summary refs log tree commit diff
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2018-02-09 01:46:34 -0500
committerMark H Weaver <mhw@netris.org>2018-02-09 01:46:34 -0500
commitefe2a2833c6d306d0c60127fdfebaff6dc415b4c (patch)
treebf842134e1a149770907e1956d28c3a6b207b3f7
parent53f826cd0f429864d46fc3bf6305c14356d0b2ad (diff)
parent8d0edc8246389c0f2bb1c8e9c9190c312746a4b4 (diff)
downloadguix-efe2a2833c6d306d0c60127fdfebaff6dc415b4c.tar.gz
Merge branch 'master' into core-updates
-rw-r--r--Makefile.am3
-rw-r--r--configure.ac10
-rw-r--r--doc/guix.texi109
-rw-r--r--etc/guix-daemon.cil.in285
-rw-r--r--gnu/build/linux-boot.scm1
-rw-r--r--gnu/local.mk13
-rw-r--r--gnu/packages/admin.scm61
-rw-r--r--gnu/packages/audio.scm31
-rw-r--r--gnu/packages/code.scm4
-rw-r--r--gnu/packages/compression.scm7
-rw-r--r--gnu/packages/conky.scm4
-rw-r--r--gnu/packages/cran.scm213
-rw-r--r--gnu/packages/databases.scm4
-rw-r--r--gnu/packages/dav.scm4
-rw-r--r--gnu/packages/documentation.scm18
-rw-r--r--gnu/packages/emacs.scm126
-rw-r--r--gnu/packages/gnome.scm6
-rw-r--r--gnu/packages/gnunet.scm5
-rw-r--r--gnu/packages/gps.scm71
-rw-r--r--gnu/packages/guile.scm7
-rw-r--r--gnu/packages/julia.scm12
-rw-r--r--gnu/packages/linux.scm8
-rw-r--r--gnu/packages/lua.scm28
-rw-r--r--gnu/packages/mail.scm15
-rw-r--r--gnu/packages/maths.scm34
-rw-r--r--gnu/packages/mc.scm15
-rw-r--r--gnu/packages/mpi.scm23
-rw-r--r--gnu/packages/music.scm29
-rw-r--r--gnu/packages/networking.scm21
-rw-r--r--gnu/packages/nim.scm13
-rw-r--r--gnu/packages/onc-rpc.scm1
-rw-r--r--gnu/packages/password-utils.scm4
-rw-r--r--gnu/packages/patches/gpsbabel-minizip.patch13
-rw-r--r--gnu/packages/patches/gpsbabel-qstring.patch69
-rw-r--r--gnu/packages/patches/hwloc-tests-without-sysfs.patch42
-rw-r--r--gnu/packages/patches/luajit-symlinks.patch25
-rw-r--r--gnu/packages/patches/mpv-CVE-2018-6360-1.patch138
-rw-r--r--gnu/packages/patches/mpv-CVE-2018-6360-2.patch59
-rw-r--r--gnu/packages/patches/mpv-CVE-2018-6360-3.patch84
-rw-r--r--gnu/packages/patches/mupdf-CVE-2017-17858.patch111
-rw-r--r--gnu/packages/patches/p7zip-CVE-2017-17969.patch35
-rw-r--r--gnu/packages/pdf.scm3
-rw-r--r--gnu/packages/perl-check.scm4
-rw-r--r--gnu/packages/python.scm148
-rw-r--r--gnu/packages/rdf.scm5
-rw-r--r--gnu/packages/sawfish.scm5
-rw-r--r--gnu/packages/scheme.scm47
-rw-r--r--gnu/packages/shells.scm4
-rw-r--r--gnu/packages/ssh.scm59
-rw-r--r--gnu/packages/syncthing.scm316
-rw-r--r--gnu/packages/tcl.scm5
-rw-r--r--gnu/packages/upnp.scm4
-rw-r--r--gnu/packages/version-control.scm6
-rw-r--r--gnu/packages/video.scm5
-rw-r--r--gnu/packages/web.scm16
-rw-r--r--gnu/packages/xorg.scm4
-rw-r--r--guix/build-system/emacs.scm3
-rw-r--r--guix/build/emacs-build-system.scm92
-rw-r--r--guix/build/emacs-utils.scm11
59 files changed, 2237 insertions, 261 deletions
diff --git a/Makefile.am b/Makefile.am
index 9c29e01452..e2c940ca8d 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -446,6 +446,9 @@ dist_zshcompletion_DATA = etc/completion/zsh/_guix
 # Fish completion file.
 dist_fishcompletion_DATA = etc/completion/fish/guix.fish
 
+# SELinux policy
+dist_selinux_policy_DATA = etc/guix-daemon.cil
+
 EXTRA_DIST =						\
   HACKING						\
   ROADMAP						\
diff --git a/configure.ac b/configure.ac
index f69f796484..398846f64b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -54,6 +54,13 @@ AC_ARG_WITH([fish-completion-dir],
   [fishcompletiondir='${datadir}/fish/vendor_completions.d'])
 AC_SUBST([fishcompletiondir])
 
+AC_ARG_WITH([selinux-policy-dir],
+  AC_HELP_STRING([--with-selinux-policy-dir=DIR],
+    [name of the SELinux policy directory]),
+  [selinux_policydir="$withval"],
+  [selinux_policydir='${datadir}/selinux/'])
+AC_SUBST([selinux_policydir])
+
 dnl Better be verbose.
 AC_MSG_CHECKING([for the store directory])
 AC_MSG_RESULT([$storedir])
@@ -272,7 +279,8 @@ esac
 AC_CONFIG_FILES([Makefile
                  po/guix/Makefile.in
                  po/packages/Makefile.in
-		 guix/config.scm])
+                 etc/guix-daemon.cil
+                 guix/config.scm])
 
 AC_CONFIG_FILES([test-env:build-aux/test-env.in], [chmod +x test-env])
 AC_CONFIG_FILES([pre-inst-env:build-aux/pre-inst-env.in],
diff --git a/doc/guix.texi b/doc/guix.texi
index 2b27a675cd..68f6c12294 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -21,7 +21,7 @@ Copyright @copyright{} 2015, 2016 Mathieu Lirzin@*
 Copyright @copyright{} 2014 Pierre-Antoine Rault@*
 Copyright @copyright{} 2015 Taylan Ulrich Bayırlı/Kammer@*
 Copyright @copyright{} 2015, 2016, 2017 Leo Famulari@*
-Copyright @copyright{} 2015, 2016, 2017 Ricardo Wurmus@*
+Copyright @copyright{} 2015, 2016, 2017, 2018 Ricardo Wurmus@*
 Copyright @copyright{} 2016 Ben Woodcroft@*
 Copyright @copyright{} 2016, 2017 Chris Marusich@*
 Copyright @copyright{} 2016, 2017 Efraim Flashner@*
@@ -123,6 +123,7 @@ Setting Up the Daemon
 
 * Build Environment Setup::     Preparing the isolated build environment.
 * Daemon Offload Setup::        Offloading builds to remote machines.
+* SELinux Support::             Using an SELinux policy for the daemon.
 
 Package Management
 
@@ -754,6 +755,7 @@ the daemon to download pre-built binaries.
 @menu
 * Build Environment Setup::     Preparing the isolated build environment.
 * Daemon Offload Setup::        Offloading builds to remote machines.
+* SELinux Support::             Using an SELinux policy for the daemon.
 @end menu
 
 @node Build Environment Setup
@@ -1081,6 +1083,92 @@ main node:
 @end example
 
 
+@node SELinux Support
+@subsection SELinux Support
+
+@cindex SELinux, daemon policy
+@cindex mandatory access control, SELinux
+@cindex security, guix-daemon
+Guix includes an SELinux policy file at @file{etc/guix-daemon.cil} that
+can be installed on a system where SELinux is enabled, in order to label
+Guix files and to specify the expected behavior of the daemon.  Since
+GuixSD does not provide an SELinux base policy, the daemon policy cannot
+be used on GuixSD.
+
+@subsubsection Installing the SELinux policy
+@cindex SELinux, policy installation
+To install the policy run this command as root:
+
+@example
+semodule -i etc/guix-daemon.cil
+@end example
+
+Then relabel the file system with @code{restorecon} or by a different
+mechanism provided by your system.
+
+Once the policy is installed, the file system has been relabeled, and
+the daemon has been restarted, it should be running in the
+@code{guix_daemon_t} context.  You can confirm this with the following
+command:
+
+@example
+ps -Zax | grep guix-daemon
+@end example
+
+Monitor the SELinux log files as you run a command like @code{guix build
+hello} to convince yourself that SELinux permits all necessary
+operations.
+
+@subsubsection Limitations
+@cindex SELinux, limitations
+
+This policy is not perfect.  Here is a list of limitations or quirks
+that should be considered when deploying the provided SELinux policy for
+the Guix daemon.
+
+@enumerate
+@item
+@code{guix_daemon_socket_t} isn’t actually used.  None of the socket
+operations involve contexts that have anything to do with
+@code{guix_daemon_socket_t}.  It doesn’t hurt to have this unused label,
+but it would be preferrable to define socket rules for only this label.
+
+@item
+@code{guix gc} cannot access arbitrary links to profiles.  By design,
+the file label of the destination of a symlink is independent of the
+file label of the link itself.  Although all profiles under
+$localstatedir are labelled, the links to these profiles inherit the
+label of the directory they are in.  For links in the user’s home
+directory this will be @code{user_home_t}.  But for links from the root
+user’s home directory, or @file{/tmp}, or the HTTP server’s working
+directory, etc, this won’t work.  @code{guix gc} would be prevented from
+reading and following these links.
+
+@item
+The daemon’s feature to listen for TCP connections might no longer work.
+This might require extra rules, because SELinux treats network sockets
+differently from files.
+
+@item
+Currently all files with a name matching the regular expression
+@code{/gnu/store/.+-(guix-.+|profile)/bin/guix-daemon} are assigned the
+label @code{guix_daemon_exec_t}; this means that @emph{any} file with
+that name in any profile would be permitted to run in the
+@code{guix_daemon_t} domain.  This is not ideal.  An attacker could
+build a package that provides this executable and convince a user to
+install and run it, which lifts it into the @code{guix_daemon_t} domain.
+At that point SELinux could not prevent it from accessing files that are
+allowed for processes in that domain.
+
+We could generate a much more restrictive policy at installation time,
+so that only the @emph{exact} file name of the currently installed
+@code{guix-daemon} executable would be labelled with
+@code{guix_daemon_exec_t}, instead of using a broad regular expression.
+The downside is that root would have to install or upgrade the policy at
+installation time whenever the Guix package that provides the
+effectively running @code{guix-daemon} executable is upgraded.
+@end enumerate
+
 @node Invoking guix-daemon
 @section Invoking @command{guix-daemon}
 
@@ -6358,6 +6446,19 @@ are many packages, though, for which it lacks a method to determine
 whether a new upstream release is available.  However, the mechanism is
 extensible, so feel free to get in touch with us to add a new method!
 
+Sometimes the upstream name differs from the package name used in Guix,
+and @command{guix refresh} needs a little help.  Most updaters honor the
+@code{upstream-name} property in package definitions, which can be used
+to that effect:
+
+@example
+(define-public network-manager
+  (package
+    (name "network-manager")
+    ;; @dots{}
+    (properties '((upstream-name . "NetworkManager")))))
+@end example
+
 When passed @code{--update}, it modifies distribution source files to
 update the version numbers and source tarball hashes of those package
 recipes (@pxref{Defining Packages}).  This is achieved by downloading
@@ -10188,9 +10289,9 @@ caching; when @code{#f}, the number of processors is used.
 @xref{Invoking guix publish, @option{--workers}}, for more information.
 
 @item @code{ttl} (default: @code{#f})
-When it is an integer, this denotes the @dfn{time-to-live} of the
-published archives.  @xref{Invoking guix publish, @option{--ttl}}, for
-more information.
+When it is an integer, this denotes the @dfn{time-to-live} in seconds
+of the published archives.  @xref{Invoking guix publish, @option{--ttl}},
+for more information.
 @end table
 @end deftp
 
diff --git a/etc/guix-daemon.cil.in b/etc/guix-daemon.cil.in
new file mode 100644
index 0000000000..c0c82d8fbb
--- /dev/null
+++ b/etc/guix-daemon.cil.in
@@ -0,0 +1,285 @@
+; -*- lisp -*-
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+;; This is a specification for SELinux 2.7 written in the SELinux Common
+;; Intermediate Language (CIL).  It refers to types that must be defined in
+;; the system's base policy.
+
+(block guix_daemon
+  ;; Require existing types
+  (typeattributeset cil_gen_require init_t)
+  (typeattributeset cil_gen_require tmp_t)
+  (typeattributeset cil_gen_require nscd_var_run_t)
+  (typeattributeset cil_gen_require var_log_t)
+  (typeattributeset cil_gen_require domain)
+
+  ;; Declare own types
+  (type guix_daemon_t)
+  (roletype object_r guix_daemon_t)
+  (type guix_daemon_conf_t)
+  (roletype object_r guix_daemon_conf_t)
+  (type guix_daemon_exec_t)
+  (roletype object_r guix_daemon_exec_t)
+  (type guix_daemon_socket_t)
+  (roletype object_r guix_daemon_socket_t)
+  (type guix_store_content_t)
+  (roletype object_r guix_store_content_t)
+  (type guix_profiles_t)
+  (roletype object_r guix_profiles_t)
+
+  ;; These types are domains, thereby allowing process rules
+  (typeattributeset domain (guix_daemon_t guix_daemon_exec_t))
+
+  (level low (s0))
+
+  ;; When a process in init_t or guix_store_content_t spawns a
+  ;; guix_daemon_exec_t process, let it run in the guix_daemon_t context
+  (typetransition init_t guix_daemon_exec_t
+                  process guix_daemon_t)
+  (typetransition guix_store_content_t guix_daemon_exec_t
+                  process guix_daemon_t)
+
+  ;; Permit communication with NSCD
+  (allow guix_daemon_t
+         nscd_var_run_t
+         (file (map read)))
+  (allow guix_daemon_t
+         nscd_var_run_t
+         (dir (search)))
+  (allow guix_daemon_t
+         nscd_var_run_t
+         (sock_file (write)))
+  (allow guix_daemon_t
+         nscd_t
+         (fd (use)))
+  (allow guix_daemon_t
+         nscd_t
+         (unix_stream_socket (connectto)))
+
+  ;; Permit logging and temp file access
+  (allow guix_daemon_t
+         tmp_t
+         (lnk_file (setattr unlink)))
+  (allow guix_daemon_t
+         tmp_t
+         (dir (create
+               rmdir
+               add_name remove_name
+               open read write
+               getattr setattr
+               search)))
+  (allow guix_daemon_t
+         var_log_t
+         (file (create getattr open write)))
+  (allow guix_daemon_t
+         var_log_t
+         (dir (getattr write add_name)))
+  (allow guix_daemon_t
+         var_run_t
+         (lnk_file (read)))
+  (allow guix_daemon_t
+         var_run_t
+         (dir (search)))
+
+  ;; Spawning processes, execute helpers
+  (allow guix_daemon_t
+         self
+         (process (fork)))
+  (allow guix_daemon_t
+         guix_daemon_exec_t
+         (file (execute execute_no_trans read open)))
+
+  ;; TODO: unknown
+  (allow guix_daemon_t
+         root_t
+         (dir (mounton)))
+  (allow guix_daemon_t
+         fs_t
+         (filesystem (getattr)))
+  (allow guix_daemon_conf_t
+         fs_t
+         (filesystem (associate)))
+
+  ;; Build isolation
+  (allow guix_daemon_t
+         guix_store_content_t
+         (file (mounton)))
+  (allow guix_store_content_t
+         fs_t
+         (filesystem (associate)))
+  (allow guix_daemon_t
+         guix_store_content_t
+         (dir (mounton)))
+  (allow guix_daemon_t
+         guix_daemon_t
+         (capability (net_admin
+                      fsetid fowner
+                      chown setuid setgid
+                      dac_override dac_read_search
+                      sys_chroot)))
+  (allow guix_daemon_t
+         fs_t
+         (filesystem (unmount)))
+  (allow guix_daemon_t
+         devpts_t
+         (filesystem (mount)))
+  (allow guix_daemon_t
+         devpts_t
+         (chr_file (setattr getattr)))
+  (allow guix_daemon_t
+         tmpfs_t
+         (filesystem (mount)))
+  (allow guix_daemon_t
+         tmpfs_t
+         (dir (getattr)))
+  (allow guix_daemon_t
+         proc_t
+         (filesystem (mount)))
+  (allow guix_daemon_t
+         null_device_t
+         (chr_file (getattr open read write)))
+  (allow guix_daemon_t
+         kvm_device_t
+         (chr_file (getattr)))
+  (allow guix_daemon_t
+         zero_device_t
+         (chr_file (getattr)))
+  (allow guix_daemon_t
+         urandom_device_t
+         (chr_file (getattr)))
+  (allow guix_daemon_t
+         random_device_t
+         (chr_file (getattr)))
+  (allow guix_daemon_t
+         devtty_t
+         (chr_file (getattr)))
+
+  ;; Access to store items
+  (allow guix_daemon_t
+         guix_store_content_t
+         (dir (reparent
+               create
+               getattr setattr
+               search rename
+               add_name remove_name
+               open write
+               rmdir)))
+  (allow guix_daemon_t
+         guix_store_content_t
+         (file (create
+                lock
+                setattr getattr
+                execute execute_no_trans
+                link unlink
+                map
+                rename
+                open read write)))
+  (allow guix_daemon_t
+         guix_store_content_t
+         (lnk_file (create
+                    getattr setattr
+                    link unlink
+                    read
+                    rename)))
+
+  ;; Access to configuration files and directories
+  (allow guix_daemon_t
+         guix_daemon_conf_t
+         (dir (search
+               setattr getattr
+               add_name remove_name
+               open read write)))
+  (allow guix_daemon_t
+         guix_daemon_conf_t
+         (file (create
+                lock
+                map
+                getattr setattr
+                unlink
+                open read write)))
+  (allow guix_daemon_t
+         guix_daemon_conf_t
+         (lnk_file (create getattr rename unlink)))
+
+  ;; Access to profiles
+  (allow guix_daemon_t
+         guix_profiles_t
+         (dir (getattr setattr read open)))
+  (allow guix_daemon_t
+         guix_profiles_t
+         (lnk_file (read getattr)))
+
+  ;; Access to profile links in the home directory
+  ;; TODO: allow access to profile links *anywhere* on the filesystem
+  (allow guix_daemon_t
+         user_home_t
+         (lnk_file (read getattr)))
+  (allow guix_daemon_t
+         user_home_t
+         (dir (search)))
+
+  ;; Socket operations
+  (allow guix_daemon_t
+         init_t
+         (fd (use)))
+  (allow guix_daemon_t
+         init_t
+         (unix_stream_socket (write)))
+  (allow guix_daemon_t
+         guix_daemon_conf_t
+         (unix_stream_socket (listen)))
+  (allow guix_daemon_t
+         guix_daemon_conf_t
+         (sock_file (create unlink)))
+  (allow guix_daemon_t
+         self
+         (unix_stream_socket (create
+                              read write
+                              connect bind accept
+                              getopt setopt)))
+  (allow guix_daemon_t
+         self
+         (fifo_file (write read)))
+  (allow guix_daemon_t
+         self
+         (udp_socket (ioctl create)))
+
+  ;; Label file system
+  (filecon "@guix_sysconfdir@/guix(/.*)?"
+           any (system_u object_r guix_daemon_conf_t (low low)))
+  (filecon "@guix_localstatedir@/guix(/.*)?"
+           any (system_u object_r guix_daemon_conf_t (low low)))
+  (filecon "@guix_localstatedir@/guix/profiles(/.*)?"
+           any (system_u object_r guix_profiles_t (low low)))
+  (filecon "/gnu"
+           dir (unconfined_u object_r guix_store_content_t (low low)))
+  (filecon "@storedir@(/.+)?"
+           any (unconfined_u object_r guix_store_content_t (low low)))
+  (filecon "@storedir@/[^/]+/.+"
+           any (unconfined_u object_r guix_store_content_t (low low)))
+  (filecon "@prefix@/bin/guix-daemon"
+           file (system_u object_r guix_daemon_exec_t (low low)))
+  (filecon "@storedir@/.+-(guix-.+|profile)/bin/guix-daemon"
+           file (system_u object_r guix_daemon_exec_t (low low)))
+  (filecon "@storedir@/.+-(guix-.+|profile)/libexec/guix-authenticate"
+           file (system_u object_r guix_daemon_exec_t (low low)))
+  (filecon "@storedir@/.+-(guix-.+|profile)/libexec/guix/(.*)?"
+           any (system_u object_r guix_daemon_exec_t (low low)))
+  (filecon "@guix_localstatedir@/guix/daemon-socket/socket"
+           any (system_u object_r guix_daemon_socket_t (low low))))
diff --git a/gnu/build/linux-boot.scm b/gnu/build/linux-boot.scm
index c9de4f4b90..18d87260a9 100644
--- a/gnu/build/linux-boot.scm
+++ b/gnu/build/linux-boot.scm
@@ -42,7 +42,6 @@
             make-static-device-nodes
             configure-qemu-networking
 
