summary refs log tree commit diff
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2017-12-05 23:41:30 +0100
committerMarius Bakke <mbakke@fastmail.com>2017-12-05 23:41:30 +0100
commit77181815ae70cf573b6fa390a4400b718835aa8a (patch)
tree731ccaaccc7a69ddc90f04bb71a6a39aa5f3be5a
parente3f9406b7c4b3b1afe3dd6affb7f7898434d607a (diff)
parent35377cfa908340e51fd22af7369aef15499d4a36 (diff)
downloadguix-77181815ae70cf573b6fa390a4400b718835aa8a.tar.gz
Merge branch 'master' into core-updates
-rw-r--r--.dir-locals.el3
-rw-r--r--.mailmap21
-rw-r--r--Makefile.am18
-rw-r--r--NEWS76
-rw-r--r--berlin.guixsd.org.pub (renamed from bayfront.guixsd.org.pub)0
-rw-r--r--build-aux/compile-all.scm6
-rw-r--r--build-aux/hydra/evaluate.scm9
-rw-r--r--build-aux/hydra/guix-modular.scm104
-rw-r--r--doc/guix.texi773
-rw-r--r--gnu/bootloader/extlinux.scm22
-rw-r--r--gnu/build/linux-boot.scm2
-rw-r--r--gnu/build/shepherd.scm10
-rw-r--r--gnu/build/vm.scm6
-rw-r--r--gnu/local.mk29
-rw-r--r--gnu/packages/admin.scm53
-rw-r--r--gnu/packages/algebra.scm4
-rw-r--r--gnu/packages/audio.scm122
-rw-r--r--gnu/packages/aux-files/linux-libre/4.14-arm.conf25
-rw-r--r--gnu/packages/backup.scm9
-rw-r--r--gnu/packages/bioinformatics.scm379
-rw-r--r--gnu/packages/bittorrent.scm6
-rw-r--r--gnu/packages/bootloaders.scm24
-rw-r--r--gnu/packages/certs.scm5
-rw-r--r--gnu/packages/compression.scm116
-rw-r--r--gnu/packages/cran.scm116
-rw-r--r--gnu/packages/crypto.scm4
-rw-r--r--gnu/packages/curl.scm14
-rw-r--r--gnu/packages/databases.scm66
-rw-r--r--gnu/packages/direct-connect.scm25
-rw-r--r--gnu/packages/django.scm20
-rw-r--r--gnu/packages/dns.scm29
-rw-r--r--gnu/packages/elixir.scm34
-rw-r--r--gnu/packages/emacs.scm151
-rw-r--r--gnu/packages/engineering.scm14
-rw-r--r--gnu/packages/enlightenment.scm8
-rw-r--r--gnu/packages/erlang.scm6
-rw-r--r--gnu/packages/file-systems.scm4
-rw-r--r--gnu/packages/finance.scm11
-rw-r--r--gnu/packages/fonts.scm106
-rw-r--r--gnu/packages/fontutils.scm105
-rw-r--r--gnu/packages/freedesktop.scm147
-rw-r--r--gnu/packages/game-development.scm45
-rw-r--r--gnu/packages/games.scm123
-rw-r--r--gnu/packages/gcc.scm7
-rw-r--r--gnu/packages/gnome.scm45
-rw-r--r--gnu/packages/gnunet.scm29
-rw-r--r--gnu/packages/gnupg.scm4
-rw-r--r--gnu/packages/gnuzilla.scm11
-rw-r--r--gnu/packages/gps.scm31
-rw-r--r--gnu/packages/graphics.scm3
-rw-r--r--gnu/packages/groff.scm47
-rw-r--r--gnu/packages/gstreamer.scm34
-rw-r--r--gnu/packages/guile.scm141
-rw-r--r--gnu/packages/haskell-check.scm5
-rw-r--r--gnu/packages/haskell-crypto.scm9
-rw-r--r--gnu/packages/haskell-web.scm9
-rw-r--r--gnu/packages/haskell.scm206
-rw-r--r--gnu/packages/image.scm55
-rw-r--r--gnu/packages/irc.scm8
-rw-r--r--gnu/packages/java.scm308
-rw-r--r--gnu/packages/kodi.scm6
-rw-r--r--gnu/packages/libcanberra.scm6
-rw-r--r--gnu/packages/linux.scm22
-rw-r--r--gnu/packages/lisp.scm163
-rw-r--r--gnu/packages/lua.scm46
-rw-r--r--gnu/packages/lxde.scm7
-rw-r--r--gnu/packages/machine-learning.scm4
-rw-r--r--gnu/packages/mail.scm49
-rw-r--r--gnu/packages/man.scm23
-rw-r--r--gnu/packages/markup.scm2
-rw-r--r--gnu/packages/maths.scm9
-rw-r--r--gnu/packages/mes.scm6
-rw-r--r--gnu/packages/messaging.scm56
-rw-r--r--gnu/packages/mp3.scm11
-rw-r--r--gnu/packages/music.scm208
-rw-r--r--gnu/packages/musl.scm4
-rw-r--r--gnu/packages/nano.scm4
-rw-r--r--gnu/packages/networking.scm35
-rw-r--r--gnu/packages/node.scm23
-rw-r--r--gnu/packages/ntp.scm6
-rw-r--r--gnu/packages/ocaml.scm2
-rw-r--r--gnu/packages/package-management.scm37
-rw-r--r--gnu/packages/parallel.scm5
-rw-r--r--gnu/packages/password-utils.scm5
-rw-r--r--gnu/packages/patches/bazaar-CVE-2017-14176.patch166
-rw-r--r--gnu/packages/patches/clementine-use-openssl.patch67
-rw-r--r--gnu/packages/patches/dtc-32-bits-check.patch134
-rw-r--r--gnu/packages/patches/dtc-format-modifier.patch38
-rw-r--r--gnu/packages/patches/emacs-highlight-stages-add-gexp.patch26
-rw-r--r--gnu/packages/patches/exim-CVE-2017-1000369.patch59
-rw-r--r--gnu/packages/patches/gcc-6-source-date-epoch-1.patch187
-rw-r--r--gnu/packages/patches/gcc-6-source-date-epoch-2.patch346
-rw-r--r--gnu/packages/patches/glusterfs-use-PATH-instead-of-hardcodes.patch140
-rw-r--r--gnu/packages/patches/guile-emacs-fix-configure.patch211
-rw-r--r--gnu/packages/patches/higan-remove-march-native-flag.patch15
-rw-r--r--gnu/packages/patches/libmygpo-qt-fix-jsoncreatortest.patch41
-rw-r--r--gnu/packages/patches/libtorrent-rasterbar-boost-compat.patch27
-rw-r--r--gnu/packages/patches/libvirt-CVE-2017-1000256.patch84
-rw-r--r--gnu/packages/patches/node-test-http2-server-rst-stream.patch131
-rw-r--r--gnu/packages/patches/optipng-CVE-2017-1000229.patch22
-rw-r--r--gnu/packages/patches/pcmanfm-CVE-2017-8934.patch56
-rw-r--r--gnu/packages/patches/perl-text-markdown-discount-unbundle.patch (renamed from gnu/packages/patches/perl-text-markdown-discount-use-system-markdown.patch)0
-rw-r--r--gnu/packages/patches/procmail-CVE-2017-16844.patch25
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-15118.patch58
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-15119.patch68
-rw-r--r--gnu/packages/patches/shepherd-close-fds.patch36
-rw-r--r--gnu/packages/patches/spice-CVE-2016-9577.patch33
-rw-r--r--gnu/packages/patches/spice-CVE-2016-9578-1.patch33
-rw-r--r--gnu/packages/patches/spice-CVE-2016-9578-2.patch38
-rw-r--r--gnu/packages/patches/spice-CVE-2017-7506.patch158
-rw-r--r--gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch42
-rw-r--r--gnu/packages/patches/vpnc-script.patch15
-rw-r--r--gnu/packages/perl.scm4
-rw-r--r--gnu/packages/php.scm7
-rw-r--r--gnu/packages/protobuf.scm68
-rw-r--r--gnu/packages/python.scm119
-rw-r--r--gnu/packages/qt.scm121
-rw-r--r--gnu/packages/samba.scm4
-rw-r--r--gnu/packages/scribus.scm14
-rw-r--r--gnu/packages/security-token.scm9
-rw-r--r--gnu/packages/shells.scm41
-rw-r--r--gnu/packages/simulation.scm11
-rw-r--r--gnu/packages/spice.scm12
-rw-r--r--gnu/packages/statistics.scm88
-rw-r--r--gnu/packages/synergy.scm2
-rw-r--r--gnu/packages/telephony.scm48
-rw-r--r--gnu/packages/time.scm10
-rw-r--r--gnu/packages/tls.scm8
-rw-r--r--gnu/packages/tor.scm4
-rw-r--r--gnu/packages/version-control.scm26
-rw-r--r--gnu/packages/video.scm15
-rw-r--r--gnu/packages/vim.scm40
-rw-r--r--gnu/packages/virtualization.scm10
-rw-r--r--gnu/packages/vpn.scm137
-rw-r--r--gnu/packages/web.scm155
-rw-r--r--gnu/packages/wget.scm4
-rw-r--r--gnu/packages/wm.scm4
-rw-r--r--gnu/packages/xdisorg.scm51
-rw-r--r--gnu/packages/xfig.scm2
-rw-r--r--gnu/packages/xorg.scm35
-rw-r--r--gnu/services/base.scm2
-rw-r--r--gnu/services/certbot.scm133
-rw-r--r--gnu/services/configuration.scm3
-rw-r--r--gnu/services/desktop.scm13
-rw-r--r--gnu/services/dict.scm26
-rw-r--r--gnu/services/messaging.scm57
-rw-r--r--gnu/services/version-control.scm63
-rw-r--r--gnu/services/xorg.scm298
-rw-r--r--gnu/system.scm4
-rw-r--r--gnu/system/install.scm27
-rw-r--r--gnu/system/uuid.scm2
-rw-r--r--gnu/system/vm.scm70
-rw-r--r--gnu/tests/messaging.scm1
-rw-r--r--gnu/tests/version-control.scm131
-rw-r--r--guix/build-system/scons.scm134
-rw-r--r--guix/build/compile.scm6
-rw-r--r--guix/build/profiles.scm2
-rw-r--r--guix/build/scons-build-system.scm65
-rw-r--r--guix/build/union.scm11
-rw-r--r--guix/gexp.scm55
-rw-r--r--guix/git.scm12
-rw-r--r--guix/gnu-maintenance.scm10
-rw-r--r--guix/packages.scm1
-rw-r--r--guix/profiles.scm147
-rw-r--r--guix/progress.scm69
-rw-r--r--guix/records.scm2
-rw-r--r--guix/scripts/environment.scm2
-rw-r--r--guix/scripts/lint.scm31
-rw-r--r--guix/scripts/offload.scm2
-rw-r--r--guix/scripts/package.scm4
-rw-r--r--guix/scripts/pull.scm8
-rw-r--r--guix/scripts/system.scm85
-rw-r--r--guix/scripts/weather.scm106
-rw-r--r--guix/ssh.scm2
-rw-r--r--guix/ui.scm50
-rw-r--r--guix/utils.scm5
-rw-r--r--guix/zlib.scm46
-rw-r--r--nix/scripts/list-runtime-roots.in1
-rw-r--r--po/guix/fr.po1706
-rw-r--r--po/packages/POTFILES.in2
-rw-r--r--tests/guix-system.sh4
-rw-r--r--tests/lint.scm15
-rw-r--r--tests/publish.scm2
-rw-r--r--tests/store.scm4
-rw-r--r--tests/syscalls.scm7
185 files changed, 8334 insertions, 2938 deletions
diff --git a/.dir-locals.el b/.dir-locals.el
index 04b58d2ce0..949f7e0bc8 100644
--- a/.dir-locals.el
+++ b/.dir-locals.el
@@ -77,7 +77,8 @@
    (eval . (put 'container-excursion 'scheme-indent-function 1))
    (eval . (put 'eventually 'scheme-indent-function 1))
 
-   ;; Recognize '~', '+', and '$', as used for gexps, as quotation symbols.
+   (eval . (put 'call-with-progress-reporter 'scheme-indent-function 1))
+
    ;; This notably allows '(' in Paredit to not insert a space when the
    ;; preceding symbol is one of these.
    (eval . (modify-syntax-entry ?~ "'"))
diff --git a/.mailmap b/.mailmap
index 49c266bf72..e32a3dfb93 100644
--- a/.mailmap
+++ b/.mailmap
@@ -42,16 +42,17 @@ Mathieu Lirzin <mthl@gnu.org> <mthl@openmailbox.org>
 Mathieu Lirzin <mthl@gnu.org> <mathieu.lirzin@openmailbox.org>
 Mathieu Othacehe <m.othacehe@gmail.com>
 Nikita Karetnikov <nikita@karetnikov.org> <nikita.karetnikov@gmail.com>
-ng0 <ng0@infotropique.org>
-ng0 <ng0@infotropique.org> <ng0@no-reply.infotropique.org>
-ng0 <ng0@infotropique.org> <ng0@no-reply.pragmatique.xyz>
-ng0 <ng0@infotropique.org> <ng0@pragmatique.xyz>
-ng0 <ng0@infotropique.org> <contact.ng0@cryptolab.net>
-ng0 <ng0@infotropique.org> <ng0@we.make.ritual.n0.is>
-ng0 <ng0@infotropique.org> <ngillmann@runbox.com>
-ng0 <ng0@infotropique.org> <niasterisk@grrlz.net>
-ng0 <ng0@infotropique.org> <ng@niasterisk.space>
-ng0 <ng0@infotropique.org> <ng0@libertad.pw>
+ng0 <ng0@n0.is>
+ng0 <ng0@n0.is> <ng0@infotropique.org>
+ng0 <ng0@n0.is> <ng0@no-reply.infotropique.org>
+ng0 <ng0@n0.is> <ng0@no-reply.pragmatique.xyz>
+ng0 <ng0@n0.is> <ng0@pragmatique.xyz>
+ng0 <ng0@n0.is> <contact.ng0@cryptolab.net>
+ng0 <ng0@n0.is> <ng0@we.make.ritual.n0.is>
+ng0 <ng0@n0.is> <ngillmann@runbox.com>
+ng0 <ng0@n0.is> <niasterisk@grrlz.net>
+ng0 <ng0@n0.is> <ng@niasterisk.space>
+ng0 <ng0@n0.is> <ng0@libertad.pw>
 Pjotr Prins <pjotr.guix@thebird.nl> <pjotr.public01@thebird.nl>
 Pjotr Prins <pjotr.guix@thebird.nl> <pjotr.public12@thebird.nl>
 Pjotr Prins <pjotr.guix@thebird.nl> <pjotr.public12@email>
diff --git a/Makefile.am b/Makefile.am
index 5320706b15..e9c323b96a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -8,6 +8,7 @@
 # Copyright © 2017 Leo Famulari <leo@famulari.name>
 # Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 # Copyright © 2017 Jan Nieuwenhuizen <janneke@gnu.org>
+# Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
 #
 # This file is part of GNU Guix.
 #
@@ -94,6 +95,7 @@ MODULES =					\
   guix/build-system/waf.scm			\
   guix/build-system/r.scm			\
   guix/build-system/ruby.scm			\
+  guix/build-system/scons.scm			\
   guix/build-system/texlive.scm			\
   guix/build-system/trivial.scm			\
   guix/ftp-client.scm				\
@@ -127,6 +129,7 @@ MODULES =					\
   guix/build/ocaml-build-system.scm		\
   guix/build/r-build-system.scm			\
   guix/build/ruby-build-system.scm		\
+  guix/build/scons-build-system.scm		\
   guix/build/texlive-build-system.scm		\
   guix/build/waf-build-system.scm		\
   guix/build/haskell-build-system.scm		\
@@ -413,7 +416,7 @@ check-system: $(GOBJECTS)
 # Public key used to sign substitutes from hydra.gnu.org & co.
 dist_pkgdata_DATA =				\
   hydra.gnu.org.pub				\
-  bayfront.guixsd.org.pub
+  berlin.guixsd.org.pub
 
 # Bash completion file.
 dist_bashcompletion_DATA = etc/completion/bash/guix
@@ -432,6 +435,7 @@ EXTRA_DIST =						\
   build-aux/hydra/evaluate.scm				\
   build-aux/hydra/gnu-system.scm			\
   build-aux/hydra/guix.scm				\
+  build-aux/hydra/guix-modular.scm			\
   build-aux/check-available-binaries.scm		\
   build-aux/check-final-inputs-self-contained.scm	\
   build-aux/generate-authors.scm			\
@@ -579,7 +583,7 @@ SOURCE_TARBALLS =					\
   $(foreach ext,tar.gz,$(PACKAGE_FULL_TARNAME).$(ext))
 
 # Systems supported by Guix.
-SUPPORTED_SYSTEMS ?= x86_64-linux i686-linux armhf-linux
+SUPPORTED_SYSTEMS ?= x86_64-linux i686-linux armhf-linux aarch64-linux
 
 # Guix binary tarballs.
 BINARY_TARBALLS =							\
@@ -597,9 +601,6 @@ GUIXSD_IMAGE_BASE = guixsd-install-$(PACKAGE_VERSION)
 # Prefix of the GuixSD VM image file name.
 GUIXSD_VM_IMAGE_BASE = guixsd-vm-image-$(PACKAGE_VERSION)
 
-# Size of the VM image (for x86_64 typically).
-GUIXSD_VM_IMAGE_SIZE ?= 2GiB
-
 # The release process works in several phases:
 #
 #   0. We assume the developer created a 'vX.Y' tag.
@@ -650,15 +651,14 @@ release: dist
 	    echo "failed to produced GuixSD installation image for $$system" >&2 ;	\
 	    exit 1 ;									\
 	  fi ;										\
-	  xz < "$$image" > "$(releasedir)/$(GUIXSD_IMAGE_BASE).$$system.xz.tmp" ;	\
-	  mv "$(releasedir)/$(GUIXSD_IMAGE_BASE).$$system.xz.tmp"			\
-	     "$(releasedir)/$(GUIXSD_IMAGE_BASE).$$system.xz" ;				\
+	  xz < "$$image" > "$(releasedir)/$(GUIXSD_IMAGE_BASE).$$system.iso.xz.tmp" ;	\
+	  mv "$(releasedir)/$(GUIXSD_IMAGE_BASE).$$system.iso.xz.tmp"			\
+	     "$(releasedir)/$(GUIXSD_IMAGE_BASE).$$system.iso.xz" ;			\
 	done
 	for system in $(GUIXSD_VM_SYSTEMS) ; do						\
 	  image=`$(top_builddir)/pre-inst-env						\
 	    guix system vm-image							\
 	    --system=$$system								\
-	    --image-size=$(GUIXSD_VM_IMAGE_SIZE)					\
 	    gnu/system/examples/vm-image.tmpl` ;					\
 	  if [ ! -f "$$image" ] ; then							\
 	    echo "failed to produced GuixSD VM image for $$system" >&2 ;		\
diff --git a/NEWS b/NEWS
index 8280902557..e291b65a31 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,82 @@ Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 
 Please send Guix bug reports to bug-guix@gnu.org.
 
+* Changes in 0.14.0 (since 0.13.0)
+
+** Package management
+
+*** ‘guix package’ displays how much will be downloaded
+*** ‘guix package’ warns about insufficient disk space
+*** ‘guix package’ now reports package collisions early on
+*** ‘guix package --search’ sorts results by relevance
+*** ‘guix pull’ now fetches code directly over Git using Guile-Git
+*** Substitutes can be downloaded from servers equivalent to the authorized ones
+*** New ‘guix weather’ command
+*** ‘guix publish --cache’ now also caches uncompressed items
+*** ‘guix publish’ no longer removes live items from its cache
+*** ‘guix challenge’ now displays an overall summary
+*** ‘guix refresh’ no longer uses FTP for GNU and GNOME packages
+*** ‘guix refresh’ has a new ‘-m’ or ‘--manifest’ option
+*** New ‘refresh’ checker for ‘guix lint’
+*** New ‘json’ importer for ‘guix import’ to simplify first packages
+*** New ‘texlive’ importer for ‘guix import’
+
+** Distribution
+
+*** GuixSD installation image is now available as ISO-9660
+*** GuixSD installation image now includes an ‘sshd’ service
+*** New (gnu bootloaders) API, with support for U-Boot and extlinux
+*** ‘grub-configuration’ is deprecated in favor of ‘bootloader-configuration’
+*** ‘%desktop-services’ now includes NetworkManager instead of Wicd
+*** The (uuid …) form can now specify FAT32 and ISO-9660 UUIDs
+*** ‘guix system’ now reports missing file system UUIDs and labels
+*** ‘guix system’ can provide hints when reporting unbound variables
+*** New ‘--file-system-type’ option for ‘guix system disk-image’
+*** ‘guix system disk-image’ can now creates ISO-9660 images
+*** ‘guix system vm-image’ & co. automatically estimate the image size
+*** ‘guix system vm’ now uses overlayfs instead of unionfs
+*** TeX Live is now also available as a set of small ‘texlive-’ packages
+*** New ‘guix system search’ command to search for services
+*** New services
+
+certbot, fcgiwrap, gdm, git-http, knot, libvirt, memcached, mongodb, mpd,
+murmur, rsync, tailon, sysctl
+
+*** XXX new packages
+
+*** XXX package updates
+
+** Programming interfaces
+
+*** New build systems: ‘font’, ‘meson’, ‘minify’, ‘scons’, ‘texlive’
+*** ‘cmake-build-system’ now supports cross-compilation
+*** Various improvements to ‘asdf-build-system’, ‘emacs-build-system’,
+    ‘ant-build-system’, and ‘go-build-system’
+*** ‘patches’ field of <origin> can now contain any lowerable object
+*** (gnu system vm) has a new ‘make-iso9660-image’ procedure
+*** ‘openssh-service-type’ can now be extended with new authorized keys
+*** ‘rottlog-service-type’ can now be extended with new ‘log-rotation’s
+*** ‘network-manager-service-type’ now supports VPN plugins
+*** <service-type> now has a ‘description’ field, used by ‘guix system search’
+*** New ‘virtual-machine’ form in (gnu system vm)
+*** New (gnu system uuid) module, which defines a disjoint <uuid> type
+*** New (guix progress) module
+
+** Noteworthy bug fixes
+
+*** GuixSD no longer creates setuid binaries in /gnu/store
+    (<https://bugs.gnu.org/28751>)
+*** /root is no longer world-readable (<http://bugs.gnu.org/27135>)
+*** ‘guix publish’ no longer leaks memory (<https://bugs.gnu.org/28784>)
+*** Missing cursor icons in GNOME could cause crashes
+    (<https://bugs.gnu.org/25958>)
+*** Setuid programs now honor the system timezone
+    (<https://bugs.gnu.org/29212>)
+
+** Native language support
+
+Updated translations: da (Danish), fr (French)
+
 * Changes in 0.13.0 (since 0.12.0)
 
 ** Package management
diff --git a/bayfront.guixsd.org.pub b/berlin.guixsd.org.pub
index f156a37b08..f156a37b08 100644
--- a/bayfront.guixsd.org.pub
+++ b/berlin.guixsd.org.pub
diff --git a/build-aux/compile-all.scm b/build-aux/compile-all.scm
index c7ca5a6f67..d2afbdab02 100644
--- a/build-aux/compile-all.scm
+++ b/build-aux/compile-all.scm
@@ -92,8 +92,10 @@ to 'make'."
                   #:host host
                   #:report-load (lambda (file total completed)
                                   (when file
-                                    (format #t "  LOAD     ~a~%" file)))
+                                    (format #t "  LOAD     ~a~%" file)
+                                    (force-output)))
                   #:report-compilation (lambda (file total completed)
                                          (when file
                                            (format #t "  GUILEC   ~a~%"
-                                                   (scm->go file)))))))
+                                                   (scm->go file))
+                                           (force-output))))))
diff --git a/build-aux/hydra/evaluate.scm b/build-aux/hydra/evaluate.scm
index 604022abcf..8e391f44fd 100644
--- a/build-aux/hydra/evaluate.scm
+++ b/build-aux/hydra/evaluate.scm
@@ -27,6 +27,12 @@
              (ice-9 pretty-print)
              (ice-9 format))
 
+(define %top-srcdir
+  (and=> (assq-ref (current-source-location) 'filename)
+         (lambda (file)
+           (canonicalize-path
+            (string-append (dirname file) "/../..")))))
+
 (define %user-module
   ;; Hydra user module.
   (let ((m (make-module)))
@@ -101,7 +107,8 @@ Otherwise return THING."
                             (if (equal? cuirass? "cuirass")
                                 'cuirass-jobs
                                 'hydra-jobs))
-                store '())
+                store `((guix
+                         . ((file-name . ,%top-srcdir)))))
           (((names . thunks) ...)
            (map (lambda (job thunk)
                   (format (current-error-port) "evaluating '~a'... " job)
diff --git a/build-aux/hydra/guix-modular.scm b/build-aux/hydra/guix-modular.scm
new file mode 100644
index 0000000000..bdbb2fa8d5
--- /dev/null
+++ b/build-aux/hydra/guix-modular.scm
@@ -0,0 +1,104 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+;;;
+;;; This file defines a continuous integration job to build the same modular
+;;; Guix as 'guix pull', which is defined in (guix self).
+;;;
+
+;; Attempt to use our very own Guix modules.
+(eval-when (compile load eval)
+
+  ;; Ignore any available .go, and force recompilation.  This is because our
+  ;; checkout in the store has mtime set to the epoch, and thus .go files look
+  ;; newer, even though they may not correspond.
+  (set! %fresh-auto-compile #t)
+
+  (and=> (assoc-ref (current-source-location) 'filename)
+         (lambda (file)
+           (let ((dir (canonicalize-path
+                       (string-append (dirname file) "/../.."))))
+             (format (current-error-port) "prepending ~s to the load path~%"
+                     dir)
+             (set! %load-path (cons dir %load-path))))))
+
+
+(use-modules (guix store)
+             (guix config)
+             (guix utils)
+             (guix grafts)
+             ((guix packages) #:select (%hydra-supported-systems))
+             (guix derivations)
+             (guix monads)
+             (guix gexp)
+             (guix self)
+             ((guix licenses) #:prefix license:)
+             (srfi srfi-1)
+             (srfi srfi-26)
+             (ice-9 match))
+
+;; XXX: Debugging hack: since `hydra-eval-guile-jobs' redirects the output
+;; port to the bit bucket, let us write to the error port instead.
+(setvbuf (current-error-port) _IOLBF)
+(set-current-output-port (current-error-port))
+
+(define* (build-job store source version system)
+  "Return a Hydra job a list building the modular Guix derivation from SOURCE
+for SYSTEM.  Use VERSION as the version identifier."
+  (lambda ()
+    `((derivation . ,(derivation-file-name
+                      (parameterize ((%graft? #f))
+                        (run-with-store store
+                          (lower-object (compiled-guix source
+                                                       #:version version))))))
+      (description . "Modular Guix")
+      (long-description
+       . "This is the modular Guix package as produced by 'guix pull'.")
+      (license . ,license:gpl3+)
+      (home-page . ,%guix-home-page-url)
+      (maintainers . (,%guix-bug-report-address)))))
+
+(define (hydra-jobs store arguments)
+  "Return Hydra jobs."
+  (define systems
+    (match (filter-map (match-lambda
+                         (('system . value) value)
+                         (_ #f))
+                       arguments)
+      ((lst ..1)
+       lst)
+      (_
+       (list (%current-system)))))
+
+  (define guix-checkout
+    (assq-ref arguments 'guix))
+
+  (define version
+    (or (assq-ref guix-checkout 'revision)
+        "0.unknown"))
+
+  (let ((file (assq-ref guix-checkout 'file-name)))
+    (format (current-error-port) "using checkout ~s (~s)~%"
+            guix-checkout file)
+
+    (map (lambda (system)
+           (let ((name (string->symbol
+                        (string-append "guix." system))))
+             `(,name
+               . ,(build-job store file version system))))
+         %hydra-supported-systems)))
diff --git a/doc/guix.texi b/doc/guix.texi
index d4a2a696a4..2267fadd1d 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -23,7 +23,7 @@ Copyright @copyright{} 2015 Taylan Ulrich Bayırlı/Kammer@*
 Copyright @copyright{} 2015, 2016, 2017 Leo Famulari@*
 Copyright @copyright{} 2015, 2016, 2017 Ricardo Wurmus@*
 Copyright @copyright{} 2016 Ben Woodcroft@*
-Copyright @copyright{} 2016 Chris Marusich@*
+Copyright @copyright{} 2016, 2017 Chris Marusich@*
 Copyright @copyright{} 2016, 2017 Efraim Flashner@*
 Copyright @copyright{} 2016 John Darrington@*
 Copyright @copyright{} 2016 ng0@*
@@ -40,7 +40,10 @@ Copyright @copyright{} 2017 Christopher Allan Webber@*
 Copyright @copyright{} 2017 Marius Bakke@*
 Copyright @copyright{} 2017 Hartmut Goebel@*
 Copyright @copyright{} 2017 Maxim Cournoyer@*
-Copyright @copyright{} 2017 Tobias Geerinckx-Rice
+Copyright @copyright{} 2017 Tobias Geerinckx-Rice@*
+Copyright @copyright{} 2017 George Clemmer@*
+Copyright @copyright{} 2017 Andy Wingo@*
+Copyright @copyright{} 2017 Arun Isaac
 
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -130,6 +133,15 @@ Package Management
 * Invoking guix pack::          Creating software bundles.
 * Invoking guix archive::       Exporting and importing store files.
 
+Substitutes
+
+* Official Substitute Server::      One particular source of substitutes.
+* Substitute Server Authorization:: How to enable or disable substitutes.
+* Substitute Authentication::       How Guix verifies substitutes.
+* Proxy Settings::                  How to get substitutes via proxy.
+* Substitution Failure::            What happens when substitution fails.
+* On Trusting Binaries::            How can you trust that binary blob?
+
 Programming Interface
 
 * Defining Packages::           Defining new packages.
@@ -185,7 +197,7 @@ System Installation
 
 * Limitations::                 What you can expect.
 * Hardware Considerations::     Supported hardware.
-* USB Stick Installation::      Preparing the installation medium.
+* USB Stick and DVD Installation::  Preparing the installation medium.
 * Preparing for Installation::  Networking, partitioning, etc.
 * Proceeding with the Installation::  The real thing.
 * Installing GuixSD in a VM::   GuixSD playground.
@@ -225,6 +237,7 @@ Services
 * Monitoring Services::         Monitoring services.
 * Kerberos Services::           Kerberos services.
 * Web Services::                Web servers.
+* Certificate Services::        TLS certificates via Let's Encrypt.
 * DNS Services::                DNS daemons.
 * VPN Services::                VPN daemons.
 * Network File System::         NFS related services.
@@ -232,6 +245,7 @@ Services
 * Power management Services::   The TLP tool.
 * Audio Services::              The MPD.
 * Virtualization Services::     Virtualization services.
+* Version Control Services::    Providing remote access to Git repositories.
 * Miscellaneous Services::      Other services.
 
 Defining Services
@@ -456,7 +470,7 @@ Source @file{etc/profile} to augment @code{PATH} and other relevant
 environment variables:
 
 @example
-# GUIX_PROFILE=$HOME/.guix-profile \
+# GUIX_PROFILE=$HOME/.guix-profile ; \
   source $GUIX_PROFILE/etc/profile
 @end example
 
@@ -1108,10 +1122,6 @@ Do not use substitutes for build products.  That is, always build things
 locally instead of allowing downloads of pre-built binaries
 (@pxref{Substitutes}).
 
-By default substitutes are used, unless the client---such as the
-@command{guix package} command---is explicitly invoked with
-@code{--no-substitutes}.
-
 When the daemon runs with @code{--no-substitutes}, clients can still
 explicitly enable substitution @i{via} the @code{set-build-options}
 remote procedure call (@pxref{The Store}).
@@ -1684,7 +1694,7 @@ Files,,, bash, The GNU Bash Reference Manual}) so that newly-spawned
 shells get all the right environment variable definitions:
 
 @example
-GUIX_PROFILE="$HOME/.guix-profile" \
+GUIX_PROFILE="$HOME/.guix-profile" ; \
 source "$HOME/.guix-profile/etc/profile"
 @end example
 
@@ -2111,7 +2121,6 @@ preserve transformations across upgrades, you should define your own
 package variant in a Guile module and add it to @code{GUIX_PACKAGE_PATH}
 (@pxref{Defining Packages}).
 
-
 @node Substitutes
 @section Substitutes
 
@@ -2119,8 +2128,8 @@ package variant in a Guile module and add it to @code{GUIX_PACKAGE_PATH}
 @cindex pre-built binaries
 Guix supports transparent source/binary deployment, which means that it
 can either build things locally, or download pre-built items from a
-server.  We call these pre-built items @dfn{substitutes}---they are
-substitutes for local build results.  In many cases, downloading a
+server, or both.  We call these pre-built items @dfn{substitutes}---they
+are substitutes for local build results.  In many cases, downloading a
 substitute is much faster than building things locally.
 
 Substitutes can be anything resulting from a derivation build
@@ -2128,8 +2137,22 @@ Substitutes can be anything resulting from a derivation build
 pre-built package binaries, but source tarballs, for instance, which
 also result from derivation builds, can be available as substitutes.
 
-The @code{hydra.gnu.org} server is a front-end to a build farm that
-builds packages from the GNU distribution continuously for some
+@menu
+* Official Substitute Server::      One particular source of substitutes.
+* Substitute Server Authorization:: How to enable or disable substitutes.
+* Substitute Authentication::       How Guix verifies substitutes.
+* Proxy Settings::                  How to get substitutes via proxy.
+* Substitution Failure::            What happens when substitution fails.
+* On Trusting Binaries::            How can you trust that binary blob?
+@end menu
+
+@node Official Substitute Server
+@subsection Official Substitute Server
+
+@cindex hydra
+@cindex build farm
+The @code{mirror.hydra.gnu.org} server is a front-end to an official build farm
+that builds packages from Guix continuously for some
 architectures, and makes them available as substitutes.  This is the
 default source of substitutes; it can be overridden by passing the
 @option{--substitute-urls} option either to @command{guix-daemon}
@@ -2144,8 +2167,19 @@ using HTTP makes all communications visible to an eavesdropper, who
 could use the information gathered to determine, for instance, whether
 your system has unpatched security vulnerabilities.
 
+Substitutes from the official build farm are enabled by default when
+using the Guix System Distribution (@pxref{GNU Distribution}).  However,
+they are disabled by default when using Guix on a foreign distribution,
+unless you have explicitly enabled them via one of the recommended
+installation steps (@pxref{Installation}).  The following paragraphs
+describe how to enable or disable substitutes for the official build
+farm; the same procedure can also be used to enable substitutes for any
+other substitute server.
+
+@node Substitute Server Authorization
+@subsection Substitute Server Authorization
+
 @cindex security
-@cindex digital signatures
 @cindex substitutes, authorization thereof
 @cindex access control list (ACL), for substitutes
 @cindex ACL (access control list), for substitutes
@@ -2156,7 +2190,7 @@ imports, using the @command{guix archive} command (@pxref{Invoking guix
 archive}).  Doing so implies that you trust @code{hydra.gnu.org} to not
 be compromised and to serve genuine substitutes.
 
-This public key is installed along with Guix, in
+The public key for @code{hydra.gnu.org} is installed along with Guix, in
 @code{@var{prefix}/share/guix/hydra.gnu.org.pub}, where @var{prefix} is
 the installation prefix of Guix.  If you installed Guix from source,
 make sure you checked the GPG signature of
@@ -2164,9 +2198,20 @@ make sure you checked the GPG signature of
 Then, you can run something like this:
 
 @example
-# guix archive --authorize < hydra.gnu.org.pub
+# guix archive --authorize < @var{prefix}/share/guix/hydra.gnu.org.pub
 @end example
 
+@quotation Note
+Similarly, the @file{berlin.guixsd.org.pub} file contains the public key
+for the project's new build farm, reachable at
+@indicateurl{https://berlin.guixsd.org}.
+
+As of this writing @code{berlin.guixsd.org} is being upgraded so it can
+better scale up, but you might want to give it a try.  It is backed by
+20 x86_64/i686 build nodes and may be able to provide substitutes more
+quickly than @code{mirror.hydra.gnu.org}.
+@end quotation
+
 Once this is in place, the output of a command like @code{guix build}
 should change from something like:
 
@@ -2185,7 +2230,7 @@ to something like:
 
 @example
 $ guix build emacs --dry-run
-The following files would be downloaded:
+112.3 MB would be downloaded:
    /gnu/store/pk3n22lbq6ydamyymqkkz7i69wiwjiwi-emacs-24.3
    /gnu/store/2ygn4ncnhrpr61rssa6z0d9x22si0va3-libjpeg-8d
    /gnu/store/71yz6lgx4dazma9dwn2mcjxaah9w77jq-cairo-1.12.16
@@ -2197,6 +2242,17 @@ The following files would be downloaded:
 This indicates that substitutes from @code{hydra.gnu.org} are usable and
 will be downloaded, when possible, for future builds.
 
+@cindex substitutes, how to disable
+The substitute mechanism can be disabled globally by running
+@code{guix-daemon} with @code{--no-substitutes} (@pxref{Invoking
+guix-daemon}).  It can also be disabled temporarily by passing the
+@code{--no-substitutes} option to @command{guix package}, @command{guix
+build}, and other command-line tools.
+
+@node Substitute Authentication
+@subsection Substitute Authentication
+
+@cindex digital signatures
 Guix detects and raises an error when attempting to use a substitute
 that has been tampered with.  Likewise, it ignores substitutes that are
 not signed, or that are not signed by one of the keys listed in the ACL.
@@ -2221,15 +2277,6 @@ comes first in the list and can be considered a mirror of
 produce the same binaries, thanks to bit-reproducible builds (see
 below).
 
-@vindex http_proxy
-Substitutes are downloaded over HTTP or HTTPS.
-The @code{http_proxy} environment
-variable can be set in the environment of @command{guix-daemon} and is
-honored for downloads of substitutes.  Note that the value of
-@code{http_proxy} in the environment where @command{guix build},
-@command{guix package}, and other client commands are run has
-@emph{absolutely no effect}.
-
 When using HTTPS, the server's X.509 certificate is @emph{not} validated
 (in other words, the server is not authenticated), contrary to what
 HTTPS clients such as Web browsers usually do.  This is because Guix
@@ -2237,18 +2284,50 @@ authenticates substitute information itself, as explained above, which
 is what we care about (whereas X.509 certificates are about
 authenticating bindings between domain names and public keys.)
 
-You can get statistics on the substitutes provided by a server using the
-@command{guix weather} command (@pxref{Invoking guix weather}).
-
-The substitute mechanism can be disabled globally by running
-@code{guix-daemon} with @code{--no-substitutes} (@pxref{Invoking
-guix-daemon}).  It can also be disabled temporarily by passing the
-@code{--no-substitutes} option to @command{guix package}, @command{guix
-build}, and other command-line tools.
-
+@node Proxy Settings
+@subsection Proxy Settings
 
-@unnumberedsubsec On Trusting Binaries
+@vindex http_proxy
+Substitutes are downloaded over HTTP or HTTPS.
+The @code{http_proxy} environment
+variable can be set in the environment of @command{guix-daemon} and is
+honored for downloads of substitutes.  Note that the value of
+@code{http_proxy} in the environment where @command{guix build},
+@command{guix package}, and other client commands are run has
+@emph{absolutely no effect}.
 
+@node Substitution Failure
+@subsection Substitution Failure
+
+Even when a substitute for a derivation is available, sometimes the
+substitution attempt will fail.  This can happen for a variety of
+reasons: the substitute server might be offline, the substitute may
+recently have been deleted, the connection might have been interrupted,
+etc.
+
+When substitutes are enabled and a substitute for a derivation is
+available, but the substitution attempt fails, Guix will attempt to
+build the derivation locally depending on whether or not
+@code{--fallback} was given (@pxref{fallback-option,, common build
+option @code{--fallback}}).  Specifically, if @code{--fallback} was
+omitted, then no local build will be performed, and the derivation is
+considered to have failed.  However, if @code{--fallback} was given,
+then Guix will attempt to build the derivation locally, and the success
+or failure of the derivation depends on the success or failure of the
+local build.  Note that when substitutes are disabled or no substitute
+is available for the derivation in question, a local build will
+@emph{always} be performed, regardless of whether or not
+@code{--fallback} was given.
+
+To get an idea of how many substitutes are available right now, you can
+try running the @command{guix weather} command (@pxref{Invoking guix
+weather}).  This command provides statistics on the substitutes provided
+by a server.
+
+@node On Trusting Binaries
+@subsection On Trusting Binaries
+
+@cindex trust, of pre-built binaries
 Today, each individual's control over their own computing is at the
 mercy of institutions, corporations, and groups with enough power and
 determination to subvert the computing infrastructure and exploit its
@@ -2275,7 +2354,6 @@ In the future, we want Guix to have support to publish and retrieve
 binaries to/from other users, in a peer-to-peer fashion.  If you would
 like to discuss this project, join us on @email{guix-devel@@gnu.org}.
 
-
 @node Packages with Multiple Outputs
 @section Packages with Multiple Outputs
 
@@ -3802,6 +3880,19 @@ Python package is used to run the script can be specified with the
 @code{#:python} parameter.
 @end defvr
 
+@defvr {Scheme Variable} scons-build-system
+This variable is exported by @code{(guix build-system scons)}.  It
+implements the build procedure used by the SCons software construction
+tool.  This build system runs @code{scons} to build the package,
+@code{scons test} to run tests, and then @code{scons install} to install
+the package.
+
+Additional flags to be passed to @code{scons} can be specified with the
+@code{#:scons-flags} parameter.  The version of Python used to run SCons
+can be specified by selecting the appropriate SCons package with the
+@code{#:scons} parameter.
+@end defvr
+
 @defvr {Scheme Variable} haskell-build-system
 This variable is exported by @code{(guix build-system haskell)}.  It
 implements the Cabal build procedure used by Haskell packages, which
@@ -4813,6 +4904,7 @@ information about monads.)
        [#:disallowed-references #f] @
        [#:leaked-env-vars #f] @
        [#:script-name (string-append @var{name} "-builder")] @
+       [#:deprecation-warnings #f] @
        [#:local-build? #f] [#:substitutable? #t] [#:guile-for-build #f]
 Return a derivation @var{name} that runs @var{exp} (a gexp) with
 @var{guile-for-build} (a derivation) on @var{system}; @var{exp} is
@@ -4853,6 +4945,9 @@ refer to.  Any reference to another store item will lead to a build error.
 Similarly for @var{disallowed-references}, which can list items that must not be
 referenced by the outputs.
 
+@var{deprecation-warnings} determines whether to show deprecation warnings while
+compiling modules.  It can be @code{#f}, @code{#t}, or @code{'detailed}.
+
 The other arguments are as for @code{derivation} (@pxref{Derivations}).
 @end deffn
 
@@ -5198,9 +5293,10 @@ derivations has failed.
 @itemx -n
 Do not build the derivations.
 
+@anchor{fallback-option}
 @item --fallback
 When substituting a pre-built binary fails, fall back to building
-packages locally.
+packages locally (@pxref{Substitution Failure}).
 
 @item --substitute-urls=@var{urls}
 @anchor{client-substitute-urls}
@@ -7679,8 +7775,7 @@ available.
 @menu
 * Limitations::                 What you can expect.
 * Hardware Considerations::     Supported hardware.
-* USB Stick Installation::      Preparing the installation medium.
-* DVD Installation::            Preparing the installation medium.
+* USB Stick and DVD Installation:: Preparing the installation medium.
 * Preparing for Installation::  Networking, partitioning, etc.
 * Proceeding with the Installation::  The real thing.
 * Installing GuixSD in a VM::   GuixSD playground.
@@ -7717,7 +7812,7 @@ More and more system services are provided (@pxref{Services}), but some
 may be missing.
 
 @item
-More than 5,300 packages are available, but you may
+More than 6,500 packages are available, but you might
 occasionally find that a useful package is missing.
 
 @item
@@ -7766,11 +7861,12 @@ web site.  It contains a catalog of hardware devices with information
 about their support in GNU/Linux.
 
 
-@node USB Stick Installation
-@subsection USB Stick Installation
+@node USB Stick and DVD Installation
+@subsection USB Stick and DVD Installation
 
-An installation image for USB sticks can be downloaded from
-@indicateurl{ftp://alpha.gnu.org/gnu/guix/guixsd-install-@value{VERSION}.@var{system}.xz},
+An ISO-9660 installation image that can be written to a USB stick or
+burnt to a DVD can be downloaded from
+@indicateurl{ftp://alpha.gnu.org/gnu/guix/guixsd-install-@value{VERSION}.@var{system}.iso.xz},
 where @var{system} is one of:
 
 @table @code
@@ -7786,8 +7882,8 @@ Make sure to download the associated @file{.sig} file and to verify the
 authenticity of the image against it, along these lines:
 
 @example
-$ wget ftp://alpha.gnu.org/gnu/guix/guixsd-install-@value{VERSION}.@var{system}.xz.sig
-$ gpg --verify guixsd-install-@value{VERSION}.@var{system}.xz.sig
+$ wget ftp://alpha.gnu.org/gnu/guix/guixsd-install-@value{VERSION}.@var{system}.iso.xz.sig
+$ gpg --verify guixsd-install-@value{VERSION}.@var{system}.iso.xz.sig
 @end example
 
 If that command fails because you do not have the required public key,
@@ -7804,6 +7900,8 @@ and rerun the @code{gpg --verify} command.
 This image contains the tools necessary for an installation.
 It is meant to be copied @emph{as is} to a large-enough USB stick or DVD.
 
+@unnumberedsubsubsec Copying to a USB Stick
+
 To copy the image to a USB stick, follow these steps:
 
 @enumerate
@@ -7811,7 +7909,7 @@ To copy the image to a USB stick, follow these steps:
 Decompress the image using the @command{xz} command:
 
 @example
-xz -d guixsd-install-@value{VERSION}.@var{system}.xz
+xz -d guixsd-install-@value{VERSION}.@var{system}.iso.xz
 @end example
 
 @item
@@ -7820,57 +7918,14 @@ its device name.  Assuming that the USB stick is known as @file{/dev/sdX},
 copy the image with:
 
 @example
-dd if=guixsd-install-@value{VERSION}.x86_64 of=/dev/sdX
+dd if=guixsd-install-@value{VERSION}.x86_64-linux.iso of=/dev/sdX
 sync
 @end example
 
 Access to @file{/dev/sdX} usually requires root privileges.
 @end enumerate
 
-Once this is done, you should be able to reboot the system and boot from
-the USB stick.  The latter usually requires you to get in the BIOS or
-UEFI boot menu, where you can choose to boot from the USB stick.
-
-@xref{Installing GuixSD in a VM}, if, instead, you would like to install
-GuixSD in a virtual machine (VM).
-
-@node DVD Installation
-@subsection DVD Installation
-
-An installation image for DVDs can be downloaded from
-@indicateurl{ftp://alpha.gnu.org/gnu/guix/guixsd-install-@value{VERSION}.@var{system}.xz},
-where @var{system} is one of:
-
-@table @code
-@item x86_64-linux
-for a GNU/Linux system on Intel/AMD-compatible 64-bit CPUs;
-
-@item i686-linux
-for a 32-bit GNU/Linux system on Intel-compatible CPUs.
-@end table
-
-@c start duplication of authentication part from ``Binary Installation''
-Make sure to download the associated @file{.sig} file and to verify the
-authenticity of the image against it, along these lines:
-
-@example
-$ wget ftp://alpha.gnu.org/gnu/guix/guixsd-install-@value{VERSION}.@var{system}.xz.sig
-$ gpg --verify guixsd-install-@value{VERSION}.@var{system}.xz.sig
-@end example
-
-If that command fails because you do not have the required public key,
-then run this command to import it:
-
-@example
-$ gpg --keyserver pgp.mit.edu --recv-keys @value{OPENPGP-SIGNING-KEY-ID}
-@end example
-
-@noindent
-and rerun the @code{gpg --verify} command.
-@c end duplication
-
-This image contains the tools necessary for an installation.
-It is meant to be copied @emph{as is} to a large-enough USB stick or DVD.
+@unnumberedsubsubsec Burning on a DVD
 
 To copy the image to a DVD, follow these steps:
 
@@ -7879,7 +7934,7 @@ To copy the image to a DVD, follow these steps:
 Decompress the image using the @command{xz} command:
 
 @example
-xz -d guixsd-install-@value{VERSION}.@var{system}.xz
+xz -d guixsd-install-@value{VERSION}.@var{system}.iso.xz
 @end example
 
 @item
@@ -7888,19 +7943,22 @@ its device name.  Assuming that the DVD drive is known as @file{/dev/srX},
 copy the image with:
 
 @example
-growisofs -dvd-compat -Z /dev/srX=guixsd-install-@value{VERSION}.x86_64
+growisofs -dvd-compat -Z /dev/srX=guixsd-install-@value{VERSION}.x86_64.iso
 @end example
 
 Access to @file{/dev/srX} usually requires root privileges.
 @end enumerate
 
+@unnumberedsubsubsec Booting
+
 Once this is done, you should be able to reboot the system and boot from
-the DVD.  The latter usually requires you to get in the BIOS or
-UEFI boot menu, where you can choose to boot from the DVD.
+the USB stick or DVD.  The latter usually requires you to get in the
+BIOS or UEFI boot menu, where you can choose to boot from the USB stick.
 
 @xref{Installing GuixSD in a VM}, if, instead, you would like to install
 GuixSD in a virtual machine (VM).
 
+
 @node Preparing for Installation
 @subsection Preparing for Installation
 
@@ -8251,7 +8309,7 @@ disk image, follow these steps:
 @enumerate
 @item
 First, retrieve and decompress the GuixSD installation image as
-described previously (@pxref{USB Stick Installation}).
+described previously (@pxref{USB Stick and DVD Installation}).
 
 @item
 Create a disk image that will hold the installed system.  To make a
@@ -8270,7 +8328,7 @@ Boot the USB installation image in an VM:
 @example
 qemu-system-x86_64 -m 1024 -smp 1 \
   -net user -net nic,model=virtio -boot menu=on \
-  -drive file=guixsd-install-@value{VERSION}.@var{system} \
+  -drive file=guixsd-install-@value{VERSION}.@var{system}.iso \
   -drive file=guixsd.img
 @end example
 
@@ -9329,6 +9387,7 @@ declaration.
 * Monitoring Services::         Monitoring services.
 * Kerberos Services::           Kerberos services.
 * Web Services::                Web servers.
+* Certificate Services::        TLS certificates via Let's Encrypt.
 * DNS Services::                DNS daemons.
 * VPN Services::                VPN daemons.
 * Network File System::         NFS related services.
@@ -9336,6 +9395,7 @@ declaration.
 * Power management Services::   The TLP tool.
 * Audio Services::              The MPD.
 * Virtualization Services::     Virtualization services.
+* Version Control Services::    Providing remote access to Git repositories.
 * Miscellaneous Services::      Other services.
 @end menu
 
@@ -10932,10 +10992,87 @@ Package object of the Open vSwitch.
 
 @cindex X11
 @cindex X Window System
+@cindex login manager
 Support for the X Window graphical display system---specifically
 Xorg---is provided by the @code{(gnu services xorg)} module.  Note that
 there is no @code{xorg-service} procedure.  Instead, the X server is
-started by the @dfn{login manager}, currently SLiM.
+started by the @dfn{login manager}, by default SLiM.
+
+@cindex window manager
+To use X11, you must install at least one @dfn{window manager}---for
+example the @code{windowmaker} or @code{openbox} packages---preferably
+by adding it to the @code{packages} field of your operating system
+definition (@pxref{operating-system Reference, system-wide packages}).
+
+@defvr {Scheme Variable} slim-service-type
+This is the type for the SLiM graphical login manager for X11.
+
+@cindex session types (X11)
+@cindex X11 session types
+SLiM looks for @dfn{session types} described by the @file{.desktop} files in
+@file{/run/current-system/profile/share/xsessions} and allows users to
+choose a session from the log-in screen using @kbd{F1}.  Packages such
+as @code{xfce}, @code{sawfish}, and @code{ratpoison} provide
+@file{.desktop} files; adding them to the system-wide set of packages
+automatically makes them available at the log-in screen.
+
+In addition, @file{~/.xsession} files are honored.  When available,
+@file{~/.xsession} must be an executable that starts a window manager
+and/or other X clients.
+@end defvr
+
+@deftp {Data Type} slim-configuration
+Data type representing the configuration of @code{slim-service-type}.
+
+@table @asis
+@item @code{allow-empty-passwords?} (default: @code{#t})
+Whether to allow logins with empty passwords.
+
+@item @code{auto-login?} (default: @code{#f})
+@itemx @code{default-user} (default: @code{""})
+When @code{auto-login?} is false, SLiM presents a log-in screen.
+
+When @code{auto-login?} is true, SLiM logs in directly as
+@code{default-user}.
+
+@item @code{theme} (default: @code{%default-slim-theme})
+@itemx @code{theme-name} (default: @code{%default-slim-theme-name})
+The graphical theme to use and its name.
+
+@item @code{auto-login-session} (default: @code{#f})
+If true, this must be the name of the executable to start as the default
+session---e.g., @code{(file-append windowmaker "/bin/windowmaker")}.
+
+If false, a session described by one of the available @file{.desktop}
+files in @code{/run/current-system/profile} and @code{~/.guix-profile}
+will be used.
+
+@quotation Note
+You must install at least one window manager in the system profile or in
+your user profile.  Failing to do that, if @code{auto-login-session} is
+false, you will be unable to log in.
+@end quotation
+
+@item @code{startx} (default: @code{(xorg-start-command)})
+The command used to start the X11 graphical server.
+
+@item @code{xauth} (default: @code{xauth})
+The XAuth package to use.
+
+@item @code{shepherd} (default: @code{shepherd})
+The Shepherd package used when invoking @command{halt} and
+@command{reboot}.
+
+@item @code{slim} (default: @code{slim})
+The SLiM package to use.
+@end table
+@end deftp
+
+@defvr {Scheme Variable} %default-theme
+@defvrx {Scheme Variable} %default-theme-name
+The default SLiM theme and its name.
+@end defvr
+
 
 @deftp {Data Type} sddm-configuration
 This is the data type representing the sddm service configuration.
@@ -11030,6 +11167,7 @@ Relogin after logout.
 @end deftp
 
 @cindex login manager
+@cindex X11 login
 @deffn {Scheme Procedure} sddm-service config
 Return a service that spawns the SDDM graphical login manager for config of
 type @code{<sddm-configuration>}.
@@ -11041,68 +11179,42 @@ type @code{<sddm-configuration>}.
 @end example
 @end deffn
 
-@deffn {Scheme Procedure} slim-service [#:allow-empty-passwords? #f] @
-  [#:auto-login? #f] [#:default-user ""] [#:startx] @
-  [#:theme @var{%default-slim-theme}] @
-  [#:theme-name @var{%default-slim-theme-name}]
-Return a service that spawns the SLiM graphical login manager, which in
-turn starts the X display server with @var{startx}, a command as returned by
-@code{xorg-start-command}.
-
-@cindex X session
-
-SLiM automatically looks for session types described by the @file{.desktop}
-files in @file{/run/current-system/profile/share/xsessions} and allows users
-to choose a session from the log-in screen using @kbd{F1}.  Packages such as
-@var{xfce}, @var{sawfish}, and @var{ratpoison} provide @file{.desktop} files;
-adding them to the system-wide set of packages automatically makes them
-available at the log-in screen.
-
-In addition, @file{~/.xsession} files are honored.  When available,
-@file{~/.xsession} must be an executable that starts a window manager
-and/or other X clients.
-
-When @var{allow-empty-passwords?} is true, allow logins with an empty
-password.  When @var{auto-login?} is true, log in automatically as
-@var{default-user}.
-
-If @var{theme} is @code{#f}, use the default log-in theme; otherwise
-@var{theme} must be a gexp denoting the name of a directory containing the
-theme to use.  In that case, @var{theme-name} specifies the name of the
-theme.
-@end deffn
-
-@defvr {Scheme Variable} %default-theme
-@defvrx {Scheme Variable} %default-theme-name
-The G-Expression denoting the default SLiM theme and its name.
-@end defvr
-
 @deffn {Scheme Procedure} xorg-start-command [#:guile] @
-  [#:configuration-file #f] [#:xorg-server @var{xorg-server}]
-Return a derivation that builds a @var{guile} script to start the X server
-from @var{xorg-server}.  @var{configuration-file} is the server configuration
-file or a derivation that builds it; when omitted, the result of
-@code{xorg-configuration-file} is used.
+  [#:modules %default-xorg-modules] @
+  [#:fonts %default-xorg-fonts] @
+  [#:configuration-file (xorg-configuration-file @dots{})] @
+  [#:xorg-server @var{xorg-server}]
+Return a @code{startx} script in which @var{modules}, a list of X module
+packages, and @var{fonts}, a list of X font directories, are available.  See
+@code{xorg-wrapper} for more details on the arguments.  The result should be
+used in place of @code{startx}.
 
 Usually the X server is started by a login manager.
 @end deffn
 
 @deffn {Scheme Procedure} xorg-configuration-file @
+  [#:modules %default-xorg-modules] @
+  [#:fonts %default-xorg-fonts] @
   [#:drivers '()] [#:resolutions '()] [#:extra-config '()]
 Return a configuration file for the Xorg server containing search paths for
 all the common drivers.
 
+@var{modules} must be a list of @dfn{module packages} loaded by the Xorg
+server---e.g., @code{xf86-video-vesa}, @code{xf86-input-keyboard}, and so on.
+@var{fonts} must be a list of font directories to add to the server's
+@dfn{font path}.
+
 @var{drivers} must be either the empty list, in which case Xorg chooses a
 graphics driver automatically, or a list of driver names that will be tried in
-this order---e.g., @code{(\"modesetting\" \"vesa\")}.
+this order---e.g., @code{("modesetting" "vesa")}.
 
 Likewise, when @var{resolutions} is the empty list, Xorg chooses an
 appropriate screen resolution; otherwise, it must be a list of
 resolutions---e.g., @code{((1024 768) (640 480))}.
 
 Last, @var{extra-config} is a list of strings or objects appended to the
-@code{text-file*} argument list.  It is used to pass extra text to be added
-verbatim to the configuration file.
+configuration file.  It is used to pass extra text to be
+added verbatim to the configuration file.
 @end deffn
 
 @deffn {Scheme Procedure} screen-locker-service @var{package} [@var{name}]
@@ -13835,7 +13947,7 @@ record as in this example:
 @example
 (service prosody-service-type
          (prosody-configuration
-          (modules-enabled (cons "groups" %default-modules-enabled))
+          (modules-enabled (cons "groups" "mam" %default-modules-enabled))
           (int-components
            (list
             (int-component-configuration
@@ -13856,10 +13968,15 @@ By default, Prosody does not need much configuration.  Only one
 @code{virtualhosts} field is needed: it specifies the domain you wish
 Prosody to serve.
 
-Prosodyctl will help you generate X.509 certificates and keys:
+You can perform various sanity checks on the generated configuration
+with the @code{prosodyctl check} command.
+
+Prosodyctl will also help you to import certificates from the
+@code{letsencrypt} directory so that the @code{prosody} user can access
+them.  See @url{https://prosody.im/doc/letsencrypt}.
 
 @example
-prosodyctl cert request example.net
+prosodyctl --root cert import /etc/letsencrypt/live
 @end example
 
 The available configuration parameters follow.  Each parameter
@@ -13898,6 +14015,13 @@ paths in order.  See @url{http://prosody.im/doc/plugins_directory}.
 Defaults to @samp{()}.
 @end deftypevr
 
+@deftypevr {@code{prosody-configuration} parameter} file-name certificates
+Every virtual host and component needs a certificate so that clients and
+servers can securely verify its identity.  Prosody will automatically load
+certificates/keys from the directory specified here.
+Defaults to @samp{"/etc/prosody/certs"}.
+@end deftypevr
+
 @deftypevr {@code{prosody-configuration} parameter} string-list admins
 This is a list of accounts that are admins for the server.  Note that you
 must create the accounts separately.  See @url{http://prosody.im/doc/admins} and
@@ -13915,8 +14039,9 @@ Defaults to @samp{#f}.
 @deftypevr {@code{prosody-configuration} parameter} module-list modules-enabled
 This is the list of modules Prosody will load on startup.  It looks for
 @code{mod_modulename.lua} in the plugins folder, so make sure that exists too.
-Documentation on modules can be found at: @url{http://prosody.im/doc/modules}.
-Defaults to @samp{%default-modules-enabled}.
+Documentation on modules can be found at:
+@url{http://prosody.im/doc/modules}.
+Defaults to @samp{("roster" "saslauth" "tls" "dialback" "disco" "carbons" "private" "blocklist" "vcard" "version" "uptime" "time" "ping" "pep" "register" "admin_adhoc")}.
 @end deftypevr
 
 @deftypevr {@code{prosody-configuration} parameter} string-list modules-disabled
@@ -13950,14 +14075,12 @@ Available @code{ssl-configuration} fields are:
 This determines what handshake to use.
 @end deftypevr
 
-@deftypevr {@code{ssl-configuration} parameter} file-name key
-Path to your private key file, relative to @code{/etc/prosody}.
-Defaults to @samp{"/etc/prosody/certs/key.pem"}.
+@deftypevr {@code{ssl-configuration} parameter} maybe-file-name key
+Path to your private key file.
 @end deftypevr
 
-@deftypevr {@code{ssl-configuration} parameter} file-name certificate
-Path to your certificate file, relative to @code{/etc/prosody}.
-Defaults to @samp{"/etc/prosody/certs/cert.pem"}.
+@deftypevr {@code{ssl-configuration} parameter} maybe-file-name certificate
+Path to your certificate file.
 @end deftypevr
 
 @deftypevr {@code{ssl-configuration} parameter} file-name capath
@@ -14019,6 +14142,12 @@ See @url{http://prosody.im/doc/modules/mod_tls}.
 Defaults to @samp{#f}.
 @end deftypevr
 
+@deftypevr {@code{prosody-configuration} parameter} string-list disable-sasl-mechanisms
+Set of mechanisms that will never be offered.  See
+@url{https://prosody.im/doc/modules/mod_saslauth}.
+Defaults to @samp{("DIGEST-MD5")}.
+@end deftypevr
+
 @deftypevr {@code{prosody-configuration} parameter} boolean s2s-require-encryption?
 Whether to force all server-to-server connections to be encrypted or not.
 See @url{http://prosody.im/doc/modules/mod_tls}.
@@ -14069,6 +14198,17 @@ File to write pid in.  See @url{http://prosody.im/doc/modules/mod_posix}.
 Defaults to @samp{"/var/run/prosody/prosody.pid"}.
 @end deftypevr
 
+@deftypevr {@code{prosody-configuration} parameter} maybe-non-negative-integer http-max-content-size
+Maximum allowed size of the HTTP body (in bytes).
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} maybe-string http-external-url
+Some modules expose their own URL in various ways.  This URL is built
+from the protocol, host and port used.  If Prosody sits behind a proxy, the
+public URL will be @code{http-external-url} instead.  See
+@url{https://prosody.im/doc/http#external_url}.
+@end deftypevr
+
 @deftypevr {@code{prosody-configuration} parameter} virtualhost-configuration-list virtualhosts
 A host in Prosody is a domain on which user accounts can be created.  For
 example if you want your users to have addresses like
@@ -14085,7 +14225,7 @@ See @url{http://prosody.im/doc/configure#virtual_host_settings}.
 
 Available @code{virtualhost-configuration} fields are:
 
-all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, plus:
+all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
 @deftypevr {@code{virtualhost-configuration} parameter} string domain
 Domain you wish Prosody to serve.
 @end deftypevr
@@ -14107,7 +14247,7 @@ Defaults to @samp{()}.
 
 Available @code{int-component-configuration} fields are:
 
-all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, plus:
+all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
 @deftypevr {@code{int-component-configuration} parameter} string hostname
 Hostname of the component.
 @end deftypevr
@@ -14160,7 +14300,7 @@ Defaults to @samp{()}.
 
 Available @code{ext-component-configuration} fields are:
 
-all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, plus:
+all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
 @deftypevr {@code{ext-component-configuration} parameter} string component-secret
 Password which the component will use to log in.
 @end deftypevr
@@ -14173,6 +14313,7 @@ Hostname of the component.
 
 @deftypevr {@code{prosody-configuration} parameter} non-negative-integer-list component-ports
 Port(s) Prosody listens on for component connections.
+Defaults to @samp{(5347)}.
 @end deftypevr
 
 @deftypevr {@code{prosody-configuration} parameter} string component-interface
@@ -14180,6 +14321,10 @@ Interface Prosody listens on for component connections.
 Defaults to @samp{"127.0.0.1"}.
 @end deftypevr
 
+@deftypevr {@code{prosody-configuration} parameter} maybe-raw-content raw-content
+Raw content that will be added to the configuration file.
+@end deftypevr
+
 It could be that you just want to get a @code{prosody.cfg.lua}
 up and running.  In that case, you can pass an
 @code{opaque-prosody-configuration} record as the value of
@@ -14941,6 +15086,84 @@ capability also has to be configured on the front-end as well.
 @end table
 @end deftp
 
+@node Certificate Services
+@subsubsection Certificate Services
+
+@cindex Web
+@cindex HTTP, HTTPS
+@cindex Let's Encrypt
+@cindex TLS certificates
+The @code{(gnu services certbot)} module provides a service to
+automatically obtain a valid TLS certificate from the Let's Encrypt
+certificate authority.  These certificates can then be used to serve
+content securely over HTTPS or other TLS-based protocols, with the
+knowledge that the client will be able to verify the server's
+authenticity.
+
+@url{https://letsencrypt.org/, Let's Encrypt} provides the
+@code{certbot} tool to automate the certification process.  This tool
+first securely generates a key on the server.  It then makes a request
+to the Let's Encrypt certificate authority (CA) to sign the key.  The CA
+checks that the request originates from the host in question by using a
+challenge-response protocol, requiring the server to provide its
+response over HTTP.  If that protocol completes successfully, the CA
+signs the key, resulting in a certificate.  That certificate is valid
+for a limited period of time, and therefore to continue to provide TLS
+services, the server needs to periodically ask the CA to renew its
+signature.
+
+The certbot service automates this process: the initial key
+generation, the initial certification request to the Let's Encrypt
+service, the web server challenge/response integration, writing the
+certificate to disk, and the automated periodic renewals.
+
+@defvr {Scheme Variable} certbot-service-type
+A service type for the @code{certbot} Let's Encrypt client.
+@end defvr
+
+@deftp {Data Type} certbot-configuration
+Data type representing the configuration of the @code{certbot} serice.
+This type has the following parameters:
+
+@table @asis
+@item @code{package} (default: @code{certbot})
+The certbot package to use.
+
+@item @code{webroot} (default: @code{/var/www})
+The directory from which to serve the Let's Encrypt challenge/response
+files.
+
+@item @code{hosts} (default: @code{()})
+A list of hosts for which to generate certificates and request
+signatures.
+
+@item @code{default-location} (default: @i{see below})
+The default @code{nginx-location-configuration}.  Because @code{certbot}
+needs to be able to serve challenges and responses, it needs to be able
+to run a web server.  It does so by extending the @code{nginx} web
+service with an @code{nginx-server-configuration} listening on the
+@var{hosts} on port 80, and which has a
+@code{nginx-location-configuration} for the @code{/.well-known/} URI
+path subspace used by Let's Encrypt.  @xref{Web Services}, for more on
+these nginx configuration data types.
+
+Requests to other URL paths will be matched by the
+@code{default-location}, which if present is added to all
+@code{nginx-server-configuration}s.
+
+By default, the @code{default-location} will issue a redirect from
+@code{http://@var{host}/...} to @code{https://@var{host}/...}, leaving
+you to define what to serve on your site via @code{https}.
+
+Pass @code{#f} to not issue a default location.
+@end table
+@end deftp
+
+The public key and its signatures will be written to
+@code{/etc/letsencrypt/live/@var{host}/fullchain.pem}, for each
+@var{host} in the configuration.  The private key is written to
+@code{/etc/letsencrypt/live/@var{host}/privkey.pem}.
+
 
 @node DNS Services
 @subsubsection DNS Services
@@ -15345,6 +15568,7 @@ The list of knot-zone-configuration used by this configuration.
 @end table
 @end deftp
 
+
 @node VPN Services
 @subsubsection VPN Services
 @cindex VPN (virtual private network)
@@ -17199,6 +17423,147 @@ Defaults to @samp{3}
 @end deftypevr
 
 
+@node Version Control Services
+@subsubsection Version Control Services
+
+The @code{(gnu services version-control)} module provides a service to
+allow remote access to local Git repositories.  There are two options:
+the @code{git-daemon-service}, which provides access to repositories via
+the @code{git://} unsecured TCP-based protocol, or extending the
+@code{nginx} web server to proxy some requests to
+@code{git-http-backend}.
+
+@deffn {Scheme Procedure} git-daemon-service [#:config (git-daemon-configuration)]
+
+Return a service that runs @command{git daemon}, a simple TCP server to
+expose repositories over the Git protocol for anonymous access.
+
+The optional @var{config} argument should be a
+@code{<git-daemon-configuration>} object, by default it allows read-only
+access to exported@footnote{By creating the magic file
+"git-daemon-export-ok" in the repository directory.} repositories under
+@file{/srv/git}.
+
+@end deffn
+
+@deftp {Data Type} git-daemon-configuration
+Data type representing the configuration for @code{git-daemon-service}.
+
+@table @asis
+@item @code{package} (default: @var{git})
+Package object of the Git distributed version control system.
+
+@item @code{export-all?} (default: @var{#f})
+Whether to allow access for all Git repositories, even if they do not
+have the @file{git-daemon-export-ok} file.
+
+@item @code{base-path} (default: @file{/srv/git})
+Whether to remap all the path requests as relative to the given path.
+If you run git daemon with @var{(base-path "/srv/git")} on example.com,
+then if you later try to pull @code{git://example.com/hello.git}, git
+daemon will interpret the path as @code{/srv/git/hello.git}.
+
+@item @code{user-path} (default: @var{#f})
+Whether to allow @code{~user} notation to be used in requests.  When
+specified with empty string, requests to @code{git://host/~alice/foo} is
+taken as a request to access @code{foo} repository in the home directory
+of user @code{alice}.  If @var{(user-path "path")} is specified, the
+same request is taken as a request to access @code{path/foo} repository
+in the home directory of user @code{alice}.
+
+@item @code{listen} (default: @var{'()})
+Whether to listen on specific IP addresses or hostnames, defaults to
+all.
+
+@item @code{port} (default: @var{#f})
+Whether to listen on an alternative port, which defaults to 9418.
+
+@item @code{whitelist} (default: @var{'()})
+If not empty, only allow access to this list of directories.
+
+@item @code{extra-options} (default: @var{'()})
+Extra options will be passed to @code{git daemon}, please run
+@command{man git-daemon} for more information.
+
+@end table
+@end deftp
+
+The @code{git://} protocol lacks authentication.  When you pull from a
+repository fetched via @code{git://}, you don't know that the data you
+receive was modified is really coming from the specified host, and you
+have your connection is subject to eavesdropping.  It's better to use an
+authenticated and encrypted transport, such as @code{https}.  Although Git allows you
+to serve repositories using unsophisticated file-based web servers,
+there is a faster protocol implemented by the @code{git-http-backend}
+program.  This program is the back-end of a proper Git web service.  It
+is designed to sit behind a FastCGI proxy.  @xref{Web Services}, for more
+on running the necessary @code{fcgiwrap} daemon.
+
+Guix has a separate configuration data type for serving Git repositories
+over HTTP.
+
+@deftp {Data Type} git-http-configuration
+Data type representing the configuration for @code{git-http-service}.
+
+@table @asis
+@item @code{package} (default: @var{git})
+Package object of the Git distributed version control system.
+
+@item @code{git-root} (default: @file{/srv/git})
+Directory containing the Git repositories to expose to the world.
+
+@item @code{export-all?} (default: @var{#f})
+Whether to expose access for all Git repositories in @var{git-root},
+even if they do not have the @file{git-daemon-export-ok} file.
+
+@item @code{uri-path} (default: @file{/git/})
+Path prefix for Git access.  With the default @code{/git/} prefix, this
+will map @code{http://@var{server}/git/@var{repo}.git} to
+@code{/srv/git/@var{repo}.git}.  Requests whose URI paths do not begin
+with this prefix are not passed on to this Git instance.
+
+@item @code{fcgiwrap-socket} (default: @code{127.0.0.1:9000})
+The socket on which the @code{fcgiwrap} daemon is listening.  @xref{Web
+Services}.
+@end table
+@end deftp
+
+There is no @code{git-http-service-type}, currently; instead you can
+create an @code{nginx-location-configuration} from a
+@code{git-http-configuration} and then add that location to a web
+server.
+
+@deffn {Scheme Procedure} git-http-nginx-location-configuration @
+       [config=(git-http-configuration)]
+Compute an @code{nginx-location-configuration} that corresponds to the
+given Git http configuration.  An example nginx service definition to
+serve the default @file{/srv/git} over HTTPS might be:
+
+@example
+(service nginx-service-type
+         (nginx-configuration
+          (server-blocks
+           (list
+            (nginx-server-configuration
+             (http-port #f)
+             (server-name "git.my-host.org")
+             (ssl-certificate
+              "/etc/letsencrypt/live/git.my-host.org/fullchain.pem")
+             (ssl-certificate-key
+              "/etc/letsencrypt/live/git.my-host.org/privkey.pem")
+             (locations
+              (list
+               (git-http-nginx-location-configuration
+                (git-http-configuration (uri-path "/"))))))))))
+@end example
+
+This example assumes that you are using Let's Encrypt to get your TLS
+certificate.  @xref{Certificate Services}.  The default @code{certbot}
+service will redirect all HTTP traffic on @code{git.my-host.org} to
+HTTPS.  You will also need to add an @code{fcgiwrap} proxy to your
+system services.  @xref{Web Services}.
+@end deffn
+
 @node Miscellaneous Services
 @subsubsection Miscellaneous Services
 
@@ -17360,66 +17725,6 @@ The following is an example @code{dicod-service} configuration.
                     %dicod-database:gcide))))
 @end example
 
-@subsubsection Version Control
-
-The @code{(gnu services version-control)} module provides the following services:
-
-@subsubheading Git daemon service
-
-@deffn {Scheme Procedure} git-daemon-service [#:config (git-daemon-configuration)]
-
-Return a service that runs @command{git daemon}, a simple TCP server to
-expose repositories over the Git protocol for anonymous access.
-
-The optional @var{config} argument should be a
-@code{<git-daemon-configuration>} object, by default it allows read-only
-access to exported@footnote{By creating the magic file
-"git-daemon-export-ok" in the repository directory.} repositories under
-@file{/srv/git}.
-
-@end deffn
-
-@deftp {Data Type} git-daemon-configuration
-Data type representing the configuration for @code{git-daemon-service}.
-
-@table @asis
-@item @code{package} (default: @var{git})
-Package object of the Git distributed version control system.
-
-@item @code{export-all?} (default: @var{#f})
-Whether to allow access for all Git repositories, even if they do not
-have the @file{git-daemon-export-ok} file.
-
-@item @code{base-path} (default: @file{/srv/git})
-Whether to remap all the path requests as relative to the given path.
-If you run git daemon with @var{(base-path "/srv/git")} on example.com,
-then if you later try to pull @code{git://example.com/hello.git}, git
-daemon will interpret the path as @code{/srv/git/hello.git}.
-
-@item @code{user-path} (default: @var{#f})
-Whether to allow @code{~user} notation to be used in requests.  When
-specified with empty string, requests to @code{git://host/~alice/foo} is
-taken as a request to access @code{foo} repository in the home directory
-of user @code{alice}.  If @var{(user-path "path")} is specified, the
-same request is taken as a request to access @code{path/foo} repository
-in the home directory of user @code{alice}.
-
-@item @code{listen} (default: @var{'()})
-Whether to listen on specific IP addresses or hostnames, defaults to
-all.
-
-@item @code{port} (default: @var{#f})
-Whether to listen on an alternative port, which defaults to 9418.
-
-@item @code{whitelist} (default: @var{'()})
-If not empty, only allow access to this list of directories.
-
-@item @code{extra-options} (default: @var{'()})
-Extra options will be passed to @code{git daemon}, please run
-@command{man git-daemon} for more information.
-
-@end table
-@end deftp
 
 @subsubheading Cgit Service
 
@@ -17957,7 +18262,7 @@ manual}).
 
 @item @code{serial-unit} (default: @code{#f})
 The serial unit used by the bootloader, as an integer from 0 to 3.
-For GRUB it is choosen at run-time; currently GRUB chooses 0, which
+For GRUB, it is chosen at run-time; currently GRUB chooses 0, which
 corresponds to COM1 (@pxref{Serial terminal,,, grub,GNU GRUB manual}).
 
 @item @code{serial-speed} (default: @code{#f})
@@ -19566,16 +19871,14 @@ definition may look like this:
   (let ((commit "c3f29bc928d5900971f65965feaae59e1272a3f7")
         (revision "1"))          ;Guix package revision
     (package
-      (version (string-append "0.9-" revision "."
-                              (string-take commit 7)))
+      (version (git-version "0.9" revision commit))
       (source (origin
                 (method git-fetch)
                 (uri (git-reference
                       (url "git://example.org/my-package.git")
                       (commit commit)))
                 (sha256 (base32 "1mbikn@dots{}"))
-                (file-name (string-append "my-package-" version
-                                          "-checkout"))))
+                (file-name (git-file-name name version))))
       ;; @dots{}
       )))
 @end example
@@ -19972,6 +20275,28 @@ unknown, but if you would like to investigate further (and have
 significant computational and storage resources to do so), then let us
 know.
 
