ((#:partial-eval? _ rest ...)
-       (loop rest `(#t #:partial-eval? ,@result)))
-      ((kw _ rest ...)
-       (loop rest `(#f ,kw ,@result))))))
-
-(define (optimization-options file)
-  (if (string-contains file "gnu/packages/")
-      %lightweight-optimizations                  ;build faster
-      '()))
-
 
 (define* (build-guix out source
                      #:key
@@ -148,53 +119,43 @@ containing the source code.  Write any debugging output to DEBUG-PORT."
     (set! %load-path (cons out %load-path))
     (set! %load-compiled-path (cons out %load-compiled-path))
 
-    ;; Compile the .scm files.  Load all the files before compiling them to
-    ;; work around <http://bugs.gnu.org/15602> (FIXME).
-    ;; Filter out files depending on Guile-SSH when Guile-SSH is missing.
-    (let* ((files (filter has-all-its-dependencies?
-                          (all-scheme-files out)))
-           (total (length files)))
-      (let loop ((files files)
-                 (completed 0))
-        (match files
-          (() *unspecified*)
-          ((file . files)
-           (display #\cr log-port)
-           (format log-port "loading...\t~5,1f% of ~d files" ;FIXME: i18n
-                   (* 100. (/ completed total)) total)
-           (force-output log-port)
-           (format debug-port "~%loading '~a'...~%" file)
-           ;; Turn "<out>/foo/bar.scm" into (foo bar).
-           (let* ((relative-file (string-drop file (+ (string-length out) 1)))
-                  (module-path (string-drop-right relative-file 4))
-                  (module-name (map string->symbol
-                                    (string-split module-path #\/))))
-             (parameterize ((current-warning-port debug-port))
-               (resolve-interface module-name)))
-           (loop files (+ 1 completed)))))
-      (newline)
-      (let ((mutex (make-mutex))
-            (completed 0))
-        ;; Make sure compilation related modules are loaded before starting to
-        ;; compile files in parallel.
-        (compile #f)
-        (n-par-for-each
-         (parallel-job-count)
-         (lambda (file)
-           (with-mutex mutex
-             (display #\cr log-port)
-             (format log-port "compiling...\t~5,1f% of ~d files" ;FIXME: i18n
-                     (* 100. (/ completed total)) total)
-             (force-output log-port)
-             (format debug-port "~%compiling '~a'...~%" file))
-           (let ((go (string-append (string-drop-right file 4) ".go")))
-             (parameterize ((current-warning-port (%make-void-port "w")))
-               (compile-file file
-                             #:output-file go
-                             #:opts (optimization-options file))))
-           (with-mutex mutex
-             (set! completed (+ 1 completed))))
-         files))))
+    ;; Compile the .scm files.  Hide warnings.
+    (parameterize ((current-warning-port (%make-void-port "w")))
+      (with-directory-excursion out
+        ;; Filter out files depending on Guile-SSH when Guile-SSH is missing.
+        (let ((files (filter has-all-its-dependencies?
+                             (all-scheme-files "."))))
+          (compile-files out out
+
+                         ;; XXX: 'compile-files' except ready-to-use relative
+                         ;; file names.
+                         (map (lambda (file)
+                                (if (string-prefix? "./" file)
+                                    (string-drop file 2)
+                                    file))
+                              files)
+
+                         #:workers (parallel-job-count)
+
+                         ;; Disable warnings.
+                         #:warning-options '()
+
+                         #:report-load
+                         (lambda (file total completed)
+                           (display #\cr log-port)
+                           (format log-port
+                                   "loading...\t~5,1f% of ~d files" ;FIXME: i18n
+                                   (* 100. (/ completed total)) total)
+                           (force-output log-port)
+                           (format debug-port "~%loading '~a'...~%" file))
+
+                         #:report-compilation
+                         (lambda (file total completed)
+                           (display #\cr log-port)
+                           (format log-port "compiling...\t~5,1f% of ~d files" ;FIXME: i18n
+                                   (* 100. (/ completed total)) total)
+                           (force-output log-port)
+                           (format debug-port "~%compiling '~a'...~%" file)))))))
 