-            bind-mount
             device-number
             boot-system))
 
diff --git a/gnu/local.mk b/gnu/local.mk
index 3da59ec819..f20d1044da 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -9,7 +9,7 @@
 # Copyright © 2016 Adonay "adfeno" Felipe Nogueira <https://libreplanet.org/wiki/User:Adfeno> <adfeno@openmailbox.org>
 # Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 # Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
-# Copyright © 2016, 2017 Alex Vong <alexvong1995@gmail.com>
+# Copyright © 2016, 2017, 2018 Alex Vong <alexvong1995@gmail.com>
 # Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 # Copyright © 2016, 2017 Jan Nieuwenhuizen <janneke@gnu.org>
 # Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
@@ -720,6 +720,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/gobject-introspection-cc.patch		\
   %D%/packages/patches/gobject-introspection-girepository.patch	\
   %D%/packages/patches/gpm-glibc-2.26.patch			\
+  %D%/packages/patches/gpsbabel-minizip.patch     		\
+  %D%/packages/patches/gpsbabel-qstring.patch     		\
   %D%/packages/patches/graphite2-ffloat-store.patch		\
   %D%/packages/patches/grep-timing-sensitive-test.patch		\
   %D%/packages/patches/groff-source-date-epoch.patch		\
@@ -758,6 +760,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/higan-remove-march-native-flag.patch	\
   %D%/packages/patches/hubbub-sort-entities.patch		\
   %D%/packages/patches/hurd-fix-eth-multiplexer-dependency.patch        \
+  %D%/packages/patches/hwloc-tests-without-sysfs.patch		\
   %D%/packages/patches/hydra-disable-darcs-test.patch		\
   %D%/packages/patches/icecat-avoid-bundled-libraries.patch	\
   %D%/packages/patches/icecat-bug-1348660-pt5.patch		\
@@ -870,7 +873,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/lua51-pkgconfig.patch                    \
   %D%/packages/patches/lua-liblua-so.patch                      \
   %D%/packages/patches/luajit-no_ldconfig.patch			\
-  %D%/packages/patches/luajit-symlinks.patch			\
   %D%/packages/patches/luit-posix.patch				\
   %D%/packages/patches/luminance-hdr-qt-printer.patch		\
   %D%/packages/patches/lvm2-static-link.patch			\
@@ -890,6 +892,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/mhash-keygen-test-segfault.patch		\
   %D%/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch		\
   %D%/packages/patches/mpc123-initialize-ao.patch		\
+  %D%/packages/patches/mpv-CVE-2018-6360-1.patch		\
+  %D%/packages/patches/mpv-CVE-2018-6360-2.patch		\
+  %D%/packages/patches/mpv-CVE-2018-6360-3.patch		\
   %D%/packages/patches/module-init-tools-moduledir.patch	\
   %D%/packages/patches/mongodb-support-unknown-linux-distributions.patch	\
   %D%/packages/patches/mozjs17-aarch64-support.patch		\
@@ -900,6 +905,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/mozjs38-version-detection.patch		\
   %D%/packages/patches/mumps-build-parallelism.patch		\
   %D%/packages/patches/mupdf-build-with-latest-openjpeg.patch	\
+  %D%/packages/patches/mupdf-CVE-2017-17858.patch		\
   %D%/packages/patches/mupen64plus-ui-console-notice.patch	\
   %D%/packages/patches/mutt-store-references.patch		\
   %D%/packages/patches/net-tools-bitrot.patch			\
@@ -937,7 +943,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/osip-CVE-2017-7853.patch			\
   %D%/packages/patches/ots-no-include-missing-file.patch	\
   %D%/packages/patches/owncloud-disable-updatecheck.patch	\
-  %D%/packages/patches/p7zip-CVE-2016-9296.patch			\
+  %D%/packages/patches/p7zip-CVE-2016-9296.patch		\
+  %D%/packages/patches/p7zip-CVE-2017-17969.patch		\
   %D%/packages/patches/p7zip-remove-unused-code.patch		\
   %D%/packages/patches/patchelf-page-size.patch			\
   %D%/packages/patches/patchelf-rework-for-arm.patch		\
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 7c7c457f50..35e6b202b0 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -19,6 +19,7 @@
 ;;; Copyright © 2017 Ethan R. Jones <doubleplusgood23@gmail.com>
 ;;; Copyright © 2017 Christopher Allan Webber <cwebber@dustycloud.org>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -256,18 +257,20 @@ graphs and can export its output to different formats.")
 (define-public htop
   (package
    (name "htop")
-   (version "2.0.2")
+   (version "2.1.0")
    (source (origin
             (method url-fetch)
             (uri (string-append "http://hisham.hm/htop/releases/"
                   version "/htop-" version ".tar.gz"))
             (sha256
              (base32
-              "11zlwadm6dpkrlfvf3z3xll26yyffa7qrxd1w72y1kl0rgffk6qp"))))
+              "0j07z0xm2gj1vzvbgh4323k4db9mr7drd7gw95mmpqi61ncvwq1j"))))
    (build-system gnu-build-system)
    (inputs
     `(("ncurses" ,ncurses)))
-   (home-page "http://htop.sourceforge.net/")
+   (native-inputs
+    `(("python" ,python-minimal-wrapper))) ; for scripts/MakeHeader.py
+   (home-page "https://hisham.hm/htop/")
    (synopsis "Interactive process viewer")
    (description
     "This is htop, an interactive process viewer.  It is a text-mode
@@ -520,6 +523,50 @@ and exploration tool, since it can create almost any kind of connection you
 would need and has several interesting built-in capabilities.")
     (license license:gpl2+)))
 
+(define-public sipcalc
+  (package
+    (name "sipcalc")
+    (version "1.1.6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://www.routemeister.net/projects"
+                           "/sipcalc/files/sipcalc" "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0mv3wndj4z2bsshh2k8d5sy3j8wxzgf8mzmmkvj1k8gpcz37dm6g"))))
+    (build-system gnu-build-system)
+    (home-page "http://www.routemeister.net/projects/sipcalc/")
+    (synopsis "Command-line IP subnet calculator")
+    (description
+     "Sipcalc is an advanced command-line IP subnet calculator.  It can take
+multiple forms of input (IPv4/IPv6/interface/hostname) and output a multitude
+of information about a given subnet.
+
+Features include:
+
+@itemize @bullet
+@item IPv4
+@itemize
+@item Retrieving of address information from interfaces.
+@item Classfull and CIDR output.
+@item Multiple address and netmask input and output formats (dotted quad, hex,
+number of bits).
+@item Output of broadcast address, network class, Cisco wildcard,
+hosts/range, network range.
+@item The ability to split a network based on a smaller netmask, now also with
+recursive runs on the generated subnets.  (also IPv6)
+@end itemize
+@item IPv6
+@itemize
+@item Compressed and expanded input and output addresses.
+@item Standard IPv6 network output.
+@item v4 in v6 output.
+@item Reverse DNS address generation.
+@end itemize
+@end itemize\n")
+    (license license:bsd-3)))
+
 (define-public alive
   (package
     (name "alive")
@@ -1340,7 +1387,7 @@ track changes in important system configuration files.")
 (define-public libcap-ng
   (package
     (name "libcap-ng")
-    (version "0.7.4")
+    (version "0.7.9")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1348,9 +1395,11 @@ track changes in important system configuration files.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "0ssvnh4cvhya0c1j6k6192zvqcq7nc0x01fb5nwhr0prfqr0i8j8"))))
+                "0a0k484kwv0zilry2mbl9k56cnpdhsjxdxin17jas6kkyfy345aa"))))
     (build-system gnu-build-system)
-    (inputs `(("python" ,python)))
+    (arguments
+     `(#:configure-flags
+       (list "--without-python")))
     (home-page "https://people.redhat.com/sgrubb/libcap-ng/")
     (synopsis "Library for more easily working with POSIX capabilities")
     (description
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index bd3d139efe..eb11d6cc4e 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -280,14 +280,14 @@ engineers, musicians, soundtrack editors and composers.")
 (define-public audacity
   (package
     (name "audacity")
-    (version "2.2.0")
+    (version "2.2.1")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://github.com/audacity/audacity/archive"
                            "/Audacity-" version ".tar.gz"))
        (sha256
-        (base32 "09xpr4bjnainz1xmc35v3qg3dadjr9wv8bmn1p4y91aqyihnhjry"))
+        (base32 "1n05r8b4rnf9fas0py0is8cm97s3h65dgvqkk040aym5d1x6wd7z"))
        (patches (search-patches "audacity-build-with-system-portaudio.patch"))
        (modules '((guix build utils)))
        (snippet
@@ -1646,6 +1646,33 @@ essential distortions.")
 implementation of the Open Sound Control (OSC) protocol.")
     (license license:lgpl2.1+)))
 