+@unnumberedsubsec Reducing the Set of Bootstrap Binaries
+
+Our bootstrap binaries currently include GCC, Guile, etc.  That's a lot
+of binary code!  Why is that a problem?  It's a problem because these
+big chunks of binary code are practically non-auditable, which makes it
+hard to establish what source code produced them.  Every unauditable
+binary also leaves us vulnerable to compiler backdoors as described by
+Ken Thompson in the 1984 paper @emph{Reflections on Trusting Trust}.
+
+This is mitigated by the fact that our bootstrap binaries were generated
+from an earlier Guix revision.  Nevertheless it lacks the level of
+transparency that we get in the rest of the package dependency graph,
+where Guix always gives us a source-to-binary mapping.  Thus, our goal
+is to reduce the set of bootstrap binaries to the bare minimum.
+
+The @uref{http://bootstrappable.org, Bootstrappable.org web site} lists
+on-going projects to do that.  One of these is about replacing the
+bootstrap GCC with a sequence of assemblers, interpreters, and compilers
+of increasing complexity, which could be built from source starting from
+a simple and auditable assembler.  Your help is welcome!
+
+
 @node Porting
 @section Porting to a New Platform
 
diff --git a/gnu/bootloader/extlinux.scm b/gnu/bootloader/extlinux.scm
index e5fdeb5801..9b6e2c7f2a 100644
--- a/gnu/bootloader/extlinux.scm
+++ b/gnu/bootloader/extlinux.scm
@@ -53,7 +53,7 @@ corresponding to old generations of the system."
   APPEND ~a
 ~%"
                 #$label #$label
-                #$kernel #$kernel #$initrd
+                #$kernel (dirname #$kernel) #$initrd
                 (string-join (list #$@kernel-arguments)))))
 
   (define builder
@@ -85,14 +85,6 @@ TIMEOUT ~a~%"
 ;;; Install procedures.
 ;;;
 
-(define dd
-  #~(lambda (bs count if of)
-      (zero? (system* "dd"
-                      (string-append "bs=" (number->string bs))
-                      (string-append "count=" (number->string count))
-                      (string-append "if=" if)
-                      (string-append "of=" of)))))
-
 (define (install-extlinux mbr)
   #~(lambda (bootloader device mount-point)
       (let ((extlinux (string-append bootloader "/sbin/extlinux"))
@@ -101,9 +93,15 @@ TIMEOUT ~a~%"
         (for-each (lambda (file)
                     (install-file file install-dir))
                   (find-files syslinux-dir "\\.c32$"))
-
-        (unless (and (zero? (system* extlinux "--install" install-dir))
-                     (#$dd 440 1 (string-append syslinux-dir "/" #$mbr) device))
+        (unless
+            (and (zero? (system* extlinux "--install" install-dir))
+                 (call-with-input-file (string-append syslinux-dir "/" #$mbr)
+                   (lambda (input)
+                     (let ((bv (get-bytevector-n input 440)))
+                       (call-with-output-file device
+                         (lambda (output)
+                           (put-bytevector output bv))
+                         #:binary #t)))))
           (error "failed to install SYSLINUX")))))
 
 (define install-extlinux-mbr
diff --git a/gnu/build/linux-boot.scm b/gnu/build/linux-boot.scm
index a1ff4dd1ea..2547f1e0af 100644
--- a/gnu/build/linux-boot.scm
+++ b/gnu/build/linux-boot.scm
@@ -21,7 +21,6 @@
   #:use-module (rnrs io ports)
   #:use-module (system repl error-handling)
   #:autoload   (system repl repl) (start-repl)
-  #:autoload   (system base compile) (compile-file)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-26)
   #:use-module (ice-9 match)
@@ -270,6 +269,7 @@ using the kernel build-in overlayfs."
   ;; Make sure /root/etc/mtab is a symlink to /proc/self/mounts.
   (false-if-exception
     (delete-file "/root/etc/mtab"))
+  (mkdir-p "/root/etc")
   (symlink "/proc/self/mounts" "/root/etc/mtab"))
 
 (define (switch-root root)
diff --git a/gnu/build/shepherd.scm b/gnu/build/shepherd.scm
index 8fc74bc482..c955e3c83f 100644
--- a/gnu/build/shepherd.scm
+++ b/gnu/build/shepherd.scm
@@ -60,11 +60,13 @@
       (type "tmpfs")
       (check? #f)))
 
-  (define passwd
+  (define accounts
     ;; This is for processes in the default user namespace but living in a
     ;; different mount namespace, so that they can lookup users.
-    (file-system-mapping
-     (source "/etc/passwd") (target source)))
+    (list (file-system-mapping
+           (source "/etc/passwd") (target source))
+          (file-system-mapping
+           (source "/etc/group") (target source))))
 
   (define nscd-socket
     (file-system-mapping
@@ -78,7 +80,7 @@
                                         %network-file-mappings))
                             ,@(if (and (memq 'mnt namespaces)
                                        (not (memq 'user namespaces)))
-                                  (list passwd)
+                                  accounts
                                   '())
                             ,%store-mapping)))    ;XXX: coarse-grain
             (map file-system-mapping->bind-mount
diff --git a/gnu/build/vm.scm b/gnu/build/vm.scm
index 7537f81509..20ee12709b 100644
--- a/gnu/build/vm.scm
+++ b/gnu/build/vm.scm
@@ -378,11 +378,8 @@ SYSTEM-DIRECTORY is the name of the directory of the 'system' derivation."
 GRUB configuration and OS-DRV as the stuff in it."
   (let ((grub-mkrescue (string-append grub "/bin/grub-mkrescue"))
         (target-store  (string-append "/tmp/root" (%store-directory))))
-    (mkdir-p "/tmp/root/var/run")
-    (mkdir-p "/tmp/root/run")
-    (mkdir-p "/tmp/root/mnt")
+    (populate-root-file-system os-drv "/tmp/root")
 
-    (mkdir-p target-store)
     (mount (%store-directory) target-store "" MS_BIND)
 
     (when register-closures?
@@ -399,6 +396,7 @@ GRUB configuration and OS-DRV as the stuff in it."
                           `(,grub-mkrescue "-o" ,target
                             ,(string-append "boot/grub/grub.cfg=" config-file)
                             ,(string-append "gnu/store=" os-drv "/..")
+                            "etc=/tmp/root/etc"
                             "var=/tmp/root/var"
                             "run=/tmp/root/run"
                             ;; /mnt is used as part of the installation
diff --git a/gnu/local.mk b/gnu/local.mk
index 5a701075ff..ac7e115310 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -444,6 +444,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/services/audio.scm                        \
   %D%/services/avahi.scm			\
   %D%/services/base.scm				\
+  %D%/services/certbot.scm			\
   %D%/services/configuration.scm		\
   %D%/services/cuirass.scm			\
   %D%/services/cups.scm				\
@@ -496,7 +497,6 @@ GNU_SYSTEM_MODULES =				\
   %D%/build/linux-initrd.scm			\
   %D%/build/linux-modules.scm			\
   %D%/build/marionette.scm			\
-  %D%/build/shepherd.scm			\
   %D%/build/vm.scm				\
 						\
   %D%/tests.scm					\
@@ -519,6 +519,7 @@ GNU_SYSTEM_MODULES =				\
 
 # Modules that do not need to be compiled.
 MODULES_NOT_COMPILED +=				\
+  %D%/build/shepherd.scm			\
   %D%/build/svg.scm
 
 patchdir = $(guilemoduledir)/%D%/packages/patches
@@ -550,6 +551,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/awesome-reproducible-png.patch		\
   %D%/packages/patches/azr3.patch				\
   %D%/packages/patches/bash-completion-directories.patch	\
+  %D%/packages/patches/bazaar-CVE-2017-14176.patch		\
   %D%/packages/patches/bcftools-regidx-unsigned-char.patch	\
   %D%/packages/patches/binutils-ld-new-dtags.patch		\
   %D%/packages/patches/binutils-loongson-workaround.patch	\
@@ -570,6 +572,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/chmlib-inttypes.patch			\
   %D%/packages/patches/clang-libc-search-path.patch		\
   %D%/packages/patches/clang-3.8-libc-search-path.patch		\
+  %D%/packages/patches/clementine-use-openssl.patch		\
   %D%/packages/patches/clisp-remove-failing-test.patch		\
   %D%/packages/patches/clucene-pkgconfig.patch			\
   %D%/packages/patches/clx-remove-demo.patch			\
@@ -600,18 +603,20 @@ dist_patch_DATA =						\
   %D%/packages/patches/doc++-include-directives.patch		\
   %D%/packages/patches/doc++-segfault-fix.patch			\
   %D%/packages/patches/doxygen-test.patch			\
+  %D%/packages/patches/dtc-format-modifier.patch		\
+  %D%/packages/patches/dtc-32-bits-check.patch			\
   %D%/packages/patches/dvd+rw-tools-add-include.patch 		\
   %D%/packages/patches/elfutils-tests-ptrace.patch		\
   %D%/packages/patches/elixir-disable-failing-tests.patch	\
   %D%/packages/patches/einstein-build.patch			\
   %D%/packages/patches/emacs-exec-path.patch			\
   %D%/packages/patches/emacs-fix-scheme-indent-function.patch	\
+  %D%/packages/patches/emacs-highlight-stages-add-gexp.patch	\
   %D%/packages/patches/emacs-scheme-complete-scheme-r5rs-info.patch	\
   %D%/packages/patches/emacs-source-date-epoch.patch		\
   %D%/packages/patches/erlang-man-path.patch			\
   %D%/packages/patches/eudev-rules-directory.patch		\
   %D%/packages/patches/evilwm-lost-focus-bug.patch		\
-  %D%/packages/patches/exim-CVE-2017-1000369.patch		\
   %D%/packages/patches/exiv2-CVE-2017-14860.patch		\
   %D%/packages/patches/exiv2-CVE-2017-14859-14862-14864.patch	\
   %D%/packages/patches/fastcap-mulGlobal.patch			\
@@ -650,6 +655,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/gcc-5-source-date-epoch-2.patch		\
   %D%/packages/patches/gcc-6-arm-none-eabi-multilib.patch	\
   %D%/packages/patches/gcc-6-cross-environment-variables.patch	\
+  %D%/packages/patches/gcc-6-source-date-epoch-1.patch		\
+  %D%/packages/patches/gcc-6-source-date-epoch-2.patch		\
   %D%/packages/patches/gcr-disable-failing-tests.patch		\
   %D%/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch	\
   %D%/packages/patches/gd-fix-tests-on-i686.patch		\
@@ -681,6 +688,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/glibc-o-largefile.patch			\
   %D%/packages/patches/glibc-vectorized-strcspn-guards.patch	\
   %D%/packages/patches/glibc-versioned-locpath.patch		\
+  %D%/packages/patches/glusterfs-use-PATH-instead-of-hardcodes.patch		\
   %D%/packages/patches/glog-gcc-5-demangling.patch		\
   %D%/packages/patches/gmp-arm-asm-nothumb.patch		\
   %D%/packages/patches/gmp-faulty-test.patch			\
@@ -713,6 +721,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/guile-present-coding.patch		\
   %D%/packages/patches/guile-relocatable.patch			\
   %D%/packages/patches/guile-rsvg-pkgconfig.patch		\
+  %D%/packages/patches/guile-emacs-fix-configure.patch		\
   %D%/packages/patches/gtk2-respect-GUIX_GTK2_PATH.patch	\
   %D%/packages/patches/gtk2-respect-GUIX_GTK2_IM_MODULE_FILE.patch \
   %D%/packages/patches/gtk2-theme-paths.patch			\
@@ -801,6 +810,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libmad-armv7-thumb-pt2.patch		\
   %D%/packages/patches/libmad-frame-length.patch		\
   %D%/packages/patches/libmad-mips-newgcc.patch			\
+  %D%/packages/patches/libmygpo-qt-fix-jsoncreatortest.patch	\
   %D%/packages/patches/libsndfile-armhf-type-checks.patch	\
   %D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch	\
   %D%/packages/patches/libsndfile-CVE-2017-8362.patch		\
@@ -810,11 +820,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/libtasn1-CVE-2017-10790.patch		\
   %D%/packages/patches/libtheora-config-guess.patch		\
   %D%/packages/patches/libtirpc-CVE-2017-8779.patch		\
-  %D%/packages/patches/libtorrent-rasterbar-boost-compat.patch	\
   %D%/packages/patches/libtool-skip-tests2.patch		\
   %D%/packages/patches/libusb-0.1-disable-tests.patch		\
   %D%/packages/patches/libusb-for-axoloti.patch			\
-  %D%/packages/patches/libvirt-CVE-2017-1000256.patch		\
   %D%/packages/patches/libvpx-CVE-2016-2818.patch		\
   %D%/packages/patches/libxcb-python-3.5-compat.patch		\
   %D%/packages/patches/libxslt-generated-ids.patch		\
@@ -882,6 +890,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/newsbeuter-CVE-2017-14500.patch		\
   %D%/packages/patches/ngircd-handle-zombies.patch		\
   %D%/packages/patches/ninja-zero-mtime.patch			\
+  %D%/packages/patches/node-test-http2-server-rst-stream.patch	\
   %D%/packages/patches/nss-increase-test-timeout.patch		\
   %D%/packages/patches/nss-pkgconfig.patch			\
   %D%/packages/patches/nvi-assume-preserve-path.patch		\
@@ -903,6 +912,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/openssl-runpath.patch			\
   %D%/packages/patches/openssl-1.1.0-c-rehash-in.patch		\
   %D%/packages/patches/openssl-c-rehash-in.patch		\
+  %D%/packages/patches/optipng-CVE-2017-1000229.patch		\
   %D%/packages/patches/orpheus-cast-errors-and-includes.patch	\
   %D%/packages/patches/osip-CVE-2017-7853.patch			\
   %D%/packages/patches/ots-no-include-missing-file.patch	\
@@ -913,6 +923,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/patchelf-rework-for-arm.patch		\
   %D%/packages/patches/patchutils-xfail-gendiff-tests.patch	\
   %D%/packages/patches/patch-hurd-path-max.patch		\
+  %D%/packages/patches/pcmanfm-CVE-2017-8934.patch		\
   %D%/packages/patches/pcre2-CVE-2017-7186.patch		\
   %D%/packages/patches/pcre2-CVE-2017-8786.patch		\
   %D%/packages/patches/perl-file-path-CVE-2017-6512.patch	\
@@ -945,6 +956,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/portmidi-modular-build.patch		\
   %D%/packages/patches/procmail-ambiguous-getline-debian.patch  \
   %D%/packages/patches/procmail-CVE-2014-3618.patch		\
+  %D%/packages/patches/procmail-CVE-2017-16844.patch		\
   %D%/packages/patches/proot-test-fhs.patch			\
   %D%/packages/patches/psm-arch.patch				\
   %D%/packages/patches/psm-ldflags.patch			\
@@ -993,6 +1005,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/python-unittest2-python3-compat.patch	\
   %D%/packages/patches/python-unittest2-remove-argparse.patch	\
   %D%/packages/patches/qemu-CVE-2017-15038.patch		\
+  %D%/packages/patches/qemu-CVE-2017-15118.patch		\
+  %D%/packages/patches/qemu-CVE-2017-15119.patch		\
   %D%/packages/patches/qemu-CVE-2017-15268.patch		\
   %D%/packages/patches/qemu-CVE-2017-15289.patch		\
   %D%/packages/patches/qt4-ldflags.patch			\
@@ -1020,6 +1034,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/scotch-test-threading.patch		\
   %D%/packages/patches/sdl-libx11-1.6.patch			\
   %D%/packages/patches/seq24-rename-mutex.patch			\
+  %D%/packages/patches/shepherd-close-fds.patch			\
   %D%/packages/patches/shishi-fix-libgcrypt-detection.patch	\
   %D%/packages/patches/slim-session.patch			\
   %D%/packages/patches/slim-config.patch			\
@@ -1028,13 +1043,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/slim-login.patch				\
   %D%/packages/patches/slurm-configure-remove-nonfree-contribs.patch \
   %D%/packages/patches/sooperlooper-build-with-wx-30.patch 	\
-  %D%/packages/patches/spice-CVE-2016-9577.patch		\
-  %D%/packages/patches/spice-CVE-2016-9578-1.patch		\
-  %D%/packages/patches/spice-CVE-2016-9578-2.patch		\
-  %D%/packages/patches/spice-CVE-2017-7506.patch		\
   %D%/packages/patches/steghide-fixes.patch			\
   %D%/packages/patches/superlu-dist-scotchmetis.patch		\
-  %D%/packages/patches/supertuxkart-angelscript-ftbfs.patch		\
   %D%/packages/patches/swish-e-search.patch			\
   %D%/packages/patches/swish-e-format-security.patch		\
   %D%/packages/patches/synfigstudio-fix-ui-with-gtk3.patch 	\
@@ -1086,7 +1096,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/vorbis-tools-CVE-2014-9638+CVE-2014-9639.patch		\
   %D%/packages/patches/vorbis-tools-CVE-2014-9640.patch		\
   %D%/packages/patches/vorbis-tools-CVE-2015-6749.patch		\
-  %D%/packages/patches/vpnc-script.patch			\
   %D%/packages/patches/vsearch-unbundle-cityhash.patch		\
   %D%/packages/patches/vte-CVE-2012-2738-pt1.patch			\
   %D%/packages/patches/vte-CVE-2012-2738-pt2.patch			\
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index cd2b9a6335..3250be5349 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2015, 2016 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
 ;;; Copyright © 2015 Alex Sassmannshausen <alex.sassmannshausen@gmail.com>
 ;;; Copyright © 2015 Eric Dvorsak <eric@dvorsak.fr>
-;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Pjotr Prins <pjotr.guix@thebird.nl>
 ;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
@@ -162,7 +162,8 @@ and provides a \"top-like\" mode (monitoring).")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "174q1qg7yg6w1hfvlfv720hr6hid4h5xzw15y3ycfpspllzldhcb"))))
+                "174q1qg7yg6w1hfvlfv720hr6hid4h5xzw15y3ycfpspllzldhcb"))
+              (patches (search-patches "shepherd-close-fds.patch"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--localstatedir=/var")))
@@ -1772,13 +1773,13 @@ a new command using the matched rule, and runs it.")
 (define-public di
   (package
     (name "di")
-    (version "4.43")
+    (version "4.44")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://gentoo.com/di/di-" version ".tar.gz"))
        (sha256
-        (base32 "1q25jy51qfzsym9b2w0cqzscq2j492gn60dy6gbp88m8nwm4sdy8"))))
+        (base32 "0803lp8kd3mp1jcm17i019xiqxdy85hhs6xk67zib8gmvg500gcn"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; Obscure test failures.
@@ -1794,10 +1795,10 @@ a new command using the matched rule, and runs it.")
     (home-page "https://www.gentoo.com/di/")
     (synopsis "Advanced df like disk information utility")
     (description
-     "'di' is a disk information utility, displaying everything
-(and more) that your @code{df} command does.  It features the ability to
-display your disk usage in whatever format you prefer.  It is designed to be
-highly portable.  Great for heterogeneous networks.")
+     "'di' is a disk information utility, displaying everything that your
+@code{df} command does and more.  It features the ability to display your disk
+usage in whatever format you prefer.  It is designed to be highly portable and
+produce uniform output across heterogeneous networks.")
     (license license:zlib)))
 
 (define-public cbatticon
@@ -2295,3 +2296,39 @@ on systems running the Linux kernel.")
     ;; arm and aarch64 don't have cpuid.h
     (supported-systems '("i686-linux" "x86_64-linux"))
     (license license:gpl2+)))
+
+(define-public masscan
+  (package
+    (name "masscan")
+    (version "1.0.4")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/robertdavidgraham/masscan"
+                                  "/archive/" version ".tar.gz"))
+              (sha256
+               (base32
+                "1y9af345g00z83rliv6bmlqg37xwc7xpnx5xqdgmjikzcxgk9pji"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("libpcap" ,libpcap)))
+    (arguments
+     '(#:test-target "regress"
+       #:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure) ; There is no ./configure script
+         (add-after 'unpack 'patch-path
+           (lambda* (#:key outputs inputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (pcap (assoc-ref inputs "libpcap")))
+               (substitute* "src/rawsock-pcap.c"
+                 (("libpcap.so") (string-append pcap "/lib/libpcap.so")))
+               #t))))))
+    (synopsis "TCP port scanner")
+    (description "MASSCAN is an asynchronous TCP port scanner.  It can detect
+open ports, and also complete the TCP connection and interact with the remote
+application, collecting the information received.")
+    (home-page "https://github.com/robertdavidgraham/masscan")
+        ;; 'src/siphash24.c' is the SipHash reference implementation, which
+        ;; bears a CC0 Public Domain Dedication.
+    (license license:agpl3+)))
diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm
index ede137b22c..a7336066ef 100644
--- a/gnu/packages/algebra.scm
+++ b/gnu/packages/algebra.scm
@@ -207,7 +207,7 @@ GP2C, the GP to C compiler, translates GP scripts to PARI programs.")
 (define-public giac-xcas
   (package
     (name "giac-xcas")
-    (version "1.4.9-17")
+    (version "1.4.9-33")
     (source (origin
               (method url-fetch)
               ;; "~parisse/giac" is not used because the maintainer regularly
@@ -219,7 +219,7 @@ GP2C, the GP to C compiler, translates GP scripts to PARI programs.")
                                   "source/giac_" version ".tar.gz"))
               (sha256
                (base32
-                "0fabw706hixp4da4pgkbjrlf9gk4xrmv404f884jb24bnmb5hbax"))))
+                "1f071j4l9ayri2cxka6bfdb6c0fsdl7q7wk345r7hxjfga69g9mv"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index 384010372f..4f6e4a4095 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -63,6 +63,7 @@
   #:use-module (gnu packages image)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages qt)
+  #:use-module (gnu packages libbsd)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages llvm)
   #:use-module (gnu packages mp3) ;taglib
@@ -72,6 +73,7 @@
   #:use-module (gnu packages python)
   #:use-module (gnu packages rdf)
   #:use-module (gnu packages readline)
+  #:use-module (gnu packages telephony)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages video)
   #:use-module (gnu packages vim) ;xxd
@@ -83,7 +85,8 @@
   #:use-module (gnu packages maths)
   #:use-module (gnu packages multiprecision)
   #:use-module (gnu packages music)
-  #:use-module (srfi srfi-1))
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-26))
 
 (define-public alsa-modular-synth
   (package
@@ -341,13 +344,19 @@ engineers, musicians, soundtrack editors and composers.")
        ("python" ,python-2)
        ("which" ,which)))
     (arguments
-     '(#:configure-flags
+     `(#:configure-flags
        (let ((libid3tag (assoc-ref %build-inputs "libid3tag"))
              (libmad (assoc-ref %build-inputs "libmad"))
              (portmidi (assoc-ref %build-inputs "portmidi")))
          (list
           ;; Loading FFmpeg dynamically is problematic.
           "--disable-dynamic-loading"
+          ;; SSE instructions are available on Intel systems only.
+          ,@(if (any (cute string-prefix? <> (or (%current-target-system)
+                                                 (%current-system)))
+                    '("x64_64" "i686"))
+              '()
+              '("--enable-sse=no"))
           ;; portmidi, libid3tag and libmad provide no .pc files, so
           ;; pkg-config fails to find them.  Force their inclusion.
           (string-append "ID3TAG_CFLAGS=-I" libid3tag "/include")
@@ -446,14 +455,14 @@ plugins are provided.")
 (define-public calf
   (package
     (name "calf")
-    (version "0.0.60")
+    (version "0.90.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://calf-studio-gear.org/files/calf-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "019fwg00jv217a5r767z7szh7vdrarybac0pr2sk26xp81kibrx9"))))
+                "0dijv2j7vlp76l10s4v8gbav26ibaqk8s24ci74vrc398xy00cib"))))
     (build-system gnu-build-system)
     (inputs
      `(("fluidsynth" ,fluidsynth)
@@ -1093,17 +1102,19 @@ PS, and DAB+.")
 (define-public faust
   (package
     (name "faust")
-    (version "0.9.67")
+    (version "0.9.90")
     (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "mirror://sourceforge/faudiostream/faust-" version ".zip"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/grame-cncm/faust.git")
+                    (commit (string-append "v"
+                                           (string-map (lambda (c)
+                                                         (if (char=? c #\.) #\- c))
+                                                       version)))))
+              (file-name (string-append "faust-" version "-checkout"))
               (sha256
                (base32
-                "068vl9536zn0j4pknwfcchzi90rx5pk64wbcbd67z32w0csx8xm1"))
-              (snippet
-               ;; Remove prebuilt library
-               '(delete-file "architecture/android/libs/armeabi-v7a/libfaust_dsp.so"))))
+                "0qc6iwjd3i80jdyjc186c6ywipmjzl8wlsp4050pbr56q4rlkd4z"))))
     (build-system gnu-build-system)
     (arguments
      `(#:make-flags (list (string-append "prefix=" (assoc-ref %outputs "out")))
@@ -1111,7 +1122,16 @@ PS, and DAB+.")
        #:phases
        (modify-phases %standard-phases
          ;; no "configure" script
-         (delete 'configure))))
+         (delete 'configure)
+         ;; Files appear under $out/share/faust that are read-only.  The
+         ;; install phase tries to overwrite them and fails, so we change
+         ;; the permissions first.
+         (add-before 'install 'fix-permissions
+           (lambda _
+             (for-each (lambda (file)
+                         (chmod file #o644))
+                       (find-files "architecture/max-msp" ".*"))
+             #t)))))
     (native-inputs
      `(("unzip" ,unzip)))
     (home-page "http://faust.grame.fr/")
@@ -1140,18 +1160,7 @@ PS, and DAB+.")
      (substitute-keyword-arguments (package-arguments faust)
        ((#:make-flags flags)
         `(list (string-append "prefix=" (assoc-ref %outputs "out"))
-               "world"))
-       ((#:phases phases)
-        `(modify-phases ,phases
-           ;; Files appear under $out/share/faust that are read-only.  The
-           ;; install phase tries to overwrite them and fails, so we change
-           ;; the permissions first.
-           (add-before 'install 'fix-permissions
-             (lambda* (#:key outputs #:allow-other-keys)
-               (for-each (lambda (file)
-                           (chmod file #o644))
-                         (find-files "architecture/max-msp" ".*"))
-               #t))))))
+               "world"))))
     (native-inputs
      `(("llvm" ,llvm-with-rtti)
        ("which" ,which)
@@ -1207,7 +1216,7 @@ patches that can be used with softsynths such as Timidity and WildMidi.")
 (define-public guitarix
   (package
     (name "guitarix")
-    (version "0.36.0")
+    (version "0.36.1")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -1215,7 +1224,7 @@ patches that can be used with softsynths such as Timidity and WildMidi.")
                    version ".tar.xz"))
              (sha256
               (base32
-               "0nb0gwcmvc9xjh9pjasjbaqgpadanv4rw1njccpcmmin9xvicsqn"))))
+               "1g5949jwh2n755xjs3kcbdb8a1wxr5mn0m115wdnk27dxcdn93b0"))))
     (build-system waf-build-system)
     (arguments
      `(#:tests? #f ; no "check" target
@@ -1409,17 +1418,16 @@ synchronous execution of all clients, and low latency operation.")
 (define-public jack-2
   (package (inherit jack-1)
     (name "jack2")
-    (version "1.9.10")
+    (version "1.9.11-RC1")
     (source (origin
              (method url-fetch)
-             (uri (string-append
-                   "https://github.com/jackaudio/jack2/archive/v"
-                   version
-                   ".tar.gz"))
+             (uri (string-append "https://github.com/jackaudio/jack2/releases/"
+                                 "download/v" version "/jack2-"
+                                 version ".tar.gz"))
              (file-name (string-append name "-" version ".tar.gz"))
              (sha256
               (base32
-               "03b0iiyk3ng3vh5s8gaqwn565vik7910p56mlbk512bw3dhbdwc8"))))
+               "0ks72xxv8qrpwjc2ksr74rnp178h62g5vdplb2rn4vhkw86yw3kk"))))
     (build-system waf-build-system)
     (arguments
      `(#:python ,python-2
@@ -3022,6 +3030,54 @@ mixers.")
 (define-public python2-pyalsaaudio
   (package-with-python2 python-pyalsaaudio))
 
+(define-public bluez-alsa
+  (package
+    (name "bluez-alsa")
+    (version "1.2.0")
+    (source (origin
+              ;; The tarballs are mere snapshots and don't contain a
+              ;; bootstrapped build system.
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/Arkq/bluez-alsa.git")
+                    (commit (string-append "v" version))))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "1qinf41wl2ihx54zmmhanycihwjkn7dn1cicq6pp4rqbiv79b95x"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'bootstrap
+           (lambda _
+             (zero? (system* "autoreconf" "-vif")))))))
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("bluez" ,bluez)
+       ("glib" ,glib)
+       ("libbsd" ,libbsd)
+       ("ncurses" ,ncurses)
+       ("ortp" ,ortp)
+       ("sbc" ,sbc)))
+    (home-page "https://github.com/Arkq/bluez-alsa")
+    (synopsis "Bluetooth ALSA backend")
+    (description "This project is a rebirth of a direct integration between
+Bluez and ALSA.  Since Bluez >= 5, the build-in integration has been removed
+in favor of 3rd party audio applications.  From now on, Bluez acts as a
+middleware between an audio application, which implements Bluetooth audio
+profile, and a Bluetooth audio device.  BlueALSA registers all known Bluetooth
+audio profiles in Bluez, so in theory every Bluetooth device (with audio
+capabilities) can be connected.  In order to access the audio stream, one has
+to connect to the ALSA PCM device called @code{bluealsa}.  The device is based
+on the ALSA software PCM plugin.")
+    (license license:expat)))
+
 (define-public snd
   (package
     (name "snd")
diff --git a/gnu/packages/aux-files/linux-libre/4.14-arm.conf b/gnu/packages/aux-files/linux-libre/4.14-arm.conf
index 7f82c291a6..2bde47018a 100644
--- a/gnu/packages/aux-files/linux-libre/4.14-arm.conf
+++ b/gnu/packages/aux-files/linux-libre/4.14-arm.conf
@@ -1816,7 +1816,7 @@ CONFIG_TEGRA_AHB=y
 #
 # CONFIG_UEVENT_HELPER is not set
 CONFIG_DEVTMPFS=y
-# CONFIG_DEVTMPFS_MOUNT is not set
+CONFIG_DEVTMPFS_MOUNT=y
 CONFIG_STANDALONE=y
 CONFIG_PREVENT_FIRMWARE_BUILD=y
 CONFIG_FW_LOADER=y
@@ -7466,16 +7466,15 @@ CONFIG_DCACHE_WORD_ACCESS=y
 CONFIG_FS_IOMAP=y
 # CONFIG_EXT2_FS is not set
 # CONFIG_EXT3_FS is not set
-CONFIG_EXT4_FS=m
+CONFIG_EXT4_FS=y
 CONFIG_EXT4_USE_FOR_EXT2=y
 CONFIG_EXT4_FS_POSIX_ACL=y
 CONFIG_EXT4_FS_SECURITY=y
-CONFIG_EXT4_ENCRYPTION=y
-CONFIG_EXT4_FS_ENCRYPTION=y
+# CONFIG_EXT4_ENCRYPTION is not set
 # CONFIG_EXT4_DEBUG is not set
-CONFIG_JBD2=m
+CONFIG_JBD2=y
 # CONFIG_JBD2_DEBUG is not set
-CONFIG_FS_MBCACHE=m
+CONFIG_FS_MBCACHE=y
 CONFIG_REISERFS_FS=m
 # CONFIG_REISERFS_CHECK is not set
 # CONFIG_REISERFS_PROC_INFO is not set
@@ -7567,12 +7566,12 @@ CONFIG_UDF_NLS=y
 #
 # DOS/FAT/NT Filesystems
 #
-CONFIG_FAT_FS=m
+CONFIG_FAT_FS=y
 CONFIG_MSDOS_FS=m
-CONFIG_VFAT_FS=m
+CONFIG_VFAT_FS=y
 CONFIG_FAT_DEFAULT_CODEPAGE=437
-CONFIG_FAT_DEFAULT_IOCHARSET="ascii"
-CONFIG_FAT_DEFAULT_UTF8=y
+CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1"
+# CONFIG_FAT_DEFAULT_UTF8 is not set
 CONFIG_NTFS_FS=m
 # CONFIG_NTFS_DEBUG is not set
 # CONFIG_NTFS_RW is not set
@@ -7744,7 +7743,7 @@ CONFIG_9P_FS_POSIX_ACL=y
 CONFIG_9P_FS_SECURITY=y
 CONFIG_NLS=y
 CONFIG_NLS_DEFAULT="utf8"
-CONFIG_NLS_CODEPAGE_437=m
+CONFIG_NLS_CODEPAGE_437=y
 CONFIG_NLS_CODEPAGE_737=m
 CONFIG_NLS_CODEPAGE_775=m
 CONFIG_NLS_CODEPAGE_850=m
@@ -8162,7 +8161,7 @@ CONFIG_CRYPTO_VMAC=m
 #
 # Digest
 #
-CONFIG_CRYPTO_CRC32C=m
+CONFIG_CRYPTO_CRC32C=y
 CONFIG_CRYPTO_CRC32=m
 CONFIG_CRYPTO_CRCT10DIF=y
 CONFIG_CRYPTO_GHASH=m
@@ -8274,7 +8273,7 @@ CONFIG_GENERIC_IO=y
 CONFIG_STMP_DEVICE=y
 CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y
 CONFIG_CRC_CCITT=m
-CONFIG_CRC16=m
+CONFIG_CRC16=y
 CONFIG_CRC_T10DIF=y
 CONFIG_CRC_ITU_T=m
 CONFIG_CRC32=y
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index 68343491aa..2ee0d5336b 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -452,13 +452,13 @@ detection, and lossless compression.")
 (define-public borg
   (package
     (name "borg")
-    (version "1.1.2")
+    (version "1.1.3")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "borgbackup" version))
               (sha256
                (base32
-                "00jmbfysdpsb2vcckamvsxw5n8xqh4j67diam2p0lmqzsn92syq9"))
+                "1rvn8b6clzd1r317r9jkvk34r31risi0dxfjc7jffhnwasck4anc"))
               (modules '((guix build utils)))
               (snippet
                '(for-each
@@ -507,7 +507,8 @@ detection, and lossless compression.")
                             "and not benchmark "
                             ;; These tests assume the kernel supports FUSE.
                             "and not test_fuse "
-                            "and not test_fuse_allow_damaged_files"))))))
+                            "and not test_fuse_allow_damaged_files "
+                            "and not test_mount_hardlinks"))))))
          (add-after 'install 'install-doc
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
@@ -543,7 +544,7 @@ provide an efficient and secure way to backup data.  The data deduplication
 technique used makes Borg suitable for daily backups since only changes are
 stored.  The authenticated encryption technique makes it suitable for backups
 to not fully trusted targets.  Borg is a fork of Attic.")
-    (home-page "https://borgbackup.github.io/borgbackup/")
+    (home-page "https://www.borgbackup.org/")
     (license license:bsd-3)))
 
 (define-public attic
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 314aaa4077..f0b589b6c0 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -8,6 +8,7 @@
 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2016 Raoul Bonnal <ilpuccio.febo@gmail.com>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -39,6 +40,7 @@
   #:use-module (guix build-system python)
   #:use-module (guix build-system r)
   #:use-module (guix build-system ruby)
+  #:use-module (guix build-system scons)
   #:use-module (guix build-system trivial)
   #:use-module (gnu packages)
   #:use-module (gnu packages autotools)
@@ -2961,7 +2963,7 @@ from high-throughput sequencing assays.")
 (define-public java-htsjdk
   (package
     (name "java-htsjdk")
-    (version "1.129")
+    (version "2.3.0") ; last version without build dependency on gradle
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2970,15 +2972,18 @@ from high-throughput sequencing assays.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0asdk9b8jx2ij7yd6apg9qx03li8q7z3ml0qy2r2qczkra79y6fw"))
+                "1ibhzzxsfc38nqyk9r8zqj6blfc1kh26iirypd4q6n90hs2m6nyq"))
               (modules '((guix build utils)))
-              ;; remove build dependency on git
-              (snippet '(substitute* "build.xml"
-                          (("failifexecutionfails=\"true\"")
-                           "failifexecutionfails=\"false\"")))))
+              (snippet
+               ;; Delete pre-built binaries
+               '(begin
+                  (delete-file-recursively "lib")
+                  (mkdir-p "lib")
+                  #t))))
     (build-system ant-build-system)
     (arguments
      `(#:tests? #f ; test require Internet access
+       #:jdk ,icedtea-8
        #:make-flags
        (list (string-append "-Ddist=" (assoc-ref %outputs "out")
                             "/share/java/htsjdk/"))
@@ -2987,6 +2992,15 @@ from high-throughput sequencing assays.")
        (modify-phases %standard-phases
          ;; The build phase also installs the jars
          (delete 'install))))
+    (inputs
+     `(("java-ngs" ,java-ngs)
+       ("java-snappy-1" ,java-snappy-1)
+       ("java-commons-compress" ,java-commons-compress)
+       ("java-commons-logging-minimal" ,java-commons-logging-minimal)
+       ("java-commons-jexl-2" ,java-commons-jexl-2)
+       ("java-xz" ,java-xz)))
+    (native-inputs
+     `(("java-testng" ,java-testng)))
     (home-page "http://samtools.github.io/htsjdk/")
     (synopsis "Java API for high-throughput sequencing data (HTS) formats")
     (description
@@ -2996,6 +3010,198 @@ sequencing (HTS) data.  There are also an number of useful utilities for
 manipulating HTS data.")
     (license license:expat)))
 
+;; This version matches java-htsjdk 2.3.0.  Later versions also require a more
+;; recent version of java-htsjdk, which depends on gradle.
+(define-public java-picard
+  (package
+    (name "java-picard")
+    (version "2.3.0")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/broadinstitute/picard.git")
+                    (commit version)))
+              (file-name (string-append "java-picard-" version "-checkout"))
+              (sha256
+               (base32
+                "1ll7mf4r3by92w2nhlmpa591xd1f46xlkwh59mq6fvbb5pdwzvx6"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  ;; Delete pre-built binaries.
+                  (delete-file-recursively "lib")
+                  (mkdir-p "lib")
+                  (substitute* "build.xml"
+                    ;; Remove build-time dependency on git.
+                    (("failifexecutionfails=\"true\"")
+                     "failifexecutionfails=\"false\"")
+                    ;; Use our htsjdk.
+                    (("depends=\"compile-htsjdk, ")
+                     "depends=\"")
+                    (("depends=\"compile-htsjdk-tests, ")
+                     "depends=\"")
+                    ;; Build picard-lib.jar before building picard.jar
+                    (("name=\"picard-jar\" depends=\"" line)
+                     (string-append line "picard-lib-jar, ")))
+                  #t))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:build-target "picard-jar"
+       #:test-target "test"
+       ;; Tests require jacoco:coverage.
+       #:tests? #f
+       #:make-flags
+       (list (string-append "-Dhtsjdk_lib_dir="
+                            (assoc-ref %build-inputs "java-htsjdk")
+                            "/share/java/htsjdk/")
+             "-Dhtsjdk-classes=dist/tmp"
+             (string-append "-Dhtsjdk-version="
+                            ,(package-version java-htsjdk)))
+       #:jdk ,icedtea-8
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'use-our-htsjdk
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "build.xml"
+               (("\\$\\{htsjdk\\}/lib")
+                (string-append (assoc-ref inputs "java-htsjdk")
+                               "/share/java/htsjdk/")))
+             #t))
+         (add-after 'unpack 'make-test-target-independent
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "build.xml"
+               (("name=\"test\" depends=\"compile, ")
+                "name=\"test\" depends=\""))
+             #t))
+         (replace 'install (install-jars "dist")))))
+    (inputs
+     `(("java-htsjdk" ,java-htsjdk)
+       ("java-guava" ,java-guava)))
+    (native-inputs
+     `(("java-testng" ,java-testng)))
+    (home-page "http://broadinstitute.github.io/picard/")
+    (synopsis "Tools for manipulating high-throughput sequencing data and formats")
+    (description "Picard is a set of Java command line tools for manipulating
+high-throughput sequencing (HTS) data and formats.  Picard is implemented
+using the HTSJDK Java library to support accessing file formats that are
+commonly used for high-throughput sequencing data such as SAM, BAM, CRAM and
+VCF.")
+    (license license:expat)))
+
+;; This is the last version of Picard to provide net.sf.samtools
+(define-public java-picard-1.113
+  (package (inherit java-picard)
+    (name "java-picard")
+    (version "1.113")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/broadinstitute/picard.git")
+                    (commit version)))
+              (file-name (string-append "java-picard-" version "-checkout"))
+              (sha256
+               (base32
+                "0lkpvin2fz3hhly4l02kk56fqy8lmlgyzr9kmvljk6ry6l1hw973"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  ;; Delete pre-built binaries.
+                  (delete-file-recursively "lib")
+                  (mkdir-p "lib")
+                  #t))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:build-target "picard-jar"
+       #:test-target "test"
+       ;; FIXME: the class path at test time is wrong.
+       ;; [testng] Error: A JNI error has occurred, please check your installation and try again
+       ;; [testng] Exception in thread "main" java.lang.NoClassDefFoundError: com/beust/jcommander/ParameterException
+       #:tests? #f
+       #:jdk ,icedtea-8
+       ;; This is only used for tests.
+       #:make-flags
+       (list "-Dsamjdk.intel_deflater_so_path=lib/jni/libIntelDeflater.so")
+       #:phases
+       (modify-phases %standard-phases
+         ;; Do not use bundled ant bzip2.
+         (add-after 'unpack 'use-ant-bzip
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "build.xml"
+               (("\\$\\{lib\\}/apache-ant-1.8.2-bzip2.jar")
+                (string-append (assoc-ref inputs "ant")
+                               "/lib/ant.jar")))
+             #t))
+         (add-after 'unpack 'make-test-target-independent
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "build.xml"
+               (("name=\"test\" depends=\"compile, ")
+                "name=\"test\" depends=\"compile-tests, ")
+               (("name=\"compile\" depends=\"compile-src, compile-tests\"")
+                "name=\"compile\" depends=\"compile-src\""))
+             #t))
+         (add-after 'unpack 'fix-deflater-path
+           (lambda* (#:key outputs #:allow-other-keys)
+             (substitute* "src/java/net/sf/samtools/Defaults.java"
+               (("getStringProperty\\(\"intel_deflater_so_path\", null\\)")
+                (string-append "getStringProperty(\"intel_deflater_so_path\", \""
+                               (assoc-ref outputs "out")
+                               "/lib/jni/libIntelDeflater.so"
+                               "\")")))
+             #t))
+         ;; Build the deflater library, because we've previously deleted the
+         ;; pre-built one.  This can only be built with access to the JDK
+         ;; sources.
+         (add-after 'build 'build-jni
+           (lambda* (#:key inputs #:allow-other-keys)
+             (mkdir-p "lib/jni")
+             (mkdir-p "jdk-src")
+             (and (zero? (system* "tar" "--strip-components=1" "-C" "jdk-src"
+                                  "-xf" (assoc-ref inputs "jdk-src")))
+                  (zero? (system* "javah" "-jni"
+                                  "-classpath" "classes"
+                                  "-d" "lib/"
+                                  "net.sf.samtools.util.zip.IntelDeflater"))
+                  (with-directory-excursion "src/c/inteldeflater"
+                    (zero? (system* "gcc" "-I../../../lib" "-I."
+                                    (string-append "-I" (assoc-ref inputs "jdk")
+                                                   "/include/linux")
+                                    "-I../../../jdk-src/src/share/native/common/"
+                                    "-I../../../jdk-src/src/solaris/native/common/"
+                                    "-c" "-O3" "-fPIC" "IntelDeflater.c"))
+                    (zero? (system* "gcc" "-shared"
+                                    "-o" "../../../lib/jni/libIntelDeflater.so"
+                                    "IntelDeflater.o" "-lz" "-lstdc++"))))))
+         ;; We can only build everything else after building the JNI library.
+         (add-after 'build-jni 'build-rest
+           (lambda* (#:key make-flags #:allow-other-keys)
+             (zero? (apply system* `("ant" "all" ,@make-flags)))))
+         (add-before 'build 'set-JAVA6_HOME
+           (lambda _
+             (setenv "JAVA6_HOME" (getenv "JAVA_HOME"))
+             #t))
+         (replace 'install (install-jars "dist"))
+         (add-after 'install 'install-jni-lib
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((jni (string-append (assoc-ref outputs "out")
+                                       "/lib/jni")))
+               (mkdir-p jni)
+               (install-file "lib/jni/libIntelDeflater.so" jni)
+               #t))))))
+    (inputs
+     `(("java-snappy-1" ,java-snappy-1)
+       ("java-commons-jexl-2" ,java-commons-jexl-2)
+       ("java-cofoja" ,java-cofoja)
+       ("ant" ,ant) ; for bzip2 support at runtime
+       ("zlib" ,zlib)))
+    (native-inputs
+     `(("ant-apache-bcel" ,ant-apache-bcel)
+       ("ant-junit" ,ant-junit)
+       ("java-testng" ,java-testng)
+       ("java-commons-bcel" ,java-commons-bcel)
+       ("java-jcommander" ,java-jcommander)
+       ("jdk" ,icedtea-8 "jdk")
+       ("jdk-src" ,(car (assoc-ref (package-native-inputs icedtea-8) "jdk-drop")))))))
+
 (define-public htslib
   (package
     (name "htslib")
@@ -3050,7 +3256,7 @@ data.  It also provides the bgzip, htsfile, and tabix utilities.")
 (define-public idr
   (package
     (name "idr")
-    (version "2.0.0")
+    (version "2.0.3")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -3059,10 +3265,15 @@ data.  It also provides the bgzip, htsfile, and tabix utilities.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1k3x44biak00aiv3hpm1yd6nn4hhp7n0qnbs3zh2q9sw7qr1qj5r"))))
+                "1rjdly6daslw66r43g9md8znizlscn1sphycqyldzsidkc4vxqv3"))
+              ;; Delete generated C code.
+              (snippet
+               '(begin (delete-file "idr/inv_cdf.c") #t))))
     (build-system python-build-system)
-    (arguments
-     `(#:tests? #f)) ; FIXME: "ImportError: No module named 'utility'"
+    ;; There is only one test ("test_inv_cdf.py") and it tests features that
+    ;; are no longer part of this package.  It also asserts False, which
+    ;; causes the tests to always fail.
+    (arguments `(#:tests? #f))
     (propagated-inputs
      `(("python-scipy" ,python-scipy)
        ("python-sympy" ,python-sympy)
@@ -3076,12 +3287,12 @@ data.  It also provides the bgzip, htsfile, and tabix utilities.")
      "The IDR (Irreproducible Discovery Rate) framework is a unified approach
 to measure the reproducibility of findings identified from replicate
 experiments and provide highly stable thresholds based on reproducibility.")
-    (license license:gpl3+)))
+    (license license:gpl2+)))
 
 (define-public jellyfish
   (package
     (name "jellyfish")
-    (version "2.2.4")
+    (version "2.2.7")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/gmarcais/Jellyfish/"
@@ -3089,7 +3300,7 @@ experiments and provide highly stable thresholds based on reproducibility.")
                                   "/jellyfish-" version ".tar.gz"))
               (sha256
                (base32
-                "0a6xnynqy2ibfbfz86b9g2m2dgm7f1469pmymkpam333gi3p26nk"))))
+                "1a1iwq9pq54k2m9ypvwl5s0bqfl64gwh9dx5af9i382ajas2016q"))))
     (build-system gnu-build-system)
     (outputs '("out"      ;for library
                "ruby"     ;for Ruby bindings
@@ -3112,7 +3323,10 @@ experiments and provide highly stable thresholds based on reproducibility.")
      `(("bc" ,bc)
        ("time" ,time)
        ("ruby" ,ruby)
-       ("python" ,python-2)))
+       ("python" ,python-2)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("htslib" ,htslib)))
     (synopsis "Tool for fast counting of k-mers in DNA")
     (description
      "Jellyfish is a tool for fast, memory-efficient counting of k-mers in
@@ -3434,9 +3648,14 @@ form of assemblies or reads.")
         (base32
          "1hmvdalz3zj5sqqklg0l4npjdv37cv2hsdi1al9iby2ndxjs1b73"))
        (patches (search-patches "metabat-fix-compilation.patch"))))
-    (build-system gnu-build-system)
+    (build-system scons-build-system)
     (arguments
-     `(#:phases
+     `(#:scons ,scons-python2
+       #:scons-flags
+       (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
+             (string-append "BOOST_ROOT=" (assoc-ref %build-inputs "boost")))
+       #:tests? #f ;; Tests are run during the build phase.
+       #:phases
        (modify-phases %standard-phases
          (add-after 'unpack 'fix-includes
            (lambda _
@@ -3466,30 +3685,13 @@ form of assemblies or reads.")
                                "/lib'"))
                ;; Do not distribute README.
                (("^env\\.Install\\(idir_prefix, 'README\\.md'\\)") ""))
-             #t))
-         (delete 'configure)
-         (replace 'build
-           (lambda* (#:key inputs outputs #:allow-other-keys)
-             (mkdir (assoc-ref outputs "out"))
-             (zero? (system* "scons"
-                             (string-append
-                              "PREFIX="
-                              (assoc-ref outputs "out"))
-                             (string-append
-                              "BOOST_ROOT="
-                              (assoc-ref inputs "boost"))
-                             "install"))))
-         ;; Check and install are carried out during build phase.
-         (delete 'check)
-         (delete 'install))))
+             #t)))))
     (inputs
      `(("zlib" ,zlib)
        ("perl" ,perl)
        ("samtools" ,samtools)
        ("htslib" ,htslib)
        ("boost" ,boost)))
-    (native-inputs
-     `(("scons" ,scons)))
     (home-page "https://bitbucket.org/berkeleylab/metabat")
     (synopsis
      "Reconstruction of single genomes from complex microbial communities")
@@ -5412,14 +5614,14 @@ sequences.")
 (define-public subread
   (package
     (name "subread")
-    (version "1.5.1")
+    (version "1.6.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/subread/subread-"
                                   version "/subread-" version "-source.tar.gz"))
               (sha256
                (base32
-                "0gn5zhbvllks0mmdg3qlmsbg91p2mpdc2wixwfqpi85yzfrh8hcy"))))
+                "0ah0n4jx6ksk2m2j7xk385x2qzmk1y4rfc6a4mfrdqrlq721w99i"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ;no "check" target
@@ -5676,14 +5878,14 @@ data types as well.")
 (define-public r-annotate
   (package
     (name "r-annotate")
-    (version "1.56.0")
+    (version "1.56.1")
     (source
      (origin
        (method url-fetch)
        (uri (bioconductor-uri "annotate" version))
        (sha256
         (base32
-         "0wlrp3v2jxw9is98ap39dfi7z97kmw1wv1xi4h7yfh12zpj2r8l0"))))
+         "14c5xd9kasvcwg5gbjys2c1vizxhlqlzxakqc2kml0kw97hmx0rq"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-annotationdbi" ,r-annotationdbi)
@@ -5700,6 +5902,29 @@ data types as well.")
 microarrays.")
     (license license:artistic2.0)))
 
+(define-public r-copynumber
+  (package
+    (name "r-copynumber")
+    (version "1.18.0")
+    (source (origin
+              (method url-fetch)
+              (uri (bioconductor-uri "copynumber" version))
+              (sha256
+               (base32
+                "01kcwzl485yjrkgyg8117b1il957ss0v6rq4bbxf4ksd5fzcjmyx"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-s4vectors" ,r-s4vectors)
+       ("r-iranges" ,r-iranges)
+       ("r-genomicranges" ,r-genomicranges)
+       ("r-biocgenerics" ,r-biocgenerics)))
+    (home-page "https://bioconductor.org/packages/copynumber")
+    (synopsis "Segmentation of single- and multi-track copy number data")
+    (description
+     "This package segments single- and multi-track copy number data by a
+penalized least squares regression method.")
+    (license license:artistic2.0)))
+
 (define-public r-geneplotter
   (package
     (name "r-geneplotter")
@@ -5755,14 +5980,14 @@ high-throughput sequencing experiments.")
 (define-public r-deseq2
   (package
     (name "r-deseq2")
-    (version "1.18.0")
+    (version "1.18.1")
     (source
      (origin
        (method url-fetch)
        (uri (bioconductor-uri "DESeq2" version))
        (sha256
         (base32
-         "1hcxnkkjfvz4hj8iqidshwsjq7jnl1z7wj63dvcwlx1zx5aichyh"))))
+         "1iyimg1s0x5pdmvl8x08s8h0v019y0nhjzs50chagbpk2x91fsmv"))))
     (properties `((upstream-name . "DESeq2")))
     (build-system r-build-system)
     (propagated-inputs
@@ -5792,14 +6017,14 @@ distribution.")
 (define-public r-dexseq
   (package
     (name "r-dexseq")
-    (version "1.24.0")
+    (version "1.24.1")
     (source
      (origin
        (method url-fetch)
        (uri (bioconductor-uri "DEXSeq" version))
        (sha256
         (base32
-         "0qxwnz2ffhav9slcn095k206cfza9i3i5l7w1154plf08gpy1d1d"))))
+         "1hwckj4ijgpdchbakvh60nmcaz4fwd5yplhn0880z3dnlsrp8ik3"))))
     (properties `((upstream-name . "DEXSeq")))
     (build-system r-build-system)
     (propagated-inputs
@@ -5886,14 +6111,14 @@ the graph algorithms contained in the Boost library.")
 (define-public r-gseabase
   (package
     (name "r-gseabase")
-    (version "1.40.0")
+    (version "1.40.1")
     (source
      (origin
        (method url-fetch)
        (uri (bioconductor-uri "GSEABase" version))
        (sha256
         (base32
-         "0kpkl6c5lrar6ip7wlhvd5axqlb9lb5l3lgbdb3dlih32c3nz0yq"))))
+         "10cmjxahg2plwacfan6g0k8cwyzya96ypc7m1r79gwqkyykxw5fz"))))
     (properties `((upstream-name . "GSEABase")))
     (build-system r-build-system)
     (propagated-inputs
@@ -6541,14 +6766,14 @@ checks on R packages that are to be submitted to the Bioconductor repository.")
 (define-public r-getopt
   (package
     (name "r-getopt")
-    (version "1.20.0")
+    (version "1.20.1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "getopt" version))
        (sha256
         (base32
-         "00f57vgnzmg7cz80rjmjz1556xqcmx8nhrlbbhaq4w7gl2ibl87r"))))
+         "0m463mcvixh54i3ng42n0vxmdlf97dgbfs2sf9wnjm782ddw68hm"))))
     (build-system r-build-system)
     (home-page "https://github.com/trevorld/getopt")
     (synopsis "Command-line option processor for R")
@@ -6768,13 +6993,13 @@ CAGE.")
 (define-public r-variantannotation
   (package
     (name "r-variantannotation")
-    (version "1.24.0")
+    (version "1.24.2")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "VariantAnnotation" version))
               (sha256
                (base32
-                "1lllp2vgyfbrar1yg28ji7am470hfzrzxm1bgdk68xpnrwcgcl25"))))
+                "19wgb2kcqy97pm3xgqc781id9fbmzp1hdwzkkhdzpvyf29w4n29j"))))
     (properties
      `((upstream-name . "VariantAnnotation")))
     (inputs
@@ -6806,13 +7031,13 @@ coding changes and predict coding outcomes.")
 (define-public r-limma
   (package
     (name "r-limma")
-    (version "3.34.0")
+    (version "3.34.2")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "limma" version))
               (sha256
                (base32
-                "0a15gsaky0hfrkx8wrrmp0labzxpq6m2hrd33zl206wyas8bqzcs"))))
+                "1zyw01z9crm1jc86fva4pqxd9zxfsbsqwjq6ry39gag9pfb7pwcz"))))
     (build-system r-build-system)
     (home-page "http://bioinf.wehi.edu.au/limma")
     (synopsis "Package for linear models for microarray and RNA-seq data")
@@ -7127,13 +7352,13 @@ samples.")
 (define-public r-genomicalignments
   (package
     (name "r-genomicalignments")
-    (version "1.14.0")
+    (version "1.14.1")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "GenomicAlignments" version))
               (sha256
                (base32
-                "0sw30lj11wv7ifzypqm04lcah987crqwvj48wz3flaw3biw41zfi"))))
+                "033p6fw46sn7w2yyn14nb9qcnkf30cl0nv6zh014ixflm3iifz39"))))
     (properties
      `((upstream-name . "GenomicAlignments")))
     (build-system r-build-system)
@@ -8098,14 +8323,14 @@ library implementing most of the pipeline's features.")
 (define-public r-mutationalpatterns
   (package
     (name "r-mutationalpatterns")
-    (version "1.4.0")
+    (version "1.4.1")
     (source
      (origin
        (method url-fetch)
        (uri (bioconductor-uri "MutationalPatterns" version))
        (sha256
         (base32
-         "0sqbrswg8ylkjb9q3vqcb5ggwixynwj6hyv2n4sk7snyk61z3fq9"))))
+         "1qhxlfl85ifr30wrsidcn3kca3vs8fd8cmwd82gvgx9ppww8vs06"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-biocgenerics" ,r-biocgenerics)
@@ -8311,11 +8536,6 @@ of gene-level counts.")
            (lambda* (#:key outputs #:allow-other-keys)
              (system* "tar" "-xzvf"
                       "src/hdf5source/hdf5small.tgz" "-C" "src/" )
-             (substitute* "src/Makevars"
-               (("^.*cd hdf5source &&.*$") "")
-               (("^.*gunzip -dc hdf5small.tgz.*$") "")
-               (("^.*rm -rf hdf5.*$") "")
-               (("^.*mv hdf5source/hdf5 ..*$") ""))
              (substitute* "src/hdf5/configure"
                (("/bin/mv") "mv"))
              #t)))))
@@ -8851,14 +9071,14 @@ trait.")
 (define-public r-maldiquant
   (package
     (name "r-maldiquant")
-    (version "1.16.4")
+    (version "1.17")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "MALDIquant" version))
        (sha256
         (base32
-         "1pmhsfvd45a44xdiml4zx3zd5fhygqyziqvygahkk9yibnyhv4cv"))))
+         "047s6007ydc38x8wm027mlb4mngz15n0d4238fr8h43wyll5zy0z"))))
     (properties `((upstream-name . "MALDIquant")))
     (build-system r-build-system)
     (home-page "http://cran.r-project.org/web/packages/MALDIquant")
@@ -9132,14 +9352,14 @@ of mass spectrometry based proteomics data.")
 (define-public r-msnid
   (package
     (name "r-msnid")
-    (version "1.11.0")
+    (version "1.12.1")
     (source
      (origin
        (method url-fetch)
        (uri (bioconductor-uri "MSnID" version))
        (sha256
         (base32
-         "1vi4ngwbayrv2jkfb4pbmdp37xn04y07rh1jcklqfh0fcrm1jdig"))))
+         "1zw508kk4f8brg69674wp18gqkpx2kpya5f6x9cl3qng7v4h5pxx"))))
     (properties `((upstream-name . "MSnID")))
     (build-system r-build-system)
     (propagated-inputs
@@ -9370,14 +9590,14 @@ Shiny-based display methods for Bioconductor objects.")
 (define-public r-annotationhub
   (package
     (name "r-annotationhub")
-    (version "2.10.0")
+    (version "2.10.1")
     (source
      (origin
        (method url-fetch)
        (uri (bioconductor-uri "AnnotationHub" version))
        (sha256
         (base32
-         "1arfka3czw8hkv6n2d85bgibq81s2rgkwhmpaxzhy6nw39vv7y8b"))))
+         "14v8g44a6zg9j2rwn9x9y8509k0wr2cw8yccliz24glplb40wva4"))))
     (properties `((upstream-name . "AnnotationHub")))
     (build-system r-build-system)
     (propagated-inputs
@@ -10859,3 +11079,32 @@ contains a few programs for model fitting and phylogenetic tree reconstruction
 using nucleotide or amino-acid sequence data.")
     ;; GPLv3 only
     (license license:gpl3)))
+
+(define-public kallisto
+  (package
+    (name "kallisto")
+    (version "0.43.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/pachterlab/"
+                                  "kallisto/archive/v" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "03j3iqhvq7ya3c91gidly3k3jvgm97vjq4scihrlxh315j696r11"))))
+    (build-system cmake-build-system)
+    (arguments `(#:tests? #f))          ; no "check" target
+    (inputs
+     `(("hdf5" ,hdf5)
+       ("zlib" ,zlib)))
+    (home-page "http://pachterlab.github.io/kallisto/")
+    (synopsis "Near-optimal RNA-Seq quantification")
+    (description
+     "Kallisto is a program for quantifying abundances of transcripts from
+RNA-Seq data, or more generally of target sequences using high-throughput
+sequencing reads.  It is based on the novel idea of pseudoalignment for
+rapidly determining the compatibility of reads with targets, without the need
+for alignment.  Pseudoalignment of reads preserves the key information needed
+for quantification, and kallisto is therefore not only fast, but also as
+accurate as existing quantification tools.")
+    (license license:bsd-2)))
diff --git a/gnu/packages/bittorrent.scm b/gnu/packages/bittorrent.scm
index cad8b667bb..02a687cda7 100644
--- a/gnu/packages/bittorrent.scm
+++ b/gnu/packages/bittorrent.scm
@@ -382,7 +382,7 @@ and will take advantage of multiple processor cores where possible.")
 (define-public libtorrent-rasterbar
   (package
     (name "libtorrent-rasterbar")
-    (version "1.1.2")
+    (version "1.1.5")
     (source (origin
               (method url-fetch)
               (uri
@@ -390,11 +390,9 @@ and will take advantage of multiple processor cores where possible.")
                 "https://github.com/arvidn/libtorrent/releases/download/libtorrent-"
                 (string-join (string-split version #\.) "_")
                 "/libtorrent-rasterbar-" version ".tar.gz"))
-              (patches
-               (search-patches "libtorrent-rasterbar-boost-compat.patch"))
               (sha256
                (base32
-                "16im9qsmfrmmkhfjpij9739nqpn4s6wgc9cikdxbcyshfhimzra5"))))
+                "0c398b7hsa5dvj4m0jc8h7mn0m3nawmagb6c5c7ml5c9hc338c8h"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index 20f38b2d0d..3cffbcfeb6 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -50,7 +50,9 @@
   #:use-module (guix git-download)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
-  #:use-module (guix utils))
+  #:use-module (guix utils)
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-26))
 
 (define unifont
   ;; GNU Unifont, <http://gnu.org/s/unifont>.
@@ -75,7 +77,7 @@
                "03vvdfhdmf16121v7xs8is2krwnv15wpkhkf16a4yf8nsfc3f2w1"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:phases (modify-phases %standard-phases
+     `(#:phases (modify-phases %standard-phases
                   (add-after 'unpack 'patch-stuff
                    (lambda* (#:key inputs #:allow-other-keys)
                      (substitute* "grub-core/Makefile.in"
@@ -102,7 +104,11 @@
                       (substitute* "Makefile.in"
                         (("grub_cmd_date grub_cmd_set_date grub_cmd_sleep")
                           "grub_cmd_date grub_cmd_sleep"))
-                      #t)))))
+                      #t)))
+       ;; Disable tests on ARM and AARCH64 platforms.
+       #:tests? ,(not (any (cute string-prefix? <> (or (%current-target-system)
+                                                       (%current-system)))
+                           '("arm" "aarch64")))))
     (inputs
      `(("gettext" ,gettext-minimal)
 
@@ -158,8 +164,8 @@ menu to select one of the installed operating systems.")
      `(;; TODO: Tests need a UEFI firmware for qemu. There is one at
        ;; https://github.com/tianocore/edk2/tree/master/OvmfPkg .
        ;; Search for 'OVMF' in "tests/util/grub-shell.in".
-       #:tests? #f
        ,@(substitute-keyword-arguments (package-arguments grub)
+           ((#:tests? _ #f) #f)
            ((#:configure-flags flags ''())
             `(cons "--with-platform=efi" ,flags))
            ((#:phases phases)
@@ -296,7 +302,11 @@ menu to select one of the installed operating systems.")
                     "dtc-" version ".tar.xz"))
               (sha256
                (base32
-                "08gnl39i4xy3dm8iqwlz2ygx0ml1bgc5kpiys5ll1wvah1j72b04"))))
+                "08gnl39i4xy3dm8iqwlz2ygx0ml1bgc5kpiys5ll1wvah1j72b04"))
+              ;; Fix build and tests on 32 bits platforms.
+              ;; Will probably be fixed in 1.4.6 release.
+              (patches (search-patches "dtc-format-modifier.patch"
+                                       "dtc-32-bits-check.patch"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("bison" ,bison)
@@ -323,7 +333,7 @@ tree binary files.  These are board description files used by Linux and BSD.")
 (define u-boot
   (package
     (name "u-boot")
-    (version "2017.07")
+    (version "2017.11")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -331,7 +341,7 @@ tree binary files.  These are board description files used by Linux and BSD.")
                     "u-boot-" version ".tar.bz2"))
               (sha256
                (base32
-                "1zzywk0fgngm1mfnhkp8d0v57rs51zr1y6rp4p03i6nbibfbyx2k"))))
+                "01bcsah5imy6m3fbjwhqywxg0pfk5fl8ks9ylb7kv3zmrb9qy0ba"))))
     (native-inputs
      `(("bc" ,bc)
        ("dtc" ,dtc)
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index f266d75b62..30e53e3458 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -74,7 +75,7 @@
 (define-public nss-certs
   (package
     (name "nss-certs")
-    (version "3.34")
+    (version "3.34.1")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -85,7 +86,7 @@
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "1x9acn47iva9j42kxfamgvn99lrnqv47fgn3rz3j6c1ph50rai8d"))))
+                "186x33wsk4mzjz7dzbn8p0py9a0nzkgzpfkdv4rlyy5gghv5vhd3"))))
     (build-system gnu-build-system)
     (outputs '("out"))
     (native-inputs
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index b3377a2fb4..0cee54848c 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1215,6 +1215,64 @@ install: libbitshuffle.so
 compresser/decompresser.")
     (license license:asl2.0)))
 
+(define-public java-snappy-1
+  (package
+    (inherit java-snappy)
+    (version "1.0.3-rc3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/xerial/snappy-java/archive/"
+                                  "snappy-java-" version ".tar.gz"))
+              (sha256
+               (base32
+                "08hsxlqidiqck0q57fshwyv3ynyxy18vmhrai9fyc8mz17m7gsa3"))))
+    (arguments
+     `(#:jar-name "snappy.jar"
+       #:source-dir "src/main/java"
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'remove-binaries
+           (lambda _
+             (delete-file "lib/org/xerial/snappy/OSInfo.class")
+             (delete-file-recursively "src/main/resources/org/xerial/snappy/native")
+             #t))
+         (add-before 'build 'build-jni
+           (lambda _
+             ;; Rebuild one of the binaries we removed earlier
+             (system* "javac" "src/main/java/org/xerial/snappy/OSInfo.java"
+                      "-d" "lib")
+             ;; Link to the dynamic snappy, not the static ones
+             (substitute* "Makefile.common"
+               (("-shared") "-shared -lsnappy"))
+             (substitute* "Makefile"
+               ;; Don't download the sources here.
+               (("\\$\\(SNAPPY_UNPACKED\\) ") "")
+               ((": \\$\\(SNAPPY_UNPACKED\\) ") ":")
+               ;; What we actually want to build
+               (("SNAPPY_OBJ:=.*")
+                "SNAPPY_OBJ:=$(addprefix $(SNAPPY_OUT)/, SnappyNative.o)\n")
+               ;; Since we removed the directory structure in "native" during
+               ;; the previous phase, we need to recreate it.
+               (("NAME\\): \\$\\(SNAPPY_OBJ\\)")
+                "NAME): $(SNAPPY_OBJ)\n\t@mkdir -p $(@D)"))
+             ;; Finally we can run the Makefile to build the dynamic library.
+             (zero? (system* "make" "native"))))
+         ;; Once we have built the shared library, we need to place it in the
+         ;; "build" directory so it can be added to the jar file.
+         (add-after 'build-jni 'copy-jni
+           (lambda _
+             (copy-recursively "src/main/resources/org/xerial/snappy/native"
+                               "build/classes/org/xerial/snappy/native")
+             #t))
+         (add-before 'check 'fix-tests
+           (lambda _
+             (mkdir-p "src/test/resources/org/xerial/snappy/")
+             (copy-recursively "src/test/java/org/xerial/snappy/testdata"
+                               "src/test/resources/org/xerial/snappy/testdata")
+             (install-file "src/test/java/org/xerial/snappy/alice29.txt"
+                           "src/test/resources/org/xerial/snappy/")
+             #t)))))))
+
 (define-public java-iq80-snappy
   (package
     (name "java-iq80-snappy")
@@ -1265,6 +1323,46 @@ Java.  This compression code produces a byte-for-byte exact copy of the output
 created by the original C++ code, and extremely fast.")
     (license license:asl2.0)))
 
+(define-public java-jbzip2
+  (package
+    (name "java-jbzip2")
+    (version "0.9.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://storage.googleapis.com/"
+                                  "google-code-archive-source/v2/"
+                                  "code.google.com/jbzip2/"
+                                  "source-archive.zip"))
+              (file-name (string-append name "-" version ".zip"))
+              (sha256
+               (base32
+                "0ncmhlqmrfmj96nqf6p77b9ws35lcfsvpfxzwxi2asissc83z1l3"))))
+    (build-system ant-build-system)
+    (native-inputs
+     `(("unzip" ,unzip)
+       ("java-junit" ,java-junit)))
+    (arguments
+     `(#:tests? #f                      ; no tests
+       #:jar-name "jbzip2.jar"
+       #:source-dir "tags/release-0.9.1/src"
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'fix-encoding-problems
+           (lambda _
+             ;; Some of the files we're patching are
+             ;; ISO-8859-1-encoded, so choose it as the default
+             ;; encoding so the byte encoding is preserved.
+             (with-fluids ((%default-port-encoding #f))
+               (substitute* "tags/release-0.9.1/src/org/itadaki/bzip2/HuffmanAllocator.java"
+                 (("Milidi.") "Milidiu")))
+             #t)))))
+    (home-page "https://code.google.com/archive/p/jbzip2/")
+    (synopsis "Java bzip2 compression/decompression library")
+    (description "Jbzip2 is a Java bzip2 compression/decompression library.
+It can be used as a replacement for the Apache @code{CBZip2InputStream} /
+@code{CBZip2OutputStream} classes.")
+    (license license:expat)))
+
 (define-public p7zip
   (package
     (name "p7zip")
@@ -1736,30 +1834,20 @@ manipulate, read, and write Zip archive files.")
 (define-public libzip
   (package
     (name "libzip")
-    (version "1.3.0")
+    (version "1.3.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                    "https://nih.at/libzip/libzip-" version ".tar.xz"))
+                    "https://libzip.org/download/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0wykw0q9dwdzx0gssi2dpgckx9ggr2spzc1amjnff6wi6kz6x4xa"))))
-    (arguments
-     '(#:phases
-       (modify-phases %standard-phases
-         (add-after 'build 'remove-failing-tests
-           ;; These tests are known to fail on 32-bit architectures.
-           ;; see thread: https://nih.at/listarchive/libzip-discuss/msg00713.html
-           (lambda _
-             (substitute* "regress/Makefile"
-               (("encryption-nonrandom") "#encryption-nonrandom"))
-             #t)))))
+                "11g1hvm2bxa2v5plakfzcwyk5hb5fz4kgrkp38l0xhnv21888xv2"))))
     (native-inputs
      `(("perl" ,perl)))
     (inputs
      `(("zlib" ,zlib)))
     (build-system gnu-build-system)
-    (home-page "https://nih.at/libzip/index.html")
+    (home-page "https://libzip.org")
     (synopsis "C library for reading, creating, and modifying zip archives")
     (description "Libzip is a C library for reading, creating, and modifying
 zip archives.  Files can be added from data buffers, files, or compressed data
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
index 9eb54c0358..11d30815cf 100644
--- a/gnu/packages/cran.scm
+++ b/gnu/packages/cran.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Roel Janssen <roel@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -25,6 +26,7 @@
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages machine-learning)
   #:use-module (gnu packages maths)
+  #:use-module (gnu packages mpi)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages statistics)
   #:use-module (gnu packages web))
@@ -92,13 +94,13 @@ error stream.")
 (define-public r-rcpp
   (package
     (name "r-rcpp")
-    (version "0.12.13")
+    (version "0.12.14")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "Rcpp" version))
        (sha256
-        (base32 "1bm84yc48475plgsnnbvzi6nzkixpnfw8ry86ax63f9g524asw55"))))
+        (base32 "0qvyxggddyg87lza45hjl0a2prabdyshkqzkz418vi777zygqa6s"))))
     (build-system r-build-system)
     (home-page "http://www.rcpp.org")
     (synopsis "Seamless R and C++ integration")
@@ -242,14 +244,14 @@ validation and filtering on the values, making options invisible or private.")
 (define-public r-circlize
   (package
     (name "r-circlize")
-    (version "0.4.1")
+    (version "0.4.2")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "circlize" version))
        (sha256
         (base32
-         "1w7i3jgxgq510axglzmw54ma9kq7k4c86i9ccndz10mrwc51fji0"))))
+         "0py82f5v25mi0s4626zbl5br1frdrj3diz2dakar1rz5yn956mdi"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-colorspace" ,r-colorspace)
@@ -318,14 +320,14 @@ rows, dropping names) to see if the modified versions are identical.")
 (define-public r-dendextend
   (package
     (name "r-dendextend")
-    (version "1.5.2")
+    (version "1.6.0")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "dendextend" version))
        (sha256
         (base32
-         "04jz58apibfrkjcrdmw2hmsav6qpb5cs6qdai81k1v1iznfcya42"))))
+         "0pichh08zi12lpxzc061dmv4smj6lizygd1xymln8wfz18sf7923"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-fpc" ,r-fpc)
@@ -601,6 +603,29 @@ and other distributions related to the eigenvalues of large Wishart
 matrices.")
     (license license:bsd-3)))
 
+(define-public r-rmpi
+  (package
+    (name "r-rmpi")
+    (version "0.6-6")
+    (source (origin
+              (method url-fetch)
+              (uri (cran-uri "Rmpi" version))
+              (sha256
+               (base32
+                "0fm6z049aaq2c9xagm8n64d9560hg9d8hyb0m359fii672nhkz6q"))))
+    (properties `((upstream-name . "Rmpi")))
+    (build-system r-build-system)
+    (arguments
+     `(#:configure-flags '("--configure-args=\"--with-Rmpi-type=OPENMPI\"")))
+    (inputs
+     `(("openmpi" ,openmpi)))
+    (home-page "http://www.stats.uwo.ca/faculty/yu/Rmpi")
+    (synopsis "R interface to message-passing interface (MPI)")
+    (description
+     "This package provides an interface (wrapper) to MPI APIs.  It also
+provides an interactive R manager and worker environment.")
+    (license license:gpl2+)))
+
 (define-public r-lmoments
   (package
     (name "r-lmoments")
@@ -1059,14 +1084,14 @@ methods.")
 (define-public r-timedate
   (package
     (name "r-timedate")
-    (version "3012.100")
+    (version "3042.101")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "timeDate" version))
        (sha256
         (base32
-         "0cn4h23y2y2bbg62qgm79xx4cvfla5xbpmi9hbdvkvpmm5yfyqk2"))))
+         "0vcckaw1gqz3j4v69r9jn41vlmk5a5c7572xam1nl75ki5v4r3bc"))))
     (properties `((upstream-name . "timeDate")))
     (build-system r-build-system)
     (home-page "https://www.rmetrics.org")
@@ -1183,26 +1208,95 @@ classification and bagging for classification, regression and survival
 problems as well as resampling based estimators of prediction error.")
     (license license:gpl2+)))
 