   (newline)
   #t)
diff --git a/guix/discovery.scm b/guix/discovery.scm
index 2741725b9d..7b57579023 100644
--- a/guix/discovery.scm
+++ b/guix/discovery.scm
@@ -18,6 +18,7 @@
 
 (define-module (guix discovery)
   #:use-module (guix ui)
+  #:use-module (guix modules)
   #:use-module (guix combinators)
   #:use-module (guix build syscalls)
   #:use-module (srfi srfi-1)
@@ -88,13 +89,6 @@ DIRECTORY is not accessible."
                                directory (strerror errno)))
                     '())))))
 
-(define file-name->module-name
-  (let ((not-slash (char-set-complement (char-set #\/))))
-    (lambda (file)
-      "Return the module name (a list of symbols) corresponding to FILE."
-      (map string->symbol
-           (string-tokenize (string-drop-right file 4) not-slash)))))
-
 (define* (scheme-modules directory #:optional sub-directory)
   "Return the list of Scheme modules available under DIRECTORY.
 Optionally, narrow the search to SUB-DIRECTORY."
diff --git a/guix/gexp.scm b/guix/gexp.scm
index 2622c5cb62..b9525603ee 100644
--- a/guix/gexp.scm
+++ b/guix/gexp.scm
@@ -78,6 +78,8 @@
             gexp->script
             text-file*
             mixed-text-file
+            file-union
+            directory-union
             imported-files
             imported-modules
             compiled-modules
@@ -1171,6 +1173,56 @@ This is the declarative counterpart of 'text-file*'."
 
   (computed-file name build))
 
+(define (file-union name files)
+  "Return a <computed-file> that builds a directory containing all of FILES.
+Each item in FILES must be a two-element list where the first element is the
+file name to use in the new directory, and the second element is a gexp
+denoting the target file.  Here's an example:
+
+  (file-union \"etc\"
+              `((\"hosts\" ,(plain-file \"hosts\"
+                                        \"127.0.0.1 localhost\"))
+                (\"bashrc\" ,(plain-file \"bashrc\"
+                                         \"alias ls='ls --color'\"))))
+
+This yields an 'etc' directory containing these two files."
+  (computed-file name
+                 (gexp
+                  (begin
+                    (mkdir (ungexp output))
+                    (chdir (ungexp output))
+                    (ungexp-splicing
+                     (map (match-lambda
+                            ((target source)
+                             (gexp
+                              (begin
+                                ;; Stat the source to abort early if it does
+                                ;; not exist.
+                                (stat (ungexp source))
+
+                                (symlink (ungexp source)
+                                         (ungexp target))))))
+                          files))))))
+
+(define (directory-union name things)
+  "Return a directory that is the union of THINGS, where THINGS is a list of
+file-like objects denoting directories.  For example:
+
+  (directory-union \"guile+emacs\" (list guile emacs))
+
+yields a directory that is the union of the 'guile' and 'emacs' packages."
+  (match things
+    ((one)
+     ;; Only one thing; return it.
+     one)
+    (_
+     (computed-file name
+                    (with-imported-modules '((guix build union))
+                      (gexp (begin
+                              (use-modules (guix build union))
+                              (union-build (ungexp output)
+                                           '(ungexp things)))))))))
+
 
 ;;;
 ;;; Syntactic sugar.
diff --git a/guix/modules.scm b/guix/modules.scm
index 19a4acd76c..6c602eda48 100644
--- a/guix/modules.scm
+++ b/guix/modules.scm
@@ -26,6 +26,9 @@
   #:export (missing-dependency-error?
             missing-dependency-module
 
+            file-name->module-name
+            module-name->file-name
+
             source-module-closure
             live-module-closure
             guix-module-name?))
@@ -93,6 +96,13 @@ depends on."
           (_
            '()))))))
 
+(define file-name->module-name
+  (let ((not-slash (char-set-complement (char-set #\/))))
+    (lambda (file)
+      "Return the module name (a list of symbols) corresponding to FILE."
+      (map string->symbol
+           (string-tokenize (string-drop-right file 4) not-slash)))))
+
 (define (module-name->file-name module)
   "Return the file name for MODULE."
   (string-append (string-join (map symbol->string module) "/")