+(define-public python-pyaudio
+  (package
+    (name "python-pyaudio")
+    (version "0.2.11")
+    (source
+     (origin
+       (method url-fetch)
+       (uri
+        (string-append
+         "https://pypi.python.org/packages/ab/42/"
+         "b4f04721c5c5bfc196ce156b3c768998ef8c0ae3654ed29ea5020c749a6b"
+         "/PyAudio-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0x7vdsigm7xgvyg3shd3lj113m8zqj2pxmrgdyj66kmnw0qdxgwk"))))
+    (build-system python-build-system)
+    (inputs
+     `(("portaudio" ,portaudio)))
+    (home-page "https://people.csail.mit.edu/hubert/pyaudio/")
+    (synopsis "Bindings for PortAudio v19")
+    (description "This package provides bindings for PortAudio v19, the
+cross-platform audio input/output stream library.")
+    (license license:expat)))
+
+(define-public python2-pyaudio
+  (package-with-python2 python-pyaudio))
+
 (define-public python-pyliblo
   (package
     (name "python-pyliblo")
diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index a2d26c978d..93723d1a01 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -393,7 +393,7 @@ functionality such as HTML output.")
 (define-public rtags
   (package
     (name "rtags")
-    (version "2.16")
+    (version "2.18")
     (home-page "https://github.com/Andersbakken/rtags")
     (source
      (origin
@@ -414,7 +414,7 @@ functionality such as HTML output.")
                 (string-append "#include <rct/" header ">"))))))
        (sha256
         (base32
-         "17rkci3mmiw93qc32b9x76pg57b0lx80avr6wnmh190jx8n3v3wy"))))
+         "0scjbp1z201q8njvrxqz7lk2m9b6k2rxd5q1shrng6532r7ndif2"))))
     (build-system cmake-build-system)
     (arguments
      '(#:configure-flags
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index f9f6968b73..cd98d525e5 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1386,6 +1386,7 @@ It can be used as a replacement for the Apache @code{CBZip2InputStream} /
                   (delete-file-recursively "CPP/7zip/Compress/Rar")
                   #t))
               (patches (search-patches "p7zip-CVE-2016-9296.patch"
+                                       "p7zip-CVE-2017-17969.patch"
                                        "p7zip-remove-unused-code.patch"))))
     (build-system gnu-build-system)
     (arguments
@@ -1632,7 +1633,7 @@ trade-off between compression ratio and speed, without affecting decompression
 speed.")
     (license (list license:bsd-3         ; the main top-level LICENSE file
                    license:bsd-2         ; many files explicitly state 2-Clause
-                   license:gpl2          ; the mail top-level COPYING file
+                   license:gpl2          ; the main top-level COPYING file
                    license:gpl3+         ; tests/gzip/*.sh
                    license:expat         ; lib/dictBuilder/divsufsort.[ch]
                    license:public-domain ; zlibWrapper/examples/fitblk*
@@ -1955,14 +1956,14 @@ algorithms in Java.")
 (define-public lunzip
   (package
     (name "lunzip")
-    (version "1.9")
+    (version "1.10")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "mirror://savannah/lzip/"
                            name "/" name "-" version ".tar.gz"))
        (sha256
-        (base32 "1ax3d9cp66z1qb9q7lfzg5bpx9630xrxgq9a5sw569wm0qqgpg2q"))))
+        (base32 "1iw59br6nsxs7l1p875h8w3vxwr04xfhg5zyal64crvamhxkj5kl"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
diff --git a/gnu/packages/conky.scm b/gnu/packages/conky.scm
index 2301bfbdf1..22a0427b9a 100644
--- a/gnu/packages/conky.scm
+++ b/gnu/packages/conky.scm
@@ -34,7 +34,7 @@
 (define-public conky
   (package
     (name "conky")
-    (version "1.10.7")
+    (version "1.10.8")
     (source
      (origin
        (method url-fetch)
@@ -42,7 +42,7 @@
                            version ".tar.gz"))
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
-        (base32 "1b06rigfjxnaidkabkyf8mdh9k3jm11nj547lb5liwi2ql4rdfr3"))))
+        (base32 "0mw8xbnxr0a7yq2smzi2nln2b5n0q571vdrq6mhvs5n84xd6bg9f"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f ; there are no tests
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
index cb39772ae5..95e0faf2a0 100644
--- a/gnu/packages/cran.scm
+++ b/gnu/packages/cran.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2016, 2017, 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Roel Janssen <roel@gnu.org>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
@@ -1861,3 +1861,214 @@ written purely in R with no external dependencies.  It is useful with the
 Rscript front-end and facilitates turning an R script into an executable
 script.")
     (license license:gpl3+)))
+
+(define-public r-debugme
+  (package
+    (name "r-debugme")
+    (version "1.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "debugme" version))
+       (sha256
+        (base32
+         "1c9sg55zvf10h8198jdnpamm6f66lzw3c3jnmdp9ls6na0j0xbjd"))))
+    (build-system r-build-system)
+    (propagated-inputs `(("r-crayon" ,r-crayon)))
+    (home-page "https://github.com/r-lib/debugme#readme")
+    (synopsis "Debug R packages")
+    (description
+     "This package allows the user to specify debug messages as special string
+constants, and control debugging of packages via environment variables.")
+    (license license:expat)))
+
+(define-public r-processx
+  (package
+    (name "r-processx")
+    (version "2.0.0.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "processx" version))
+       (sha256
+        (base32
+         "0yw23lp9xjvbpswzghkmjiayw7p19hbvmgv58k3i6b8g5nav4qcg"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-assertthat" ,r-assertthat)
+       ("r-crayon" ,r-crayon)
+       ("r-debugme" ,r-debugme)
+       ("r-r6" ,r-r6)))
+    (home-page "https://github.com/r-lib/processx3")
+    (synopsis "Execute and control system processes")
+    (description
+     "This package provides portable tools to run system processes in the
+background.  It can check if a background process is running; wait on a
+background process to finish; get the exit status of finished processes; kill
+background processes and their children; restart processes.  It can read the
+standard output and error of the processes, using non-blocking connections.
+@code{processx} can poll a process for standard output or error, with a
+timeout.  It can also poll several processes at once.")
+    (license license:expat)))
+
+(define-public r-tsp
+  (package
+    (name "r-tsp")
+    (version "1.1-5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "TSP" version))
+       (sha256
+        (base32
+         "03xxfr5kk4zhzpb1q1pwncdp0dhchm9b48wzhvvxn2dxf3mnby2w"))))
+    (properties `((upstream-name . "TSP")))
+    (build-system r-build-system)
+    (propagated-inputs `(("r-foreach" ,r-foreach)))
+    (home-page "https://cran.r-project.org/web/packages/TSP/")
+    (synopsis "Traveling salesperson problem (TSP)")
+    (description "This package provides basic infrastructure and some
+algorithms for the @dfn{traveling salesperson problem}(TSP) (also known as the
+traveling salesman problem).")
+    (license license:gpl3)))
+
+(define-public r-qap
+  (package
+    (name "r-qap")
+    (version "0.1-1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "qap" version))
+       (sha256
+        (base32
+         "0d2d1ni1camixyi45lfy00f4pn3p063k7bsi8gj5scp6n15mdgb0"))))
+    (build-system r-build-system)
+    (native-inputs `(("gfortran" ,gfortran)))
+    (home-page "http://cran.r-project.org/web/packages/qap/")
+    (synopsis "Heuristics for the quadratic assignment problem (QAP)")
+    (description "This package implements heuristics for the @dfn{quadratic
+assignment problem} (QAP).  Currently only a simulated annealing heuristic is
+available.")
+    (license license:gpl3)))
+
+(define-public r-gclus
+  (package
+    (name "r-gclus")
+    (version "1.3.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "gclus" version))
+       (sha256
+        (base32
+         "02ba6zj9bjwrzykamjp40ajynx9xjx9h2i85n0ym0r5lcki4x6fn"))))
+    (build-system r-build-system)
+    (propagated-inputs `(("r-cluster" ,r-cluster)))
+    (home-page "http://cran.r-project.org/web/packages/gclus/")
+    (synopsis "Clustering graphics")
+    (description "This package orders panels in scatterplot matrices and
+parallel coordinate displays by some merit index.  It contains various indices
+of merit, ordering functions, and enhanced versions of @code{pairs} and
+@code{parcoord} which color panels according to their merit level.")
+    (license license:gpl2+)))
+
+(define-public r-webshot
+  (package
+    (name "r-webshot")
+    (version "0.5.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "webshot" version))
+       (sha256
+        (base32
+         "07r71zzmggp4jf92x4ws4wg6v1x98vaj01lsar85bnb30n5vx8gh"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-jsonlite" ,r-jsonlite)
+       ("r-magrittr" ,r-magrittr)
+       ("r-processx" ,r-processx)
+       ("r-withr" ,r-withr)))
+    (home-page "https://github.com/wch/webshot/")
+    (synopsis "Take screenshots of web pages")
+    (description
+     "Webshot makes it easy to take screenshots of web pages from within R.
+It can also run Shiny applications locally and take screenshots of the
+application; and it can render and screenshot static as well as interactive R
+Markdown documents.")
+    (license license:gpl2)))
+
+(define-public r-seriation
+  (package
+    (name "r-seriation")
+    (version "1.2-3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "seriation" version))
+       (sha256
+        (base32
+         "1q6hw4hjw224b4y0dc0j630v2pgj6sn455nwkilb70w8k31hpk92"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-cluster" ,r-cluster)
+       ("r-colorspace" ,r-colorspace)
+       ("r-dendextend" ,r-dendextend)
+       ("r-gclus" ,r-gclus)
+       ("r-gplots" ,r-gplots)
+       ("r-mass" ,r-mass)
+       ("r-qap" ,r-qap)
+       ("r-registry" ,r-registry)
+       ("r-tsp" ,r-tsp)))
+    (native-inputs `(("gfortran" ,gfortran)))
+    (home-page "http://s2.smu.edu/IDA/seriation/")
+    (synopsis "Infrastructure for ordering objects using seriation")
+    (description
+     "This package provides infrastructure for seriation with an
+implementation of several seriation/sequencing techniques to reorder matrices,
+dissimilarity matrices, and dendrograms.  It also provides (optimally)
+reordered heatmaps, color images and clustering visualizations like
+dissimilarity plots, and visual assessment of cluster tendency plots (VAT and
+iVAT).")
+    (license license:gpl3)))
+
+(define-public r-heatmaply
+  (package
+    (name "r-heatmaply")
+    (version "0.14.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "heatmaply" version))
+       (sha256
+        (base32
+         "03p2caclhfgqgpx3wwck5h06jy3mxgs05gjmwkb7hmwghkjh41jc"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-assertthat" ,r-assertthat)
+       ("r-colorspace" ,r-colorspace)
+       ("r-dendextend" ,r-dendextend)
+       ("r-ggplot2" ,r-ggplot2)
+       ("r-gplots" ,r-gplots)
+       ("r-htmlwidgets" ,r-htmlwidgets)
+       ("r-magrittr" ,r-magrittr)
+       ("r-plotly" ,r-plotly)
+       ("r-rcolorbrewer" ,r-rcolorbrewer)
+       ("r-reshape2" ,r-reshape2)
+       ("r-scales" ,r-scales)
+       ("r-seriation" ,r-seriation)
+       ("r-viridis" ,r-viridis)
+       ("r-webshot" ,r-webshot)))
+    (home-page "https://cran.r-project.org/package=heatmaply")
+    (synopsis "Interactive cluster heat maps using plotly")
+    (description "Heatmaps are used in many fields for visualizing
+observations, correlations, missing values patterns, and more.  Interactive
+heatmaps allow the inspection of specific value by hovering the mouse over a
+cell, as well as zooming into a region of the heatmap by dragging a rectangle
+around the relevant area.  This work is based on the @code{ggplot2} and
+@code{plotly.js} engine.  It produces similar heatmaps as @code{heatmap.2} or
+@code{d3heatmap}, with the advantage of speed, the ability to zoom from the
+dendrogram panes, and the placing of factor variables in the sides of the
+heatmap.")
+    (license (list license:gpl2 license:gpl3))))
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 8dbca2b8d1..634b3c65ad 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -699,14 +699,14 @@ as a drop-in replacement of MySQL.")
 (define-public postgresql
   (package
     (name "postgresql")
-    (version "10.1")
+    (version "10.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://ftp.postgresql.org/pub/source/v"
                                   version "/postgresql-" version ".tar.bz2"))
               (sha256
                (base32
-                "04z7lm4h94625vbncwv98svycqr942n3q47ailqaczkszqjlxjrw"))))
+                "1bav2iyi93h866skrrlqlvsp4sfv1sfww1s305zpzffxcadh0cpy"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags '("--with-uuid=e2fs")
diff --git a/gnu/packages/dav.scm b/gnu/packages/dav.scm
index 3513116f24..0c6c62d5a3 100644
--- a/gnu/packages/dav.scm
+++ b/gnu/packages/dav.scm
@@ -57,13 +57,13 @@ clients.")
 (define-public vdirsyncer
   (package
     (name "vdirsyncer")
-    (version "0.16.3")
+    (version "0.16.4")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri name version))
              (sha256
               (base32
-               "0dpwbfi97ksijqng191659m8k0v215y8ld95w8gb126m4m96qpzw"))))
+               "03wva48bgv1ad3df6plc9b8xxh6k8bcaxrhlzwh81c9mzn5bspzv"))))
     (build-system python-build-system)
     (arguments
       `(#:phases (modify-phases %standard-phases
diff --git a/gnu/packages/documentation.scm b/gnu/packages/documentation.scm
index c870084746..eebd38243b 100644
--- a/gnu/packages/documentation.scm
+++ b/gnu/packages/documentation.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -29,6 +30,7 @@
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system cmake)
   #:use-module (gnu packages)
+  #:use-module (gnu packages autotools)
   #:use-module (gnu packages bash)
   #:use-module (gnu packages python)
   #:use-module (gnu packages bison)
@@ -43,19 +45,23 @@
 (define-public asciidoc
   (package
     (name "asciidoc")
-    (version "8.6.9")
+    (version "8.6.10")
     (source (origin
               (method url-fetch)
-              (uri (string-append "mirror://sourceforge/asciidoc/asciidoc/"
-                                  version "/asciidoc-" version ".tar.gz"))
+              (uri (string-append "https://github.com/asciidoc/asciidoc/"
+                                  "archive/" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1w71nk527lq504njmaf0vzr93pgahkgzzxzglrq6bay8cw2rvnvq"))))
+                "10xrl1iwyvs8aqm0vzkvs3dnsn93wyk942kk4ppyl6w9imbzhlly"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f                     ; no 'check' target
        #:phases
        (modify-phases %standard-phases
+         (add-after 'unpack 'bootstrap
+           (lambda _
+             (invoke "autoconf")))
          ;; Some XML-related binaries are required for asciidoc's proper usage.
          ;; Without these, asciidoc fails when parsing XML documents, either
          ;; reporting a missing "xmllint" binary or, when passed the
@@ -94,12 +100,14 @@ release/xsl/current")
                           (string-append (assoc-ref inputs "docbook-xml")
                                          "/xml/dtd/docbook/docbookx.dtd")))
                        #t)))))
+    (native-inputs
+     `(("autoconf" ,autoconf)))
     (inputs `(("python" ,python-2)
               ("docbook-xml" ,docbook-xml)
               ("docbook-xsl" ,docbook-xsl)
               ("libxml2" ,libxml2)
               ("libxslt" ,libxslt)))
-    (home-page "http://www.methods.co.nz/asciidoc/")
+    (home-page "http://asciidoc.org/")
     (synopsis "Text-based document generation system")
     (description
      "AsciiDoc is a text document format for writing notes, documentation,
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index 62cc916773..5478376bf0 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -3166,6 +3166,128 @@ perspective only its buffers are available by default.")
     ;; the Expat license.
     (license license:gpl3+)))
 
+(define-public emacs-test-simple
+  (package
+    (name "emacs-test-simple")
+    (version "1.3.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://elpa.gnu.org/packages/test-simple-"
+                           version ".el"))
+       (sha256
+        (base32
+         "1yd61jc9ds95a5n09052kwc5gasy57g4lxr0jsff040brlyi9czz"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/rocky/emacs-test-simple")
+    (synopsis "Simple unit test framework for Emacs Lisp")
+    (description
+     "Test Simple is a simple unit test framework for Emacs Lisp.  It
+alleviates the need for context macros, enclosing specifications or required
+test tags.  It supports both interactive and non-interactive use.")
+    (license license:gpl3+)))
+
+(define-public emacs-load-relative
+  (package
+    (name "emacs-load-relative")
+    (version "1.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://elpa.gnu.org/packages/load-relative-"
+                           version ".el"))
+       (sha256
+        (base32
+         "1hfxb2436jdsi9wfmsv47lkkpa5galjf5q81bqabbsv79rv59dps"))))
+    (build-system emacs-build-system)
+    (home-page "http://github.com/rocky/emacs-load-relative")
+    (synopsis "Emacs Lisp relative file loading related functions")
+    (description
+     "Provides functions which facilitate writing multi-file Emacs packages
+and running from the source tree without having to \"install\" code or fiddle
+with @{load-path}.
+
+The main function, @code{load-relative}, loads an Emacs Lisp file relative to
+another (presumably currently running) Emacs Lisp file.")
+    (license license:gpl3+)))
+
+(define-public emacs-loc-changes
+  (package
+    (name "emacs-loc-changes")
+    (version "1.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://elpa.gnu.org/packages/loc-changes-"
+                           version ".el"))
+       (sha256
+        (base32
+         "1x8fn8vqasayf1rb8a6nma9n6nbvkx60krmiahyb05vl5rrsw6r3"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/rocky/emacs-loc-changes")
+    (synopsis "Keeps track of positions even after buffer changes")
+    (description
+     "This Emacs package provides a mean to track important buffer positions
+after buffer changes.")
+    (license license:gpl3+)))
+
+(define-public emacs-realgud
+  (package
+    (name "emacs-realgud")
+    (version "1.4.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://elpa.gnu.org/packages/realgud-"
+                           version ".tar"))
+       (sha256
+        (base32
+         "1nc8km339ip90h1j55ahfga03v7x7rh4iycmw6yrxyzir68vwn7c"))))
+    (build-system emacs-build-system)
+    (arguments
+     `(#:tests? #t
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'fix-autogen-script
+           (lambda _
+             (substitute* "autogen.sh"
+               (("./configure") "sh configure"))))
+         (add-after 'fix-autogen-script 'autogen
+           (lambda _
+             (setenv "CONFIG_SHELL" "sh")
+             (invoke "sh" "autogen.sh")))
+         (add-after 'fix-autogen-script 'set-home
+           (lambda _
+             (setenv "HOME" (getenv "TMPDIR"))))
+         (add-before 'patch-el-files 'remove-realgud-pkg.el
+           (lambda _
+             ;; XXX: This file is auto-generated at some point and causes
+             ;; substitute* to crash during the `patch-el-files' phase with:
+             ;; ERROR: In procedure stat: No such file or directory:
+             ;; "./realgud-pkg.el"
+             (delete-file "./realgud-pkg.el")
+             ;; FIXME: `patch-el-files' crashes on this file with error:
+             ;; unable to locate "bashdb".
+             (delete-file "./test/test-regexp-bashdb.el"))))
+       #:include (cons* ".*\\.el$" %default-include)))
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("emacs-test-simple" ,emacs-test-simple)))
+    (propagated-inputs
+     `(("emacs-load-relative" ,emacs-load-relative)
+       ("emacs-loc-changes" ,emacs-loc-changes)))
+    (home-page "https://github.com/realgud/realgud/")
+    (synopsis
+     "Modular front-end for interacting with external debuggers")
+    (description
+     "RealGUD is a modular, extensible GNU Emacs front-end for interacting
+with external debuggers.  It integrates various debuggers such as gdb, pdb,
+ipdb, jdb, lldb, bashdb, zshdb, etc. and allows to visually step code in the
+sources.  Unlike GUD, it also supports running multiple debug sessions in
+parallel.")
+    (license license:gpl3+)))
+
 (define-public emacs-request
   (package
     (name "emacs-request")
@@ -4086,7 +4208,7 @@ for search-based navigation of buffers.")
     (license license:gpl3+)))
 
 (define-public emacs-helm-make
-  (let ((commit "21c1bfa01b16b0d656f2b8a0dbb5bc8d47a7641b")
+  (let ((commit "feae8df22bc4b20705ea08ac9adfc2b43bb348d0")
         (revision "1"))
     (package
       (name "emacs-helm-make")
@@ -4100,7 +4222,7 @@ for search-based navigation of buffers.")
          (file-name (string-append name "-" version "-checkout"))
          (sha256
           (base32
-           "11vzrp63zdc67fg4d0y1alk8z9019sqslh2bd7ispk37s86dlbfw"))))
+           "1y2v77mmd1bfkkz51cnk1l0dg3lvvxc39wlamnm7wjns66dbvlam"))))
       (build-system emacs-build-system)
       (propagated-inputs
        `(("emacs-helm" ,emacs-helm)
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 92a93d5a3d..bb8a2cb34d 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -21,7 +21,7 @@
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
-;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2017 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017, 2018 nee <nee-git@hidamari.blue>
@@ -4422,7 +4422,7 @@ metadata in photo and video files of various formats.")
 (define-public shotwell
   (package
     (name "shotwell")
-    (version "0.27.1")
+    (version "0.27.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4430,7 +4430,7 @@ metadata in photo and video files of various formats.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1jav7qv0s1v6wvd7x2ri85hjqnbswq883pnd228qhd6bhjbryp89"))))
+                "0g2vphhpxrljpy9sryfsgaayix807i1i9plj9bay72dk0zphqab2"))))
     (build-system glib-or-gtk-build-system)
     (propagated-inputs
      `(("dconf" ,dconf)))
diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 7aa429f63d..29bfc8199f 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016, 2017, 2018 ng0 <ng0@n0.is>
+;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -144,14 +145,14 @@ tool to extract metadata from a file and print the results.")
 (define-public libmicrohttpd
   (package
    (name "libmicrohttpd")
-   (version "0.9.58")
+   (version "0.9.59")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/libmicrohttpd/libmicrohttpd-"
                                 version ".tar.gz"))
             (sha256
              (base32
-              "1wq17qvizis7bsyvyw1gnfycvivssncngziddnyrbzv2dhvy24bs"))))
+              "0g4jgnv43yddr9yxrqg11632rip0lg5c53gmy5wy3c0i1dywv74v"))))
    (build-system gnu-build-system)
    (inputs
     `(("curl" ,curl)
diff --git a/gnu/packages/gps.scm b/gnu/packages/gps.scm
index 732c073b56..211a33ef89 100644
--- a/gnu/packages/gps.scm
+++ b/gnu/packages/gps.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2014, 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -24,6 +25,7 @@
   #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
   #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (gnu packages)
   #:use-module (gnu packages base)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages compression)
@@ -37,7 +39,7 @@
 (define-public gpsbabel
   (package
     (name "gpsbabel")
-    (version "1.5.2")
+    (version "1.5.4")
     (source (origin
               (method url-fetch)
               ;; XXX: Downloads from gpsbabel.org are hidden behind a POST, so
@@ -47,17 +49,21 @@
                     version ".orig.tar.gz"))
               (sha256
                (base32
-                "0xf7wmy2m29g2lm8lqc74yf8rf7sxfl3cfwbk7dpf0yf42pb0b6w"))
+                "19hykxhyl567gf8qcrl33qhv95w0g4vxw9r3h9b8d8plx9bnaf8l"))
+              (patches (search-patches
+                        "gpsbabel-minizip.patch"
+                        ;; XXX: Remove this patch on the next release.
+                        "gpsbabel-qstring.patch"))
               (modules '((guix build utils)))
               (snippet
                '(begin
                   ;; Delete files under GPL-compatible licences but never used
                   ;; on GNU systems, rather than bloating the LICENSE field.
-                  (with-directory-excursion "gpsbabel"
-                    (delete-file "gui/serial_mac.cc")           ; Apple MIT
-                    (delete-file "mingw/include/ddk/hidsdi.h")) ; public domain
+                  (delete-file "gui/serial_mac.cc")           ; Apple MIT
+                  (delete-file "mingw/include/ddk/hidsdi.h") ; public domain
                   #t))))
     (build-system gnu-build-system)
+    ;; TODO: "make doc" requires Docbook & co.
     (arguments
      `(#:configure-flags
        '("--with-zlib=system"
@@ -65,13 +71,6 @@
          ;; recent binutils:
          ;; https://codereview.qt-project.org/#/c/111787/
          "CXXFLAGS=-std=gnu++11 -fPIC")
-       #:phases
-       (modify-phases %standard-phases
-        (add-before 'configure 'pre-configure
-                    (lambda _
-                      (chdir "gpsbabel"))))
-                    ;; TODO: "make doc" requires Docbook & co.
-
        ;; On i686, 'raymarine.test' fails because of a rounding error:
        ;; <http://hydra.gnu.org/build/133040>.  As a workaround, disable tests
        ;; on these platforms.
@@ -171,3 +170,51 @@ useful in measurements where Global Positioning System (GPS) is not available,
 such as underground.  It features the ability to adjust in local Cartesian
 coordinates as well as partial support for adjustments in global coordinate systems.")
     (license license:gpl3+)))
+
+(define-public gpxsee
+  (package
+    (name "gpxsee")
+    (version "4.19")
+    (source (origin
+              (method url-fetch)
+              (uri
+               (string-append "https://github.com/tumic0/GPXSee/archive/"
+                              version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "00j0gjldw1kn3i45dppld1pz8r4s1g7lw89k7gfvvqbjjyjih1wg"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           ;; Use lrelease to convert TS translation files into QM files.
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (for-each (lambda (file)
+                         (system* "lrelease" file))
+                       (find-files "lang" "\\.ts"))
+             (substitute* "src/config.h"
+               (("/usr/share/gpxsee")
+                (string-append
+                 (assoc-ref outputs "out") "/share/gpxsee")))
+             (invoke "qmake"
+                     (string-append "PREFIX="
+                                    (assoc-ref outputs "out")))))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (share (string-append out "/share/gpxsee/")))
+               (install-file "GPXSee" (string-append out "/bin/GPXSee"))
+               (install-file "pkg/maps.txt" share))
+             #t)))))
+    (inputs
+     `(("qtbase" ,qtbase)))
+    (native-inputs
+     `(("qttools" ,qttools)))
+    (home-page "http://www.gpxsee.org")
+    (synopsis "GPX file viewer and analyzer")
+    (description
+     "GPXSee is a Qt-based GPS log file viewer and analyzer that supports GPX,
+TCX, KML, FIT, IGC and NMEA files.")
+    (license license:gpl3)))
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 9f1f633444..3283a675a0 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -1188,10 +1188,11 @@ Guile's foreign function interface.")
   (deprecated-package "guile2.2-gdbm-ffi" guile-gdbm-ffi))
 