+(define-public r-psych
+  (package
+    (name "r-psych")
+    (version "1.7.8")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "psych" version))
+       (sha256
+        (base32
+         "0daismb8pdk392vdy304hqx0m3jx62gx3a0hygjygc125rhfla7k"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-foreign" ,r-foreign)
+       ("r-lattice" ,r-lattice)
+       ("r-mnormt" ,r-mnormt)
+       ("r-nlme" ,r-nlme)))
+    (home-page "http://cran.r-project.org/web/packages/psych/")
+    (synopsis "Procedures for psychological, psychometric, and personality research")
+    (description
+     "This package provides a general purpose toolbox for personality,
+psychometric theory and experimental psychology.  Functions are primarily for
+multivariate analysis and scale construction using factor analysis, principal
+component analysis, cluster analysis and reliability analysis, although others
+provide basic descriptive statistics.  Item Response Theory is done using
+factor analysis of tetrachoric and polychoric correlations.  Functions for
+analyzing data at multiple levels include within and between group statistics,
+including correlations and factor analysis.  Functions for simulating and
+testing particular item and test structures are included.  Several functions
+serve as a useful front end for structural equation modeling.  Graphical
+displays of path diagrams, factor analysis and structural equation models are
+created using basic graphics.")
+    (license license:gpl2+)))
+
+(define-public r-broom
+  (package
+    (name "r-broom")
+    (version "0.4.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "broom" version))
+       (sha256
+        (base32
+         "119pc2jnxvm13cvd77c7d14p3bn68f4jm310vj3yfck40101n9if"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-dplyr" ,r-dplyr)
+       ("r-nlme" ,r-nlme)
+       ("r-plyr" ,r-plyr)
+       ("r-psych" ,r-psych)
+       ("r-reshape2" ,r-reshape2)
+       ("r-stringr" ,r-stringr)
+       ("r-tidyr" ,r-tidyr)))
+    (home-page "http://github.com/tidyverse/broom")
+    (synopsis "Convert statistical analysis objects into tidy data frames")
+    (description
+     "This package provides tools to convert statistical analysis objects from
+R into tidy data frames, so that they can more easily be combined, reshaped
+and otherwise processed with tools like @code{dplyr}, @code{tidyr} and
+@code{ggplot2}.  The package provides three S3 generics: @code{tidy}, which
+summarizes a model's statistical findings such as coefficients of a
+regression; @code{augment}, which adds columns to the original data such as
+predictions, residuals and cluster assignments; and @code{glance}, which
+provides a one-row summary of model-level statistics.")
+    (license license:expat)))
+
 (define-public r-recipes
   (package
     (name "r-recipes")
-    (version "0.1.0")
+    (version "0.1.1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "recipes" version))
        (sha256
         (base32
-         "0rydk403qihxmcv3zz323r3ywk4g1v7ibvj452rxhm0z22sqk9kb"))))
+         "0id46c7iaf49miw4kxpidsbg3hdywav43n1lh2zd1vg5946bzg04"))))
     (build-system r-build-system)
     (propagated-inputs
-     `(("r-ddalpha" ,r-ddalpha)
+     `(("r-broom" ,r-broom)
+       ("r-ddalpha" ,r-ddalpha)
        ("r-dimred" ,r-dimred)
        ("r-dplyr" ,r-dplyr)
        ("r-gower" ,r-gower)
        ("r-ipred" ,r-ipred)
        ("r-lubridate" ,r-lubridate)
        ("r-magrittr" ,r-magrittr)
+       ("r-matrix" ,r-matrix)
        ("r-purrr" ,r-purrr)
        ("r-rcpproll" ,r-rcpproll)
        ("r-rlang" ,r-rlang)
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index 72fee0742d..7f0240002f 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -115,7 +115,7 @@ communication, encryption, decryption, signatures, etc.")
 (define-public signify
   (package
     (name "signify")
-    (version "22")
+    (version "23")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/aperezdc/signify/"
@@ -123,7 +123,7 @@ communication, encryption, decryption, signatures, etc.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0iv5bjaas70ymqchxasapin4c32c41kqzkfhc3kcjzd7rxy78msy"))))
+                "0c70mzawgahsvmsv4xdrass4pgyynd67ipd9lij0fgi8wkq0ns8w"))))
     (build-system gnu-build-system)
     ;; TODO Build with libwaive (described in README.md), to implement something
     ;; like OpenBSD's pledge().
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index c291d605a2..8cc590daf4 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -44,6 +44,7 @@
   (package
    (name "curl")
    (version "7.56.1")
+   (replacement curl-7.57.0)
    (source (origin
             (method url-fetch)
             (uri (string-append "https://curl.haxx.se/download/curl-"
@@ -130,3 +131,16 @@ tunneling, and so on.")
    (license (license:non-copyleft "file://COPYING"
                                   "See COPYING in the distribution."))
    (home-page "https://curl.haxx.se/")))
+
+(define-public curl-7.57.0
+  (package
+    (inherit curl)
+    (version "7.57.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://curl.haxx.se/download/curl-"
+                            version ".tar.xz"))
+        (sha256
+         (base32
+          "0y3qbjjcxhcvm1yawp3spfssjbskv0g6gyzld6ckif5pf8ygvxpm"))))))
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 4f34141ccd..bf071fb1c2 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -98,7 +98,10 @@
   #:use-module (guix build-system ruby)
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system r)
+  #:use-module (guix build-system scons)
+  #:use-module ((guix build utils) #:hide (which))
   #:use-module (guix utils)
+  #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-26)
   #:use-module (ice-9 match))
 
@@ -376,35 +379,52 @@ applications.")
 (define-public mongodb
   (package
     (name "mongodb")
-    (version "3.4.9")
+    (version "3.4.10")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/mongodb/mongo/archive/r"
                                   version ".tar.gz"))
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
-               (base32 "0gidwyvh3bdwmk2pccgkqkaln4ysgn8iwa7ihjzllsq0rdg95045"))
+               (base32 "0676lvkljj7a5hdhv78dbykqnqrj9lbn9799mi84b8vbnzsq961r"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  (for-each (lambda (dir)
+                              (delete-file-recursively
+                                (string-append "src/third_party/" dir)))
+                            '("pcre-8.41" "scons-2.5.0" "snappy-1.1.3"
+                              "valgrind-3.11.0" "wiredtiger"
+                              "yaml-cpp-0.5.3" "zlib-1.2.8"))))
               (patches
                (list
                 (search-patch "mongodb-support-unknown-linux-distributions.patch")))))
-    (build-system gnu-build-system)
+    (build-system scons-build-system)
     (inputs
      `(("openssl" ,openssl)
        ("pcre" ,pcre)
+        ,@(match (%current-system)
+            ((or "x86_64-linux" "aarch64-linux" "mips64el-linux")
+             `(("wiredtiger" ,wiredtiger)))
+            (_ `()))
        ("yaml-cpp" ,yaml-cpp)
        ("zlib" ,zlib)
-       ("snappy" ,snappy)
-       ("boost" ,boost)))
+       ("snappy" ,snappy)))
     (native-inputs
-     `(("scons" ,scons)
-       ("python" ,python-2)
-       ("valgrind" ,valgrind)
+     `(("valgrind" ,valgrind)
        ("perl" ,perl)))
     (arguments
-     `(#:phases
+     `(#:scons ,scons-python2
+       #:phases
        (let ((common-options
               `(;; "--use-system-tcmalloc" TODO: Missing gperftools
                 "--use-system-pcre"
+                ;; wiredtiger is 64-bit only
+                ,,(if (any (cute string-prefix? <> (or (%current-target-system)
+                                                       (%current-system)))
+                           '("i686-linux" "armhf-linux"))
+                    ``"--wiredtiger=off"
+                    ``"--use-system-wiredtiger")
                 ;; TODO
                 ;; build/opt/mongo/db/fts/unicode/string.o failed: Error 1
                 ;; --use-system-boost
@@ -417,7 +437,6 @@ applications.")
                 ,(format #f "--jobs=~a" (parallel-job-count))
                 "--ssl")))
          (modify-phases %standard-phases
-           (delete 'configure) ; There is no configure phase
            (add-after 'unpack 'scons-propagate-environment
              (lambda _
                ;; Modify the SConstruct file to arrange for
@@ -1764,6 +1783,33 @@ for ODBC.")
 (define-public python2-pyodbc-c
   (package-with-python2 python-pyodbc-c))
 
+(define-public python-pyodbc
+  (package
+    (name "python-pyodbc")
+    (version "4.0.21")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "pyodbc" version))
+       (sha256
+        (base32
+         "0a83zwz3h1agshnsc6r7al6q83222w8601gpzzzjvjz5m56ghmcn"))
+       (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system python-build-system)
+    (inputs
+     `(("unixodbc" ,unixodbc)))
+    (arguments
+     `(;; No unit tests exist.
+       #:tests? #f))
+    (home-page "https://github.com/mkleehammer/pyodbc")
+    (synopsis "Python ODBC Library")
+    (description "@code{python-pyodbc} provides a Python DB-API driver
+for ODBC.")
+    (license (license:x11-style "file:///LICENSE.TXT"))))
+
+(define-public python2-pyodbc
+  (package-with-python2 python-pyodbc))
+
 (define-public mdbtools
   (package
     (name "mdbtools")
diff --git a/gnu/packages/direct-connect.scm b/gnu/packages/direct-connect.scm
index 6796bf3bc8..ac0a490520 100644
--- a/gnu/packages/direct-connect.scm
+++ b/gnu/packages/direct-connect.scm
@@ -17,7 +17,7 @@
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (gnu packages direct-connect)
-  #:use-module (guix build-system python)
+  #:use-module (guix build-system scons)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
@@ -44,23 +44,11 @@
        (sha256
         (base32
          "12i92hirmwryl1qy0n3jfrpziwzb82f61xca9jcjwyilx502f0b6"))))
-    (build-system python-build-system)
+    (build-system scons-build-system)
     (arguments
-     `(#:python ,python-2
-       #:tests? #f ; no tests
-       #:phases
-       ;; TODO: Add scons-build-system and use it here.
-       (modify-phases %standard-phases
-         (delete 'configure)
-         (replace 'build
-           (lambda* (#:key inputs outputs #:allow-other-keys)
-             (let ((out (assoc-ref outputs "out")))
-               (mkdir-p out)
-               (zero? (system* "scons" (string-append "PREFIX=" out)
-                               "-j" (number->string (parallel-job-count)))))))
-         (replace 'install
-           (lambda _
-             (zero? (system* "scons" "install")))))))
+     `(#:scons ,scons-python2
+       #:scons-flags (list (string-append "PREFIX=" %output))
+       #:tests? #f)) ; no tests
     (inputs
      `(("boost" ,boost)
        ("bzip2" ,bzip2)
@@ -71,8 +59,7 @@
     (native-inputs
      `(("bazaar" ,bazaar)
        ("gettext-minimal" ,gettext-minimal)
-       ("pkg-config" ,pkg-config)
-       ("scons" ,scons)))
+       ("pkg-config" ,pkg-config)))
     (home-page "https://launchpad.net/linuxdcpp/")
     (synopsis "Direct Connect client")
     (description "LinuxDC++ is a Direct Connect (DC) client.  Direct Connect
diff --git a/gnu/packages/django.scm b/gnu/packages/django.scm
index e11814329a..a413500486 100644
--- a/gnu/packages/django.scm
+++ b/gnu/packages/django.scm
@@ -208,6 +208,26 @@ them do this.")
         (base32
          "1fslqc5qqb0b66yscvkyjwfv8cnbfx5nlkpnwimyb3pf1nc1w7r3"))))
     (build-system python-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         ;; TODO: Tagging the tests requiring the web could be done upstream.
+         (add-before 'check 'skip-test-requiring-network-access
+           (lambda _
+             (substitute* "allauth/socialaccount/providers/openid/tests.py"
+               (("def test_login")
+                "from django.test import tag
+    @tag('requires-web')
+    def test_login"))))
+         (replace 'check
+           (lambda _
+             (setenv "DJANGO_SETTINGS_MODULE" "test_settings")
+             (zero? (system*
+                     "django-admin"
+                     "test"
+                     "allauth"
+                     "--verbosity=2"
+                     "--exclude-tag=requires-web")))))))
     (propagated-inputs
      `(("python-openid" ,python-openid)
        ("python-requests" ,python-requests)
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index b06cde71b4..e0197fca32 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -483,31 +483,27 @@ Extensions} (DNSSEC).")
 (define-public knot
   (package
     (name "knot")
-    (version "2.6.1")
+    (version "2.6.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://secure.nic.cz/files/knot-dns/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1qs1rqfir0nxi0a0dcg60sbbr99hyxk8y1xd7j7jd13l9idx84rh"))
+                "143pk2124liiq1r4ja1s579nbv3hm2scbbfbfclc2pw60r07mcig"))
               (modules '((guix build utils)))
               (snippet
                '(begin
-                  ;; Remove bundled libraries and dependencies on them.
-                  (substitute* "configure"
-                    (("src/contrib/dnstap/Makefile") ""))
-                  (substitute* "src/Makefile.in"
-                    (("contrib/dnstap ") ""))
+                  ;; Delete bundled libraries.
                   (with-directory-excursion "src/contrib"
-                    (for-each delete-file-recursively
-                              (list "dnstap" "lmdb")))
+                    (delete-file-recursively "lmdb"))
                   #t))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (inputs
-     `(("gnutls" ,gnutls)
+     `(("fstrm" ,fstrm)
+       ("gnutls" ,gnutls)
        ("jansson" ,jansson)
        ("libcap-ng" ,libcap-ng)
        ("libedit" ,libedit)
@@ -516,6 +512,7 @@ Extensions} (DNSSEC).")
        ("lmdb" ,lmdb)
        ("ncurses" ,ncurses)
        ("nettle" ,nettle)
+       ("protobuf-c" ,protobuf-c)
 
        ;; For ‘pykeymgr’, needed to migrate keys from versions <= 2.4.
        ("python" ,python-2)
@@ -548,6 +545,7 @@ Extensions} (DNSSEC).")
        (list "--sysconfdir=/etc"
              "--localstatedir=/var"
              "--with-module-rosedb=yes" ; serve static records from a database
+             "--with-module-dnstap=yes" ; allow detailed query logging
              (string-append "--with-bash-completions="
                             (assoc-ref %outputs "out")
                             "/etc/bash_completion.d"))))
@@ -560,6 +558,11 @@ number of programming techniques to improve speed.  For example, the responder
 is completely lock-free, resulting in a very high response rate.  Other features
 include automatic @dfn{DNS Security Extensions} (DNSSEC) signing, dynamic record
 synthesis, and on-the-fly re-configuration.")
-    (license (list license:expat        ; src/contrib/{hat-trie,murmurhash3}
-                   license:lgpl2.0+     ; parts of scr/contrib/ucw
-                   license:gpl3+))))    ; everything else
+    (license
+     (list
+      ;; src/contrib/{hat-trie,murmurhash3,openbsd},
+      ;; src/dnssec/contrib/vpool.[ch], and parts of libtap/ are ‘MIT’ (expat).
+      license:expat
+      license:lgpl2.0+              ; parts of scr/contrib/ucw
+      license:public-domain         ; src/contrib/fnv and possibly murmurhash3
+      license:gpl3+))))             ; everything else
diff --git a/gnu/packages/elixir.scm b/gnu/packages/elixir.scm
index 7425b49a43..553c5fa5ae 100644
--- a/gnu/packages/elixir.scm
+++ b/gnu/packages/elixir.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016, 2017 Pjotr Prins <pjotr.guix@thebird.nl>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 nee <nee.git@cock.li>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -30,7 +31,7 @@
 (define-public elixir
   (package
     (name "elixir")
-    (version "1.4.2")
+    (version "1.5.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/elixir-lang/elixir"
@@ -38,7 +39,7 @@
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0gsmgx4h6rvxilcbsx2z6yirm6g2g5bsxdvr0608ng4bsv22wknb"))
+                "0v7z0avs3gir7qdfgysfw88l3z9p5f7p7pjnrnsz5gmmsflvf5vk"))
               ;; FIXME: 27 tests (out of 4K) had to be disabled as
               ;; they fail in the build environment.  Common failures
               ;; are:
@@ -55,14 +56,18 @@
        #:phases
        (modify-phases %standard-phases
          (add-after 'unpack 'replace-paths
-           (lambda* (#:key inputs #:allow-other-keys)
-             (substitute* '("lib/elixir/lib/system.ex"
-                            "lib/mix/lib/mix/scm/git.ex")
-               (("(cmd\\(['\"])git" _ prefix)
-                (string-append prefix (which "git"))))
-             (substitute* "bin/elixir"
-               (("ERL_EXEC=\"erl\"")
-                (string-append "ERL_EXEC=" (which "erl"))))
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (substitute* '("lib/elixir/lib/system.ex"
+                              "lib/mix/lib/mix/scm/git.ex")
+                 (("(cmd\\(['\"])git" _ prefix)
+                  (string-append prefix (which "git"))))
+               (substitute* "bin/elixir"
+                 (("ERL_EXEC=\"erl\"")
+                  (string-append "ERL_EXEC=" (which "erl"))))
+               (substitute* "bin/mix"
+                 (("#!/usr/bin/env elixir")
+                  (string-append "#!" out "/bin/elixir"))))
              #t))
          (add-after 'unpack 'fix-or-disable-tests
            (lambda* (#:key inputs #:allow-other-keys)
@@ -75,6 +80,15 @@
 
              ;; FIXME: Mix.Shell.cmd() always fails with error code 130.
              (delete-file "lib/mix/test/mix/shell_test.exs")
+
+             ;; FIXME:
+             ;; disabled failing impure tests to make it build again.
+             ;; related discussion: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28034#14
+             (delete-file "lib/elixir/test/elixir/kernel/cli_test.exs")
+             (delete-file "lib/elixir/test/elixir/kernel/dialyzer_test.exs")
+             (delete-file "lib/iex/test/iex/helpers_test.exs")
+             (delete-file "lib/ex_unit/test/ex_unit/capture_io_test.exs")
+
              #t))
          (add-before 'build 'make-current
            ;; The Elixir compiler checks whether or not to compile files by
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index e7e93f1540..1cf14993c3 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -29,6 +29,8 @@
 ;;; Copyright © 2017 Oleg Pykhalov <go.wigust@gmail.com>
 ;;; Copyright © 2017 Mekeor Melire <mekeor.melire@gmail.com>
 ;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@gmail.com>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Mike Gerwitz <mtg@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -276,6 +278,7 @@ editor (without an X toolkit)" )
               (uri (git-reference
                     (url "git://git.hcoop.net/git/bpt/emacs.git")
                     (commit "41120e0f595b16387eebfbf731fff70481de1b4b")))
+              (patches (search-patches "guile-emacs-fix-configure.patch"))
               (sha256
                (base32
                 "0lvcvsz0f4mawj04db35p1dvkffdqkz8pkhc0jzh9j9x2i63kcz6"))))
@@ -294,7 +297,11 @@ editor (without an X toolkit)" )
         `(modify-phases ,phases
            (add-after 'unpack 'autogen
                       (lambda _
-                        (zero? (system* "sh" "autogen.sh"))))))))))
+                        (zero? (system* "sh" "autogen.sh"))))
+           ;; Build sometimes fails: deps/dispnew.d: No such file or directory
+           (add-before 'build 'make-deps-dir
+             (lambda _
+               (zero? (system* "mkdir" "-p" "src/deps"))))))))))
 
 
 ;;;
@@ -434,6 +441,7 @@ on stdout instead of using a socket as the Emacsclient does.")
        ("perl" ,perl)))
     (propagated-inputs
      `(("dash" ,emacs-dash)
+       ;; XXX Add 'magit-popup' dependency for the next release (after 2.11.0).
        ("with-editor" ,emacs-with-editor)))
     (arguments
      `(#:modules ((guix build gnu-build-system)
@@ -544,20 +552,28 @@ support for Git-SVN.")
 (define-public emacs-magit-popup
   (package
     (name "emacs-magit-popup")
-    (version (package-version magit))
+    (version "2.12.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                    "https://raw.githubusercontent.com/magit/magit/"
-                    version "/lisp/magit-popup.el"))
-              (file-name (string-append "magit-popup-" version ".el"))
+                    "https://github.com/magit/magit-popup/archive/v"
+                    version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0w750kwngq63hi9drad3jxldwkg83sldb9w9r2xl2mqm3hm4l8s6"))))
+                "1dnk611f7lww6rb03hk8ijg2jwxx9f26pjfff4bwjmnjz7hnd6vz"))))
     (build-system emacs-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'install 'make-info
+           (lambda _
+             (zero? (system* "make" "info")))))))
+    (native-inputs
+     `(("texinfo" ,texinfo)))
     (propagated-inputs
      `(("emacs-dash" ,emacs-dash)))
-    (home-page "https://github.com/magit/magit")
+    (home-page "https://github.com/magit/magit-popup")
     (synopsis "Define prefix-infix-suffix command combos")
     (description
      "This library implements a generic interface for toggling switches and
@@ -3014,7 +3030,7 @@ regardless of @code{highlight-symbol-idle-delay}.
 (define-public emacs-hl-todo
   (package
     (name "emacs-hl-todo")
-    (version "1.7.4")
+    (version "1.8.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -3023,7 +3039,7 @@ regardless of @code{highlight-symbol-idle-delay}.
               (file-name (string-append "hl-todo-" version ".el"))
               (sha256
                (base32
-                "016ivl4s0ysrm1xbfi86j5xcs759fcb0mkspxw81x8mpi3yb46ya"))))
+                "0g0h9v4572p7mcird8wsj1c41haf60krslm6mlpi4mdbh248kv6z"))))
     (build-system emacs-build-system)
     (home-page "https://github.com/tarsius/hl-todo")
     (synopsis "Emacs mode to highlight TODO and similar keywords")
@@ -4188,14 +4204,16 @@ passive voice.")
 (define-public emacs-org
   (package
     (name "emacs-org")
-    (version "20171016")
+    ;; emacs-org-contrib inherits from this package.  Please update its sha256
+    ;; checksum as well.
+    (version "20171205")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://elpa.gnu.org/packages/org-"
                                   version ".tar"))
               (sha256
                (base32
-                "1196kv83p953nd9c5gxkn8ndw2kmm2kfw34dldap6m89khqflz5a"))))
+                "0a1rm94ci47jf5579sxscily680ysmy3hnxjcs073n45nk76za04"))))
     (build-system emacs-build-system)
     (home-page "http://orgmode.org/")
     (synopsis "Outline-based notes management and organizer")
@@ -4215,7 +4233,7 @@ reproducible research.")
                                   (package-version emacs-org) ".tar"))
               (sha256
                (base32
-                "0xy2xrndlhs4kyvh6mmv24dnh3fn5p63d2gaimnrypf1p8znwzh4"))))
+                "1y61csa284gy8l0fj0mv67mkm4fsi4lz401987qp6a6z260df4n5"))))
     (arguments
      `(#:modules ((guix build emacs-build-system)
                   (guix build utils)
@@ -4242,11 +4260,11 @@ reproducible research.")
                #t))))))
     (propagated-inputs
      `(("emacs-org" ,emacs-org)))
-    (synopsis "Contributed packages to Org-mode")
+    (synopsis "Contributed packages to Org mode")
     (description "Org is an Emacs mode for keeping notes, maintaining TODO
 lists, and project planning with a fast and effective plain-text system.
 
-This package is equivilent to org-plus-contrib, but only includes additional
+This package is equivalent to org-plus-contrib, but only includes additional
 files that you would find in @file{contrib/} from the git repository.")))
 
 (define-public emacs-flx
@@ -4851,6 +4869,31 @@ jQuery and Bootstrap resources included via osscdn.")
      "This Emacs package highlights the s-exp at the current position.")
     (license license:gpl3+)))
 
+(define-public emacs-highlight-stages
+  (let ((commit "29cbc5b78261916da042ddb107420083da49b271")
+        (revision "1"))
+    (package
+      (name "emacs-highlight-stages")
+      (version (string-append "1.1.0" "-" revision "." (string-take commit 7)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/zk-phi/highlight-stages.git")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "0r6nbcrr0dqpgm8dir8ahzjy7rw4nrac48byamzrq96r7ajlxlv0"))
+         (patches
+          (search-patches "emacs-highlight-stages-add-gexp.patch"))))
+      (build-system emacs-build-system)
+      (home-page "https://github.com/wigust/highlight-stages")
+      (synopsis "Minor mode that highlights (quasi-quoted) expressions")
+      (description "@code{highlight-stages} provides an Emacs minor mode that
+highlights quasi-quoted expressions.")
+      (license license:gpl3+))))
+
 (define-public emacspeak
   (package
     (name "emacspeak")
@@ -6258,3 +6301,83 @@ contexts.
 @item Toggle downloading and set priorities for individual files.
 @end itemize\n")
     (license license:gpl3+)))
+
+(define-public eless
+  (package
+    (name "eless")
+    (version "0.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/kaushalmodi/eless/archive/"
+                    "v" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0gjnnhgw5xs1w3qfnkvwa2nv44gnxr8pkhx3c7qig45p8nh1461h"))))
+    (build-system trivial-build-system)
+    (inputs
+     `(("bash" ,bash)))
+    (native-inputs
+     `(("tar" ,tar)
+       ("gzip" ,gzip)))
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (setenv "PATH" (string-append
+                         (assoc-ref %build-inputs "tar") "/bin" ":"
+                         (assoc-ref %build-inputs "gzip") "/bin"))
+         (system* "tar" "xvf" (assoc-ref %build-inputs "source"))
+         (chdir (string-append "eless" "-" ,version))
+         (substitute* "eless" (("/usr/bin/env bash")
+                               (string-append (assoc-ref %build-inputs "bash")
+                                              "/bin/bash")))
+         (install-file "eless" (string-append %output "/bin"))
+         (install-file "doc/eless.info" (string-append %output "/share/info"))
+         #t)))
+    (home-page "https://github.com/kaushalmodi/eless")
+    (synopsis "Use Emacs as a paginator")
+    (description "@code{eless} provides a combination of Bash script
+and a minimal Emacs view-mode.
+
+Feautures:
+
+@itemize
+@item Independent of a user’s Emacs config.
+@item Customizable via the @code{(locate-user-emacs-file \"elesscfg\")} config.
+@item Not require an Emacs server to be already running.
+@item Syntax highlighting.
+@item Org-mode file rendering.
+@item @code{man} page viewer.
+@item Info viewer.
+@item Dired, wdired, (batch edit symbolic links).
+@item Colored diffs, git diff, git log, ls with auto ANSI detection.
+@item Filter log files lines matching a regexp.
+@item Auto-revert log files similar to @code{tail -f}.
+@item Quickly change frame and font sizes.
+@end itemize\n")
+    (license license:expat)))
+
+(define-public emacs-evil-matchit
+  (package
+    (name "emacs-evil-matchit")
+    (version "2.2.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://github.com/redguardtoo/evil-matchit/archive/"
+             version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1hm0k53m7d8zv2pk4p93k5mmilsv1mz7y2z6dqf7r6f0zmncs31a"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/redguardtoo/evil-matchit")
+    (synopsis "Vim matchit ported into Emacs")
+    (description
+     "@code{evil-matchit} is a minor mode for jumping between matching tags in
+evil mode using @kbd{%}.  It is a port of @code{matchit} for Vim.")
+    (license license:gpl3+)))
diff --git a/gnu/packages/engineering.scm b/gnu/packages/engineering.scm
index b2127ba45d..5c36de1dd2 100644
--- a/gnu/packages/engineering.scm
+++ b/gnu/packages/engineering.scm
@@ -127,7 +127,19 @@
                (install-file "unix/librecad" bin)
                (mkdir-p share)
                (copy-recursively "unix/resources" share))
-             #t)))))
+             #t))
+         ;; Ensure that icons are found at runtime
+         (add-after 'install 'wrap-executable
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (qt '("qtbase" "qtsvg")))
+               (wrap-program (string-append out "/bin/librecad")
+                 `("QT_PLUGIN_PATH" ":" prefix
+                   ,(map (lambda (label)
+                           (string-append (assoc-ref inputs label)
+                                          "/lib/qt5/plugins/"))
+                         qt)))
+               #t))))))
     (inputs
      `(("boost" ,boost)
        ("muparser" ,muparser)
diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm
index 7f48740ea2..d1eeb35088 100644
--- a/gnu/packages/enlightenment.scm
+++ b/gnu/packages/enlightenment.scm
@@ -59,7 +59,7 @@
 (define-public efl
   (package
     (name "efl")
-    (version "1.20.5")
+    (version "1.20.6")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -67,7 +67,7 @@
                     version ".tar.xz"))
               (sha256
                (base32
-                "07624c71l9d1jx1zvdhwkr1bgb1n7i0i5hyg6579zdwl3jw6jpns"))))
+                "1h9jkb1pkp2g6ld7ra9mxgblx3x5id4162ja697klx9mfjkpxijn"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -255,7 +255,7 @@ Libraries with some extra bells and whistles.")
 (define-public enlightenment
   (package
     (name "enlightenment")
-    (version "0.22.0")
+    (version "0.22.1")
     (source (origin
               (method url-fetch)
               (uri
@@ -263,7 +263,7 @@ Libraries with some extra bells and whistles.")
                               name "/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0xmrvryr35idd7fyqgshfhvy2053bs3vwrxbx681pi6rgpdvjghv"))))
+                "1q57fz57d0b26z06m1wiq7c1sniwh885b0vs02mk4jgwva46nyr0"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags '("--enable-mount-eeze")
diff --git a/gnu/packages/erlang.scm b/gnu/packages/erlang.scm
index 1a575a0fd0..770ed715bc 100644
--- a/gnu/packages/erlang.scm
+++ b/gnu/packages/erlang.scm
@@ -35,7 +35,7 @@
 (define-public erlang
   (package
     (name "erlang")
-    (version "20.0")
+    (version "20.1")
     (source (origin
               (method url-fetch)
               ;; The tarball from http://erlang.org/download contains many
@@ -46,7 +46,7 @@
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "11xp6vv1v7iay9dg1xc6xm7izfsanbn5pgwp96ba0j1fmlkhjw92"))
+                "0r4g8ag7nlpw06y4c39fgcyccykj2sbyhv5jgp4qmrjci2ydgns8"))
               (patches (search-patches "erlang-man-path.patch"))))
     (build-system gnu-build-system)
     (native-inputs
@@ -62,7 +62,7 @@
                                version ".tar.gz"))
            (sha256
             (base32
-             "1k25p37w1l1j20qd8rga4j4q7s7r0rbsi02x3xwzhw51jhm59wdp"))))))
+             "0ikvdpn4z7az6szg176l1r2yxhgs3msa3wgb3gmy45jkz0pzik05"))))))
     (inputs
      `(("ncurses" ,ncurses)
        ("openssl" ,openssl)
diff --git a/gnu/packages/file-systems.scm b/gnu/packages/file-systems.scm
index 6c5e427aa4..621c70b0d5 100644
--- a/gnu/packages/file-systems.scm
+++ b/gnu/packages/file-systems.scm
@@ -150,7 +150,9 @@ non-determinism in the build process.")
                            "/glusterfs-" version ".tar.gz"))
        (sha256
         (base32
-         "02sn9s3jjva2i1l47y3in326n8jgp57rbykz5s8m87y4bzpw0ym1"))))
+         "02sn9s3jjva2i1l47y3in326n8jgp57rbykz5s8m87y4bzpw0ym1"))
+       (patches
+        (search-patches "glusterfs-use-PATH-instead-of-hardcodes.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
diff --git a/gnu/packages/finance.scm b/gnu/packages/finance.scm
index a0febba01c..788f7c0d7c 100644
--- a/gnu/packages/finance.scm
+++ b/gnu/packages/finance.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Carlo Zancanaro <carlo@zancanaro.id.au>
 ;;; Copyright © 2017 Theodoros Foradis <theodoros@foradis.org>
+;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -48,6 +49,7 @@
   #:use-module (gnu packages python-crypto)
   #:use-module (gnu packages python-web)
   #:use-module (gnu packages qt)
+  #:use-module (gnu packages readline)
   #:use-module (gnu packages texinfo)
   #:use-module (gnu packages textutils)
   #:use-module (gnu packages tls)
@@ -319,7 +321,7 @@ other machines/servers.  Electrum does not download the Bitcoin blockchain.")
   ;; the system's dynamically linked library.
   (package
     (name "monero")
-    (version "0.11.0.0")
+    (version "0.11.1.0")
     (source
      (origin
        (method url-fetch)
@@ -337,7 +339,7 @@ other machines/servers.  Electrum does not download the Bitcoin blockchain.")
            #t))
        (sha256
         (base32
-         "083w40a553c0r3i18020jcrv5s0b64vx3d8xrn9nwkb2237ighlk"))))
+         "16shd834025jyzy68h3gag1sz8vbk875hy4j97hrki8pacz8vd5m"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("doxygen" ,doxygen)
@@ -418,7 +420,7 @@ Monero command line client and daemon.")
 (define-public monero-core
   (package
     (name "monero-core")
-    (version "0.11.0.0")
+    (version "0.11.1.0")
     (source
      (origin
        (method url-fetch)
@@ -427,7 +429,7 @@ Monero command line client and daemon.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "0hnrkgwb1sva67pcjym2gvb4zifp2s849dfbnjzbxk3yczpcyqzg"))))
+         "1q7a9kpcjgp74fbplzs2iszdld6gwbfrydyd9in9izhwp100p1rr"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("doxygen" ,doxygen)
@@ -438,6 +440,7 @@ Monero command line client and daemon.")
        ("libunwind" ,libunwind)
        ("openssl" ,openssl)
        ("qt" ,qt)
+       ("readline" ,readline)
        ("unbound" ,unbound)))
     (propagated-inputs
      `(("monero" ,monero)))
diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm
index 4acebeb405..0f123c3ab1 100644
--- a/gnu/packages/fonts.scm
+++ b/gnu/packages/fonts.scm
@@ -170,6 +170,45 @@ itself."))))
 sans-serif designed for on-screen reading.  It is used by GNOME@tie{}3.")
     (license license:silofl1.1)))
 
+(define-public font-lato
+  (package
+    (name "font-lato")
+    (version "2.010")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://www.latofonts.com/download/Lato2OFL.zip"))
+              (sha256
+               (base32
+                "1f5540g0ja1nx3ddd3ywn77xc81ssrxpq8n3gyb9sabyq2b4xda2"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder (begin
+                   (use-modules (guix build utils)
+                                (srfi srfi-26))
+
+                   (let ((PATH     (string-append (assoc-ref %build-inputs
+                                                             "unzip")
+                                                  "/bin"))
+                         (font-dir (string-append %output
+                                                  "/share/fonts/truetype")))
+                     (setenv "PATH" PATH)
+                     (system* "unzip" (assoc-ref %build-inputs "source"))
+
+                     (mkdir-p font-dir)
+                     (for-each (lambda (ttf)
+                                 (install-file ttf font-dir))
+                               (find-files "." "\\.ttf$"))))))
+
+    (native-inputs `(("unzip" ,unzip)))
+    (home-page "http://www.latofonts.com/lato-free-fonts/")
+    (synopsis "Lato sans-serif typeface")
+    (description
+     "Lato is a sanserif typeface family.  It covers over 3000 glyphs per style.
+The Lato 2.010 family supports more than 100 Latin-based languages, over
+50 Cyrillic-based languages as well as Greek and IPA phonetics.")
+    (license license:silofl1.1)))
+
 (define-public font-gnu-freefont-ttf
   (package
     (name "font-gnu-freefont-ttf")
@@ -831,6 +870,24 @@ designed to work well in user interface environments.")
     (description "This is the typeface used by Mozilla in Firefox OS.")
     (license license:silofl1.1)))
 
+(define-public font-fira-sans
+  (package
+    (name "font-fira-sans")
+    (version "4.202")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/mozilla/Fira/archive/"
+                                  version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1r6zdnqqp4bgq5nmgqbj0vvj7x1h9w912851ggbl9wc7fdjnjqnq"))))
+    (build-system font-build-system)
+    (home-page "http://mozilla.github.io/Fira/")
+    (synopsis "Mozilla's Fira Sans Font")
+    (description "This is the typeface used by Mozilla in Firefox OS.")
+    (license license:silofl1.1)))
+
 (define-public font-awesome
   (package
    (name "font-awesome")
@@ -1070,3 +1127,52 @@ emphasis while still being readable.")
       "The Font Software may be sold as part of a larger software package but
 no copy of one or more of the Font Software typefaces may be sold by
 itself."))))
+
+(define-public font-dosis
+  (package
+    (name "font-dosis")
+    (version "1.7")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://www.impallari.com/media/releases/dosis-"
+                           "v" version ".zip"))
+       (sha256
+        (base32
+         "1qhci68f68mf87jd69vjf9qjq3wydgw1q7ivn3amjb65ls1s0c4s"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder (begin
+                   (use-modules (guix build utils)
+                                (srfi srfi-26))
+
+                   (let ((PATH     (string-append (assoc-ref %build-inputs
+                                                             "unzip")
+                                                  "/bin"))
+                         (ttf-dir (string-append %output
+                                                 "/share/fonts/truetype"))
+                         (otf-dir (string-append %output
+                                                 "/share/fonts/opentype")))
+                     (setenv "PATH" PATH)
+                     (system* "unzip" (assoc-ref %build-inputs "source"))
+
+                     (mkdir-p ttf-dir)
+                     (mkdir-p otf-dir)
+                     (for-each (lambda (ttf)
+                                 (install-file ttf ttf-dir))
+                               (find-files "." "\\.ttf$"))
+                     (for-each (lambda (otf)
+                                 (install-file otf otf-dir))
+                               (find-files "." "\\.otf$"))))))
+    (native-inputs `(("unzip" ,unzip)))
+    (home-page "http://www.impallari.com/dosis")
+    (synopsis "Very simple, rounded, sans serif family")
+    (description
+     "Dosis is a very simple, rounded, sans serif family.
+The lighter weights are minimalist.  The bolder weights have more personality.
+The medium weight is nice and balanced.  The overall result is a family
+that's clean and modern, and can express a wide range of voices & feelings.
+It comes in 7 incremental weights:
+ExtraLight, Light, Book, Medium, Semibold, Bold & ExtraBold")
+    (license license:silofl1.1)))
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index ae370f4b52..d2306a9423 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017 ng0 <ng0@n0.is>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -24,6 +25,7 @@
 (define-module (gnu packages fontutils)
   #:use-module (gnu packages)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages check)
   #:use-module (gnu packages ghostscript)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
@@ -44,7 +46,8 @@
   #:use-module (guix svn-download)
   #:use-module (guix git-download)
   #:use-module (guix build-system cmake)
-  #:use-module (guix build-system gnu))
+  #:use-module (guix build-system gnu)
+  #:use-module (guix build-system python))
 
 (define-public freetype
   (package
@@ -556,3 +559,103 @@ opentype fonts.  You can save fonts in many different outline formats, and
 generate bitmaps.")
    (license license:gpl3+)
    (home-page "https://fontforge.github.io/en-US/")))
+
+(define-public python2-ufolib
+  (package
+    (name "python2-ufolib")
+    (version "2.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "ufoLib" version ".zip"))
+       (sha256
+        (base32 "1njin1465qqzshnrvcl5sbv0bsy15gj6fycbw4lmcnwkx5sldgyx"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:python ,python-2))
+    (propagated-inputs
+     `(("python2-fonttools" ,python2-fonttools)))
+    (native-inputs
+     `(("unzip" ,unzip)
+       ("python2-pytest-3.0" ,python2-pytest-3.0)
+       ("python2-pytest-runner" ,python2-pytest-runner)))
+    (home-page "https://github.com/unified-font-object/ufoLib")
+    (synopsis "Low-level UFO reader and writer")
+    (description
+     "UfoLib reads and writes Unified Font Object (UFO)
+files.  UFO is a file format that stores fonts source files.")
+    (license license:bsd-3)))
+
+(define-public python2-defcon
+  (package
+    (name "python2-defcon")
+    (version "0.3.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "defcon" version ".zip"))
+       (sha256
+        (base32
+         "1f41w54fdjy9izxcwzqa142kd56whqsg9nq5k4508jb6iip84h89"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:python ,python-2))
+    (native-inputs
+     `(("unzip" ,unzip)
+       ("python2-pytest-3.0" ,python2-pytest-3.0)
+       ("python2-pytest-runner" ,python2-pytest-runner)))
+    (propagated-inputs
+     `(("python2-fonttools" ,python2-fonttools)
+       ("python2-ufolib" ,python2-ufolib)))
+    (home-page "https://pypi.python.org/pypi/defcon")
+    (synopsis "Flexible objects for representing @acronym{UFO, unified font object} data")
+    (description
+     "Defcon is a set of @acronym{UFO, unified font object} based objects
+optimized for use in font editing applications.  The objects are built to
+be lightweight, fast and flexible.  The objects are very bare-bones and
+they are not meant to be end-all, be-all objects.  Rather, they are meant
+to provide base functionality so that you can focus on your application’s
+behavior, not object observing or maintaining cached data.  Defcon
+implements UFO3 as described by the UFO font format.")
+    (license license:expat)))
+
+(define-public nototools
+  (package
+    (name "nototools")
+    (version "20170925")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/googlei18n/nototools/"
+                           "archive/v2017-09-25-tooling-for-phase3-"
+                           "update.tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1pvacw18cm9l4sb66pqyjc7hc74xhhfxc7kd5ald8lixf4wzg0s8"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:python ,python-2))
+    (propagated-inputs
+     `(("python2-booleanoperations" ,python2-booleanoperations)
+       ("python2-defcon" ,python2-defcon)
+       ("python2-fonttools" ,python2-fonttools)
+       ("python2-pillow" ,python2-pillow)
+       ("python2-pyclipper" ,python2-pyclipper)
+       ("python2-ufolib" ,python2-ufolib)))
+    (home-page "https://github.com/googlei18n/nototools")
+    (synopsis "Noto fonts support tools and scripts")
+    (description
+     "Nototools is a Python package containing Python scripts used to
+maintain the Noto Fonts project.")
+    (license (list license:asl2.0
+                   ;; Sample texts are attributed to UN and OHCHR.
+                   ;; The permissions on the UDHR are pretty lax:
+                   ;; http://www.ohchr.org/EN/UDHR/Pages/Introduction.aspx
+                   ;; "If UDHR translations or materials are reproduced, users
+                   ;; should make reference to this website as a source by
+                   ;; providing a link."
+                   license:public-domain
+                   (license:non-copyleft
+                    "file://sample_texts/attributions.txt"
+                    "See sample_texts/attributions.txt in the distribution.")))))
diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index 9c744a4839..e015fcbc36 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -10,6 +10,7 @@
 ;;; Copyright © 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
+;;; Copyright © 2017 Brendan Tildesley <brendan.tildesley@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -32,6 +33,7 @@
   #:use-module (guix download)
   #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system perl)
   #:use-module (guix build-system python)
   #:use-module (gnu packages acl)
   #:use-module (gnu packages admin)
@@ -40,7 +42,9 @@
   #:use-module (gnu packages boost)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages cryptsetup)
   #:use-module (gnu packages databases)
+  #:use-module (gnu packages disk)
   #:use-module (gnu packages docbook)
   #:use-module (gnu packages documentation)
   #:use-module (gnu packages gettext)
@@ -56,10 +60,15 @@
   #:use-module (gnu packages libusb)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages m4)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages perl-check)
   #:use-module (gnu packages polkit)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages perl-check)
   #:use-module (gnu packages python)
   #:use-module (gnu packages w3m)
+  #:use-module (gnu packages web)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages xdisorg)
   #:use-module (gnu packages xorg))
@@ -85,7 +94,8 @@
        ("w3m" ,w3m)
        ("xmlto" ,xmlto)))
     (propagated-inputs
-     `(("xprop" ,xprop) ; for Xfce detecting
+     `(("perl-file-mimeinfo" ,perl-file-mimeinfo) ; for mimeopen fallback
+       ("xprop" ,xprop) ; for Xfce detecting
        ("xset" ,xset))) ; for xdg-screensaver
     (arguments
      `(#:tests? #f   ; no check target
@@ -211,6 +221,7 @@ the freedesktop.org XDG Base Directory specification.")
               (method url-fetch)
               (uri (string-append "https://github.com/elogind/elogind/"
                                   "archive/v" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
                 "1qcxian48z2dj5gfmp7brrngdydqf2jm00f4rjr5sy1myh8fy931"))
@@ -268,7 +279,16 @@ the freedesktop.org XDG Base Directory specification.")
                (substitute* (string-append out "/lib/libelogind.la")
                  (("-lcap")
                   (string-append "-L" libcap "/lib -lcap")))
-               #t))))))
+               #t)))
+         (add-after 'unpack 'remove-uaccess-tag
+           (lambda _
+             ;; systemd supports a "uaccess" built-in tag, but eudev currently
+             ;; doesn't.  This leads to eudev warnings that we'd rather not
+             ;; see, so remove the reference to "uaccess."
+             (substitute* "src/login/73-seat-late.rules.in"
+               (("^TAG==\"uaccess\".*" line)
+                (string-append "# " line "\n")))
+             #t)))))
     (native-inputs
      `(("autoconf" ,autoconf)
        ("automake" ,automake)
@@ -602,7 +622,9 @@ Analysis and Reporting Technology) functionality.")
        ("libatasmart" ,libatasmart)
        ("libgudev" ,libgudev)
        ("polkit" ,polkit)
-       ("util-linux" ,util-linux)))
+       ("util-linux" ,util-linux)
+       ("cryptsetup" ,cryptsetup)
+       ("parted" ,parted)))
     (outputs '("out"
                "doc"))                            ;5 MiB of gtk-doc HTML
     (arguments
@@ -642,14 +664,22 @@ Analysis and Reporting Technology) functionality.")
                "girdir = $(datadir)/gir-1.0\n")
               (("typelibsdir = .*")
                "typelibsdir = $(libdir)/girepository-1.0\n"))))
-         (add-after 'install 'set-mount-file-name
+         (add-after 'install 'wrap-udisksd
            (lambda* (#:key outputs inputs #:allow-other-keys)
              ;; Tell 'udisksd' where to find the 'mount' command.
              (let ((out   (assoc-ref outputs "out"))
-                   (utils (assoc-ref inputs "util-linux")))
+                   (utils (assoc-ref inputs "util-linux"))
+                   (cryptsetup (assoc-ref inputs "cryptsetup"))
+                   (parted (assoc-ref inputs "parted")))
                (wrap-program (string-append out "/libexec/udisks2/udisksd")
                  `("PATH" ":" prefix
                    (,(string-append utils "/bin") ;for 'mount'
+                    ;; cryptsetup is required for setting encrypted
+                    ;; partitions, e.g. in gnome-disks
+                    ,(string-append cryptsetup "/sbin")
+                    ;; parted is required for managing partitions, e.g. in
+                    ;; gnome-disks
+                    ,(string-append parted "/sbin")
                     "/run/current-system/profile/bin"
                     "/run/current-system/profile/sbin")))
                #t))))))
@@ -1090,3 +1120,110 @@ localization (i.e. translation) of the file names.  Designed to be
 automatically run when a user logs in, xdg-user-dirs can also be run
 manually by a user.")
     (license license:gpl2)))
+
+(define-public perl-file-basedir
+  (package
+    (name "perl-file-basedir")
+    (version "0.07")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/K/KI/KIMRYAN/"
+                           "File-BaseDir-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0aq8d4hsaxqibp36f773y6dfck7zd82v85sp8vhi6pjkg3pmf2hj"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-build" ,perl-module-build)
+       ("perl-file-which" ,perl-file-which)
+       ("perl-test-pod" ,perl-test-pod)
+       ("perl-test-pod-coverage" ,perl-test-pod-coverage)
+       ("xdg-user-dirs" ,xdg-user-dirs)))
+    (propagated-inputs
+     `(("perl-ipc-system-simple" ,perl-ipc-system-simple)))
+    (home-page "http://search.cpan.org/dist/File-BaseDir/")
+    (synopsis "Use the Freedesktop.org base directory specification")
+    (description
+     "@code{File::Basedir} can be used to find directories and files as
+specified by the Freedesktop.org Base Directory Specification.  This
+specifications gives a mechanism to locate directories for configuration,
+application data and cache data.")
+    (license license:perl-license)))
+
+(define-public perl-file-desktopentry
+  (package
+    (name "perl-file-desktopentry")
+    (version "0.22")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/M/MI/MICHIELB/"
+                           "File-DesktopEntry-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1f1maqix2kbfg2rf008m7mqnvv6nvcf9y6pcgdv2kxp2vbih370n"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-test-pod" ,perl-test-pod)
+       ("perl-test-pod-coverage" ,perl-test-pod-coverage)))
+    (propagated-inputs
+     `(("perl-file-basedir" ,perl-file-basedir)
+       ("perl-uri" ,perl-uri)))
+    (home-page "http://search.cpan.org/~michielb/File-DesktopEntry/")
+    (synopsis "Handle @file{.desktop} files")
+    (description
+     "@code{File::DesktopEntry} parses @file{.desktop} files defined by the
+Freedesktop.org @dfn{Desktop Entry} specification.  It can also run the
+applications define in those files.")
+    (license license:perl-license)))
+
+(define-public perl-file-mimeinfo
+  (package
+    (name "perl-file-mimeinfo")
+    (version "0.28")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/M/MI/MICHIELB/"
+                           "File-MimeInfo-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1ipbh63bkh1r2gy5g7q4bzhki8j29mm1jkhbv60p9vwsdys5s91a"))))
+    (build-system perl-build-system)
+    ;; If the tests are fixed, add perl-test-pod, perl-test-pod-coverage, and
+    ;; perl-test-tiny as native-inputs.
+    (propagated-inputs
+     `(("shared-mime-info" ,shared-mime-info)
+       ("perl-file-desktopentry" ,perl-file-desktopentry)))
+    (arguments
+     ;; Some tests fail due to requiring the mimetype of perl files to be
+     ;; text/plain when they are actually application/x-perl.
+     `(#:tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'wrap-programs
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (for-each (lambda (prog)
+                           (wrap-program (string-append out "/bin/" prog)
+                             `("PERL5LIB" ":" prefix
+                               (,(string-append (getenv "PERL5LIB") ":" out
+                                                "/lib/perl5/site_perl")))))
+                         '("mimeopen" "mimetype")))
+             #t)))))
+    (home-page "http://search.cpan.org/dist/File-MimeInfo/")
+    (synopsis "Determine file type from the file name")
+    (description
+     "@code{File::Mimeinfo} can be used to determine the MIME type of a file.
+It tries to implement the Freedesktop specification for a shared MIME
+database.
+
+This package also contains two related utilities:
+
+@itemize
+@item @command{mimetype} determines a file's MIME type;
+@item @command{mimeopen} opens files in an appropriate program according to
+their MIME type.
+@end itemize")
+    (license license:perl-license)))
diff --git a/gnu/packages/game-development.scm b/gnu/packages/game-development.scm
index be241cbd31..3c544f5546 100644
--- a/gnu/packages/game-development.scm
+++ b/gnu/packages/game-development.scm
@@ -37,6 +37,7 @@
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system python)
+  #:use-module (guix build-system scons)
   #:use-module (gnu packages)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages boost)
@@ -1063,12 +1064,26 @@ games.")
               (file-name (string-append name "-" version))
               (sha256
                (base32 "1mz89nafc1m7srbqvy7iagxrxmqvf5hbqi7i0lwaapkx6q0kpkq7"))))
-    (build-system gnu-build-system)
+    (build-system scons-build-system)
     (arguments
-     `(#:tests? #f ; There are no tests
+     `(#:scons ,scons-python2
+       #:scons-flags (list "platform=x11"
+                           ;; Avoid using many of the bundled libs.
+                           ;; Note: These options can be found in the SConstruct file.
+                           "builtin_freetype=no"
+                           "builtin_glew=no"
+                           "builtin_libmpdec=no"
+                           "builtin_libogg=no"
+                           "builtin_libpng=no"
+                           "builtin_libtheora=no"
+                           "builtin_libvorbis=no"
+                           "builtin_libwebp=no"
+                           "builtin_openssl=no"
+                           "builtin_opus=no"
+                           "builtin_zlib=no")
+       #:tests? #f ; There are no tests
        #:phases
        (modify-phases %standard-phases
-         (delete 'configure)
          (add-after 'unpack 'scons-use-env
            (lambda _
              ;; Scons does not use the environment variables by default,
@@ -1079,24 +1094,6 @@ games.")
                  "env_base = Environment(tools=custom_tools)\n"
                  "env_base = Environment(ENV=os.environ)")))
              #t))
-         (replace 'build
-           (lambda _
-             (zero? (system*
-                     "scons"
-                     "platform=x11"
-                     ;; Avoid using many of the bundled libs.
-                     ;; Note: These options can be found in the SConstruct file.
-                     "builtin_freetype=no"
-                     "builtin_glew=no"
-                     "builtin_libmpdec=no"
-                     "builtin_libogg=no"
-                     "builtin_libpng=no"
-                     "builtin_libtheora=no"
-                     "builtin_libvorbis=no"
-                     "builtin_libwebp=no"
-                     "builtin_openssl=no"
-                     "builtin_opus=no"
-                     "builtin_zlib=no"))))
          (replace 'install
            (lambda* (#:key outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
@@ -1128,8 +1125,7 @@ games.")
                            Type=Application~%"
                            out)))
                #t))))))
-    (native-inputs `(("pkg-config" ,pkg-config)
-                     ("scons" ,scons)))
+    (native-inputs `(("pkg-config" ,pkg-config)))
     (inputs `(("alsa-lib" ,alsa-lib)
               ("freetype" ,freetype)
               ("glew" ,glew)
@@ -1144,8 +1140,7 @@ games.")
               ("mesa" ,mesa)
               ("openssl" ,openssl)
               ("opusfile" ,opusfile)
-              ("pulseaudio" ,pulseaudio)
-              ("python2" ,python-2)))
+              ("pulseaudio" ,pulseaudio)))
     (home-page "https://godotengine.org/")
     (synopsis "Advanced 2D and 3D game engine")
     (description
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index 2ef69e87d1..a699fadc2a 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -580,6 +580,92 @@ utilizing the art assets from the @code{SuperTux} project.")
                    license:gpl2+
                    license:gpl3+))))
 
+(define-public roguebox-adventures
+  (let ((commit "19a2c340b34d5b4e7cc89118c7aedc058babbd93")
+        (revision "1"))
+      (package
+        (name "roguebox-adventures")
+        (version (git-version "2.1.2" revision commit))
+        (source
+         (origin
+           (method git-fetch)
+           (uri
+            (git-reference
+             (url "https://git.postactiv.com/themightyglider/RogueBoxAdventures.git")
+                 (commit commit)))
+           (file-name (git-file-name name version))
+           (sha256
+            (base32
+             "0afmg8fjdcs3sqdp5rc7irgr7riil8jwysfjn1imfxslf1wcx5ah"))))
+        (build-system python-build-system)
+        (arguments
+         '(#:tests? #f ; no check target
+           #:phases
+           (modify-phases %standard-phases
+             ;; no setup.py script
+             (replace 'build
+               (lambda* (#:key outputs #:allow-other-keys)
+                 (let* ((out (assoc-ref outputs "out"))
+                        (data (string-append
+                               out "/share/games/roguebox-adventures")))
+                   ;; Use the correct data directory.
+                   (substitute* '("main.py" "LIB/getch.py" "LIB/getch_gcwz.py")
+                     (("basic_path + os\\.sep + 'DATA'")
+                      (string-append "'" data "'"))
+                     (("^basic_path.*$")
+                      (string-append "basic_path ='" data "'\n")))
+                   (substitute* "LIB/gra_files.py"
+                     (("basic_path = b_path\\.replace\\('/LIB',''\\)")
+                      (string-append "basic_path ='" data "'\n")))
+
+                   ;; The game must save in the user's home directory because
+                   ;; the store is read-only.
+                   (substitute* "main.py"
+                     (("home_save = False") "home_save = True")
+                     (("'icon_small.png'")
+                      (string-append "'" data "/icon_small.png'"))))
+                 #t))
+             (replace 'install
+               (lambda* (#:key outputs #:allow-other-keys)
+                 (let* ((out (assoc-ref outputs "out"))
+                        (bin (string-append out "/bin"))
+                        (data (string-append
+                               out "/share/games/roguebox-adventures"))
+                        (doc (string-append
+                              out "/share/doc/roguebox-adventures")))
+                   (mkdir-p bin)
+                   (mkdir-p doc)
+                   (copy-file "main.py"
+                              (string-append bin "/roguebox-adventures"))
+                   (chmod (string-append bin "/roguebox-adventures") #o555)
+
+                   (for-each (lambda (file)
+                               (copy-recursively file
+                                                 (string-append data "/" file)))
+                             '("AUDIO" "FONT" "GRAPHIC" "LIB" "LICENSE"
+                               "icon_big.png" "icon_small.png"))
+
+                   (copy-recursively "DOC" doc)
+
+                   (wrap-program (string-append bin "/roguebox-adventures")
+                     `("PYTHONPATH" ":" prefix (,(string-append data "/LIB")))))
+                 #t)))))
+        (inputs
+         `(("python-pygame" ,python-pygame)
+           ("python-tmx" ,python-tmx)))
+        (home-page "https://rogueboxadventures.tuxfamily.org")
+        (synopsis "A classical roguelike/sandbox game")
+        (description
+         "RogueBox Adventures is a graphical roguelike with strong influences
+from sandbox games like Minecraft or Terraria.  The main idea of RogueBox
+Adventures is to offer the player a kind of roguelike toy-world.  This world
+can be explored and changed freely.")
+        ;; The GPL3+ is for code, the rest are for art.
+        (license (list license:cc0
+                       license:cc-by3.0
+                       license:gpl3+
+                       license:silofl1.1)))))
+
 (define-public xshogi
   (package
     (name "xshogi")
@@ -722,7 +808,7 @@ fight Morgoth, the Lord of Darkness.")
        (patches (search-patches "pingus-sdl-libs-config.patch"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)
-                     ("scons" ,scons)))
+                     ("scons-python2" ,scons-python2)))
     (inputs `(("sdl" ,sdl)
               ("sdl-image" ,sdl-image)
               ("sdl-mixer" ,sdl-mixer)
@@ -731,15 +817,11 @@ fight Morgoth, the Lord of Darkness.")
               ("libpng" ,libpng)
               ("boost" ,boost)))
     (arguments
-     '(#:tests? #f                      ; no check target
+     '(#:make-flags (list (string-append "PREFIX=" %output))
+       #:tests? #f                      ; no check target
        #:phases
        (modify-phases %standard-phases
-         (delete 'configure)            ; no configure script
-        (replace 'install
-          (lambda* (#:key outputs #:allow-other-keys)
-            (zero? (system* "make" "install"
-                            (string-append "PREFIX="
-                                           (assoc-ref outputs "out")))))))))
+         (delete 'configure)))) ; no configure script
     (home-page "http://pingus.seul.org/welcome.html")
     (synopsis "Lemmings clone")
     (description
@@ -1346,7 +1428,7 @@ either by Infocom or created using the Inform compiler.")
 (define-public retroarch
   (package
     (name "retroarch")
-    (version "1.6.7")
+    (version "1.6.9")
     (source
      (origin
        (method url-fetch)
@@ -1354,7 +1436,7 @@ either by Infocom or created using the Inform compiler.")
                            version ".tar.gz"))
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
-        (base32 "13vp5skf95a4fla3dwdk2v48dgnmrvimvp9fgpr1vppb7wfjhbr1"))))
+        (base32 "1d3qbph59d43k10mprqm8h23143yji5mwjkciwynwa4xvsgydpb6"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f                      ; no tests
@@ -1461,7 +1543,7 @@ This game is based on the GPL version of the famous game TuxRacer.")
 (define-public supertuxkart
   (package
     (name "supertuxkart")
-    (version "0.9.2")
+    (version "0.9.3")
     (source
      (origin
        (method url-fetch)
@@ -1469,8 +1551,7 @@ This game is based on the GPL version of the famous game TuxRacer.")
                            version "/supertuxkart-" version "-src.tar.xz"))
        (sha256
         (base32
-         "10l2ljmd7mv8f9ylarqmxxryicdnph2qkm3g5maxnsm2k2q0n20b"))
-       (patches (search-patches "supertuxkart-angelscript-ftbfs.patch"))
+         "1c4w47ibj87lgwiqygq8qi7jiz6gklj4dwf5bs5zk15s0rqlw0fq"))
        (modules '((guix build utils)))
        (snippet
         ;; Delete bundled library sources
@@ -1495,6 +1576,8 @@ This game is based on the GPL version of the famous game TuxRacer.")
        (list "-DUSE_WIIUSE=0"
              ;; Do not use the bundled zlib
              "-DNO_IRR_COMPILE_WITH_ZLIB_=TRUE"
+             ;; FIXME: needs libopenglrecorder
+             "-DBUILD_RECORDER=0"
              ;; Irrlicht returns an integer instead of a boolean
              "-DCMAKE_C_FLAGS=-fpermissive")
        #:phases
@@ -3035,7 +3118,7 @@ Red Eclipse provides fast paced and accessible gameplay.")
 (define-public higan
   (package
     (name "higan")
-    (version "104")
+    (version "106")
     (source
      (origin
        (method url-fetch)
@@ -3044,7 +3127,7 @@ Red Eclipse provides fast paced and accessible gameplay.")
              version))
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
-        (base32 "18by01ir2mvdi9hq571in1hk18gw2bd0ynq4avfs1qj0qra35fqb"))
+        (base32 "0y42pra0dxzlbkyzcp3r8a39pji2bj3p9fl40425f60af2igr4rw"))
        (patches (search-patches "higan-remove-march-native-flag.patch"))))
     (build-system gnu-build-system)
     (native-inputs
@@ -4154,7 +4237,7 @@ emerges from a sewer hole and pulls her below ground.")
 (define-public cdogs-sdl
   (package
     (name "cdogs-sdl")
-    (version "0.6.5")
+    (version "0.6.6")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/cxong/cdogs-sdl/"
@@ -4162,7 +4245,7 @@ emerges from a sewer hole and pulls her below ground.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "17llrpdrrwi8h37vjpkxk2asj7h8qdfp2zy28wiwb7cjzribmz3k"))))
+                "08gbx6vqqir48xs6qdfa4kv70gj4j96wzs90pg7qldfasxz34ljm"))))
     (build-system cmake-build-system)
     (arguments
      `(#:configure-flags
@@ -4504,7 +4587,7 @@ fish.  The whole game is accompanied by quiet, comforting music.")
 (define-public crawl
   (package
     (name "crawl")
-    (version "0.20.0")
+    (version "0.20.1")
     (source
      (origin
        (method url-fetch)
@@ -4518,7 +4601,7 @@ fish.  The whole game is accompanied by quiet, comforting music.")
                             version "-nodeps.tar.xz")))
        (sha256
         (base32
-         "0127dgldij2h4m7cf32yy9ndv4vcz03g4km71lmxrsi5mw7ljgpd"))
+         "0cagx7687r5ln7pmzl60akjhjpyqd62z9zhfr2mqfk53wl9jbsbj"))
        (patches (search-patches "crawl-upgrade-saves.patch"))))
     (build-system gnu-build-system)
     (inputs
@@ -4603,7 +4686,7 @@ fabulous Orb of Zot.")
        ("sdl2-mixer" ,sdl2-mixer)))
     (native-inputs
      `(,@(package-native-inputs crawl)
-       ;; TODO: Add advpng or pngcrush for additional PNG optimization.
+       ("pngcrush" ,pngcrush)
        ("which" ,which)))
     (synopsis "Graphical roguelike dungeon crawler game")))
 
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index dab2f99d74..84d2f9a8d2 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -413,7 +413,12 @@ Go.  It also includes runtime support libraries for these languages.")
                (base32
                 "1m0lr7938lw5d773dkvwld90hjlcq2282517d1gwvrfzmwgg42w5"))
               (patches (search-patches "gcc-strmov-store-file-names.patch"
-                                       "gcc-5.0-libvtv-runpath.patch"))))))
+                                       "gcc-6-source-date-epoch-1.patch"
+                                       "gcc-6-source-date-epoch-2.patch"
+                                       "gcc-5.0-libvtv-runpath.patch"))))
+    (inputs
+     `(("isl" ,isl)
+       ,@(package-inputs gcc-4.7)))))
 
 (define-public gcc-7
   (package
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 2cb6947205..8f9b1bac98 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -454,6 +454,16 @@ commonly used macros.")
        (base32
         "0pkq5l1llw8gkjhfq6y58iyj6wac8dh1mc3rzjzn6nd7lrkdx8cg"))))
     (build-system gnu-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'patch-path
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((libc   (assoc-ref inputs "libc")))
+               (substitute* "libgnome-desktop/gnome-languages.c"
+                 (("\"locale\"")
+                  (string-append "\"" libc "/bin/locale\"")))
+               #t))))))
     (native-inputs
      `(("gobject-introspection" ,gobject-introspection)
        ("itstool" ,itstool)
@@ -1059,7 +1069,7 @@ API add-ons to make GTK+ widgets OpenGL-capable.")
 (define-public glade3
   (package
     (name "glade")
-    (version "3.20.1")
+    (version "3.20.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -1067,7 +1077,7 @@ API add-ons to make GTK+ widgets OpenGL-capable.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1pxikhzdzd092d4x3nacf5gfzi3mvhywrhcfqc07xakbsinnfr40"))))
+                "1vdbqqvf6nrkqml4awrq4pzfwsm5v39wdzg943nys6lmf1am9l87"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(#:tests? #f ; needs X, GL, and software rendering
@@ -1787,14 +1797,14 @@ Hints specification (EWMH).")
 (define-public goffice
   (package
     (name "goffice")
-    (version "0.10.35")
+    (version "0.10.36")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
                                   (version-major+minor version)  "/"
                                   name "-" version ".tar.xz"))
               (sha256
-               (base32 "0f2p3p7idfpbms4mi75031014mqsv09s21b6w1359p09raph3461"))))
+               (base32 "1mma1gp179dh7kvwzd7q3mwg0719hhbm9f5sqw28flv5lv05zrng"))))
     (build-system gnu-build-system)
     (outputs '("out"
                "doc"))                            ;4.1 MiB of gtk-doc
@@ -1851,7 +1861,7 @@ Hints specification (EWMH).")
 (define-public gnumeric
   (package
     (name "gnumeric")
-    (version "1.12.35")
+    (version "1.12.36")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -1859,7 +1869,7 @@ Hints specification (EWMH).")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "02kcq2af16m9mlzgkbdzswhw0nl6zf01dmvsfq3shy1mab7f7cbp"))))
+                "0j28qpbz9a9p80x27kcwxl5n1hf36nn2fa7dxwrbhcdx4rgy5grw"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(;; The gnumeric developers don't worry much about failing tests.
@@ -2945,7 +2955,7 @@ service via the system message bus.")
 (define-public libgweather
   (package
     (name "libgweather")
-    (version "3.26.0")
+    (version "3.26.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -2953,7 +2963,7 @@ service via the system message bus.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0vkbc8rvmrlfiws844izxfl01r6l9p6agf8vvgszzkry1gfbm12v"))))
+                "1f64ix7acj0j0qvxwxaazii2bhsjgh5ang1kw14fkg25ndq899zw"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
@@ -3687,7 +3697,7 @@ which can read a large number of file formats.")
 (define-public rhythmbox
  (package
    (name "rhythmbox")
-   (version "3.4.1")
+   (version "3.4.2")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3695,7 +3705,7 @@ which can read a large number of file formats.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "1dj1hgdyhmwzs6h2zr89b1ipk0p6g7x74rfz56a5yjds3ik8d7q3"))))
+              "0hzcns8gf5yb0rm4ss8jd8qzarcaplp5cylk6plwilsqfvxj4xn2"))))
    (build-system glib-or-gtk-build-system)
    (arguments
     `(#:configure-flags
@@ -4051,7 +4061,7 @@ work and the interface is well tested.")
 (define-public eolie
   (package
     (name "eolie")
-    (version "0.9.12")
+    (version "0.9.13")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/gnumdk/eolie/"
@@ -4059,7 +4069,7 @@ work and the interface is well tested.")
                                   "/eolie-" version ".tar.xz"))
               (sha256
                (base32
-                "1qlaxczs82vyww06v5m8zwhvaiilp5zhxp5yp632a8947cg5blnz"))))
+                "1khpc6x40y5gm0a3p5fxiva9p1djijxmsh74xinigddnyqbjqw69"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(#:phases
@@ -4386,7 +4396,7 @@ metadata in photo and video files of various formats.")
 (define-public shotwell
   (package
     (name "shotwell")
-    (version "0.26.3")
+    (version "0.27.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4394,7 +4404,7 @@ metadata in photo and video files of various formats.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1r8fd63r7c5n99hwrkzv9jlrk84z4sa15q3h70pydzfjnfqf90zv"))))
+                "1jav7qv0s1v6wvd7x2ri85hjqnbswq883pnd228qhd6bhjbryp89"))))
     (build-system glib-or-gtk-build-system)
     (propagated-inputs
      `(("dconf" ,dconf)))
@@ -5866,7 +5876,8 @@ software that do not provide their own configuration interface.")
     (build-system trivial-build-system)
     (source #f)
     (propagated-inputs
-     `(("nautilus" ,nautilus)))
+     `(("nautilus" ,nautilus)
+       ("evince" ,evince)))
     (arguments
      `(#:modules ((guix build utils))
        #:builder
@@ -5878,7 +5889,9 @@ software that do not provide their own configuration interface.")
            (call-with-output-file (string-append apps "/defaults.list")
              (lambda (port)
                (format port "[Default Applications]\n")
-               (format port "inode/directory=org.gnome.Nautilus.desktop\n")))
+               (format port "inode/directory=org.gnome.Nautilus.desktop\n")
+               (format port "application/pdf=evince.desktop\n")
+               (format port "application/postscript=evince.desktop\n")))
            #t))))
     (synopsis "Default MIME type associations for the GNOME desktop")
     (description
diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index b17a39ccf9..91e2e3f245 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -2,10 +2,10 @@
 ;;; Copyright © 2013, 2014, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2014 Sree Harsha Totakura <sreeharsha@totakura.in>
 ;;; Copyright © 2015, 2017 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
+;;; Copyright © 2016, 2017 ng0 <ng0@n0.is>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -144,14 +144,14 @@ tool to extract metadata from a file and print the results.")
 (define-public libmicrohttpd
   (package
    (name "libmicrohttpd")
-   (version "0.9.55")
+   (version "0.9.57")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/libmicrohttpd/libmicrohttpd-"
                                 version ".tar.gz"))
             (sha256
              (base32
-              "1y6h1slav5l6k8zyb01dpw65dscdgxxgfa3a0z9qnn7jr66sn70c"))))
+              "0kmgkk9sjg1n3q7rbzw5y4qmgh51zn5qi2j69gbqmr6phxjaghfy"))))
    (build-system gnu-build-system)
    (inputs
     `(("curl" ,curl)
@@ -177,23 +177,22 @@ tool to extract metadata from a file and print the results.")
 C library.  It makes it easy to run an HTTP server as part of another
 application.  The library is fully HTTP 1.1 compliant.  It can listen on
 multiple ports, supports four different threading models, and supports
-IPv6.  It
-also features security features such as basic and digest authentication
-and support for SSL3 and TLS.")
+IPv6.  It also features security features such as basic and digest
+authentication and support for SSL3 and TLS.")
    (license license:lgpl2.1+)
    (home-page "https://www.gnu.org/software/libmicrohttpd/")))
 
 (define-public gnurl
   (package
    (name "gnurl")
-   (version "7.56.1")
+   (version "7.56.1-2")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://gnunet.org/sites/default/files/"
                                 name "-" version ".tar.bz2"))
             (sha256
              (base32
-              "0phbs3lw0a561fqsj4fyngmpaznjlnx4qx9n9xzglivy69r9j1n8"))))
+              "092lpwjdg0z5bbf6i331ydm49qy05xrb3vagggmpi8pl7v3zv88j"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                             ; 1.5 MiB of man3 pages
@@ -207,17 +206,7 @@ and support for SSL3 and TLS.")
       ("pkg-config" ,pkg-config)
       ("python" ,python-2)))
    (arguments
-    `(#:configure-flags '("--enable-ipv6" "--with-gnutls" "--without-libssh2"
-                          "--without-libmetalink" "--without-winidn"
-                          "--without-librtmp" "--without-nghttp2"
-                          "--without-nss" "--without-cyassl"
-                          "--without-polarssl" "--without-ssl"
-                          "--without-winssl" "--without-darwinssl"
-                          "--disable-sspi" "--disable-ntlm-wb"
-                          "--disable-ldap" "--disable-rtsp" "--disable-dict"
-                          "--disable-telnet" "--disable-tftp" "--disable-pop3"
-                          "--disable-imap" "--disable-smtp" "--disable-gopher"
-                          "--disable-file" "--disable-ftp" "--disable-smb")
+    `(#:configure-flags (list "--disable-ntlm-wb")
       #:test-target "test"
       #:parallel-tests? #f
       #:phases
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index 567ba0dd57..a8424a87f6 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -212,14 +212,14 @@ compatible to GNU Pth.")
 (define-public gnupg
   (package
     (name "gnupg")
-    (version "2.2.2")
+    (version "2.2.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
                                   ".tar.bz2"))
               (sha256
                (base32
-                "15w1q0bib742jqnir67bk07mc6ph9yik8wbc5i1bkcyf29s2rdmz"))))
+                "1d4482c4pbi0p1k8cc0f9c4q51k56v8navrbz5samxrrs42p3lyb"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 3499f48594..814d37270e 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -7,6 +7,7 @@
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2017 ng0 <ng0@infotropique.org>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -381,11 +382,11 @@ in the Mozilla clients.")
      "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
     (synopsis "Network Security Services")
     (description
-     "Network Security Services (NSS) is a set of libraries designed to support
-cross-platform development of security-enabled client and server applications.
-Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7,
-PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security
-standards.")
+     "Network Security Services (@dfn{NSS}) is a set of libraries designed to
+support cross-platform development of security-enabled client and server
+applications.  Applications built with NSS can support SSL v2 and v3, TLS,
+PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
+security standards.")
     (license license:mpl2.0)))
 
 (define (mozilla-patch file-name changeset hash)
diff --git a/gnu/packages/gps.scm b/gnu/packages/gps.scm
index 10592c23ec..abdd024731 100644
--- a/gnu/packages/gps.scm
+++ b/gnu/packages/gps.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014, 2015 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,6 +26,7 @@
   #:use-module (gnu packages base)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages databases)
   #:use-module (gnu packages docbook)
   #:use-module (gnu packages image)
   #:use-module (gnu packages xml)
@@ -131,3 +132,31 @@ the photo was taken.  It does this by using the timestamp in the photo and
 finding a data point in the GPS track that matches, or interpolating a point
 between two other data points.")
       (license license:gpl2+))))
+
+(define-public gama
+  (package
+    (name "gama")
+    (version "1.21")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "mirror://gnu/gama/gama-"
+                            version ".tar.gz"))
+        (sha256
+         (base32
+          "0yy8czw5dldbw1qj5v2h2wfh397bfx5wd3lrrgs8m1qdf1njnhcq"))))
+    (build-system gnu-build-system)
+    (arguments '(#:parallel-tests? #f)) ; race condition
+    (native-inputs
+     `(("libxml2" ,libxml2)))
+    (inputs
+     `(("expat" ,expat)
+       ("sqlite" ,sqlite)))
+    (home-page "https://www.gnu.org/software/gama")
+    (synopsis "Adjustment of geodetic networks")
+    (description
+     "GNU Gama is a program for the adjustment of geodetic networks.  It is
+useful in measurements where Global Positioning System (GPS) is not available,
+such as underground.  It features the ability to adjust in local Cartesian
+coordinates as well as partial support for adjustments in global coordinate systems.")
+    (license license:gpl3+)))
diff --git a/gnu/packages/graphics.scm b/gnu/packages/graphics.scm
index 3ffb4dd25c..249bbb6df1 100644
--- a/gnu/packages/graphics.scm
+++ b/gnu/packages/graphics.scm
@@ -7,6 +7,7 @@
 ;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2017 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
 ;;; Copyright © 2017 Ben Woodcroft <donttrustben@gmail.com>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -500,7 +501,7 @@ virtual reality, scientific visualization and modeling.")
        ("intltool" ,intltool)
        ("pkg-config" ,pkg-config)
        ("xvfb" ,xorg-server)))
-    (home-page "http://rapicorn.org")
+    (home-page "https://rapicorn.testbit.org/")
     (synopsis "Toolkit for rapid development of user interfaces")
     (description
      "Rapicorn is a toolkit for rapid development of user interfaces in C++
diff --git a/gnu/packages/groff.scm b/gnu/packages/groff.scm
index 6e1a60e9ba..fd098cd770 100644
--- a/gnu/packages/groff.scm
+++ b/gnu/packages/groff.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -72,6 +73,52 @@ is usually the formatter of \"man\" documentation pages.")
    (license gpl3+)
    (home-page "https://www.gnu.org/software/groff/")))
 
+(define-public groff-minimal
+  ;; Minimialist groff for use by man-db.  Its closure size is less than half
+  ;; that of the full-blown groff.
+  (package
+    (inherit groff)
+    (name "groff-minimal")
+    (synopsis "Minimalist variant of Groff for use by man-db")
+    (outputs '("out"))
+
+    ;; Omit the DVI, PS, PDF, and HTML backends.
+    (inputs '())
+    (native-inputs `(("bison" ,bison)
+                     ("perl" ,perl)))
+
+    (arguments
+     `(#:disallowed-references (,perl)
+
+       #:configure-flags '("--docdir=/tmp/trash/doc")
+
+       #:phases (modify-phases %standard-phases
+                  (add-after 'install 'remove-non-essential-programs
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      ;; Keep only the programs that man-db needs at run time,
+                      ;; and make sure we don't pull in Perl.
+                      (let ((out  (assoc-ref outputs "out"))
+                            (kept '("eqn" "neqn" "pic" "tbl" "refer"
+                                    "nroff" "groff" "troff" "grotty")))
+                        (for-each (lambda (file)
+                                    (unless (member (basename file) kept)
+                                      (delete-file file)))
+                                  (find-files (string-append out "/bin")))
+
+                        ;; Remove a bunch of unneeded Perl scripts.
+                        (for-each delete-file (find-files out "\\.pl$"))
+                        (for-each delete-file
+                                  (find-files out "BuildFoundries"))
+
+                        ;; Remove ~3 MiB from share/groff/X.Y/font/devBACKEND
+                        ;; corresponding to the unused backends.
+                        (for-each delete-file-recursively
+                                  (find-files out "^dev(dvi|ps|pdf|html|lj4)$"
+                                              #:directories? #t))
+                        #t))))
+
+       ,@(package-arguments groff)))))
+
 ;; There are no releases, so we take the latest commit.
 (define-public roffit
   (let ((commit "e5228388e3faf2b7f1ae5bd048ad46ed565304c6")
diff --git a/gnu/packages/gstreamer.scm b/gnu/packages/gstreamer.scm
index c87465db09..3333ca87fd 100644
--- a/gnu/packages/gstreamer.scm
+++ b/gnu/packages/gstreamer.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -45,6 +46,7 @@
   #:use-module (gnu packages libusb)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages mp3)
+  #:use-module (gnu packages ncurses)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages qt)
@@ -64,14 +66,14 @@
 (define-public orc
   (package
     (name "orc")
-    (version "0.4.27")
+    (version "0.4.28")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://gstreamer.freedesktop.org/data/src/"
                                   "orc/orc-" version ".tar.xz"))
               (sha256
                (base32
-                "14vbwdydwarcvswzf744jdjb3ibhv6k4j6hzdacfan41zic3xrai"))))
+                "1kl3rlmzr27bdpn78nvpnjs142ja1m6grvafdhw74mmhcdjprkdz"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -469,3 +471,31 @@ be used by Python applications using GStreamer.")
     (propagated-inputs
      `(("gst-plugins-base" ,gst-plugins-base)
        ("python-pygobject" ,python2-pygobject)))))
+
+(define-public gst123
+  (package
+    (name "gst123")
+    (version "0.3.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://space.twc.de/~stefan/gst123/gst123-"
+                                  version ".tar.bz2"))
+              (sha256
+               (base32
+                "0zaa117n4wkya9p903vkj8hj58lmdb66pxsdx5wwcv7nffbp5d67"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("gtk+" ,gtk+-2)
+       ("ncurses" ,ncurses)
+       ("gstreamer" ,gstreamer)
+       ("gst-plugins-base" ,gst-plugins-base)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "http://space.twc.de/~stefan/gst123.php")
+    (synopsis "Flexible command line media player based on gstreamer")
+    (description "The program gst123 is designed to be a more flexible command
+line player in the spirit of ogg123 and mpg123, based on the gstreamer media
+framework.  It plays all file formats gstreamer supports, so if you have a
+music collection which contains different file formats, like flac, ogg and
+mp3, you can use gst123 to play all your music files.")
+    (license license:lgpl2.0+)))
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index abcefd32ed..90630e8a36 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -221,7 +221,7 @@ without requiring the source code to be rewritten.")
 (define-public guile-2.2
   (package (inherit guile-2.0)
     (name "guile")
-    (version "2.2.2")
+    (version "2.2.2")                      ;TODO: Update to 2.2.3 (see below).
     (source (origin
               (method url-fetch)
 
@@ -251,6 +251,21 @@ without requiring the source code to be rewritten.")
             (files '("lib/guile/2.2/site-ccache"
                      "share/guile/site/2.2")))))))
 
+(define-public guile-2.2.3
+  ;; TODO: Make it the new 'guile-2.2' on the next rebuild cycle.
+  (package
+    (inherit guile-2.2)
+    (version "2.2.3")
+    (source (origin (inherit (package-source guile-2.2))
+                    (uri (list (string-append "mirror://gnu/guile/guile-"
+                                              version ".tar.xz")
+                               (string-append
+                                "https://wingolog.org/priv/guile-"
+                                version ".tar.xz")))
+                    (sha256
+                     (base32
+                      "11j01agvnci2cx32wwpqs9078856yxmvs15gcsz7ganpkj2ahlw3"))))))
+
 (define-public guile-2.2/fixed
   ;; A package of Guile 2.2 that's rarely changed.  It is the one used
   ;; in the `base' module, and thus changing it entails a full rebuild.
@@ -1263,7 +1278,7 @@ key-value cache and store.")
 (define-public guile-wisp
   (package
     (name "guile-wisp")
-    (version "0.9.0")
+    (version "0.9.8")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://bitbucket.org/ArneBab/"
@@ -1271,25 +1286,26 @@ key-value cache and store.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0y5fxacalkgbv9s71h58vdvm2h2ln3rk024dd0vszwcf953as5fq"))))
+                "1f2bbicq1rxnwmiplrm4r75wj06w385mjkyvi7g4k740bgwcrzxr"))))
     (build-system gnu-build-system)
     (arguments
-     `(#:modules ((system base compile)
-                  ,@%gnu-build-system-modules)
+     `(#:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (ice-9 rdelim)
+                  (ice-9 popen))
+
        #:phases
        (modify-phases %standard-phases
-         (add-before
-          'configure 'substitute-before-config
+         (add-before 'configure 'substitute-before-config
 
           (lambda* (#:key inputs #:allow-other-keys)
             (let ((bash (assoc-ref inputs "bash")))
-              ;; configure checks for guile-2.0, but ours is just named "guile" :)
-              (substitute* "configure"
-                (("guile-2.0") "guile"))
               ;; Puts together some test files with /bin/bash hardcoded
               (substitute* "Makefile.in"
-                (("/bin/bash")
-                 (string-append bash "/bin/bash") ))
+                (("/usr/bin/env bash")
+                 (string-append bash "/bin/bash"))
+                (("\\$\\(GUILE_EFFECTIVE_VERSION\\)/site")
+                 "site/$(GUILE_EFFECTIVE_VERSION)")) ;use the right order
               #t)))
 
          ;; auto compilation breaks, but if we set HOME to /tmp,
@@ -1299,37 +1315,33 @@ key-value cache and store.")
           (lambda _
             (setenv "HOME" "/tmp")
             #t))
-         (replace
-          'install
+         (add-after 'install 'install-go-files
           (lambda* (#:key outputs inputs #:allow-other-keys)
             (let* ((out (assoc-ref outputs "out"))
-                   (module-dir (string-append out "/share/guile/site/2.0"))
-                   (language-dir
-                    (string-append module-dir "/language/wisp"))
-                   (guild (string-append (assoc-ref inputs "guile")
-                                         "/bin/guild")))
-              ;; Make installation directories.
-              (mkdir-p module-dir)
-              (mkdir-p language-dir)
-
-              ;; copy the source
-              (copy-file "wisp-scheme.scm"
-                         (string-append module-dir "/wisp-scheme.scm"))
-              (copy-file "language/wisp/spec.scm"
-                         (string-append language-dir "/spec.scm"))
-
+                   (effective (read-line
+                               (open-pipe* OPEN_READ
+                                           "guile" "-c"
+                                           "(display (effective-version))")))
+                   (module-dir (string-append out "/share/guile/site/"
+                                              effective))
+                   (object-dir (string-append out "/lib/guile/" effective
+                                              "/site-ccache"))
+                   (prefix     (string-length module-dir)))
               ;; compile to the destination
-              (compile-file "wisp-scheme.scm"
-                            #:output-file (string-append
-                                           module-dir "/wisp-scheme.go"))
-              (compile-file "language/wisp/spec.scm"
-                            #:output-file (string-append
-                                           language-dir "/spec.go"))
+              (for-each (lambda (file)
+                          (let* ((base (string-drop (string-drop-right file 4)
+                                                    prefix))
+                                 (go   (string-append object-dir base ".go")))
+                           (invoke "guild" "compile" "-L" module-dir
+                                    file "-o" go)))
+                        (find-files module-dir "\\.scm$"))
               #t))))))
     (home-page "http://draketo.de/english/wisp")
     (inputs
-     `(("guile" ,guile-2.0)
-       ("python" ,python)))
+     `(("guile" ,guile-2.2)))
+    (native-inputs
+     `(("python" ,python)
+       ("pkg-config" ,pkg-config)))
     (synopsis "Whitespace to lisp syntax for Guile")
     (description "Wisp is a syntax for Guile which provides a Python-like
 whitespace-significant language.  It may be easier on the eyes for some
@@ -1374,11 +1386,11 @@ users and in some situations.")
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (propagated-inputs
-     `(("guile" ,guile-2.2)
-       ("guile-sdl" ,guile-sdl)
+     `(("guile-sdl" ,guile-sdl)
        ("guile-opengl" ,guile-opengl)))
     (inputs
-     `(("gsl" ,gsl)
+     `(("guile" ,guile-2.2)
+       ("gsl" ,gsl)
        ("freeimage" ,freeimage)
        ("mesa" ,mesa)))
     (synopsis "2D/3D game engine for GNU Guile")
@@ -1492,6 +1504,55 @@ It currently supports MySQL, Postgres and SQLite3.")
 SQL databases.  This package implements the interface for SQLite.")
     (license license:gpl2+)))
 
+(define-public guile-dsv
+  (package
+    (name "guile-dsv")
+    (version "0.2.1")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/artyom-poptsov/guile-dsv")
+                    (commit "bdc5267d007478abc20ea96d7c459b7dd9560b3d")))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "1irw6mz8998nwyhzrw9g94jcz60b9zljgqfmipaz1ybn8579qjx0"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("pkg-config" ,pkg-config)
+       ("texinfo" ,texinfo)))
+    (inputs `(("guile" ,guile-2.2)))
+    (propagated-inputs `(("guile-lib" ,guile-lib)))
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-before 'configure 'set-guilesitedir
+                    (lambda _
+                      (substitute* "Makefile.in"
+                        (("^guilesitedir =.*$")
+                         "guilesitedir = \
+$(datadir)/guile/site/$(GUILE_EFFECTIVE_VERSION)\n"))
+                      (substitute* "modules/Makefile.in"
+                        (("^guilesitedir =.*$")
+                         "guilesitedir = \
+$(datadir)/guile/site/$(GUILE_EFFECTIVE_VERSION)\n"))
+                      (substitute* "modules/dsv/Makefile.in"
+                        (("^guilesitedir =.*$")
+                         "guilesitedir = \
+$(datadir)/guile/site/$(GUILE_EFFECTIVE_VERSION)\n"))
+                      #t))
+                  (add-after 'unpack 'autoreconf
+                    (lambda _
+                      (zero? (system* "autoreconf" "-vfi")))))))
+    (home-page "https://github.com/artyom-poptsov/guile-dsv")
+    (synopsis "DSV module for Guile")
+    (description
+     "Guile-DSV is a GNU Guile module for working with the
+delimiter-separated values (DSV) data format.  Guile-DSV supports the
+Unix-style DSV format and RFC 4180 format.")
+    (license license:gpl3+)))
+
 (define-public guile-xosd
   (package
     (name "guile-xosd")
diff --git a/gnu/packages/haskell-check.scm b/gnu/packages/haskell-check.scm
index 190ee7cc93..871e0b9790 100644
--- a/gnu/packages/haskell-check.scm
+++ b/gnu/packages/haskell-check.scm
@@ -7,6 +7,7 @@
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2017 Danny Milosavljevic <dannym@scratchpost.org>
 ;;; Copyright © 2017 rsiddharth <s@ricketyspace.net>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -283,7 +284,7 @@ test-framework.")
 (define-public ghc-tasty-rerun
   (package
     (name "ghc-tasty-rerun")
-    (version "1.1.6")
+    (version "1.1.7")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -291,7 +292,7 @@ test-framework.")
                     "tasty-rerun-" version ".tar.gz"))
               (sha256
                (base32
-                "0ycxg7whabgcxyzy6gr536x8ykzx45whh1wrbsc7c58zi862fczd"))))
+                "18hz1xqinf59mzvd68ygj9333v0a32qxfcas7crn4iniq5zv71kj"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-mtl" ,ghc-mtl)
diff --git a/gnu/packages/haskell-crypto.scm b/gnu/packages/haskell-crypto.scm
index 9501fb2c39..f1c9b9f26c 100644
--- a/gnu/packages/haskell-crypto.scm
+++ b/gnu/packages/haskell-crypto.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2017 rsiddharth <s@ricketyspace.net>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -33,7 +34,7 @@
 (define-public ghc-asn1-types
   (package
     (name "ghc-asn1-types")
-    (version "0.3.1")
+    (version "0.3.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://hackage.haskell.org/package/"
@@ -41,7 +42,7 @@
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1iif9yrh4mmj249gyvam0zb2vb3jnlz777gahh2z9sx00dsx9rja"))))
+                "05vjchyqiy9n275cygffhn0ma7fz7jx52j0dcdm9qm8h9bziymqc"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-memory" ,ghc-memory)
@@ -56,7 +57,7 @@ format.")
 (define-public ghc-asn1-encoding
   (package
     (name "ghc-asn1-encoding")
-    (version "0.9.3")
+    (version "0.9.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://hackage.haskell.org/package/"
@@ -64,7 +65,7 @@ format.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "01ki5msrpccgdbdiaaa5a9zw0icp1hki4hca8qx6hzlp0rcf1mwh"))))
+                "0adgbamyq0mj1l1hdq4zyyllay714bac1wl0rih3fv1z6vykp1hy"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-hourglass" ,ghc-hourglass)
diff --git a/gnu/packages/haskell-web.scm b/gnu/packages/haskell-web.scm
index 7a786bfe82..0d4129f8fc 100644
--- a/gnu/packages/haskell-web.scm
+++ b/gnu/packages/haskell-web.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch>
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 rsiddharth <s@ricketyspace.net>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -64,7 +65,7 @@ for screen-scraping.")
 (define-public ghc-cookie
   (package
     (name "ghc-cookie")
-    (version "0.4.1.6")
+    (version "0.4.3")
     (source
      (origin
        (method url-fetch)
@@ -74,7 +75,7 @@ for screen-scraping.")
              ".tar.gz"))
        (sha256
         (base32
-         "0b6ym6fn29p5az4dwydy036lxj131kagrmgb93w4bbkqfkds8b9s"))))
+         "0qpdydhb9gw590ffabqg70x7xvjpg8l74idqnrfbhv5yrr7hryzv"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-old-locale" ,ghc-old-locale)
@@ -791,14 +792,14 @@ essentially the opposite of pretty-printing.")
 (define-public ghc-aeson-qq
   (package
     (name "ghc-aeson-qq")
-    (version "0.8.1")
+    (version "0.8.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://hackage.haskell.org/package/"
                                   "aeson-qq/aeson-qq-" version ".tar.gz"))
               (sha256
                (base32
-                "1z8kh3qjc4khadz1ijdqm7fbk7dh17sisqhpwd3c9aibj2927k9d"))))
+                "0ln13jqyfh5726hdrk1rad9a6cgrrj201plmwcfcpvq18v4m5ckd"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-base-compat" ,ghc-base-compat)
diff --git a/gnu/packages/haskell.scm b/gnu/packages/haskell.scm
index 9ea54c5022..66ccbae7f4 100644
--- a/gnu/packages/haskell.scm
+++ b/gnu/packages/haskell.scm
@@ -12,6 +12,7 @@
 ;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@gmail.com>
 ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;; Copyright © 2017 rsiddharth <s@ricketyspace.net>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -771,7 +772,7 @@ package are to parse or generate Haskell 98 code.")
 (define-public ghc-alex
   (package
     (name "ghc-alex")
-    (version "3.1.4")
+    (version "3.2.3")
     (source
      (origin
        (method url-fetch)
@@ -781,11 +782,8 @@ package are to parse or generate Haskell 98 code.")
              ".tar.gz"))
        (sha256
         (base32
-         "17x13nbbr79xgdlzywjqw19vcl6iygjnssjnxnajgijkv764wknn"))))
+         "0bi1cs9b8ir33h1fl6x2xw4ymygapqbr713ridpf7rmk2wa7jqqs"))))
     (build-system haskell-build-system)
-    (arguments `(#:tests? #f)) ; FIXME: Tests broken for GHC 7.10.  Fixed
-                               ; upstream, see
-                               ; <https://github.com/simonmar/alex/issues/62>
     (inputs `(("ghc-quickcheck" ,ghc-quickcheck)))
     (home-page "http://www.haskell.org/alex/")
     (synopsis
@@ -831,17 +829,16 @@ tool lex or flex for C/C++.")
 (define-public ghc-cmdargs
   (package
     (name "ghc-cmdargs")
-    (version "0.10.13")
+    (version "0.10.18")
     (source
      (origin
        (method url-fetch)
        (uri (string-append
              "https://hackage.haskell.org/package/cmdargs/cmdargs-"
-             version
-             ".tar.gz"))
+             version ".tar.gz"))
        (sha256
         (base32
-         "0vmz7f0ssrqlp6wzmc0mjqj4qczfgk58g0lr0yz7jamamlgpq4b6"))))
+         "1lnmcsf6p9yrwwz1zvrw5lbc32xpff7b70yz4ylawaflnlz6wrlh"))))
     (build-system haskell-build-system)
     (home-page
      "http://community.haskell.org/~ndm/cmdargs/")
@@ -875,7 +872,7 @@ postfix notation.  For more information on stack based languages, see
 (define-public ghc-happy
   (package
     (name "ghc-happy")
-    (version "1.19.5")
+    (version "1.19.8")
     (source
      (origin
        (method url-fetch)
@@ -885,10 +882,8 @@ postfix notation.  For more information on stack based languages, see
              ".tar.gz"))
        (sha256
         (base32
-         "1nj353q4z1g186fpjzf0dnsg71qhxqpamx8jy89rjjvv3p0kmw32"))))
+         "186ky3bly0i3cc56qk3r7j7pxh2108aackq4n2lli7jmbnb3kxsd"))))
     (build-system haskell-build-system)
-    (arguments `(#:tests? #f)) ;; cannot satisfy -package mtl.  Possible Cabal
-                               ;; issue.
     (inputs
      `(("ghc-mtl" ,ghc-mtl)))
     (home-page "https://hackage.haskell.org/package/happy")
@@ -1105,17 +1100,16 @@ PNG, PNM, TGA, TIFF, XCF, XPM, XV.")
 (define-public ghc-half
   (package
     (name "ghc-half")
-    (version "0.2.2.1")
+    (version "0.2.2.3")
     (source
      (origin
        (method url-fetch)
        (uri (string-append
              "https://hackage.haskell.org/package/half/half-"
-             version
-             ".tar.gz"))
+             version ".tar.gz"))
        (sha256
         (base32
-         "0zhwc6ps5w4ccnxl8sy623z4rjsafmnry69jpkw4hrbq11l402f1"))))
+         "0p4sb7vv9cljv48wlx65wgdnkryrk5d6yfh7g4yrm20w1p449hl5"))))
     (build-system haskell-build-system)
     (home-page "https://github.com/ekmett/half")
     (synopsis "Half-precision floating-point computations")
@@ -1392,7 +1386,7 @@ old @code{time} library.  For new projects, the newer
 (define-public ghc-dlist
   (package
     (name "ghc-dlist")
-    (version "0.7.1.2")
+    (version "0.8.0.3")
     (source
      (origin
        (method url-fetch)
@@ -1401,7 +1395,7 @@ old @code{time} library.  For new projects, the newer
              version
              ".tar.gz"))
        (sha256
-        (base32 "10rp96rryij7d8gz5kv8ygc6chm1624ck5mbnqs2a3fkdzqj2b9k"))))
+        (base32 "0brgai4vs7xz29p06kd6gzg5bpa8iy3k7yzgcc44izspd74q4rw7"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-quickcheck" ,ghc-quickcheck)))
@@ -2368,15 +2362,14 @@ parser isolation, and labeled blocks for better error messages.")
         (base32
          "0arvbaxgkawzdp38hh53akkahjg2aa3kj2b4ns0ni8a5ylg2cqmp"))))
     (build-system haskell-build-system)
-    (arguments `(#:tests? #f)) ; FIXME: Test fails with "cannot satisfy
-                               ; -package contravariant-1.3.3"
+    (native-inputs
+     `(("ghc-doctest" ,ghc-doctest)))
     (inputs
-     `(("ghc-distributive" ,ghc-distributive)
-       ("ghc-transformers-compat" ,ghc-transformers-compat)
-       ("ghc-contravariant" ,ghc-contravariant)
+     `(("ghc-contravariant" ,ghc-contravariant)
+       ("ghc-distributive" ,ghc-distributive)
        ("ghc-semigroups" ,ghc-semigroups)
        ("ghc-tagged" ,ghc-tagged)
-       ("ghc-contravariant" ,ghc-contravariant)))
+       ("ghc-transformers-compat" ,ghc-transformers-compat)))
     (home-page "https://github.com/ekmett/comonad/")
     (synopsis "Comonads for Haskell")
     (description "This library provides @code{Comonad}s for Haskell.")
@@ -2652,7 +2645,7 @@ online}.")
 (define-public ghc-exceptions
   (package
     (name "ghc-exceptions")
-    (version "0.8.0.2")
+    (version "0.8.3")
     (source
      (origin
        (method url-fetch)
@@ -2662,9 +2655,11 @@ online}.")
              ".tar.gz"))
        (sha256
         (base32
-         "1x1bk1jf42k1gigiqqmkkh38z2ffhx8rsqiszdq3f94m2h6kw2h7"))))
+         "1gl7xzffsqmigam6zg0jsglncgzxqafld2p6kb7ccp9xirzdjsjd"))))
     (build-system haskell-build-system)
-    (arguments `(#:tests? #f)) ; FIXME: Missing test-framework package.
+    (native-inputs
+     `(("ghc-test-framework" ,ghc-test-framework)
+       ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2)))
     (inputs
      `(("ghc-stm" ,ghc-stm)
        ("ghc-mtl" ,ghc-mtl)
@@ -2875,7 +2870,7 @@ encourages inductive, recursive definitions of graph algorithms.")
 (define-public ghc-chasingbottoms
   (package
     (name "ghc-chasingbottoms")
-    (version "1.3.0.13")
+    (version "1.3.1.3")
     (source
      (origin
        (method url-fetch)
@@ -2883,14 +2878,7 @@ encourages inductive, recursive definitions of graph algorithms.")
                            "ChasingBottoms-" version ".tar.gz"))
        (sha256
         (base32
-         "1fb86jd6cdz4rx3fj3r9n8d60kx824ywwy7dw4qnrdran46ja3pl"))
-       (modules '((guix build utils)))
-       (snippet
-        ;; The Hackage page and the cabal file linked there for this package
-        ;; both list 0.7 as the upper version limit, but the source tarball
-        ;; specifies 0.6.  Assume the Hackage page is correct.
-        '(substitute* "ChasingBottoms.cabal"
-           (("syb >= 0.1.0.2 && < 0.6") "syb >= 0.1.0.2 && < 0.7")))))
+         "04jwwjs22mqc4hvpp4c3gpb79inrrq5sapks5khknspv2hslm61q"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-mtl" ,ghc-mtl)
@@ -3329,7 +3317,7 @@ finite maps and priority queues where the priority and element are distinct.")
        ("ghc-quickcheck" ,ghc-quickcheck)
        ("ghc-edisonapi" ,ghc-edisonapi)))
     (home-page "http://rwd.rdockins.name/edison/home/")
-    (synopsis "Library of efficent, purely-functional data structures")
+    (synopsis "Library of efficient, purely-functional data structures")
     (description
      "This package provides the core Edison data structure implementations,
 including multiple sequence, set, bag, and finite map concrete implementations
@@ -3456,7 +3444,7 @@ system.")
 (define-public ghc-base-compat
   (package
     (name "ghc-base-compat")
-    (version "0.8.2")
+    (version "0.9.3")
     (source
      (origin
        (method url-fetch)
@@ -3466,7 +3454,7 @@ system.")
              ".tar.gz"))
        (sha256
         (base32
-         "02m93hzgxg4bcnp7xcc2fdh2hrsc2h6fwl8hix5nx9k864kwf41q"))))
+         "0452l6zf6fjhy4kxqwv6i6hhg6yfx4wcg450k3axpyj30l7jnq3x"))))
     (build-system haskell-build-system)
     (native-inputs
      `(("ghc-quickcheck" ,ghc-quickcheck)
@@ -3482,7 +3470,7 @@ pragmas in your code.")
 (define-public ghc-blaze-builder
   (package
     (name "ghc-blaze-builder")
-    (version "0.4.0.1")
+    (version "0.4.0.2")
     (source
      (origin
        (method url-fetch)
@@ -3492,7 +3480,7 @@ pragmas in your code.")
              ".tar.gz"))
        (sha256
         (base32
-         "1id3w33x9f7q5m3xpggmvzw03bkp94bpfyz81625bldqgf3yqdn1"))))
+         "1m33y6p5xldni8p4fzg8fmsyqvkfmnimdamr1xjnsmgm3dkf9lws"))))
     (build-system haskell-build-system)
     (arguments `(#:tests? #f))          ; FIXME: Missing test libraries.
     (inputs
@@ -3556,7 +3544,7 @@ library for Haskell.")
 (define-public ghc-async
   (package
     (name "ghc-async")
-    (version "2.0.2")
+    (version "2.1.1.1")
     (source
      (origin
        (method url-fetch)
@@ -3566,7 +3554,7 @@ library for Haskell.")
              ".tar.gz"))
        (sha256
         (base32
-         "0azx4qk65a9a2gvqsfmz3w89m6shzr2iz0i5lly2zvly4n2d6m6v"))))
+         "1qj4fp1ynwg0l453gmm27vgkzb5k5m2hzdlg5rdqi9kf8rqy90yd"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-stm" ,ghc-stm)
@@ -3584,19 +3572,23 @@ will eventually deliver a value of type @code{a}.")
 (define-public ghc-fingertree
   (package
     (name "ghc-fingertree")
-    (version "0.1.1.0")
+    (version "0.1.3.0")
     (source
      (origin
        (method url-fetch)
        (uri (string-append
              "https://hackage.haskell.org/package/fingertree/fingertree-"
-             version
-             ".tar.gz"))
+             version ".tar.gz"))
        (sha256
         (base32
-         "1w6x3kp3by5yjmam6wlrf9vap5l5rrqaip0djbrdp0fpf2imn30n"))))
+         "1ryjj7qrx70ckcjlr02x9zh86kfp76azbxq05r7hawqkaqg44sfs"))))
     (build-system haskell-build-system)
-    (arguments `(#:tests? #f)) ; FIXME: testing libraries are missing.
+    (native-inputs
+     `(("ghc-hunit" ,ghc-hunit)
+       ("ghc-quickcheck" ,ghc-quickcheck)
+       ("ghc-test-framework" ,ghc-test-framework)
+       ("ghc-test-framework-hunit" ,ghc-test-framework-hunit)
+       ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2)))
     (home-page "https://hackage.haskell.org/package/fingertree")
     (synopsis "Generic finger-tree structure")
     (description "This library provides finger trees, a general sequence
@@ -3722,7 +3714,7 @@ unbounded @code{Integer} type.")
 (define-public ghc-clock
   (package
     (name "ghc-clock")
-    (version "0.5.1")
+    (version "0.7.2")
     (source
      (origin
        (method url-fetch)
@@ -3731,7 +3723,7 @@ unbounded @code{Integer} type.")
              "clock/"
              "clock-" version ".tar.gz"))
        (sha256
-        (base32 "1ncph7vi2q6ywwc8ysxl1ibw6i5dwfvln88ssfazk8jgpj4iyykw"))))
+        (base32 "07v91s20halsqjmziqb1sqjp2sjpckl9by7y28aaklwqi2bh2rl8"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-tasty" ,ghc-tasty)
@@ -3769,7 +3761,7 @@ Haskell, based on complemented PATRICIA tries.")
 (define-public ghc-bytestring-builder
   (package
     (name "ghc-bytestring-builder")
-    (version "0.10.6.0.0")
+    (version "0.10.8.1.0")
     (source
      (origin
        (method url-fetch)
@@ -3778,7 +3770,7 @@ Haskell, based on complemented PATRICIA tries.")
              "/bytestring-builder-" version ".tar.gz"))
        (sha256
         (base32
-         "1mkg24zl0rapb3gqzkyj5ibp07wx3yzd72hmfczssl0is63rjhww"))))
+         "1hnvjac28y44yn78c9vdp1zvrknvlw98ky3g4n5vivr16rvh8x3d"))))
     (build-system haskell-build-system)
     (arguments `(#:haddock? #f)) ; Package contains no documentation.
     (home-page "https://hackage.haskell.org/package/bytestring-builder")
@@ -3956,24 +3948,24 @@ indexed variants.")
          "0drx1hlqvdcrij4097q6bxhbfcqm73jsqv1wwhd3hsnjdmr46ch2"))))
     (build-system haskell-build-system)
     (inputs
-     `(("ghc-xss-sanitize" ,ghc-xss-sanitize)
+     `(("ghc-aeson" ,ghc-aeson)
+       ("ghc-blaze-html" ,ghc-blaze-html)
        ("ghc-data-default" ,ghc-data-default)
+       ("ghc-http-types" ,ghc-http-types)
        ("ghc-mtl" ,ghc-mtl)
-       ("ghc-text" ,ghc-text)
-       ("ghc-blaze-html" ,ghc-blaze-html)
        ("ghc-syb" ,ghc-syb)
+       ("ghc-text" ,ghc-text)
        ("ghc-uniplate" ,ghc-uniplate)
-       ("ghc-aeson" ,ghc-aeson)
        ("ghc-wai-extra" ,ghc-wai-extra)
        ("ghc-wai" ,ghc-wai)
-       ("ghc-http-types" ,ghc-http-types)))
+       ("ghc-xss-sanitize" ,ghc-xss-sanitize)))
     (home-page "https://github.com/jgm/cheapskate")
     (synopsis "Experimental markdown processor")
     (description "Cheapskate is an experimental Markdown processor in pure
 Haskell.  It aims to process Markdown efficiently and in the most forgiving
 possible way.  It is designed to deal with any input, including garbage, with
-linear performance.  Output is sanitized by default for protection against XSS
-attacks.")
+linear performance.  Output is sanitized by default for protection against
+cross-site scripting (@dfn{XSS}) attacks.")
     (license license:bsd-3)))
 
 (define-public ghc-bifunctors
@@ -4039,7 +4031,7 @@ just a @code{Semigroup} are added.")
 (define-public ghc-contravariant
   (package
     (name "ghc-contravariant")
-    (version "1.3.3")
+    (version "1.4")
     (source
      (origin
        (method url-fetch)
@@ -4049,7 +4041,7 @@ just a @code{Semigroup} are added.")
              ".tar.gz"))
        (sha256
         (base32
-         "184hcmhsznqrkmqlc1kza9pb5p591anva574ry8wrh81vqmhwfb5"))))
+         "117fff8kkrvlmr8cb2jpj71z7lf2pdiyks6ilyx89mry6zqnsrp1"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-void" ,ghc-void)
@@ -4097,7 +4089,7 @@ semigroup.")
 (define-public ghc-free
   (package
     (name "ghc-free")
-    (version "4.12.1")
+    (version "4.12.4")
     (source
      (origin
        (method url-fetch)
@@ -4107,7 +4099,7 @@ semigroup.")
              ".tar.gz"))
        (sha256
         (base32
-         "0sr8phvrb4ny8j1wzq55rdn8q4br23q4pw2j276npr844825jr9p"))))
+         "1147s393442xf4gkpbq0rd1p286vmykgx85mxhk5d1c7wfm4bzn9"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-prelude-extras" ,ghc-prelude-extras)
@@ -4388,7 +4380,7 @@ using a simple box model.")
 (define-public ghc-deepseq-generics
   (package
     (name "ghc-deepseq-generics")
-    (version "0.1.1.2")
+    (version "0.2.0.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://hackage.haskell.org/package/"
@@ -4396,16 +4388,8 @@ using a simple box model.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "01pvigx8n9p8hwbzp2qiq6kzf7cxiam843jz2sjgliacmmp1v7l3"))))
+                "17bwghc15mc9pchfd1w46jh2p3wzc86aj6a537wqwxn08rayzcxh"))))
     (build-system haskell-build-system)
-    (arguments
-     `(#:phases
-       (modify-phases %standard-phases
-         (add-after 'unpack 'relax-ghc-prim-dependency
-          (lambda _
-            (substitute* "deepseq-generics.cabal"
-              (("< 0.4") "< 0.5"))
-            #t)))))
     (native-inputs
      `(("ghc-hunit" ,ghc-hunit)
        ("ghc-test-framework" ,ghc-test-framework)
@@ -4553,14 +4537,16 @@ descriptions.")
 (define-public ghc-cmark
   (package
     (name "ghc-cmark")
-    (version "0.5.3.1")
+    (version "0.5.6")
     (source (origin
               (method url-fetch)
+              ;; XXX As of version 0.5.6, this package bundles libcmark 0.28.0.
+              ;; See cbits/cmark_version.h.
               (uri (string-append "https://hackage.haskell.org/package/"
                                   "cmark/cmark-" version ".tar.gz"))
               (sha256
                (base32
-                "09515h9b26az9c2mbl6l7azimaixa6yff8w359k0ml8jwykjvqaa"))))
+                "1c1j3a8b9qx5zk9myqm3gap8ymz7fipwrdmyfsq9wkkdr9x4np45"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-text" ,ghc-text)))
@@ -4571,14 +4557,14 @@ descriptions.")
     (description
      "This package provides Haskell bindings for
 @uref{https://github.com/jgm/cmark, libcmark}, the reference parser for
-CommonMark, a fully specified variant of Markdown.  It includes sources for
-libcmark (0.21.0) and does not require prior installation of the C library.")
+CommonMark, a fully specified variant of Markdown.  It includes bundled libcmark
+sources, and does not require prior installation of the C library.")
     (license license:bsd-3)))
 
 (define-public ghc-executable-path
   (package
     (name "ghc-executable-path")
-    (version "0.0.3")
+    (version "0.0.3.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://hackage.haskell.org/package/"
@@ -4586,7 +4572,7 @@ libcmark (0.21.0) and does not require prior installation of the C library.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1jg58qf19qz93c60ryglcavwdcysz4fd4qn8kpw5im9w9kniawlc"))))
+                "0vxwmnsvx13cawcyhbyljkds0l1vr996ijldycx7nj0asjv45iww"))))
     (build-system haskell-build-system)
     (home-page "https://hackage.haskell.org/package/executable-path")
     (synopsis "Find out the full path of the executable")
@@ -4600,7 +4586,7 @@ as invoked.\" This library tries to provide the missing path.")
 (define-public ghc-enclosed-exceptions
   (package
     (name "ghc-enclosed-exceptions")
-    (version "1.0.1.1")
+    (version "1.0.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://hackage.haskell.org/package/"
@@ -4608,7 +4594,7 @@ as invoked.\" This library tries to provide the missing path.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "16ax1kqdsk4apg642qxkm2hf9vb5hzmkd14zmkxra8ssp8rn28z5"))))
+                "1wc9h6zdnb5impvvml6vnjapajjanw7zgpnzg7c0v7115nwfm6vv"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-lifted-base" ,ghc-lifted-base)
@@ -5694,7 +5680,7 @@ this problem.")
 (define-public ghc-bytestring-handle
   (package
     (name "ghc-bytestring-handle")
-    (version "0.1.0.4")
+    (version "0.1.0.6")
     (source
      (origin
        (method url-fetch)
@@ -5703,14 +5689,14 @@ this problem.")
              version ".tar.gz"))
        (sha256
         (base32
-         "0q5yzx90ad9w7qvaix05bynxwlsbqjrgfc4hqb355ibf991wd0rh"))))
+         "18f17aja1ivhr3zyg2cccn2m03hdn5jf5410dndkhf12gvgiqs7y"))))
     (build-system haskell-build-system)
     (inputs
-     `(("ghc-quickcheck" ,ghc-quickcheck)
-       ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2)
-       ("ghc-hunit" ,ghc-hunit)
+     `(("ghc-hunit" ,ghc-hunit)
+       ("ghc-quickcheck" ,ghc-quickcheck)
+       ("ghc-test-framework" ,ghc-test-framework)
        ("ghc-test-framework-hunit" ,ghc-test-framework-hunit)
-       ("ghc-test-framework" ,ghc-test-framework)))
+       ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2)))
     (home-page "http://hub.darcs.net/ganesh/bytestring-handle")
     (synopsis "ByteString-backed Handles")
     (description "ByteString-backed Handles") ; There is no description
@@ -5885,7 +5871,7 @@ the @code{mtl-tf} package.")
 (define-public ghc-bytestring
   (package
     (name "ghc-bytestring")
-    (version "0.10.8.1")
+    (version "0.10.8.2")
     (source
      (origin
        (method url-fetch)
@@ -5894,18 +5880,18 @@ the @code{mtl-tf} package.")
              version ".tar.gz"))
        (sha256
         (base32
-         "16zwb1p83z7vc5wlhvknpy80b5a2jxc5awx67rk52qnp9idmyq9d"))))
+         "0fjc5ybxx67l0kh27l6vq4saf88hp1wnssj5ka90ii588y76cvys"))))
     (build-system haskell-build-system)
     (inputs
-     `(("ghc-random" ,ghc-random)
+     `(("ghc-dlist" ,ghc-dlist)
+       ("ghc-byteorder" ,ghc-byteorder)
+       ("ghc-hunit" ,ghc-hunit)
+       ("ghc-mtl" ,ghc-mtl)
+       ("ghc-quickcheck" ,ghc-quickcheck)
+       ("ghc-random" ,ghc-random)
        ("ghc-test-framework" ,ghc-test-framework)
        ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2)
-       ("ghc-quickcheck" ,ghc-quickcheck)
-       ("ghc-test-framework-hunit" ,ghc-test-framework-hunit)
-       ("ghc-hunit" ,ghc-hunit)
-       ("ghc-byteorder" ,ghc-byteorder)
-       ("ghc-dlist" ,ghc-dlist)
-       ("ghc-mtl" ,ghc-mtl)))
+       ("ghc-test-framework-hunit" ,ghc-test-framework-hunit)))
     (arguments
      `(#:tests? #f)) ; Test number two becomes non-responsive for 20+ minutes
     (home-page "https://github.com/haskell/bytestring")
@@ -5944,7 +5930,7 @@ supported.  A module of colour names (\"Data.Colour.Names\") is provided.")
 (define-public ghc-directory
   (package
     (name "ghc-directory")
-    (version "1.2.7.0")
+    (version "1.3.1.5")
     (source
      (origin
        (method url-fetch)
@@ -5953,7 +5939,7 @@ supported.  A module of colour names (\"Data.Colour.Names\") is provided.")
              version ".tar.gz"))
        (sha256
         (base32
-         "0h3hrqskadmbigaxbz2k5xxjjjlmfaq2zdn2g7jh1wv9k6yrxraa"))))
+         "0zkqihmdfz7bzv3sxh1p9ijl4vra880kfy3qy9h96flq7d2if0f2"))))
     (build-system haskell-build-system)
     (home-page "http://hackage.haskell.org/package/directory")
     (synopsis "Platform-agnostic library for filesystem operations")
@@ -6016,7 +6002,7 @@ files and directories in a portable way.")
 (define-public ghc-fgl-arbitrary
   (package
     (name "ghc-fgl-arbitrary")
-    (version "0.2.0.2")
+    (version "0.2.0.3")
     (source
      (origin
        (method url-fetch)
@@ -6025,7 +6011,7 @@ files and directories in a portable way.")
              version ".tar.gz"))
        (sha256
         (base32
-         "12qbsla4vivffris6y3gj29vrafkpyazqdbdy2m55nggypqpf7ah"))))
+         "0ln1szgfy8fa78l3issq4fx3aqnnd54w3cb4wssrfi48vd5rkfjm"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-fgl" ,ghc-fgl)
@@ -6085,7 +6071,7 @@ and edge labels with positional information, etc.
 (define-public ghc-array
   (package
     (name "ghc-array")
-    (version "0.5.1.1")
+    (version "0.5.2.0")
     (source
      (origin
        (method url-fetch)
@@ -6094,7 +6080,7 @@ and edge labels with positional information, etc.
              version ".tar.gz"))
        (sha256
         (base32
-         "08r2rq4blvc737mrg3xhlwiw13jmsz5dlf2fd0ghb9cdaxc6kjc9"))))
+         "12v83s2imxb3p2crnlzrpjh0nk6lpysw9bdk9yahs6f37csa5jaj"))))
     (build-system haskell-build-system)
     (home-page
      "http://hackage.haskell.org/package/array")
@@ -7109,8 +7095,8 @@ different API.
 
 @item @code{IntPSQ p v} is a far more efficient implementation.  It fixes the
 key type to @code{Int} and uses a
-@code{http://en.wikipedia.org/wiki/Radix_tree, radix tree}
-(like @code{IntMap}) with an additional min-heap property.
+@code{http://en.wikipedia.org/wiki/Radix_tree, radix tree} (like @code{IntMap})
+with an additional min-heap property.
 
 @item @code{HashPSQ k p v} is a fairly straightforward extension
 of @code{IntPSQ}: it simply uses the keys' hashes as indices in the
@@ -7136,7 +7122,7 @@ Typical applications of Priority Search Queues include:
 (define-public ghc-glob
   (package
     (name "ghc-glob")
-    (version "0.7.14")
+    (version "0.9.1")
     (source
      (origin
        (method url-fetch)
@@ -7145,7 +7131,7 @@ Typical applications of Priority Search Queues include:
                            "Glob-" version ".tar.gz"))
        (sha256
         (base32
-         "0aw43izg8vlvjl40ms6k92w7gxg7n3l6smdvzla47fp82s4vhdr8"))))
+         "0rzmsknl02p332dxmm36fyrz3dpma7bchn0ymyjipxvqil20pjw0"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-dlist" ,ghc-dlist)
@@ -7159,7 +7145,7 @@ Typical applications of Priority Search Queues include:
        ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2)))
     (home-page "http://iki.fi/matti.niemenmaa/glob/")
     (synopsis "Haskell library matching glob patterns against file paths")
-    (description "This package providesa Haskell library for globbing:
+    (description "This package providesa Haskell library for @dfn{globbing}:
 matching patterns against file paths.")
     (license license:bsd-3)))
 
@@ -7891,7 +7877,7 @@ vector. ")
 (define-public ghc-foldl
   (package
     (name "ghc-foldl")
-    (version "1.3.2")
+    (version "1.3.5")
     (source
      (origin
        (method url-fetch)
@@ -7900,7 +7886,7 @@ vector. ")
                            "foldl-" version ".tar.gz"))
        (sha256
         (base32
-         "1z3xjz4khs2kr3mqkbh7dz4kd6gkdk2r67wjkvrxnmp533aqh90n"))))
+         "10qsp7dj2xsq4q2xm6x6b12y5pq32qf7my41hnkmdwwbccvhdxb2"))))
     (build-system haskell-build-system)
     (inputs `(("ghc-mwc-randam" ,ghc-mwc-random)
               ("ghc-primitive" ,ghc-primitive)
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 5b73be9f8d..4ea51710e7 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -10,9 +10,9 @@
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2016 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2016, 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2016, 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2017 Hartmut Goebel <h.goebel@crazy-compilers.com>
@@ -67,6 +67,7 @@
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system python)
   #:use-module (guix build-system r)
+  #:use-module (guix build-system scons)
   #:use-module (srfi srfi-1))
 
 (define-public libpng
@@ -207,25 +208,24 @@ in-memory raw vectors.")
     ;; Any of these GPL versions.
     (license (list license:gpl2 license:gpl3))))
 
-(define-public pngcrunch
+(define-public pngcrush
   (package
-   (name "pngcrunch")
-   (version "1.8.11")
+   (name "pngcrush")
+   (version "1.8.13")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://sourceforge/pmt/pngcrush/"
-                                version "/pngcrush-" version ".tar.xz"))
+                                version "/pngcrush-" version "-nolib.tar.xz"))
             (sha256 (base32
-                     "1c7m316i91jp3h1dj1ppppdv6zilm2njk1wrpqy2zj0fcll06lwd"))))
+                     "0l43c59d6v9l0g07z3q3ywhb8xb3vz74llv3mna0izk9bj6aqkiv"))))
    (build-system gnu-build-system)
    (arguments
-    '(#:make-flags '("-f" "Makefile-nolib")
-      #:tests? #f ; no check target
+    '(#:tests? #f ; no check target
       #:phases
       (modify-phases %standard-phases
         (replace 'configure
           (lambda* (#:key inputs outputs #:allow-other-keys)
-            (substitute* "Makefile-nolib"
+            (substitute* "Makefile"
               (("^(PNG(INC|LIB) = )/usr/local/" line vardef)
                (string-append vardef (assoc-ref inputs "libpng") "/"))
               (("^(Z(INC|LIB) = )/usr/local/" line vardef)
@@ -236,12 +236,16 @@ in-memory raw vectors.")
    (inputs
     `(("libpng" ,libpng)
       ("zlib" , zlib)))
-   (home-page "https://pmt.sourceforge.net/pngcrush")
+   (home-page "https://pmt.sourceforge.io/pngcrush")
    (synopsis "Utility to compress PNG files")
    (description "pngcrusqh is an optimizer for PNG (Portable Network Graphics)
 files.  It can compress them as much as 40% losslessly.")
    (license license:zlib)))
 
+(define-public pngcrunch
+  ;; This package used to be wrongfully name "pngcrunch".
+  (deprecated-package "pngcrunch" pngcrush))
+
 (define-public libjpeg
   (package
    (name "libjpeg")
@@ -787,7 +791,7 @@ multi-dimensional image processing.")
 (define-public libwebp
   (package
     (name "libwebp")
-    (version "0.6.0")
+    (version "0.6.1")
     (source
      (origin
        (method url-fetch)
@@ -796,7 +800,7 @@ multi-dimensional image processing.")
              ".tar.gz"))
        (sha256
         (base32
-         "0h1brwkyxc7lb8lc53aacdks5vc1y9hzngqi41gg7y6l56912a69"))))
+         "1ayq2zq0zbgf5yizbm32zh7p1vb8kibw74am6am1n5cz5mw3ql06"))))
     (build-system gnu-build-system)
     (inputs
      `(("freeglut" ,freeglut)
@@ -1040,10 +1044,9 @@ differences in file encoding, image quality, and other small variations.")
     (home-page "http://steghide.sourceforge.net")
     (synopsis "Image and audio steganography")
     (description
-     "Steghide is a steganography program that is able to hide data in various
-kinds of image- and audio-files.  The color- respectivly sample-frequencies
-are not changed thus making the embedding resistant against first-order
-statistical tests.")
+     "Steghide is a program to hide data in various kinds of image and audio
+files (known as @dfn{steganography}).  Neither color nor sample frequencies are
+changed, making the embedding resistant against first-order statistical tests.")
     (license license:gpl2+)))
 
 (define-public stb-image-for-extempore
@@ -1082,6 +1085,7 @@ installed as @code{stb_image}.")
        (method url-fetch)
        (uri (string-append "http://prdownloads.sourceforge.net/optipng/optipng-"
                            version ".tar.gz"))
+       (patches (search-patches "optipng-CVE-2017-1000229.patch"))
        (sha256
         (base32
          "105yk5qykvhiahzag67gm36s2kplxf6qn5hay02md0nkrcgn6w28"))))
@@ -1191,33 +1195,26 @@ medical image data, e.g. magnetic resonance image (MRI) and functional MRI
               (sha256
                (base32
                 "0mxvxk15xhk2i5vfavjhnkk4j3bnii0gpf8di14rlbpq070hd5rs"))))
-    (build-system python-build-system)
+    (build-system scons-build-system)
     (native-inputs
      `(("boost" ,boost)
        ("gettext" ,gnu-gettext)
-       ("pkg-config" ,pkg-config)
-       ("scons" ,scons)))
+       ("pkg-config" ,pkg-config)))
     (inputs
      `(("expat" ,expat)
        ("gtk2" ,gtk+-2)
        ("lua" ,lua-5.2)))
     (arguments
      `(#:tests? #f
+       #:scons ,scons-python2
+       #:scons-flags (list (string-append "DESTDIR=" %output))
        #:phases
        (modify-phases %standard-phases
          (add-before 'build 'fix-lua-reference
            (lambda _
              (substitute* "SConscript"
                (("lua5.2") "lua-5.2"))
-             #t))
-         (replace 'build
-           (lambda _
-             (zero? (system* "scons"))))
-         (replace 'install
-           (lambda* (#:key outputs #:allow-other-keys)
-             (let ((dest (assoc-ref outputs "out")))
-               (zero? (system* "scons" "install"
-                               (string-append "DESTDIR=" dest)))))))))
+             #t)))))
     (home-page "http://www.gpick.org/")
     (synopsis "Color picker")
     (description "Gpick is an advanced color picker and palette editing tool.")
diff --git a/gnu/packages/irc.scm b/gnu/packages/irc.scm
index f23d57df7a..fbcc0b6f1b 100644
--- a/gnu/packages/irc.scm
+++ b/gnu/packages/irc.scm
@@ -153,14 +153,14 @@ SILC and ICB protocols via plugins.")
 (define-public weechat
   (package
     (name "weechat")
-    (version "1.9.1")
+    (version "2.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://weechat.org/files/src/weechat-"
                                   version ".tar.xz"))
               (sha256
                (base32
-                "1z92hprvgp128svfbr25x8j9kd114j9929bzbqasrcd92v31z6f2"))
+                "1ix2izrlr5jx5vl49kz9jbib7cq9mr6i7iyxkcz6xjfrryx2s5x9"))
               (patches (search-patches "weechat-python.patch"))))
     (build-system cmake-build-system)
     (native-inputs `(("gettext" ,gettext-minimal)
@@ -297,14 +297,14 @@ using a mouse.  It is customizable and extensible with plugins and scripts.")
 (define-public limnoria
   (package
     (name "limnoria")
-    (version "2017.08.18")
+    (version "2017.10.01")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "limnoria" version))
        (sha256
         (base32
-         "1hij444l45mjli8i67iyd3syf263ijj1l0cm3irqjjxv5r3f9zjj"))))
+         "1hd8h257x7a0s4rvb4aqvfi77qfcyv6jaz70nndg7y6p4yhvjmy6"))))
     (build-system python-build-system)
     (inputs
      `(("python-pytz" ,python-pytz)
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index bd6c003655..c9fbbb0a45 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -5,6 +5,8 @@
 ;;; Copyright © 2017 Carlo Zancanaro <carlo@zancanaro.id.au>
 ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
+;;; Copyright © 2016, 2017 Alex Vong <alexvong1995@gmail.com>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1752,6 +1754,70 @@ IcedTea build harness.")
     (native-inputs
      `(("jdk" ,icedtea-7 "jdk")))))
 
+(define-public ant-apache-bcel
+  (package
+    (inherit ant/java8)
+    (name "ant-apache-bcel")
+    (arguments
+     (substitute-keyword-arguments (package-arguments ant/java8)
+       ((#:phases phases)
+        `(modify-phases ,phases
+           (add-after 'unpack 'link-bcel
+             (lambda* (#:key inputs #:allow-other-keys)
+               (for-each (lambda (file)
+                           (symlink file
+                                    (string-append "lib/optional/"
+                                                   (basename file))))
+                         (find-files (assoc-ref inputs "java-commons-bcel")
+                                     "\\.jar$"))
+               #t))
+           (add-after 'build 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out   (assoc-ref outputs "out"))
+                      (share (string-append out "/share/java"))
+                      (bin   (string-append out "/bin"))
+                      (lib   (string-append out "/lib")))
+                 (mkdir-p share)
+                 (install-file (string-append lib "/ant-apache-bcel.jar") share)
+                 (delete-file-recursively bin)
+                 (delete-file-recursively lib)
+                 #t)))))))
+    (inputs
+     `(("java-commons-bcel" ,java-commons-bcel)
+       ,@(package-inputs ant/java8)))))
+
+(define-public ant-junit
+  (package
+    (inherit ant/java8)
+    (name "ant-junit")
+    (arguments
+     (substitute-keyword-arguments (package-arguments ant/java8)
+       ((#:phases phases)
+        `(modify-phases ,phases
+           (add-after 'unpack 'link-junit
+             (lambda* (#:key inputs #:allow-other-keys)
+               (for-each (lambda (file)
+                           (symlink file
+                                    (string-append "lib/optional/"
+                                                   (basename file))))
+                         (find-files (assoc-ref inputs "java-junit")
+                                     "\\.jar$"))
+               #t))
+           (add-after 'build 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out   (assoc-ref outputs "out"))
+                      (share (string-append out "/share/java"))
+                      (bin   (string-append out "/bin"))
+                      (lib   (string-append out "/lib")))
+                 (mkdir-p share)
+                 (install-file (string-append lib "/ant-junit.jar") share)
+                 (delete-file-recursively bin)
+                 (delete-file-recursively lib)
+                 #t)))))))
+    (inputs
+     `(("java-junit" ,java-junit)
+       ,@(package-inputs ant/java8)))))
+
 (define-public clojure
   (let* ((remove-archives '(begin
                              (for-each delete-file
@@ -1893,6 +1959,62 @@ designs.")
                      license:asl2.0
                      license:cpl1.0)))))
 
+(define-public javacc
+  (package
+    (name "javacc")
+    (version "7.0.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/javacc/javacc/"
+                                  "archive/" version ".tar.gz"))
+              (file-name (string-append "javacc-" version ".tar.gz"))
+              (sha256
+               (base32
+                "111xc9mnmc5a6qz6x3xbhqc07y1lg2b996ggzw0hrblg42zya9xf"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:test-target "test"
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'delete-bundled-libs
+           (lambda _
+             (delete-file-recursively "lib") #t))
+         (replace 'install (install-jars "target")))))
+    (home-page "https://javacc.org/")
+    (synopsis "Java parser generator")
+    (description "Java Compiler Compiler (JavaCC) is the most popular parser
+generator for use with Java applications.  A parser generator is a tool that
+reads a grammar specification and converts it to a Java program that can
+recognize matches to the grammar.  In addition to the parser generator itself,
+JavaCC provides other standard capabilities related to parser generation such
+as tree building (via a tool called JJTree included with JavaCC), actions,
+debugging, etc.")
+    (license license:bsd-3)))
+
+(define-public javacc-4
+  (package (inherit javacc)
+    (version "4.1")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/javacc/javacc.git")
+                    (commit "release_41")))
+              (file-name (string-append "javacc-" version "-checkout"))
+              (sha256
+               (base32
+                "07ysav7j8r1c6h8qxrgqk6lwdp74ly0ad1935lragxml0qqc3ka0"))))
+    ;; Tests fail with
+    ;; /tmp/guix-build-javacc-4.1.drv-0/source/test/javacodeLA/build.xml:60:
+    ;; JAVACODE failed
+    (arguments
+     `(#:tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'delete-bundled-libs
+           (lambda _
+             (delete-file-recursively "lib") #t))
+         (replace 'install (install-jars "bin/lib")))))))
+
 (define-public java-classpathx-servletapi
   (package
     (name "java-classpathx-servletapi")
@@ -2358,8 +2480,8 @@ these two libraries to vary independently of one another.")
      `(("java-junit" ,java-junit)))
     (home-page "http://codehaus-plexus.github.io/plexus-classworlds/")
     (synopsis "Java class loader framework")
-    (description "Plexus classworlds replaces the native ClassLoader mechanism
-of Java.  It is especially usefull for dynamic loading of application
+    (description "Plexus classworlds replaces the native @code{ClassLoader}
+mechanism of Java.  It is especially useful for dynamic loading of application
 components.")
     (license license:asl2.0)))
 
@@ -2396,9 +2518,9 @@ components.")
        ("junit" ,java-junit)
        ("guava" ,java-guava)))
     (home-page "https://github.com/codehaus-plexus/plexus-containers")
-    (synopsis "Inversion of controll container")
+    (synopsis "Inversion-of-control container")
     (description "Plexus-default-container is Plexus' inversion-of-control
-(IoC) container.  It is composed of its public API and its default
+(@dfn{IoC}) container.  It is composed of its public API and its default
 implementation.")
     (license license:asl2.0)))
 
@@ -2963,7 +3085,7 @@ available in the Java programming language or Commons Lang.")
     (synopsis "Benchmark harness for the JVM")
     (description "JMH is a Java harness for building, running, and analysing
 nano/micro/milli/macro benchmarks written in Java and other languages
-targetting the JVM.")
+targeting the JVM.")
     ;; GPLv2 only
     (license license:gpl2)))
 
@@ -6061,7 +6183,7 @@ the system under test at the same time.")
 (define-public java-fasterxml-jackson-annotations
   (package
     (name "java-fasterxml-jackson-annotations")
-    (version "2.9.1")
+    (version "2.9.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/FasterXML/"
@@ -6069,7 +6191,7 @@ the system under test at the same time.")
                                   "jackson-annotations-" version ".tar.gz"))
               (sha256
                (base32
-                "005ksgqx2ds3zdmlvbcmmz82y28b1mx0i9bpvprim1jaddbba0bd"))))
+                "0b4wdxjxfbl3gkilylfdbl7fzimfpyih676jiwdf19i4056j8lqw"))))
     (build-system ant-build-system)
     (arguments
      `(#:jar-name "jackson-annotations.jar"
@@ -6087,7 +6209,7 @@ not included are ones that require dependency to the Databind package.")
 (define-public java-fasterxml-jackson-core
   (package
     (name "java-fasterxml-jackson-core")
-    (version "2.9.1")
+    (version "2.9.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/FasterXML/"
@@ -6095,7 +6217,7 @@ not included are ones that require dependency to the Databind package.")
                                   "jackson-core-" version ".tar.gz"))
               (sha256
                (base32
-                "1sdfp74zvlh4xr5h5bj87yjlp6kny3i8ai9m0q3xs7f8hvmxpx09"))))
+                "0q2d6qnylyxj5jh0sam1b095b5486f7ipzhxgwcgbm254ls7fqc1"))))
     (build-system ant-build-system)
     (arguments
      `(#:jar-name "jackson-core.jar"
@@ -6144,7 +6266,7 @@ not included are ones that require dependency to the Databind package.")
 (define-public java-fasterxml-jackson-databind
   (package
     (name "java-fasterxml-jackson-databind")
-    (version "2.9.1")
+    (version "2.9.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/FasterXML/"
@@ -6152,7 +6274,7 @@ not included are ones that require dependency to the Databind package.")
                                   "jackson-databind-" version ".tar.gz"))
               (sha256
                (base32
-                "02xrbj6g7pzybq8q33xmpf7cxfapk6z6lgxvig7d38fijz400lji"))))
+                "1d5ns8ypqhdy8d94i8q560ip9kka6q8lhnk6q7nfh2g9mr22cc4w"))))
     (build-system ant-build-system)
     (arguments
      `(#:jar-name "jackson-databind.jar"
@@ -6187,7 +6309,7 @@ configuration.")
 (define-public java-fasterxml-jackson-modules-base-jaxb
   (package
     (name "java-fasterxml-jackson-modules-base-jaxb")
-    (version "2.9.1")
+    (version "2.9.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/FasterXML/"
@@ -6195,7 +6317,7 @@ configuration.")
                                   "jackson-modules-base-" version ".tar.gz"))
               (sha256
                (base32
-                "0bj2pzvycnj3ysbcfa6xl38dmvnp01mnjfcb9jyhv503fch2iv44"))))
+                "0kc19n5a188g4vpyay44xfb7qcabcbfnwzhx1g84lg0sac8lf0ng"))))
     (build-system ant-build-system)
     (arguments
      `(#:jar-name "jackson-modules-base-jaxb.jar"
@@ -6257,7 +6379,7 @@ configuration.")
 (define-public java-fasterxml-jackson-dataformat-yaml
   (package
     (name "java-fasterxml-jackson-dataformat-yaml")
-    (version "2.9.1")
+    (version "2.9.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/FasterXML/"
@@ -6265,7 +6387,7 @@ configuration.")
                                   "jackson-dataformats-text-" version ".tar.gz"))
               (sha256
                (base32
-                "140fwcafv05zbh2ppa6z533dzmfcvzbdxf0dbpbyzqvd84v2vhl2"))))
+                "1x7c7v201jpb8ynjsmmq7jj7hyqzzp39jvpr053ggdndm022yzc7"))))
     (build-system ant-build-system)
     (arguments
      `(#:jar-name "jackson-dataformat-yaml.jar"
@@ -6366,7 +6488,7 @@ interface and high-performance Typed Access API.")
 (define-public java-fasterxml-jackson-dataformat-xml
   (package
     (name "java-fasterxml-jackson-dataformat-xml")
-    (version "2.9.1")
+    (version "2.9.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/FasterXML/"
@@ -6374,7 +6496,7 @@ interface and high-performance Typed Access API.")
                                   "jackson-dataformat-xml-" version ".tar.gz"))
               (sha256
                (base32
-                "0x3m9n4kwclcyvxhxjx654qpjza4crphml1q2392qpnbfydx6lnh"))))
+                "1j1qanvcdh6afagr67zqrlypjkf0n6wr1qzpbvkw79lii72j6pbr"))))
     (build-system ant-build-system)
     (arguments
      `(#:jar-name "jackson-dataformat-xml.jar"
@@ -6459,6 +6581,62 @@ provides control over value quantization behavior across the value range and
 the subsequent value resolution at any given level.")
     (license license:public-domain)))
 
+(define-public java-cofoja
+  (package
+    (name "java-cofoja")
+    (version "1.3")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/nhatminhle/cofoja.git")
+                    (commit (string-append "v" version))))
+              (file-name (string-append "java-cofoja-" version "-checkout"))
+              (sha256
+               (base32
+                "0p7sz8y5xgpi5rx1qwn6587fkd52qr3ha3ybh14gqcyxhikl525w"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:build-target "dist"
+       #:test-target "test"
+       #:jdk ,icedtea-8
+       #:make-flags
+       (list "-Ddist.dir=dist")
+       #:modules ((guix build ant-build-system)
+                  (guix build java-utils)
+                  (guix build utils)
+                  (srfi srfi-1)
+                  (ice-9 match))
+       #:phases
+       (modify-phases %standard-phases
+         ;; The bulid system ignores the class path the ant-build-system sets
+         ;; up and instead expects to find all dependencies in the "lib"
+         ;; directory.
+         (add-after 'unpack 'create-libdir
+           (lambda* (#:key inputs #:allow-other-keys)
+             (mkdir-p "lib")
+             (for-each
+              (lambda (file)
+                (let ((target (string-append "lib/" (basename file))))
+                  (unless (file-exists? target)
+                    (symlink file target))))
+              (append-map (match-lambda
+                            ((label . dir)
+                             (find-files dir "\\.jar$")))
+                          inputs))
+             #t))
+         (replace 'install (install-jars "dist")))))
+    (inputs
+     `(("java-asm" ,java-asm)))
+    (native-inputs
+     `(("java-junit" ,java-junit)))
+    (home-page "https://github.com/nhatminhle/cofoja")
+    (synopsis "Contracts for Java")
+    (description "Contracts for Java, or Cofoja for short, is a contract
+programming framework and test tool for Java, which uses annotation processing
+and bytecode instrumentation to provide run-time checking. (In particular,
+this is not a static analysis tool.)")
+    (license license:lgpl3+)))
+
 (define-public java-aopalliance
   (package
     (name "java-aopalliance")
@@ -6935,6 +7113,63 @@ In addition to the expression language, MVEL serves as a templating language for
 configuration and string construction.")
     (license license:asl2.0)))
 
+(define-public java-commons-jexl-2
+  (package
+    (name "java-commons-jexl")
+    (version "2.1.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://apache/commons/jexl/source/"
+                                  "commons-jexl-" version "-src.tar.gz"))
+              (sha256
+               (base32
+                "1ai7632bwwaxglb0nbpblpr2jw5g20afrsaq372ipkphi3ncy1jz"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:jar-name "commons-jexl-2.jar"
+       #:jdk ,icedtea-8
+       #:source-dir "src/main/java"
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'check 'disable-broken-tests
+           (lambda* (#:key inputs #:allow-other-keys)
+             (with-directory-excursion "src/test/java/org/apache/commons/jexl2/"
+               (substitute* "ArithmeticTest.java"
+                 (("asserter.assertExpression\\(\"3 / 0\"") "//")
+                 (("asserter.assertExpression\\(\"imanull") "//"))
+               ;; This test fails with "ambiguous method invocation"
+               (delete-file "CacheTest.java")
+               ;; This test doesn't have access to the temp directory
+               (substitute* "ClassCreatorTest.java"
+                 (("java.io.tmpdir") "user.dir"))
+               ;; This test fails in trying to detect whether it can run.
+               (substitute* "ClassCreator.java"
+                 (("boolean canRun =.*") "boolean canRun = false;\n"))
+               ;; ...and these tests depend on it.
+               (delete-file "scripting/JexlScriptEngineOptionalTest.java")
+               (delete-file "scripting/JexlScriptEngineTest.java"))
+             #t))
+         (add-before 'build 'run-javacc
+           (lambda _
+             (with-directory-excursion "src/main/java/org/apache/commons/jexl2/parser/"
+               (and (zero? (system* "java" "jjtree" "Parser.jjt"))
+                    (zero? (system* "java" "javacc" "Parser.jj")))))))))
+    (inputs
+     `(("java-commons-logging-minimal" ,java-commons-logging-minimal)))
+    (native-inputs
+     `(("java-junit" ,java-junit)
+       ("java-hamcrest-core" ,java-hamcrest-core)
+       ("javacc" ,javacc-4)))
+    (home-page "https://commons.apache.org/proper/commons-jexl/")
+    (synopsis "Java Expression Language ")
+    (description "JEXL is a library intended to facilitate the implementation
+of dynamic and scripting features in applications and frameworks written in
+Java.  JEXL implements an Expression Language based on some extensions to the
+JSTL Expression Language supporting most of the constructs seen in
+shell-script or ECMAScript.  Its goal is to expose scripting features usable
+by technical operatives or consultants working with enterprise platforms.")
+    (license license:asl2.0)))
+
 (define-public java-lz4
   (package
     (name "java-lz4")
@@ -7066,6 +7301,41 @@ for high performance inter-thread communication that avoids the need for
 message queues or resource locking.")
     (license license:asl2.0)))
 
+(define-public java-commons-bcel
+  (package
+    (name "java-commons-bcel")
+    (version "6.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://apache/commons/bcel/source/bcel-"
+                                  version "-src.tar.gz"))
+              (sha256
+               (base32
+                "0j3x1rxd673k07psclk8k13rqh0x0mf2yy5qiwkiw4z3afa568jy"))))
+    (build-system ant-build-system)
+    (arguments
+     `(#:jar-name "bcel.jar"
+       #:jdk ,icedtea-8
+       #:source-dir "src/main/java"
+       #:test-dir "src/test/java"
+       ;; FIXME: Tests require the unpackaged jna.
+       #:tests? #f))
+    (home-page "https://commons.apache.org/proper/commons-bcel/")
+    (synopsis "Byte code engineering library")
+    (description "The Byte Code Engineering Library (Apache Commons BCEL) is
+intended to give users a convenient way to analyze, create, and
+manipulate (binary) Java class files.  Classes are represented by objects
+which contain all the symbolic information of the given class: methods, fields
+and byte code instructions, in particular.
+
+Such objects can be read from an existing file, be transformed by a
+program (e.g. a class loader at run-time) and written to a file again.  An
+even more interesting application is the creation of classes from scratch at
+run-time.  The @dfn{Byte Code Engineering Library} (BCEL) may be also useful
+if you want to learn about the @dfn{Java Virtual Machine} (JVM) and the format
+of Java @code{.class} files.")
+    (license license:asl2.0)))
+
 (define-public java-xerial-core
   (package
     (name "java-xerial-core")
@@ -7094,9 +7364,9 @@ message queues or resource locking.")
      `(("junit" ,java-junit)
        ("hamcrest" ,java-hamcrest-core)))
     (home-page "https://github.com/xerial/xerial-java")
-    (synopsis "Data managment libraries for Java")
+    (synopsis "Data management libraries for Java")
     (description "Xerial is a set of data management libraries for the Java
-programming language.  The ulitimate goal of the Xerial project is to manage
+programming language.  The ultimate goal of the Xerial project is to manage
 everything as database, including class objects, text format data, data
 streams, etc.")
     (license license:asl2.0)))
diff --git a/gnu/packages/kodi.scm b/gnu/packages/kodi.scm
index 4e02fa1596..dab2a7c692 100644
--- a/gnu/packages/kodi.scm
+++ b/gnu/packages/kodi.scm
@@ -241,8 +241,8 @@ generator library for C++.")
 (define-public kodi
   ;; We package the git version because the current released
   ;; version was cut while the cmake transition was in turmoil.
-  (let ((commit "f22d62dc3f6e811a538dda9c434e1804abb8b95f")
-        (revision "6"))
+  (let ((commit "67fd70f01a363002881f3519b50765b756716e3b")
+        (revision "7"))
   (package
     (name "kodi")
     (version (string-append "18.0_alpha-" revision "-" (string-take commit 7)))
@@ -254,7 +254,7 @@ generator library for C++.")
               (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
-                "0x8fqvid8b8qra327z615r2ygfkdca2p7wccdj5nfb4i5gy0sr09"))
+                "12975n4r982kmxc0r9w24n3lrj7aj3cs4fjkdjnn0r9jbnvfxhs3"))
               (snippet
                '(begin
                   (use-modules (guix build utils))
diff --git a/gnu/packages/libcanberra.scm b/gnu/packages/libcanberra.scm
index 9af6b40ffc..42456995bb 100644
--- a/gnu/packages/libcanberra.scm
+++ b/gnu/packages/libcanberra.scm
@@ -139,8 +139,8 @@ sounds for various system events.")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "https://dist.ng0.infotropique.org/releases/"
-                           "pycanberra/pycanberra-" version ".tar.xz"))
+       (uri (string-append "https://d.n0.is/releases/pycanberra/"
+                           "pycanberra-" version ".tar.xz"))
        (sha256
         (base32
          "16jjf8fcgaprmz6jacsxrh17l1ad891fns38bxv49lg3s3mn1nj2"))))
@@ -152,5 +152,5 @@ sounds for various system events.")
     (synopsis "Ctypes wrapper for the libcanberra API")
     (description
      "Pycanberra is a basic Python wrapper for libcanberra.")
-    (home-page "https://git.ng0.infotropique.org/pycanberra/")
+    (home-page "https://c.n0.is/pycanberra/")
     (license lgpl2.1+)))
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index bd7c367b8e..af4b63f278 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -131,7 +131,7 @@
 
 (define-public (system->defconfig system)
   "Some systems (notably powerpc-linux) require a special target for kernel
-defconfig.  Return the appropiate make target if applicable, otherwise return
+defconfig.  Return the appropriate make target if applicable, otherwise return
 \"defconfig\"."
   (cond ((string-prefix? "powerpc-" system) "pmac32_defconfig")
         ((string-prefix? "powerpc64le-" system) "ppc64_defconfig")
@@ -369,8 +369,8 @@ It has been modified to remove all non-free binary blobs.")
 (define %intel-compatible-systems '("x86_64-linux" "i686-linux"))
 (define %linux-compatible-systems '("x86_64-linux" "i686-linux" "armhf-linux"))
 
-(define %linux-libre-version "4.14")
-(define %linux-libre-hash "0y42cn0lq08njvsfg3b2xyziaga268aj2lx034k40wilha6hkw3h")
+(define %linux-libre-version "4.14.3")
+(define %linux-libre-hash "1hs94lj2bryci4m75bfrhhj9aqrjpq6a57nhxic63zj6xjhi53l7")
 
 ;; linux-libre configuration for armhf-linux is derived from Debian armmp.  It
 ;; supports qemu "virt" machine and possibly a large number of ARM boards.
@@ -383,14 +383,14 @@ It has been modified to remove all non-free binary blobs.")
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.9
-  (make-linux-libre "4.9.62"
-                    "00brapsvchkv2q4p6spvjk92524mfcsj5aq5jcjvqhx50fn71y1w"
+  (make-linux-libre "4.9.66"
+                    "0k29i5wnljck4nwkzcjxjfzrddwifj2pb6zxqh7f522j9cw2g4zd"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.4
-  (make-linux-libre "4.4.98"
-                    "1n34bwz6c122byjyfz6z916v7lx4pgsys0a2kq2zmxcfs9kv60xs"
+  (make-linux-libre "4.4.103"
+                    "1x2pyrjz8myja77nz0zg2k74yrcbiq7g1caqjnafbgc8qwh31fp8"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
@@ -3083,7 +3083,7 @@ and copy/paste text in the console and in xterm.")
 (define-public btrfs-progs
   (package
     (name "btrfs-progs")
-    (version "4.13.3")
+    (version "4.14")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://kernel.org/linux/kernel/"
@@ -3091,7 +3091,7 @@ and copy/paste text in the console and in xterm.")
                                   "btrfs-progs-v" version ".tar.xz"))
               (sha256
                (base32
-                "10yp0b4pwrw5mcd81yn3d0d87fnqpp4si5d25dfhl6n2640dnnw0"))))
+                "1bwirg6hz6gyfj5r3xkj4lfwadvl9pxlccf916fsmdn27fy5q289"))))
     (build-system gnu-build-system)
     (outputs '("out"
                "static"))      ; static versions of the binaries in "out"
@@ -4273,7 +4273,7 @@ the MTP device as a filesystem.")
 (define-public procenv
   (package
    (name "procenv")
-   (version "0.49")
+   (version "0.50")
    (source
     (origin
      (method url-fetch)
@@ -4281,7 +4281,7 @@ the MTP device as a filesystem.")
                          version ".tar.gz"))
      (file-name (string-append name "-" version ".tar.gz"))
      (sha256
-      (base32 "0brzf6185hb76imw107cl21c8lzwiywkxi3jknihrk86bvvicd0d"))))
+      (base32 "0dvscyf47i3j5ay0amncqmqw9kd916689r2pqdvpnsrhp6j46zp1"))))
    (build-system gnu-build-system)
    (arguments `(#:configure-flags '("--disable-silent-rules")))
    (inputs `(("expat" ,expat) ("libcap" ,libcap) ("check" ,check)
diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm
index e5b8ad3563..bb6517f47f 100644
--- a/gnu/packages/lisp.scm
+++ b/gnu/packages/lisp.scm
@@ -76,81 +76,102 @@
              ,lisp))))
 
 (define-public gcl
-  (package
-    (name "gcl")
-    (version "2.6.12")
-    (source
-     (origin
-      (method url-fetch)
-      (uri (string-append "mirror://gnu/" name "/" name "-" version ".tar.gz"))
-      (sha256
-       (base32 "1s4hs2qbjqmn9h88l4xvsifq5c3dlc5s74lyb61rdi5grhdlkf4f"))))
-    (build-system gnu-build-system)
-    (arguments
-     `(#:parallel-build? #f  ; The build system seems not to be thread safe.
-       #:tests? #f  ; There does not seem to be make check or anything similar.
-       #:configure-flags '("--enable-ansi") ; required for use by the maxima package
-       #:make-flags (list
-                     "CFLAGS=-fgnu89-inline" ; removes inline function warnings
-                     (string-append "GCC=" (assoc-ref %build-inputs "gcc")
-                                    "/bin/gcc"))
-       #:phases (modify-phases %standard-phases
-                  (add-before 'configure 'pre-conf
-                    (lambda _
-                      (substitute*
-                        (append
-                         '("pcl/impl/kcl/makefile.akcl"
-                           "add-defs"
-                           "unixport/makefile.dos"
-                           "add-defs.bat"
-                           "gcl-tk/makefile.prev"
-                           "add-defs1")
-                         (find-files "h" "\\.defs"))
-                        (("SHELL=/bin/bash")
-                         (string-append "SHELL=" (which "bash")))
-                        (("SHELL=/bin/sh")
-                         (string-append "SHELL=" (which "sh"))))
-                      (substitute* "h/linux.defs"
-                        (("#CC") "CC")
-                        (("-fwritable-strings") "")
-                        (("-Werror") ""))
-                      #t))
-                  (add-after 'install 'wrap
-                    (lambda* (#:key inputs outputs #:allow-other-keys)
-                      (let* ((gcl (assoc-ref outputs "out"))
-                             (input-path (lambda (lib path)
-                                           (string-append
-                                            (assoc-ref inputs lib) path)))
-                             (binaries '("binutils")))
-                        ;; GCC and the GNU binutils are necessary for GCL to be
-                        ;; able to compile Lisp functions and programs (this is
-                        ;; a standard feature in Common Lisp). While the
-                        ;; the location of GCC is specified in the make-flags,
-                        ;; the GNU binutils must be available in GCL's $PATH.
-                        (wrap-program (string-append gcl "/bin/gcl")
-                          `("PATH" prefix ,(map (lambda (binary)
-                                                  (input-path binary "/bin"))
-                                                binaries))))
-                      #t))
-                  ;; drop strip phase to make maxima build, see
-                  ;; https://www.ma.utexas.edu/pipermail/maxima/2008/009769.html
-                  (delete 'strip))))
-    (inputs
-     `(("gmp" ,gmp)
-       ("readline" ,readline)))
-    (native-inputs
-     `(("gcc" ,gcc-4.9)
-       ("m4" ,m4)
-       ("texinfo" ,texinfo)
-       ("texlive" ,texlive)))
-    (home-page "https://www.gnu.org/software/gcl/")
-    (synopsis "A Common Lisp implementation")
-    (description "GCL is an implementation of the Common Lisp language.  It
+  (let ((commit "5956140b1083e2302a59d7ce2054b0b7c2cbb417")
+        (revision "1")) ;Guix package revision
+    (package
+      (name "gcl")
+      (version (string-append "2.6.12-" revision "."
+                              (string-take commit 7)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://git.savannah.gnu.org/r/gcl.git")
+               (commit commit)))
+         (file-name (string-append "gcl-" version "-checkout"))
+         (sha256
+          (base32 "0mwclf2879mh3d9xqkqhghf58lwy7srsnsq9x0f1cc6j302sy4hb"))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:parallel-build? #f  ; The build system seems not to be thread safe.
+         #:tests? #f  ; There does not seem to be make check or anything similar.
+         #:configure-flags '("--enable-ansi") ; required for use by the maxima package
+         #:make-flags (list
+                       (string-append "GCL_CC=" (assoc-ref %build-inputs "gcc")
+                                      "/bin/gcc")
+                       (string-append "CC=" (assoc-ref %build-inputs "gcc")
+                                      "/bin/gcc"))
+         #:phases
+         (modify-phases %standard-phases
+           (add-before 'configure 'pre-conf
+             (lambda* (#:key inputs #:allow-other-keys)
+               (chdir "gcl")
+               (substitute*
+                   (append
+                    '("pcl/impl/kcl/makefile.akcl"
+                      "add-defs"
+                      "unixport/makefile.dos"
+                      "add-defs.bat"
+                      "gcl-tk/makefile.prev"
+                      "add-defs1")
+                    (find-files "h" "\\.defs"))
+                 (("SHELL=/bin/bash")
+                  (string-append "SHELL=" (which "bash")))
+                 (("SHELL=/bin/sh")
+                  (string-append "SHELL=" (which "sh"))))
+               (substitute* "h/linux.defs"
+                 (("#CC") "CC")
+                 (("-fwritable-strings") "")
+                 (("-Werror") ""))
+               (substitute* "lsp/gcl_top.lsp"
+                 (("\"cc\"")
+                  (string-append "\"" (assoc-ref %build-inputs "gcc")
+                                 "/bin/gcc\""))
+                 (("\\(or \\(get-path \\*cc\\*\\) \\*cc\\*\\)") "*cc*")
+                 (("\"ld\"")
+                  (string-append "\"" (assoc-ref %build-inputs "binutils")
+                                 "/bin/ld\""))
+                 (("\\(or \\(get-path \\*ld\\*\\) \\*ld\\*\\)") "*ld*")
+                 (("\\(get-path \"objdump --source \"\\)")
+                  (string-append "\"" (assoc-ref %build-inputs "binutils")
+                                 "/bin/objdump --source \"")))
+               #t))
+           (add-after 'install 'wrap
+             (lambda* (#:key inputs outputs #:allow-other-keys)
+               (let* ((gcl (assoc-ref outputs "out"))
+                      (input-path (lambda (lib path)
+                                    (string-append
+                                     (assoc-ref inputs lib) path)))
+                      (binaries '("binutils")))
+                 ;; GCC and the GNU binutils are necessary for GCL to be
+                 ;; able to compile Lisp functions and programs (this is
+                 ;; a standard feature in Common Lisp). While the
+                 ;; the location of GCC is specified in the make-flags,
+                 ;; the GNU binutils must be available in GCL's $PATH.
+                 (wrap-program (string-append gcl "/bin/gcl")
+                   `("PATH" prefix ,(map (lambda (binary)
+                                           (input-path binary "/bin"))
+                                         binaries))))
+               #t))
+           ;; drop strip phase to make maxima build, see
+           ;; https://www.ma.utexas.edu/pipermail/maxima/2008/009769.html
+           (delete 'strip))))
+      (inputs
+       `(("gmp" ,gmp)
+         ("readline" ,readline)))
+      (native-inputs
+       `(("gcc" ,gcc-4.9)
+         ("m4" ,m4)
+         ("texinfo" ,texinfo)
+         ("texlive" ,texlive)))
+      (home-page "https://www.gnu.org/software/gcl/")
+      (synopsis "A Common Lisp implementation")
+      (description "GCL is an implementation of the Common Lisp language.  It
 features the ability to compile to native object code and to load native
 object code modules directly into its lisp core.  It also features a
 stratified garbage collection strategy, a source-level debugger and a built-in
 interface to the Tk widget system.")
-    (license license:lgpl2.0+)))
+      (license license:lgpl2.0+))))
 