 (define-public guile-sqlite3
-  (let ((commit "607721fe1174a299e45d457acacf94eefb964071"))
+  (let ((commit "21f35ca87517194d8fcc7ac166b5e77f5f5348b0")
+        (revision "2"))
     (package
       (name "guile-sqlite3")
-      (version (string-append "0.0-1." (string-take commit 7)))
+      (version (git-version "0.0" revision commit))
 
       ;; XXX: This used to be available read-only at
       ;; <https://www.gitorious.org/guile-sqlite3/guile-sqlite3.git/> but it
@@ -1204,7 +1205,7 @@ Guile's foreign function interface.")
                       (commit commit)))
                 (sha256
                  (base32
-                  "09gaffhh5rawz5kdmqx2ahvj1ngvxddp469r18bmjz3sz8p0slj2"))
+                  "0m33di5gz0a6n6q380v1y8apm5hrynzyl4ri8ar4j202hwjqi1y2"))
                 (file-name (string-append name "-" version "-checkout"))
                 (modules '((guix build utils)))
                 (snippet
diff --git a/gnu/packages/julia.scm b/gnu/packages/julia.scm
index f6df2817d3..41bbc66dd2 100644
--- a/gnu/packages/julia.scm
+++ b/gnu/packages/julia.scm
@@ -146,6 +146,12 @@
           (lambda* (#:key inputs #:allow-other-keys)
             (use-modules (ice-9 match))
             (substitute* "src/runtime_ccall.cpp"
+              ;; Patch out invocations of '/sbin/ldconfig' to avoid getting
+              ;; error messages about missing '/sbin/ldconfig' on GuixSD.
+              (("popen\\(.*ldconfig.*\\);")
+               "NULL;\n")
+
+              ;; Populate 'sonameMap'.
               (("jl_read_sonames.*;")
                (string-join
                 (map (match-lambda
@@ -228,6 +234,12 @@
              #t))
          (add-before 'check 'disable-broken-tests
            (lambda _
+             ;; Adjust expected error messages to match what current libgit2
+             ;; provides.
+             (substitute* "test/libgit2.jl"
+               (("Invalid Content-Type") "invalid Content-Type")
+               (("Failed to resolve path") "failed to resolve path"))
+
              (substitute* "test/choosetests.jl"
                ;; These tests fail, probably because some of the input
                ;; binaries have been stripped and thus backtraces don't look
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 0fae825e9b..b0cefeab75 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -382,8 +382,8 @@ It has been modified to remove all non-free binary blobs.")
 ;; supports qemu "virt" machine and possibly a large number of ARM boards.
 ;; See : https://wiki.debian.org/DebianKernel/ARMMP.
 
-(define %linux-libre-version "4.15.1")
-(define %linux-libre-hash "1by90ghpk5qh79vgb0cfwab8c6ngciii9mvsya0gj5ijj90i6hwy")
+(define %linux-libre-version "4.15.2")
+(define %linux-libre-hash "0rzncbk513a8q60z9psb9yz7liadsb7nghj12s1kmwn441z1zv93")
 
 (define-public linux-libre
   (make-linux-libre %linux-libre-version
@@ -391,8 +391,8 @@ It has been modified to remove all non-free binary blobs.")
                     %linux-compatible-systems
                     #:configuration-file kernel-config))
 
-(define %linux-libre-4.14-version "4.14.17")
-(define %linux-libre-4.14-hash "05z4v1v4aj8hcwgn7iljp8iclk3ikf1b57k8a8baym3dd9js6aan")
+(define %linux-libre-4.14-version "4.14.18")
+(define %linux-libre-4.14-hash "1kl6zc9dzi02hzxwmzskxb4cqh5lph4afy94677bj5ribanmizn5")
 
 (define-public linux-libre-4.14
   (make-linux-libre %linux-libre-4.14-version
diff --git a/gnu/packages/lua.scm b/gnu/packages/lua.scm
index e6453fa360..0d4bf12817 100644
--- a/gnu/packages/lua.scm
+++ b/gnu/packages/lua.scm
@@ -8,6 +8,7 @@
 ;;; Copyright © 2016 doncatnip <gnopap@gmail.com>
 ;;; Copyright © 2016, 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2016 José Miguel Sánchez García <jmi2k@openmailbox.org>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Fis Trivial <ybbs.daans@hotmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -116,21 +117,30 @@ for configuration, scripting, and rapid prototyping.")
 (define-public luajit
   (package
     (name "luajit")
-    (version "2.1.0-beta2")
+    (version "2.1.0-beta3")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://luajit.org/download/LuaJIT-"
                                   version ".tar.gz"))
               (sha256
-               (base32 "0iyghj1xjlmd9ywa4flf9yszynf3jhbp0yqb9b49k7ab0g528fbi"))
-              (patches (search-patches "luajit-symlinks.patch"
-                                       "luajit-no_ldconfig.patch"))))
+               (base32 "1hyrhpkwjqsv54hnnx4cl8vk44h9d6c9w0fz1jfjz00w255y7lhs"))
+              (patches (search-patches "luajit-no_ldconfig.patch"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:tests? #f                      ;luajit is distributed without tests
-       #:phases (modify-phases %standard-phases (delete 'configure))
-       #:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")))))
-    (home-page "http://www.luajit.org/")
+     `(#:tests? #f                      ; luajit is distributed without tests
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)            ; no configure script
+         (add-after 'install 'create-luajit-symlink
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin")))
+               (with-directory-excursion bin
+                 (symlink ,(string-append name "-" version)
+                          ,name)
+                 #t)))))
+         #:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")))))
+    (home-page "https://www.luajit.org/")
     (synopsis "Just in time compiler for Lua programming language version 5.1")
     (description
      "LuaJIT is a Just-In-Time Compiler (JIT) for the Lua
@@ -427,7 +437,7 @@ Grammars (PEGs).")
        (modify-phases %standard-phases
          (delete 'configure))))
     (inputs `(("lua", lua)))
-    (home-page "http://bitop.luajit.org/index.html")
+    (home-page "https://bitop.luajit.org/index.html")
     (synopsis "Bitwise operations on numbers for Lua")
     (description
      "Lua BitOp is a C extension module for Lua which adds bitwise operations
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index fcb347238a..e085c2dec6 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -24,6 +24,7 @@
 ;;; Copyright © 2017 Kyle Meyer <kyle@kyleam.com>
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org>
+;;; Copyright © 2018 Pierre Langlois <pierre.langlois@gmx.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -532,27 +533,27 @@ security functionality including PGP, S/MIME, SSH, and SSL.")
 (define-public mu
   (package
     (name "mu")
-    (version "0.9.18")
+    (version "1.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/djcb/mu/releases/"
-                                  "download/" version "/mu-"
-                                  version ".tar.gz"))
+                                  "download/v" version "/mu-"
+                                  version ".tar.xz"))
               (sha256
                (base32
-                "02g82zvxfgn17wzy846bfxj0izjj7yklhwdnhwxy1y2kin4fqnb5"))))
+                "04x5azl19gszw2h7argq666gf9xs4hy9q7w9cbqxvy08n56xqsln"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("glib" ,glib "bin")             ; for gtester
-       ("emacs" ,emacs-minimal)))
+       ("emacs" ,emacs-minimal)
+       ("tzdata" ,tzdata-for-tests)))   ;for mu/test/test-mu-query.c
     ;; TODO: Add webkit and gtk to build the mug GUI.
     (inputs
      `(("xapian" ,xapian)
        ("guile" ,guile-2.2)
        ("glib" ,glib)
-       ("gmime" ,gmime)
-       ("tzdata" ,tzdata)))             ;for mu/test/test-mu-query.c
+       ("gmime" ,gmime)))
     (arguments
      `(#:modules ((guix build gnu-build-system)
                   (guix build utils)
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 25a0cf670f..0263fc107c 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -22,6 +22,7 @@
 ;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Dave Love <me@fx@gnu.org>
+;;; Copyright © 2018 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -93,6 +94,7 @@
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
   #:use-module (gnu packages python-web)
+  #:use-module (gnu packages qt)
   #:use-module (gnu packages readline)
   #:use-module (gnu packages tbb)
   #:use-module (gnu packages scheme)
@@ -101,6 +103,7 @@
   #:use-module (gnu packages texinfo)
   #:use-module (gnu packages tex)
   #:use-module (gnu packages tls)
+  #:use-module (gnu packages version-control)
   #:use-module (gnu packages wxwidgets)
   #:use-module (gnu packages xml)
   #:use-module (srfi srfi-1))
@@ -3695,3 +3698,34 @@ exclusion algorithms are typical examples of such systems.")
 dense and sparse-direct linear algebra, conic optimization, and lattice
 reduction.")
     (license license:bsd-2)))
+
+(define-public mcrl2
+  (package
+    (name "mcrl2")
+    (version "201707.1.15162")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://www.mcrl2.org/download/devel/mcrl2-"
+                                  version
+                                  ".tar.gz"))
+              (sha256
+               (base32
+                "1ziww2fchsklm25hl9p2mngssxfh9w07nc114cncqaxfibqp2p8f"))))
+    (native-inputs
+     `(("subversion" ,subversion)))
+    (inputs
+     `(("boost" ,boost)
+       ("glu" ,glu)
+       ("mesa" ,mesa)
+       ("qt" ,qt)))
+    (build-system cmake-build-system)
+    (synopsis "Toolset for the mCRL2 formal specification language")
+    (description
+     "@dfn{mCRL2} (micro Common Representation Language 2) is a formal
+specification language for describing concurrent discrete event systems.  Its
+toolset supports analysis and automatic verification, linearisation, simulation,
+state-space exploration and generation, and tools to optimise and analyse
+specifications.  Also, state spaces can be manipulated, visualised and
+analysed.")
+    (home-page "http://mcrl2.org")
+    (license license:boost1.0)))
diff --git a/gnu/packages/mc.scm b/gnu/packages/mc.scm
index 2e13c3201f..6c71f56086 100644
--- a/gnu/packages/mc.scm
+++ b/gnu/packages/mc.scm
@@ -62,14 +62,25 @@
        (modify-phases %standard-phases
          (add-after 'patch-source-shebangs 'patch-FHS-file-names
            (lambda _
-             ;; Patch files to refer to executables in the store.
+             ;; Patch files to refer to executables in the store or $PATH.
              (substitute* "misc/mcedit.menu.in"
                (("#! /bin/sh") (string-append "#!" (which "sh")))
                (("/bin/bash") (which "bash")))
              (substitute* "misc/ext.d/misc.sh.in"
                (("/bin/cat") "cat"))
-             (substitute* "tests/src/vfs/extfs/helpers-list/Makefile.in"
+             (substitute* (list "lib/utilunix.c"
+                                "src/usermenu.c"
+                                "src/vfs/fish/fish.c"
+                                "tests/src/vfs/extfs/helpers-list/Makefile.in")
                (("/bin/sh") (which "sh")))
+             (substitute* "src/filemanager/ext.c"
+               (("/bin/rm") "rm")
+               (("/bin/sh") (which "sh")))
+
+             ;; There are other /bin/<shell>s hard-coded in this file, but they
+             ;; are never tried after bash (mc's first choice) is found.
+             (substitute* "lib/shell.c"
+               (("/bin/bash") (which "bash")))
              #t))
          (add-before 'check 'fix-tests
            (lambda _
diff --git a/gnu/packages/mpi.scm b/gnu/packages/mpi.scm
index d9a2094bea..442f7c5371 100644
--- a/gnu/packages/mpi.scm
+++ b/gnu/packages/mpi.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014, 2015 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
 ;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2017 Dave Love <fx@gnu.org>
@@ -39,9 +39,12 @@
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages valgrind)
+  #:use-module (srfi srfi-1)
   #:use-module (ice-9 match))
 
 (define-public hwloc
+  ;; Note: For now we keep 1.x as the default because many packages have yet
+  ;; to migrate to 2.0.
   (package
     (name "hwloc")
     (version "1.11.8")
@@ -110,6 +113,24 @@ a powerful programming interface to gather information about the hardware,
 bind processes, and much more.")
     (license bsd-3)))
 
+(define-public hwloc-2.0
+  ;; Note: 2.0 isn't the default yet, see above.
+  (package
+    (inherit hwloc)
+    (version "2.0.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://www.open-mpi.org/software/hwloc/v"
+                                  (version-major+minor version)
+                                  "/downloads/hwloc-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "021765f9y6pxcxrvfpzzwaig16ypfbph5xjpkd29qkhzs9r6zrcr"))
+              (patches (search-patches "hwloc-tests-without-sysfs.patch"))))
+
+    ;; libnuma is no longer needed.
+    (inputs (alist-delete "numactl" (package-inputs hwloc)))))
+
 (define-public openmpi
   (package
     (name "openmpi")
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index 2e8bc17192..2db8ffea30 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -1050,7 +1050,7 @@ complete studio.")
          (add-after 'unpack 'fix-configuration
            (lambda* (#:key inputs #:allow-other-keys)
              (substitute* "default.config"
-               (("/usr/bin/aplay" "aplay"))
+               (("/usr/bin/aplay") "aplay")
                (("/usr/bin/timidity") "timidity")
                (("/usr/bin/mpg123") "mpg123")
                (("/usr/bin/ogg123") "ogg123"))
@@ -2317,6 +2317,33 @@ analogue-like user interface.")
 socket or command line.")
       (license license:gpl3+))))
 
+(define-public curseradio
+  (let ((commit "1bd4bd0faeec675e0647bac9a100b526cba19f8d")
+        (revision "1"))
+    (package
+      (name "curseradio")
+      (version (git-version "0" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/chronitis/curseradio.git")
+                      (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32
+                  "11bf0jnj8h2fxhpdp498189r4s6b47vy4wripv0z4nx7lxajl88i"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-lxml" ,python-lxml)
+       ("python-requests" ,python-requests)
+       ("python-pyxdg" ,python-pyxdg)
+       ("mpv" ,mpv)))
+    (home-page "https://github.com/chronitis/curseradio")
+    (synopsis "Command-line Internet radio player")
+    (description "Curseradio is a Curses-based radio player that uses a
+tune-in sender list from @url{http://opml.radiotime.com}.")
+    (license license:expat))))
+
 (define-public pianobar
   (package
     (name "pianobar")
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 76b069de94..21b158b815 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015, 2016, 2017 Stefan Reichör <stefan@xsteve.at>
 ;;; Copyright © 2016 Raimon Grau <raimonster@gmail.com>
-;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2016, 2017 Nicolas Goaziou <mail@nicolasgoaziou.fr>
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
@@ -465,12 +465,12 @@ and up to 1 Mbit/s downstream.")
          "08sp2gzv09rar1a5mnfmbc24pqvhpqqmz2hnmv436n7v7d09qy2d"))))
     (build-system gnu-build-system)
     (arguments
-     `(#:tests? #f                      ; Does not exist
+     `(#:tests? #f                      ; no test suite
        #:make-flags (list "CC=gcc"
                           (string-append "prefix=" (assoc-ref %outputs "out")))
        #:phases
        (modify-phases %standard-phases
-         (delete 'configure)            ; No configure
+         (delete 'configure)            ; no configure script
          (add-before 'build 'setenv
            (lambda _
              (setenv "HAVE_ICONV" "1")
@@ -482,11 +482,16 @@ and up to 1 Mbit/s downstream.")
      `(("gettext" ,gettext-minimal)
        ("perl" ,perl)
        ("pkg-config" ,pkg-config)))
-    (synopsis "Improved whois client")
-    (description "This whois client is intelligent and can
-automatically select the appropriate whois server for most queries.
-Because of historical reasons this also includes a tool called mkpasswd
-which can be used to encrypt a password with @code{crypt(3)}.")
+    (synopsis "Intelligent client for the WHOIS directory service")
+    (description
+      "whois searches for an object in a @dfn{WHOIS} (RFC 3912) database.
+It is commonly used to look up the registered users or assignees of an Internet
+resource, such as a domain name, an IP address block, or an autonomous system.
+It can automatically select the appropriate server for most queries.
+
+For historical reasons, this package also includes @command{mkpasswd}, which
+encrypts passwords using @code{crypt(3)} and is unrelated to the Expect command
+of the same name.")
     (home-page "https://github.com/rfc1036/whois")
     (license license:gpl2+)))
 