 (define-public ecl
   (package
diff --git a/gnu/packages/lua.scm b/gnu/packages/lua.scm
index c8bc4ef85e..d5f55b9631 100644
--- a/gnu/packages/lua.scm
+++ b/gnu/packages/lua.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 doncatnip <gnopap@gmail.com>
-;;; Copyright © 2016 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2016, 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2016 José Miguel Sánchez García <jmi2k@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -356,9 +356,9 @@ based libraries.  It allows using GObject-based libraries directly from Lua.
 Notable examples are GTK+, GStreamer and Webkit.")
     (license license:expat)))
 
-(define-public lua-lpeg
+(define (make-lua-lpeg name lua)
   (package
-    (name "lua-lpeg")
+    (name name)
     (version "1.0.1")
     (source (origin
               (method url-fetch)
@@ -390,34 +390,16 @@ Grammars (PEGs).")
     (home-page "http://www.inf.puc-rio.br/~roberto/lpeg")
     (license license:expat)))
 
+(define-public lua-lpeg
+  (make-lua-lpeg "lua-lpeg" lua))
+
 (define-public lua5.2-lpeg
-  (package (inherit lua-lpeg)
-    (name "lua5.2-lpeg")
-    ;; XXX: The arguments field is almost an exact copy of the field in
-    ;; "lua-lpeg", except for the version string, which was derived from "lua"
-    ;; and now is taken from "lua-5.2".  See this discussion for context:
-    ;; http://lists.gnu.org/archive/html/guix-devel/2017-01/msg02048.html
-    (arguments
-     `(#:phases
-       (modify-phases %standard-phases
-         (delete 'configure)
-         ;; `make install` isn't available, so we have to do it manually
-         (replace 'install
-           (lambda* (#:key outputs #:allow-other-keys)
-             (let ((out (assoc-ref outputs "out"))
-                   (lua-version ,(version-major+minor (package-version lua-5.2))))
-               (install-file "lpeg.so"
-                             (string-append out "/lib/lua/" lua-version))
-               (install-file "re.lua"
-                             (string-append out "/share/lua/" lua-version))
-               #t))))
-       #:test-target "test"))
-    (inputs `(("lua", lua-5.2)))))
+  (make-lua-lpeg "lua5.2-lpeg" lua-5.2))
 
 ;; Lua 5.3 is not supported.
-(define-public lua5.2-bitop
+(define (make-lua-bitop name lua)
   (package
-    (name "lua5.2-bitop")
+    (name name)
     (version "1.0.2")
     (source (origin
               (method url-fetch)
@@ -434,15 +416,21 @@ Grammars (PEGs).")
              (string-append "INSTALLPATH=printf "
                             (assoc-ref %outputs "out")
                             "/lib/lua/"
-                            ,(version-major+minor (package-version lua-5.2))
+                            ,(version-major+minor (package-version lua))
                             "/bit/bit.so"))
        #:phases
        (modify-phases %standard-phases
          (delete 'configure))))
-    (inputs `(("lua", lua-5.2)))
+    (inputs `(("lua", lua)))
     (home-page "http://bitop.luajit.org/index.html")
     (synopsis "Bitwise operations on numbers for Lua")
     (description
      "Lua BitOp is a C extension module for Lua which adds bitwise operations
 on numbers.")
     (license license:expat)))
+
+(define-public lua5.2-bitop
+  (make-lua-bitop "lua5.2-bitop" lua-5.2))
+
+(define-public lua5.1-bitop
+  (make-lua-bitop "lua5.1-bitop" lua-5.1))
diff --git a/gnu/packages/lxde.scm b/gnu/packages/lxde.scm
index bf70bd6013..7d0aaa6503 100644
--- a/gnu/packages/lxde.scm
+++ b/gnu/packages/lxde.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2017 Brendan Tildesley <brendan.tildesley@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -214,18 +215,20 @@ speed up the access to freedesktop.org defined application menus.")
               (uri (string-append "mirror://sourceforge/" name "/"
                                   "PCManFM%20%2B%20Libfm%20%28tarball%20release"
                                   "%29/PCManFM/" name "-" version ".tar.xz"))
+              (patches (search-patches "pcmanfm-CVE-2017-8934.patch"))
               (sha256
                (base32
                 "0rxdh0dfzc84l85c54blq42gczygq8adhr3l9hqzy1dp530cm1hc"))))
     (build-system gnu-build-system)
-    ;; (#:configure-flags '("--sysconfdir=/etc")) suggested in README.
     (inputs `(("gtk+"   ,gtk+-2)
-              ;; TODO: add ("gvfs" ,gvfs).
+              ("gvfs"   ,gvfs)                    ;for trash and mount support
               ("libfm"  ,libfm)
               ("libx11" ,libx11)))
     (native-inputs `(("intltool"   ,intltool)
                      ("libtool"    ,libtool)
                      ("pkg-config" ,pkg-config)))
+    (propagated-inputs
+     `(("lxmenu-data" ,lxmenu-data)))     ;for "Open With..." application list
     (synopsis "LXDE file manager")
     (description "PCMan is a lightweight GTK+ based file manager, compliant
 with freedesktop.org standard.")
diff --git a/gnu/packages/machine-learning.scm b/gnu/packages/machine-learning.scm
index a32ea36e6c..cf400a0eed 100644
--- a/gnu/packages/machine-learning.scm
+++ b/gnu/packages/machine-learning.scm
@@ -611,7 +611,7 @@ computing environments.")
 (define-public python-scikit-learn
   (package
     (name "python-scikit-learn")
-    (version "0.19.0")
+    (version "0.19.1")
     (source
      (origin
        (method url-fetch)
@@ -621,7 +621,7 @@ computing environments.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "0g7q4ri75mj93wpa9bp83a3jmrf3dm5va9h7k4zkbcxr6bgqka15"))))
+         "18n8775kyfwbvcjjjzda9c5sqy4737c0hrmj6qj1ps2jmlqzair9"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 77d935171a..114b1a21bb 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -1034,7 +1034,7 @@ delivery.")
 (define-public exim
   (package
     (name "exim")
-    (version "4.89")
+    (version "4.89.1")
     (source
      (origin
        (method url-fetch)
@@ -1042,10 +1042,9 @@ delivery.")
                                  version ".tar.bz2")
                   (string-append "ftp://ftp.exim.org/pub/exim/exim4/old/exim-"
                                  version ".tar.bz2")))
-       (patches (search-patches "exim-CVE-2017-1000369.patch"))
        (sha256
         (base32
-         "1c0syp7yxngmq7y8vqsrvijinzin5m941vn0ljihdfld7kh2wbwi"))))
+         "133sjkcm9wlhpcxflr5v865varc1995bqa1y3vjs1w6zc34kp18w"))))
     (build-system gnu-build-system)
     (inputs
      `(("bdb" ,bdb)
@@ -1611,7 +1610,8 @@ deliver it in various ways.")
        ;; getline() in formail.c.  The patch is provided by Debian as
        ;; patch 24.
        (patches (search-patches "procmail-ambiguous-getline-debian.patch"
-                                "procmail-CVE-2014-3618.patch"))))
+                                "procmail-CVE-2014-3618.patch"
+                                "procmail-CVE-2017-16844.patch"))))
     (arguments
      `(#:phases (modify-phases %standard-phases
                   (replace 'configure
@@ -2107,9 +2107,9 @@ installation on systems where resources are limited.  Its features include:
 @end enumerate\n")
     (license license:expat)))
 
-(define-public python-django-mailman3
+(define-public python2-django-mailman3
   (package
-    (name "python-django-mailman3")
+    (name "python2-django-mailman3")
     (version "1.0.1")
     (source
      (origin
@@ -2119,16 +2119,28 @@ installation on systems where resources are limited.  Its features include:
         (base32
          "1adxyh8knw9knjlh73xq0jpn5adml0ck4alsv0swakm95wfyx46z"))))
     (build-system python-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (replace 'check
+           (lambda _
+             (zero?
+              (system*
+               "django-admin"
+               "test"
+               "--settings=django_mailman3.tests.settings_test"
+               "django_mailman3")))))
+       #:python ,python-2))
     (inputs
-     `(("python-django" ,python-django)))
+     `(("python2-django" ,python2-django)))
     (propagated-inputs
-     `(("python-requests" ,python-requests)
-       ("python-requests-oauthlib" ,python-requests-oauthlib)
-       ("python-openid" ,python-openid)
-       ("python-mailmanclient" ,python-mailmanclient)
-       ("python-django-allauth" ,python-django-allauth)
-       ("python-django-gravatar2" ,python-django-gravatar2)
-       ("python-pytz" ,python-pytz)))
+     `(("python2-requests" ,python2-requests)
+       ("python2-requests-oauthlib" ,python2-requests-oauthlib)
+       ("python2-openid" ,python2-openid)
+       ("python2-mailmanclient" ,python2-mailmanclient)
+       ("python2-django-allauth" ,python2-django-allauth)
+       ("python2-django-gravatar2" ,python2-django-gravatar2)
+       ("python2-pytz" ,python2-pytz)))
     (home-page "https://gitlab.com/mailman/django-mailman3")
     (synopsis "Django library for Mailman UIs")
     (description
@@ -2136,15 +2148,6 @@ installation on systems where resources are limited.  Its features include:
 interacting with Mailman.")
     (license gpl3+)))
 
-(define-public python2-django-mailman3
-  (let ((base (package-with-python2
-               python-django-mailman3)))
-    (package
-      (inherit base)
-      (propagated-inputs
-       `(("python2-openid" ,python2-openid)
-         ,@(package-propagated-inputs base))))))
-
 (define-public postorius
   (package
     (name "postorius")
diff --git a/gnu/packages/man.scm b/gnu/packages/man.scm
index fed7d08aee..8abdaf48f6 100644
--- a/gnu/packages/man.scm
+++ b/gnu/packages/man.scm
@@ -1,9 +1,10 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2014, 2015, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014 David Thompson <dthompson2@worcester.edu>
 ;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -67,7 +68,7 @@ a flexible and convenient way.")
                 "0gqgs4zc3r87apns0k5qp689p2ylxx2596s2mkmkxjjay99brv88"))))
     (build-system gnu-build-system)
     (arguments
-     '(#:phases
+     `(#:phases
        (modify-phases %standard-phases
          (add-after 'patch-source-shebangs 'patch-test-shebangs
            (lambda* (#:key outputs #:allow-other-keys)
@@ -87,6 +88,7 @@ a flexible and convenient way.")
              #t)))
        #:configure-flags
        (let ((groff (assoc-ref %build-inputs "groff"))
+             (groff-minimal (assoc-ref %build-inputs "groff-minimal"))
              (less  (assoc-ref %build-inputs "less"))
              (gzip  (assoc-ref %build-inputs "gzip"))
              (bzip2 (assoc-ref %build-inputs "bzip2"))
@@ -109,17 +111,24 @@ a flexible and convenient way.")
                        (string-append "--with-systemdtmpfilesdir="
                                       %output "/lib/tmpfiles.d"))
                  (map (lambda (prog)
-                        (string-append "--with-" prog "=" groff "/bin/" prog))
+                        (string-append "--with-" prog "=" groff-minimal
+                                       "/bin/" prog))
                       '("nroff" "eqn" "neqn" "tbl" "refer" "pic"))))
+
+       ;; At run time we should refer to GROFF-MINIMAL, not GROFF (the latter
+       ;; pulls in Perl.)
+       #:disallowed-references (,groff)
+
        #:modules ((guix build gnu-build-system)
                   (guix build utils)
                   (srfi srfi-1))))
     (native-inputs
-     `(("pkg-config" ,pkg-config)))
+     `(("pkg-config" ,pkg-config)
+       ("groff" ,groff)))   ;needed at build time (troff, grops, soelim, etc.)
     (inputs
      `(("flex" ,flex)
        ("gdbm" ,gdbm)
-       ("groff" ,groff)
+       ("groff-minimal" ,groff-minimal)
        ("less" ,less)
        ("libpipeline" ,libpipeline)
        ("util-linux" ,util-linux)))
@@ -138,7 +147,7 @@ the traditional flat-text whatis databases.")
 (define-public man-pages
   (package
     (name "man-pages")
-    (version "4.13")
+    (version "4.14")
     (source (origin
               (method url-fetch)
               (uri
@@ -151,7 +160,7 @@ the traditional flat-text whatis databases.")
                     "man-pages-" version ".tar.xz")))
               (sha256
                (base32
-                "1gri0rm9i3a6w5dvsmwawhwzywl5x80dwq05d2v8l92knv2hbh6m"))))
+                "0wf9ymqxk1k5xwcl3n919p66a1aayif3x4cahj4w04y3k1wbhlih"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases (modify-phases %standard-phases (delete 'configure))
diff --git a/gnu/packages/markup.scm b/gnu/packages/markup.scm
index 6a0902c03e..4426258db6 100644
--- a/gnu/packages/markup.scm
+++ b/gnu/packages/markup.scm
@@ -161,7 +161,7 @@ convert it to structurally valid XHTML (or HTML).")
         (base32
          "1xx7v3wnla7m6wa3h33whxw3vvincaicg4yra1b9wbzf2aix9rnw"))
        (patches
-        (search-patches "perl-text-markdown-discount-use-system-markdown.patch"))))
+        (search-patches "perl-text-markdown-discount-unbundle.patch"))))
     (build-system perl-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index ef5bc1d99b..f6ea4ffc91 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -20,6 +20,7 @@
 ;;; Copyright © 2017 Ben Woodcroft <donttrustben@gmail.com>
 ;;; Copyright © 2017 Theodoros Foradis <theodoros@foradis.org>
 ;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -152,14 +153,14 @@ interactive dialogs to guide them.")
 (define-public coda
   (package
     (name "coda")
-    (version "2.18.2")
+    (version "2.18.3")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://github.com/stcorp/coda/releases/download/"
                            version "/coda-" version ".tar.gz"))
        (sha256
-        (base32 "01fnqcby9jijvf3jxr1fk4bny059lvvq5wbqm7ns60ilykfdnm6a"))
+        (base32 "1zlzgcvwmmjm8mw8w4rg2rqy0pjilz7kyyxm0y4p8cbljbbjxxz0"))
        (patches (search-patches "coda-use-system-libs.patch"))
        (modules '((guix build utils)))
        (snippet
@@ -1893,12 +1894,12 @@ programming problems.")
 (define-public r-pracma
   (package
     (name "r-pracma")
-    (version "2.0.7")
+    (version "2.1.1")
     (source (origin
       (method url-fetch)
       (uri (cran-uri "pracma" version))
       (sha256
-        (base32 "0hxa0rbbp54j0c05qj7vfwhqfdmiz5ax8vhqxd09g33x7c0hqbc5"))))
+        (base32 "1mylrrkyycaw9m01mmg6xkn5wgdlabs5l0qyws60r0n2ycblp897"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-quadprog" ,r-quadprog)))
diff --git a/gnu/packages/mes.scm b/gnu/packages/mes.scm
index dfa4211773..5b6c87992a 100644
--- a/gnu/packages/mes.scm
+++ b/gnu/packages/mes.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Jan Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -106,7 +107,7 @@ Guile-] Scheme interpreter prototype in C and a Nyacc-based C compiler in
 (define-public mescc-tools
   (package
     (name "mescc-tools")
-    (version "0.2")
+    (version "0.3")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -116,9 +117,8 @@ Guile-] Scheme interpreter prototype in C and a Nyacc-based C compiler in
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0gmyczh88xcsmrmxqksbpaqidchj5hfqxqk7apx40k9r3vav6mnz"))))
+                "04lvyyp7isamgddrnfpi92lgqdflzdzx5kc2x8fxmgsjisy0dgr4"))))
     (build-system gnu-build-system)
-    (supported-systems '("i686-linux" "x86_64-linux"))
     (arguments
      `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
        #:test-target "test"
diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index a9a77ae711..b6452c54c3 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -550,7 +550,8 @@ was initially a fork of xmpppy, but uses non-blocking sockets.")
     (native-inputs
      `(("intltool" ,intltool)))
     (inputs
-     `(("python2-nbxmpp" ,python2-nbxmpp)
+     `(("python2-axolotl" ,python2-axolotl)
+       ("python2-nbxmpp" ,python2-nbxmpp)
        ("python2-pyopenssl" ,python2-pyopenssl)
        ("python2-gnupg" ,python2-gnupg)
        ("python2-pygtk" ,python2-pygtk)
@@ -634,14 +635,14 @@ a graphical desktop environment like GNOME.")
 (define-public prosody
   (package
     (name "prosody")
-    (version "0.9.12")
+    (version "0.10.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://prosody.im/downloads/source/"
                                   "prosody-" version ".tar.gz"))
               (sha256
                (base32
-                "139yxqpinajl32ryrybvilh54ddb1q6s0ajjhlcs4a0rnwia6n8s"))))
+                "1644jy5dk46vahmh6nna36s79k8k668sbi3qamjb4q3c4m3y853l"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; no "check" target
@@ -707,7 +708,10 @@ a graphical desktop environment like GNOME.")
     (inputs
      `(("libidn" ,libidn)
        ("openssl" ,openssl)
+       ;; Lua 5.1 is still recommended for production usage.
+       ;; See https://prosody.im/doc/packagers.
        ("lua" ,lua-5.1)
+       ("lua5.1-bitop" ,lua5.1-bitop)
        ("lua5.1-expat" ,lua5.1-expat)
        ("lua5.1-socket" ,lua5.1-socket)
        ("lua5.1-filesystem" ,lua5.1-filesystem)
@@ -768,7 +772,7 @@ protocols.")
 (define-public c-toxcore
   (package
     (name "c-toxcore")
-    (version "0.1.9")
+    (version "0.1.10")
     (source
      (origin
        (method url-fetch)
@@ -777,7 +781,7 @@ protocols.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1y30xc1dzq9knww274d4y0m8gridcf5j851rxdri8j2s64p3qqgk"))))
+         "1lbvq9pp1ganjk5lql5lzcn8bcmgfi8y026pb2j2nq8yldqrrjby"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -795,7 +799,7 @@ messenger protocol.")
 (define-public utox
   (package
    (name "utox")
-   (version "0.11.0")
+   (version "0.16.1")
    (source
     (origin
      (method url-fetch)
@@ -804,37 +808,42 @@ messenger protocol.")
      (file-name (string-append name "-" version ".tar.gz"))
      (sha256
       (base32
-       "15s4iwjk1s0kihjqn0f07c9618clbphpr827mds3xddkiwnjz37v"))))
+       "14xl72y4w1x2kk0cvkcr9pmywllm0r9w2grjqiknwn95pw6yxz6q"))))
    (build-system cmake-build-system)
    (arguments
-    '(#:tests? #f ; No test phase.
-      #:phases
+    `(#:phases
       (modify-phases %standard-phases
-        (add-after 'unpack 'fix-freetype-include
-          (lambda _
-            (substitute* "CMakeLists.txt"
-              (("/usr/include/freetype2")
-               (string-append (assoc-ref %build-inputs "freetype")
-                              "/include/freetype2")))))
-        (add-before 'install 'patch-cmake-find-utox
-          (lambda _
-            (substitute* "../build/cmake_install.cmake"
-              (("/uTox-0.11.0/utox")
-               "/build/utox")))))))
+        (add-before 'build 'patch-absolute-filename-libgtk-3
+          (lambda* (#:key inputs outputs #:allow-other-keys)
+            (substitute* "../uTox-0.16.1/src/xlib/gtk.c"
+                         (("libgtk-3.so")
+                         (string-append (assoc-ref inputs "gtk+")
+                                        "/lib/libgtk-3.so")))))
+        (add-after 'install 'wrap-program
+          (lambda* (#:key inputs outputs #:allow-other-keys)
+            (wrap-program (string-append (assoc-ref outputs "out")
+                                         "/bin/utox")
+            ;; For GtkFileChooserDialog.
+            `("GSETTINGS_SCHEMA_DIR" =
+              (,(string-append (assoc-ref inputs "gtk+")
+                               "/share/glib-2.0/schemas")))))))))
    (inputs
-    ;; TODO: Fix the file chooser dialog; which input does it need?
     `(("dbus" ,dbus)
       ("filteraudio" ,filteraudio)
       ("fontconfig" ,fontconfig)
       ("freetype" ,freetype)
       ("libsodium" ,libsodium)
       ("c-toxcore" ,c-toxcore)
+      ("gtk+" ,gtk+)
       ("libvpx" ,libvpx)
       ("libx11" ,libx11)
       ("libxext" ,libxext)
       ("libxrender" ,libxrender)
       ("openal" ,openal)
       ("v4l-utils" ,v4l-utils)))
+   (native-inputs
+    `(("check" ,check)
+      ("pkg-config" ,pkg-config)))
    (synopsis "Lightweight Tox client")
    (description
     "Utox is a lightweight Tox client.  Tox is a distributed and secure
@@ -845,14 +854,14 @@ instant messenger with audio and video chat capabilities.")
 (define-public qtox
   (package
     (name "qtox")
-    (version "1.12.1")
+    (version "1.13.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/qTox/qTox/archive/v"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0dwy0abcxzzcybww2xi33cla71a7752cq02qswcks5kbxnf5pck5"))
+                "0dyplmlqhg4zbg7hdzp3iqppn9xgp7pds5k6w6byjcqhb9zv91ca"))
               (file-name (string-append name "-" version ".tar.gz"))))
     (build-system cmake-build-system)
     (arguments
@@ -867,6 +876,7 @@ instant messenger with audio and video chat capabilities.")
              #t)))))
     (inputs
      `(("ffmpeg" ,ffmpeg-3.3)
+       ("filteraudio", filteraudio)
        ("glib" ,glib)
        ("gtk+" ,gtk+-2)
        ("libsodium" ,libsodium)
diff --git a/gnu/packages/mp3.scm b/gnu/packages/mp3.scm
index 1860997e09..fbb924ba51 100644
--- a/gnu/packages/mp3.scm
+++ b/gnu/packages/mp3.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
+;;; Copyright © 2017 Pierre Langlois <pierre.langlois@gmx.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -151,18 +152,20 @@ a highly stable and efficient implementation.")
 (define-public taglib
   (package
     (name "taglib")
-    (version "1.10")
+    (version "1.11.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://taglib.github.io/releases/taglib-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1alv6vp72p0x9i9yscmz2a71anjwqy53y9pbcbqxvc1c0i82vhr4"))))
+                "0ssjcdjv4qf9liph5ry1kngam1y7zp8fzr9xv4wzzrma22kabldn"))))
     (build-system cmake-build-system)
-    (arguments '(#:tests? #f))                    ;no 'test' target
+    (arguments
+      '(#:tests? #f ; Tests are not ran with BUILD_SHARED_LIBS on.
+        #:configure-flags (list "-DBUILD_SHARED_LIBS=ON")))
     (inputs `(("zlib" ,zlib)))
-    (home-page "http://developer.kde.org/~wheeler/taglib.html")
+    (home-page "http://taglib.org")
     (synopsis "Library to access audio file meta-data")
     (description
      "TagLib is a C++ library for reading and editing the meta-data of several
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index 77d69df5a4..479b4f9b2d 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -12,6 +12,7 @@
 ;;; Copyright © 2017 Rodger Fox <thylakoid@openmailbox.org>
 ;;; Copyright © 2017 Nicolas Goaziou <mail@nicolasgoaziou.fr>
 ;;; Copyright © 2017 Pierre Langlois <pierre.langlois@gmx.com>
+;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -38,6 +39,7 @@
   #:use-module (guix build-system ant)
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system python)
+  #:use-module (guix build-system scons)
   #:use-module (guix build-system waf)
   #:use-module (gnu packages)
   #:use-module (gnu packages algebra)
@@ -54,8 +56,11 @@
   #:use-module (gnu packages check)
   #:use-module (gnu packages cmake)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages crypto)
   #:use-module (gnu packages curl)
   #:use-module (gnu packages cyrus-sasl)
+  #:use-module (gnu packages databases)
+  #:use-module (gnu packages datastructures)
   #:use-module (gnu packages docbook)
   #:use-module (gnu packages documentation)
   #:use-module (gnu packages emacs)
@@ -73,12 +78,14 @@
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages graphics)
+  #:use-module (gnu packages gstreamer)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages image)
   #:use-module (gnu packages imagemagick)
   #:use-module (gnu packages java)
   #:use-module (gnu packages libffi)
+  #:use-module (gnu packages libusb)
   #:use-module (gnu packages linux) ; for alsa-utils
   #:use-module (gnu packages lirc)
   #:use-module (gnu packages llvm)
@@ -91,6 +98,7 @@
   #:use-module (gnu packages pdf)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages protobuf)
   #:use-module (gnu packages pulseaudio) ;libsndfile
   #:use-module (gnu packages python)
   #:use-module (gnu packages python-web)
@@ -177,6 +185,114 @@ and play MIDI files with a few clicks in a user-friendly interface offering
 score, keyboard, guitar, drum and controller views.")
     (license license:gpl3+)))
 
+;; We don't use the latest release because it depends on Qt4.  Instead we
+;; download the sources from the tip of the "qt5" branch.
+(define-public clementine
+  (let ((commit "0a59257dc334b8df60a4d7d90b04f1766747efcf")
+        (revision "1"))
+    (package
+      (name "clementine")
+      (version (string-append "1.3.1-" revision "." (string-take commit 7)))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/clementine-player/Clementine.git")
+                      (commit commit)))
+                (file-name (string-append name "-" version "-checkout"))
+                (sha256
+                 (base32
+                   "0cdcj7di7j9jgzc1ihjna1a5df64f9hnmx7b9kh8rlg76hc0l0hi"))
+                (modules '((guix build utils)))
+                (snippet
+                  '(for-each
+                     (lambda (dir)
+                       (delete-file-recursively
+                         (string-append "3rdparty/" dir)))
+                     (list
+                       ;; TODO: The following dependencies are still bundled:
+                       ;; - "qxt": Appears to be unmaintained upstream.
+                       ;; - "qsqlite"
+                       ;; - "qtsingleapplication"
+                       ;; - "qocoa"
+                       ;; - "qtiocompressor"
+                       ;; - "gmock": The tests crash when using our googletest
+                       ;;   package instead of the bundled gmock.
+                       "SPMediaKeyTap"
+                       "fancytabwidget"
+                       "google-breakpad"
+                       "libmygpo-qt"
+                       "libmygpo-qt5"
+                       "libprojectm"
+                       "qtwin"
+                       "sha2" ;; Replaced by openssl.
+                       "taglib"
+                       "tinysvcmdns")))
+                (patches (search-patches "clementine-use-openssl.patch"))))
+      (build-system cmake-build-system)
+      (arguments
+       '(#:test-target "clementine_test"
+         #:configure-flags
+         (let ((crypto (assoc-ref %build-inputs "crypto++")))
+           (list "-DENABLE_VISUALISATIONS=OFF" ; requires unpackaged "projectm"
+                 "-DCRYPTOPP_FOUND=TRUE"
+                 (string-append "-DCRYPTOPP_INCLUDE_DIRS=" crypto "/include")
+                 (string-append "-DCRYPTOPP_LIBRARY_DIRS=" crypto "/lib")
+                 (string-append "-DCRYPTOPP_LIBRARIES=" crypto "/lib/libcryptopp.a")
+                 "-DUSE_SYSTEM_SHA2=TRUE"))
+         #:phases
+         (modify-phases %standard-phases
+           (add-after 'install 'wrap-program
+             (lambda* (#:key inputs outputs #:allow-other-keys)
+               (let ((out             (assoc-ref outputs "out"))
+                     (gst-plugin-path (getenv "GST_PLUGIN_SYSTEM_PATH")))
+                 (wrap-program (string-append out "/bin/clementine")
+                   `("GST_PLUGIN_SYSTEM_PATH" ":" prefix (,gst-plugin-path)))
+                 #t))))))
+      (native-inputs
+       `(("gettext" ,gettext-minimal)
+         ("pkg-config" ,pkg-config)
+         ("qtlinguist" ,qttools)))
+      (inputs
+       `(("boost" ,boost)
+         ("chromaprint" ,chromaprint)
+         ("crypto++" ,crypto++)
+         ("fftw" ,fftw)
+         ("glib" ,glib)
+         ("glu" ,glu)
+         ("gstreamer" ,gstreamer)
+         ("gst-plugins-base" ,gst-plugins-base)
+         ("libcdio" ,libcdio)
+         ("libmygpo-qt" ,libmygpo-qt)
+         ("libechonest" ,libechonest)
+         ;; TODO: Package libgpod.
+         ("libmtp" ,libmtp)
+         ("libxml2" ,libxml2)
+         ("openssl" ,openssl)
+         ("protobuf" ,protobuf)
+         ("pulseaudio" ,pulseaudio)
+         ("qtbase" ,qtbase)
+         ("qtx11extras" ,qtx11extras)
+         ("qtwebkit" ,qtwebkit)
+         ("sqlite" ,sqlite-with-fts3)
+         ("sparsehash" ,sparsehash)
+         ("taglib" ,taglib)))
+      (home-page "http://clementine-player.org")
+      (synopsis "Music player and library organizer")
+      (description "Clementine is a multiplatform music player.  It is inspired
+by Amarok 1.4, focusing on a fast and easy-to-use interface for searching and
+playing your music.")
+      (license (list
+                 ;; clementine and qtiocompressor are under GPLv3.
+                 license:gpl3+
+                 ;; gmock is under BSD-3.
+                 license:bsd-3
+                 ;; qxt is under CPL1.0.
+                 license:cpl1.0
+                 ;; qsqlite and qtsingleapplication are under LGPL2.1+.
+                 license:lgpl2.1+
+                 ;; qocoa is under MIT and CC by-sa for the icons.
+                 license:cc-by-sa3.0)))))
+
 (define-public cmus
   (package
     (name "cmus")
@@ -508,19 +624,10 @@ audio and video).")
               (sha256
                (base32
                 "0hmcaywnwzjci3pp4xpvbijnnwvibz7gf9xzcdjbdca910y5728j"))))
-    (build-system gnu-build-system)
+    (build-system scons-build-system)
     (arguments
-     `(#:tests? #f ;no "check" target
-       #:phases
-       ;; TODO: Add scons-build-system and use it here.
-       (modify-phases %standard-phases
-         (delete 'configure)
-         (replace 'build
-                  (lambda* (#:key inputs outputs #:allow-other-keys)
-                    (let ((out (assoc-ref outputs "out")))
-                      (mkdir-p out)
-                      (zero? (system* "scons" (string-append "PREFIX=" out))))))
-         (replace 'install (lambda _ (zero? (system* "scons" "install")))))))
+     `(#:scons-flags (list (string-append "PREFIX=" %output))
+       #:tests? #f)) ;no "check" target
     (inputs
      `(("boost" ,boost)
        ("jack" ,jack-1)
@@ -529,9 +636,7 @@ audio and video).")
        ("liblo" ,liblo)
        ("rubberband" ,rubberband)))
     (native-inputs
-     `(("scons" ,scons)
-       ("python" ,python-2)
-       ("pkg-config" ,pkg-config)))
+     `(("pkg-config" ,pkg-config)))
     (home-page "http://das.nasophon.de/klick/")
     (synopsis "Metronome for JACK")
     (description
@@ -1090,7 +1195,7 @@ users to select LV2 plugins and run them with jalv.")
 (define-public synthv1
   (package
     (name "synthv1")
-    (version "0.8.4")
+    (version "0.8.5")
     (source (origin
               (method url-fetch)
               (uri
@@ -1098,7 +1203,7 @@ users to select LV2 plugins and run them with jalv.")
                               "/synthv1-" version ".tar.gz"))
               (sha256
                (base32
-                "0awk2zx0xa6vl6ah24zz0k2mwsx50hh5g1rh32mp790fp4x7l5s8"))))
+                "0mvrqk6jy7h2wg442ixwm49w7x15rs4066c2ljrz4kvxlzp5z69i"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; There are no tests.
@@ -1124,7 +1229,7 @@ oscillators and stereo effects.")
 (define-public drumkv1
   (package
     (name "drumkv1")
-    (version "0.8.4")
+    (version "0.8.5")
     (source (origin
               (method url-fetch)
               (uri
@@ -1132,7 +1237,7 @@ oscillators and stereo effects.")
                               "/drumkv1-" version ".tar.gz"))
               (sha256
                (base32
-                "0qqpklzy4wgw9jy0v2810j06712q90bwc69fp7da82536ba058a9"))))
+                "06xqqm1ylmpp2s7xk7xav325gc50kxlvh9vf1343b0n3i8xkgjfg"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; There are no tests.
@@ -1159,7 +1264,7 @@ effects.")
 (define-public samplv1
   (package
     (name "samplv1")
-    (version "0.8.4")
+    (version "0.8.5")
     (source (origin
               (method url-fetch)
               (uri
@@ -1167,7 +1272,7 @@ effects.")
                               "/samplv1-" version ".tar.gz"))
               (sha256
                (base32
-                "107p2xsj066q2bil0xcgqrrn7lawp02wzf7qmlajcbnd79jhsi6i"))))
+                "1gscwybsbaqbnylmgf2baf71cm2g7a0pd11rqmk3cz9hi3lyjric"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; There are no tests.
@@ -3083,16 +3188,30 @@ are a C compiler and glib.  Full API documentation and examples are included.")
      `(#:tests? #f ; no tests
        #:phases
        (modify-phases %standard-phases
-         (add-before
-          'configure 'set-ldflags
-          (lambda* (#:key outputs #:allow-other-keys)
-            (setenv "LDFLAGS"
-                    (string-append
-                     "-Wl,-rpath=\""
-                     (assoc-ref outputs "out") "/lib/lmms"
-                     ":"
-                     (assoc-ref outputs "out") "/lib/lmms/ladspa"
-                     "\"")))))))
+         (add-before 'configure 'set-ldflags
+           (lambda* (#:key outputs #:allow-other-keys)
+             (setenv "LDFLAGS"
+                     (string-append
+                      "-Wl,-rpath=\""
+                      (assoc-ref outputs "out") "/lib/lmms"
+                      ":"
+                      (assoc-ref outputs "out") "/lib/lmms/ladspa"
+                      "\""))
+             #t))
+         (add-before 'configure 'remove-Werror
+           (lambda _
+             (substitute* "CMakeLists.txt"
+               (("SET\\(WERROR_FLAGS \"\\$\\{WERROR_FLAGS\\} -Werror")
+                "SET(WERROR_FLAGS \"${WERROR_FLAGS}"))
+             #t))
+         (add-before 'reset-gzip-timestamps 'make-manpages-writable
+           (lambda* (#:key outputs #:allow-other-keys)
+             (map (lambda (file)
+                    (make-file-writable file))
+                  (find-files (string-append (assoc-ref outputs "out")
+                                             "/share/man")
+                              ".*\\.gz$"))
+             #t)))))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (inputs
@@ -3402,3 +3521,30 @@ the electronic or dubstep genre.")
 designed to make a developer's life easy when trying to use the APIs provided
 by The Echo Nest.")
     (license license:gpl2+)))
+
+(define-public libmygpo-qt
+  (package
+    (name "libmygpo-qt")
+    (version "1.0.9")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://stefan.derkits.at/files/"
+                                  "libmygpo-qt/libmygpo-qt." version ".tar.gz"))
+              (sha256
+               (base32
+                "1wsgh2vjnd52rkvpncj1ycpbp84sj9hh12ija46b42z9mmqf2jm4"))
+              (patches
+               (search-patches "libmygpo-qt-fix-jsoncreatortest.patch"))))
+    (build-system cmake-build-system)
+    (arguments
+     '(#:configure-flags '("-DBUILD_WITH_QT4=OFF")))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("qt" ,qtbase)))
+    (home-page "http://wiki.gpodder.org/wiki/Libmygpo-qt")
+    (synopsis "Qt/C++ library wrapping the gpodder web service")
+    (description "@code{libmygpo-qt} is a Qt/C++ library wrapping the
+@url{https://gpodder.net} APIs.  It allows applications to discover, manage
+and track podcasts.")
+    (license license:lgpl2.1+)))
diff --git a/gnu/packages/musl.scm b/gnu/packages/musl.scm
index dbb8c4856f..7c78d29385 100644
--- a/gnu/packages/musl.scm
+++ b/gnu/packages/musl.scm
@@ -27,14 +27,14 @@
 (define-public musl
   (package
     (name "musl")
-    (version "1.1.17")
+    (version "1.1.18")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://www.musl-libc.org/releases/"
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0r0lyp2w6v2bvm8h1si7w3p2qx037szl14qnxm5p00568z3m3an8"))))
+                "0651lnj5spckqjf83nz116s8qhhydgqdy3rkl4icbh5f05fyw5yh"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f  ; Musl has no tests
diff --git a/gnu/packages/nano.scm b/gnu/packages/nano.scm
index b8acaa27ef..c96c74bdcf 100644
--- a/gnu/packages/nano.scm
+++ b/gnu/packages/nano.scm
@@ -29,7 +29,7 @@
 (define-public nano
   (package
     (name "nano")
-    (version "2.9.0")
+    (version "2.9.1")
     (source
      (origin
       (method url-fetch)
@@ -37,7 +37,7 @@
                           version ".tar.xz"))
       (sha256
        (base32
-        "17hjgvig59a2ha2b0494bprrci3d33sayjqvxjhsnlzgr8whrlyj"))))
+        "0z5sxji8jh8sh0g3inbzndhsrbm4qyqlvjrxl5wkxbr61lnxa5k3"))))
     (build-system gnu-build-system)
     (inputs
      `(("gettext" ,gettext-minimal)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 1f4906b7b5..c60f255c3d 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -489,7 +489,7 @@ which can be used to encrypt a password with @code{crypt(3)}.")
 (define-public wireshark
   (package
     (name "wireshark")
-    (version "2.4.2")
+    (version "2.4.3")
     (source
      (origin
        (method url-fetch)
@@ -497,7 +497,7 @@ which can be used to encrypt a password with @code{crypt(3)}.")
                            version ".tar.xz"))
        (sha256
         (base32
-         "0zglapd3sz08p2z9x8a5va3jnz17b3n5a1bskf7f2dgx6m3v5b6i"))))
+         "0bpiby916k3k8bm7q8b1dflva6zs0a4ircskrck0d538dfcrb50q"))))
     (build-system gnu-build-system)
     (inputs `(("c-ares" ,c-ares)
               ("glib" ,glib)
@@ -1536,3 +1536,34 @@ at the IP layer and link layer, as well as a host of supplementary
 functionality.  Using libnet, quick and simple packet assembly applications
 can be whipped up with little effort.")
     (license license:bsd-2)))
+
+(define-public mtr
+  (package
+    (name "mtr")
+    (version "0.92")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "ftp://ftp.bitwizard.nl/" name "/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32 "10j3ds3p27jygys4x08kj8fi3zlsgiv72xsfazkah6plwawrv5zj"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("libcap" ,libcap)
+       ("ncurses" ,ncurses)))
+    (native-inputs
+     ;; The 0.92 release tarball still requires the ‘autoheader’ tool.
+     `(("autoconf" ,autoconf)))
+    (arguments
+     `(#:tests? #f))                    ; tests require network access
+    (home-page "https://www.bitwizard.nl/mtr/")
+    (synopsis "Network diagnostic tool")
+    (description
+     "@dfn{mtr} (My TraceRoute) combines the functionality of the
+@command{traceroute} and @command{ping} programs in a single network diagnostic
+tool.  @command{mtr} can use several network protocols to detect intermediate
+routers (or @dfn{hops}) between the local host and a user-specified destination.
+It then continually measures the response time and packet loss at each hop, and
+displays the results in real time.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index e354130ad2..fade8b23da 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015, 2016 David Thompson <davet@gnu.org>
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Mike Gerwitz <mtg@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -40,14 +41,18 @@
 (define-public node
   (package
     (name "node")
-    (version "8.7.0")
+    (version "8.9.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://nodejs.org/dist/v" version
                                   "/node-v" version ".tar.gz"))
               (sha256
                (base32
-                "1a0ginagx3pav6v7adyp76jisia4qgbsq6pz3als4kshwlk4a667"))))
+                "1qbiz7hgwlirhwpd71c8yzcbwsyi5bjlfp6lxb6v55j6rizinj9j"))
+              ;; See https://github.com/nodejs/node/issues/16688
+              ;; Remove this next update (>8.9.1).
+              (patches
+                (search-patches "node-test-http2-server-rst-stream.patch"))))
     (build-system gnu-build-system)
     (arguments
      ;; TODO: Purge the bundled copies from the source.
@@ -76,6 +81,10 @@
                (("'/usr/bin/env'")
                 (string-append "'" (which "env") "'")))
 
+
+             ;; test-make-doc needs doc-only target, which is inhibited below
+             (for-each delete-file
+                       '("test/doctool/test-make-doc.js"))
              ;; FIXME: This test seems to depends on files that are not
              ;; available in the bundled v8. See
              ;; https://github.com/nodejs/node/issues/13344
@@ -88,12 +97,12 @@
                          "test/parallel/test-util-inspect.js"
                          "test/parallel/test-v8-serdes.js"
                          "test/parallel/test-dgram-membership.js"
-                         "test/parallel/test-dgram-multicast-set-interface-lo.js"
                          "test/parallel/test-dns-cancel-reverse-lookup.js"
                          "test/parallel/test-dns-resolveany.js"
                          "test/parallel/test-cluster-master-error.js"
                          "test/parallel/test-cluster-master-kill.js"
                          "test/parallel/test-npm-install.js"
+                         "test/parallel/test-regress-GH-746.js"
                          "test/sequential/test-child-process-emfile.js"
                          "test/sequential/test-benchmark-child-process.js"
                          "test/sequential/test-http-regr-gh-2928.js"))
@@ -115,6 +124,14 @@
                              (string-append (assoc-ref inputs "python")
                                             "/bin/python")
                              "configure" flags)))))
+         (add-before 'check 'skip-check-doc-only
+           (lambda _
+             (substitute* "Makefile"
+               ;; requires js-yaml, which is not part of the distribution,
+               ;; and falls back to using npm to download it
+               (("\\$\\(MAKE\\) doc-only" all)
+                (string-append "#" all)))
+             #t))
          (add-after 'patch-shebangs 'patch-npm-shebang
            (lambda* (#:key outputs #:allow-other-keys)
              (let* ((bindir (string-append (assoc-ref outputs "out")
diff --git a/gnu/packages/ntp.scm b/gnu/packages/ntp.scm
index f77eab4799..d270f513dc 100644
--- a/gnu/packages/ntp.scm
+++ b/gnu/packages/ntp.scm
@@ -98,15 +98,17 @@ computers over a network.")
 (define-public openntpd
   (package
     (name "openntpd")
-    (version "6.2p2")
+    (version "6.2p3")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "mirror://openbsd/OpenNTPD/" name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1chghbh1bnwhxdgkqki51w94nwvlyj1a9q8716r4v2h0gc9s822q"))))
+                "0fn12i4kzsi0zkr4qp3dp9bycmirnfapajqvdfx02zhr4hanj0kv"))))
     (build-system gnu-build-system)
+    (inputs
+     `(("libressl" ,libressl))) ; enable TLS time constraints. See ntpd.conf(5).
     (home-page "http://www.openntpd.org/")
     (synopsis "NTP client and server by the OpenBSD Project")
     (description "OpenNTPD is the OpenBSD Project's implementation of a client
diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm
index fbcb1def4d..24787fbde7 100644
--- a/gnu/packages/ocaml.scm
+++ b/gnu/packages/ocaml.scm
@@ -3964,7 +3964,7 @@ provides BigN, BigZ, BigQ that used to be part of Coq standard library.")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://gforge.inria.fr/frs/download.php/"
-                                  "file/36538/interval-" version ".tar.gz"))
+                                  "file/37077/interval-" version ".tar.gz"))
               (sha256
                (base32
                 "08fdcf3hbwqphglvwprvqzgkg0qbimpyhnqsgv3gac4y1ap0f903"))))
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 7c1d42c75c..ed6b5c29ac 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -64,6 +64,7 @@
   #:use-module (gnu packages ssh)
   #:use-module (gnu packages vim)
   #:use-module (gnu packages serialization)
+  #:use-module (gnu packages acl)
   #:use-module (srfi srfi-1)
   #:use-module (ice-9 match))
 
@@ -86,8 +87,8 @@
   ;; Note: the 'update-guix-package.scm' script expects this definition to
   ;; start precisely like this.
   (let ((version "0.13.0")
-        (commit "ff23b47dbee038236386ddc2ed2fff4c77ad3aa1")
-        (revision 9))
+        (commit "3fb6464ba43141b671481ce5ba158b6e6d1badfe")
+        (revision 13))
     (package
       (name "guix")
 
@@ -103,7 +104,7 @@
                       (commit commit)))
                 (sha256
                  (base32
-                  "19y39fm4bjvq4rz3360p8avxpsmflsgrz83l8ig49819a38qs6zm"))
+                  "0nx3nvr3myjhg7zyyrvxfs63ddmb7yv0ndzn1dq4gp2is65n3krr"))
                 (file-name (string-append "guix-" version "-checkout"))))
       (build-system gnu-build-system)
       (arguments
@@ -143,6 +144,12 @@
                                     (chmod po #o666))
                                   (find-files "." "\\.po$"))
 
+                        (patch-shebang "build-aux/git-version-gen")
+
+                        (call-with-output-file ".tarball-version"
+                          (lambda (port)
+                            (display ,version port)))
+
                         (zero? (system* "sh" "bootstrap"))))
                     (add-before
                         'configure 'copy-bootstrap-guile
@@ -170,8 +177,7 @@
                         (copy "armhf")
                         (copy "aarch64")
                         #t))
-                    (add-after
-                        'unpack 'disable-container-tests
+                    (add-after 'unpack 'disable-failing-tests
                       ;; XXX FIXME: These tests fail within the build container.
                       (lambda _
                         (substitute* "tests/syscalls.scm"
@@ -193,15 +199,17 @@
                         #t))
                     (add-after 'install 'wrap-program
                       (lambda* (#:key inputs outputs #:allow-other-keys)
-                        ;; Make sure the 'guix' command finds GnuTLS and
-                        ;; Guile-JSON automatically.
+                        ;; Make sure the 'guix' command finds GnuTLS,
+                        ;; Guile-JSON, and Guile-Git automatically.
                         (let* ((out    (assoc-ref outputs "out"))
                                (guile  (assoc-ref inputs "guile"))
                                (json   (assoc-ref inputs "guile-json"))
                                (git    (assoc-ref inputs "guile-git"))
+                               (bs     (assoc-ref inputs
+                                                  "guile-bytestructures"))
                                (ssh    (assoc-ref inputs "guile-ssh"))
                                (gnutls (assoc-ref inputs "gnutls"))
-                               (deps   (list json gnutls git ssh))
+                               (deps   (list json gnutls git bs ssh))
                                (effective
                                 (read-line
                                  (open-pipe* OPEN_READ
@@ -502,7 +510,6 @@ transactions from C or Python.")
     (build-system python-build-system)
     (arguments
      `(#:phases (modify-phases %standard-phases
-                  (add-before 'unpack 'n (lambda _ #t))
                   ;; setup.py mistakenly requires python-magic from PyPi, even
                   ;; though the Python bindings of `file` are sufficient.
                   ;; https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815844
@@ -517,8 +524,15 @@ transactions from C or Python.")
                          (string-append "['" (which "xxd") "',")))
                       (substitute* "diffoscope/comparators/elf.py"
                         (("@tool_required\\('readelf'\\)") "")
-                        (("\\['readelf',")
-                         (string-append "['" (which "readelf") "',")))
+                        (("get_tool_name\\('readelf'\\)")
+                         (string-append "'" (which "readelf") "'")))
+                      (substitute* "diffoscope/comparators/directory.py"
+                        (("@tool_required\\('stat'\\)") "")
+                        (("@tool_required\\('getfacl'\\)") "")
+                        (("\\['stat',")
+                         (string-append "['" (which "stat") "',"))
+                        (("\\['getfacl',")
+                         (string-append "['" (which "getfacl") "',")))
                       #t))
                   (add-before 'check 'delete-failing-test
                     (lambda _
@@ -529,6 +543,7 @@ transactions from C or Python.")
               ("python-debian" ,python-debian)
               ("python-libarchive-c" ,python-libarchive-c)
               ("python-tlsh" ,python-tlsh)
+              ("acl" ,acl)                        ;for getfacl
               ("colordiff" ,colordiff)
               ("xxd" ,xxd)
 