diff --git a/gnu/packages/nim.scm b/gnu/packages/nim.scm
index 560f10e4ad..5694eae63b 100644
--- a/gnu/packages/nim.scm
+++ b/gnu/packages/nim.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 José Miguel Sánchez García <jmi2k@openmailbox.org>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,7 +27,7 @@
 (define-public nim
   (package
     (name "nim")
-    (version "0.17.0")
+    (version "0.17.2")
     (source
      (origin
       (method url-fetch)
@@ -34,13 +35,13 @@
                           name "-" version ".tar.xz"))
       (sha256
        (base32
-        "16vsmk4rqnkg9lc9h9jk62ps0x778cdqg6qrs3k6fv2g73cqvq9n"))))
+        "1gc2xk3ygmz9y4pm75pligssgw995a7gvnfpy445fjpw4d81pzxa"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; No tests.
        #:phases
          (modify-phases %standard-phases
-           (delete 'configure)
+           (delete 'configure)          ; no configure script
            (add-after 'unpack 'patch-installer
              (lambda* (#:key outputs #:allow-other-keys)
                (let ((out (assoc-ref outputs "out")))
@@ -56,11 +57,13 @@
                #t))
            (replace 'build
              (lambda _
-               (zero? (system* "sh" "build.sh"))))
+               (invoke "sh" "build.sh")
+               #t))
            (replace 'install
              (lambda* (#:key outputs #:allow-other-keys)
                (let ((out (assoc-ref outputs "out")))
-                 (zero? (system* "./install.sh" out))))))))
+                 (invoke "./install.sh" out)
+                 #t))))))
     (home-page "https://nim-lang.org")
     (synopsis "Statically-typed, imperative programming language")
     (description "Nim (formerly known as Nimrod) is a statically-typed,
diff --git a/gnu/packages/onc-rpc.scm b/gnu/packages/onc-rpc.scm
index 5997571462..03d51d9517 100644
--- a/gnu/packages/onc-rpc.scm
+++ b/gnu/packages/onc-rpc.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2014, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2017, 2018 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm
index 07197de0d5..dd1ab1c3ef 100644
--- a/gnu/packages/password-utils.scm
+++ b/gnu/packages/password-utils.scm
@@ -68,14 +68,14 @@
 (define-public pwgen
   (package
     (name "pwgen")
-    (version "2.07")
+    (version "2.08")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "mirror://sourceforge/pwgen/pwgen/" version
                            "/pwgen-" version ".tar.gz"))
        (sha256
-        (base32 "0mhmw700kkh238fzivcwnwi94bj9f3h36yfh3k3j2v19b0zmjx7b"))))
+        (base32 "0yy90pqrr2pszzhb5hxjishq9qc7dqd290amiibqx9fm1b9kvc6s"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f)) ; no test suite
diff --git a/gnu/packages/patches/gpsbabel-minizip.patch b/gnu/packages/patches/gpsbabel-minizip.patch
new file mode 100644
index 0000000000..8f3bb36f57
--- /dev/null
+++ b/gnu/packages/patches/gpsbabel-minizip.patch
@@ -0,0 +1,13 @@
+Patch taken from https://sources.debian.org/data/main/g/gpsbabel/1.5.3-2/debian/patches/use_minizip.
+
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -120,7 +120,7 @@ LIBOBJS = queue.o route.o waypt.o filter
+ 	  src/core/usasciicodec.o\
+ 	  src/core/ziparchive.o \
+ 	  $(GARMIN) $(JEEPS) $(SHAPE) @ZLIB@ $(FMTS) $(FILTERS)
+-OBJS = main.o globals.o $(LIBOBJS) @FILEINFO@
++OBJS = main.o globals.o $(MINIZIP) $(LIBOBJS) @FILEINFO@
+ 
+ DEPFILES = $(OBJS:.o=.d)
+ 
\ No newline at end of file
diff --git a/gnu/packages/patches/gpsbabel-qstring.patch b/gnu/packages/patches/gpsbabel-qstring.patch
new file mode 100644
index 0000000000..8ba1a7213b
--- /dev/null
+++ b/gnu/packages/patches/gpsbabel-qstring.patch
@@ -0,0 +1,69 @@
+Extracted from following patch of gpsbabel:
+https://github.com/gpsbabel/gpsbabel/commit/604178aa8ad4d3c3ad218df24c1e9a6a1f683bb3
+
+From 604178aa8ad4d3c3ad218df24c1e9a6a1f683bb3 Mon Sep 17 00:00:00 2001
+From: Harel Mazor <harel.mazor@gmail.com>
+Date: Tue, 24 Jan 2017 00:35:04 +0200
+Subject: [PATCH] Added geojson read capablity, moved magic strings to
+ constants, fixed windows compilation issues.
+
+--- a/tef_xml.cc
++++ b/tef_xml.cc
+@@ -72,11 +72,11 @@ tef_start(xg_string args, const QXmlStreamAttributes* attrv)
+   bool valid = false;
+ 
+   foreach(QXmlStreamAttribute attr, *attrv) {
+-    if (attr.name().compare("Comment", Qt::CaseInsensitive) == 0) {
+-      if (attr.value().compare("TourExchangeFormat", Qt::CaseInsensitive) == 0) {
++    if (attr.name().compare(QString("Comment"), Qt::CaseInsensitive) == 0) {
++      if (attr.value().compare(QString("TourExchangeFormat"), Qt::CaseInsensitive) == 0) {
+         valid = true;
+       }
+-    } else if (attr.name().compare("Version", Qt::CaseInsensitive) == 0) {
++    } else if (attr.name().compare(QString("Version"), Qt::CaseInsensitive) == 0) {
+       version = attr.value().toString().toDouble();
+     }
+   }
+@@ -95,9 +95,9 @@ tef_header(xg_string args, const QXmlStreamAttributes* attrv)
+ {
+   route = route_head_alloc();
+   foreach(QXmlStreamAttribute attr, *attrv) {
+-    if (attr.name().compare("Name", Qt::CaseInsensitive) == 0) {
++    if (attr.name().compare(QString("Name"), Qt::CaseInsensitive) == 0) {
+       route->rte_name = attr.value().toString().trimmed();
+-    } else if (attr.name().compare("Software", Qt::CaseInsensitive) == 0) {
++    } else if (attr.name().compare(QString("Software"), Qt::CaseInsensitive) == 0) {
+       route->rte_desc = attr.value().toString().trimmed();
+     }
+   }
+@@ -248,20 +248,20 @@ tef_item_start(xg_string args, const QXmlStreamAttributes* attrv)
+     QString attrstr = attr.value().toString();
+     QByteArray attrtext = attrstr.toUtf8();
+ 
+-    if (attr.name().compare("SegDescription", Qt::CaseInsensitive) == 0) {
++    if (attr.name().compare(QString("SegDescription"), Qt::CaseInsensitive) == 0) {
+       wpt_tmp->shortname = attrstr.trimmed();
+-    } else if (attr.name().compare("PointDescription", Qt::CaseInsensitive) == 0) {
++    } else if (attr.name().compare(QString("PointDescription"), Qt::CaseInsensitive) == 0) {
+       wpt_tmp->description = attrstr.trimmed();
+-    } else if (attr.name().compare("ViaStation", Qt::CaseInsensitive) == 0 &&
+-               attr.value().compare("true", Qt::CaseInsensitive) == 0) {
++    } else if (attr.name().compare(QString("ViaStation"), Qt::CaseInsensitive) == 0 &&
++               attr.value().compare(QString("true"), Qt::CaseInsensitive) == 0) {
+       wpt_tmp->wpt_flags.fmt_use = 1;  /* only a flag */
+ 
+       /* new in TEF V2 */
+-    } else if (attr.name().compare("Instruction", Qt::CaseInsensitive) == 0) {
++    } else if (attr.name().compare(QString("Instruction"), Qt::CaseInsensitive) == 0) {
+       wpt_tmp->description = attrstr.trimmed();
+-    } else if (attr.name().compare("Altitude", Qt::CaseInsensitive) == 0) {
++    } else if (attr.name().compare(QString("Altitude"), Qt::CaseInsensitive) == 0) {
+       wpt_tmp->altitude = attrstr.toDouble();
+-    } else if (attr.name().compare("TimeStamp", Qt::CaseInsensitive) == 0) {
++    } else if (attr.name().compare(QString("TimeStamp"), Qt::CaseInsensitive) == 0) {
+       /* nothing for the moment */
+     }
+   }
+-- 
+2.16.1
+
diff --git a/gnu/packages/patches/hwloc-tests-without-sysfs.patch b/gnu/packages/patches/hwloc-tests-without-sysfs.patch
new file mode 100644
index 0000000000..ea6ec41616
--- /dev/null
+++ b/gnu/packages/patches/hwloc-tests-without-sysfs.patch
@@ -0,0 +1,42 @@
+Fix a test failure in the build environment, where /sys is missing.
+From <https://github.com/bgoglin/hwloc/commit/a2cc4f2e2bf4a8bbdd61b578a62e27e7482799cf.patch>.
+
+From a2cc4f2e2bf4a8bbdd61b578a62e27e7482799cf Mon Sep 17 00:00:00 2001
+From: Brice Goglin <Brice.Goglin@inria.fr>
+Date: Tue, 6 Feb 2018 17:13:26 +0100
+Subject: [PATCH] linux: honor the filtering cores and packages when reading
+ topology from cpuinfo
+
+Caused a make check crash in lstopo --filter all:none in chroot without sysfs.
+
+Thanks to Ludovic Courtes for the report.
+
+Signed-off-by: Brice Goglin <Brice.Goglin@inria.fr>
+---
+ hwloc/topology-linux.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/hwloc/topology-linux.c b/hwloc/topology-linux.c
+index 290da0d72..e1bbf94e1 100644
+--- a/hwloc/topology-linux.c
++++ b/hwloc/topology-linux.c
+@@ -4101,7 +4101,8 @@ look_cpuinfo(struct hwloc_topology *topology,
+     }
+   /* create package objects */
+   hwloc_debug("%u pkgs%s\n", numpkgs, missingpkg ? ", but some missing package" : "");
+-  if (!missingpkg && numpkgs>0) {
++  if (!missingpkg && numpkgs>0
++      && hwloc_filter_check_keep_object_type(topology, HWLOC_OBJ_PACKAGE)) {
+     for (i = 0; i < numpkgs; i++) {
+       struct hwloc_obj *obj = hwloc_alloc_setup_object(topology, HWLOC_OBJ_PACKAGE, Lpkg_to_Ppkg[i]);
+       int doneinfos = 0;
+@@ -4145,7 +4146,8 @@ look_cpuinfo(struct hwloc_topology *topology,
+     }
+   /* create Core objects */
+   hwloc_debug("%u cores%s\n", numcores, missingcore ? ", but some missing core" : "");
+-  if (!missingcore && numcores>0) {
++  if (!missingcore && numcores>0
++      && hwloc_filter_check_keep_object_type(topology, HWLOC_OBJ_CORE)) {
+     for (i = 0; i < numcores; i++) {
+       struct hwloc_obj *obj = hwloc_alloc_setup_object(topology, HWLOC_OBJ_CORE, Lcore_to_Pcore[i]);
+       obj->cpuset = hwloc_bitmap_alloc();
diff --git a/gnu/packages/patches/luajit-symlinks.patch b/gnu/packages/patches/luajit-symlinks.patch
deleted file mode 100644
index 2466c34144..0000000000
--- a/gnu/packages/patches/luajit-symlinks.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 0a54a8f125d7ab508c7c88d5ad4ed1b0c63cb5b6 Mon Sep 17 00:00:00 2001
-From: =?utf8?q?Tom=C3=A1=C5=A1=20=C4=8Cech?= <sleep_walker@suse.cz>
-Date: Wed, 4 Feb 2015 11:32:55 +0100
-Subject: [PATCH 1/2] Provide two symlinks for dynamic library during install
-
----
- Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile b/Makefile
-index 0891b71..343ecb5 100644
---- a/Makefile
-+++ b/Makefile
-@@ -56,7 +56,7 @@ INSTALL_PCNAME= luajit.pc
- INSTALL_STATIC= $(INSTALL_LIB)/$(INSTALL_ANAME)
- INSTALL_DYN= $(INSTALL_LIB)/$(INSTALL_SONAME)
- INSTALL_SHORT1= $(INSTALL_LIB)/$(INSTALL_SOSHORT)
--INSTALL_SHORT2= $(INSTALL_LIB)/$(INSTALL_SOSHORT)
-+INSTALL_SHORT2= $(INSTALL_LIB)/$(INSTALL_SOSHORT).$(MAJVER)
- INSTALL_T= $(INSTALL_BIN)/$(INSTALL_TNAME)
- INSTALL_TSYM= $(INSTALL_BIN)/$(INSTALL_TSYMNAME)
- INSTALL_PC= $(INSTALL_PKGCONFIG)/$(INSTALL_PCNAME)
--- 
-2.2.2
-
diff --git a/gnu/packages/patches/mpv-CVE-2018-6360-1.patch b/gnu/packages/patches/mpv-CVE-2018-6360-1.patch
new file mode 100644
index 0000000000..55fc7daaf3
--- /dev/null
+++ b/gnu/packages/patches/mpv-CVE-2018-6360-1.patch
@@ -0,0 +1,138 @@
+Fix CVE-2018-6360:
+
+https://github.com/mpv-player/mpv/issues/5456
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6360
+https://security-tracker.debian.org/tracker/CVE-2018-6360
+
+Patch copied from upstream source repository:
+
+https://github.com/mpv-player/mpv/commit/e6e6b0dcc7e9b0dbf35154a179b3dc1fcfcaff43
+
+To apply the patch to mpv 0.28.0 release tarball, hunk #4 is removed. Hunk #4
+checks if 'mpd_url' is safe, but the support for 'mpd_url' is not available
+for the 0.28.0 release. So it should be safe to remove hunk #4.
+
+From e6e6b0dcc7e9b0dbf35154a179b3dc1fcfcaff43 Mon Sep 17 00:00:00 2001
+From: Ricardo Constantino <wiiaboo@gmail.com>
+Date: Fri, 26 Jan 2018 01:19:04 +0000
+Subject: [PATCH] ytdl_hook: whitelist protocols from urls retrieved from
+ youtube-dl
+
+Not very clean since there's a lot of potential unsafe urls that youtube-dl
+can give us, depending on whether it's a single url, split tracks,
+playlists, segmented dash, etc.
+---
+ player/lua/ytdl_hook.lua | 54 +++++++++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 47 insertions(+), 7 deletions(-)
+
+diff --git a/player/lua/ytdl_hook.lua b/player/lua/ytdl_hook.lua
+index dd96ecc01d..b480c21625 100644
+--- a/player/lua/ytdl_hook.lua
++++ b/player/lua/ytdl_hook.lua
+@@ -16,6 +16,18 @@ local ytdl = {
+ 
+ local chapter_list = {}
+ 
++function Set (t)
++    local set = {}
++    for _, v in pairs(t) do set[v] = true end
++    return set
++end
++
++local safe_protos = Set {
++    "http", "https", "ftp", "ftps",
++    "rtmp", "rtmps", "rtmpe", "rtmpt", "rtmpts", "rtmpte",
++    "data"
++}
++
+ local function exec(args)
+     local ret = utils.subprocess({args = args})
+     return ret.status, ret.stdout, ret
+@@ -183,6 +195,9 @@ local function edl_track_joined(fragments, protocol, is_live, base)
+ 
+     for i = offset, #fragments do
+         local fragment = fragments[i]
++        if not url_is_safe(join_url(base, fragment)) then
++            return nil
++        end
+         table.insert(parts, edl_escape(join_url(base, fragment)))
+         if fragment.duration then
+             parts[#parts] =
+@@ -208,6 +223,15 @@ local function proto_is_dash(json)
+            or json["protocol"] == "http_dash_segments"
+ end
+ 
++local function url_is_safe(url)
++    local proto = type(url) == "string" and url:match("^(.+)://") or nil
++    local safe = proto and safe_protos[proto]
++    if not safe then
++        msg.error(("Ignoring potentially unsafe url: '%s'"):format(url))
++    end
++    return safe
++end
++
+ local function add_single_video(json)
+     local streamurl = ""
+     local max_bitrate = 0
+@@ -238,14 +264,18 @@ local function add_single_video(json)
+             edl_track = edl_track_joined(track.fragments,
+                 track.protocol, json.is_live,
+                 track.fragment_base_url)
++            local url = edl_track or track.url
++            if not url_is_safe(url) then
++                return
++            end
+             if track.acodec and track.acodec ~= "none" then
+                 -- audio track
+                 mp.commandv("audio-add",
+-                    edl_track or track.url, "auto",
++                    url, "auto",
+                     track.format_note or "")
+             elseif track.vcodec and track.vcodec ~= "none" then
+                 -- video track
+-                streamurl = edl_track or track.url
++                streamurl = url
+             end
+         end
+ 
+@@ -264,7 +294,13 @@ local function add_single_video(json)
+ 
+     msg.debug("streamurl: " .. streamurl)
+ 
+-    mp.set_property("stream-open-filename", streamurl:gsub("^data:", "data://", 1))
++    streamurl = streamurl:gsub("^data:", "data://", 1)
++
++    if not url_is_safe(streamurl) then
++        return
++    end
++
++    mp.set_property("stream-open-filename", streamurl)
+ 
+     mp.set_property("file-local-options/force-media-title", json.title)
+ 
+@@ -526,14 +562,18 @@ mp.add_hook(o.try_ytdl_first and "on_load" or "on_load_fail", 10, function ()
+                         site = entry["webpage_url"]
+                     end
+ 
+-                    if not (site:find("https?://") == 1) then
+-                        site = "ytdl://" .. site
++                    -- links with only youtube id as returned by --flat-playlist
++                    if not site:find("://") then
++                        table.insert(playlist, "ytdl://" .. site)
++                    elseif url_is_safe(site) then
++                        table.insert(playlist, site)
+                     end
+-                    table.insert(playlist, site)
+ 
+                 end
+ 
+-                mp.set_property("stream-open-filename", "memory://" .. table.concat(playlist, "\n"))
++                if #playlist > 0 then
++                    mp.set_property("stream-open-filename", "memory://" .. table.concat(playlist, "\n"))
++                end
+             end
+ 
+         else -- probably a video
+-- 
+2.16.1
+
diff --git a/gnu/packages/patches/mpv-CVE-2018-6360-2.patch b/gnu/packages/patches/mpv-CVE-2018-6360-2.patch
new file mode 100644
index 0000000000..b37e33a641
--- /dev/null
+++ b/gnu/packages/patches/mpv-CVE-2018-6360-2.patch
@@ -0,0 +1,59 @@
+Fix CVE-2018-6360:
+
+https://github.com/mpv-player/mpv/issues/5456
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6360
+https://security-tracker.debian.org/tracker/CVE-2018-6360
+
+Patch copied from upstream source repository:
+
+https://github.com/mpv-player/mpv/commit/f8263e82cc74a9ac6530508bec39c7b0dc02568f
+
+From f8263e82cc74a9ac6530508bec39c7b0dc02568f Mon Sep 17 00:00:00 2001
+From: Ricardo Constantino <wiiaboo@gmail.com>
+Date: Fri, 26 Jan 2018 11:26:27 +0000
+Subject: [PATCH] ytdl_hook: move url_is_safe earlier in code
+
+lua isn't javascript.
+---
+ player/lua/ytdl_hook.lua | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/player/lua/ytdl_hook.lua b/player/lua/ytdl_hook.lua
+index b480c21625..458c94af38 100644
+--- a/player/lua/ytdl_hook.lua
++++ b/player/lua/ytdl_hook.lua
+@@ -84,6 +84,15 @@ local function edl_escape(url)
+     return "%" .. string.len(url) .. "%" .. url
+ end
+ 
++local function url_is_safe(url)
++    local proto = type(url) == "string" and url:match("^(.+)://") or nil
++    local safe = proto and safe_protos[proto]
++    if not safe then
++        msg.error(("Ignoring potentially unsafe url: '%s'"):format(url))
++    end
++    return safe
++end
++
+ local function time_to_secs(time_string)
+     local ret
+ 
+@@ -223,15 +232,6 @@ local function proto_is_dash(json)
+            or json["protocol"] == "http_dash_segments"
+ end
+ 
+-local function url_is_safe(url)
+-    local proto = type(url) == "string" and url:match("^(.+)://") or nil
+-    local safe = proto and safe_protos[proto]
+-    if not safe then
+-        msg.error(("Ignoring potentially unsafe url: '%s'"):format(url))
+-    end
+-    return safe
+-end
+-
+ local function add_single_video(json)
+     local streamurl = ""
+     local max_bitrate = 0
+-- 
+2.16.1
+
diff --git a/gnu/packages/patches/mpv-CVE-2018-6360-3.patch b/gnu/packages/patches/mpv-CVE-2018-6360-3.patch
new file mode 100644
index 0000000000..dc3e272d37
--- /dev/null
+++ b/gnu/packages/patches/mpv-CVE-2018-6360-3.patch
@@ -0,0 +1,84 @@
+Fix CVE-2018-6360:
+
+https://github.com/mpv-player/mpv/issues/5456
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6360
+https://security-tracker.debian.org/tracker/CVE-2018-6360
+
+Patch copied from upstream source repository:
+
+https://github.com/mpv-player/mpv/commit/ce42a965330dfeb7d2f6c69ea42d35454105c828
+
+From ce42a965330dfeb7d2f6c69ea42d35454105c828 Mon Sep 17 00:00:00 2001
+From: Ricardo Constantino <wiiaboo@gmail.com>
+Date: Fri, 26 Jan 2018 18:54:17 +0000
+Subject: [PATCH] ytdl_hook: fix safe url checking with EDL urls
+
+---
+ player/lua/ytdl_hook.lua | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/player/lua/ytdl_hook.lua b/player/lua/ytdl_hook.lua
+index 458c94af38..6c8e78657d 100644
+--- a/player/lua/ytdl_hook.lua
++++ b/player/lua/ytdl_hook.lua
+@@ -264,18 +264,17 @@ local function add_single_video(json)
+             edl_track = edl_track_joined(track.fragments,
+                 track.protocol, json.is_live,
+                 track.fragment_base_url)
+-            local url = edl_track or track.url
+-            if not url_is_safe(url) then
++            if not edl_track and not url_is_safe(track.url) then
+                 return
+             end
+             if track.acodec and track.acodec ~= "none" then
+                 -- audio track
+                 mp.commandv("audio-add",
+-                    url, "auto",
++                    edl_track or track.url, "auto",
+                     track.format_note or "")
+             elseif track.vcodec and track.vcodec ~= "none" then
+                 -- video track
+-                streamurl = url
++                streamurl = edl_track or track.url
+             end
+         end
+ 
+@@ -284,6 +283,9 @@ local function add_single_video(json)
+         edl_track = edl_track_joined(json.fragments, json.protocol,
+             json.is_live, json.fragment_base_url)
+ 
++        if not edl_track and not url_is_safe(json.url) then
++            return
++        end
+         -- normal video or single track
+         streamurl = edl_track or json.url
+         set_http_headers(json.http_headers)
+@@ -294,13 +296,7 @@ local function add_single_video(json)
+ 
+     msg.debug("streamurl: " .. streamurl)
+ 
+-    streamurl = streamurl:gsub("^data:", "data://", 1)
+-
+-    if not url_is_safe(streamurl) then
+-        return
+-    end
+-
+-    mp.set_property("stream-open-filename", streamurl)
++    mp.set_property("stream-open-filename", streamurl:gsub("^data:", "data://", 1))
+ 
+     mp.set_property("file-local-options/force-media-title", json.title)
+ 
+@@ -499,6 +495,10 @@ mp.add_hook(o.try_ytdl_first and "on_load" or "on_load_fail", 10, function ()
+ 
+                 msg.debug("EDL: " .. playlist)
+ 
++                if not playlist then
++                    return
++                end
++
+                 -- can't change the http headers for each entry, so use the 1st
+                 if json.entries[1] then
+                     set_http_headers(json.entries[1].http_headers)
+-- 
+2.16.1
+
diff --git a/gnu/packages/patches/mupdf-CVE-2017-17858.patch b/gnu/packages/patches/mupdf-CVE-2017-17858.patch
new file mode 100644
index 0000000000..66df127509
--- /dev/null
+++ b/gnu/packages/patches/mupdf-CVE-2017-17858.patch
@@ -0,0 +1,111 @@
+Fix CVE-2017-17858:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17858
+https://bugs.ghostscript.com/show_bug.cgi?id=698819
+https://github.com/mzet-/Security-Advisories/blob/master/mzet-adv-2017-01.md
+
+Patch copied from upstream source repository:
+
+https://git.ghostscript.com/?p=mupdf.git;a=commit;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731
+
+From 55c3f68d638ac1263a386e0aaa004bb6e8bde731 Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Mon, 11 Dec 2017 14:09:15 +0100
+Subject: [PATCH] Bugs 698804/698810/698811: Keep PDF object numbers below
+ limit.
+
+This ensures that:
+ * xref tables with objects pointers do not grow out of bounds.
+ * other readers, e.g. Adobe Acrobat can parse PDFs written by mupdf.
+---
+ include/mupdf/pdf/object.h |  3 +++
+ source/pdf/pdf-repair.c    |  5 +----
+ source/pdf/pdf-xref.c      | 21 ++++++++++++---------
+ 3 files changed, 16 insertions(+), 13 deletions(-)
+
+diff --git a/include/mupdf/pdf/object.h b/include/mupdf/pdf/object.h
+index 21ed8595..4177112b 100644
+--- a/include/mupdf/pdf/object.h
++++ b/include/mupdf/pdf/object.h
+@@ -3,6 +3,9 @@
+ 
+ typedef struct pdf_document_s pdf_document;
+ 
++/* Defined in PDF 1.7 according to Acrobat limit. */
++#define PDF_MAX_OBJECT_NUMBER 8388607
++
+ /*
+  * Dynamic objects.
+  * The same type of objects as found in PDF and PostScript.
+diff --git a/source/pdf/pdf-repair.c b/source/pdf/pdf-repair.c
+index ca149bd3..0c29758e 100644
+--- a/source/pdf/pdf-repair.c
++++ b/source/pdf/pdf-repair.c
+@@ -6,9 +6,6 @@
+ 
+ /* Scan file for objects and reconstruct xref table */
+ 
+-/* Define in PDF 1.7 to be 8388607, but mupdf is more lenient. */
+-#define MAX_OBJECT_NUMBER (10 << 20)
+-
+ struct entry
+ {
+ 	int num;
+@@ -436,7 +433,7 @@ pdf_repair_xref(fz_context *ctx, pdf_document *doc)
+ 					break;
+ 				}
+ 
+-				if (num <= 0 || num > MAX_OBJECT_NUMBER)
++				if (num <= 0 || num > PDF_MAX_OBJECT_NUMBER)
+ 				{
+ 					fz_warn(ctx, "ignoring object with invalid object number (%d %d R)", num, gen);
+ 					goto have_next_token;
+diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
+index 00586dbd..6284e70b 100644
+--- a/source/pdf/pdf-xref.c
++++ b/source/pdf/pdf-xref.c
+@@ -868,11 +868,12 @@ pdf_read_old_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf)
+ 			fz_seek(ctx, file, -(2 + (int)strlen(s)), SEEK_CUR);
+ 		}
+ 
+-		if (ofs < 0)
+-			fz_throw(ctx, FZ_ERROR_GENERIC, "out of range object num in xref: %d", (int)ofs);
+-		if (ofs > INT64_MAX - len)
+-			fz_throw(ctx, FZ_ERROR_GENERIC, "xref section object numbers too big");
+-
++		if (ofs < 0 || ofs > PDF_MAX_OBJECT_NUMBER
++				|| len < 0 || len > PDF_MAX_OBJECT_NUMBER
++				|| ofs + len - 1 > PDF_MAX_OBJECT_NUMBER)
++		{
++			fz_throw(ctx, FZ_ERROR_GENERIC, "xref subsection object numbers are out of range");
++		}
+ 		/* broken pdfs where size in trailer undershoots entries in xref sections */
+ 		if (ofs + len > xref_len)
+ 		{
+@@ -933,10 +934,8 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, in
+ 	pdf_xref_entry *table;
+ 	int i, n;
+ 
+-	if (i0 < 0 || i1 < 0 || i0 > INT_MAX - i1)
+-		fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index");
+-	//if (i0 + i1 > pdf_xref_len(ctx, doc))
+-	//	fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries");
++	if (i0 < 0 || i0 > PDF_MAX_OBJECT_NUMBER || i1 < 0 || i1 > PDF_MAX_OBJECT_NUMBER || i0 + i1 - 1 > PDF_MAX_OBJECT_NUMBER)
++		fz_throw(ctx, FZ_ERROR_GENERIC, "xref subsection object numbers are out of range");
+ 
+ 	table = pdf_xref_find_subsection(ctx, doc, i0, i1);
+ 	for (i = i0; i < i0 + i1; i++)
+@@ -2086,6 +2085,10 @@ pdf_create_object(fz_context *ctx, pdf_document *doc)
+ 	/* TODO: reuse free object slots by properly linking free object chains in the ofs field */
+ 	pdf_xref_entry *entry;
+ 	int num = pdf_xref_len(ctx, doc);
++
++	if (num > PDF_MAX_OBJECT_NUMBER)
++		fz_throw(ctx, FZ_ERROR_GENERIC, "too many objects stored in pdf");
++
+ 	entry = pdf_get_incremental_xref_entry(ctx, doc, num);
+ 	entry->type = 'f';
+ 	entry->ofs = -1;
+-- 
+2.16.1
+
diff --git a/gnu/packages/patches/p7zip-CVE-2017-17969.patch b/gnu/packages/patches/p7zip-CVE-2017-17969.patch
new file mode 100644
index 0000000000..51c24000e5
--- /dev/null
+++ b/gnu/packages/patches/p7zip-CVE-2017-17969.patch
@@ -0,0 +1,35 @@
+Fix CVE-2017-17969:
+
+https://sourceforge.net/p/p7zip/bugs/204/
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17969
+
+Patch copied from Debian.
+
+Subject: Heap-based buffer overflow in 7zip/Compress/ShrinkDecoder.cpp
+Origin: vendor, https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/27d7/attachment/CVE-2017-17969.patch
+Forwarded: https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/#27d7
+Bug: https://sourceforge.net/p/p7zip/bugs/204/
+Bug-Debian: https://bugs.debian.org/888297
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17969
+Author: Antoine Beaupré <anarcat@debian.org>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2018-02-01
+Applied-Upstream: 18.00-beta
+
+--- a/CPP/7zip/Compress/ShrinkDecoder.cpp
++++ b/CPP/7zip/Compress/ShrinkDecoder.cpp
+@@ -121,8 +121,13 @@ HRESULT CDecoder::CodeReal(ISequentialIn
+     {
+       _stack[i++] = _suffixes[cur];
+       cur = _parents[cur];
++      if (cur >= kNumItems || i >= kNumItems)
++        break;
+     }
+-    
++
++    if (cur >= kNumItems || i >= kNumItems)
++      break;
++
+     _stack[i++] = (Byte)cur;
+     lastChar2 = (Byte)cur;
+ 
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 5df7385e78..82347f00c5 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -572,7 +572,8 @@ extracting content or merging files.")
         (method url-fetch)
         (uri (string-append "https://mupdf.com/downloads/archive/"
                             name "-" version "-source.tar.xz"))
-        (patches (search-patches "mupdf-build-with-latest-openjpeg.patch"))
+        (patches (search-patches "mupdf-build-with-latest-openjpeg.patch"
+                                 "mupdf-CVE-2017-17858.patch"))
         (sha256
          (base32
           "0b9j0gqbc3jhmx87r6idcsh8lnb30840c3hyx6dk2gdjqqh3hysp"))
diff --git a/gnu/packages/perl-check.scm b/gnu/packages/perl-check.scm
index cbb2138a6e..c04344a70b 100644
--- a/gnu/packages/perl-check.scm
+++ b/gnu/packages/perl-check.scm
@@ -975,14 +975,14 @@ makes fork(2) safe to use in test cases.")
 (define-public perl-test-simple
   (package
     (name "perl-test-simple")
-    (version "1.302120")
+    (version "1.302122")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/E/EX/EXODIST/"
                                   "Test-Simple-" version ".tar.gz"))
               (sha256
                (base32
-                "0v1l0hfza9zlw3qj5l2mrzljy1sk02h3yqcb4kixdb2d5l4n08y8"))))
+                "117m707cbvrh01s3w6g371i9xvpnklifiqpcmky4f49jgck8izgm"))))
     (build-system perl-build-system)
     (synopsis "Basic utilities for writing tests")
     (description
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 40c6077951..8ee85f7db6 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -45,6 +45,7 @@
 ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
 ;;; Copyright © 2017 Muriithi Frederick Muriuki <fredmanglis@gmail.com>
 ;;; Copyright © 2017 Brendan Tildesley <brendan.tildesley@openmailbox.org>
+;;; Copyright © 2018 Ethan R. Jones <ethanrjones97@gmail.com
 ;;; Copyright © 2018 Fis Trivial <ybbs.daans@hotmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -5740,15 +5741,13 @@ should be stored on various operating systems.")
 (define-public python-llfuse
   (package
     (name "python-llfuse")
-    (version "1.2")
+    (version "1.3.2")
     (source (origin
               (method url-fetch)
-              (uri (string-append
-                    "https://bitbucket.org/nikratio/python-llfuse/downloads/"
-                    "llfuse-" version ".tar.bz2"))
+              (uri (pypi-uri "llfuse" version ".tar.bz2"))
               (sha256
                (base32
-                "11hms1x68bf1bqbqy7w3wpffqsd3jkgricmzrc1hrnwkswfzzlr4"))))
+                "0qxvnbz41bpvpc1vbi8qkhmpr9gj1qrrp5jdj085iqibd8l2l9cn"))))
     (build-system python-build-system)
     (inputs
      `(("fuse" ,fuse)
@@ -12502,3 +12501,142 @@ style guide, even if the original code didn't violate the style guide.")
 