diff --git a/gnu/packages/parallel.scm b/gnu/packages/parallel.scm
index bbed52544e..0e7b78fb78 100644
--- a/gnu/packages/parallel.scm
+++ b/gnu/packages/parallel.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
+;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -45,7 +46,7 @@
 (define-public parallel
   (package
     (name "parallel")
-    (version "20171022")
+    (version "20171122")
     (source
      (origin
       (method url-fetch)
@@ -53,7 +54,7 @@
                           version ".tar.bz2"))
       (sha256
        (base32
-        "18pq10npl7g764ww7cy9r5n5s3kiy984jclf932qfgndcxsbpqpp"))))
+        "19l2r8zzh8jyb76r3ksfq9y3r8fg07xw31h0dq1d7jpf73fnmd21"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm
index a75881701a..64168cc9d6 100644
--- a/gnu/packages/password-utils.scm
+++ b/gnu/packages/password-utils.scm
@@ -13,6 +13,7 @@
 ;;; Copyright © 2017 Jelle Licht <jlicht@fsfe.org>
 ;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2017 Nicolas Goaziou <mail@nicolasgoaziou.fr>
+;;; Copyright © 2017 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -86,7 +87,7 @@ human.")
 (define-public keepassxc
   (package
     (name "keepassxc")
-    (version "2.2.1")
+    (version "2.2.2")
     (source
      (origin
        (method url-fetch)
@@ -95,7 +96,7 @@ human.")
                            version "-src.tar.xz"))
        (sha256
         (base32
-         "1gkxsv3g4pkzbjkd1c27k15m2b5y2fqnnijphnaiv542yk7csqb7"))))
+         "0wrl8kxb16wzdgfjj057yv18cfg0b8z8lxp1fl2q8fkdgr7phm9g"))))
     (build-system cmake-build-system)
     (inputs
      `(("libgcrypt" ,libgcrypt)
diff --git a/gnu/packages/patches/bazaar-CVE-2017-14176.patch b/gnu/packages/patches/bazaar-CVE-2017-14176.patch
new file mode 100644
index 0000000000..0e9083b97d
--- /dev/null
+++ b/gnu/packages/patches/bazaar-CVE-2017-14176.patch
@@ -0,0 +1,166 @@
+Fix CVE-2017-14176:
+
+https://bugs.launchpad.net/bzr/+bug/1710979
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14176
+
+Patch copied from Debian's Bazaar package version bzr_2.7.0+bzr6619-7+deb9u1:
+
+https://alioth.debian.org/scm/loggerhead/pkg-bazaar/bzr/2.7/revision/4204
+
+Description: Prevent SSH command line options from being specified in bzr+ssh:// URLs
+Bug: https://bugs.launchpad.net/brz/+bug/1710979
+Bug-Debian: https://bugs.debian.org/874429
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-14176
+Forwarded: no
+Author: Jelmer Vernooij <jelmer@jelmer.uk>
+Last-Update: 2017-11-26
+
+=== modified file 'bzrlib/tests/test_ssh_transport.py'
+--- old/bzrlib/tests/test_ssh_transport.py	2010-10-07 12:45:51 +0000
++++ new/bzrlib/tests/test_ssh_transport.py	2017-08-20 01:59:20 +0000
+@@ -22,6 +22,7 @@
+     SSHCorpSubprocessVendor,
+     LSHSubprocessVendor,
+     SSHVendorManager,
++    StrangeHostname,
+     )
+ 
+ 
+@@ -161,6 +162,19 @@
+ 
+ class SubprocessVendorsTests(TestCase):
+ 
++    def test_openssh_command_tricked(self):
++        vendor = OpenSSHSubprocessVendor()
++        self.assertEqual(
++            vendor._get_vendor_specific_argv(
++                "user", "-oProxyCommand=blah", 100, command=["bzr"]),
++            ["ssh", "-oForwardX11=no", "-oForwardAgent=no",
++                "-oClearAllForwardings=yes",
++                "-oNoHostAuthenticationForLocalhost=yes",
++                "-p", "100",
++                "-l", "user",
++                "--",
++                "-oProxyCommand=blah", "bzr"])
++
+     def test_openssh_command_arguments(self):
+         vendor = OpenSSHSubprocessVendor()
+         self.assertEqual(
+@@ -171,6 +185,7 @@
+                 "-oNoHostAuthenticationForLocalhost=yes",
+                 "-p", "100",
+                 "-l", "user",
++                "--",
+                 "host", "bzr"]
+             )
+ 
+@@ -184,9 +199,16 @@
+                 "-oNoHostAuthenticationForLocalhost=yes",
+                 "-p", "100",
+                 "-l", "user",
+-                "-s", "host", "sftp"]
++                "-s", "--", "host", "sftp"]
+             )
+ 
++    def test_openssh_command_tricked(self):
++        vendor = SSHCorpSubprocessVendor()
++        self.assertRaises(
++            StrangeHostname,
++            vendor._get_vendor_specific_argv,
++                "user", "-oProxyCommand=host", 100, command=["bzr"])
++
+     def test_sshcorp_command_arguments(self):
+         vendor = SSHCorpSubprocessVendor()
+         self.assertEqual(
+@@ -209,6 +231,13 @@
+                 "-s", "sftp", "host"]
+             )
+ 
++    def test_lsh_command_tricked(self):
++        vendor = LSHSubprocessVendor()
++        self.assertRaises(
++            StrangeHostname,
++            vendor._get_vendor_specific_argv,
++                "user", "-oProxyCommand=host", 100, command=["bzr"])
++
+     def test_lsh_command_arguments(self):
+         vendor = LSHSubprocessVendor()
+         self.assertEqual(
+@@ -231,6 +260,13 @@
+                 "--subsystem", "sftp", "host"]
+             )
+ 
++    def test_plink_command_tricked(self):
++        vendor = PLinkSubprocessVendor()
++        self.assertRaises(
++            StrangeHostname,
++            vendor._get_vendor_specific_argv,
++                "user", "-oProxyCommand=host", 100, command=["bzr"])
++
+     def test_plink_command_arguments(self):
+         vendor = PLinkSubprocessVendor()
+         self.assertEqual(
+
+=== modified file 'bzrlib/transport/ssh.py'
+--- old/bzrlib/transport/ssh.py	2015-07-31 01:04:41 +0000
++++ new/bzrlib/transport/ssh.py	2017-08-20 01:59:20 +0000
+@@ -46,6 +46,10 @@
+     from paramiko.sftp_client import SFTPClient
+ 
+ 
++class StrangeHostname(errors.BzrError):
++    _fmt = "Refusing to connect to strange SSH hostname %(hostname)s"
++
++
+ SYSTEM_HOSTKEYS = {}
+ BZR_HOSTKEYS = {}
+ 
+@@ -360,6 +364,11 @@
+     # tests, but beware of using PIPE which may hang due to not being read.
+     _stderr_target = None
+ 
++    @staticmethod
++    def _check_hostname(arg):
++        if arg.startswith('-'):
++            raise StrangeHostname(hostname=arg)
++
+     def _connect(self, argv):
+         # Attempt to make a socketpair to use as stdin/stdout for the SSH
+         # subprocess.  We prefer sockets to pipes because they support
+@@ -424,9 +433,9 @@
+         if username is not None:
+             args.extend(['-l', username])
+         if subsystem is not None:
+-            args.extend(['-s', host, subsystem])
++            args.extend(['-s', '--', host, subsystem])
+         else:
+-            args.extend([host] + command)
++            args.extend(['--', host] + command)
+         return args
+ 
+ register_ssh_vendor('openssh', OpenSSHSubprocessVendor())
+@@ -439,6 +448,7 @@
+ 
+     def _get_vendor_specific_argv(self, username, host, port, subsystem=None,
+                                   command=None):
++        self._check_hostname(host)
+         args = [self.executable_path, '-x']
+         if port is not None:
+             args.extend(['-p', str(port)])
+@@ -460,6 +470,7 @@
+ 
+     def _get_vendor_specific_argv(self, username, host, port, subsystem=None,
+                                   command=None):
++        self._check_hostname(host)
+         args = [self.executable_path]
+         if port is not None:
+             args.extend(['-p', str(port)])
+@@ -481,6 +492,7 @@
+ 
+     def _get_vendor_specific_argv(self, username, host, port, subsystem=None,
+                                   command=None):
++        self._check_hostname(host)
+         args = [self.executable_path, '-x', '-a', '-ssh', '-2', '-batch']
+         if port is not None:
+             args.extend(['-P', str(port)])
+
diff --git a/gnu/packages/patches/clementine-use-openssl.patch b/gnu/packages/patches/clementine-use-openssl.patch
new file mode 100644
index 0000000000..1fbf3d2b8a
--- /dev/null
+++ b/gnu/packages/patches/clementine-use-openssl.patch
@@ -0,0 +1,67 @@
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 4022c383b..3202b8b69 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -83,6 +83,7 @@ pkg_check_modules(LIBPULSE libpulse)
+ pkg_check_modules(LIBXML libxml-2.0)
+ pkg_check_modules(SPOTIFY libspotify>=12.1.45)
+ pkg_check_modules(TAGLIB REQUIRED taglib>=1.6)
++pkg_check_modules(OPENSSL REQUIRED openssl)
+ 
+ if (WIN32)
+   find_package(ZLIB REQUIRED)
+@@ -381,20 +382,6 @@ if(GMOCK_INCLUDE_DIRS)
+   endif(GTEST_INCLUDE_DIRS)
+ endif(GMOCK_INCLUDE_DIRS)
+ 
+-# Use the system's sha2 if it's available.
+-find_path(SHA2_INCLUDE_DIRS sha2.h)
+-find_library(SHA2_LIBRARIES sha2)
+-if(SHA2_LIBRARIES AND SHA2_INCLUDE_DIRS)
+-  message(STATUS "Using system sha2 library")
+-  set(USE_SYSTEM_SHA2 ON)
+-else()
+-  message(STATUS "Using builtin sha2 library")
+-  set(USE_SYSTEM_SHA2 OFF)
+-  add_subdirectory(3rdparty/sha2)
+-  set(SHA2_INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/sha2)
+-  set(SHA2_LIBRARIES sha2)
+-endif()
+-
+ # Use the system libmygpo-qt5 if a recent enough version was found
+ if(LIBMYGPO_QT5_FOUND)
+   set(MYGPOQT5_LIBRARIES ${LIBMYGPO_QT5_LIBRARIES})
+diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
+index 6e24c9726..104d044d9 100644
+--- a/src/CMakeLists.txt
++++ b/src/CMakeLists.txt
+@@ -29,7 +29,6 @@ include_directories(${LIBPROJECTM_INCLUDE_DIRS})
+ include_directories(${QTSINGLEAPPLICATION_INCLUDE_DIRS})
+ include_directories(${QTIOCOMPRESSOR_INCLUDE_DIRS})
+ include_directories(${QXT_INCLUDE_DIRS})
+-include_directories(${SHA2_INCLUDE_DIRS})
+ include_directories(${CHROMAPRINT_INCLUDE_DIRS})
+ include_directories(${MYGPOQT5_INCLUDE_DIRS})
+ 
+@@ -1223,7 +1222,7 @@ target_link_libraries(clementine_lib
+   libclementine-common
+   libclementine-tagreader
+   libclementine-remote
+-  ${SHA2_LIBRARIES}
++  ${OPENSSL_LIBRARIES}
+   ${TAGLIB_LIBRARIES}
+   ${MYGPOQT5_LIBRARIES}
+   ${CHROMAPRINT_LIBRARIES}
+diff --git a/src/core/utilities.cpp b/src/core/utilities.cpp
+index ce76f22da..80bf623fb 100644
+--- a/src/core/utilities.cpp
++++ b/src/core/utilities.cpp
+@@ -52,7 +52,7 @@
+ #include "config.h"
+ #include "timeconstants.h"
+ 
+-#include "sha2.h"
++#include <openssl/sha.h>
+ 
+ #if defined(Q_OS_UNIX)
+ #include <sys/statvfs.h>
diff --git a/gnu/packages/patches/dtc-32-bits-check.patch b/gnu/packages/patches/dtc-32-bits-check.patch
new file mode 100644
index 0000000000..cf15be3404
--- /dev/null
+++ b/gnu/packages/patches/dtc-32-bits-check.patch
@@ -0,0 +1,134 @@
+This fixes tests on 32 bits platforms. Patch taken from upstream.
+
+commit f8872e29ce06d78d3db71b3ab26a7465fc8a9586
+Author: David Gibson <david@gibson.dropbear.id.au>
+Date:   Fri Oct 6 23:07:30 2017 +1100
+
+    tests: Avoid 64-bit arithmetic in assembler
+    
+    For testing we (ab)use the assembler to build us a sample dtb, independent
+    of the other tools (dtc and libfdt) that we're trying to test.  In a few
+    places this uses 64-bit arithmetic to decompose 64-bit constants into
+    the individual bytes in the blob.
+    
+    Unfortunately, it seems that some builds of GNU as don't support >32 bit
+    arithmetic, though it's not entirely clear to me which do and which don't
+    (Fedora i386 does support 64-bit, Debian arm32 doesn't).
+    
+    Anyway, to be safe, this avoids 64-bit arithmetic in assembler at the cost
+    of some extra awkwardness because we have to define the values in 32-bit
+    halves.
+    
+    Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
+
+diff --git a/tests/testdata.h b/tests/testdata.h
+index 3588778..f6bbe1d 100644
+--- a/tests/testdata.h
++++ b/tests/testdata.h
+@@ -4,15 +4,25 @@
+ #define ASM_CONST_LL(x)	(x##ULL)
+ #endif
+ 
+-#define TEST_ADDR_1	ASM_CONST_LL(0xdeadbeef00000000)
+-#define TEST_SIZE_1	ASM_CONST_LL(0x100000)
+-#define TEST_ADDR_2	ASM_CONST_LL(123456789)
+-#define TEST_SIZE_2	ASM_CONST_LL(010000)
++#define TEST_ADDR_1H	ASM_CONST_LL(0xdeadbeef)
++#define TEST_ADDR_1L	ASM_CONST_LL(0x00000000)
++#define TEST_ADDR_1	((TEST_ADDR_1H << 32) | TEST_ADDR_1L)
++#define TEST_SIZE_1H	ASM_CONST_LL(0x00000000)
++#define TEST_SIZE_1L	ASM_CONST_LL(0x00100000)
++#define TEST_SIZE_1	((TEST_SIZE_1H << 32) | TEST_SIZE_1L)
++#define TEST_ADDR_2H	ASM_CONST_LL(0)
++#define TEST_ADDR_2L	ASM_CONST_LL(123456789)
++#define TEST_ADDR_2	((TEST_ADDR_2H << 32) | TEST_ADDR_2L)
++#define TEST_SIZE_2H	ASM_CONST_LL(0)
++#define TEST_SIZE_2L	ASM_CONST_LL(010000)
++#define TEST_SIZE_2	((TEST_SIZE_2H << 32) | TEST_SIZE_2L)
+ 
+ #define TEST_VALUE_1	0xdeadbeef
+ #define TEST_VALUE_2	123456789
+ 
+-#define TEST_VALUE64_1	ASM_CONST_LL(0xdeadbeef01abcdef)
++#define TEST_VALUE64_1H	ASM_CONST_LL(0xdeadbeef)
++#define TEST_VALUE64_1L	ASM_CONST_LL(0x01abcdef)
++#define TEST_VALUE64_1	((TEST_VALUE64_1H << 32) | TEST_VALUE64_1L)
+ 
+ #define PHANDLE_1	0x2000
+ #define PHANDLE_2	0x2001
+diff --git a/tests/trees.S b/tests/trees.S
+index 9854d1d..9859914 100644
+--- a/tests/trees.S
++++ b/tests/trees.S
+@@ -7,16 +7,6 @@
+ 	.byte	((val) >> 8) & 0xff ; \
+ 	.byte	(val) & 0xff	;
+ 
+-#define FDTQUAD(val) \
+-	.byte	((val) >> 56) & 0xff ; \
+-	.byte	((val) >> 48) & 0xff ; \
+-	.byte	((val) >> 40) & 0xff ; \
+-	.byte	((val) >> 32) & 0xff ; \
+-	.byte	((val) >> 24) & 0xff ; \
+-	.byte	((val) >> 16) & 0xff ; \
+-	.byte	((val) >> 8) & 0xff ; \
+-	.byte	(val) & 0xff	;
+-
+ #define TREE_HDR(tree) \
+ 	.balign	8		; \
+ 	.globl	_##tree		; \
+@@ -33,14 +23,16 @@ tree:	\
+ 	FDTLONG(tree##_strings_end - tree##_strings) ; \
+ 	FDTLONG(tree##_struct_end - tree##_struct) ;
+ 
+-#define RSVMAP_ENTRY(addr, len) \
+-	FDTQUAD(addr)		; \
+-	FDTQUAD(len)		; \
++#define RSVMAP_ENTRY(addrh, addrl, lenh, lenl) \
++	FDTLONG(addrh)		; \
++	FDTLONG(addrl)		; \
++	FDTLONG(lenh)		; \
++	FDTLONG(lenl)
+ 
+ #define EMPTY_RSVMAP(tree) \
+ 	.balign	8		; \
+ tree##_rsvmap:			; \
+-	RSVMAP_ENTRY(0, 0) \
++	RSVMAP_ENTRY(0, 0, 0, 0) \
+ tree##_rsvmap_end:		;
+ 
+ #define PROPHDR(tree, name, len) \
+@@ -52,9 +44,10 @@ tree##_rsvmap_end:		;
+ 	PROPHDR(tree, name, 4) \
+ 	FDTLONG(val)		;
+ 
+-#define PROP_INT64(tree, name, val) \
++#define PROP_INT64(tree, name, valh, vall) \
+ 	PROPHDR(tree, name, 8) \
+-	FDTQUAD(val)		;
++	FDTLONG(valh)		; \
++	FDTLONG(vall)		;
+ 
+ #define PROP_STR(tree, name, str) \
+ 	PROPHDR(tree, name, 55f - 54f) \
+@@ -81,16 +74,16 @@ tree##_##name:			; \
+ 
+ 	.balign	8
+ test_tree1_rsvmap:
+-	RSVMAP_ENTRY(TEST_ADDR_1, TEST_SIZE_1)
+-	RSVMAP_ENTRY(TEST_ADDR_2, TEST_SIZE_2)
+-	RSVMAP_ENTRY(0, 0)
++	RSVMAP_ENTRY(TEST_ADDR_1H, TEST_ADDR_1L, TEST_SIZE_1H, TEST_SIZE_1L)
++	RSVMAP_ENTRY(TEST_ADDR_2H, TEST_ADDR_2L, TEST_SIZE_2H, TEST_SIZE_2L)
++	RSVMAP_ENTRY(0, 0, 0, 0)
+ test_tree1_rsvmap_end:
+ 
+ test_tree1_struct:
+ 	BEGIN_NODE("")
+ 	PROP_STR(test_tree1, compatible, "test_tree1")
+ 	PROP_INT(test_tree1, prop_int, TEST_VALUE_1)
+-	PROP_INT64(test_tree1, prop_int64, TEST_VALUE64_1)
++	PROP_INT64(test_tree1, prop_int64, TEST_VALUE64_1H, TEST_VALUE64_1L)
+ 	PROP_STR(test_tree1, prop_str, TEST_STRING_1)
+ 	PROP_INT(test_tree1, address_cells, 1)
+ 	PROP_INT(test_tree1, size_cells, 0)
diff --git a/gnu/packages/patches/dtc-format-modifier.patch b/gnu/packages/patches/dtc-format-modifier.patch
new file mode 100644
index 0000000000..c33d16857f
--- /dev/null
+++ b/gnu/packages/patches/dtc-format-modifier.patch
@@ -0,0 +1,38 @@
+This fixes build on 32 bits platforms. This patch is taken from upstream.
+
+commit 497432fd2131967f349e69dc5d259072151cc4b4
+Author: Thierry Reding <treding@nvidia.com>
+Date:   Wed Sep 27 15:04:09 2017 +0200
+
+    checks: Use proper format modifier for size_t
+    
+    The size of size_t can vary between architectures, so using %ld isn't
+    going to work on 32-bit builds. Use the %zu modifier to make sure it is
+    always correct.
+    
+    Signed-off-by: Thierry Reding <treding@nvidia.com>
+    Acked-by: Rob Herring <robh@kernel.org>
+    Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
+
+diff --git a/checks.c b/checks.c
+index 902f2e3..08a3a29 100644
+--- a/checks.c
++++ b/checks.c
+@@ -972,7 +972,7 @@ static void check_property_phandle_args(struct check *c,
+ 	int cell, cellsize = 0;
+ 
+ 	if (prop->val.len % sizeof(cell_t)) {
+-		FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %ld in node %s",
++		FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %zu in node %s",
+ 		     prop->name, prop->val.len, sizeof(cell_t), node->fullpath);
+ 		return;
+ 	}
+@@ -1163,7 +1163,7 @@ static void check_interrupts_property(struct check *c,
+ 		return;
+ 
+ 	if (irq_prop->val.len % sizeof(cell_t))
+-		FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %ld in node %s",
++		FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %zu in node %s",
+ 		     irq_prop->name, irq_prop->val.len, sizeof(cell_t),
+ 		     node->fullpath);
+ 
diff --git a/gnu/packages/patches/emacs-highlight-stages-add-gexp.patch b/gnu/packages/patches/emacs-highlight-stages-add-gexp.patch
new file mode 100644
index 0000000000..931355b4fe
--- /dev/null
+++ b/gnu/packages/patches/emacs-highlight-stages-add-gexp.patch
@@ -0,0 +1,26 @@
+Copyright © 2017 Oleg Pykhalov <go.wigust@gmail.com>
+Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
+
+This patch adds highlighting for (guix) G-Expressions.
+
+diff --git a/highlight-stages.el b/highlight-stages.el
+index 3094c3c..e11260e 100644
+--- a/highlight-stages.el
++++ b/highlight-stages.el
+@@ -237,14 +237,14 @@ non-nil, (match-string 0) must be the expression matched."
+ 
+ (defun highlight-stages-lisp-quote-matcher (&optional limit)
+   (when (highlight-stages--search-forward-regexp
+-         "\\(?:`\\|\\(#?'\\)\\)\\|([\s\t\n]*\\(?:backquote\\|\\(quote\\)\\)[\s\t\n]+" limit)
++         "\\(?:`\\|\\(#?'\\)\\)\\|([\s\t\n]*\\(?:backquote\\|\\(quote\\)\\)[\s\t\n]+\\|\\(?:#~\\)\\|([\s\t\n]*\\(?:gexp\\)[\s\t\n]+" limit)
+     (prog1 (if (or (match-beginning 1) (match-beginning 2)) 'real t)
+       (set-match-data
+        (list (point)
+              (progn (ignore-errors (forward-sexp 1)) (point)))))))
+ 
+ (defun highlight-stages-lisp-escape-matcher (&optional limit)
+-  (when (highlight-stages--search-forward-regexp ",@?\\|([\s\t\n]*\\\\,@?+[\s\t\n]+" limit)
++  (when (highlight-stages--search-forward-regexp ",@?\\|([\s\t\n]*\\\\,@?+[\s\t\n]+\\|\\(unquote\\)\\|\\(unquote-splicing\\)\\|\\(ungexp-native\\)\\|\\(ungexp-splicing\\)\\|\\(ungexp-native-splicing\\)\\|\\(ungexp\\)\\|#\\$" limit)
+     (set-match-data
+      (list (point)
+            (progn (ignore-errors (forward-sexp 1)) (point))))
diff --git a/gnu/packages/patches/exim-CVE-2017-1000369.patch b/gnu/packages/patches/exim-CVE-2017-1000369.patch
deleted file mode 100644
index a67a8afb0e..0000000000
--- a/gnu/packages/patches/exim-CVE-2017-1000369.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-Fix CVE-2017-1000369:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000369
-https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
-
-Patch adapted from upstream source repository:
-
-https://git.exim.org/exim.git/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21
-
-From 65e061b76867a9ea7aeeb535341b790b90ae6c21 Mon Sep 17 00:00:00 2001
-From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
-Date: Wed, 31 May 2017 23:08:56 +0200
-Subject: [PATCH] Cleanup (prevent repeated use of -p/-oMr to avoid mem leak)
-
----
- doc/doc-docbook/spec.xfpt |  3 ++-
- src/src/exim.c            | 19 +++++++++++++++++--
- 2 files changed, 19 insertions(+), 3 deletions(-)
-
-diff --git a/src/src/exim.c b/src/src/exim.c
-index 67583e58..88e11977 100644
---- a/src/exim.c
-+++ b/src/exim.c
-@@ -3106,7 +3106,14 @@ for (i = 1; i < argc; i++)
- 
-       /* -oMr: Received protocol */
- 
--      else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i];
-+      else if (Ustrcmp(argrest, "Mr") == 0)
-+
-+        if (received_protocol)
-+          {
-+          fprintf(stderr, "received_protocol is set already\n");
-+          exit(EXIT_FAILURE);
-+          }
-+        else received_protocol = argv[++i];
- 
-       /* -oMs: Set sender host name */
- 
-@@ -3202,7 +3209,15 @@ for (i = 1; i < argc; i++)
- 
-     if (*argrest != 0)
-       {
--      uschar *hn = Ustrchr(argrest, ':');
-+      uschar *hn;
-+
-+      if (received_protocol)
-+        {
-+        fprintf(stderr, "received_protocol is set already\n");
-+        exit(EXIT_FAILURE);
-+        }
-+
-+      hn = Ustrchr(argrest, ':');
-       if (hn == NULL)
-         {
-         received_protocol = argrest;
--- 
-2.13.1
-
diff --git a/gnu/packages/patches/gcc-6-source-date-epoch-1.patch b/gnu/packages/patches/gcc-6-source-date-epoch-1.patch
new file mode 100644
index 0000000000..26f62bc9f1
--- /dev/null
+++ b/gnu/packages/patches/gcc-6-source-date-epoch-1.patch
@@ -0,0 +1,187 @@
+Make GCC respect SOURCE_DATE_EPOCH in __DATE__ and __TIME__ macros.
+
+Cherry-picked from upstream commit:
+
+https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=e3e8c48c4a494d9da741c1c8ea6c4c0b7c4ff934
+
+diff --git a/gcc/c-family/c-common.c b/gcc/c-family/c-common.c
+index 6cf8c610b4e..b5daea65ba7 100644
+--- a/gcc/c-family/c-common.c
++++ b/gcc/c-family/c-common.c
+@@ -12750,4 +12750,37 @@ valid_array_size_p (location_t loc, tree type, tree name)
+   return true;
+ }
+ 
++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic
++   timestamp to replace embedded current dates to get reproducible
++   results.  Returns -1 if SOURCE_DATE_EPOCH is not defined.  */
++time_t
++get_source_date_epoch ()
++{
++  char *source_date_epoch;
++  long long epoch;
++  char *endptr;
++
++  source_date_epoch = getenv ("SOURCE_DATE_EPOCH");
++  if (!source_date_epoch)
++    return (time_t) -1;
++
++  errno = 0;
++  epoch = strtoll (source_date_epoch, &endptr, 10);
++  if ((errno == ERANGE && (epoch == LLONG_MAX || epoch == LLONG_MIN))
++      || (errno != 0 && epoch == 0))
++    fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
++		 "strtoll: %s\n", xstrerror(errno));
++  if (endptr == source_date_epoch)
++    fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
++		 "no digits were found: %s\n", endptr);
++  if (*endptr != '\0')
++    fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
++		 "trailing garbage: %s\n", endptr);
++  if (epoch < 0)
++    fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
++		 "value must be nonnegative: %lld \n", epoch);
++
++  return (time_t) epoch;
++}
++
+ #include "gt-c-family-c-common.h"
+diff --git a/gcc/c-family/c-common.h b/gcc/c-family/c-common.h
+index dd74d0dd62e..c6e0ed12b55 100644
+--- a/gcc/c-family/c-common.h
++++ b/gcc/c-family/c-common.h
+@@ -1467,4 +1467,9 @@ extern bool reject_gcc_builtin (const_tree, location_t = UNKNOWN_LOCATION);
+ extern void warn_duplicated_cond_add_or_warn (location_t, tree, vec<tree> **);
+ extern bool valid_array_size_p (location_t, tree, tree);
+ 
++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic
++   timestamp to replace embedded current dates to get reproducible
++   results.  Returns -1 if SOURCE_DATE_EPOCH is not defined.  */
++extern time_t get_source_date_epoch (void);
++
+ #endif /* ! GCC_C_COMMON_H */
+diff --git a/gcc/c-family/c-lex.c b/gcc/c-family/c-lex.c
+index 96da4fc974e..bf1db6c0252 100644
+--- a/gcc/c-family/c-lex.c
++++ b/gcc/c-family/c-lex.c
+@@ -385,6 +385,9 @@ c_lex_with_flags (tree *value, location_t *loc, unsigned char *cpp_flags,
+   enum cpp_ttype type;
+   unsigned char add_flags = 0;
+   enum overflow_type overflow = OT_NONE;
++  time_t source_date_epoch = get_source_date_epoch ();
++
++  cpp_init_source_date_epoch (parse_in, source_date_epoch);
+ 
+   timevar_push (TV_CPP);
+  retry:
+diff --git a/gcc/doc/cppenv.texi b/gcc/doc/cppenv.texi
+index 22c8cb37624..e958e93e97e 100644
+--- a/gcc/doc/cppenv.texi
++++ b/gcc/doc/cppenv.texi
+@@ -79,4 +79,21 @@ main input file is omitted.
+ @ifclear cppmanual
+ @xref{Preprocessor Options}.
+ @end ifclear
++
++@item SOURCE_DATE_EPOCH
++
++If this variable is set, its value specifies a UNIX timestamp to be
++used in replacement of the current date and time in the @code{__DATE__}
++and @code{__TIME__} macros, so that the embedded timestamps become
++reproducible.
++
++The value of @env{SOURCE_DATE_EPOCH} must be a UNIX timestamp,
++defined as the number of seconds (excluding leap seconds) since
++01 Jan 1970 00:00:00 represented in ASCII, identical to the output of
++@samp{@command{date +%s}}.
++
++The value should be a known timestamp such as the last modification
++time of the source or package and it should be set by the build
++process.
++
+ @end vtable
+diff --git a/libcpp/include/cpplib.h b/libcpp/include/cpplib.h
+index 35b0375c09c..4998b3a8ab8 100644
+--- a/libcpp/include/cpplib.h
++++ b/libcpp/include/cpplib.h
+@@ -784,6 +784,9 @@ extern void cpp_init_special_builtins (cpp_reader *);
+ /* Set up built-ins like __FILE__.  */
+ extern void cpp_init_builtins (cpp_reader *, int);
+ 
++/* Initialize the source_date_epoch value.  */
++extern void cpp_init_source_date_epoch (cpp_reader *, time_t);
++
+ /* This is called after options have been parsed, and partially
+    processed.  */
+ extern void cpp_post_options (cpp_reader *);
+diff --git a/libcpp/init.c b/libcpp/init.c
+index 4343075ba85..f5ff85b3bae 100644
+--- a/libcpp/init.c
++++ b/libcpp/init.c
+@@ -533,8 +533,15 @@ cpp_init_builtins (cpp_reader *pfile, int hosted)
+     _cpp_define_builtin (pfile, "__OBJC__ 1");
+ }
+ 
++/* Initialize the source_date_epoch value.  */
++void
++cpp_init_source_date_epoch (cpp_reader *pfile, time_t source_date_epoch)
++{
++  pfile->source_date_epoch = source_date_epoch; 
++}
++
+ /* Sanity-checks are dependent on command-line options, so it is
+-   called as a subroutine of cpp_read_main_file ().  */
++   called as a subroutine of cpp_read_main_file.  */
+ #if CHECKING_P
+ static void sanity_checks (cpp_reader *);
+ static void sanity_checks (cpp_reader *pfile)
+diff --git a/libcpp/internal.h b/libcpp/internal.h
+index 9ce870738cc..e3eb26b1f27 100644
+--- a/libcpp/internal.h
++++ b/libcpp/internal.h
+@@ -502,6 +502,10 @@ struct cpp_reader
+   const unsigned char *date;
+   const unsigned char *time;
+ 
++  /* Externally set timestamp to replace current date and time useful for
++     reproducibility.  */
++  time_t source_date_epoch;
++
+   /* EOF token, and a token forcing paste avoidance.  */
+   cpp_token avoid_paste;
+   cpp_token eof;
+diff --git a/libcpp/macro.c b/libcpp/macro.c
+index c2515534504..c2a83764660 100644
+--- a/libcpp/macro.c
++++ b/libcpp/macro.c
+@@ -357,13 +357,20 @@ _cpp_builtin_macro_text (cpp_reader *pfile, cpp_hashnode *node,
+ 	  time_t tt;
+ 	  struct tm *tb = NULL;
+ 
+-	  /* (time_t) -1 is a legitimate value for "number of seconds
+-	     since the Epoch", so we have to do a little dance to
+-	     distinguish that from a genuine error.  */
+-	  errno = 0;
+-	  tt = time(NULL);
+-	  if (tt != (time_t)-1 || errno == 0)
+-	    tb = localtime (&tt);
++	  /* Set a reproducible timestamp for __DATE__ and __TIME__ macro
++	     usage if SOURCE_DATE_EPOCH is defined.  */
++	  if (pfile->source_date_epoch != (time_t) -1)
++	     tb = gmtime (&pfile->source_date_epoch);
++	  else
++	    {
++	      /* (time_t) -1 is a legitimate value for "number of seconds
++		 since the Epoch", so we have to do a little dance to
++		 distinguish that from a genuine error.  */
++	      errno = 0;
++	      tt = time (NULL);
++	      if (tt != (time_t)-1 || errno == 0)
++		tb = localtime (&tt);
++	    }
+ 
+ 	  if (tb)
+ 	    {
+-- 
+2.14.1
+
diff --git a/gnu/packages/patches/gcc-6-source-date-epoch-2.patch b/gnu/packages/patches/gcc-6-source-date-epoch-2.patch
new file mode 100644
index 0000000000..cd5b09867f
--- /dev/null
+++ b/gnu/packages/patches/gcc-6-source-date-epoch-2.patch
@@ -0,0 +1,346 @@
+Cherry-picked from upstream commit:
+
+https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=dfa5c0d3f3e23e4fdb14857a42de376d9ff8601c
+
+diff --git a/gcc/c-family/c-common.c b/gcc/c-family/c-common.c
+index b5daea65ba7..a4539da15ce 100644
+--- a/gcc/c-family/c-common.c
++++ b/gcc/c-family/c-common.c
+@@ -12753,8 +12753,9 @@ valid_array_size_p (location_t loc, tree type, tree name)
+ /* Read SOURCE_DATE_EPOCH from environment to have a deterministic
+    timestamp to replace embedded current dates to get reproducible
+    results.  Returns -1 if SOURCE_DATE_EPOCH is not defined.  */
++
+ time_t
+-get_source_date_epoch ()
++cb_get_source_date_epoch (cpp_reader *pfile ATTRIBUTE_UNUSED)
+ {
+   char *source_date_epoch;
+   long long epoch;
+@@ -12766,19 +12767,14 @@ get_source_date_epoch ()
+ 
+   errno = 0;
+   epoch = strtoll (source_date_epoch, &endptr, 10);
+-  if ((errno == ERANGE && (epoch == LLONG_MAX || epoch == LLONG_MIN))
+-      || (errno != 0 && epoch == 0))
+-    fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
+-		 "strtoll: %s\n", xstrerror(errno));
+-  if (endptr == source_date_epoch)
+-    fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
+-		 "no digits were found: %s\n", endptr);
+-  if (*endptr != '\0')
+-    fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
+-		 "trailing garbage: %s\n", endptr);
+-  if (epoch < 0)
+-    fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
+-		 "value must be nonnegative: %lld \n", epoch);
++  if (errno != 0 || endptr == source_date_epoch || *endptr != '\0'
++      || epoch < 0 || epoch > MAX_SOURCE_DATE_EPOCH)
++    {
++      error_at (input_location, "environment variable SOURCE_DATE_EPOCH must "
++	        "expand to a non-negative integer less than or equal to %wd",
++		MAX_SOURCE_DATE_EPOCH);
++      return (time_t) -1;
++    }
+ 
+   return (time_t) epoch;
+ }
+diff --git a/gcc/c-family/c-common.h b/gcc/c-family/c-common.h
+index c6e0ed12b55..44699f716e0 100644
+--- a/gcc/c-family/c-common.h
++++ b/gcc/c-family/c-common.h
+@@ -1084,6 +1084,16 @@ extern vec<tree, va_gc> *make_tree_vector_copy (const vec<tree, va_gc> *);
+    c_register_builtin_type.  */
+ extern GTY(()) tree registered_builtin_types;
+ 
++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic
++   timestamp to replace embedded current dates to get reproducible
++   results.  Returns -1 if SOURCE_DATE_EPOCH is not defined.  */
++extern time_t cb_get_source_date_epoch (cpp_reader *pfile);
++
++/* The value (as a unix timestamp) corresponds to date
++   "Dec 31 9999 23:59:59 UTC", which is the latest date that __DATE__ and
++   __TIME__ can store.  */
++#define MAX_SOURCE_DATE_EPOCH HOST_WIDE_INT_C (253402300799)
++
+ /* In c-gimplify.c  */
+ extern void c_genericize (tree);
+ extern int c_gimplify_expr (tree *, gimple_seq *, gimple_seq *);
+@@ -1467,9 +1477,4 @@ extern bool reject_gcc_builtin (const_tree, location_t = UNKNOWN_LOCATION);
+ extern void warn_duplicated_cond_add_or_warn (location_t, tree, vec<tree> **);
+ extern bool valid_array_size_p (location_t, tree, tree);
+ 
+-/* Read SOURCE_DATE_EPOCH from environment to have a deterministic
+-   timestamp to replace embedded current dates to get reproducible
+-   results.  Returns -1 if SOURCE_DATE_EPOCH is not defined.  */
+-extern time_t get_source_date_epoch (void);
+-
+ #endif /* ! GCC_C_COMMON_H */
+diff --git a/gcc/c-family/c-lex.c b/gcc/c-family/c-lex.c
+index bf1db6c0252..42a4135d339 100644
+--- a/gcc/c-family/c-lex.c
++++ b/gcc/c-family/c-lex.c
+@@ -80,6 +80,7 @@ init_c_lex (void)
+   cb->valid_pch = c_common_valid_pch;
+   cb->read_pch = c_common_read_pch;
+   cb->has_attribute = c_common_has_attribute;
++  cb->get_source_date_epoch = cb_get_source_date_epoch;
+ 
+   /* Set the debug callbacks if we can use them.  */
+   if ((debug_info_level == DINFO_LEVEL_VERBOSE
+@@ -385,9 +386,6 @@ c_lex_with_flags (tree *value, location_t *loc, unsigned char *cpp_flags,
+   enum cpp_ttype type;
+   unsigned char add_flags = 0;
+   enum overflow_type overflow = OT_NONE;
+-  time_t source_date_epoch = get_source_date_epoch ();
+-
+-  cpp_init_source_date_epoch (parse_in, source_date_epoch);
+ 
+   timevar_push (TV_CPP);
+  retry:
+diff --git a/gcc/doc/cppenv.texi b/gcc/doc/cppenv.texi
+index e958e93e97e..8cefd529aa3 100644
+--- a/gcc/doc/cppenv.texi
++++ b/gcc/doc/cppenv.texi
+@@ -81,7 +81,6 @@ main input file is omitted.
+ @end ifclear
+ 
+ @item SOURCE_DATE_EPOCH
+-
+ If this variable is set, its value specifies a UNIX timestamp to be
+ used in replacement of the current date and time in the @code{__DATE__}
+ and @code{__TIME__} macros, so that the embedded timestamps become
+@@ -89,8 +88,9 @@ reproducible.
+ 
+ The value of @env{SOURCE_DATE_EPOCH} must be a UNIX timestamp,
+ defined as the number of seconds (excluding leap seconds) since
+-01 Jan 1970 00:00:00 represented in ASCII, identical to the output of
+-@samp{@command{date +%s}}.
++01 Jan 1970 00:00:00 represented in ASCII; identical to the output of
++@samp{@command{date +%s}} on GNU/Linux and other systems that support the
++@code{%s} extension in the @code{date} command.
+ 
+ The value should be a known timestamp such as the last modification
+ time of the source or package and it should be set by the build
+diff --git a/gcc/gcc.c b/gcc/gcc.c
+index cfa074d4e43..f88596219bc 100644
+--- a/gcc/gcc.c
++++ b/gcc/gcc.c
+@@ -3541,6 +3541,29 @@ save_switch (const char *opt, size_t n_args, const char *const *args,
+   n_switches++;
+ }
+ 
++/* Set the SOURCE_DATE_EPOCH environment variable to the current time if it is
++   not set already.  */
++
++static void
++set_source_date_epoch_envvar ()
++{
++  /* Array size is 21 = ceil(log_10(2^64)) + 1 to hold string representations
++     of 64 bit integers.  */
++  char source_date_epoch[21];
++  time_t tt;
++
++  errno = 0;
++  tt = time (NULL);
++  if (tt < (time_t) 0 || errno != 0)
++    tt = (time_t) 0;
++
++  snprintf (source_date_epoch, 21, "%llu", (unsigned long long) tt);
++  /* Using setenv instead of xputenv because we want the variable to remain
++     after finalizing so that it's still set in the second run when using
++     -fcompare-debug.  */
++  setenv ("SOURCE_DATE_EPOCH", source_date_epoch, 0);
++}
++
+ /* Handle an option DECODED that is unknown to the option-processing
+    machinery.  */
+ 
+@@ -3840,6 +3863,7 @@ driver_handle_option (struct gcc_options *opts,
+       else
+ 	compare_debug_opt = arg;
+       save_switch (compare_debug_replacement_opt, 0, NULL, validated, true);
++      set_source_date_epoch_envvar ();
+       return true;
+ 
+     case OPT_fdiagnostics_color_:
+diff --git a/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c
+new file mode 100644
+index 00000000000..f6aa1a360ff
+--- /dev/null
++++ b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c
+@@ -0,0 +1,11 @@
++/* { dg-do run } */
++/* { dg-set-compiler-env-var SOURCE_DATE_EPOCH "630333296" } */
++
++int
++main(void)
++{
++  __builtin_printf ("%s %s\n", __DATE__, __TIME__);
++  return 0;
++}
++
++/* { dg-output "^Dec 22 1989 12:34:56\n$" } */
+diff --git a/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c
+new file mode 100644
+index 00000000000..ae18362ae87
+--- /dev/null
++++ b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c
+@@ -0,0 +1,12 @@
++/* { dg-do compile } */
++/* { dg-set-compiler-env-var SOURCE_DATE_EPOCH "AAA" } */
++
++/* Make sure that SOURCE_DATE_EPOCH is only parsed once */
++
++int
++main(void)
++{
++  __builtin_printf ("%s %s\n", __DATE__, __TIME__); /* { dg-error "SOURCE_DATE_EPOCH must expand" } */
++  __builtin_printf ("%s %s\n", __DATE__, __TIME__);
++  return 0;
++}
+diff --git a/gcc/testsuite/lib/gcc-dg.exp b/gcc/testsuite/lib/gcc-dg.exp
+index 9dd909b0985..822d2fbb3b9 100644
+--- a/gcc/testsuite/lib/gcc-dg.exp
++++ b/gcc/testsuite/lib/gcc-dg.exp
+@@ -450,6 +450,38 @@ proc restore-target-env-var { } {
+     }
+ }
+ 
++proc dg-set-compiler-env-var { args } {
++    global set_compiler_env_var
++    global saved_compiler_env_var
++    if { [llength $args] != 3 } {
++	error "dg-set-compiler-env-var: need two arguments"
++	return
++    }
++    set var [lindex $args 1]
++    set value [lindex $args 2]
++    if [info exists ::env($var)] {
++      lappend saved_compiler_env_var [list $var 1 $::env($var)]
++    } else {
++      lappend saved_compiler_env_var [list $var 0]
++    }
++    setenv $var $value
++    lappend set_compiler_env_var [list $var $value]
++}
++
++proc restore-compiler-env-var { } {
++    global saved_compiler_env_var
++    for { set env_vari [llength $saved_compiler_env_var] } {
++          [incr env_vari -1] >= 0 } {} {
++	set env_var [lindex $saved_compiler_env_var $env_vari]
++	set var [lindex $env_var 0]
++	if [lindex $env_var 1] {
++	    setenv $var [lindex $env_var 2]
++	} else {
++	    unsetenv $var
++	}
++    }
++}
++
+ # Utility routines.
+ 
+ #
+@@ -873,6 +905,11 @@ if { [info procs saved-dg-test] == [list] } {
+ 	if [info exists set_target_env_var] {
+ 	    unset set_target_env_var
+ 	}
++	if [info exists set_compiler_env_var] {
++	    restore-compiler-env-var
++	    unset set_compiler_env_var
++	    unset saved_compiler_env_var
++	}
+ 	if [info exists keep_saved_temps_suffixes] {
+ 	    unset keep_saved_temps_suffixes
+ 	}
+diff --git a/libcpp/include/cpplib.h b/libcpp/include/cpplib.h
+index 4998b3a8ab8..9d70cc856ef 100644
+--- a/libcpp/include/cpplib.h
++++ b/libcpp/include/cpplib.h
+@@ -594,6 +594,9 @@ struct cpp_callbacks
+ 
+   /* Callback that can change a user builtin into normal macro.  */
+   bool (*user_builtin_macro) (cpp_reader *, cpp_hashnode *);
++
++  /* Callback to parse SOURCE_DATE_EPOCH from environment.  */
++  time_t (*get_source_date_epoch) (cpp_reader *);
+ };
+ 
+ #ifdef VMS
+@@ -784,9 +787,6 @@ extern void cpp_init_special_builtins (cpp_reader *);
+ /* Set up built-ins like __FILE__.  */
+ extern void cpp_init_builtins (cpp_reader *, int);
+ 
+-/* Initialize the source_date_epoch value.  */
+-extern void cpp_init_source_date_epoch (cpp_reader *, time_t);
+-
+ /* This is called after options have been parsed, and partially
+    processed.  */
+ extern void cpp_post_options (cpp_reader *);
+diff --git a/libcpp/init.c b/libcpp/init.c
+index f5ff85b3bae..e78b3206def 100644
+--- a/libcpp/init.c
++++ b/libcpp/init.c
+@@ -257,6 +257,9 @@ cpp_create_reader (enum c_lang lang, cpp_hash_table *table,
+   /* Do not force token locations by default.  */
+   pfile->forced_token_location_p = NULL;
+ 
++  /* Initialize source_date_epoch to -2 (not yet set).  */
++  pfile->source_date_epoch = (time_t) -2;
++
+   /* The expression parser stack.  */
+   _cpp_expand_op_stack (pfile);
+ 
+@@ -533,13 +536,6 @@ cpp_init_builtins (cpp_reader *pfile, int hosted)
+     _cpp_define_builtin (pfile, "__OBJC__ 1");
+ }
+ 
+-/* Initialize the source_date_epoch value.  */
+-void
+-cpp_init_source_date_epoch (cpp_reader *pfile, time_t source_date_epoch)
+-{
+-  pfile->source_date_epoch = source_date_epoch; 
+-}
+-
+ /* Sanity-checks are dependent on command-line options, so it is
+    called as a subroutine of cpp_read_main_file.  */
+ #if CHECKING_P
+diff --git a/libcpp/internal.h b/libcpp/internal.h
+index e3eb26b1f27..cea32ec73c6 100644
+--- a/libcpp/internal.h
++++ b/libcpp/internal.h
+@@ -503,7 +503,8 @@ struct cpp_reader
+   const unsigned char *time;
+ 
+   /* Externally set timestamp to replace current date and time useful for
+-     reproducibility.  */
++     reproducibility.  It should be initialized to -2 (not yet set) and
++     set to -1 to disable it or to a non-negative value to enable it.  */
+   time_t source_date_epoch;
+ 
+   /* EOF token, and a token forcing paste avoidance.  */
+diff --git a/libcpp/macro.c b/libcpp/macro.c
+index c2a83764660..a3b8348a23f 100644
+--- a/libcpp/macro.c
++++ b/libcpp/macro.c
+@@ -358,9 +358,13 @@ _cpp_builtin_macro_text (cpp_reader *pfile, cpp_hashnode *node,
+ 	  struct tm *tb = NULL;
+ 
+ 	  /* Set a reproducible timestamp for __DATE__ and __TIME__ macro
+-	     usage if SOURCE_DATE_EPOCH is defined.  */
+-	  if (pfile->source_date_epoch != (time_t) -1)
+-	     tb = gmtime (&pfile->source_date_epoch);
++	     if SOURCE_DATE_EPOCH is defined.  */
++	  if (pfile->source_date_epoch == (time_t) -2
++	      && pfile->cb.get_source_date_epoch != NULL)
++	    pfile->source_date_epoch = pfile->cb.get_source_date_epoch (pfile);
++
++	  if (pfile->source_date_epoch >= (time_t) 0)
++	    tb = gmtime (&pfile->source_date_epoch);
+ 	  else
+ 	    {
+ 	      /* (time_t) -1 is a legitimate value for "number of seconds
+-- 
+2.14.1
+
diff --git a/gnu/packages/patches/glusterfs-use-PATH-instead-of-hardcodes.patch b/gnu/packages/patches/glusterfs-use-PATH-instead-of-hardcodes.patch
new file mode 100644
index 0000000000..d05b4351b3
--- /dev/null
+++ b/gnu/packages/patches/glusterfs-use-PATH-instead-of-hardcodes.patch
@@ -0,0 +1,140 @@
+This patch was taken from Nixpkgs.
+
+From 616381bc25b0e90198683fb049f994e82d467d96 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Niklas=20Hamb=C3=BCchen?= <mail@nh2.me>
+Date: Sat, 13 May 2017 02:45:49 +0200
+Subject: [PATCH] Don't use hardcoded /sbin, /usr/bin etc. paths. Fixes
+ #1450546.
+
+Instead, rely on programs to be in PATH, as gluster already
+does in many places across its code base.
+
+Change-Id: Id21152fe42f5b67205d8f1571b0656c4d5f74246
+---
+ contrib/fuse-lib/mount-common.c               |  8 ++++----
+ xlators/mgmt/glusterd/src/glusterd-ganesha.c  |  6 +++---
+ xlators/mgmt/glusterd/src/glusterd-quota.c    |  6 +++---
+ xlators/mgmt/glusterd/src/glusterd-snapshot.c |  4 ++--
+ xlators/mgmt/glusterd/src/glusterd-utils.c    | 14 +-------------
+ 5 files changed, 13 insertions(+), 25 deletions(-)
+
+diff --git a/contrib/fuse-lib/mount-common.c b/contrib/fuse-lib/mount-common.c
+index e9f80fe81..6380dd867 100644
+--- a/contrib/fuse-lib/mount-common.c
++++ b/contrib/fuse-lib/mount-common.c
+@@ -255,16 +255,16 @@ fuse_mnt_umount (const char *progname, const char *abs_mnt,
+                         exit (1);
+                 }
+ #ifdef GF_LINUX_HOST_OS
+-                execl ("/bin/umount", "/bin/umount", "-i", rel_mnt,
++                execl ("umount", "umount", "-i", rel_mnt,
+                        lazy ? "-l" : NULL, NULL);
+-                GFFUSE_LOGERR ("%s: failed to execute /bin/umount: %s",
++                GFFUSE_LOGERR ("%s: failed to execute umount: %s",
+                                progname, strerror (errno));
+ #elif __NetBSD__
+                 /* exitting the filesystem causes the umount */
+                 exit (0);
+ #else
+-                execl ("/sbin/umount", "/sbin/umount", "-f", rel_mnt, NULL);
+-                GFFUSE_LOGERR ("%s: failed to execute /sbin/umount: %s",
++                execl ("umount", "umount", "-f", rel_mnt, NULL);
++                GFFUSE_LOGERR ("%s: failed to execute umount: %s",
+                                progname, strerror (errno));
+ #endif /* GF_LINUX_HOST_OS */
+                 exit (1);
+diff --git a/xlators/mgmt/glusterd/src/glusterd-quota.c b/xlators/mgmt/glusterd/src/glusterd-quota.c
+index 0e6629cf0..fcb4738b7 100644
+--- a/xlators/mgmt/glusterd/src/glusterd-quota.c
++++ b/xlators/mgmt/glusterd/src/glusterd-quota.c
+@@ -30,7 +30,7 @@
+ 
+ #ifndef _PATH_SETFATTR
+ # ifdef GF_LINUX_HOST_OS
+-#  define _PATH_SETFATTR "/usr/bin/setfattr"
++#  define _PATH_SETFATTR "setfattr"
+ # endif
+ # ifdef __NetBSD__
+ #  define _PATH_SETFATTR "/usr/pkg/bin/setfattr"
+@@ -335,7 +335,7 @@ _glusterd_quota_initiate_fs_crawl (glusterd_conf_t *priv,
+ 
+                 if (type == GF_QUOTA_OPTION_TYPE_ENABLE ||
+                     type == GF_QUOTA_OPTION_TYPE_ENABLE_OBJECTS)
+-                        runner_add_args (&runner, "/usr/bin/find", ".", NULL);
++                        runner_add_args (&runner, "find", ".", NULL);
+ 
+                 else if (type == GF_QUOTA_OPTION_TYPE_DISABLE) {
+ 
+@@ -351,7 +351,7 @@ _glusterd_quota_initiate_fs_crawl (glusterd_conf_t *priv,
+                                          VIRTUAL_QUOTA_XATTR_CLEANUP_KEY, "1",
+                                          "{}", "\\", ";", NULL);
+ #else
+-                        runner_add_args (&runner, "/usr/bin/find", ".",
++                        runner_add_args (&runner, "find", ".",
+                                          "-exec", _PATH_SETFATTR, "-n",
+                                          VIRTUAL_QUOTA_XATTR_CLEANUP_KEY, "-v",
+                                          "1", "{}", "\\", ";", NULL);
+diff --git a/xlators/mgmt/glusterd/src/glusterd-snapshot.c b/xlators/mgmt/glusterd/src/glusterd-snapshot.c
+index da0152366..f0d135350 100644
+--- a/xlators/mgmt/glusterd/src/glusterd-snapshot.c
++++ b/xlators/mgmt/glusterd/src/glusterd-snapshot.c
+@@ -121,7 +121,7 @@ glusterd_build_snap_device_path (char *device, char *snapname,
+         }
+ 
+         runinit (&runner);
+-        runner_add_args (&runner, "/sbin/lvs", "--noheadings", "-o", "vg_name",
++        runner_add_args (&runner, "lvs", "--noheadings", "-o", "vg_name",
+                          device, NULL);
+         runner_redir (&runner, STDOUT_FILENO, RUN_PIPE);
+         snprintf (msg, sizeof (msg), "Get volume group for device %s", device);
+@@ -1982,7 +1982,7 @@ glusterd_is_thinp_brick (char *device, uint32_t *op_errno)
+ 
+         runinit (&runner);
+ 
+-        runner_add_args (&runner, "/sbin/lvs", "--noheadings", "-o", "pool_lv",
++        runner_add_args (&runner, "lvs", "--noheadings", "-o", "pool_lv",
+                          device, NULL);
+         runner_redir (&runner, STDOUT_FILENO, RUN_PIPE);
+         runner_log (&runner, this->name, GF_LOG_DEBUG, msg);
+diff --git a/xlators/mgmt/glusterd/src/glusterd-utils.c b/xlators/mgmt/glusterd/src/glusterd-utils.c
+index 51db13df0..6fa7b92f9 100644
+--- a/xlators/mgmt/glusterd/src/glusterd-utils.c
++++ b/xlators/mgmt/glusterd/src/glusterd-utils.c
+@@ -6027,7 +6027,6 @@ static struct fs_info {
+         char *fs_tool_pattern;
+         char *fs_tool_pkg;
+ } glusterd_fs[] = {
+-        /* some linux have these in /usr/sbin/and others in /sbin/? */
+         { "xfs", "xfs_info", NULL, "isize=", "xfsprogs" },
+         { "ext3", "tune2fs", "-l", "Inode size:", "e2fsprogs" },
+         { "ext4", "tune2fs", "-l", "Inode size:", "e2fsprogs" },
+@@ -6048,7 +6047,6 @@ glusterd_add_inode_size_to_dict (dict_t *dict, int count)
+         char           *trail             = NULL;
+         runner_t        runner            = {0, };
+         struct fs_info *fs                = NULL;
+-        char            fs_tool_name[256] = {0, };
+         static dict_t  *cached_fs         = NULL;
+ 
+         memset (key, 0, sizeof (key));
+@@ -6085,17 +6083,7 @@ glusterd_add_inode_size_to_dict (dict_t *dict, int count)
+                                 cur_word = "N/A";
+                                 goto cached;
+                         }
+-
+-                        snprintf (fs_tool_name, sizeof (fs_tool_name),
+-                                  "/usr/sbin/%s", fs->fs_tool_name);
+-                        if (sys_access (fs_tool_name, R_OK|X_OK) == 0)
+-                                runner_add_arg (&runner, fs_tool_name);
+-                        else {
+-                                snprintf (fs_tool_name, sizeof (fs_tool_name),
+-                                          "/sbin/%s", fs->fs_tool_name);
+-                                if (sys_access (fs_tool_name, R_OK|X_OK) == 0)
+-                                        runner_add_arg (&runner, fs_tool_name);
+-                        }
++                        runner_add_arg (&runner, fs->fs_tool_name);
+                         break;
+                 }
+         }
+-- 
+2.12.0
+
diff --git a/gnu/packages/patches/guile-emacs-fix-configure.patch b/gnu/packages/patches/guile-emacs-fix-configure.patch
new file mode 100644
index 0000000000..b1f7146d21
--- /dev/null
+++ b/gnu/packages/patches/guile-emacs-fix-configure.patch
@@ -0,0 +1,211 @@
+Two patches here backporting fixes from Emacs master.
+
+Upstream status: emailed first patch to latest committer, Robin Templeton
+<robin@igalia.com>, no response.
+
+From dfcb3b6ff318e47b84a28cfc43f50bec42fa3570 Mon Sep 17 00:00:00 2001
+From: Jan Nieuwenhuizen <janneke@gnu.org>
+Date: Tue, 7 Nov 2017 18:48:03 +0100
+Subject: [PATCH 1/2] backport: Port jpeg configuration to Solaris 10 with Sun
+ C.
+
+* configure.ac: Check for jpeglib 6b by trying to link it, instead
+of relying on cpp magic that has problems in practice.  Check for
+both jpeglib.h and jerror.h features.  Remove special case for
+mingw32, which should no longer be needed (and if it were needed,
+should now be addressable by hotwiring emacs_cv_jpeglib).
+Fixes: bug#20332
+
+    From fdf532b9c915ad9ba72155646d29d0f530fd72ec Mon Sep 17 00:00:00 2001
+    From: Paul Eggert <address@hidden>
+    Date: Wed, 15 Apr 2015 18:30:01 -0700
+    Subject: [PATCH] Port jpeg configuration to Solaris 10 with Sun C.
+
+    * configure.ac: Check for jpeglib 6b by trying to link it, instead
+    of relying on cpp magic that has problems in practice.  Check for
+    both jpeglib.h and jerror.h features.  Remove special case for
+    mingw32, which should no longer be needed (and if it were needed,
+    should now be addressable by hotwiring emacs_cv_jpeglib).
+    Fixes: bug#20332
+---
+ configure.ac | 72 ++++++++++++++++++++++++++++--------------------------------
+ 1 file changed, 34 insertions(+), 38 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 2445db4886..36fa8eb390 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -3014,44 +3014,40 @@ AC_SUBST(LIBXPM)
+ ### mingw32 doesn't use -ljpeg, since it loads the library dynamically.
+ HAVE_JPEG=no
+ LIBJPEG=
+-if test "${opsys}" = "mingw32"; then
+-  if test "${with_jpeg}" != "no"; then
+-    dnl Checking for jpeglib.h can lose because of a redefinition of
+-    dnl HAVE_STDLIB_H.
+-    AC_CHECK_HEADER(jerror.h, HAVE_JPEG=yes, HAVE_JPEG=no)
+-  fi
+-  AH_TEMPLATE(HAVE_JPEG, [Define to 1 if you have the jpeg library (-ljpeg).])dnl
+-  if test "${HAVE_JPEG}" = "yes"; then
+-    AC_DEFINE(HAVE_JPEG)
+-    AC_EGREP_CPP([version= *(6[2-9]|[7-9][0-9])],
+-        [#include <jpeglib.h>
+-	 version=JPEG_LIB_VERSION
+-],
+-        [AC_DEFINE(HAVE_JPEG)],
+-        [AC_MSG_WARN([libjpeg found, but not version 6b or later])
+-        HAVE_JPEG=no])
+-  fi
+-elif test "${HAVE_X11}" = "yes" || test "${HAVE_W32}" = "yes"; then
+-  if test "${with_jpeg}" != "no"; then
+-    dnl Checking for jpeglib.h can lose because of a redefinition of
+-    dnl  HAVE_STDLIB_H.
+-    AC_CHECK_HEADER(jerror.h,
+-      [AC_CHECK_LIB(jpeg, jpeg_destroy_compress, HAVE_JPEG=yes)])
+-  fi
+-
+-  AH_TEMPLATE(HAVE_JPEG, [Define to 1 if you have the jpeg library (-ljpeg).])dnl
+-  if test "${HAVE_JPEG}" = "yes"; then
+-    AC_DEFINE(HAVE_JPEG)
+-    AC_EGREP_CPP([version= *(6[2-9]|[7-9][0-9])],
+-	[#include <jpeglib.h>
+-	 version=JPEG_LIB_VERSION
+-],
+-	[AC_DEFINE(HAVE_JPEG)],
+-	[AC_MSG_WARN([libjpeg found, but not version 6b or later])
+-	HAVE_JPEG=no])
+-  fi
+-  if test "${HAVE_JPEG}" = "yes"; then
+-    LIBJPEG=-ljpeg
++if test "${with_jpeg}" != "no"; then
++  AC_CACHE_CHECK([for jpeglib 6b or later],
++    [emacs_cv_jpeglib],
++    [OLD_LIBS=$LIBS
++     for emacs_cv_jpeglib in yes -ljpeg no; do
++       case $emacs_cv_jpeglib in
++	 yes) ;;
++         no) break;;
++	 *) LIBS="$LIBS $emacs_cv_jpeglib";;
++       esac
++       AC_LINK_IFELSE(
++	 [AC_LANG_PROGRAM(
++	    [[#undef HAVE_STDLIB_H /* Avoid config.h/jpeglib.h collision.  */
++	      #include <stdio.h> /* jpeglib.h needs FILE and size_t.  */
++	      #include <jpeglib.h>
++	      #include <jerror.h>
++	      char verify[JPEG_LIB_VERSION < 62 ? -1 : 1];
++	      struct jpeg_decompress_struct cinfo;
++	    ]],
++	    [[
++	      jpeg_create_decompress (&cinfo);
++	      WARNMS (&cinfo, JWRN_JPEG_EOF);
++	      jpeg_destroy_decompress (&cinfo);
++	    ]])],
++	 [emacs_link_ok=yes],
++	 [emacs_link_ok=no])
++       LIBS=$OLD_LIBS
++       test $emacs_link_ok = yes && break
++     done])
++  if test "$emacs_cv_jpeglib" != no; then
++    HAVE_JPEG=yes
++    AC_DEFINE([HAVE_JPEG], 1,
++      [Define to 1 if you have the jpeg library (typically -ljpeg).])
++    test "$emacs_cv_jpeglib" != yes && LIBJPEG=$emacs_cv_jpeglib
+   fi
+ fi
+ AC_SUBST(LIBJPEG)
+-- 
+Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
+Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
+
+From f761b92d520b72954be28ad66eb82d1a96c785fb Mon Sep 17 00:00:00 2001
+From: Jan Nieuwenhuizen <janneke@gnu.org>
+Date: Wed, 8 Nov 2017 14:05:43 +0100
+Subject: [PATCH 2/2] backport fix for #24065: calloc loop when compiling with
+ -O2.
+
+This patch fixes
+
+    EMACSLOADPATH= '../src/bootstrap-emacs' -batch --no-site-file --no-site-lisp -l autoload \
+       --eval "(setq generate-autoload-cookie \";;;###cal-autoload\")" \
+       --eval "(setq generated-autoload-file (expand-file-name
+    (unmsys--file-name
+    \"../../git-checkout/lisp/calendar/cal-loaddefs.el\")))" \
+       -f batch-update-autoloads ../../git-checkout/lisp/calendar
+    make[2]: *** [Makefile:466: ../../git-checkout/lisp/calendar/cal-loaddefs.el] Segmentation fault
+
+in gdb seen as
+
+    in calloc (nmemb=<error reading variable: DWARF-2 expression error:Loop detected (257).>, size=size@entry=1) at gmalloc.c:1510
+
+I did not find malloc-fixing commits from emacs master to cleanly
+cherry-pick, so this patch replaces the relevant part in configure
+(emacs 53da55b8cc45e76b836ebaadd23f46e92d25abce).
+
+* configure.ac: backport system_malloc/hybrid_malloc detection.
+---
+ configure.ac | 29 ++++++++++++++++++++++++++++-
+ 1 file changed, 28 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 36fa8eb390..3cc1794f37 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1966,7 +1966,25 @@ case "$opsys" in
+   darwin|mingw32|sol2-10) system_malloc=yes ;;
+ esac
+ 
++hybrid_malloc=
++system_malloc=yes
++
++test "$CANNOT_DUMP" = yes ||
++case "$opsys" in
++  ## darwin ld insists on the use of malloc routines in the System framework.
++  darwin | mingw32 | nacl | sol2-10) ;;
++  cygwin) hybrid_malloc=yes
++          system_malloc= ;;
++  *) test "$ac_cv_func_sbrk" = yes && system_malloc=$emacs_cv_sanitize_address;;
++esac
++
++if test "${system_malloc}" != yes && test "${doug_lea_malloc}" != yes \
++   && test "${UNEXEC_OBJ}" = unexelf.o; then
++  hybrid_malloc=yes
++fi
++
+ GMALLOC_OBJ=
++HYBRID_MALLOC=
+ if test "${system_malloc}" = "yes"; then
+   AC_DEFINE([SYSTEM_MALLOC], 1,
+     [Define to 1 to use the system memory allocator, even if it is not
+@@ -1975,6 +1993,14 @@ if test "${system_malloc}" = "yes"; then
+   GNU_MALLOC_reason="
+     (The GNU allocators don't work with this system configuration.)"
+   VMLIMIT_OBJ=
++elif test "$hybrid_malloc" = yes; then
++  AC_DEFINE(HYBRID_MALLOC, 1,
++    [Define to use gmalloc before dumping and the system malloc after.])
++  HYBRID_MALLOC=1
++  GNU_MALLOC=no
++  GNU_MALLOC_reason=" (only before dumping)"
++  GMALLOC_OBJ=gmalloc.o
++  VMLIMIT_OBJ=
+ else
+   test "$doug_lea_malloc" != "yes" && GMALLOC_OBJ=gmalloc.o
+   VMLIMIT_OBJ=vm-limit.o
+@@ -1993,10 +2019,11 @@ else
+        of the main data segment.])
+   fi
+ fi
++AC_SUBST([HYBRID_MALLOC])
+ AC_SUBST(GMALLOC_OBJ)
+ AC_SUBST(VMLIMIT_OBJ)
+ 
+-if test "$doug_lea_malloc" = "yes" ; then
++if test "$doug_lea_malloc" = "yes" && test "$hybrid_malloc" != yes; then
+   if test "$GNU_MALLOC" = yes ; then
+     GNU_MALLOC_reason="
+       (Using Doug Lea's new malloc from the GNU C Library.)"
+-- 
+Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
+Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
+
diff --git a/gnu/packages/patches/higan-remove-march-native-flag.patch b/gnu/packages/patches/higan-remove-march-native-flag.patch
index 8f4a36dc35..30d4cdd061 100644
--- a/gnu/packages/patches/higan-remove-march-native-flag.patch
+++ b/gnu/packages/patches/higan-remove-march-native-flag.patch
@@ -2,12 +2,11 @@ Remove -march=native from build flags.
 
 --- a/higan/GNUmakefile
 +++ b/higan/GNUmakefile
-@@ -32,7 +32,7 @@ ifeq ($(platform),windows)
- else ifeq ($(platform),macosx)
-   flags += -march=native
- else ifneq ($(filter $(platform),linux bsd),)
--  flags += -march=native -fopenmp
-+  flags += -fopenmp
+@@ -26,7 +26,6 @@
+   flags += -fopenmp
    link += -fopenmp
-   link += -Wl,-export-dynamic
-   link += -lX11 -lXext
+   ifeq ($(binary),application)
+-    flags += -march=native
+     link += -Wl,-export-dynamic
+     link += -lX11 -lXext
+   else ifeq ($(binary),library)
diff --git a/gnu/packages/patches/libmygpo-qt-fix-jsoncreatortest.patch b/gnu/packages/patches/libmygpo-qt-fix-jsoncreatortest.patch
new file mode 100644
index 0000000000..c457d592cc
--- /dev/null
+++ b/gnu/packages/patches/libmygpo-qt-fix-jsoncreatortest.patch
@@ -0,0 +1,41 @@
+From ebe2323727f8d646590245b0bf06dbc92b5808d6 Mon Sep 17 00:00:00 2001
+From: Golubev Alexander <fatzer2@gmail.com>
+Date: Tue, 20 Sep 2016 15:33:30 +0400
+Subject: [PATCH] JsonCreatorTest failed due to extra space
+
+JsonCreatorTest failed with next message:
+```
+********* Start testing of mygpo::JsonCreatorTest *********
+Config: Using QTest library 4.8.6, Qt 4.8.6
+PASS   : mygpo::JsonCreatorTest::initTestCase()
+PASS   : mygpo::JsonCreatorTest::testAddRemoveSubsToJSON()
+PASS   : mygpo::JsonCreatorTest::testSaveSettingsToJSON()
+FAIL!  : mygpo::JsonCreatorTest::testEpisodeActionListToJSON() Compared values are not the same
+   Actual (outString2): [{"action":"download","device":"device1","episode":"http://episode.url","podcast":"http://podcast.url","timestamp":"1998-01-01T00:01:02"},{"action":"delete","device":"device3","episode":"http://episode2.url","podcast":"http://podcast2.url","timestamp":"1920-01-01T12:01:02"},{"action":"new","device":"foodev","episode":"http://www.podtrac.com","podcast":"http://leo.am","timestamp":"1998-01-01T00:01:02"},{"action":"play","device":"foodev","episode":"http://www.podtrac.com","podcast":"http://leo.am","timestamp":"1920-01-01T12:01:02"},{"action":"play","device":"foodev","episode":"http://www.podtrac.com","podcast":"http://leo.am","position":123,"started":10,"timestamp":"1998-01-01T00:01:02","total":321},{"action":"play","device":"foodev","episode":"http://www.podtrac.com","podcast":"http://leo.am","position":10,"timestamp":"1998-01-01T00:01:02"}]
+   Expected (expected2): [{"action":"download","device":"device1","episode":"http://episode.url","podcast":"http:
+   Loc: [/var/tmp/portage/media-libs/libmygpo-qt-1.0.9-r1/work/libmygpo-qt-1.0.9/tests/JsonCreatorTest.cpp(138)]
+PASS   : mygpo::JsonCreatorTest::testRenameDeviceStringToJSON()
+PASS   : mygpo::JsonCreatorTest::testDeviceSynchronizationListsToJSON()
+PASS   : mygpo::JsonCreatorTest::cleanupTestCase()
+Totals: 6 passed, 1 failed, 0 skipped
+********* Finished testing of mygpo::JsonCreatorTest *********
+```
+
+This was caused by extra space in the expected string.
+---
+ tests/JsonCreatorTest.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/JsonCreatorTest.cpp b/tests/JsonCreatorTest.cpp
+index b15b006..feb03d5 100644
+--- a/tests/JsonCreatorTest.cpp
++++ b/tests/JsonCreatorTest.cpp
+@@ -133,7 +133,7 @@ void JsonCreatorTest::testEpisodeActionListToJSON()
+ 
+   output = JsonCreator::episodeActionListToJSON(episodeActions);
+   QString outString2 = QString::fromLatin1( output ).replace( QLatin1String(" "), QLatin1String("") );
+-  QString expected2( QLatin1String( "[{\"action\":\"download\",\"device\":\"device1\",\"episode\":\"http://episode.url\",\"podcast\":\"http://podcast.url\",\"timestamp\":\"1998-01-01T00:01:02\"},{\"action\":\"delete\",\"device\":\"device3\",\"episode\":\"http://episode2.url\",\"podcast\":\"http://podcast2.url\",\"timestamp\":\"1920-01-01T12:01:02\"},{\"action\":\"new\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"timestamp\":\"1998-01-01T00:01:02\"},{\"action\":\"play\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"timestamp\":\"1920-01-01T12:01:02\" },{\"action\":\"play\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"position\":123,\"started\":10,\"timestamp\":\"1998-01-01T00:01:02\",\"total\":321},{\"action\":\"play\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"position\":10,\"timestamp\":\"1998-01-01T00:01:02\"}]" ) );
++  QString expected2( QLatin1String( "[{\"action\":\"download\",\"device\":\"device1\",\"episode\":\"http://episode.url\",\"podcast\":\"http://podcast.url\",\"timestamp\":\"1998-01-01T00:01:02\"},{\"action\":\"delete\",\"device\":\"device3\",\"episode\":\"http://episode2.url\",\"podcast\":\"http://podcast2.url\",\"timestamp\":\"1920-01-01T12:01:02\"},{\"action\":\"new\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"timestamp\":\"1998-01-01T00:01:02\"},{\"action\":\"play\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"timestamp\":\"1920-01-01T12:01:02\"},{\"action\":\"play\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"position\":123,\"started\":10,\"timestamp\":\"1998-01-01T00:01:02\",\"total\":321},{\"action\":\"play\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"position\":10,\"timestamp\":\"1998-01-01T00:01:02\"}]" ) );
+ 
+   QCOMPARE(outString2, expected2 );
+ }
diff --git a/gnu/packages/patches/libtorrent-rasterbar-boost-compat.patch b/gnu/packages/patches/libtorrent-rasterbar-boost-compat.patch
deleted file mode 100644
index 85bea76efe..0000000000
--- a/gnu/packages/patches/libtorrent-rasterbar-boost-compat.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Fix compatibility with Boost 1.63.
-
-Patch copied from upstream source repository:
-
-https://github.com/arvidn/libtorrent/commit/6d2d736cecce0af274dd651dd1f562716b625d92
-
-From 6d2d736cecce0af274dd651dd1f562716b625d92 Mon Sep 17 00:00:00 2001
-From: arvidn <arvid@cs.umu.se>
-Date: Sun, 12 Mar 2017 13:03:26 -0400
-Subject: [PATCH] fix test_ssl.cpp build with newer versions of boost
-
----
- test/test_ssl.cpp | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/test/test_ssl.cpp b/test/test_ssl.cpp
-index 01c5bc7..2903332 100644
---- a/test/test_ssl.cpp
-+++ b/test/test_ssl.cpp
-@@ -51,7 +51,6 @@ POSSIBILITY OF SUCH DAMAGE.
- #include <boost/asio/connect.hpp>
- 
- #ifdef TORRENT_USE_OPENSSL
--#include <boost/asio/ssl/error.hpp> // for asio::error::get_ssl_category()
- #include <boost/asio/ssl.hpp>
- 
- #include "libtorrent/aux_/disable_warnings_pop.hpp"
diff --git a/gnu/packages/patches/libvirt-CVE-2017-1000256.patch b/gnu/packages/patches/libvirt-CVE-2017-1000256.patch
deleted file mode 100644
index d577e1eb50..0000000000
--- a/gnu/packages/patches/libvirt-CVE-2017-1000256.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-Fix CVE-2017-1000256:
-
-https://security.libvirt.org/2017/0002.html
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000256
-
-Patch copied from upstream source repository:
-
-https://libvirt.org/git/?p=libvirt.git;a=commit;h=dc6c41798d1eb5c52c75365ffa22f7672709dfa7
-
-From dc6c41798d1eb5c52c75365ffa22f7672709dfa7 Mon Sep 17 00:00:00 2001
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Thu, 5 Oct 2017 17:54:28 +0100
-Subject: [PATCH] qemu: ensure TLS clients always verify the server certificate
-
-The default_tls_x509_verify (and related) parameters in qemu.conf
-control whether the QEMU TLS servers request & verify certificates
-from clients. This works as a simple access control system for
-servers by requiring the CA to issue certs to permitted clients.
-This use of client certificates is disabled by default, since it
-requires extra work to issue client certificates.
-
-Unfortunately the code was using this configuration parameter when
-setting up both TLS clients and servers in QEMU. The result was that
-TLS clients for character devices and disk devices had verification
-turned off, meaning they would ignore errors while validating the
-server certificate.
-
-This allows for trivial MITM attacks between client and server,
-as any certificate returned by the attacker will be accepted by
-the client.
-
-This is assigned CVE-2017-1000256  / LSN-2017-0002
-
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
-(cherry picked from commit 441d3eb6d1be940a67ce45a286602a967601b157)
----
- src/qemu/qemu_command.c                            |    2 +-
- .../qemuxml2argv-serial-tcp-tlsx509-chardev.args   |    2 +-
- ...xml2argv-serial-tcp-tlsx509-secret-chardev.args |    2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
-index 9a27987..ae78cd1 100644
---- a/src/qemu/qemu_command.c
-+++ b/src/qemu/qemu_command.c
-@@ -718,7 +718,7 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
-     if (virJSONValueObjectCreate(propsret,
-                                  "s:dir", path,
-                                  "s:endpoint", (isListen ? "server": "client"),
--                                 "b:verify-peer", verifypeer,
-+                                 "b:verify-peer", (isListen ? verifypeer : true),
-                                  NULL) < 0)
-         goto cleanup;
- 
-diff --git a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
-index 5aff773..ab5f7e2 100644
---- a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
-+++ b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
-@@ -26,7 +26,7 @@ server,nowait \
- localport=1111 \
- -device isa-serial,chardev=charserial0,id=serial0 \
- -object tls-creds-x509,id=objcharserial1_tls0,dir=/etc/pki/libvirt-chardev,\
--endpoint=client,verify-peer=no \
-+endpoint=client,verify-peer=yes \
- -chardev socket,id=charserial1,host=127.0.0.1,port=5555,\
- tls-creds=objcharserial1_tls0 \
- -device isa-serial,chardev=charserial1,id=serial1 \
-diff --git a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
-index 91f1fe0..2567abb 100644
---- a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
-+++ b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
-@@ -31,7 +31,7 @@ localport=1111 \
- data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
- keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
- -object tls-creds-x509,id=objcharserial1_tls0,dir=/etc/pki/libvirt-chardev,\
--endpoint=client,verify-peer=no,passwordid=charserial1-secret0 \
-+endpoint=client,verify-peer=yes,passwordid=charserial1-secret0 \
- -chardev socket,id=charserial1,host=127.0.0.1,port=5555,\
- tls-creds=objcharserial1_tls0 \
- -device isa-serial,chardev=charserial1,id=serial1 \
--- 
-1.7.1
-
diff --git a/gnu/packages/patches/node-test-http2-server-rst-stream.patch b/gnu/packages/patches/node-test-http2-server-rst-stream.patch
new file mode 100644
index 0000000000..c2f85010b1
--- /dev/null
+++ b/gnu/packages/patches/node-test-http2-server-rst-stream.patch
@@ -0,0 +1,131 @@
+From a41cc020fd6e40b358103425edfa50e6a10fc973 Mon Sep 17 00:00:00 2001
+From: Anatoli Papirovski <apapirovski@mac.com>
+Date: Thu, 2 Nov 2017 12:46:31 -0400
+Subject: [PATCH] test: fix flaky test-http2-server-rst-stream.js
+
+PR-URL: https://github.com/nodejs/node/pull/16690
+Fixes: https://github.com/nodejs/node/issues/16688
+Reviewed-By: James M Snell <jasnell@gmail.com>
+Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
+---
+ test/parallel/test-http2-server-rst-stream.js | 93 ++++++++++-----------------
+ 1 file changed, 35 insertions(+), 58 deletions(-)
+
+diff --git a/test/parallel/test-http2-server-rst-stream.js b/test/parallel/test-http2-server-rst-stream.js
+index b92217dc99..dd38efb42f 100644
+--- a/test/parallel/test-http2-server-rst-stream.js
++++ b/test/parallel/test-http2-server-rst-stream.js
+@@ -5,11 +5,9 @@ if (!common.hasCrypto)
+   common.skip('missing crypto');
+ const assert = require('assert');
+ const http2 = require('http2');
++const Countdown = require('../common/countdown');
+ 
+ const {
+-  HTTP2_HEADER_METHOD,
+-  HTTP2_HEADER_PATH,
+-  HTTP2_METHOD_POST,
+   NGHTTP2_CANCEL,
+   NGHTTP2_NO_ERROR,
+   NGHTTP2_PROTOCOL_ERROR,
+@@ -17,63 +15,42 @@ const {
+   NGHTTP2_INTERNAL_ERROR
+ } = http2.constants;
+ 
+-const errCheck = common.expectsError({ code: 'ERR_HTTP2_STREAM_ERROR' }, 6);
++const tests = [
++  ['rstStream', NGHTTP2_NO_ERROR, false],
++  ['rstWithNoError', NGHTTP2_NO_ERROR, false],
++  ['rstWithProtocolError', NGHTTP2_PROTOCOL_ERROR, true],
++  ['rstWithCancel', NGHTTP2_CANCEL, false],
++  ['rstWithRefuse', NGHTTP2_REFUSED_STREAM, true],
++  ['rstWithInternalError', NGHTTP2_INTERNAL_ERROR, true]
++];
++
++const server = http2.createServer();
++server.on('stream', (stream, headers) => {
++  const method = headers['rstmethod'];
++  stream[method]();
++});
++
++server.listen(0, common.mustCall(() => {
++  const client = http2.connect(`http://localhost:${server.address().port}`);
++
++  const countdown = new Countdown(tests.length, common.mustCall(() => {
++    client.destroy();
++    server.close();
++  }));
+ 
+-function checkRstCode(rstMethod, expectRstCode) {
+-  const server = http2.createServer();
+-  server.on('stream', (stream, headers, flags) => {
+-    stream.respond({
+-      'content-type': 'text/html',
+-      ':status': 200
++  tests.forEach((test) => {
++    const req = client.request({
++      ':method': 'POST',
++      rstmethod: test[0]
+     });
+-    stream.write('test');
+-    if (rstMethod === 'rstStream')
+-      stream[rstMethod](expectRstCode);
+-    else
+-      stream[rstMethod]();
+-
+-    if (expectRstCode !== NGHTTP2_NO_ERROR &&
+-        expectRstCode !== NGHTTP2_CANCEL) {
+-      stream.on('error', common.mustCall(errCheck));
+-    } else {
+-      stream.on('error', common.mustNotCall());
+-    }
+-  });
+-
+-  server.listen(0, common.mustCall(() => {
+-    const port = server.address().port;
+-    const client = http2.connect(`http://localhost:${port}`);
+-
+-    const headers = {
+-      [HTTP2_HEADER_PATH]: '/',
+-      [HTTP2_HEADER_METHOD]: HTTP2_METHOD_POST
+-    };
+-    const req = client.request(headers);
+-
+-    req.setEncoding('utf8');
+-    req.on('streamClosed', common.mustCall((actualRstCode) => {
+-      assert.strictEqual(
+-        expectRstCode, actualRstCode, `${rstMethod} is not match rstCode`);
+-      server.close();
+-      client.destroy();
++    req.on('streamClosed', common.mustCall((code) => {
++      assert.strictEqual(code, test[1]);
++      countdown.dec();
+     }));
+-    req.on('data', common.mustCall());
+     req.on('aborted', common.mustCall());
+-    req.on('end', common.mustCall());
+-
+-    if (expectRstCode !== NGHTTP2_NO_ERROR &&
+-        expectRstCode !== NGHTTP2_CANCEL) {
+-      req.on('error', common.mustCall(errCheck));
+-    } else {
++    if (test[2])
++      req.on('error', common.mustCall());
++    else
+       req.on('error', common.mustNotCall());
+-    }
+-
+-  }));
+-}
+-
+-checkRstCode('rstStream', NGHTTP2_NO_ERROR);
+-checkRstCode('rstWithNoError', NGHTTP2_NO_ERROR);
+-checkRstCode('rstWithProtocolError', NGHTTP2_PROTOCOL_ERROR);
+-checkRstCode('rstWithCancel', NGHTTP2_CANCEL);
+-checkRstCode('rstWithRefuse', NGHTTP2_REFUSED_STREAM);
+-checkRstCode('rstWithInternalError', NGHTTP2_INTERNAL_ERROR);
++  });
++}));
+-- 
+2.15.0
+
diff --git a/gnu/packages/patches/optipng-CVE-2017-1000229.patch b/gnu/packages/patches/optipng-CVE-2017-1000229.patch
new file mode 100644
index 0000000000..2cb3b2f21c
--- /dev/null
+++ b/gnu/packages/patches/optipng-CVE-2017-1000229.patch
@@ -0,0 +1,22 @@
+Fix CVE-2017-1000229:
+
+https://security-tracker.debian.org/tracker/CVE-2017-1000229
+https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000229.html
+https://nvd.nist.gov/vuln/detail/CVE-2017-1000229
+
+Patch copied from upstream bug tracker:
+https://sourceforge.net/p/optipng/bugs/65/
+
+diff --git a/src/minitiff/tiffread.c b/src/minitiff/tiffread.c
+index b4910ec..5f9b376 100644
+--- a/src/minitiff/tiffread.c
++++ b/src/minitiff/tiffread.c
+@@ -350,6 +350,8 @@ minitiff_read_info(struct minitiff_info *tiff_ptr, FILE *fp)
+         count = tiff_ptr->strip_offsets_count;
+         if (count == 0 || count > tiff_ptr->height)
+             goto err_invalid;
++        if (count > (size_t)-1 / sizeof(long))
++            goto err_memory;
+         tiff_ptr->strip_offsets = (long *)malloc(count * sizeof(long));
+         if (tiff_ptr->strip_offsets == NULL)
+             goto err_memory;
diff --git a/gnu/packages/patches/pcmanfm-CVE-2017-8934.patch b/gnu/packages/patches/pcmanfm-CVE-2017-8934.patch
new file mode 100644
index 0000000000..489d22c83b
--- /dev/null
+++ b/gnu/packages/patches/pcmanfm-CVE-2017-8934.patch
@@ -0,0 +1,56 @@
+From bc8c3d871e9ecc67c47ff002b68cf049793faf08 Mon Sep 17 00:00:00 2001
+From: Andriy Grytsenko <andrej@rep.kiev.ua>
+Date: Sun, 14 May 2017 21:35:40 +0300
+Subject: [PATCH] Fix potential access violation, use runtime user dir instead
+ of tmp dir.
+
+---
+ NEWS              | 4 ++++
+ src/single-inst.c | 7 ++++++-
+ 2 files changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/NEWS b/NEWS
+index 8c2049a..876f7f3 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,3 +1,7 @@
++* Fixed potential access violation, use runtime user dir instead of tmp dir
++    for single instance socket.
++
++
+ Changes on 1.2.5 since 1.2.4:
+ 
+ * Removed options to Cut, Remove and Rename from context menu on mounted
+diff --git a/src/single-inst.c b/src/single-inst.c
+index 62c37b3..aaf84ab 100644
+--- a/src/single-inst.c
++++ b/src/single-inst.c
+@@ -2,7 +2,7 @@
+  *      single-inst.c: simple IPC mechanism for single instance app
+  *
+  *      Copyright 2010 Hong Jen Yee (PCMan) <pcman.tw@gmail.com>
+- *      Copyright 2012 Andriy Grytsenko (LStranger) <andrej@rep.kiev.ua>
++ *      Copyright 2012-2017 Andriy Grytsenko (LStranger) <andrej@rep.kiev.ua>
+  *
+  *      This program is free software; you can redistribute it and/or modify
+  *      it under the terms of the GNU General Public License as published by
+@@ -404,11 +404,16 @@ static void get_socket_name(SingleInstData* data, char* buf, int len)
+     }
+     else
+         dpynum = 0;
++#if GLIB_CHECK_VERSION(2, 28, 0)
++    g_snprintf(buf, len, "%s/%s-socket-%s-%d", g_get_user_runtime_dir(),
++               data->prog_name, host ? host : "", dpynum);
++#else
+     g_snprintf(buf, len, "%s/.%s-socket-%s-%d-%s",
+                 g_get_tmp_dir(),
+                 data->prog_name,
+                 host ? host : "",
+                 dpynum,
+                 g_get_user_name());
++#endif
+ }
+ 
+-- 
+2.1.4
+
diff --git a/gnu/packages/patches/perl-text-markdown-discount-use-system-markdown.patch b/gnu/packages/patches/perl-text-markdown-discount-unbundle.patch
index e0df632a04..e0df632a04 100644
--- a/gnu/packages/patches/perl-text-markdown-discount-use-system-markdown.patch
+++ b/gnu/packages/patches/perl-text-markdown-discount-unbundle.patch
diff --git a/gnu/packages/patches/procmail-CVE-2017-16844.patch b/gnu/packages/patches/procmail-CVE-2017-16844.patch
new file mode 100644
index 0000000000..b96540c8cd
--- /dev/null
+++ b/gnu/packages/patches/procmail-CVE-2017-16844.patch
@@ -0,0 +1,25 @@
+Fix CVE-2017-16844:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16844
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511
+
+Patch copied from Debian procmail package 3.22-26:
+
+http://http.debian.net/debian/pool/main/p/procmail/procmail_3.22-26.debian.tar.xz
+
+From: Santiago Vila <sanvila@debian.org>
+Subject: Fix heap-based buffer overflow in loadbuf()
+Bug-Debian: http://bugs.debian.org/876511
+X-Debian-version: 3.22-26
+
+--- a/src/formisc.c
++++ b/src/formisc.c
+@@ -103,7 +103,7 @@
+ }
+ 							    /* append to buf */
+ void loadbuf(text,len)const char*const text;const size_t len;
+-{ if(buffilled+len>buflen)			  /* buf can't hold the text */
++{ while(buffilled+len>buflen)			  /* buf can't hold the text */
+      buf=realloc(buf,buflen+=Bsize);
+   tmemmove(buf+buffilled,text,len);buffilled+=len;
+ }
diff --git a/gnu/packages/patches/qemu-CVE-2017-15118.patch b/gnu/packages/patches/qemu-CVE-2017-15118.patch
new file mode 100644
index 0000000000..d427317be9
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-15118.patch
@@ -0,0 +1,58 @@
+Fix CVE-2017-15118:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15118
+https://bugzilla.redhat.com/show_bug.cgi?id=1516922
+
+Patch copied from upstream source repository:
+
+https://git.qemu.org/?p=qemu.git;a=commitdiff;h=51ae4f8455c9e32c54770c4ebc25bf86a8128183
+
+From 51ae4f8455c9e32c54770c4ebc25bf86a8128183 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Wed, 22 Nov 2017 15:07:22 -0600
+Subject: [PATCH] nbd/server: CVE-2017-15118 Stack smash on large export name
+
+Introduced in commit f37708f6b8 (2.10).  The NBD spec says a client
+can request export names up to 4096 bytes in length, even though
+they should not expect success on names longer than 256.  However,
+qemu hard-codes the limit of 256, and fails to filter out a client
+that probes for a longer name; the result is a stack smash that can
+potentially give an attacker arbitrary control over the qemu
+process.
+
+The smash can be easily demonstrated with this client:
+$ qemu-io f raw nbd://localhost:10809/$(printf %3000d 1 | tr ' ' a)
+
+If the qemu NBD server binary (whether the standalone qemu-nbd, or
+the builtin server of QMP nbd-server-start) was compiled with
+-fstack-protector-strong, the ability to exploit the stack smash
+into arbitrary execution is a lot more difficult (but still
+theoretically possible to a determined attacker, perhaps in
+combination with other CVEs).  Still, crashing a running qemu (and
+losing the VM) is bad enough, even if the attacker did not obtain
+full execution control.
+
+CC: qemu-stable@nongnu.org
+Signed-off-by: Eric Blake <eblake@redhat.com>
+---
+ nbd/server.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/nbd/server.c b/nbd/server.c
+index a81801e3bc..92c0fdd03b 100644
+--- a/nbd/server.c
++++ b/nbd/server.c
+@@ -386,6 +386,10 @@ static int nbd_negotiate_handle_info(NBDClient *client, uint32_t length,
+         msg = "name length is incorrect";
+         goto invalid;
+     }
++    if (namelen >= sizeof(name)) {
++        msg = "name too long for qemu";
++        goto invalid;
++    }
+     if (nbd_read(client->ioc, name, namelen, errp) < 0) {
+         return -EIO;
+     }
+-- 
+2.15.0
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-15119.patch b/gnu/packages/patches/qemu-CVE-2017-15119.patch
new file mode 100644
index 0000000000..6265ecf8d6
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-15119.patch
@@ -0,0 +1,68 @@
+Fix CVE-2017-15119:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15119
+https://bugzilla.redhat.com/show_bug.cgi?id=1516925
+
+Patch copied from upstream source repository:
+
+https://git.qemu.org/?p=qemu.git;a=commitdiff;h=fdad35ef6c5839d50dfc14073364ac893afebc30
+
+From fdad35ef6c5839d50dfc14073364ac893afebc30 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Wed, 22 Nov 2017 16:25:16 -0600
+Subject: [PATCH] nbd/server: CVE-2017-15119 Reject options larger than 32M
+
+The NBD spec gives us permission to abruptly disconnect on clients
+that send outrageously large option requests, rather than having
+to spend the time reading to the end of the option.  No real
+option request requires that much data anyways; and meanwhile, we
+already have the practice of abruptly dropping the connection on
+any client that sends NBD_CMD_WRITE with a payload larger than 32M.
+
+For comparison, nbdkit drops the connection on any request with
+more than 4096 bytes; however, that limit is probably too low
+(as the NBD spec states an export name can theoretically be up
+to 4096 bytes, which means a valid NBD_OPT_INFO could be even
+longer) - even if qemu doesn't permit exports longer than 256
+bytes.
+
+It could be argued that a malicious client trying to get us to
+read nearly 4G of data on a bad request is a form of denial of
+service.  In particular, if the server requires TLS, but a client
+that does not know the TLS credentials sends any option (other
+than NBD_OPT_STARTTLS or NBD_OPT_EXPORT_NAME) with a stated
+payload of nearly 4G, then the server was keeping the connection
+alive trying to read all the payload, tying up resources that it
+would rather be spending on a client that can get past the TLS
+handshake.  Hence, this warranted a CVE.
+
+Present since at least 2.5 when handling known options, and made
+worse in 2.6 when fixing support for NBD_FLAG_C_FIXED_NEWSTYLE
+to handle unknown options.
+
+CC: qemu-stable@nongnu.org
+Signed-off-by: Eric Blake <eblake@redhat.com>
+---
+ nbd/server.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/nbd/server.c b/nbd/server.c
+index 7d6801b427..a81801e3bc 100644
+--- a/nbd/server.c
++++ b/nbd/server.c
+@@ -673,6 +673,12 @@ static int nbd_negotiate_options(NBDClient *client, uint16_t myflags,
+         }
+         length = be32_to_cpu(length);
+ 
++        if (length > NBD_MAX_BUFFER_SIZE) {
++            error_setg(errp, "len (%" PRIu32" ) is larger than max len (%u)",
++                       length, NBD_MAX_BUFFER_SIZE);
++            return -EINVAL;
++        }
++
+         trace_nbd_negotiate_options_check_option(option,
+                                                  nbd_opt_lookup(option));
+         if (client->tlscreds &&
+-- 
+2.15.0
+
diff --git a/gnu/packages/patches/shepherd-close-fds.patch b/gnu/packages/patches/shepherd-close-fds.patch
new file mode 100644
index 0000000000..2078b15265
--- /dev/null
+++ b/gnu/packages/patches/shepherd-close-fds.patch
@@ -0,0 +1,36 @@
+commit 3e346a2a84b099766ea8a3a4a4549f6172483062
+Author: Ludovic Courtès <ludo@gnu.org>
+Date:   Sun Dec 3 22:30:03 2017 +0100
+
+    service: In 'exec-command', close open ports before 'execl'.
+    
+    This gets rid of annoying "Bad file descriptor" warnings from shepherd.
+    
+    * modules/shepherd/service.scm (exec-command): In 'loop', invoke
+    'close-port' and the ports returned by (fdes->ports i).
+
+diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm
+index b2d8bc5..0ad28a0 100644
+--- a/modules/shepherd/service.scm
++++ b/modules/shepherd/service.scm
+@@ -1,5 +1,5 @@
+ ;; service.scm -- Representation of services.
+-;; Copyright (C) 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
++;; Copyright (C) 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
+ ;; Copyright (C) 2002, 2003 Wolfgang Järling <wolfgang@pro-linux.de>
+ ;; Copyright (C) 2014 Alex Sassmannshausen <alex.sassmannshausen@gmail.com>
+ ;; Copyright (C) 2016 Alex Kost <alezost@gmail.com>
+@@ -744,6 +744,14 @@ false."
+ 
+        (let loop ((i 3))
+          (when (< i max-fd)
++           ;; First try to close any ports associated with file descriptor I.
++           ;; Otherwise the finalization thread might get around to closing
++           ;; those ports eventually, which will raise an EBADF exception (on
++           ;; 2.2), leading to messages like "error in the finalization
++           ;; thread: Bad file descriptor".
++           (for-each (lambda (port)
++                       (catch-system-error (close-port port)))
++                     (fdes->ports i))
+            (catch-system-error (close-fdes i))
+            (loop (+ i 1)))))
diff --git a/gnu/packages/patches/spice-CVE-2016-9577.patch b/gnu/packages/patches/spice-CVE-2016-9577.patch
deleted file mode 100644
index a2cb558cd3..0000000000
--- a/gnu/packages/patches/spice-CVE-2016-9577.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Prevent buffer overflow when reading large messages.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1401603
-https://access.redhat.com/security/cve/CVE-2016-9577
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9577
-https://security-tracker.debian.org/tracker/CVE-2016-9577
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3
-
-From 5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3 Mon Sep 17 00:00:00 2001
-From: Frediano Ziglio <fziglio@redhat.com>
-Date: Tue, 29 Nov 2016 16:46:56 +0000
-Subject: main-channel: Prevent overflow reading messages from client
-
-diff --git a/server/main_channel.c b/server/main_channel.c
-index 0ecc9df..1fc3915 100644
---- a/server/main_channel.c
-+++ b/server/main_channel.c
-@@ -1026,6 +1026,9 @@ static uint8_t *main_channel_alloc_msg_rcv_buf(RedChannelClient *rcc,
- 
-     if (type == SPICE_MSGC_MAIN_AGENT_DATA) {
-         return reds_get_agent_data_buffer(mcc, size);
-+    } else if (size > sizeof(main_chan->recv_buf)) {
-+        /* message too large, caller will log a message and close the connection */
-+        return NULL;
-     } else {
-         return main_chan->recv_buf;
-     }
--- 
-cgit v0.10.2
-
diff --git a/gnu/packages/patches/spice-CVE-2016-9578-1.patch b/gnu/packages/patches/spice-CVE-2016-9578-1.patch
deleted file mode 100644
index f86cdb4eb1..0000000000
--- a/gnu/packages/patches/spice-CVE-2016-9578-1.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Prevent possible DoS during protocol handshake.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1399566
-https://access.redhat.com/security/cve/CVE-2016-9578
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578
-https://security-tracker.debian.org/tracker/CVE-2016-9578
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a
-
-From 1c6517973095a67c8cb57f3550fc1298404ab556 Mon Sep 17 00:00:00 2001
-From: Frediano Ziglio <fziglio@redhat.com>
-Date: Tue, 13 Dec 2016 14:39:48 +0000
-Subject: Prevent possible DoS attempts during protocol handshake
-
-diff --git a/server/reds.c b/server/reds.c
-index f40b65c..86a33d5 100644
---- a/server/reds.c
-+++ b/server/reds.c
-@@ -2202,7 +2202,8 @@ static void reds_handle_read_header_done(void *opaque)
- 
-     reds->peer_minor_version = header->minor_version;
- 
--    if (header->size < sizeof(SpiceLinkMess)) {
-+    /* the check for 4096 is to avoid clients to cause arbitrary big memory allocations */
-+    if (header->size < sizeof(SpiceLinkMess) || header->size > 4096) {
-         reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
-         spice_warning("bad size %u", header->size);
-         reds_link_free(link);
--- 
-cgit v0.10.2
-
diff --git a/gnu/packages/patches/spice-CVE-2016-9578-2.patch b/gnu/packages/patches/spice-CVE-2016-9578-2.patch
deleted file mode 100644
index 76f7ec7ffb..0000000000
--- a/gnu/packages/patches/spice-CVE-2016-9578-2.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-Fixes a potential buffer overflow in the protocol handling.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1399566
-https://access.redhat.com/security/cve/CVE-2016-9578
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578
-https://security-tracker.debian.org/tracker/CVE-2016-9578
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a
-
-From f66dc643635518e53dfbe5262f814a64eec54e4a Mon Sep 17 00:00:00 2001
-From: Frediano Ziglio <fziglio@redhat.com>
-Date: Tue, 13 Dec 2016 14:40:10 +0000
-Subject: Prevent integer overflows in capability checks
-
-diff --git a/server/reds.c b/server/reds.c
-index 86a33d5..9150454 100644
---- a/server/reds.c
-+++ b/server/reds.c
-@@ -2110,6 +2110,14 @@ static void reds_handle_read_link_done(void *opaque)
-     link_mess->num_channel_caps = GUINT32_FROM_LE(link_mess->num_channel_caps);
-     link_mess->num_common_caps = GUINT32_FROM_LE(link_mess->num_common_caps);
- 
-+    /* Prevent DoS. Currently we defined only 13 capabilities,
-+     * I expect 1024 to be valid for quite a lot time */
-+    if (link_mess->num_channel_caps > 1024 || link_mess->num_common_caps > 1024) {
-+        reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
-+        reds_link_free(link);
-+        return;
-+    }
-+
-     num_caps = link_mess->num_common_caps + link_mess->num_channel_caps;
-     caps = (uint32_t *)((uint8_t *)link_mess + link_mess->caps_offset);
- 
--- 
-cgit v0.10.2
-
diff --git a/gnu/packages/patches/spice-CVE-2017-7506.patch b/gnu/packages/patches/spice-CVE-2017-7506.patch
deleted file mode 100644
index 37d8f02831..0000000000
--- a/gnu/packages/patches/spice-CVE-2017-7506.patch
+++ /dev/null
@@ -1,158 +0,0 @@
-Fix CVE-2017-7506:
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1452606
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7506
-
-Patches copied from Debian spice package version
-'spice_0.12.8-2.1+deb9u1.debian.tar.xz':
-http://security.debian.org/debian-security/pool/updates/main/s/spice/spice_0.12.8-2.1+deb9u1.debian.tar.xz
-
-The patches had to be adapted to apply to the latest spice tarball, and
-are based on these upstream commits:
-
-https://cgit.freedesktop.org/spice/spice/commit/?id=111ab38611cef5012f1565a65fa2d8a8a05cce37
-https://cgit.freedesktop.org/spice/spice/commit/?id=571cec91e71c2aae0d5f439ea2d8439d0c3d75eb
-https://cgit.freedesktop.org/spice/spice/commit/?id=fbbcdad773e2791cfb988f4748faa41943551ca6
-
-From 257f69d619fed407493156c8a7b952abc8a51314 Mon Sep 17 00:00:00 2001
-Date: Mon, 15 May 2017 15:57:28 +0100
-Subject: [spice-server 1/3] reds: Disconnect when receiving overly big
- ClientMonitorsConfig
-
-Total message size received from the client was unlimited. There is
-a 2kiB size check on individual agent messages, but the MonitorsConfig
-message can be split in multiple chunks, and the size of the
-non-chunked MonitorsConfig message was never checked. This could easily
-lead to memory exhaustion on the host.
-
----
- server/reds.c | 25 +++++++++++++++++++++++--
- 1 file changed, 23 insertions(+), 2 deletions(-)
-
-diff --git a/server/reds.c b/server/reds.c
-index f439a3668..7be85fdfc 100644
---- a/server/reds.c
-+++ b/server/reds.c
-@@ -993,19 +993,34 @@ static void reds_client_monitors_config_cleanup(void)
- static void reds_on_main_agent_monitors_config(
-         MainChannelClient *mcc, void *message, size_t size)
- {
-+    const unsigned int MAX_MONITORS = 256;
-+    const unsigned int MAX_MONITOR_CONFIG_SIZE =
-+       sizeof(VDAgentMonitorsConfig) + MAX_MONITORS * sizeof(VDAgentMonConfig);
-+
-     VDAgentMessage *msg_header;
-     VDAgentMonitorsConfig *monitors_config;
-     RedsClientMonitorsConfig *cmc = &reds->client_monitors_config;
- 
-+    // limit size of message sent by the client as this can cause a DoS through
-+    // memory exhaustion, or potentially some integer overflows
-+    if (sizeof(VDAgentMessage) + MAX_MONITOR_CONFIG_SIZE - cmc->buffer_size < size) {
-+        goto overflow;
-+    }
-     cmc->buffer_size += size;
-     cmc->buffer = realloc(cmc->buffer, cmc->buffer_size);
-     spice_assert(cmc->buffer);
-     cmc->mcc = mcc;
-     memcpy(cmc->buffer + cmc->buffer_pos, message, size);
-     cmc->buffer_pos += size;
-+    if (sizeof(VDAgentMessage) > cmc->buffer_size) {
-+        spice_debug("not enough data yet. %d", cmc->buffer_size);
-+        return;
-+    }
-     msg_header = (VDAgentMessage *)cmc->buffer;
--    if (sizeof(VDAgentMessage) > cmc->buffer_size ||
--            msg_header->size > cmc->buffer_size - sizeof(VDAgentMessage)) {
-+    if (msg_header->size > MAX_MONITOR_CONFIG_SIZE) {
-+        goto overflow;
-+    }
-+    if (msg_header->size > cmc->buffer_size - sizeof(VDAgentMessage)) {
-         spice_debug("not enough data yet. %d", cmc->buffer_size);
-         return;
-     }
-@@ -1013,6 +1028,12 @@ static void reds_on_main_agent_monitors_config(
-     spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
-     red_dispatcher_client_monitors_config(monitors_config);
-     reds_client_monitors_config_cleanup();
-+    return;
-+
-+overflow:
-+    spice_warning("received invalid MonitorsConfig request from client, disconnecting");
-+    red_channel_client_disconnect(main_channel_client_get_base(mcc));
-+    reds_client_monitors_config_cleanup();
- }
- 
- void reds_on_main_agent_data(MainChannelClient *mcc, void *message, size_t size)
--- 
-2.13.0
-From ff2b4ef70181087d5abd50bad76d026ec5088a93 Mon Sep 17 00:00:00 2001
-Date: Mon, 15 May 2017 15:57:28 +0100
-Subject: [spice-server 2/3] reds: Avoid integer overflows handling monitor
- configuration
-
-Avoid VDAgentMessage::size integer overflows.
-
----
- server/reds.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/server/reds.c b/server/reds.c
-index 7be85fdfc..e1c8c1086 100644
---- a/server/reds.c
-+++ b/server/reds.c
-@@ -1024,6 +1024,9 @@ static void reds_on_main_agent_monitors_config(
-         spice_debug("not enough data yet. %d", cmc->buffer_size);
-         return;
-     }
-+    if (msg_header->size < sizeof(VDAgentMonitorsConfig)) {
-+        goto overflow;
-+    }
-     monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header));
-     spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
-     red_dispatcher_client_monitors_config(monitors_config);
--- 
-2.13.0
-From 8cc3d7df2792751939cc832f4110c57e2addfca5 Mon Sep 17 00:00:00 2001
-Date: Mon, 15 May 2017 15:57:28 +0100
-Subject: [spice-server 3/3] reds: Avoid buffer overflows handling monitor
- configuration
-
-It was also possible for a malicious client to set
-VDAgentMonitorsConfig::num_of_monitors to a number larger
-than the actual size of VDAgentMOnitorsConfig::monitors.
-This would lead to buffer overflows, which could allow the guest to
-read part of the host memory. This might cause write overflows in the
-host as well, but controlling the content of such buffers seems
-complicated.
-
----
- server/reds.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/server/reds.c b/server/reds.c
-index e1c8c1086..3a42c3755 100644
---- a/server/reds.c
-+++ b/server/reds.c
-@@ -1000,6 +1000,7 @@ static void reds_on_main_agent_monitors_config(
-     VDAgentMessage *msg_header;
-     VDAgentMonitorsConfig *monitors_config;
-     RedsClientMonitorsConfig *cmc = &reds->client_monitors_config;
-+    uint32_t max_monitors;
- 
-     // limit size of message sent by the client as this can cause a DoS through
-     // memory exhaustion, or potentially some integer overflows
-@@ -1028,6 +1029,12 @@ static void reds_on_main_agent_monitors_config(
-         goto overflow;
-     }
-     monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header));
-+    // limit the monitor number to avoid buffer overflows
-+    max_monitors = (msg_header->size - sizeof(VDAgentMonitorsConfig)) /
-+                   sizeof(VDAgentMonConfig);
-+    if (monitors_config->num_of_monitors > max_monitors) {
-+        goto overflow;
-+    }
-     spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
-     red_dispatcher_client_monitors_config(monitors_config);
-     reds_client_monitors_config_cleanup();
--- 
-2.13.0
diff --git a/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch b/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch
deleted file mode 100644
index db3c56861b..0000000000
--- a/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-https://github.com/supertuxkart/stk-code/commit/5e05f1178ce6bc5f3a653b55ab3dc6d016196341.patch
-
-From 5e05f1178ce6bc5f3a653b55ab3dc6d016196341 Mon Sep 17 00:00:00 2001
-From: Deve <deveee@gmail.com>
-Date: Mon, 3 Oct 2016 23:26:09 +0200
-Subject: [PATCH] Fixed compiler error on Linux with non-x86 64bit platforms,
- e.g. arm64, mips, and s390x architectures
-
-This modification is already applied in upstream angelscript repository:
-https://sourceforge.net/p/angelscript/code/2353/
-
-Thanks to Adrian Bunk and Andreas Jonsson
----
- lib/angelscript/projects/cmake/CMakeLists.txt | 1 +
- lib/angelscript/source/as_config.h            | 2 +-
- 2 files changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/lib/angelscript/projects/cmake/CMakeLists.txt b/lib/angelscript/projects/cmake/CMakeLists.txt
-index e93971315e..755d8378c3 100644
---- a/lib/angelscript/projects/cmake/CMakeLists.txt
-+++ b/lib/angelscript/projects/cmake/CMakeLists.txt
-@@ -67,6 +67,7 @@ set(ANGELSCRIPT_SOURCE
-     ../../source/as_builder.cpp
-     ../../source/as_bytecode.cpp
-     ../../source/as_callfunc.cpp
-+    ../../source/as_callfunc_mips.cpp
-     ../../source/as_callfunc_x86.cpp
-     ../../source/as_callfunc_x64_gcc.cpp
-     ../../source/as_callfunc_x64_msvc.cpp
-diff --git a/lib/angelscript/source/as_config.h b/lib/angelscript/source/as_config.h
-index cb05bffbd5..5bb5b8e800 100644
---- a/lib/angelscript/source/as_config.h
-+++ b/lib/angelscript/source/as_config.h
-@@ -844,7 +844,7 @@
- 			#define THISCALL_PASS_OBJECT_POINTER_ON_THE_STACK
- 			#define AS_X86
- 			#undef AS_NO_THISCALL_FUNCTOR_METHOD
--		#elif defined(__LP64__) && !defined(__arm64__)
-+		#elif defined(__x86_64__)
- 			#define AS_X64_GCC
- 			#undef AS_NO_THISCALL_FUNCTOR_METHOD
- 			#define HAS_128_BIT_PRIMITIVES
diff --git a/gnu/packages/patches/vpnc-script.patch b/gnu/packages/patches/vpnc-script.patch
deleted file mode 100644
index a0d9481952..0000000000
--- a/gnu/packages/patches/vpnc-script.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-This patch adapts the vpnc script to newer kernel versions, see
-   https://lkml.org/lkml/2011/3/24/645
-
-diff -u a/vpnc-script.in b/vpnc-script.in
---- a/vpnc-script.in	2013-03-03 13:55:16.000000000 +0100
-+++ b/vpnc-script.in	2013-03-03 13:56:11.000000000 +0100
-@@ -116,7 +116,7 @@
- 
- if [ -n "$IPROUTE" ]; then
- 	fix_ip_get_output () {
--		sed 's/cache//;s/metric \?[0-9]\+ [0-9]\+//g;s/hoplimit [0-9]\+//g'
-+		sed 's/cache//;s/metric \?[0-9]\+ [0-9]\+//g;s/hoplimit [0-9]\+//g;s/ipid 0x....//g'
- 	}
- 
- 	set_vpngateway_route() {
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index 7c4e07eb0c..14dab3a65c 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -2648,7 +2648,7 @@ arbitrary parameters.")
 (define-public perl-devel-stacktrace
   (package
     (name "perl-devel-stacktrace")
-    (version "2.00")
+    (version "2.03")
     (source
      (origin
        (method url-fetch)
@@ -2656,7 +2656,7 @@ arbitrary parameters.")
                            "Devel-StackTrace-" version ".tar.gz"))
        (sha256
         (base32
-         "1r65iq5i11xh0r0kp3pdycydnd3kxpdmxnp0hq9hx9lr60kygsqx"))))
+         "0j58kgjr9s3vibsgifmk9k5h7daag0cb9x45f30m9qi4pr7cs63n"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Devel-StackTrace/")
     (synopsis "Object representing a stack trace")
diff --git a/gnu/packages/php.scm b/gnu/packages/php.scm
index 03e9d4bd94..7c45269bb1 100644
--- a/gnu/packages/php.scm
+++ b/gnu/packages/php.scm
@@ -52,7 +52,7 @@
 (define-public php
   (package
     (name "php")
-    (version "7.1.11")
+    (version "7.1.12")
     (home-page "https://secure.php.net/")
     (source (origin
               (method url-fetch)
@@ -60,7 +60,7 @@
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0gl9hk4888fjirrd4s73mdabhiqam0c45406a7fgw6njszlr6h07"))
+                "1czflr5wb2f7pmgdc1vxy1kcln5rlkkly2z3skrb2wa5fx88h4d0"))
               (modules '((guix build utils)))
               (snippet
                '(with-directory-excursion "ext"
@@ -213,6 +213,9 @@
                          "ext/gd/tests/bug73213.phpt"
                          ;; Test expects generic "gd warning" but gets the actual function name.
                          "ext/gd/tests/createfromwbmp2_extern.phpt"
+                         ;; This bug should have been fixed in gd 2.2.2.
+                         ;; Is it a regression?
+                         "ext/gd/tests/bug65148.phpt"
                          ;; TODO: Enable these when libgd is built with xpm support.
                          "ext/gd/tests/xpm2gd.phpt"
                          "ext/gd/tests/xpm2jpg.phpt"
diff --git a/gnu/packages/protobuf.scm b/gnu/packages/protobuf.scm
index 2e681ca97d..0e7c5f3244 100644
--- a/gnu/packages/protobuf.scm
+++ b/gnu/packages/protobuf.scm
@@ -25,17 +25,53 @@
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system python)
-  #:use-module ((guix licenses)
-                #:select (bsd-2 bsd-3))
+  #:use-module ((guix licenses) #:prefix license:)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages gcc)
+  #:use-module (gnu packages libevent)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python))
 
+(define-public fstrm
+  (package
+    (name "fstrm")
+    (version "0.3.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://dl.farsightsecurity.com/dist/" name "/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1i9y8a1712aj80p5a1kcp378bnjrg3s2127q7304hklhmjcrjl1d"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("libevent" ,libevent)))
+    (home-page "https://github.com/farsightsec/fstrm")
+    (synopsis "Implementation of the Frame Streams data transport protocol")
+    (description
+     "fstrm is an optimised implementation of Frame Streams as a C library and
+several tools built on top of it.
+
+@dfn{Frame Streams} is a light-weight, binary-clean protocol that allows for
+the transport of arbitrarily-encoded data payload sequences with minimal
+framing overhead---just four bytes per data frame.  It does not specify an
+encoding format for these data frames and can be used with any data
+serialisation format that produces byte sequences, such as Protocol Buffers,
+XML, JSON, MessagePack, YAML, etc.
+
+Frame Streams can be used either as a streaming transport over a reliable byte
+stream socket (TCP sockets, TLS connections, @code{AF_UNIX} sockets, etc.) for
+data in motion, or as a file format for data at rest.")
+    (license (list license:asl2.0
+                   (license:non-copyleft #f "See libmy/argv*")))))
+
 (define-public protobuf
   (package
     (name "protobuf")
-    (version "3.4.1")
+    (version "3.5.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/google/protobuf/releases/"
@@ -43,16 +79,34 @@
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0y6cr4l7bwa6zvjv5flzr4cx28shk5h8dz99xw90v8qih954pcrb"))))
+                "0lc5d5cnhsaiazc5gnsnv19bikk22rgcqlqzzrfvk6mkq98v1mld"))))
     (build-system gnu-build-system)
     (inputs `(("zlib" ,zlib)))
+    (outputs (list "out"
+                   "static"))           ; ~12 MiB of .a files
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'move-static-libraries
+           (lambda* (#:key outputs #:allow-other-keys)
+             ;; Move static libraries to the "static" output.
+             (let* ((out    (assoc-ref outputs "out"))
+                    (lib    (string-append out "/lib"))
+                    (static (assoc-ref outputs "static"))
+                    (slib   (string-append static "/lib")))
+               (mkdir-p slib)
+               (for-each (lambda (file)
+                           (install-file file slib)
+                           (delete-file file))
+                         (find-files lib "\\.a$"))
+               #t))))))
     (home-page "https://github.com/google/protobuf")
     (synopsis "Data encoding for remote procedure calls (RPCs)")
     (description
      "Protocol Buffers are a way of encoding structured data in an efficient
 yet extensible format.  Google uses Protocol Buffers for almost all of its
 internal RPC protocols and file formats.")
-    (license bsd-3)))
+    (license license:bsd-3)))
 
 ;; XXX Remove this old version when no other packages depend on it.
 (define-public protobuf-2
@@ -90,7 +144,7 @@ data serialization format.  It includes @code{libprotobuf-c}, a pure C library
 that implements protobuf encoding and decoding, and @code{protoc-c}, a code
 generator that converts Protocol Buffer @code{.proto} files to C descriptor
 code.")
-    (license bsd-2)))
+    (license license:bsd-2)))
 
 (define-public python-protobuf
   (package
@@ -111,7 +165,7 @@ code.")
     (description
      "Protocol buffers are a language-neutral, platform-neutral extensible
 mechanism for serializing structured data.")
-    (license bsd-3)))
+    (license license:bsd-3)))
 
 (define-public python2-protobuf
   (package-with-python2 python-protobuf))
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 3f8dea48f5..abc39318a8 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -1116,27 +1116,21 @@ Python 3.3+.")
 (define-public python-pyicu
   (package
     (name "python-pyicu")
-    (version "1.9.5")
+    (version "1.9.8")
     (source
      (origin
       (method url-fetch)
       (uri (pypi-uri "PyICU" version))
       (sha256
        (base32
-        "16rmxy9y0qhqqna2v49i7nzwm09as699rbyvh4raw7w602w55c3k"))))
+        "05nz4p2dpkhwj6y9kik24xbvmfxji39nl0xw0sc0nvp9fgzf6xnd"))))
     (build-system python-build-system)
-    (arguments
-     '(#:phases
-       (modify-phases %standard-phases
-         (add-before 'check 'delete-failing-test
-           (lambda _
-             ;; XXX: These tests require locales that are unavailable
-             ;; in the build environment.
-             (delete-file "test/test_DateTimeParserGenerator.py")
-             #t)))))
     (inputs
      `(("icu4c" ,icu4c)))
-    (home-page "http://pyicu.osafoundation.org/")
+    (native-inputs
+     `(("python-pytest" ,python-pytest)
+       ("python-six" ,python-six)))
+    (home-page "https://github.com/ovalhub/pyicu")
     (synopsis "Python extension wrapping the ICU C++ API")
     (description
      "PyICU is a python extension wrapping the ICU C++ API.")
@@ -1400,19 +1394,17 @@ existing ones.")
 (define-public scons
   (package
     (name "scons")
-    (version "2.5.1")
+    (version "3.0.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/scons/scons/" version
                                  "/scons-" version ".tar.gz"))
              (sha256
               (base32
-               "1wji1z9jdkhnmm99apx6fhld9cs52rr56aigniyrcsmlwy52298b"))))
+               "0wzid419mlwqw9llrg8gsx4nkzhqy16m4m40r0xnh6cwscw5wir4"))))
     (build-system python-build-system)
     (arguments
-     ;; With Python 3.x, fails to build with a syntax error.
-     `(#:python ,python-2
-       #:use-setuptools? #f                ; still relies on distutils
+     `(#:use-setuptools? #f                ; still relies on distutils
        #:tests? #f))                       ; no 'python setup.py test' command
     (home-page "http://scons.org/")
     (synopsis "Software construction tool written in Python")
@@ -1424,6 +1416,11 @@ In short, SCons is an easier, more reliable and faster way to build
 software.")
     (license license:x11)))
 
+(define-public scons-python2
+  (package
+    (inherit (package-with-python2 scons))
+    (name "scons-python2")))
+
 (define-public python-extras
   (package
     (name "python-extras")
@@ -8983,14 +8980,14 @@ collections of data.")
 (define-public python-prompt-toolkit
  (package
   (name "python-prompt-toolkit")
-  (version "1.0.9")
+  (version "1.0.15")
   (source
     (origin
       (method url-fetch)
       (uri (pypi-uri "prompt_toolkit" version ".tar.gz"))
       (sha256
         (base32
-          "172r15k9kwdw2lnajvpz1632dd16nqz1kcal1p0lq5ywdarj6rfd"))))
+          "05v9h5nydljwpj5nm8n804ms0glajwfy1zagrzqrg91wk3qqi1c5"))))
   (build-system python-build-system)
   (arguments
    '(#:tests? #f)) ; The test suite uses some Windows-specific data types.
@@ -11933,3 +11930,87 @@ services.")
 
 (define-public python2-jsonrpclib-pelix
   (package-with-python2 python-jsonrpclib-pelix))
+
+(define-public python-setuptools-scm-git-archive
+  (package
+    (name "python-setuptools-scm-git-archive")
+    (version "1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "setuptools_scm_git_archive" version))
+       (sha256
+        (base32
+         "1nii1sz5jq75ilf18bjnr11l9rz1lvdmyk66bxl7q90qan85yhjj"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-pytest-3.0" ,python-pytest-3.0)))
+    (propagated-inputs
+     `(("python-setuptools-scm" ,python-setuptools-scm)))
+    (home-page "https://github.com/Changaco/setuptools_scm_git_archive/")
+    (synopsis "Setuptools_scm plugin for git archives")
+    (description
+     "The setuptools_scm_git_archive package is a plugin to
+setuptools_scm, which supports obtaining versions from git archives that
+belong to tagged versions.")
+    (license license:expat)))
+
+(define-public python2-setuptools-scm-git-archive
+  (package-with-python2 python-setuptools-scm-git-archive))
+
+(define-public python-pyclipper
+  (package
+    (name "python-pyclipper")
+    (version "1.0.6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "pyclipper" version ".zip"))
+       (sha256
+        (base32
+         "1zpmwv3bya3j984y5cf9x9d5108kf6mxldcba68wiq0frv5qrssw"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:tests? #f)); 8 Tests fail, 37 succeed
+    (propagated-inputs
+     `(("python-setuptools-scm-git-archive" ,python-setuptools-scm-git-archive)))
+    (native-inputs
+     `(("unzip" ,unzip)))
+    (home-page "https://github.com/greginvm/pyclipper")
+    (synopsis "Wrapper for Angus Johnson's Clipper library")
+    (description
+     "Pyclipper is a Cython wrapper for the C++ translation of the
+  Angus Johnson's polygon clipping Clipper library (ver. 6.2.1).")
+    (license license:expat)))
+
+(define-public python2-pyclipper
+  (package-with-python2 python-pyclipper))
+
+(define-public python2-booleanoperations
+  (package
+    (name "python2-booleanoperations")
+    (version "0.7.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "booleanOperations" version ".zip"))
+       (sha256
+        (base32
+         "1hw42fazdpvsn77glx96hwsj9l17mvx37sc5707s08y5w6fx16mn"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:python ,python-2))
+    (native-inputs
+     `(("unzip" ,unzip)
+       ("python2-pytest-3.0" ,python2-pytest-3.0)
+       ("python2-pytest-runner" ,python2-pytest-runner)))
+    (propagated-inputs
+     `(("python-fonttools" ,python2-fonttools)
+       ("python-pyclipper" ,python2-pyclipper)
+       ("python-ufolib" ,python2-ufolib)))
+    (home-page "https://github.com/typemytype/booleanOperations")
+    (synopsis "Boolean operations on paths")
+    (description
+     "BooleanOperations provides a Python library that enables
+boolean operations on paths.")
+    (license license:expat)))
diff --git a/gnu/packages/qt.scm b/gnu/packages/qt.scm
index 4177c8b893..8bdc145c11 100644
--- a/gnu/packages/qt.scm
+++ b/gnu/packages/qt.scm
@@ -102,7 +102,7 @@ system, and the core design of Django is reused in Grantlee.")
 (define-public qt
   (package
     (name "qt")
-    (version "5.9.2")
+    (version "5.9.3")
     (outputs '("out" "examples"))
     (source (origin
              (method url-fetch)
@@ -115,7 +115,7 @@ system, and the core design of Django is reused in Grantlee.")
                  version ".tar.xz"))
              (sha256
                (base32
-                 "1zr0hvhryn2ada53ln7cycymh602cncli86n291bsgzas6j72qbc"))
+                 "0ik0ikwa0qb7dqcr9knxpnwv50b7m6m2iglzq9yjs3437zqdib2p"))
              (modules '((guix build utils)))
              (snippet
               '(begin
@@ -368,7 +368,7 @@ developers using C++ or QML, a CSS & JavaScript like language.")
 (define-public qtbase
   (package
     (name "qtbase")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -377,7 +377,7 @@ developers using C++ or QML, a CSS & JavaScript like language.")
                                  version ".tar.xz"))
              (sha256
               (base32
-               "16v0dny4rcyd5p8qsnsfg89w98k8kqk3rp9x3g3k7xjmi53bpqkz"))
+               "10lrkarvs7dpx9rlj7sjcc0pzi42098x8nqnhmydr4bnbq048z4y"))
              (modules '((guix build utils)))
              (snippet
                ;; corelib uses bundled harfbuzz, md4, md5, sha3
@@ -565,7 +565,7 @@ developers using C++ or QML, a CSS & JavaScript like language.")
 (define-public qtsvg
   (package (inherit qtbase)
     (name "qtsvg")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -574,7 +574,7 @@ developers using C++ or QML, a CSS & JavaScript like language.")
                                  version ".tar.xz"))
              (sha256
               (base32
-               "020icrl9vi8jh8ygsssqrx2bl8bx28m15dwmf9a969qdnvxyp5ms"))))
+               "1wjx9ymk2h19l9kk76jh87bnhhj955f9a93akvwwzfwg1jk2hrnz"))))
     (propagated-inputs `())
     (native-inputs `(("perl" ,perl)))
     (inputs
@@ -640,7 +640,7 @@ HostData=lib/qt5
 (define-public qtimageformats
   (package (inherit qtsvg)
     (name "qtimageformats")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -649,7 +649,7 @@ HostData=lib/qt5
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1wwxxcl24mk1p4w6knyfai09axmwqsm6cgsbkjsmdz3zmjh6qqis"))
+               "1p95wzm46j49c5br45g0pmlz3n3fl93j1ipzmnpmq9y2pbfhkcyl"))
              (modules '((guix build utils)))
              (snippet
               '(delete-file-recursively "src/3rdparty"))))
@@ -669,7 +669,7 @@ support for MNG, TGA, TIFF and WBMP image formats.")))
 (define-public qtx11extras
   (package (inherit qtsvg)
     (name "qtx11extras")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -678,7 +678,7 @@ support for MNG, TGA, TIFF and WBMP image formats.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1ias745j5lfnrfkgyk0pr8n8zlkqs08gq7yyzaj1c645sh54b1fv"))))
+               "1gpjgca4xvyy0r743kh2ys128r14fh6j8bdphnmmi5v2pf6bzq74"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:tests? _ #f) #f))) ; TODO: Enable the tests
@@ -693,7 +693,7 @@ from within Qt 5.")))
 (define-public qtxmlpatterns
   (package (inherit qtsvg)
     (name "qtxmlpatterns")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -702,7 +702,7 @@ from within Qt 5.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0knk4bplqhvsxar1wv16bzfw57q0aja12gdaxz7m8mvx121sm9ha"))))
+               "1fphhqr3v3vzjp2vbv16bc1vs879wn7aqlabgcpkhqx92ak6d76g"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:phases phases)
@@ -722,7 +722,7 @@ xmlpatternsvalidator.")))
 (define-public qtdeclarative
   (package (inherit qtsvg)
     (name "qtdeclarative")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -731,7 +731,7 @@ xmlpatternsvalidator.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "020bha6q8byxc8cj5zw7gms5rgsjg71hv31hv1rr2fy7x56zsh0d"))))
+               "01wlk17zf47yzx7cc3cp617gj70yadllj2rsfk78879c0v96cpsh"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:tests? _ #f) #f))) ; TODO: Enable the tests
@@ -754,7 +754,7 @@ with JavaScript and C++.")))
 (define-public qtconnectivity
   (package (inherit qtsvg)
     (name "qtconnectivity")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -763,7 +763,7 @@ with JavaScript and C++.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1k7kjmlny0ykm40qx796wbsg3310v6b8hqizkbr597cmxjbrax9c"))))
+               "0j86rspn4xgwq1ddc1mpq1kq0ib2c0ag6rsn9ly2xs4iimp1x2g2"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:phases phases)
@@ -789,7 +789,7 @@ with Bluetooth and NFC.")))
 (define-public qtwebsockets
   (package (inherit qtsvg)
     (name "qtwebsockets")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -798,7 +798,7 @@ with Bluetooth and NFC.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0x0nx1ampqsgj9qlc3l32z3ham1a5vq7m2lnxk5pr92yj6yw3pdg"))))
+               "1phic630ah85ajxp6iqrw9bpg0y8s88y45ygkc1wcasmbgzrs1nf"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:tests? _ #f) #f))) ; TODO: Enable the tests
@@ -816,7 +816,7 @@ consume data received from the server, or both.")))
 (define-public qtsensors
   (package (inherit qtsvg)
     (name "qtsensors")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -825,9 +825,10 @@ consume data received from the server, or both.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1lxmhi19dbb8vjhpjph0l0ss6zh72hb4908lp4s1pgf8r641ai3r"))))
+               "1hfsih5iy4fi6mnpw2shf1lzx9hxcdc1arspad1mark17l5s4pmr"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
+       ((#:parallel-tests? _ #f) #f) ; can lead to race condition
        ((#:phases phases)
         `(modify-phases ,phases
            (add-after 'unpack 'lengthen-test-timeout
@@ -847,7 +848,7 @@ recognition API for devices.")))
 (define-public qtmultimedia
   (package (inherit qtsvg)
     (name "qtmultimedia")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -856,7 +857,7 @@ recognition API for devices.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0815hi3cxy5zy6yc5fkdpx2xd6rk7968j1ziwl2g4wa80802g9n9"))
+               "19iqh8xpspzlmpzh05bx5rchlslbfy2pp00xv52496yf9b95i5g7"))
              (modules '((guix build utils)))
              (snippet
               '(begin
@@ -897,7 +898,7 @@ set of plugins for interacting with pulseaudio and GStreamer.")))
 (define-public qtwayland
   (package (inherit qtsvg)
     (name "qtwayland")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -906,7 +907,7 @@ set of plugins for interacting with pulseaudio and GStreamer.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1ipn4xh0dj1kjg5i4vfl4gpx3hg2377w5gls47xpv1ikz41lshzn"))
+               "0vazcmpqdka3llmyg7m99lw0ngrydmw74p9nd04544xdn128r3ih"))
              (modules '((guix build utils)))
              (snippet
                ;; The examples try to build and cause the build to fail
@@ -947,7 +948,7 @@ compositor libraries.")))
 (define-public qtserialport
   (package (inherit qtsvg)
     (name "qtserialport")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -956,7 +957,7 @@ compositor libraries.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0hndc9z7qzxazzjvc6k5yd58afw13444plk70b05nqdi5p19rvah"))))
+               "1pxb679cx77vk39ik7j0k91a57wqa63d4g4riw3r2gpcay8kxpac"))))
     (native-inputs `(("perl" ,perl)))
     (inputs
      `(("qtbase" ,qtbase)
@@ -968,7 +969,7 @@ interacting with serial ports from within Qt.")))
 (define-public qtserialbus
   (package (inherit qtsvg)
     (name "qtserialbus")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -977,7 +978,7 @@ interacting with serial ports from within Qt.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "025yv7zajz5scrmkjkmgkyvxpgkliqvrzc88is0gr481zpd4phmv"))))
+               "0f39qh05mp54frpn5sy9k5vfw5zb2gg72qaqz81mwlck2xg78qpg"))))
     (inputs
      `(("qtbase" ,qtbase)
        ("qtserialport" ,qtserialport)))
@@ -989,7 +990,7 @@ and others.")))
 (define-public qtwebchannel
   (package (inherit qtsvg)
     (name "qtwebchannel")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -998,7 +999,7 @@ and others.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "09iss70c1iqgf8qpik35qlgrdw5y9935v0fm2ppgkmxdxkpls6ww"))))
+               "0n438mk01sh2bbqakc1m3s65qqmi75m4n4hymad8wcgijfr9a9v3"))))
     (native-inputs
      `(("perl" ,perl)
        ("qtdeclarative" ,qtdeclarative)
@@ -1013,7 +1014,7 @@ popular web engines, Qt WebKit 2 and Qt WebEngine.")))
 (define-public qtlocation
   (package (inherit qtsvg)
     (name "qtlocation")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1022,7 +1023,7 @@ popular web engines, Qt WebKit 2 and Qt WebEngine.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "033b6l6jbvmc0k5qvbgh5vkzvfga7npqcphrywrrqkmx9vj446n8"))))
+               "1qacqz6l7zljqszblhgzg5y1v4mgki59k45ag7yc2iw7vrf45zc0"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:tests? _ #f) #f))) ; TODO: Enable the tests
@@ -1043,7 +1044,7 @@ positioning and geolocation plugins.")))
 (define-public qttools
   (package (inherit qtsvg)
     (name "qttools")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1052,7 +1053,7 @@ positioning and geolocation plugins.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "06nqsa5mj0mc9w9xbm7mgdkb66x4wlvkhnas32f97sb8ic8rdf9b"))))
+               "1zw4j8ymwcpn7dx1dlbxpmx5lfp26rag7pysap1xry9m7vg3hb24"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:tests? _ #f) #f))) ; TODO: Enable the tests
@@ -1070,7 +1071,7 @@ that helps in Qt development.")))
 (define-public qtscript
   (package (inherit qtsvg)
     (name "qtscript")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1079,7 +1080,7 @@ that helps in Qt development.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1wa0rnbphkhgydnwkf5bjwn0llskl6hgs0964nh0jik8qaspv027"))
+               "0rjm6nph1nssfpknp4i682bvk7363y4a2f74060vcm7ib2pzl2xq"))
              (patches (search-patches "qtscript-disable-tests.patch"))))
     (native-inputs
      `(("perl" ,perl)
@@ -1094,7 +1095,7 @@ ECMAScript and Qt.")))
 (define-public qtquickcontrols
   (package (inherit qtsvg)
     (name "qtquickcontrols")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1103,7 +1104,7 @@ ECMAScript and Qt.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "07xxhkfsljwdwlp9jfp88pwkrig02y2pnwhdsaz8mkcackwfq2az"))))
+               "09p2q3max4xrlw5svbhn11y9cgrvcjsj88xw4c0kq91cgnyyw3ih"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:tests? _ #f) #f))) ; TODO: Enable the tests
@@ -1118,7 +1119,7 @@ can be used to build complete interfaces in Qt Quick.")))
 (define-public qtquickcontrols2
   (package (inherit qtsvg)
     (name "qtquickcontrols2")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1127,7 +1128,7 @@ can be used to build complete interfaces in Qt Quick.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1ln83afxyp5dmvdnq6n7as82xrd5k3xvfx7b1jxnljivslyxsm9b"))))
+               "0hq888qq8q7dglpyzif64pplqjxfrqjpkvbcx0ycq35darls5ai1"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:tests? _ #f) #f))) ; TODO: Enable the tests
@@ -1143,7 +1144,7 @@ not available.")))
 (define-public qtgraphicaleffects
   (package (inherit qtsvg)
     (name "qtgraphicaleffects")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1152,7 +1153,7 @@ not available.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0xpvigfiqfqvf05ywj8x69y57rp8dwq2hs1kpxlxs15pniz4wn8l"))))
+               "1nghl39sqsjamjn6pfmxmgga6z9vwzv2zbgc92amrfxxr2dh42vr"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:tests? _ #f) #f))) ; TODO: Enable the tests
@@ -1196,7 +1197,7 @@ backend for QtQuick scene graph.")
 (define-public qtgamepad
   (package (inherit qtsvg)
     (name "qtgamepad")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1205,7 +1206,7 @@ backend for QtQuick scene graph.")
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0lm5v43psf7r8zc79dcjdmmdnz4jm30ylgkvsyv8k88mj06yklbn"))))
+               "14vari5cq10a0z02559l2m1v78g7ygnyqf1ilkmy2f0kr36wm7y6"))))
     (native-inputs
      `(("perl" ,perl)
        ("pkg-config" ,pkg-config)))
@@ -1226,7 +1227,7 @@ and mobile applications targeting TV-like form factors.")))
 (define-public qtscxml
   (package (inherit qtsvg)
     (name "qtscxml")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1235,7 +1236,7 @@ and mobile applications targeting TV-like form factors.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0pdimqwdrj8hckm81lwy1z58ji4bdv0bzgv336m0a8v3pj914awx"))
+               "06x8hs3p7bfgnl6b2fjld4s41acw1rbnxbcgkprgw2fxxnl1zxfq"))
              (modules '((guix build utils)))
              (snippet
               '(begin
@@ -1256,7 +1257,7 @@ also contains functionality to support data models and executable content.")))
 (define-public qtpurchasing
   (package (inherit qtsvg)
     (name "qtpurchasing")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1265,7 +1266,7 @@ also contains functionality to support data models and executable content.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "04f28y7qcr4kd0pw26mm515qj7haxr0i8lijn1q47wkikxyhawca"))))
+               "00yfdd00frgf7fs9s0vyn1c6c4abxgld5rfgkzms3y6n6lcphs0j"))))
     (inputs
      `(("qtbase" ,qtbase)
        ("qtdeclarative" ,qtdeclarative)))
@@ -1276,7 +1277,7 @@ purchasing goods and services.")))
 (define-public qtcanvas3d
   (package (inherit qtsvg)
     (name "qtcanvas3d")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1285,7 +1286,7 @@ purchasing goods and services.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1siyzgm1mjx90rwyzzq9vw2s2xzyf6n7q0vn8gw7mdim5indda44"))
+               "1g0a606fgal4x17ly0qrj05pb0k8riwh7nj4g3jip05g8iwb2f2y"))
              (modules '((guix build utils)))
              (snippet
               '(delete-file-recursively "examples/canvas3d/3rdparty"))))
@@ -1313,7 +1314,7 @@ drawing calls from Qt Quick JavaScript.")))
 (define-public qtcharts
   (package (inherit qtsvg)
     (name "qtcharts")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1322,7 +1323,7 @@ drawing calls from Qt Quick JavaScript.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "193a3imkgryw42s0gbwaj9gpqd673h3jrg86jvmy33l2fc5gfyjf"))))
+               "1sb99ncmh84bz0xzq55chgic7jk61awnfvi7ld4gq5ap3nl865zc"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:tests? _ #f) #f))) ; TODO: Enable the tests
@@ -1340,7 +1341,7 @@ selecting one of the charts themes.")
 (define-public qtdatavis3d
   (package (inherit qtsvg)
     (name "qtdatavis3d")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1349,7 +1350,7 @@ selecting one of the charts themes.")
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1cmjjbbmdqdix1f8b7qyc2vwhj9pvchc8r4lp65qw11dhycmdbh6"))))
+               "0s636ix44akrjx47gv9qj2ac02q8clnwj3acfr28p6pagm46k7vh"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:tests? _ #f) #f))) ; TODO: Enable the tests
@@ -1367,7 +1368,7 @@ customized by using themes or by adding custom items and labels to them.")
 (define-public qtnetworkauth
   (package (inherit qtsvg)
     (name "qtnetworkauth")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1376,7 +1377,7 @@ customized by using themes or by adding custom items and labels to them.")
                                  version ".tar.xz"))
              (sha256
               (base32
-               "16i33m8x5yii22ciq97bpfmnw0lwhvgv84i2az30a1ikm9dg00x0"))))
+               "0fdz5q47xbiij3mi5lzhvxpq4jp9fm929v9kyvcyadz86mp3f8nz"))))
     (arguments
      (substitute-keyword-arguments (package-arguments qtsvg)
        ((#:phases phases)
@@ -1396,7 +1397,7 @@ implementation of OAuth and OAuth2 authenticathon methods for Qt.")))
 (define-public qtremoteobjects
   (package (inherit qtsvg)
     (name "qtremoteobjects")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1405,7 +1406,7 @@ implementation of OAuth and OAuth2 authenticathon methods for Qt.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "1ylphdwis34y4pm9xiwh2xqfd0hh2gp8kkawlps2q5mh2bm11376"))))
+               "0z6qd381r6a7gdrsknlkkbhq9mmdqi040kfrvgm6mfa69336f4dk"))))
     (inputs
      `(("qtbase" ,qtbase)
        ("qtdeclarative" ,qtdeclarative)))
@@ -1418,7 +1419,7 @@ processes or computers.")))
 (define-public qtspeech
   (package (inherit qtsvg)
     (name "qtspeech")
-    (version "5.9.2")
+    (version "5.9.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qt.io/official_releases/qt/"
@@ -1427,7 +1428,7 @@ processes or computers.")))
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0cq33dffi7q7dnvzhdivky5prakb8xnwap0b76fwgirhbbn88ypg"))))
+               "1c4rpf3by620fx8lrvmc38r60cikqczqh2rfcm7ixz3x8cj60lh1"))))
     (inputs
      `(("qtbase" ,qtbase)))
     (native-inputs
diff --git a/gnu/packages/samba.scm b/gnu/packages/samba.scm
index c9e4bee4a2..cee047b938 100644
--- a/gnu/packages/samba.scm
+++ b/gnu/packages/samba.scm
@@ -151,14 +151,14 @@ anywhere.")
 (define-public samba
   (package
     (name "samba")
-    (version "4.7.2")
+    (version "4.7.3")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.samba.org/pub/samba/stable/"
                                  "samba-" version ".tar.gz"))
              (sha256
               (base32
-               "14ngvqkdcjmc1nfyx2vgh82jmqdj6rhpqdqq4az7dcnzi4i52cpx"))))
+               "0b7xbfjpg7l1lz13gvj4ifcp9j3cvfp6pswjbq03z06bl4n1br06"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/scribus.scm b/gnu/packages/scribus.scm
index 6230195ed4..860d346778 100644
--- a/gnu/packages/scribus.scm
+++ b/gnu/packages/scribus.scm
@@ -81,7 +81,19 @@
     (arguments
      `(#:tests? #f                      ;no test target
        #:configure-flags
-       '("-DWANT_GRAPHICSMAGICK=1")))
+       '("-DWANT_GRAPHICSMAGICK=1")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'wrap-program
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             ;; Fix "ImportError: No module named _sysconfigdata_nd" where
+             ;; Scribus checks PATH and eventually runs system's Python
+             ;; instead of package's.
+             (let* ((out (assoc-ref outputs "out"))
+                    (py2 (assoc-ref inputs "python")))
+               (wrap-program (string-append out "/bin/scribus")
+                 `("PATH" ":" prefix (,(string-append py2 "/bin")))))
+             #t)))))
     (inputs
      `(("boost" ,boost)
        ("cairo" ,cairo)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index ba7c09a438..fa910a92aa 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2016 Mike Gerwitz <mtg@gnu.org>
 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -82,7 +83,7 @@ readers and is needed to communicate with such devices through the
 (define-public eid-mw
   (package
     (name "eid-mw")
-    (version "4.3.0")
+    (version "4.3.4")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -91,9 +92,9 @@ readers and is needed to communicate with such devices through the
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0s646p19kq27wb160v9b8aaiy30k2shmq4njm471ggd2j7n7a6rs"))))
+                "1ay9znry9dkhhn783paqy8czvv3w5gdpmq8ag8znx9akza8c929z"))))
     (build-system glib-or-gtk-build-system)
-        (native-inputs
+    (native-inputs
      `(("autoconf" ,autoconf)
        ("automake" ,automake)
        ("gettext" ,gnu-gettext)
@@ -114,7 +115,7 @@ readers and is needed to communicate with such devices through the
        (modify-phases %standard-phases
          ;; The github tarball doesn't contain a configure script.
          (add-before 'configure 'autoreconf
-                     (lambda _ (zero? (system* "autoreconf" "-i")))))))
+           (lambda _ (zero? (system* "autoreconf" "-i")))))))
     (synopsis "Belgian eID Middleware")
     (description "The Belgian eID Middleware is required to authenticate with
 online services using the Belgian electronic identity card.")
diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm
index f03d7c4a9d..1f076999cb 100644
--- a/gnu/packages/shells.scm
+++ b/gnu/packages/shells.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 Stefan Reichör <stefan@xsteve.at>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2017 ng0 <ng0@infotropique.org>
+;;; Copyright © 2017 ng0 <ng0@n0.is>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;;
@@ -88,14 +88,19 @@ direct descendant of NetBSD's Almquist Shell (@command{ash}).")
 (define-public fish
   (package
     (name "fish")
-    (version "2.6.0")
+    (version "2.7.0")
     (source (origin
               (method url-fetch)
-              (uri (string-append "https://fishshell.com/files/"
-                                  version "/fish-" version ".tar.gz"))
+              (uri
+               (list
+                (string-append "https://fishshell.com/files/"
+                               version "/fish-" version ".tar.gz")
+                (string-append "https://github.com/fish-shell/fish-shell/"
+                               "releases/download/" version "/"
+                               name "-" version ".tar.gz")))
               (sha256
                (base32
-                "1yzx73kg5ng5ivhi68756sl5hpb8869110l9fwim6gn7f7bbprby"))
+                "1jvvm27hp46w0cia14lfz6161dkz8b935j1m7j38i7rgx75bfxis"))
               (modules '((guix build utils)))
               ;; Don't try to install /etc/fish/config.fish.
               (snippet
@@ -144,15 +149,15 @@ highlighting.")
 (define-public fish-guix
   (package
     (name "fish-guix")
-    (version "0.1.1")
+    (version "0.1.2.1")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "https://dist.infotropique.org/fish-guix/"
+       (uri (string-append "https://d.n0.is/releases/fish-guix/"
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "0xi0j9lvzh43lrj82gz52n2cjln0i0pgayngrg4hy5w4449biy0z"))))
+         "0k71hcn7nr523w74jw2i68x52s9hv6vmasnvnn7yr3xxvzn4kqgf"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; No checks.
@@ -161,11 +166,11 @@ highlighting.")
        #:phases
        (modify-phases %standard-phases
          (delete 'configure)))) ; No configure script.
-    (home-page "https://www.infotropique.org/projects/fish-guix/")
+    (home-page "https://n0.is/s/fish-guix/")
     (synopsis "Fish completions for Guix")
     (description
      "Fish-guix provides completions for Guix for users of the fish shell.")
-    (license public-domain)))
+    (license bsd-3)))
 
 (define-public rc
   (package
@@ -312,7 +317,7 @@ history mechanism, job control and a C-like syntax.")
 (define-public zsh
   (package
     (name "zsh")
-    (version "5.2")
+    (version "5.4.2")
     (source (origin
               (method url-fetch)
               (uri (list (string-append
@@ -323,7 +328,7 @@ history mechanism, job control and a C-like syntax.")
                            ".tar.gz")))
               (sha256
                (base32
-                "0dsr450v8nydvpk8ry276fvbznlrjgddgp7zvhcw4cv69i9lr4ps"))))
+                "1jdcfinzmki2w963msvsanv29vqqfmdfm4rncwpw0r3zqnrcsywm"))))
     (build-system gnu-build-system)
     (arguments `(#:configure-flags '("--with-tcsetpgrp" "--enable-pcre")
                  #:phases
@@ -346,7 +351,17 @@ history mechanism, job control and a C-like syntax.")
                                           "Test/B02typeset.ztst"
                                           "Completion/Unix/Command/_init_d"
                                           "Util/preconfig")
-                                      (("/bin/sh") (which "sh")))))))))
+                                      (("/bin/sh") (which "sh"))))))
+                   (add-before 'check 'patch-test
+                     (lambda _
+                       ;; In Zsh, `command -p` searches a predefined set of
+                       ;; paths that don't exist in the build environment. See
+                       ;; the assignment of 'path' in Src/init.c'
+                       (substitute* "Test/A01grammar.ztst"
+                         (("command -pv") "command -v")
+                         (("command -p") "command ")
+                         (("'command' -p") "'command' "))
+                       #t)))))
     (native-inputs `(("autoconf" ,autoconf)))
     (inputs `(("ncurses" ,ncurses)
               ("pcre" ,pcre)
diff --git a/gnu/packages/simulation.scm b/gnu/packages/simulation.scm
index de07b68440..a5b661e34d 100644
--- a/gnu/packages/simulation.scm
+++ b/gnu/packages/simulation.scm
@@ -84,6 +84,8 @@
      `(("gzip" ,gzip)
        ("gnuplot" ,gnuplot)
        ("openmpi" ,openmpi)))
+    (outputs '("debug"                  ;~60MB
+               "out"))
     (arguments
      `( ;; Executable files and shared libraries are located in the 'platforms'
        ;; subdirectory.
@@ -171,6 +173,15 @@
                         (("lockDir=.*$")
                          "lockDir=$HOME/.$WM_PROJECT/.wmake\n"))
                       #t))
+                  (add-after 'build 'cleanup
+                    ;; Avoid unncessary, voluminous object and dep files.
+                    (lambda _
+                      (delete-file-recursively
+                       "platforms/linux64GccDPInt32Opt/src")
+                      (delete-file-recursively
+                       "platforms/linux64GccDPInt32OptSYSTEMOPENMPI")
+                      (for-each delete-file (find-files "." "\\.o$"))
+                      #t))
                   (replace 'install
                     (lambda _
                       ;; use 'OpenFOAM-version' convention
diff --git a/gnu/packages/spice.scm b/gnu/packages/spice.scm
index 7d49f90be9..10f7c6bc57 100644
--- a/gnu/packages/spice.scm
+++ b/gnu/packages/spice.scm
@@ -203,20 +203,15 @@ which allows users to view a desktop computing environment.")
 (define-public spice
   (package
     (name "spice")
-    (version "0.12.8")
+    (version "0.14.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                "http://www.spice-space.org/download/releases/"
+                "https://www.spice-space.org/download/releases/"
                 "spice-" version ".tar.bz2"))
               (sha256
                (base32
-                "0za03i77j8i3g5l2np2j7vy8cqsdbkm9wbv4hjnaqq9xhz2sa0gr"))
-              (patches
-               (search-patches "spice-CVE-2017-7506.patch"
-                               "spice-CVE-2016-9577.patch"
-                               "spice-CVE-2016-9578-1.patch"
-                               "spice-CVE-2016-9578-2.patch"))))
+                "0j5q7cp5p95jk8fp48gz76rz96lifimdsx1wnpmfal0nnnar9nrs"))))
     (build-system gnu-build-system)
     (propagated-inputs
       `(("openssl" ,openssl)
@@ -228,6 +223,7 @@ which allows users to view a desktop computing environment.")
         ("libjpeg-turbo" ,libjpeg-turbo)
         ("lz4" ,lz4)
         ("opus" ,opus)
+        ("orc" ,orc)
         ("zlib" ,zlib)))
     (native-inputs
       `(("pkg-config" ,pkg-config)
diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm
index f2a6971826..bfa7e05f9d 100644
--- a/gnu/packages/statistics.scm
+++ b/gnu/packages/statistics.scm
@@ -110,7 +110,7 @@ be output in text, PostScript, PDF or HTML.")
 (define-public r-minimal
   (package
     (name "r-minimal")
-    (version "3.4.2")
+    (version "3.4.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cran/src/base/R-"
@@ -118,7 +118,7 @@ be output in text, PostScript, PDF or HTML.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0r0cv2kc3x5z9xycpnxx6fbvv22psw2m342jhpslbxkc8g1307lp"))))
+                "09pl0w01fr09bsrwd7nz2r5psysj0z93w4chz3hm2havvqqvhg3s"))))
     (build-system gnu-build-system)
     (arguments
      `(#:disallowed-references (,tzdata-for-tests)
@@ -359,14 +359,14 @@ k-nearest neighbour, Learning Vector Quantization and Self-Organizing Maps.")
 (define-public r-cluster
   (package
     (name "r-cluster")
-    (version "2.0.5")
+    (version "2.0.6")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "cluster" version))
        (sha256
         (base32
-         "1bkvqmv8h2c423q9ag2afb6s9j2vcdlxsf559zzbimraphrr2c2b"))))
+         "1z4gbz7chxxi4ly6c0yjlikwgf8aa8dlg05cn5cd6pjr21zvh97l"))))
     (build-system r-build-system)
     (inputs
      `(("gfortran" ,gfortran)))
@@ -464,14 +464,14 @@ also flexible enough to handle most nonstandard requirements.")
 (define-public r-matrix
   (package
     (name "r-matrix")
-    (version "1.2-11")
+    (version "1.2-12")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "Matrix" version))
        (sha256
         (base32
-         "1yvd6fx3n99j4gvzrng43ji38pr5h8y03kijccgjdalym2hcp36g"))))
+         "1wm45hg4x5ay15y03k6rmgkd1n9r01da72mszk24vafwd7pimr8n"))))
     (properties `((upstream-name . "Matrix")))
     (build-system r-build-system)
     (propagated-inputs
@@ -937,14 +937,14 @@ solution for sending email, including attachments, from within R.")
 (define-public r-stringi
   (package
     (name "r-stringi")
-    (version "1.1.5")
+    (version "1.1.6")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "stringi" version))
        (sha256
         (base32
-         "1wh20is24lmzhcd9487ckv7r19009fyz4is3ianp3ky69vy8a7k5"))))
+         "122im5m8x9bqpahc0hbxmvdq6hnsmgnxwwyjpvbihyv2jq5kd44m"))))
     (build-system r-build-system)
     (inputs `(("icu4c" ,icu4c)))
     (native-inputs `(("pkg-config" ,pkg-config)))
@@ -2095,26 +2095,27 @@ or source files in a key-value fashion.")
 (define-public r-batchjobs
   (package
     (name "r-batchjobs")
-    (version "1.6")
+    (version "1.7")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "BatchJobs" version))
        (sha256
         (base32
-         "1kb99024jih5bycc226bl4jyvbbl1sg72q3m2wnlshl7s8p6vva0"))))
+         "035658marnw57p4f38g99rwmvmb6hpbq0fhlxp3qbw22zfnnkvs9"))))
     (properties `((upstream-name . "BatchJobs")))
     (build-system r-build-system)
     (propagated-inputs
-     `(("r-bbmisc" ,r-bbmisc)
+     `(("r-backports" ,r-backports)
+       ("r-bbmisc" ,r-bbmisc)
        ("r-brew" ,r-brew)
        ("r-checkmate" ,r-checkmate)
+       ("r-data-table" ,r-data-table)
        ("r-dbi" ,r-dbi)
        ("r-digest" ,r-digest)
-       ("r-fail" ,r-fail)
        ("r-rsqlite" ,r-rsqlite)
        ("r-sendmailr" ,r-sendmailr)
-       ("r-stringr" ,r-stringr)))
+       ("r-stringi" ,r-stringi)))
     (home-page "https://github.com/tudo-r/BatchJobs")
     (synopsis "Batch computing with R")
     (description
@@ -2221,14 +2222,14 @@ collation, and NAMESPACE files.")
 (define-public r-openssl
   (package
     (name "r-openssl")
-    (version "0.9.8")
+    (version "0.9.9")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "openssl" version))
        (sha256
         (base32
-         "0wm7pkm5yfsxmpyr8n0pvj1398wqg5gzp5clqrg5nb2mflxv2nlc"))))
+         "1ir7ggs0rxgn83h40r6jg9dzhb7hbcwhkcj5nsdzj7jz61sfgv77"))))
     (build-system r-build-system)
     (inputs
      `(("libressl" ,libressl)))
@@ -2320,13 +2321,13 @@ informative error messages when it's not available.")
 (define-public r-devtools
   (package
     (name "r-devtools")
-    (version "1.13.3")
+    (version "1.13.4")
     (source (origin
               (method url-fetch)
               (uri (cran-uri "devtools" version))
               (sha256
                (base32
-                "146wb09cmfh10vhn1ps2nmzx104zldb3nj9qv2ic0gbcikbbryp6"))))
+                "1az1qf50vyhm4w6k2a6wqw3pqc8jv2iqzdhs36cg079hx9swm0mb"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-digest" ,r-digest)
@@ -2367,15 +2368,18 @@ were originally a part of the r-devtools package.")
 (define-public r-hms
   (package
     (name "r-hms")
-    (version "0.3")
+    (version "0.4.0")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "hms" version))
        (sha256
         (base32
-         "127znf522r5mn3k6frhdd7pqh063bs3l85gn9h7cx50hpjf2as4k"))))
+         "07sh75flp15lx2b00s3nxh04xr9gk4qhlbh125qx25isf71zw6zl"))))
     (build-system r-build-system)
+    (propagated-inputs
+     `(("r-rlang" ,r-rlang)
+       ("r-pkgconfig" ,r-pkgconfig)))
     (home-page "https://github.com/rstats-db/hms")
     (synopsis "Pretty time of day")
     (description
@@ -2563,24 +2567,25 @@ certain criterion, e.g., it contains a certain regular file.")
 (define-public r-rmarkdown
   (package
     (name "r-rmarkdown")
-    (version "1.6")
+    (version "1.8")
     (source
       (origin
         (method url-fetch)
         (uri (cran-uri "rmarkdown" version))
         (sha256
           (base32
-            "0p8ph5z5pifk1nxc1bppkfs1ir5gjc6ap9n64b4255m2fdaqfrc7"))))
+            "0q1y1qx87xp6vf9h7mfl77rqhmd01xl53l9ap9qj99bfvpabb572"))))
     (properties `((upstream-name . "rmarkdown")))
     (build-system r-build-system)
     (propagated-inputs
-     `(("r-catools" ,r-catools)
+     `(("r-base64enc" ,r-base64enc)
        ("r-evaluate" ,r-evaluate)
        ("r-htmltools" ,r-htmltools)
        ("r-jsonlite" ,r-jsonlite)
-       ("r-base64enc" ,r-base64enc)
        ("r-knitr" ,r-knitr)
+       ("r-mime" ,r-mime)
        ("r-rprojroot" ,r-rprojroot)
+       ("r-stringr" ,r-stringr)
        ("r-yaml" ,r-yaml)
        ("ghc-pandoc" ,ghc-pandoc)))
     (home-page "http://rmarkdown.rstudio.com")
@@ -3273,20 +3278,19 @@ message passing.")
 (define-public r-bigmemory
   (package
     (name "r-bigmemory")
-    (version "4.5.19")
+    (version "4.5.31")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "bigmemory" version))
        (sha256
         (base32
-         "191gbzca557kpk7mdsg716vfyqpr7j5din6qb8hin4g1nkzzwmg6"))))
+         "0wv0p746zz5a6r1yd0fgpj2kfcyzk2f4rxqz92p6lp9jzakv4lfs"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-bh" ,r-bh)
        ("r-rcpp" ,r-rcpp)
-       ("r-bigmemory-sri" ,r-bigmemory-sri)
-       ("r-r-utils" ,r-r-utils)))
+       ("r-bigmemory-sri" ,r-bigmemory-sri)))
     (home-page "http://www.bigmemory.org")
     (synopsis "Manage large matrices with shared memory or memory-mapped files")
     (description "This package provides methods to create, store, access, and
@@ -4389,19 +4393,20 @@ Farebrother's algorithm or Liu et al.'s algorithm.")
 (define-public r-cowplot
   (package
     (name "r-cowplot")
-    (version "0.8.0")
+    (version "0.9.1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "cowplot" version))
        (sha256
         (base32
-         "03bh0r6ynr95gk4lc8asfi3kpmskm59vfzwn417pdziha3igs5x6"))))
+         "0iq0wsi7467cj8hqml06whk3xsiv89x8dvm9ynwp411pzzbdjgwm"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-ggplot2" ,r-ggplot2)
        ("r-gtable" ,r-gtable)
-       ("r-plyr" ,r-plyr)))
+       ("r-plyr" ,r-plyr)
+       ("r-scales" ,r-scales)))
     (home-page "https://github.com/wilkelab/cowplot")
     (synopsis "Streamlined plot theme and plot annotations for ggplot2")
     (description
@@ -4571,14 +4576,14 @@ models, generalized linear models and model-based clustering.")
 (define-public r-mclust
   (package
     (name "r-mclust")
-    (version "5.3")
+    (version "5.4")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "mclust" version))
        (sha256
         (base32
-         "0h5syvpg3azrz5d10z2afilaa27jb4azi38idzlv05mfcs16s6rb"))))
+         "1i3v1q8qq0al3ifvjhcvxfsg68cx9mq8jz67jwmiqai78mw0aqvk"))))
     (build-system r-build-system)
     (native-inputs
      `(("gfortran" ,gfortran)))
@@ -4913,14 +4918,14 @@ based on an interface to Fortran implementations by M. J. D. Powell.")
 (define-public r-rcppeigen
   (package
     (name "r-rcppeigen")
-    (version "0.3.3.3.0")
+    (version "0.3.3.3.1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "RcppEigen" version))
        (sha256
         (base32
-         "0zz9v0f8nnlvhhqv91lkyfblvjnmav84l89mr6vmbqjc2hzqd3n8"))))
+         "093g2wmqyk86693l0lzh2va8119w3k7rvw5q24p842jdfv5x5z8l"))))
     (properties `((upstream-name . "RcppEigen")))
     (build-system r-build-system)
     (propagated-inputs
@@ -5091,14 +5096,14 @@ bootstrap test for generalized linear mixed models.")
 (define-public r-car
   (package
     (name "r-car")
-    (version "2.1-5")
+    (version "2.1-6")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "car" version))
        (sha256
         (base32
-         "1bm0ks9ga60z3izgq0d4kvirr9v4yf1820d1wznkihnbb55bc3m6"))))
+         "14l4d9j87xnb0bz2wgqqbxnlnbcdfb5vx2fw6kdxj91kyrk6lhnj"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-mass" ,r-mass)
@@ -5145,18 +5150,19 @@ classification and regression models.")
 (define-public r-rcppprogress
   (package
     (name "r-rcppprogress")
-    (version "0.3")
+    (version "0.4")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "RcppProgress" version))
        (sha256
         (base32
-         "0796g11w7iv3ix1wfm3fh09qq7jki4r4cp1mjagq77igri3xrr9x"))))
+         "09ayw6d69i0lplmaj5md25p5hn1nmiyp6a4sh60v93nrrs1cq7iv"))))
     (properties `((upstream-name . "RcppProgress")))
     (build-system r-build-system)
     (propagated-inputs
-     `(("r-rcpp" ,r-rcpp)))
+     `(("r-devtools" ,r-devtools)
+       ("r-rcpp" ,r-rcpp)))
     (home-page "https://github.com/kforner/rcpp_progress")
     (synopsis "Interruptible progress bar for C++ in R packages")
     (description
@@ -5211,14 +5217,14 @@ first and second order derivatives.")
 (define-public r-sn
   (package
     (name "r-sn")
-    (version "1.5-0")
+    (version "1.5-1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "sn" version))
        (sha256
         (base32
-         "0fh7xjsfd2x8d9lbnss7raldh24b72b3pvcv7zqa1qprzg7zfr01"))))
+         "0l7qlah6dwkp8jswnr2mn3phlm15naba5zkmv0g5pcqy5ix0gz7w"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-mnormt" ,r-mnormt)
diff --git a/gnu/packages/synergy.scm b/gnu/packages/synergy.scm
index 8e863149c3..ec1872cc00 100644
--- a/gnu/packages/synergy.scm
+++ b/gnu/packages/synergy.scm
@@ -68,7 +68,7 @@
        ("xinput"  ,xinput)))
     (arguments
      `(#:phases
-       (let ((srcdir (string-append "../synergy-" ,version "-stable")))
+       (let ((srcdir (string-append "../synergy-core-" ,version "-stable")))
          (modify-phases %standard-phases
            (add-before 'configure 'unpack-aux-src
              ;; TODO: package and use from system
diff --git a/gnu/packages/telephony.scm b/gnu/packages/telephony.scm
index 5df5e9e4ab..cf1ab93c39 100644
--- a/gnu/packages/telephony.scm
+++ b/gnu/packages/telephony.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox.org>
 ;;; Copyright © 2016 Francesco Frassinelli <fraph24@gmail.com>
 ;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -27,6 +28,7 @@
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages avahi)
   #:use-module (gnu packages boost)
+  #:use-module (gnu packages check)
   #:use-module (gnu packages protobuf)
   #:use-module (gnu packages gnupg)
   #:use-module (gnu packages linux)
@@ -247,6 +249,52 @@ and a supporting cryptographic kernel.")
     (home-page "https://github.com/cisco/libsrtp")
     (license license:bsd-3)))
 
+(define-public bctoolbox
+  (package
+    (name "bctoolbox")
+    (version "0.2.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://savannah/linphone/bctoolbox/bctoolbox-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "14ivv6bh6qywys6yyb34scy9w78d636xl1f7cyxm3gwx2qv71lx5"))))
+    (build-system gnu-build-system)
+    (arguments '(#:make-flags '("CFLAGS=-fPIC")))
+    (native-inputs
+     `(("cunit" ,cunit)))
+    (inputs
+     `(("mbedtls" ,mbedtls-apache)))
+    (home-page "https://www.linphone.org")
+    (synopsis "Utilities library for linphone software")
+    (description "BCtoolbox is a utilities library used by Belledonne
+Communications softwares like linphone.")
+    (license license:gpl2+)))
+
+(define-public ortp
+  (package
+    (name "ortp")
+    (version "0.27.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://download.savannah.nongnu.org/"
+                                  "releases/linphone/ortp/sources/ortp-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "1by0dqdqrj5avzcvjws30g8v5sa61wj12x00sxw0kn1smcrshqgb"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("bctoolbox" ,bctoolbox)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "https://linphone.org/")
+    (synopsis "Implementation of the Real-time transport protocol")
+    (description "oRTP is a library implementing the Real-time transport
+protocol (RFC 3550).")
+    (license license:lgpl2.1+)))
+
 (define-public libiax2
   (let ((commit "0e5980f1d78ce462e2d1ed6bc39ff35c8341f201"))
     ;; This is the commit used by the Ring Project.
diff --git a/gnu/packages/time.scm b/gnu/packages/time.scm
index 52d47a1a45..20c27e420c 100644
--- a/gnu/packages/time.scm
+++ b/gnu/packages/time.scm
@@ -9,7 +9,7 @@
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2016 Danny Milosavljevic <dannym+a@scratchpost.org>
 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
-;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Ben Woodcroft <donttrustben@gmail.com>
 ;;; Copyright © 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
@@ -63,14 +63,14 @@ to a file.")
 (define-public python-pytzdata
   (package
     (name "python-pytzdata")
-    (version "2017.2")
+    (version "2017.3.1")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "pytzdata" version))
        (sha256
         (base32
-         "1c1az8spm2d3km6qhjy69y4dlj71p6984l48mizr83nh4f0ipld4"))))
+         "1wi3jh39zsa9iiyyhynhj7w5b2p9wdyd0ppavpsrmf3wxvr7cwz8"))))
     (build-system python-build-system)
     (native-inputs
      `(("python-pytest" ,python-pytest)
@@ -87,14 +87,14 @@ to a file.")
 (define-public python-pytz
   (package
     (name "python-pytz")
-    (version "2017.2")
+    (version "2017.3")
     (source
      (origin
       (method url-fetch)
       (uri (pypi-uri "pytz" version ".zip"))
       (sha256
        (base32
-        "12cmd3j46d2gcw08bspvp6s9icfcvx88zjz52n1bli9dyvl5dh7m"))))
+        "1dw5l527vcafvdqq4wadwl7ikhb2sssz0v0cssibh8890kyczr7s"))))
     (build-system python-build-system)
     (native-inputs
      `(("unzip" ,unzip)))
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 1fe1e2968f..2aa082cfb5 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -11,6 +11,7 @@
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -458,14 +459,14 @@ required structures.")
 (define-public libressl
   (package
     (name "libressl")
-    (version "2.5.5")
+    (version "2.6.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://openbsd/LibreSSL/"
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1i77viqy1afvbr392npk9v54k9zhr9zq2vhv6pliza22b0ymwzz5"))))
+                "162wgzmg4zzqj5cxrsrmkfv1623dc4g8h3fsf1lvjw9i4sc6bbdf"))))
     (build-system gnu-build-system)
     (arguments
      ;; Do as if 'getentropy' was missing since older Linux kernels lack it
@@ -788,6 +789,9 @@ then ported to the GNU / Linux environment.")
         (base32
          "11wnj34rfqxjggmdgf042i49lr6civgbqwv2p7p8bn6k2919vg4r"))))
     (build-system cmake-build-system)
+    (arguments
+     `(#:configure-flags
+       (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON")))
     (native-inputs
      `(("perl" ,perl)))
     (synopsis "Small TLS library")
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index 6cf833464c..055916a9a0 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -47,14 +47,14 @@
 (define-public tor
   (package
     (name "tor")
-    (version "0.3.1.8")
+    (version "0.3.1.9")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://dist.torproject.org/tor-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "18dinpj03d036rashlad16lv7j2hba8gg742z07l37x5c242kxkx"))))
+               "09ixizsr635qyshvrn1m5asjkaz4fm8dx80lc3ajyy0fi7vh86vf"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags (list "--enable-gcc-hardening"
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 9de660f090..a41ddf8da3 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -98,6 +98,7 @@
       (uri (string-append "https://launchpad.net/bzr/"
                           (version-major+minor version) "/" version
                           "/+download/bzr-" version ".tar.gz"))
+      (patches (search-patches "bazaar-CVE-2017-14176.patch"))
       (sha256
        (base32
         "1cysix5k3wa6y7jjck3ckq3abls4gvz570s0v0hxv805nwki4i8d"))))
@@ -130,14 +131,14 @@ as well as the classic centralized workflow.")
    (name "git")
    ;; XXX When updating Git, check if the special 'git:src' input to cgit needs
    ;; to be updated as well.
-   (version "2.15.0")
+   (version "2.15.1")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://kernel.org/software/scm/git/git-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "0siyxg1ppg6szjp8xp37zfq1fj97kbdxpigi3asmidqhkx41cw8h"))))
+              "0p04linqdywdf7m1hqa904fzqvgzplsxlzdqrn96j1j5gpyr174r"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("native-perl" ,perl)
@@ -149,9 +150,8 @@ as well as the classic centralized workflow.")
                 "mirror://kernel.org/software/scm/git/git-manpages-"
                 version ".tar.xz"))
           (sha256
-
            (base32
-            "0xqwfg9xz5nw3ifaki87ahbz0xk5zmkgqs0ig357pxwh2i20kb92"))))))
+            "0mi609plzqqwx271hr9m5j4syggqx255bbzml6ca9j5fadywysvc"))))))
    (inputs
     `(("curl" ,curl)
       ("expat" ,expat)
@@ -188,6 +188,9 @@ as well as the classic centralized workflow.")
                      "NO_INSTALL_HARDLINKS=indeed")
       #:test-target "test"
 
+      ;; Tests fail randomly when parallel: <https://bugs.gnu.org/29512>.
+      #:parallel-tests? #f
+
       ;; The explicit --with-tcltk forces the build system to hardcode the
       ;; absolute file name to 'wish'.
       #:configure-flags (list (string-append "--with-tcltk="
@@ -243,6 +246,13 @@ as well as the classic centralized workflow.")
             ;; FIXME: Some hooks fail with "basename: command not found".
             ;; See 't/trash directory.t9164.../svn-hook.log'.
             (delete-file "t/t9164-git-svn-dcommit-concurrent.sh")
+
+            ;; XXX: These tests fail intermittently for unknown reasons:
+            ;; <https://bugs.gnu.org/29546>.
+            (for-each delete-file
+                      '("t/t9128-git-svn-cmd-branch.sh"
+                        "t/t9167-git-svn-cmd-branch-subproject.sh"
+                        "t/t9141-git-svn-multiple-branches.sh"))
             #t))
         (add-after 'install 'install-shell-completion
           (lambda* (#:key outputs #:allow-other-keys)
@@ -370,7 +380,11 @@ everything from small to very large projects with speed and efficiency.")
               (sha256
                (base32
                 "1b3figbhp5l83vd37vq6j2narrq4yl9pfw6mw0px0dzb1hz3jqka"))
-              (patches (search-patches "libgit2-0.25.1-mtime-0.patch"))))
+              (patches (search-patches "libgit2-0.25.1-mtime-0.patch"))
+
+              ;; Remove bundled software.
+              (snippet '(delete-file-recursively "deps"))
+              (modules '((guix build utils)))))
     (build-system cmake-build-system)
     (outputs '("out" "debug"))
     (arguments
@@ -390,7 +404,7 @@ everything from small to very large projects with speed and efficiency.")
            (lambda _ (zero? (system* "./libgit2_clar" "-v" "-Q")))))))
     (inputs
      `(("libssh2" ,libssh2)
-       ("libcurl" ,curl)
+       ("http-parser" ,http-parser)
        ("python" ,python-wrapper)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 9ac2de145e..2ad0565db3 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -798,7 +798,7 @@ audio/video codec library.")
 (define-public vlc
   (package
     (name "vlc")
-    (version "2.2.6")
+    (version "2.2.8")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -806,7 +806,7 @@ audio/video codec library.")
                    version "/vlc-" version ".tar.xz"))
              (sha256
               (base32
-               "1a22b913p2227ljz89c4fgjlyln5gcz8z58w32r0wh4srnnd60y4"))))
+               "1v32snw46rkgbdqdy3dssl2y13i8p2cr1cw1i18r6vdmiy24dw4v"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("git" ,git) ; needed for a test
@@ -1142,7 +1142,7 @@ access to mpv's powerful playback capabilities.")
 (define-public youtube-dl
   (package
     (name "youtube-dl")
-    (version "2017.11.15")
+    (version "2017.12.02")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://yt-dl.org/downloads/"
@@ -1150,7 +1150,7 @@ access to mpv's powerful playback capabilities.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1s0c0jnil4rnymj2nzjjv75p4lmk4h67kvxvjv2azknhmax7gcc8"))))
+                "1qf5gz00cnxzab3cwh9kxzhs08mddm0nwvb7j5z5xxzhi6wkslha"))))
     (build-system python-build-system)
     (arguments
      ;; The problem here is that the directory for the man page and completion
@@ -1259,7 +1259,7 @@ other site that youtube-dl supports.")
 (define-public you-get
   (package
     (name "you-get")
-    (version "0.4.939")
+    (version "0.4.995")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1268,11 +1268,10 @@ other site that youtube-dl supports.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1amkdfnjn2j4k7jlr7qw9mg5whd7dy6z1flh5cd0n9v3d4m7k0c5"))))
+                "0i89mn8v8znn3csgzfg8dz5vcn3ld66xj02az6137bljhgivjxra"))))
     (build-system python-build-system)
     (arguments
-     ;; no tests
-     '(#:tests? #f))
+     '(#:tests? #f))                    ; no tests
     (inputs
      `(("ffmpeg" ,ffmpeg)))
     (synopsis "Download videos, audios, or images from Web sites")
diff --git a/gnu/packages/vim.scm b/gnu/packages/vim.scm
index 0163662d10..85ccf9c9d1 100644
--- a/gnu/packages/vim.scm
+++ b/gnu/packages/vim.scm
@@ -440,6 +440,46 @@ trouble using them, because you do not have to remember each snippet name.")
       (home-page "https://github.com/Shougo/context_filetype.vim")
       (license license:expat)))) ; ??? check again
 
+;; The 2.2 release was in 2015, no new releases planned.
+(define-public vim-fugitive
+  (let ((commit "de6c05720cdf74c0218218d7207f700232a5b6dc")
+        (revision "1"))
+    (package
+      (name "vim-fugitive")
+      (version (string-append "2.2-" revision "." (string-take commit 7)))
+      (source
+        (origin
+          (method git-fetch)
+          (uri (git-reference
+                 (url "https://github.com/tpope/vim-fugitive.git")
+                 (commit commit)))
+          (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "0zg9vv7hirnx45vc2mwgg0xijmwwz55bssyd6cpdz71wbhrcpxxb"))))
+      (build-system gnu-build-system)
+      (arguments
+       '(#:tests? #f
+         #:phases
+         (modify-phases %standard-phases
+           (delete 'configure)
+           (delete 'build)
+           (replace 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (vimfiles (string-append out "/share/vim/vimfiles"))
+                      (doc (string-append vimfiles "/doc"))
+                      (plugin (string-append vimfiles "/plugin")))
+                 (copy-recursively "doc" doc)
+                 (copy-recursively "plugin" plugin)
+                 #t))))))
+      (home-page "https://github.com/tpope/vim-fugitive")
+      (synopsis "Vim plugin to work with Git")
+      (description "Vim-fugitive is a wrapper for Vim that complements the
+command window, where you can stage and review your changes before the next
+commit or run any Git arbitrary command.")
+      (license license:vim)))) ; distributed under the same license as vim
+
 (define-public vim-airline
   (package
     (name "vim-airline")
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index 140b2528d3..d9fae08b25 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -5,6 +5,8 @@
 ;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;; Copyright © 2017 Andy Patterson <ajpatter@uwaterloo.ca>
+;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -84,6 +86,8 @@
              (uri (string-append "https://download.qemu.org/qemu-"
                                  version ".tar.xz"))
              (patches (search-patches "qemu-CVE-2017-15038.patch"
+                                      "qemu-CVE-2017-15118.patch"
+                                      "qemu-CVE-2017-15119.patch"
                                       "qemu-CVE-2017-15268.patch"
                                       "qemu-CVE-2017-15289.patch"))
              (sha256
@@ -156,6 +160,7 @@
        ("libepoxy" ,libepoxy)
        ("libjpeg" ,libjpeg-turbo)
        ("libpng" ,libpng)
+       ("libseccomp" ,libseccomp)
        ("libusb" ,libusb)                         ;USB pass-through support
        ("mesa" ,mesa)
        ("ncurses" ,ncurses)
@@ -325,15 +330,14 @@ manage system or application containers.")
 (define-public libvirt
   (package
     (name "libvirt")
-    (version "3.7.0")
+    (version "3.10.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://libvirt.org/sources/libvirt-"
                                   version ".tar.xz"))
-              (patches (search-patches "libvirt-CVE-2017-1000256.patch"))
               (sha256
                (base32
-                "1fk75cdzg59y9hnfdpdwv83fsc1yffy3lac4ch19zygfkqhcnysf"))))
+                "03kb37iv3dvvdlslznlc0njvjpmq082lczmsslz5p4fcwb50kwfz"))))
     (build-system gnu-build-system)
     (arguments
      `(;; FAIL: virshtest
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index 6b626f0d26..c8e82cf869 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -26,9 +26,11 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system python)
   #:use-module (gnu packages)
+  #:use-module (gnu packages base)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages gettext)
@@ -72,41 +74,29 @@ endpoints.")
             (uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-"
                                 version ".tar.gz"))
             (sha256 (base32
-                     "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6"))
-            (patches (search-patches "vpnc-script.patch"))))
+                     "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6"))))
    (build-system gnu-build-system)
    (inputs `(("libgcrypt" ,libgcrypt)
              ("perl" ,perl)
-
-             ;; The following packages provide commands that 'vpnc-script'
-             ;; expects.
-             ("net-tools" ,net-tools)             ;ifconfig, route
-             ("iproute2" ,iproute)))              ;ip
+             ("vpnc-scripts" ,vpnc-scripts)))
    (arguments
     `(#:tests? #f ; there is no check target
       #:phases
       (modify-phases %standard-phases
-        (replace 'configure
-          (lambda* (#:key outputs #:allow-other-keys)
-            (let ((out (assoc-ref outputs "out")))
-              (substitute* "Makefile"
-                (("PREFIX=/usr/local") (string-append "PREFIX=" out)))
-              (substitute* "Makefile"
-                (("ETCDIR=/etc/vpnc") (string-append "ETCDIR=" out
-                                                     "/etc/vpnc"))))))
-        (add-after 'install 'wrap-vpnc-script
+        (add-after 'unpack 'use-store-paths
           (lambda* (#:key inputs outputs #:allow-other-keys)
-            ;; Wrap 'etc/vpnc/vpnc-script' so that it finds the commands it
-            ;; needs.  Assume coreutils/grep/sed are in $PATH.
-            (let ((out (assoc-ref outputs "out")))
-              (wrap-program (string-append out "/etc/vpnc/vpnc-script")
-                `("PATH" ":" prefix
-                  (,(string-append (assoc-ref inputs "net-tools")
-                                   "/sbin")
-                   ,(string-append (assoc-ref inputs "net-tools")
-                                   "/bin")
-                   ,(string-append (assoc-ref inputs "iproute2")
-                                   "/sbin"))))))))))
+            (let ((out          (assoc-ref outputs "out"))
+                  (vpnc-scripts (assoc-ref inputs  "vpnc-scripts")))
+              (substitute* "config.c"
+                (("/etc/vpnc/vpnc-script")
+                 (string-append vpnc-scripts "/etc/vpnc/vpnc-script")))
+              (substitute* "Makefile"
+                (("ETCDIR=.*")
+                 (string-append "ETCDIR=" out "/etc/vpnc\n"))
+                (("PREFIX=.*")
+                 (string-append "PREFIX=" out "\n")))
+              #t)))
+        (delete 'configure))))          ; no configure script
    (synopsis "Client for Cisco VPN concentrators")
    (description
     "vpnc is a VPN client compatible with Cisco's EasyVPN equipment.
@@ -117,6 +107,93 @@ Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
    (license license:gpl2+) ; some file are bsd-2, see COPYING
    (home-page "http://www.unix-ag.uni-kl.de/~massar/vpnc/")))
 