 (define-public python2-yapf
   (package-with-python2 python-yapf))
+
+(define-public python-gyp
+  (let ((commit "5e2b3ddde7cda5eb6bc09a5546a76b00e49d888f")
+        (revision "0"))
+    (package
+      (name "python-gyp")
+      ;; Google does not release versions,
+      ;; based on second most recent commit date.
+      (version (git-version "0.0.0" revision commit))
+      (source
+       (origin
+         ;; Google does not release tarballs,
+         ;; git checkout is needed.
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://chromium.googlesource.com/external/gyp")
+               (commit commit)))
+         (file-name (git-file-name name version))
+         (sha256
+          (base32
+           "0fr7nxcrk292djmxzpcjaphnsd123k31gp8jnd91vwknhq6snmv9"))))
+      (build-system python-build-system)
+      (home-page "https://gyp.gsrc.io/")
+      (synopsis "GYP is a Meta-Build system")
+      (description
+       "GYP builds build systems for large, cross platform applications.
+It can be used to generate XCode projects, Visual Studio projects, Ninja build
+files, and Makefiles.")
+      (license license:bsd-3))))
+
+(define-public python2-gyp
+  (package-with-python2 python-gyp))
+
+(define-public python-whatever
+  (package
+    (name "python-whatever")
+    (version "0.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/Suor/whatever/archive/" version
+                           ".tar.gz"))
+       (sha256
+        (base32
+         "1iqvnaf0zpc6b4rvbqq4xy45mszcscyzpzknv8wg6j84pbp22sap"))
+       (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+        (replace 'check
+          (lambda _
+            (invoke "py.test"))))))
+    (native-inputs
+     `(("python-pytest" ,python-pytest)))
+    (home-page "http://github.com/Suor/whatever")
+    (synopsis "Make anonymous functions by partial application of operators")
+    (description "@code{whatever} provides an easy way to make anonymous
+functions by partial application of operators.")
+    (license license:bsd-3)))
+
+(define-public python2-whatever
+  (package-with-python2 python-whatever))
+
+(define-public python-funcy
+  (package
+    (name "python-funcy")
+    (version "1.10")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/Suor/funcy/archive/" version
+                           ".tar.gz"))
+       (sha256
+        (base32
+         "1fanxivsip29vgarw6dn39xym3q4pbxcpa11plpp548lvxajpahz"))
+       (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (replace 'check
+           (lambda _
+             (invoke "py.test"))))))
+    (native-inputs
+     `(("python-pytest" ,python-pytest)
+       ("python-pytest-warnings" ,python-pytest-warnings)
+       ("python-whatever" ,python-whatever)))
+    (home-page "http://github.com/Suor/funcy")
+    (synopsis "Functional tools")
+    (description "@code{funcy} is a library that provides functional tools.
+Examples are:
+@enumerate
+@item merge - Merges collections of the same type
+@item walk - Type-preserving map
+@item select - Selects a part of a collection
+@item take - Takes the first n items of a collection
+@item first - Takes the first item of a collection
+@item remove - Predicated-removes items of a collection
+@item concat - Concatenates two collections
+@item flatten - Flattens a collection with subcollections
+@item distinct - Returns only distinct items
+@item split - Predicated-splits a collection
+@item split_at - Splits a collection at a given item
+@item group_by - Groups items by group
+@item pairwise - Pairs off adjacent items
+@item partial - Partially-applies a function
+@item curry - Curries a function
+@item compose - Composes functions
+@item complement - Complements a predicate
+@item all_fn - \"all\" with predicate
+@end enumerate")
+    (license license:bsd-3)))
+
+(define-public python2-funcy
+  (package-with-python2 python-funcy))
+
+(define-public python-isoweek
+  (package
+    (name "python-isoweek")
+    (version "1.3.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "isoweek" version))
+       (sha256
+        (base32
+         "1s7zsf0pab0l9gn6456qadnz5i5h90hafcjwnhx5mq23qjxggwvk"))))
+    (build-system python-build-system)
+    (home-page "https://github.com/gisle/isoweek")
+    (synopsis "Objects representing a week")
+    (description "The @code{isoweek} module provide the class Week that
+implements the week definition of ISO 8601.  This standard also defines
+a notation for identifying weeks; yyyyWww (where the W is a literal).
+Week instances stringify to this form.")
+    (license license:bsd-3)))
+
+(define-public python2-isoweek
+  (package-with-python2 python-isoweek))
diff --git a/gnu/packages/rdf.scm b/gnu/packages/rdf.scm
index 5342dbbffb..4d8b1d1d88 100644
--- a/gnu/packages/rdf.scm
+++ b/gnu/packages/rdf.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -238,14 +239,14 @@ and triple stores.")
 (define-public serd
   (package
     (name "serd")
-    (version "0.26.0")
+    (version "0.28.0")
     (source (origin
              (method url-fetch)
              (uri (string-append "http://download.drobilla.net/serd-"
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "164j43am4hka2vbzw4n52zy7rafgp6kmkgbcbvap368az644mr73"))))
+               "1v4ai4zyj1q3255nghicns9817jkwb3bh60ssprsjmnjfj41mwhx"))))
     (build-system waf-build-system)
     (arguments
      `(#:tests? #f ; no check target
diff --git a/gnu/packages/sawfish.scm b/gnu/packages/sawfish.scm
index ebb8c5e1f0..9f9264457d 100644
--- a/gnu/packages/sawfish.scm
+++ b/gnu/packages/sawfish.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -37,14 +38,14 @@
 (define-public librep
   (package
     (name "librep")
-    (version "0.92.6")
+    (version "0.92.7")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://download.tuxfamily.org/" name "/"
                                   name "_" version ".tar.xz"))
               (sha256
                (base32
-                "1k6c0hmyzxh8459r790slh9vv9vwy9d7w3nlmrqypbx9mk855hgy"))))
+                "1bmcjl1x1rdh514q9z3hzyjmjmwwwkziipjpjsl301bwmiwrd8a8"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases (modify-phases %standard-phases
diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm
index 33f5a9451b..ca885c690c 100644
--- a/gnu/packages/scheme.scm
+++ b/gnu/packages/scheme.scm
@@ -200,14 +200,14 @@ features an integrated Emacs-like editor and a large runtime library.")
 (define-public bigloo
   (package
     (name "bigloo")
-    (version "4.3a")
+    (version "4.3b")
     (source (origin
              (method url-fetch)
              (uri (string-append "ftp://ftp-sop.inria.fr/indes/fp/Bigloo/bigloo"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "03rcqs6kvy2j5lqk4fidqay5qfyp474qqspbh6wk4qdbds6w599w"))
+               "1xpzxjlq5g8j3jrb908kfaaa0pkynk4rd083hzvb08amhy68sx07"))
              ;; Remove bundled libraries.
              (modules '((guix build utils)))
              (snippet
@@ -229,34 +229,37 @@ features an integrated Emacs-like editor and a large runtime library.")
                ((", @DATE@") ""))
              (substitute* "autoconf/osversion"
                (("^version.*$") "version=\"\"\n"))
+             (substitute* "comptime/Makefile"
+               (("\\$\\(LDCOMPLIBS\\)")
+                "$(LDCOMPLIBS) $(LDFLAGS)"))
 
              ;; The `configure' script doesn't understand options
              ;; of those of Autoconf.
              (let ((out (assoc-ref outputs "out")))
-               (zero?
-                (system* "./configure"
-                         (string-append "--prefix=" out)
-                         ; use system libraries
-                         "--customgc=no"
-                         "--customunistring=no"
-                         "--customlibuv=no"
-                         (string-append"--mv=" (which "mv"))
-                         (string-append "--rm=" (which "rm"))
-                         "--cflags=-fPIC"
-                         (string-append "--ldflags=-Wl,-rpath="
-                                        (assoc-ref outputs "out")
-                                        "/lib/bigloo/" ,version)
-                         (string-append "--lispdir=" out
-                                        "/share/emacs/site-lisp")
-                         "--sharedbde=yes"
-                         "--sharedcompiler=yes")))))
+               (invoke "./configure"
+                       (string-append "--prefix=" out)
+                       ; use system libraries
+                       "--customgc=no"
+                       "--customunistring=no"
+                       "--customlibuv=no"
+                       (string-append"--mv=" (which "mv"))
+                       (string-append "--rm=" (which "rm"))
+                       "--cflags=-fPIC"
+                       (string-append "--ldflags=-Wl,-rpath="
+                                      (assoc-ref outputs "out")
+                                      "/lib/bigloo/" ,version)
+                       (string-append "--lispdir=" out
+                                      "/share/emacs/site-lisp")
+                       "--sharedbde=yes"
+                       "--sharedcompiler=yes"
+                       "--disable-patch"))))
          (add-after 'install 'install-emacs-modes
            (lambda* (#:key outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
                     (dir (string-append out "/share/emacs/site-lisp")))
-               (zero? (system* "make" "-C" "bmacs" "all" "install"
-                               (string-append "EMACSBRAND=emacs25")
-                               (string-append "EMACSDIR=" dir)))))))))
+               (invoke "make" "-C" "bmacs" "all" "install"
+                       (string-append "EMACSBRAND=emacs25")
+                       (string-append "EMACSDIR=" dir))))))))
     (inputs
      `(("emacs" ,emacs)                      ;UDE needs the X version of Emacs
        ("libgc" ,libgc)
diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm
index 5df9644dfc..80202e6814 100644
--- a/gnu/packages/shells.scm
+++ b/gnu/packages/shells.scm
@@ -648,14 +648,14 @@ Shell (pdksh).")
 (define-public oil-shell
   (package
     (name "oil-shell")
-    (version "0.3.0")
+    (version "0.4.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.oilshell.org/download/oil-"
                                   version ".tar.xz"))
               (sha256
                (base32
-                "0j4fyn6xjaf29xqyzm09ahazmq9v1hkxv4kps7n3lzdfr32a4kk9"))))
+                "0ca68n46mhibarpfinqfkim6p3xmbz5rrpl4qr3sj9y0q6wm7sa2"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f ; the tests are not distributed in the tarballs
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 793dcf8dc5..b439094c26 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
@@ -62,35 +62,40 @@
   #:use-module (srfi srfi-1))
 
 (define-public libssh
-  (package
-    (name "libssh")
-    (version "0.7.5")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "https://red.libssh.org/attachments/download/218/libssh-"
-                    version ".tar.xz"))
-              (sha256
-               (base32
-                "15bh6dm9c50ndddzh3gqcgw7axp3ghrspjpkb1z3dr90vkanvs2l"))
-              (patches (search-patches "libssh-hostname-parser-bug.patch"))))
-    (build-system cmake-build-system)
-    (outputs '("out" "debug"))
-    (arguments
-     '(#:configure-flags '("-DWITH_GCRYPT=ON")
-
-       ;; TODO: Add 'CMockery' and '-DWITH_TESTING=ON' for the test suite.
-       #:tests? #f))
-    (inputs `(("zlib" ,zlib)
-              ("libgcrypt" ,libgcrypt)))
-    (synopsis "SSH client library")
-    (description
-     "libssh is a C library implementing the SSHv2 and SSHv1 protocol for
+  ;; This commit from the 'v0-7' branch contains 7 memory-management-related
+  ;; bug fixes that we'd rather have.
+  (let ((commit "239d0f75b5f909174c2ef7fb08d23bcfa6b20ba0")
+        (revision "0"))
+    (package
+      (name "libssh")
+      (version (git-version "0.7.5" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://git.libssh.org/projects/libssh.git")
+                      (commit commit)))
+                (sha256
+                 (base32
+                  "01w72w1jsgs9ilj3n1gp6qkmdxr9n74i5h2nipi3x1vzm7bv8na1"))
+                (patches (search-patches "libssh-hostname-parser-bug.patch"))
+                (file-name (git-file-name name version))))
+      (build-system cmake-build-system)
+      (outputs '("out" "debug"))
+      (arguments
+       '(#:configure-flags '("-DWITH_GCRYPT=ON")
+
+         ;; TODO: Add 'CMockery' and '-DWITH_TESTING=ON' for the test suite.
+         #:tests? #f))
+      (inputs `(("zlib" ,zlib)
+                ("libgcrypt" ,libgcrypt)))
+      (synopsis "SSH client library")
+      (description
+       "libssh is a C library implementing the SSHv2 and SSHv1 protocol for
 client and server implementations.  With libssh, you can remotely execute
 programs, transfer files, and use a secure and transparent tunnel for your
 remote applications.")
-    (home-page "https://www.libssh.org")
-    (license license:lgpl2.1+)))
+      (home-page "https://www.libssh.org")
+      (license license:lgpl2.1+))))
 
 (define-public libssh2
   (package
diff --git a/gnu/packages/syncthing.scm b/gnu/packages/syncthing.scm
index 3fb70d13da..f5e5bb85be 100644
--- a/gnu/packages/syncthing.scm
+++ b/gnu/packages/syncthing.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Petter <petter@mykolab.ch>
-;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2017, 2018 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -28,7 +28,7 @@
 (define-public syncthing
   (package
     (name "syncthing")
-    (version "0.14.43")
+    (version "0.14.44")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/syncthing/syncthing"
@@ -36,7 +36,11 @@
                                   "/syncthing-source-v" version ".tar.gz"))
               (sha256
                (base32
-                "175xkc4i00axxljc5kgkr30lm1s9hfmz0hrzrsl91rpwpbh500mv"))))
+                "0fxq52w1b05928xp0a333rg23fabj0nykgg7v4gz01f3vrxyydi1"))
+              (modules '((guix build utils)))
+              ;; Delete bundled ("vendored") free software source code.
+              (snippet
+                '(delete-file-recursively "vendor"))))
     (build-system go-build-system)
     ;; The primary Syncthing executable goes to "out", while the auxiliary
     ;; server programs and utility tools go to "utils".  This reduces the size
@@ -49,18 +53,6 @@
        #:install-source? #f
        #:phases
        (modify-phases %standard-phases
-         (add-after 'unpack 'delete-bundled-source-code
-           (lambda _
-             ;; Keep the bundled cznic libraries. There are some "internal"
-             ;; cznic libraries that complicate the use of non-bundled copies.
-             (rename-file "src/github.com/syncthing/syncthing/vendor/github.com/cznic"
-                          "cznic")
-             (delete-file-recursively "src/github.com/syncthing/syncthing/vendor")
-             (mkdir-p "src/github.com/syncthing/syncthing/vendor/github.com/")
-             (rename-file "cznic"
-                          "src/github.com/syncthing/syncthing/vendor/github.com/cznic")
-             #t))
-
          (add-before 'build 'increase-test-timeout
            (lambda _
              (substitute* "src/github.com/syncthing/syncthing/build.go"
@@ -129,11 +121,9 @@
        ("go-github-com-calmh-xdr" ,go-github-com-calmh-xdr)
        ("go-github-com-ccding-go-stun"
         ,go-github-com-ccding-go-stun)
+       ("go-github-com-prometheus-union" ,(go-github-com-prometheus-union))
        ("go-github-com-chmduquesne-rollinghash-adler32"
         ,go-github-com-chmduquesne-rollinghash-adler32)
-;       ("go-github-com-cznic-ql" ,go-github-com-cznic-ql) ; bundled
-       ; Used by bundled ql
-       ("go-github-com-edsrzf-mmap-go" ,go-github-com-edsrzf-mmap-go)
        ("go-github-com-gobwas-glob" ,go-github-com-gobwas-glob)
        ("go-github-com-gogo-protobuf-union"
         ,(go-github-com-gogo-protobuf-union))
@@ -358,8 +348,8 @@ structs in the Go programming language.")
     (license (package-license go-github-com-gogo-protobuf))))
 
 (define-public go-github-com-gogo-protobuf
-  (let ((commit "35b81a066e522fb86ece043a8ef1dbfa10b4fed1")
-        (revision "1"))
+  (let ((commit "160de10b2537169b5ae3e7e221d28269ef40d311")
+        (revision "2"))
     (package
       (name "go-github-com-gogo-protobuf")
       (version (git-version "0.5" revision commit))
@@ -371,7 +361,7 @@ structs in the Go programming language.")
                 (file-name (git-file-name name version))
                 (sha256
                  (base32
-                  "194k6cls2g654df54x5rzrn5nqrfk8yz1jymm667ajjvzcplidja"))))
+                  "0hxq28sgxym04rv0q40gpwkh4ni359q21hq3g78wwxwx4qfd4zwm"))))
       (build-system go-build-system)
       (arguments
        `(#:import-path "github.com/gogo/protobuf/proto"
@@ -1853,8 +1843,8 @@ Authentication and Privacy Infrastructure).")
       (license asl2.0))))
 
 (define-public go-github-com-zillode-notify
-  (let ((commit "8fff849a2026ce7a59f67ed9747dd9c7adc8bd0b")
-        (revision "1"))
+  (let ((commit "a8abcfb1ce88ee8d79a300ed65d94b8fb616ddb3")
+        (revision "2"))
     (package
       (name "go-github-com-zillode-notify")
       (version (git-version "0.0.0" revision commit))
@@ -1866,7 +1856,7 @@ Authentication and Privacy Infrastructure).")
                 (file-name (git-file-name name version))
                 (sha256
                  (base32
-                  "1aazci21y85k1c02dlvdfx926vxb3j4i96fn27s7zxmqjlk7l3ga"))))
+                  "031pmbvm0xj4f4fak7im0ywmyn3hns538zlbdj4f23jj69zqdy7k"))))
       (build-system go-build-system)
       (arguments
        '(#:import-path "github.com/zillode/notify"))
@@ -1927,3 +1917,281 @@ notification library in Go.")
 Erasure Coding in Go.")
     (home-page "https://github.com/klauspost/reedsolomon")
     (license expat))))
+
+(define-public go-github-com-beorn7-perks-quantile
+  (let ((commit "4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9")
+        (revision "0"))
+    (package
+      (name "go-github-com-beorn7-perks-quantile")
+      (version (git-version "0.0.0" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                       (url "https://github.com/beorn7/perks.git")
+                       (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32
+                  "1hrybsql68xw57brzj805xx2mghydpdiysv3gbhr7f5wlxj2514y"))))
+      (build-system go-build-system)
+      (arguments
+       '(#:import-path "github.com/beorn7/perks/quantile"
+         #:unpack-path "github.com/beorn7/perks"))
+      (synopsis "Compute approximate quantiles over an unbounded data stream")
+      (description "Perks contains the Go package @code{quantile} that computes
+approximate quantiles over an unbounded data stream within low memory and CPU
+bounds.")
+      (home-page "https://github.com/beorn7/perks")
+      (license expat))))
+
+(define-public go-github-com-golang-protobuf-proto
+  (let ((commit "1e59b77b52bf8e4b449a57e6f79f21226d571845")
+        (revision "0"))
+    (package
+      (name "go-github-com-golang-protobuf-proto")
+      (version (git-version "0.0.0" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                       (url "https://github.com/golang/protobuf.git")
+                       (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32
+                  "19bkh81wnp6njg3931wky6hsnnl2d1ig20vfjxpv450sd3k6yys8"))))
+      (build-system go-build-system)
+      (arguments
+       '(#:import-path "github.com/golang/protobuf/proto"
+         #:unpack-path "github.com/golang/protobuf"
+         #:tests? #f ; requires unpackaged golang.org/x/sync/errgroup
+         ))
+      (synopsis "Go support for Protocol Buffers")
+      (description "This package provides Go support for the Protocol Buffers
+data serialization format.")
+      (home-page "https://github.com/golang/protobuf")
+      (license bsd-3))))
+
+(define-public go-github-com-prometheus-client-model-go
+  (let ((commit "99fa1f4be8e564e8a6b613da7fa6f46c9edafc6c")
+        (revision "0"))
+    (package
+      (name "go-github-com-prometheus-client-model-go")
+      (version (git-version "0.0.2" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                       (url "https://github.com/prometheus/client_model.git")
+                       (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32
+                  "19y4ywsivhpxj7ikf2j0gm9k3cmyw37qcbfi78n526jxcc7kw998"))))
+      (build-system go-build-system)
+      (arguments
+       '(#:import-path "github.com/prometheus/client_model/go"
+         #:unpack-path "github.com/prometheus/client_model"))
+      (propagated-inputs
+       `(("go-github-com-golang-protobuf-proto"
+          ,go-github-com-golang-protobuf-proto)))
+      (synopsis "Data model artifacts for Prometheus")
+      (description "This package provides data model artifacts for Prometheus.")
+      (home-page "https://github.com/prometheus/client_model")
+      (license asl2.0))))
+
+(define-public go-github-com-matttproud-golang-protobuf-extensions-pbutil
+  (let ((commit "c12348ce28de40eed0136aa2b644d0ee0650e56c")
+        (revision "0"))
+    (package
+      (name "go-github-com-matttproud-golang-protobuf-extensions-pbutil")
+      (version (git-version "1.0.0" revision commit))
+      (source
+        (origin
+          (method git-fetch)
+          (uri
+            (git-reference
+              (url "https://github.com/matttproud/golang_protobuf_extensions.git")
+              (commit commit)))
+          (file-name (git-file-name name version))
+          (sha256
+           (base32
+            "1d0c1isd2lk9pnfq2nk0aih356j30k3h1gi2w0ixsivi5csl7jya"))))
+      (build-system go-build-system)
+      (arguments
+       '(#:import-path "github.com/matttproud/golang_protobuf_extensions/pbutil"
+         #:unpack-path "github.com/matttproud/golang_protobuf_extensions"))
+      (propagated-inputs
+       `(("go-github-com-golang-protobuf-proto"
+          ,go-github-com-golang-protobuf-proto)))
+      (synopsis "Streaming Protocol Buffers in Go")
+      (description "This package provides various Protocol Buffer
+extensions for the Go language, namely support for record length-delimited
+message streaming.")
+      (home-page "https://github.com/matttproud/golang_protobuf_extensions")
+      (license asl2.0))))
+
+(define-public go-github-com-prometheus-common-expfmt
+  (let ((commit "2e54d0b93cba2fd133edc32211dcc32c06ef72ca")
+        (revision "0"))
+    (package
+      (name "go-github-com-prometheus-common-expfmt")
+      (version (git-version "0.0.0" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                       (url "https://github.com/prometheus/common.git")
+                       (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32
+                  "14kn5w7imcxxlfdqxl21fsnlf1ms7200g3ldy29hwamldv8qlm7j"))))
+      (build-system go-build-system)
+      (arguments
+       '(#:import-path "github.com/prometheus/common/expfmt"
+         #:unpack-path "github.com/prometheus/common"
+         #:phases
+         (modify-phases %standard-phases
+           (add-before 'reset-gzip-timestamps 'make-gzip-archive-writable
+             (lambda* (#:key outputs #:allow-other-keys)
+               (map (lambda (file)
+                      (make-file-writable file))
+                    (find-files
+                      (string-append (assoc-ref outputs "out")
+                                     "/src/github.com/prometheus/common/expfmt/testdata/")
+                      ".*\\.gz$"))
+               #t)))))
+      (propagated-inputs
+       `(("go-github-com-golang-protobuf-proto"
+          ,go-github-com-golang-protobuf-proto)
+         ("go-github-com-matttproud-golang-protobuf-extensions-pbutil"
+          ,go-github-com-matttproud-golang-protobuf-extensions-pbutil)
+         ("go-github-com-prometheus-client-model-go"
+          ,go-github-com-prometheus-client-model-go)))
+      (synopsis "Prometheus metrics")
+      (description "This package provides tools for reading and writing
+Prometheus metrics.")
+      (home-page "https://github.com/prometheus/common")
+      (license asl2.0))))
+
+(define-public go-github-com-prometheus-procfs
+  (let ((commit "b15cd069a83443be3154b719d0cc9fe8117f09fb")
+        (revision "0"))
+    (package
+      (name "go-github-com-prometheus-procfs")
+      (version (git-version "0.0.0" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                       (url "https://github.com/prometheus/procfs.git")
+                       (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32
+                  "1cr45wg2m40bj2za8f32mq09rjlcnk5kfam0h0hr8wcb015k4wxj"))))
+      (build-system go-build-system)
+      (arguments
+       '(#:import-path "github.com/prometheus/procfs"))
+      (synopsis "Go library for reading @file{/proc}")
+      (description "This Go package @code{procfs} provides functions to retrieve
+system, kernel and process metrics from the pseudo-filesystem @file{/proc}.")
+      (home-page "https://github.com/prometheus/procfs")
+      (license asl2.0))))
+
+(define-public go-github-com-client-golang-prometheus-promhttp
+  (let ((commit "180b8fdc22b4ea7750bcb43c925277654a1ea2f3")
+        (revision "0"))
+    (package
+      (name "go-github-com-client-golang-prometheus-promhttp")
+      (version (git-version "0.0.0" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                       (url "https://github.com/prometheus/client_golang.git")
+                       (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32
+                  "1kkfx1j9ka18ydsmdi2cdy3hs39c22b39mbc4laykmj2x93lmbdp"))))
+      (build-system go-build-system)
+      (arguments
+       '(#:tests? #f ; The tests require internet access
+         #:import-path "github.com/prometheus/client_golang/prometheus/promhttp"
+         #:unpack-path "github.com/prometheus/client_golang"))
+      (propagated-inputs
+       `(("go-github-com-beorn7-perks-quantile"
+          ,go-github-com-beorn7-perks-quantile)
+         ("go-github-com-golang-protobuf-proto"
+          ,go-github-com-golang-protobuf-proto)
+         ("go-github-com-prometheus-client-model-go"
+          ,go-github-com-prometheus-client-model-go)
+         ("go-github-com-prometheus-common-expfmt"
+          ,go-github-com-prometheus-common-expfmt)
+         ("go-github-com-prometheus-procfs" ,go-github-com-prometheus-procfs)))
+      (synopsis "HTTP server and client tools for Prometheus")
+      (description "This package @code{promhttp} provides HTTP client and
+server tools for Prometheus metrics.")
+      (home-page "https://github.com/prometheus/client_golang")
+      (license asl2.0))))
+
+(define-public go-github-com-client-golang-prometheus
+  (let ((commit "180b8fdc22b4ea7750bcb43c925277654a1ea2f3")
+        (revision "0"))
+    (package
+      (name "go-github-com-prometheus-client-golang-prometheus")
+      (version (git-version "0.0.0" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                       (url "https://github.com/prometheus/client_golang.git")
+                       (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32
+                  "1kkfx1j9ka18ydsmdi2cdy3hs39c22b39mbc4laykmj2x93lmbdp"))))
+      (build-system go-build-system)
+      (arguments
+       '(#:import-path "github.com/prometheus/client_golang/prometheus"
+         #:unpack-path "github.com/prometheus/client_golang"))
+      (propagated-inputs
+       `(("go-github-com-beorn7-perks-quantile"
+          ,go-github-com-beorn7-perks-quantile)
+         ("go-github-com-golang-protobuf-proto"
+          ,go-github-com-golang-protobuf-proto)
+         ("go-github-com-prometheus-client-model-go"
+          ,go-github-com-prometheus-client-model-go)
+         ("go-github-com-prometheus-common-expfmt"
+          ,go-github-com-prometheus-common-expfmt)
+         ("go-github-com-prometheus-procfs" ,go-github-com-prometheus-procfs)
+         ("go-github-com-client-golang-prometheus-promhttp"
+          ,go-github-com-client-golang-prometheus-promhttp)))
+      (synopsis "Prometheus instrumentation library for Go applications")
+      (description "This package provides the Go client library for the
+Prometheus monitoring and alerting system.  It has two separate parts, one for
+instrumenting application code, and one for creating clients that talk to the
+Prometheus HTTP API.")
+      (home-page "https://github.com/prometheus/client_golang")
+      (license asl2.0))))
+
+(define* (go-github-com-prometheus-union
+           #:optional (packages (list go-github-com-client-golang-prometheus
+                                      go-github-com-client-golang-prometheus-promhttp)))
+  (package
+    (name "go-github-com-prometheus-union")
+    (version (package-version go-github-com-client-golang-prometheus))
+    (source #f)
+    (build-system trivial-build-system)
+    (arguments
+     '(#:modules ((guix build union))
+       #:builder (begin
+                   (use-modules (ice-9 match)
+                                (guix build union))
+                   (match %build-inputs
+                     (((names . directories) ...)
+                      (union-build (assoc-ref %outputs "out")
+                                   directories))))))
+    (inputs (map (lambda (package)
+                   (list (package-name package) package))
+                 packages))
+    (synopsis "Union of Go Prometheus libraries")
+    (description "This is a union of Go Prometheus libraries")
+    (home-page (package-home-page go-github-com-client-golang-prometheus))
+    (license (package-license go-github-com-client-golang-prometheus))))
diff --git a/gnu/packages/tcl.scm b/gnu/packages/tcl.scm
index 5310655ce2..8988cdc3b1 100644
--- a/gnu/packages/tcl.scm
+++ b/gnu/packages/tcl.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -86,7 +87,7 @@
 (define-public expect
   (package
     (name "expect")
-    (version "5.45.3")
+    (version "5.45.4")
     (source
      (origin
       (method url-fetch)
@@ -94,7 +95,7 @@
                           version "/expect" version ".tar.gz"))
       (sha256
        (base32
-        "1s9ba7m0bmg6brn4x030y2xg7hqara1fr4hlrrllm54mf5xp2865"))))
+        "0d1cp5hggjl93xwc8h1y6adbnrvpkk0ywkd00inz9ndxn21xm9s9"))))
     (build-system gnu-build-system)
     (inputs
      `(;; TODO: Add these optional dependencies.
diff --git a/gnu/packages/upnp.scm b/gnu/packages/upnp.scm
index 41f9411281..5e2c990469 100644
--- a/gnu/packages/upnp.scm
+++ b/gnu/packages/upnp.scm
@@ -29,14 +29,14 @@
 (define-public miniupnpc
   (package
     (name "miniupnpc")
-    (version "2.0.20171212")
+    (version "2.0.20180203")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://miniupnp.tuxfamily.org/files/"
                            name "-" version ".tar.gz"))
        (sha256
-        (base32 "0za7pr6hrr3ajkifirhhxfn3hlhl06f622g8hnj5h8y18sp3bwff"))))
+        (base32 "1dr0qaf2qz49aawgsnv7l41rda5yvdk3qfz2hd5cv9iwav3sipch"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("python" ,python-2)))
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 9234fa8c68..c8e7ce1ee8 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2015, 2016 Mathieu Lirzin <mthl@gnu.org>
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014, 2016 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017, 2018 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2015 Kyle Meyer <kyle@kyleam.com>
 ;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
@@ -1456,7 +1456,7 @@ modification time.")
 (define-public myrepos
   (package
     (name "myrepos")
-    (version "1.20170129")
+    (version "1.20171231")
     (source
      (origin
        (method git-fetch)
@@ -1465,7 +1465,7 @@ modification time.")
              (commit version)))
        (file-name (string-append name "-" version "-checkout"))
        (sha256
-        (base32 "15i9bs2i25l7ibv530ghy8280kklcgm5kr6j86s7iwcqqckd0czp"))))
+        (base32 "10q7lpx152xnkk701fscn4dq99q9znnmv3bc2482khhjg7z8rps0"))))
     (build-system gnu-build-system)
     (inputs
      `(("perl" ,perl)))
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index e224a3d8cf..931e6390c4 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2015 Andy Patterson <ajpatter@uwaterloo.ca>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2015, 2016, 2017 Alex Vong <alexvong1995@gmail.com>
+;;; Copyright © 2015, 2016, 2017, 2018 Alex Vong <alexvong1995@gmail.com>
 ;;; Copyright © 2016, 2017 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2016 Dmitry Nikolaev <cameltheman@gmail.com>
@@ -1018,6 +1018,9 @@ SVCD, DVD, 3ivx, DivX 3/4/5, WMV and H.264 movies.")
               (sha256
                (base32
                 "1d2p6k3y9lqx8bpdal4grrj8ljy7pvd8qgdq8004fmr38afmbb7f"))
+              (patches (search-patches "mpv-CVE-2018-6360-1.patch"
+                                       "mpv-CVE-2018-6360-2.patch"
+                                       "mpv-CVE-2018-6360-3.patch"))
               (file-name (string-append name "-" version ".tar.gz"))))
     (build-system waf-build-system)
     (native-inputs
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 1e54f9b95b..65fc9e40e6 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -177,7 +177,7 @@ Interface} specification.")
 (define-public nginx
   (package
     (name "nginx")
-    ;; Consider updating the nginx-docs package if the nginx package is
+    ;; Consider updating the nginx-documentation package if the nginx package is
     ;; updated.
     (version "1.13.8")
     (source (origin
@@ -310,13 +310,13 @@ documentation.")
       (license l:bsd-2))))
 
 (define-public nginx-documentation
-  ;; This documentation should be relevant for nginx-1.12.0
-  (let ((revision 1961)
-        (changeset "dd4b6c564e10"))
+  ;; This documentation should be relevant for nginx@1.13.8.
+  (let ((revision 2100)
+        (changeset "cfb7bd672d77"))
     (package
       (name "nginx-documentation")
       (version
-       (simple-format #f "2017-04-12-~A-~A" revision changeset))
+       (simple-format #f "2018-01-22-~A-~A" revision changeset))
       (source
        (origin (method hg-fetch)
                (uri (hg-reference
@@ -325,13 +325,13 @@ documentation.")
                (file-name (string-append name "-" version))
                (sha256
                 (base32
-                 "0rycfnnm2xkm777769h1zib428q45j64mx8nzzfzs4v07jbfc8m5"))))
+                 "096fcsc0wnfr847m7dwp17rivd3alxq7v9hq9s5lkfbhylmh18vm"))))
       (build-system gnu-build-system)
       (arguments
-       '(#:tests? #f  ; No test suite
+       '(#:tests? #f                    ; no test suite
          #:phases
          (modify-phases %standard-phases
-           (delete 'configure)
+           (delete 'configure)          ; no configure script
            (replace 'build
              (lambda* (#:key outputs #:allow-other-keys)
                (let ((output (assoc-ref outputs "out")))
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 7e80e411dd..8bd8847ad9 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5923,7 +5923,7 @@ basic eye-candy effects.")
 (define-public xpra
   (package
     (name "xpra")
-    (version "2.2.3")
+    (version "2.2.4")
     (source
      (origin
        (method url-fetch)
@@ -5931,7 +5931,7 @@ basic eye-candy effects.")
                            version ".tar.xz"))
        (sha256
         (base32
-         "03cq16cfffm5f62g1xc3makr03b5wjjfy6zlwag70pc3g0k6n6jh"))))
+         "0v8yflvisk94bfj0zg4ggdfwrig0f3ss9kjnws3zflsr33cb2hxy"))))
     (build-system python-build-system)
     (inputs `(("ffmpeg" ,ffmpeg)
               ("flac" ,flac)
diff --git a/guix/build-system/emacs.scm b/guix/build-system/emacs.scm
index 02296829c6..d9f1a8d289 100644
--- a/guix/build-system/emacs.scm
+++ b/guix/build-system/emacs.scm
@@ -82,7 +82,8 @@
 
 (define* (emacs-build store name inputs
                       #:key source
-                      (tests? #t)
+                      (tests? #f)
+                      (parallel-tests? #t)
                       (test-target "test")
                       (configure-flags ''())
                       (phases '(@ (guix build emacs-build-system)
diff --git a/guix/build/emacs-build-system.scm b/guix/build/emacs-build-system.scm
index bd0d2e0266..b779847424 100644
--- a/guix/build/emacs-build-system.scm
+++ b/guix/build/emacs-build-system.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch>
 ;;; Copyright © 2016 David Thompson <davet@gnu.org>
 ;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
+;;; Copyright © 2018 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -42,7 +43,8 @@
 ;; Directory suffix where we install ELPA packages.  We avoid ".../elpa" as
 ;; Emacs expects to find the ELPA repository 'archive-contents' file and the
 ;; archive signature.
-(define %install-suffix "/share/emacs/site-lisp/guix.d")
+(define %legacy-install-suffix "/share/emacs/site-lisp")
+(define %install-suffix (string-append %legacy-install-suffix "/guix.d"))
 
 ;; These are the default inclusion/exclusion regexps for the install phase.
 (define %default-include '("^[^/]*\\.el$" "^[^/]*\\.info$" "^doc/.*\\.info$"))
@@ -72,38 +74,63 @@ archive, a directory, or an Emacs Lisp file."
         #t)
       (gnu:unpack #:source source)))
 
+(define* (set-emacs-load-path #:key inputs #:allow-other-keys)
+  "Set the EMACSLOADPATH environment variable so that dependencies are found."
+  (let* ((input-elisp-dirs (emacs-inputs-el-directories
+                            (emacs-inputs-directories inputs)))
+         (emacs-load-path-value (string-join
+                                 input-elisp-dirs ":" 'suffix)))
+    (setenv "EMACSLOADPATH" emacs-load-path-value)
+    (format #t "environment variable `EMACSLOADPATH' set to ~a\n"
+            emacs-load-path-value)))
+
 (define* (build #:key outputs inputs #:allow-other-keys)
   "Compile .el files."
   (let* ((emacs (string-append (assoc-ref inputs "emacs") "/bin/emacs"))
          (out (assoc-ref outputs "out"))
          (elpa-name-ver (store-directory->elpa-name-version out))
-         (el-dir (string-append out %install-suffix "/" elpa-name-ver))
-         (deps-dirs (emacs-inputs-directories inputs)))
+         (el-dir (string-append out %install-suffix "/" elpa-name-ver)))
     (setenv "SHELL" "sh")
     (parameterize ((%emacs emacs))
-      (emacs-byte-compile-directory el-dir
-                                    (emacs-inputs-el-directories deps-dirs)))))
+      (emacs-byte-compile-directory el-dir))))
 
 (define* (patch-el-files #:key outputs #:allow-other-keys)
   "Substitute the absolute \"/bin/\" directory with the right location in the
 store in '.el' files."
+
+  (define (file-contains-nul-char? file)
+    (call-with-input-file file
+      (lambda (in)
+        (let loop ((line (read-line in 'concat)))
+          (cond
+           ((eof-object? line) #f)
+           ((string-index line #\nul) #t)
+           (else (loop (read-line in 'concat))))))
+      #:binary #t))
+
   (let* ((out (assoc-ref outputs "out"))
          (elpa-name-ver (store-directory->elpa-name-version out))
          (el-dir (string-append out %install-suffix "/" elpa-name-ver))
-         (substitute-cmd (lambda ()
-                           (substitute* (find-files "." "\\.el$")
-                             (("\"/bin/([^.]\\S*)\"" _ cmd-name)
-                              (let ((cmd (which cmd-name)))
-                                (unless cmd
-                                  (error
-                                   "patch-el-files: unable to locate " cmd-name))
-                                (string-append "\"" cmd "\"")))))))
+
+         ;; (ice-9 regex) uses libc's regexp routines, which cannot deal with
+         ;; strings containing NULs.  Filter out such files.  TODO: Remove
+         ;; this workaround when <https://bugs.gnu.org/30116> is fixed.
+         (el-files (remove file-contains-nul-char?
+                           (find-files (getcwd) "\\.el$"))))
+    (define (substitute-program-names)
+      (substitute* el-files
+        (("\"/bin/([^.]\\S*)\"" _ cmd-name)
+         (let ((cmd (which cmd-name)))
+           (unless cmd
+             (error "patch-el-files: unable to locate " cmd-name))
+           (string-append "\"" cmd "\"")))))
+
     (with-directory-excursion el-dir
-      ;; Some old '.el' files (e.g., tex-buf.el in AUCTeX) are still encoded
-      ;; with the "ISO-8859-1" locale.
-      (unless (false-if-exception (substitute-cmd))
+      ;; Some old '.el' files (e.g., tex-buf.el in AUCTeX) are still
+      ;; ISO-8859-1-encoded.
+      (unless (false-if-exception (substitute-program-names))
         (with-fluids ((%default-port-encoding "ISO-8859-1"))
-          (substitute-cmd))))
+          (substitute-program-names))))
     #t))
 
 (define* (install #:key outputs
@@ -199,18 +226,27 @@ store in '.el' files."
     (match inputs
       (((names . directories) ...) directories))))
 
+(define (emacs-input->el-directory emacs-input)
+  "Return the correct Elisp directory location of EMACS-INPUT or #f if none."
+  (let ((legacy-elisp-dir (string-append emacs-input %legacy-install-suffix))
+        (guix-elisp-dir (string-append
+                         emacs-input %install-suffix "/"
+                         (store-directory->elpa-name-version emacs-input))))
+    (cond
+     ((file-exists? guix-elisp-dir) guix-elisp-dir)
+     ((file-exists? legacy-elisp-dir) legacy-elisp-dir)
+     (else (format #t "warning: could not locate elisp directory under `~a'\n"
+                   emacs-input)
+           #f))))
+
 (define (emacs-inputs-el-directories dirs)
   "Build the list of Emacs Lisp directories from the Emacs package directory
 DIRS."
-  (append-map (lambda (d)
-                (list (string-append d "/share/emacs/site-lisp")
-                      (string-append d %install-suffix "/"
-                                     (store-directory->elpa-name-version d))))
-              dirs))
+  (filter-map emacs-input->el-directory dirs))
 
 (define (package-name-version->elpa-name-version name-ver)
   "Convert the Guix package NAME-VER to the corresponding ELPA name-version
-format.  Essnetially drop the prefix used in Guix."
+format.  Essentially drop the prefix used in Guix."
   (if (emacs-package? name-ver)  ; checks for "emacs-" prefix
       (string-drop name-ver (string-length "emacs-"))
       name-ver))
@@ -224,12 +260,14 @@ second hyphen.  This corresponds to 'name-version' as used in ELPA packages."
 
 (define %standard-phases
   (modify-phases gnu:%standard-phases
+    (add-after 'set-paths 'set-emacs-load-path set-emacs-load-path)
     (replace 'unpack unpack)
     (delete 'configure)
-    (delete 'check)
-    (delete 'install)
-    (replace 'build build)
-    (add-before 'build 'install install)
+    ;; Move the build phase after install: the .el files are byte compiled
+    ;; directly in the store.
+    (delete 'build)
+    (replace 'install install)
+    (add-after 'install 'build build)
     (add-after 'install 'make-autoloads make-autoloads)
     (add-after 'make-autoloads 'patch-el-files patch-el-files)
     (add-after 'make-autoloads 'move-doc move-doc)))
diff --git a/guix/build/emacs-utils.scm b/guix/build/emacs-utils.scm
index fd06aad7ac..8389ca582f 100644
--- a/guix/build/emacs-utils.scm
+++ b/guix/build/emacs-utils.scm
@@ -58,14 +58,9 @@
                   (update-directory-autoloads ,directory))))
     (emacs-batch-eval expr)))
 
-(define* (emacs-byte-compile-directory dir #:optional (dependency-dirs '()))
-  "Byte compile all files in DIR and its sub-directories.  Before compiling
-the files, add DIR and all directories in DEPENDENCY-DIRS to 'load-path'."
-  (let ((expr `(progn
-                (add-to-list 'load-path ,dir)
-                (when ',dependency-dirs
-                  (setq load-path (append ',dependency-dirs load-path)))
-                (byte-recompile-directory (file-name-as-directory ,dir) 0))))
+(define* (emacs-byte-compile-directory dir)
+  "Byte compile all files in DIR and its sub-directories."
+  (let ((expr `(byte-recompile-directory (file-name-as-directory ,dir) 0)))
     (emacs-batch-eval expr)))
 
 (define-syntax emacs-substitute-sexps