+(define-public vpnc-scripts
+  (let ((commit "6f87b0fe7b20d802a0747cc310217920047d58d3"))
+    (package
+      (name "vpnc-scripts")
+      (version (string-append "20161214." (string-take commit 7)))
+      (source (origin
+                (method git-fetch)
+                (uri
+                 (git-reference
+                  (url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git")
+                  (commit commit)))
+                (sha256
+                 (base32
+                  "0pa36w4wlyyvfb66cayhans99wsr2j5si2fvfr7ldfm512ajwn8h"))))
+      (build-system gnu-build-system)
+      (inputs `(("coreutils" ,coreutils)
+                ("grep" ,grep)
+                ("iproute2" ,iproute)    ; for ‘ip’
+                ("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’
+                ("sed" ,sed)
+                ("which" ,which)))
+      (arguments
+       `(#:phases
+         (modify-phases %standard-phases
+           (add-after 'unpack 'use-relative-paths
+             ;; Patch the scripts to work with and use relative paths.
+             (lambda* _
+               (for-each (lambda (script)
+                           (substitute* script
+                             (("^PATH=.*") "")
+                             (("(/usr|)/s?bin/") "")
+                             (("\\[ +-x +([^]]+) +\\]" _ command)
+                              (string-append "command -v >/dev/null 2>&1 "
+                                             command))))
+                         (find-files "." "^vpnc-script"))
+               #t))
+           (delete 'configure)          ; no configure script
+           (replace 'build
+             (lambda _
+               (zero? (system* "gcc" "-o" "netunshare" "netunshare.c"))))
+           (replace 'install
+             ;; There is no Makefile; manually install the relevant files.
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (etc (string-append out "/etc/vpnc")))
+                 (for-each (lambda (file)
+                             (install-file file etc))
+                           (append (find-files "." "^vpnc-script")
+                                   (list "netunshare"
+                                         "xinetd.netns.conf")))
+                 #t)))
+           (add-after 'install 'wrap-scripts
+             ;; Wrap scripts with paths to their common hard dependencies.
+             ;; Optional dependencies will need to be installed by the user.
+             (lambda* (#:key inputs outputs #:allow-other-keys)
+               (let ((out (assoc-ref outputs "out")))
+                 (for-each
+                  (lambda (script)
+                    (wrap-program script
+                      `("PATH" ":" prefix
+                        ,(map (lambda (name)
+                                (let ((input (assoc-ref inputs name)))
+                                  (string-append input "/bin:"
+                                                 input "/sbin")))
+                              (list "coreutils"
+                                    "grep"
+                                    "iproute2"
+                                    "net-tools"
+                                    "sed"
+                                    "which")))))
+                  (find-files (string-append out "/etc/vpnc/vpnc-script")
+                              "^vpnc-script"))))))
+         #:tests? #f))                  ; no tests
+      (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git")
+      (synopsis "Network configuration scripts for Cisco VPN clients")
+      (description
+       "This set of scripts configures routing and name services when invoked
+by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients.
+
+The default @command{vpnc-script} automatically configures most common
+connections, and provides hooks for performing custom actions at various stages
+of the connection or disconnection process.
+
+Alternative scripts are provided for more complicated set-ups, or to serve as an
+example for writing your own.  For example, @command{vpnc-script-sshd} contains
+the entire VPN in a network namespace accessible only through SSH.")
+      (license license:gpl2+))))
 
 (define-public openconnect
   (package
@@ -132,7 +209,7 @@ Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
    (inputs
     `(("libxml2" ,libxml2)
       ("gnutls" ,gnutls)
-      ("vpnc" ,vpnc)
+      ("vpnc-scripts" ,vpnc-scripts)
       ("zlib" ,zlib)))
    (native-inputs
     `(("gettext" ,gettext-minimal)
@@ -140,7 +217,7 @@ Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
    (arguments
     `(#:configure-flags
       `(,(string-append "--with-vpnc-script="
-                        (assoc-ref %build-inputs "vpnc")
+                        (assoc-ref %build-inputs "vpnc-scripts")
                         "/etc/vpnc/vpnc-script"))))
    (synopsis "Client for Cisco VPN")
    (description
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index b61b308c18..fff4b767ca 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -56,6 +56,7 @@
   #:use-module (guix build-system trivial)
   #:use-module (guix build-system python)
   #:use-module (guix build-system ant)
+  #:use-module (guix build-system scons)
   #:use-module (gnu packages)
   #:use-module (gnu packages apr)
   #:use-module (gnu packages check)
@@ -1068,10 +1069,7 @@ from streaming URLs.  It is a command-line wrapper for the libquvi library.")
                            version ".tar.bz2"))
        (sha256
         (base32 "1k47gbgpp52049andr28y28nbwh9m36bbb0g8p0aka3pqlhjv72l"))))
-    (build-system gnu-build-system)
-    (native-inputs
-     `(("scons" ,scons)
-       ("python" ,python-2)))
+    (build-system scons-build-system)
     (propagated-inputs
      `(("apr" ,apr)
        ("apr-util" ,apr-util)
@@ -1081,13 +1079,15 @@ from streaming URLs.  It is a command-line wrapper for the libquvi library.")
        ;;("gss" ,gss)
        ("zlib" ,zlib)))
     (arguments
-     `(#:modules ((guix build gnu-build-system)
-                  (guix build utils)
-                  (srfi srfi-1))
+     `(#:scons ,scons-python2
+       #:scons-flags (list (string-append "APR=" (assoc-ref %build-inputs "apr"))
+                           (string-append "APU=" (assoc-ref %build-inputs "apr-util"))
+                           (string-append "OPENSSL=" (assoc-ref %build-inputs "openssl"))
+                           ;; (string-append "GSSAPI=" (assoc-ref %build-inputs "gss"))
+                           (string-append "ZLIB=" (assoc-ref %build-inputs "zlib"))
+                           (string-append "PREFIX=" %output))
        #:phases
-       ;; TODO: Add scons-build-system and use it here.
        (modify-phases %standard-phases
-         (delete 'configure)
          (add-after 'unpack 'scons-propagate-environment
                     (lambda _
                       ;; By design, SCons does not, by default, propagate
@@ -1098,21 +1098,6 @@ from streaming URLs.  It is a command-line wrapper for the libquvi library.")
                       (substitute* "SConstruct"
                         (("^env = Environment\\(")
                          "env = Environment(ENV=os.environ, "))))
-         (replace 'build
-                  (lambda* (#:key inputs outputs #:allow-other-keys)
-                    (let ((out      (assoc-ref outputs "out"))
-                          (apr      (assoc-ref inputs "apr"))
-                          (apr-util (assoc-ref inputs "apr-util"))
-                          (openssl  (assoc-ref inputs "openssl"))
-                          ;;(gss      (assoc-ref inputs "gss"))
-                          (zlib     (assoc-ref inputs "zlib")))
-                      (zero? (system* "scons"
-                                      (string-append "APR=" apr)
-                                      (string-append "APU=" apr-util)
-                                      (string-append "OPENSSL=" openssl)
-                                      ;;(string-append "GSSAPI=" gss)
-                                      (string-append "ZLIB=" zlib)
-                                      (string-append "PREFIX=" out))))))
          (add-before 'check 'disable-broken-tests
            (lambda _
              ;; These tests rely on SSL certificates that expired 2017-04-18.
@@ -1139,9 +1124,7 @@ from streaming URLs.  It is a command-line wrapper for the libquvi library.")
                   (substitute* "test/test_context.c"
                     (((string-append "SUITE_ADD_TEST\\(suite, " test "\\);")) "")))
                 broken-tests)
-               #t)))
-         (replace 'check   (lambda _ (zero? (system* "scons" "check"))))
-         (replace 'install (lambda _ (zero? (system* "scons" "install")))))))
+               #t))))))
     (home-page "https://serf.apache.org/")
     (synopsis "High-performance asynchronous HTTP client library")
     (description
@@ -4898,7 +4881,7 @@ used to start services with both privileged and non-privileged port numbers.")
 (define-public tidy-html
   (package
     (name "tidy-html")
-    (version "5.4.0")
+    (version "5.6.0")
     (source
      (origin
        (method url-fetch)
@@ -4907,7 +4890,7 @@ used to start services with both privileged and non-privileged port numbers.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "0yhbgbjl45b4sjxwc394cjra6iy02q1pi66p28zy70lr6jvm9mx2"))))
+         "0n29wcgw32rhnraj9j21ibhwi0xagmmcskhbaz8ihxly7nx3p9h8"))))
     (build-system cmake-build-system)
     (outputs '("out"
                "static")) ; 1.0MiB of .a files
@@ -5160,7 +5143,7 @@ command-line arguments or read from stdin.")
 (define-public python-internetarchive
   (package
     (name "python-internetarchive")
-    (version "1.7.1")
+    (version "1.7.4")
     (source
      (origin
        (method url-fetch)
@@ -5169,24 +5152,23 @@ command-line arguments or read from stdin.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1lj4r0y67mwjns2gcjvw0y7m5x0vqir2iv7s4q2y93492azli1qh"))))
+         "0sdbb2ag6vmybi8zmbjszi492a587giaaqxyy1p6gy03cb8mc512"))))
     (build-system python-build-system)
     (arguments
-     `(#:tests? #f ; 11 tests of 105 fail to mock "requests".
-       #:phases
+     `(#:phases
        (modify-phases %standard-phases
          (delete 'check)
          (add-after 'install 'check
-           (lambda* (#:key inputs outputs target (tests? (not target)) #:allow-other-keys)
-             (if tests?
-               (begin
-                 (add-installed-pythonpath inputs outputs)
-                 (setenv "PATH" (string-append (assoc-ref outputs "out") "/bin"
-                                               ":" (getenv "PATH")))
-                 (zero? (system* "py.test")))
-               (begin
-                 (format #t "test suite not run~%")
-                 #t)))))))
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (add-installed-pythonpath inputs outputs)
+             (setenv "PATH" (string-append (assoc-ref outputs "out") "/bin"
+                                           ":" (getenv "PATH")))
+             (zero? (system* "py.test" "-v" "-k"
+                             (string-append
+                              ;; These tests attempt to make a connection to
+                              ;; an external web service.
+                              "not test_get_item_with_kwargs"
+                              " and not test_ia"))))))))
     (propagated-inputs
      `(("python-requests" ,python-requests)
        ("python-jsonpatch" ,python-jsonpatch-0.4)
@@ -5212,6 +5194,58 @@ internetarchive python module for programatic access to archive.org.")
   (package-with-python2
    (strip-python2-variant python-internetarchive)))
 
+(define-public python-clf
+  (let ((commit-test-clf "d01d25923c599d3261910f79fb948825b4270d07")) ; 0.5.7
+    (package
+      (name "python-clf")
+      (version "0.5.7")
+      (source
+       (origin
+         (method url-fetch)
+         (uri (pypi-uri "clf" version))
+         (sha256
+          (base32
+           "0zlkzqnpz7a4iavsq5vaz0nf5nr7qm5znpg1vlpz6rwnx6hikjdb"))))
+      (build-system python-build-system)
+      (propagated-inputs
+       `(("python-docopt" ,python-docopt)
+         ("python-pygments" ,python-pygments)
+         ("python-requests" ,python-requests)
+         ("python-nose" ,python-nose)
+         ("python-lxml" ,python-lxml)
+         ("python-pyaml" ,python-pyaml)))
+      (inputs
+       `(("test-clf"
+          ,(origin
+             (method url-fetch)
+             (uri (string-append "https://raw.githubusercontent.com"
+                                 "/ncrocfer/clf/" commit-test-clf
+                                 "/test_clf.py"))
+             (sha256
+              (base32
+               "19lr5zdzsmxgkg7wrjq1yzkiahd03wi4k3dskssyhmjls8c10nqd"))))))
+      (arguments
+       '(#:phases
+         (modify-phases %standard-phases
+           (add-after 'unpack 'get-tests
+             (lambda _
+               (copy-file (assoc-ref %build-inputs "test-clf") "test_clf.py")))
+           (replace 'check
+             (lambda _
+               (zero? (system* "nosetests"
+                               ;; These tests require internet connection
+                               "--exclude=test_browse"
+                               "--exclude=test_command"
+                               "--exclude=test_search")))))))
+      (home-page "https://github.com/ncrocfer/clf")
+      (synopsis "Search code snippets on @url{https://commandlinefu.com}")
+      (description "@code{clf} is a command line tool for searching code
+snippets on @url{https://commandlinefu.com}.")
+      (license l:expat))))
+
+(define-public python2-clf
+  (package-with-python2 python-clf))
+
 (define-public r-shiny
   (package
     (name "r-shiny")
@@ -6079,3 +6113,38 @@ based on this library, allowing Perl programmers to easily validate HTML.")
 object.  It's meant as a replacement for @code{HTML::Lint}, which is written
 in Perl but is not nearly as capable as @code{HTML::Tidy}.")
     (license l:artistic2.0)))
+
+(define-public geomyidae
+  (package
+    (name "geomyidae")
+    (version "0.29")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://git.r-36.net/geomyidae/snapshot/"
+                           "geomyidae-" version ".tar.bz2"))
+       (sha256
+        (base32
+         "0qxgxp6psfrgfqhndyq2z54nb1qrmvvljddnxdwp207jbz366bja"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags (list "CC=gcc"
+                          (string-append "PREFIX="
+                                         (assoc-ref %outputs "out")))
+       #:tests? #f                                ;no tests
+       #:phases (modify-phases %standard-phases
+                  (delete 'configure))))
+    (home-page "http://git.r-36.net/geomyidae")
+    (synopsis "Small Gopher server")
+    (description
+     "Geomyidae is a server for distributed hypertext protocol Gopher.  Its
+features include:
+
+@enumerate
+@item Gopher menus (see @file{index.gph} for an example);
+@item directory listings (if no @file{index.gph} was found);
+@item CGI support (@file{.cgi} files are executed);
+@item search support in CGI files;
+@item logging with multiple log levels.
+@end enumerate\n")
+    (license l:expat)))
diff --git a/gnu/packages/wget.scm b/gnu/packages/wget.scm
index a4862d5155..3dcf00b9be 100644
--- a/gnu/packages/wget.scm
+++ b/gnu/packages/wget.scm
@@ -130,7 +130,7 @@ online pastebin services.")
     (origin
      (method git-fetch)
      (uri (git-reference
-           (url "https://github.com/rockdaboot/wget2")
+           (url "https://gitlab.com/gnuwget/wget2.git")
            (commit "b45709d3d21714135ce79df6abbdcb704684063d")
            (recursive? #t))) ;; Needed for 'gnulib' git submodule.
      (file-name (string-append name "-" version "-checkout"))
@@ -167,7 +167,7 @@ online pastebin services.")
              ("python", python)))
    ;; TODO: Add libbrotlidec, libnghttp2.
    (native-inputs `(("pkg-config", pkg-config)))
-   (home-page "https://github.com/rockdaboot/wget2")
+   (home-page "https://gitlab.com/gnuwget/wget2")
    (synopsis "Successor of GNU Wget")
    (description "GNU Wget2 is the successor of GNU Wget, a file and recursive
 website downloader.  Designed and written from scratch it wraps around libwget,
diff --git a/gnu/packages/wm.scm b/gnu/packages/wm.scm
index 62a5b54608..6912d6f2d9 100644
--- a/gnu/packages/wm.scm
+++ b/gnu/packages/wm.scm
@@ -785,8 +785,8 @@ It is inspired by Xmonad and dwm.  Its major features include:
 @item Quick launch menu
 @item Many screen layouts possible with a few simple key strokes
 @item Move/resize floating windows
-@item Extended Window Manager Hints (EWMH) support
-@item Configureable tiling
+@item Extended Window Manager Hints (@dfn{EWMH}) support
+@item Configurable tiling
 @item Adjustable tile gap allows for a true one pixel border
 @item Customizable colors and border width
 @end itemize\n")
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 3f46f6b57d..acc2618e21 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -20,6 +20,7 @@
 ;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Marek Benc <dusxmt@gmx.com>
+;;; Copyright © 2017 Mike Gerwitz <mtg@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1329,3 +1330,53 @@ a specified program, emulating the PC speaker beep using the sound card (default
 or playing a PCM encoded WAVE file.")
     (home-page "https://github.com/dusxmt/nxbelld")
     (license license:gpl3+)))
+
+(define-public xautolock
+  (package
+    (name "xautolock")
+    (version "2.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://www.ibiblio.org/pub/linux/X11/screensavers/"
+                                  name "-" version ".tgz"))
+              (sha256
+               (base32
+                "18jd3k3pvlm5x1adyqw63z2b3f4ixh9mfvz9asvnskk3fm8jgw0i"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("imake" ,imake)))
+    (inputs
+     `(("libx11" ,libx11)
+       ("libxext" ,libxext)
+       ("libxscrnsaver" ,libxscrnsaver)))
+    (arguments
+     `(#:tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((imake (assoc-ref inputs "imake"))
+                   (out   (assoc-ref outputs "out")))
+               ;; Generate Makefile
+               (invoke "xmkmf")
+               (substitute* "Makefile"
+                 ;; These imake variables somehow remain undefined
+                 (("DefaultGcc2[[:graph:]]*Opt") "-O2")
+                 ;; Reset a few variable defaults that are set in imake templates
+                 ((imake) out)
+                 (("(MANPATH = )[[:graph:]]*" _ front)
+                  (string-append front out "/share/man")))
+               ;; Old BSD-style 'union wait' is unneeded (defining
+               ;; _USE_BSD did not seem to fix it)
+               (substitute* "src/engine.c"
+                 (("union wait  status") "int status = 0"))
+               #t)))
+         (add-after 'install 'install/man
+           (lambda _
+             (zero? (system* "make" "install.man")))))))
+    (home-page "http://ibiblio.org/pub/Linux/X11/screensavers/")
+    (synopsis "Program launcher for idle X sessions")
+    (description "Xautolock monitors input devices under the X Window
+System, and launches a program of your choice if there is no activity after
+a user-configurable period of time.")
+    (license license:gpl2)))
diff --git a/gnu/packages/xfig.scm b/gnu/packages/xfig.scm
index 64ca57028f..e51558e0be 100644
--- a/gnu/packages/xfig.scm
+++ b/gnu/packages/xfig.scm
@@ -90,7 +90,7 @@
                         (("XCOMM USEINLINE") "USEINLINE"))
                       ;; The -a argument is required in order to pick up the correct paths
                       ;; to several X header files.
-                      (zero? (system* "xmkmf" "-a"))
+                      (invoke "xmkmf" "-a")
                       ;; Reset some variables that are inherited from imake templates
                       (substitute* "Makefile"
                         ;; These imake variables somehow remain undefined
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index adf2dffff8..4ea0fcd5e2 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -4855,7 +4855,7 @@ an X Window System display.")
 (define-public libxfont
   (package
     (name "libxfont")
-    (version "1.5.3")
+    (version "1.5.4")
     (source
       (origin
         (method url-fetch)
@@ -4865,7 +4865,7 @@ an X Window System display.")
                ".tar.bz2"))
         (sha256
           (base32
-            "1l4k3i3xzqdmaszykh6bb2ah78p6c3z7fak7xzgq2d38s87w31db"))))
+            "0hiji1bvpl78aj3a3141hkk353aich71wv8l5l2z51scfy878zqs"))))
     (build-system gnu-build-system)
     (propagated-inputs
       `(("fontsproto" ,fontsproto)
@@ -4892,6 +4892,7 @@ new API's in libXft, or the legacy API's in libX11.")
   (package
     (inherit libxfont)
     (version "2.0.2")
+    (replacement libxfont2-2.0.3)
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://xorg/individual/lib/libXfont2-"
@@ -4900,6 +4901,23 @@ new API's in libXft, or the legacy API's in libX11.")
                (base32
                 "04f1lswh1ridkycgaivf1hrr77l5ap8smbfr2rqjrm7phwxqs24l"))))))
 
+;; Fixes the following security vulnerabilities:
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13720
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13722
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16612
+(define-public libxfont2-2.0.3
+  (package
+    (inherit libxfont2)
+    (version "2.0.3")
+    (source
+     (origin
+       (inherit (package-source libxfont2))
+       (uri (string-append "mirror://xorg/individual/lib/libXfont2-"
+                           version ".tar.bz2"))
+       (sha256
+        (base32
+         "0klwmimmhm3axpj8pwn5l41lbggh47r5aazhw63zxkbwfgyvg2hf"))))))
+
 (define-public libxi
   (package
     (name "libxi")
@@ -5297,6 +5315,7 @@ draggable titlebars and borders.")
   (package
     (name "libxcursor")
     (version "1.1.14")
+    (replacement libxcursor-1.1.15)
     (source
       (origin
         (method url-fetch)
@@ -5329,6 +5348,18 @@ draggable titlebars and borders.")
     (description "Xorg Cursor management library.")
     (license license:x11)))
 
+;; For CVE-2017-16612.
+(define-public libxcursor-1.1.15
+  (package
+    (inherit libxcursor)
+    (version "1.1.15")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://xorg/individual/lib/libXcursor-"
+                                  version ".tar.bz2"))
+              (sha256
+               (base32
+                "0syzlfvh29037p0vnlc8f3jxz8nl55k65blswsakklkwsc6nfki9"))))))
 
 (define-public libxt
   (package
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 06b2a7d2d8..11f55c588c 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1345,7 +1345,7 @@ failed to register hydra.gnu.org public key: ~a~%" status))))))))
 (define %default-authorized-guix-keys
   ;; List of authorized substitute keys.
   (list (file-append guix "/share/guix/hydra.gnu.org.pub")
-        (file-append guix "/share/guix/bayfront.guixsd.org.pub")))
+        (file-append guix "/share/guix/berlin.guixsd.org.pub")))
 
 (define-record-type* <guix-configuration>
   guix-configuration make-guix-configuration
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
new file mode 100644
index 0000000000..dc072ea8da
--- /dev/null
+++ b/gnu/services/certbot.scm
@@ -0,0 +1,133 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016 Sou Bunnbu <iyzsong@member.fsf.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services certbot)
+  #:use-module (gnu services)
+  #:use-module (gnu services base)
+  #:use-module (gnu services shepherd)
+  #:use-module (gnu services mcron)
+  #:use-module (gnu services web)
+  #:use-module (gnu system shadow)
+  #:use-module (gnu packages tls)
+  #:use-module (guix records)
+  #:use-module (guix gexp)
+  #:use-module (srfi srfi-1)
+  #:use-module (ice-9 match)
+  #:export (certbot-service-type
+            certbot-configuration
+            certbot-configuration?))
+
+;;; Commentary:
+;;;
+;;; Automatically obtaining TLS certificates from Let's Encrypt.
+;;;
+;;; Code:
+
+
+(define-record-type* <certbot-configuration>
+  certbot-configuration make-certbot-configuration
+  certbot-configuration?
+  (package             certbot-configuration-package
+                       (default certbot))
+  (webroot             certbot-configuration-webroot
+                       (default "/var/www"))
+  (hosts               certbot-configuration-hosts
+                       (default '()))
+  (default-location    certbot-configuration-default-location
+                       (default
+                         (nginx-location-configuration
+                          (uri "/")
+                          (body
+                           (list "return 301 https://$host$request_uri;"))))))
+
+(define certbot-renewal-jobs
+  (match-lambda
+    (($ <certbot-configuration> package webroot hosts default-location)
+     (match hosts
+       ;; Avoid pinging certbot if we have no hosts.
+       (() '())
+       (_
+        (list
+         ;; Attempt to renew the certificates twice a week.
+         #~(job (lambda (now)
+                  (next-day-from (next-hour-from now '(3))
+                                 '(2 5)))
+                (string-append #$package "/bin/certbot renew"
+                               (string-concatenate
+                                (map (lambda (host)
+                                       (string-append " -d " host))
+                                     #$hosts))))))))))
+
+(define certbot-activation
+  (match-lambda
+    (($ <certbot-configuration> package webroot hosts default-location)
+     (with-imported-modules '((guix build utils))
+       #~(begin
+	   (use-modules (guix build utils))
+	   (mkdir-p #$webroot)
+           (for-each
+            (lambda (host)
+              (unless (file-exists? (in-vicinity "/etc/letsencrypt/live" host))
+                (unless (zero? (system*
+                                (string-append #$certbot "/bin/certbot")
+                                "certonly" "--webroot" "-w" #$webroot
+                                "-d" host))
+                  (error "failed to acquire cert for host" host))))
+            '#$hosts))))))
+
+(define certbot-nginx-server-configurations
+  (match-lambda
+    (($ <certbot-configuration> package webroot hosts default-location)
+     (map
+      (lambda (host)
+        (nginx-server-configuration
+         (http-port 80)
+         (https-port #f)
+         (ssl-certificate #f)
+         (ssl-certificate-key #f)
+         (server-name (list host))
+         (locations
+          (filter identity
+                  (list
+                   (nginx-location-configuration
+                    (uri "/.well-known")
+                    (body (list (list "root " webroot ";"))))
+                   default-location)))))
+      hosts))))
+
+(define certbot-service-type
+  (service-type (name 'certbot)
+                (extensions
+                 (list (service-extension nginx-service-type
+                                          certbot-nginx-server-configurations)
+                       (service-extension activation-service-type
+                                          certbot-activation)
+                       (service-extension mcron-service-type
+                                          certbot-renewal-jobs)))
+                (compose concatenate)
+                (extend (lambda (config additional-hosts)
+                          (certbot-configuration
+                           (inherit config)
+                           (hosts (append (certbot-configuration-hosts config)
+                                          additional-hosts)))))
+                (default-value (certbot-configuration))
+                (description
+                 "Automatically renew @url{https://letsencrypt.org, Let's
+Encrypt} HTTPS certificates by adjusting the nginx web server configuration
+and periodically invoking @command{certbot}.")))
diff --git a/gnu/services/configuration.scm b/gnu/services/configuration.scm
index 0a2219e743..c45340f02f 100644
--- a/gnu/services/configuration.scm
+++ b/gnu/services/configuration.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -165,7 +166,7 @@
                                (configuration-field-default-value-thunk f)
                                (lambda _ '%invalid))))
                 (define (show-default? val)
-                  (or (string? default) (number? default) (boolean? default)
+                  (or (string? val) (number? val) (boolean? val)
                       (and (symbol? val) (not (eq? val '%invalid)))
                       (and (list? val) (and-map show-default? val))))
                 `(deftypevr (% (category
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 4b5100c27a..78530b3454 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -507,6 +507,15 @@ site} for more information."
   (udisks   udisks-configuration-udisks
             (default udisks)))
 
+(define %udisks-activation
+  (with-imported-modules '((guix build utils))
+    #~(begin
+        (use-modules (guix build utils))
+
+        (let ((run-dir "/var/run/udisks2"))
+          (mkdir-p run-dir)
+          (chmod run-dir #o700)))))
+
 (define udisks-service-type
   (let ((udisks-package (lambda (config)
                           (list (udisks-configuration-udisks config)))))
@@ -518,6 +527,8 @@ site} for more information."
                                             udisks-package)
                          (service-extension udev-service-type
                                             udisks-package)
+                         (service-extension activation-service-type
+                                            (const %udisks-activation))
 
                          ;; Profile 'udisksctl' & co. in the system profile.
                          (service-extension profile-service-type
@@ -843,7 +854,7 @@ with the administrator's password."
 
 (define %desktop-services
   ;; List of services typically useful for a "desktop" use case.
-  (cons* (slim-service)
+  (cons* (service slim-service-type)
 
          ;; Screen lockers are a pretty useful thing and these are small.
          (screen-locker-service slock)
diff --git a/gnu/services/dict.scm b/gnu/services/dict.scm
index 69eadafd2e..c8403c0135 100644
--- a/gnu/services/dict.scm
+++ b/gnu/services/dict.scm
@@ -21,6 +21,7 @@
 (define-module (gnu services dict)
   #:use-module (guix gexp)
   #:use-module (guix records)
+  #:use-module (guix modules)
   #:use-module (gnu services)
   #:use-module (gnu services shepherd)
   #:use-module (gnu system shadow)
@@ -144,14 +145,23 @@ database {
   (let ((dicod      (file-append (dicod-configuration-dico config)
                                  "/bin/dicod"))
         (dicod.conf (dicod-configuration-file config)))
-    (list (shepherd-service
-           (provision '(dicod))
-           (documentation "Run the dicod daemon.")
-           (start #~(make-forkexec-constructor
-                     (list #$dicod "--foreground"
-                           (string-append "--config=" #$dicod.conf))
-                     #:user "dicod" #:group "dicod"))
-          (stop #~(make-kill-destructor))))))
+    (with-imported-modules (source-module-closure
+                            '((gnu build shepherd)
+                              (gnu system file-systems)))
+      (list (shepherd-service
+             (provision '(dicod))
+             (documentation "Run the dicod daemon.")
+             (modules '((gnu build shepherd)
+                        (gnu system file-systems)))
+             (start #~(make-forkexec-constructor/container
+                       (list #$dicod "--foreground"
+                             (string-append "--config=" #$dicod.conf))
+                       #:user "dicod" #:group "dicod"
+                       #:mappings (list (file-system-mapping
+                                         (source "/var/run/dicod")
+                                         (target source)
+                                         (writable? #t)))))
+             (stop #~(make-kill-destructor)))))))
 
 (define dicod-service-type
   (service-type
diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm
index 715d6181f5..d57a7562a2 100644
--- a/gnu/services/messaging.scm
+++ b/gnu/services/messaging.scm
@@ -160,7 +160,7 @@
 (define (module-list? val)
   (string-list? val))
 (define (serialize-module-list field-name val)
-  (serialize-string-list field-name (cons "posix" val)))
+  (serialize-string-list field-name val))
 (define-maybe module-list)
 
 (define (file-name? val)
@@ -176,6 +176,12 @@
   (serialize-string-list field-name val))
 (define-maybe file-name)
 
+(define (raw-content? val)
+  (not (eq? val 'disabled)))
+(define (serialize-raw-content field-name val)
+  (format #t "~a" val))
+(define-maybe raw-content)
+
 (define-configuration mod-muc-configuration
   (name
    (string "Prosody Chatrooms")
@@ -203,12 +209,12 @@ just joined the room."))
    "This determines what handshake to use.")
 
   (key
-   (file-name "/etc/prosody/certs/key.pem")
-   "Path to your private key file, relative to @code{/etc/prosody}.")
+   (maybe-file-name 'disabled)
+   "Path to your private key file.")
 
   (certificate
-   (file-name "/etc/prosody/certs/cert.pem")
-   "Path to your certificate file, relative to @code{/etc/prosody}.")
+   (maybe-file-name 'disabled)
+   "Path to your certificate file.")
 
   (capath
    (file-name "/etc/ssl/certs")
@@ -271,7 +277,9 @@ can create such a file with:
     "tls"
     "dialback"
     "disco"
+    "carbons"
     "private"
+    "blocklist"
     "vcard"
     "version"
     "uptime"
@@ -321,6 +329,13 @@ can create such a file with:
 paths in order.  See @url{http://prosody.im/doc/plugins_directory}."
      global)
 
+    (certificates
+     (file-name "/etc/prosody/certs")
+     "Every virtual host and component needs a certificate so that clients and
+servers can securely verify its identity.  Prosody will automatically load
+certificates/keys from the directory specified here."
+     global)
+
     (admins
      (string-list '())
      "This is a list of accounts that are admins for the server.  Note that you
@@ -339,8 +354,8 @@ Example: @code{(admins '(\"user1@@example.com\" \"user2@@example.net\"))}"
      (module-list %default-modules-enabled)
      "This is the list of modules Prosody will load on startup.  It looks for
 @code{mod_modulename.lua} in the plugins folder, so make sure that exists too.
-Documentation on modules can be found at: @url{http://prosody.im/doc/modules}.
-Defaults to @samp{%default-modules-enabled}."
+Documentation on modules can be found at:
+@url{http://prosody.im/doc/modules}."
      common)
 
     (modules-disabled
@@ -376,6 +391,12 @@ using them.  See @url{http://prosody.im/doc/advanced_ssl_config}."
 See @url{http://prosody.im/doc/modules/mod_tls}."
      common)
 
+    (disable-sasl-mechanisms
+     (string-list '("DIGEST-MD5"))
+     "Set of mechanisms that will never be offered.  See
+@url{https://prosody.im/doc/modules/mod_saslauth}."
+     common)
+
     (s2s-require-encryption?
      (boolean #f)
      "Whether to force all server-to-server connections to be encrypted or not.
@@ -427,6 +448,19 @@ by the GuixSD Prosody Service.  See @url{http://prosody.im/doc/logging}."
      "File to write pid in.  See @url{http://prosody.im/doc/modules/mod_posix}."
      global)
 
+    (http-max-content-size
+     (maybe-non-negative-integer 'disabled)
+     "Maximum allowed size of the HTTP body (in bytes)."
+     common)
+
+    (http-external-url
+     (maybe-string 'disabled)
+     "Some modules expose their own URL in various ways.  This URL is built
+from the protocol, host and port used.  If Prosody sits behind a proxy, the
+public URL will be @code{http-external-url} instead.  See
+@url{https://prosody.im/doc/http#external_url}."
+     common)
+
     (virtualhosts
      (virtualhost-configuration-list
       (list (virtualhost-configuration
@@ -511,7 +545,12 @@ See also @url{http://prosody.im/doc/modules/mod_muc}."
     (hostname
      (string (configuration-missing-field 'ext-component 'hostname))
      "Hostname of the component."
-     ext-component)))
+     ext-component)
+
+    (raw-content
+     (maybe-raw-content 'disabled)
+     "Raw content that will be added to the configuration file."
+     common)))
 
 ;; Serialize Virtualhost line first.
 (define (serialize-virtualhost-configuration config)
@@ -683,7 +722,7 @@ See also @url{http://prosody.im/doc/modules/mod_muc}."
                                      (display c))
                                    str))))
             (define (show-default? val)
-              (or (string? default) (number? default) (boolean? default)
+              (or (string? val) (number? val) (boolean? val)
                   (and (list? val) (and-map show-default? val))))
             (format #t "@deftypevr {@code{~a} parameter} ~a ~a\n~a\n"
                     configuration-name field-type field-name field-docs)
diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
index e39f4411fd..fce2ce1c25 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -55,7 +55,11 @@
             %cgit-configuration-nginx
             cgit-configuration-nginx-config
 
-            cgit-service-type))
+            cgit-service-type
+
+            git-http-configuration
+            git-http-configuration?
+            git-http-nginx-location-configuration))
 
 ;;; Commentary:
 ;;;
@@ -152,7 +156,11 @@
           (service-extension account-service-type
                              (const %git-daemon-accounts))
           (service-extension activation-service-type
-                             git-daemon-activation)))))
+                             git-daemon-activation)))
+   (description
+    "Expose Git respositories over the insecure @code{git://} TCP-based
+protocol.")
+   (default-value (git-daemon-configuration))))
 
 (define* (git-daemon-service #:key (config (git-daemon-configuration)))
   "Return a service that runs @command{git daemon}, a simple TCP server to
@@ -255,4 +263,53 @@ access to exported repositories under @file{/srv/git}."
                              cgit-activation)
           (service-extension nginx-service-type
                              cgit-configuration-nginx-config)))
-   (default-value (cgit-configuration))))
+   (default-value (cgit-configuration))
+   (description
+    "Run the Cgit web interface, which allows users to browse Git
+repositories.")))
+
+
+;;;
+;;; HTTP access.  Add the result of calling
+;;; git-http-nginx-location-configuration to an nginx-server-configuration's
+;;; "locations" field.
+;;;
+
+(define-record-type* <git-http-configuration>
+  git-http-configuration
+  make-git-http-configuration
+  git-http-configuration?
+  (package          git-http-configuration-package        ;package
+                    (default git))
+  (git-root         git-http-configuration-git-root       ;string
+                    (default "/srv/git"))
+  (export-all?      git-http-configuration-export-all?    ;boolean
+                    (default #f))
+  (uri-path         git-http-configuration-uri-path       ;string
+                    (default "/git/"))
+  (fcgiwrap-socket  git-http-configuration-fcgiwrap-socket ;string
+                    (default "127.0.0.1:9000")))
+
+(define* (git-http-nginx-location-configuration #:optional
+                                                (config
+                                                 (git-http-configuration)))
+  (match config
+    (($ <git-http-configuration> package git-root export-all?
+                                 uri-path fcgiwrap-socket)
+     (nginx-location-configuration
+      (uri (string-append "~ /" (string-trim-both uri-path #\/) "(/.*)"))
+      (body
+       (list
+        (list "fastcgi_pass " fcgiwrap-socket ";")
+        (list "fastcgi_param SCRIPT_FILENAME "
+              package "/libexec/git-core/git-http-backend"
+              ";")
+        "fastcgi_param QUERY_STRING $query_string;"
+        "fastcgi_param REQUEST_METHOD $request_method;"
+        "fastcgi_param CONTENT_TYPE $content_type;"
+        "fastcgi_param CONTENT_LENGTH $content_length;"
+        (if export-all?
+            "fastcgi_param GIT_HTTP_EXPORT_ALL \"\";"
+            "")
+        (list "fastcgi_param GIT_PROJECT_ROOT " git-root ";")
+        "fastcgi_param PATH_INFO $1;"))))))
diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm
index c5a1a0d423..cef0d60b59 100644
--- a/gnu/services/xorg.scm
+++ b/gnu/services/xorg.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Andy Wingo <wingo@igalia.com>
-;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -45,13 +45,27 @@
   #:use-module (ice-9 match)
   #:export (xorg-configuration-file
             %default-xorg-modules
+            %default-xorg-fonts
             xorg-wrapper
             xorg-start-command
             xinitrc
 
             %default-slim-theme
             %default-slim-theme-name
+
             slim-configuration
+            slim-configuration?
+            slim-configuration-slim
+            slim-configuration-allow-empty-passwords?
+            slim-configuration-auto-login?
+            slim-configuration-default-user
+            slim-configuration-theme
+            slim-configuration-theme-name
+            slim-configuration-xauth
+            slim-configuration-shepherd
+            slim-configuration-auto-login-session
+            slim-configuration-startx
+
             slim-service-type
             slim-service
 
@@ -70,11 +84,52 @@
 ;;;
 ;;; Code:
 
-(define* (xorg-configuration-file #:key (drivers '()) (resolutions '())
+(define %default-xorg-modules
+  ;; Default list of modules loaded by the server.  Note that the order
+  ;; matters since it determines which driver is going to be used when there's
+  ;; a choice.
+  (list xf86-video-vesa
+        xf86-video-fbdev
+        xf86-video-ati
+        xf86-video-cirrus
+        xf86-video-intel
+        xf86-video-mach64
+        xf86-video-nouveau
+        xf86-video-nv
+        xf86-video-sis
+
+        ;; Libinput is the new thing and is recommended over evdev/synaptics:
+        ;; <http://who-t.blogspot.fr/2015/01/xf86-input-libinput-compatibility-with.html>.
+        xf86-input-libinput
+
+        xf86-input-evdev
+        xf86-input-keyboard
+        xf86-input-mouse
+        xf86-input-synaptics))
+
+(define %default-xorg-fonts
+  ;; Default list of fonts available to the X server.
+  (list (file-append font-alias "/share/fonts/X11/75dpi")
+        (file-append font-alias "/share/fonts/X11/100dpi")
+        (file-append font-alias "/share/fonts/X11/misc")
+        (file-append font-alias "/share/fonts/X11/cyrillic")
+        (file-append font-misc-misc               ;default fonts for xterm
+                     "/share/fonts/X11/misc")
+        (file-append font-adobe75dpi "/share/fonts/X11/75dpi")))
+
+(define* (xorg-configuration-file #:key
+                                  (modules %default-xorg-modules)
+                                  (fonts %default-xorg-fonts)
+                                  (drivers '()) (resolutions '())
                                   (extra-config '()))
   "Return a configuration file for the Xorg server containing search paths for
 all the common drivers.
 
+@var{modules} must be a list of @dfn{module packages} loaded by the Xorg
+server---e.g., @code{xf86-video-vesa}, @code{xf86-input-keyboard}, and so on.
+@var{fonts} must be a list of font directories to add to the server's
+@dfn{font path}.
+
 @var{drivers} must be either the empty list, in which case Xorg chooses a
 graphics driver automatically, or a list of driver names that will be tried in
 this order---e.g., @code{(\"modesetting\" \"vesa\")}.
@@ -84,17 +139,32 @@ appropriate screen resolution; otherwise, it must be a list of
 resolutions---e.g., @code{((1024 768) (640 480))}.
 
 Last, @var{extra-config} is a list of strings or objects appended to the
-@code{mixed-text-file} argument list.  It is used to pass extra text to be
+configuration file.  It is used to pass extra text to be
 added verbatim to the configuration file."
-  (define (device-section driver)
-    (string-append "
+  (define all-modules
+    ;; 'xorg-server' provides 'fbdevhw.so' etc.
+    (append modules (list xorg-server)))
+
+  (define build
+    #~(begin
+        (use-modules (ice-9 match)
+                     (srfi srfi-1)
+                     (srfi srfi-26))
+
+        (call-with-output-file #$output
+          (lambda (port)
+            (define drivers
+              '#$drivers)
+
+            (define (device-section driver)
+              (string-append "
 Section \"Device\"
   Identifier \"device-" driver "\"
   Driver \"" driver "\"
 EndSection"))
 
-  (define (screen-section driver resolutions)
-    (string-append "
+            (define (screen-section driver resolutions)
+              (string-append "
 Section \"Screen\"
   Identifier \"screen-" driver "\"
   Device \"device-" driver "\"
@@ -108,65 +178,56 @@ Section \"Screen\"
   EndSubSection
 EndSection"))
 
-  (apply mixed-text-file "xserver.conf" "
-Section \"Files\"
-  FontPath \"" font-alias "/share/fonts/X11/75dpi\"
-  FontPath \"" font-alias "/share/fonts/X11/100dpi\"
-  FontPath \"" font-alias "/share/fonts/X11/misc\"
-  FontPath \"" font-alias "/share/fonts/X11/cyrillic\"
-  FontPath \"" font-adobe75dpi "/share/fonts/X11/75dpi\"
-  ModulePath \"" xf86-video-vesa "/lib/xorg/modules/drivers\"
-  ModulePath \"" xf86-video-fbdev "/lib/xorg/modules/drivers\"
-  ModulePath \"" xf86-video-ati "/lib/xorg/modules/drivers\"
-  ModulePath \"" xf86-video-cirrus "/lib/xorg/modules/drivers\"
-  ModulePath \"" xf86-video-intel "/lib/xorg/modules/drivers\"
-  ModulePath \"" xf86-video-mach64 "/lib/xorg/modules/drivers\"
-  ModulePath \"" xf86-video-nouveau "/lib/xorg/modules/drivers\"
-  ModulePath \"" xf86-video-nv "/lib/xorg/modules/drivers\"
-  ModulePath \"" xf86-video-sis "/lib/xorg/modules/drivers\"
-
-  # Libinput is the new thing and is recommended over evdev/synaptics
-  # by those who know:
-  # <http://who-t.blogspot.fr/2015/01/xf86-input-libinput-compatibility-with.html>.
-  ModulePath \"" xf86-input-libinput "/lib/xorg/modules/input\"
-
-  ModulePath \"" xf86-input-evdev "/lib/xorg/modules/input\"
-  ModulePath \"" xf86-input-keyboard "/lib/xorg/modules/input\"
-  ModulePath \"" xf86-input-mouse "/lib/xorg/modules/input\"
-  ModulePath \"" xf86-input-synaptics "/lib/xorg/modules/input\"
-  ModulePath \"" xorg-server "/lib/xorg/modules\"
-  ModulePath \"" xorg-server "/lib/xorg/modules/drivers\"
-  ModulePath \"" xorg-server "/lib/xorg/modules/extensions\"
-  ModulePath \"" xorg-server "/lib/xorg/modules/multimedia\"
-EndSection
-
+            (define (expand modules)
+              ;; Append to MODULES the relevant /lib/xorg/modules
+              ;; sub-directories.
+              (append-map (lambda (module)
+                            (filter-map (lambda (directory)
+                                          (let ((full (string-append module
+                                                                     directory)))
+                                            (and (file-exists? full)
+                                                 full)))
+                                        '("/lib/xorg/modules/drivers"
+                                          "/lib/xorg/modules/input"
+                                          "/lib/xorg/modules/multimedia"
+                                          "/lib/xorg/modules/extensions")))
+                          modules))
+
+            (display "Section \"Files\"\n" port)
+            (for-each (lambda (font)
+                        (format port "  FontPath \"~a\"~%" font))
+                      '#$fonts)
+            (for-each (lambda (module)
+                        (format port
+                                "  ModulePath \"~a\"~%"
+                                module))
+                      (append (expand '#$all-modules)
+
+                              ;; For fbdevhw.so and so on.
+                              (list #$(file-append xorg-server
+                                                   "/lib/xorg/modules"))))
+            (display "EndSection\n" port)
+            (display "
 Section \"ServerFlags\"
   Option \"AllowMouseOpenFail\" \"on\"
-EndSection
-"
-  (string-join (map device-section drivers) "\n") "\n"
-  (string-join (map (cut screen-section <> resolutions)
-                    drivers)
-               "\n")
+EndSection\n" port)
 
-  "\n"
-  extra-config))
+            (display (string-join (map device-section drivers) "\n")
+                     port)
+            (newline port)
+            (display (string-join
+                      (map (cut screen-section <> '#$resolutions)
+                           drivers)
+                      "\n")
+                     port)
+            (newline port)
+
+            (for-each (lambda (config)
+                        (display config port))
+                      '#$extra-config)))))
+
+  (computed-file "xserver.conf" build))
 
-(define %default-xorg-modules
-  (list xf86-video-vesa
-        xf86-video-fbdev
-        xf86-video-ati
-        xf86-video-cirrus
-        xf86-video-intel
-        xf86-video-mach64
-        xf86-video-nouveau
-        xf86-video-nv
-        xf86-video-sis
-        xf86-input-libinput
-        xf86-input-evdev
-        xf86-input-keyboard
-        xf86-input-mouse
-        xf86-input-synaptics))
 
 (define (xorg-configuration-directory modules)
   "Return a directory that contains the @code{.conf} files for X.org that
@@ -196,8 +257,9 @@ in @var{modules}."
 
 (define* (xorg-wrapper #:key
                        (guile (canonical-package guile-2.0))
-                       (configuration-file (xorg-configuration-file))
                        (modules %default-xorg-modules)
+                       (configuration-file (xorg-configuration-file
+                                            #:modules modules))
                        (xorg-server xorg-server))
   "Return a derivation that builds a @var{guile} script to start the X server
 from @var{xorg-server}.  @var{configuration-file} is the server configuration
@@ -221,12 +283,16 @@ in place of @code{/usr/bin/X}."
 
 (define* (xorg-start-command #:key
                              (guile (canonical-package guile-2.0))
-                             (configuration-file (xorg-configuration-file))
                              (modules %default-xorg-modules)
+                             (fonts %default-xorg-fonts)
+                             (configuration-file
+                              (xorg-configuration-file #:modules modules
+                                                       #:fonts fonts))
                              (xorg-server xorg-server))
-  "Return a derivation that builds a @code{startx} script in which a number of
-X modules are available.  See @code{xorg-wrapper} for more details on the
-arguments.  The result should be used in place of @code{startx}."
+  "Return a @code{startx} script in which @var{modules}, a list of X module
+packages, and @var{fonts}, a list of X font directories, are available.  See
+@code{xorg-wrapper} for more details on the arguments.  The result should be
+used in place of @code{startx}."
   (define X
     (xorg-wrapper #:guile guile
                   #:configuration-file configuration-file
@@ -245,10 +311,15 @@ arguments.  The result should be used in place of @code{startx}."
                   fallback-session)
   "Return a system-wide xinitrc script that starts the specified X session,
 which should be passed to this script as the first argument.  If not, the
-@var{fallback-session} will be used."
+@var{fallback-session} will be used or, if @var{fallback-session} is false, a
+desktop session from the system or user profile will be used."
   (define builder
     #~(begin
-        (use-modules (ice-9 match))
+        (use-modules (ice-9 match)
+                     (ice-9 regex)
+                     (ice-9 ftw)
+                     (srfi srfi-1)
+                     (srfi srfi-26))
 
         (define (close-all-fdes)
           ;; Close all the open file descriptors except 0 to 2.
@@ -272,16 +343,60 @@ which should be passed to this script as the first argument.  If not, the
             (execl shell shell "--login" "-c"
                    (string-join (cons command args)))))
 
+        (define system-profile
+          "/run/current-system/profile")
+
+        (define user-profile
+          (and=> (getpw (getuid))
+                 (lambda (pw)
+                   (string-append (passwd:dir pw) "/.guix-profile"))))
+
+        (define (xsession-command desktop-file)
+          ;; Read from DESKTOP-FILE its X session command and return it as a
+          ;; list.
+          (define exec-regexp
+            (make-regexp "^[[:blank:]]*Exec=(.*)$"))
+
+          (call-with-input-file desktop-file
+            (lambda (port)
+              (let loop ()
+                (match (read-line port)
+                  ((? eof-object?) #f)
+                  ((= (cut regexp-exec exec-regexp <>) result)
+                   (if result
+                       (string-tokenize (match:substring result 1))
+                       (loop))))))))
+
+        (define (find-session profile)
+          ;; Return an X session command from PROFILE or #f if none was found.
+          (let ((directory (string-append profile "/share/xsessions")))
+            (match (scandir directory
+                            (cut string-suffix? ".desktop" <>))
+              ((or () #f)
+               #f)
+              ((sessions ...)
+               (any xsession-command
+                    (map (cut string-append directory "/" <>)
+                         sessions))))))
+
         (let* ((home          (getenv "HOME"))
                (xsession-file (string-append home "/.xsession"))
                (session       (match (command-line)
-                                ((_)       (list #$fallback-session))
-                                ((_ x ..1) x))))
+                                ((_)
+                                 #$(if fallback-session
+                                       #~(list #$fallback-session)
+                                       #f))
+                                ((_ x ..1)
+                                 x))))
           (if (file-exists? xsession-file)
               ;; Run ~/.xsession when it exists.
-              (apply exec-from-login-shell xsession-file session)
-              ;; Otherwise, start the specified session.
-              (apply exec-from-login-shell session)))))
+              (apply exec-from-login-shell xsession-file
+                     (or session '()))
+              ;; Otherwise, start the specified session or a fallback.
+              (apply exec-from-login-shell
+                     (or session
+                         (find-session user-profile)
+                         (find-session system-profile)))))))
 
   (program-file "xinitrc" builder))
 
@@ -304,19 +419,24 @@ which should be passed to this script as the first argument.  If not, the
   slim-configuration?
   (slim slim-configuration-slim
         (default slim))
-  (allow-empty-passwords? slim-configuration-allow-empty-passwords?)
-  (auto-login? slim-configuration-auto-login?)
-  (default-user slim-configuration-default-user)
-  (theme slim-configuration-theme)
-  (theme-name slim-configuration-theme-name)
+  (allow-empty-passwords? slim-configuration-allow-empty-passwords?
+                          (default #t))
+  (auto-login? slim-configuration-auto-login?
+               (default #f))
+  (default-user slim-configuration-default-user
+                (default ""))
+  (theme slim-configuration-theme
+         (default %default-slim-theme))
+  (theme-name slim-configuration-theme-name
+              (default %default-slim-theme-name))
   (xauth slim-configuration-xauth
          (default xauth))
   (shepherd slim-configuration-shepherd
             (default shepherd))
-  (bash slim-configuration-bash
-        (default bash))
-  (auto-login-session slim-configuration-auto-login-session)
-  (startx slim-configuration-startx))
+  (auto-login-session slim-configuration-auto-login-session
+                      (default #f))
+  (startx slim-configuration-startx
+          (default (xorg-start-command))))
 
 (define (slim-pam-service config)
   "Return a PAM service for @command{slim}."
@@ -391,16 +511,16 @@ reboot_cmd " shepherd "/sbin/reboot\n"
                        ;; Unconditionally add xterm to the system profile, to
                        ;; avoid bad surprises.
                        (service-extension profile-service-type
-                                          (const (list xterm)))))))
+                                          (const (list xterm)))))
+                (default-value (slim-configuration))))
 
-(define* (slim-service #:key (slim slim)
+(define* (slim-service #:key (slim slim)          ;deprecated
                        (allow-empty-passwords? #t) auto-login?
                        (default-user "")
                        (theme %default-slim-theme)
                        (theme-name %default-slim-theme-name)
-                       (xauth xauth) (shepherd shepherd) (bash bash)
-                       (auto-login-session (file-append windowmaker
-                                                        "/bin/wmaker"))
+                       (xauth xauth) (shepherd shepherd)
+                       (auto-login-session #f)
                        (startx (xorg-start-command)))
   "Return a service that spawns the SLiM graphical login manager, which in
 turn starts the X display server with @var{startx}, a command as returned by
@@ -433,7 +553,7 @@ theme."
             (allow-empty-passwords? allow-empty-passwords?)
             (auto-login? auto-login?) (default-user default-user)
             (theme theme) (theme-name theme-name)
-            (xauth xauth) (shepherd shepherd) (bash bash)
+            (xauth xauth) (shepherd shepherd)
             (auto-login-session auto-login-session)
             (startx startx))))
 
diff --git a/gnu/system.scm b/gnu/system.scm
index e2bd8d55b6..1e573a8082 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -588,7 +588,7 @@ export XCURSOR_PATH=$HOME/.icons:$HOME/.guix-profile/share/icons:/run/current-sy
 unset PATH
 
 # Load the system profile's settings.
-GUIX_PROFILE=/run/current-system/profile \\
+GUIX_PROFILE=/run/current-system/profile ; \\
 . /run/current-system/profile/etc/profile
 
 # Prepend setuid programs.
@@ -608,7 +608,7 @@ fi
 if [ -f \"$HOME/.guix-profile/etc/profile\" ]
 then
   # Load the user profile's settings.
-  GUIX_PROFILE=\"$HOME/.guix-profile\" \\
+  GUIX_PROFILE=\"$HOME/.guix-profile\" ; \\
   . \"$HOME/.guix-profile/etc/profile\"
 else
   # At least define this one so that basic things just work
diff --git a/gnu/system/install.scm b/gnu/system/install.scm
index 3a34df26c3..78f2bf3a13 100644
--- a/gnu/system/install.scm
+++ b/gnu/system/install.scm
@@ -30,6 +30,7 @@
   #:use-module (gnu packages admin)
   #:use-module (gnu packages bash)
   #:use-module (gnu packages bootloaders)
+  #:use-module (gnu packages guile)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages ssh)
   #:use-module (gnu packages cryptsetup)
@@ -187,13 +188,13 @@ the user's target storage device rather than on the RAM disk."
 (define %installation-services
   ;; List of services of the installation system.
   (let ((motd (plain-file "motd" "
-Welcome to the installation of the Guix System Distribution!
+\x1b[1;37mWelcome to the installation of the Guix System Distribution!\x1b[0m
 
-There is NO WARRANTY, to the extent permitted by law.  In particular, you may
+\x1b[2mThere is NO WARRANTY, to the extent permitted by law.  In particular, you may
 LOSE ALL YOUR DATA as a side effect of the installation process.  Furthermore,
 it is 'beta' software, so it may contain bugs.
 
-You have been warned.  Thanks for being so brave.
+You have been warned.  Thanks for being so brave.\x1b[0m
 ")))
     (define (normal-tty tty)
       (mingetty-service (mingetty-configuration (tty tty)
@@ -244,10 +245,12 @@ You have been warned.  Thanks for being so brave.
           ;; since it takes the installation directory as an argument.
           (cow-store-service)
 
-          ;; Install Unicode support and a suitable font.
+          ;; Install Unicode support and a suitable font.  Use a font that
+          ;; doesn't have more than 256 glyphs so that we can use colors with
+          ;; varying brightness levels (see note in setfont(8)).
           (service console-font-service-type
                    (map (lambda (tty)
-                          (cons tty %default-console-font))
+                          (cons tty "lat9u-16"))
                         '("tty1" "tty2" "tty3" "tty4" "tty5" "tty6")))
 
           ;; To facilitate copy/paste.
@@ -275,15 +278,21 @@ You have been warned.  Thanks for being so brave.
                                               "/bin/sh"))))
 
           ;; Keep a reference to BARE-BONES-OS to make sure it can be
-          ;; installed without downloading/building anything.
-          (service gc-root-service-type (list bare-bones-os)))))
+          ;; installed without downloading/building anything.  Also keep the
+          ;; things needed by 'profile-derivation' to minimize the amount of
+          ;; download.
+          (service gc-root-service-type
+                   (list bare-bones-os
+                         glibc-utf8-locales
+                         texinfo
+                         (canonical-package guile-2.2))))))
 
 (define %issue
   ;; Greeting.
   "
-This is an installation image of the GNU system.  Welcome.
+\x1b[1;37mThis is an installation image of the GNU system.  Welcome.\x1b[0m
 
-Use Alt-F2 for documentation.
+\x1b[1;33mUse Alt-F2 for documentation.\x1b[0m
 ")
 
 (define installation-os
diff --git a/gnu/system/uuid.scm b/gnu/system/uuid.scm
index eaddfaed05..73695ddeb8 100644
--- a/gnu/system/uuid.scm
+++ b/gnu/system/uuid.scm
@@ -237,7 +237,7 @@ corresponding bytevector; otherwise return #f."
 ;; This is necessary to serialize bytevectors with the right printer in some
 ;; circumstances.  For instance, GRUB "search --fs-uuid" command compares the
 ;; string representation of UUIDs, not the raw bytes; thus, when emitting a
-;; GRUB 'search' command, we need to procedure the right string representation
+;; GRUB 'search' command, we need to produce the right string representation
 ;; (see <https://debbugs.gnu.org/cgi/bugreport.cgi?msg=52;att=0;bug=27735>).
 (define-record-type <uuid>
   (make-uuid type bv)
diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm
index 44246083b3..d754ac76f0 100644
--- a/gnu/system/vm.scm
+++ b/gnu/system/vm.scm
@@ -29,6 +29,7 @@
   #:use-module (guix monads)
   #:use-module (guix records)
   #:use-module (guix modules)
+  #:use-module (guix utils)
 
   #:use-module ((gnu build vm)
                 #:select (qemu-command))
@@ -277,7 +278,8 @@ the image."
      #~(begin
          (use-modules (gnu build vm)
                       (guix build utils)
-                      (srfi srfi-26))
+                      (srfi srfi-26)
+                      (ice-9 binary-ports))
 
          (let ((inputs
                 '#$(append (list qemu parted e2fsprogs dosfstools)
@@ -312,26 +314,35 @@ the image."
                                              graphs)))
                                     (- disk-image-size
                                        (* 50 (expt 2 20)))))
-                  (partitions (list (partition
-                                     (size root-size)
-                                     (label #$file-system-label)
-                                     (uuid #$(and=> file-system-uuid
-                                                    uuid-bytevector))
-                                     (file-system #$file-system-type)
-                                     (flags '(boot))
-                                     (initializer initialize))
-                                    ;; Append a small EFI System Partition for
-                                    ;; use with UEFI bootloaders.
-                                    (partition
-                                     ;; The standalone grub image is about 10MiB, but
-                                     ;; leave some room for custom or multiple images.
-                                     (size (* 40 (expt 2 20)))
-                                     (label "GNU-ESP")             ;cosmetic only
-                                     ;; Use "vfat" here since this property is used
-                                     ;; when mounting. The actual FAT-ness is based
-                                     ;; on filesystem size (16 in this case).
-                                     (file-system "vfat")
-                                     (flags '(esp))))))
+                  (partitions
+                   (append
+                    (list (partition
+                           (size root-size)
+                           (label #$file-system-label)
+                           (uuid #$(and=> file-system-uuid
+                                          uuid-bytevector))
+                           (file-system #$file-system-type)
+                           (flags '(boot))
+                           (initializer initialize)))
+                    ;; Append a small EFI System Partition for use with UEFI
+                    ;; bootloaders if we are not targeting ARM because UEFI
+                    ;; support in U-Boot is experimental.
+                    ;;
+                    ;; FIXME: ‘target-arm32?’ may be not operate on the right
+                    ;; system/target values.  Rewrite using ‘let-system’ when
+                    ;; available.
+                    (if #$(target-arm32?)
+                        '()
+                        (list (partition
+                               ;; The standalone grub image is about 10MiB, but
+                               ;; leave some room for custom or multiple images.
+                               (size (* 40 (expt 2 20)))
+                               (label "GNU-ESP")             ;cosmetic only
+                               ;; Use "vfat" here since this property is used
+                               ;; when mounting. The actual FAT-ness is based
+                               ;; on filesystem size (16 in this case).
+                               (file-system "vfat")
+                               (flags '(esp))))))))
              (initialize-hard-disk "/dev/vda"
                                    #:partitions partitions
                                    #:grub-efi #$grub-efi
@@ -423,7 +434,8 @@ to USB sticks meant to be read-only."
               ;; install QEMU networking or anything like that.  Assume USB
               ;; mass storage devices (usb-storage.ko) are available.
               (initrd (lambda (file-systems . rest)
-                        (apply base-initrd file-systems
+                        (apply (operating-system-initrd os)
+                               file-systems
                                #:volatile-root? #t
                                rest)))
 
@@ -488,7 +500,8 @@ of the GNU system as described by OS."
   (let ((os (operating-system (inherit os)
               ;; Use an initrd with the whole QEMU shebang.
               (initrd (lambda (file-systems . rest)
-                        (apply base-initrd file-systems
+                        (apply (operating-system-initrd os)
+                               file-systems
                                #:virtio? #t
                                rest)))
 
@@ -552,7 +565,13 @@ environment with the store shared with the host.  MAPPINGS is a list of
                 (or (string=? target (%store-prefix))
                     (string=? target "/")
                     (and (eq? 'device (file-system-title fs))
-                         (string-prefix? "/dev/" source)))))
+                         (string-prefix? "/dev/" source))
+
+                    ;; Labels and UUIDs are necessarily invalid in the VM.
+                    (and (file-system-mount? fs)
+                         (or (eq? 'label (file-system-title fs))
+                             (eq? 'uuid (file-system-title fs))
+                             (uuid? source))))))
             (operating-system-file-systems os)))
 
   (define virtual-file-systems
@@ -574,7 +593,8 @@ environment with the store shared with the host.  MAPPINGS is a list of
                   (target "/dev/vda")))
 
     (initrd (lambda (file-systems . rest)
-              (apply base-initrd file-systems
+              (apply (operating-system-initrd os)
+                     file-systems
                      #:volatile-root? #t
                      #:virtio? #t
                      rest)))
diff --git a/gnu/tests/messaging.scm b/gnu/tests/messaging.scm
index 0ba0c839de..60e2f332a3 100644
--- a/gnu/tests/messaging.scm
+++ b/gnu/tests/messaging.scm
@@ -146,6 +146,7 @@
 
 (define %test-prosody
   (let* ((config (prosody-configuration
+                  (disable-sasl-mechanisms '())
                   (virtualhosts
                    (list
                     (virtualhost-configuration
diff --git a/gnu/tests/version-control.scm b/gnu/tests/version-control.scm
index 5a3937cfed..2cbacf0ef9 100644
--- a/gnu/tests/version-control.scm
+++ b/gnu/tests/version-control.scm
@@ -30,14 +30,39 @@
   #:use-module (gnu packages version-control)
   #:use-module (guix gexp)
   #:use-module (guix store)
-  #:export (%test-cgit))
+  #:use-module (guix modules)
+  #:export (%test-cgit
+            %test-git-http))
+
+(define README-contents
+  "Hello!  This is what goes inside the 'README' file.")
 
 (define %make-git-repository
   ;; Create Git repository in /srv/git/test.
-  #~(begin
-      (mkdir-p "/srv/git/test")
-      (system* (string-append #$git "/bin/git") "-C" "/srv/git/test"
-               "init" "--bare")))
+  (with-imported-modules (source-module-closure
+                          '((guix build utils)))
+    #~(begin
+        (use-modules (guix build utils))
+
+        (let ((git (string-append #$git "/bin/git")))
+          (mkdir-p "/tmp/test-repo")
+          (with-directory-excursion "/tmp/test-repo"
+            (call-with-output-file "/tmp/test-repo/README"
+              (lambda (port)
+                (display #$README-contents port)))
+            (invoke git "config" "--global" "user.email" "charlie@example.org")
+            (invoke git "config" "--global" "user.name" "A U Thor")
+            (invoke git "init")
+            (invoke git "add" ".")
+            (invoke git "commit" "-m" "That's a commit."))
+
+          (mkdir-p "/srv/git")
+          (rename-file "/tmp/test-repo/.git" "/srv/git/test")))))
+
+(define %test-repository-service
+  ;; Service that creates /srv/git/test.
+  (simple-service 'make-git-repository activation-service-type
+                  %make-git-repository))
 
 (define %cgit-configuration-nginx
   (list
@@ -68,8 +93,7 @@
           (service cgit-service-type
                    (cgit-configuration
                     (nginx %cgit-configuration-nginx)))
-          (simple-service 'make-git-repository activation-service-type
-                          %make-git-repository))))
+          %test-repository-service)))
     (operating-system
       (inherit base-os)
       (packages (cons* git
@@ -161,7 +185,9 @@ HTTP-PORT."
             (test-url "/test")
             (test-url "/test/log")
             (test-url "/test/tree")
+            (test-url "/test/tree/README")
             (test-url "/test/does-not-exist" 404)
+            (test-url "/test/tree/does-not-exist" 404)
             (test-url "/does-not-exist" 404))
 
           (test-end)
@@ -174,3 +200,94 @@ HTTP-PORT."
    (name "cgit")
    (description "Connect to a running Cgit server.")
    (value (run-cgit-test))))
+
+
+;;;
+;;; Git server.
+;;;
+
+(define %git-nginx-configuration
+  (nginx-configuration
+   (server-blocks
+    (list
+     (nginx-server-configuration
+      (http-port 19418)
+      (https-port #f)
+      (ssl-certificate #f)
+      (ssl-certificate-key #f)
+      (locations
+       (list (git-http-nginx-location-configuration
+              (git-http-configuration (export-all? #t)
+                                      (uri-path "/git"))))))))))
+
+(define %git-http-os
+  (simple-operating-system
+   (dhcp-client-service)
+   (service fcgiwrap-service-type)
+   (service nginx-service-type %git-nginx-configuration)
+   %test-repository-service))
+
+(define* (run-git-http-test #:optional (http-port 19418))
+  (define os
+    (marionette-operating-system
+     %git-http-os
+     #:imported-modules '((gnu services herd)
+                          (guix combinators))))
+
+  (define vm
+    (virtual-machine
+     (operating-system os)
+     (port-forwardings `((8080 . ,http-port)))))
+
+  (define test
+    (with-imported-modules '((gnu build marionette)
+                             (guix build utils))
+      #~(begin
+          (use-modules (srfi srfi-64)
+                       (rnrs io ports)
+                       (gnu build marionette)
+                       (guix build utils))
+
+          (define marionette
+            (make-marionette (list #$vm)))
+
+          (mkdir #$output)
+          (chdir #$output)
+
+          (test-begin "git-http")
+
+          ;; Wait for nginx to be up and running.
+          (test-eq "nginx running"
+            'running!
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (start-service 'nginx)
+                'running!)
+             marionette))
+
+          ;; Make sure Git test repository is created.
+          (test-assert "Git test repository"
+            (marionette-eval
+             '(file-exists? "/srv/git/test")
+             marionette))
+
+          ;; Make sure we can clone the repo from the host.
+          (test-equal "clone"
+            '#$README-contents
+            (begin
+              (invoke #$(file-append git "/bin/git") "clone" "-v"
+                      "http://localhost:8080/git/test" "/tmp/clone")
+              (call-with-input-file "/tmp/clone/README"
+                get-string-all)))
+
+          (test-end)
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+  (gexp->derivation "git-http" test))
+
+(define %test-git-http
+  (system-test
+   (name "git-http")
+   (description "Connect to a running Git HTTP server.")
+   (value (run-git-http-test))))
diff --git a/guix/build-system/scons.scm b/guix/build-system/scons.scm
new file mode 100644
index 0000000000..da09cc7ded
--- /dev/null
+++ b/guix/build-system/scons.scm
@@ -0,0 +1,134 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (guix build-system scons)
+  #:use-module (guix utils)
+  #:use-module (guix packages)
+  #:use-module (guix derivations)
+  #:use-module (guix search-paths)
+  #:use-module (guix build-system)
+  #:use-module (guix build-system gnu)
+  #:use-module (ice-9 match)
+  #:export (%scons-build-system-modules
+            scons-build
+            scons-build-system))
+
+;; Commentary:
+;;
+;; Standard build procedure for applications using SCons. This is implemented
+;; as an extension of 'gnu-build-system'.
+;;
+;; Code:
+
+(define %scons-build-system-modules
+  ;; Build-side modules imported by default.
+  `((guix build scons-build-system)
+    ,@%gnu-build-system-modules))
+
+(define (default-scons)
+  "Return the default SCons package."
+  ;; Lazily resolve the binding to avoid a circular dependency.
+  (let ((python (resolve-interface '(gnu packages python))))
+    (module-ref python 'scons)))
+
+(define* (lower name
+                #:key source inputs native-inputs outputs system target
+                (scons (default-scons))
+                #:allow-other-keys
+                #:rest arguments)
+  "Return a bag for NAME."
+  (define private-keywords
+    '(#:source #:target #:scons #:inputs #:native-inputs))
+
+  (and (not target)                               ;XXX: no cross-compilation
+       (bag
+         (name name)
+         (system system)
+         (host-inputs `(,@(if source
+                              `(("source" ,source))
+                              '())
+                        ,@inputs
+
+                        ;; Keep the standard inputs of 'gnu-build-system'.
+                        ,@(standard-packages)))
+         (build-inputs `(("scons" ,scons)
+                         ,@native-inputs))
+         (outputs outputs)
+         (build scons-build)
+         (arguments (strip-keyword-arguments private-keywords arguments)))))
+
+(define* (scons-build store name inputs
+                      #:key
+                      (tests? #t)
+                      (scons-flags ''())
+                      (test-target "test")
+                      (phases '(@ (guix build scons-build-system)
+                                  %standard-phases))
+                      (outputs '("out"))
+                      (search-paths '())
+                      (system (%current-system))
+                      (guile #f)
+                      (imported-modules %scons-build-system-modules)
+                      (modules '((guix build scons-build-system)
+                                 (guix build utils))))
+  "Build SOURCE using SCons, and with INPUTS.  This assumes that SOURCE
+provides a 'SConstruct' file as its build system."
+  (define builder
+    `(begin
+       (use-modules ,@modules)
+       (scons-build #:name ,name
+                    #:source ,(match (assoc-ref inputs "source")
+                                (((? derivation? source))
+                                 (derivation->output-path source))
+                                ((source)
+                                 source)
+                                (source
+                                 source))
+                    #:scons-flags ,scons-flags
+                    #:system ,system
+                    #:test-target ,test-target
+                    #:tests? ,tests?
+                    #:phases ,phases
+                    #:outputs %outputs
+                    #:search-paths ',(map search-path-specification->sexp
+                                          search-paths)
+                    #:inputs %build-inputs)))
+
+  (define guile-for-build
+    (match guile
+      ((? package?)
+       (package-derivation store guile system #:graft? #f))
+      (#f                                         ; the default
+       (let* ((distro (resolve-interface '(gnu packages commencement)))
+              (guile  (module-ref distro 'guile-final)))
+         (package-derivation store guile system #:graft? #f)))))
+
+  (build-expression->derivation store name builder
+                                #:inputs inputs
+                                #:system system
+                                #:modules imported-modules
+                                #:outputs outputs
+                                #:guile-for-build guile-for-build))
+
+(define scons-build-system
+  (build-system
+    (name 'scons)
+    (description "The standard SCons build system")
+    (lower lower)))
+
+;;; scons.scm ends here
diff --git a/guix/build/compile.scm b/guix/build/compile.scm
index 8b5a2faf84..1bd8c60fe5 100644
--- a/guix/build/compile.scm
+++ b/guix/build/compile.scm
@@ -163,7 +163,11 @@ files are for HOST, a GNU triplet such as \"x86_64-linux-gnu\"."
       ;; compile files in parallel.
       (compile #f)
 
-      (n-par-for-each workers build files)
+      ;; XXX: Don't use too many workers to work around the insane memory
+      ;; requirements of the compiler in Guile 2.2.2:
+      ;; <https://lists.gnu.org/archive/html/guile-devel/2017-05/msg00033.html>.
+      (n-par-for-each (min workers 8) build files)
+
       (unless (zero? total)
         (report-compilation #f total total)))))
 
diff --git a/guix/build/profiles.scm b/guix/build/profiles.scm
index 5c96fe9067..b4160fba1b 100644
--- a/guix/build/profiles.scm
+++ b/guix/build/profiles.scm
@@ -82,7 +82,7 @@ definitions for all the SEARCH-PATHS."
 # for this profile.  You may want to define the 'GUIX_PROFILE' environment
 # variable to point to the \"visible\" name of the profile, like this:
 #
-#  GUIX_PROFILE=/path/to/profile \\
+#  GUIX_PROFILE=/path/to/profile ; \\
 #  source /path/to/profile/etc/profile
 #
 # When GUIX_PROFILE is undefined, the various environment variables refer
diff --git a/guix/build/scons-build-system.scm b/guix/build/scons-build-system.scm
new file mode 100644
index 0000000000..a8760968d8
--- /dev/null
+++ b/guix/build/scons-build-system.scm
@@ -0,0 +1,65 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (guix build scons-build-system)
+  #:use-module ((guix build gnu-build-system) #:prefix gnu:)
+  #:use-module (guix build utils)
+  #:export (%standard-phases
+            scons-build))
+
+;; Commentary:
+;;
+;; Builder-side code of the SCons build system.
+;;
+;; Code:
+
+(define* (build #:key outputs (scons-flags '()) (parallel-build? #t) #:allow-other-keys)
+  (let ((out (assoc-ref outputs "out")))
+    (mkdir-p out)
+    (zero? (apply system* "scons"
+                  (append (if parallel-build?
+                              (list "-j" (number->string
+                                          (parallel-job-count)))
+                              (list))
+                          scons-flags)))))
+
+(define* (check #:key tests? test-target (scons-flags '()) #:allow-other-keys)
+  "Run the test suite of a given SCons application."
+  (cond (tests?
+         (zero? (apply system* "scons" test-target scons-flags)))
+        (else
+         (format #t "test suite not run~%")
+         #t)))
+
+(define* (install #:key outputs (scons-flags '()) #:allow-other-keys)
+  "Install a given SCons application."
+  (zero? (apply system* "scons" "install" scons-flags)))
+
+(define %standard-phases
+  (modify-phases gnu:%standard-phases
+    (delete 'configure)
+    (replace 'build build)
+    (replace 'check check)
+    (replace 'install install)))
+
+(define* (scons-build #:key inputs (phases %standard-phases)
+                       #:allow-other-keys #:rest args)
+  "Build a given SCons application, applying all of PHASES in order."
+  (apply gnu:gnu-build #:inputs inputs #:phases phases args))
+
+;;; scons-build-system.scm ends here
diff --git a/guix/build/union.scm b/guix/build/union.scm
index 18167fa3e3..256123c566 100644
--- a/guix/build/union.scm
+++ b/guix/build/union.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2017 Huang Ying <huang.ying.caritas@gmail.com>
 ;;;
@@ -78,11 +78,12 @@ identical, #f otherwise."
 
 (define* (union-build output inputs
                       #:key (log-port (current-error-port))
-                      (create-all-directories? #f))
+                      (create-all-directories? #f)
+                      (symlink symlink))
   "Build in the OUTPUT directory a symlink tree that is the union of all the
-INPUTS.  As a special case, if CREATE-ALL-DIRECTORIES?, creates the
-subdirectories in the output directory to make sure the caller can modify them
-later."
+INPUTS, using SYMLINK to create symlinks.  As a special case, if
+CREATE-ALL-DIRECTORIES?, creates the subdirectories in the output directory to
+make sure the caller can modify them later."
 
   (define (symlink* input output)
     (format log-port "`~a' ~~> `~a'~%" input output)
diff --git a/guix/gexp.scm b/guix/gexp.scm
index b9525603ee..1929947d95 100644
--- a/guix/gexp.scm
+++ b/guix/gexp.scm
@@ -564,6 +564,7 @@ names and file names suitable for the #:allowed-references argument to
                            allowed-references disallowed-references
                            leaked-env-vars
                            local-build? (substitutable? #t)
+                           deprecation-warnings
                            (script-name (string-append name "-builder")))
   "Return a derivation NAME that runs EXP (a gexp) with GUILE-FOR-BUILD (a
 derivation) on SYSTEM; EXP is stored in a file called SCRIPT-NAME.  When
@@ -599,6 +600,9 @@ refer to.  Any reference to another store item will lead to a build error.
 Similarly for DISALLOWED-REFERENCES, which can list items that must not be
 referenced by the outputs.
 
+DEPRECATION-WARNINGS determines whether to show deprecation warnings while
+compiling modules.  It can be #f, #t, or 'detailed.
+
 The other arguments are as for 'derivation'."
   (define %modules
     (delete-duplicates
@@ -648,7 +652,9 @@ The other arguments are as for 'derivation'."
                                      (compiled-modules %modules
                                                        #:system system
                                                        #:module-path module-path
-                                                       #:guile guile-for-build)
+                                                       #:guile guile-for-build
+                                                       #:deprecation-warnings
+                                                       deprecation-warnings)
                                      (return #f)))
                        (graphs   (if references-graphs
                                      (lower-reference-graphs references-graphs
@@ -1023,7 +1029,8 @@ last one is created from the given <scheme-file> object."
                            #:key (name "module-import-compiled")
                            (system (%current-system))
                            (guile (%guile-for-build))
-                           (module-path %load-path))
+                           (module-path %load-path)
+                           (deprecation-warnings #f))
   "Return a derivation that builds a tree containing the `.go' files
 corresponding to MODULES.  All the MODULES are built in a context where
 they can refer to each other."
@@ -1073,7 +1080,15 @@ they can refer to each other."
     (gexp->derivation name build
                       #:system system
                       #:guile-for-build guile
-                      #:local-build? #t)))
+                      #:local-build? #t
+                      #:env-vars
+                      (case deprecation-warnings
+                        ((#f)
+                         '(("GUILE_WARN_DEPRECATED" . "no")))
+                        ((detailed)
+                         '(("GUILE_WARN_DEPRECATED" . "detailed")))
+                        (else
+                         '())))))
 
 
 ;;;
@@ -1081,10 +1096,12 @@ they can refer to each other."
 ;;;
 
 (define (default-guile)
-  ;; Lazily resolve 'guile-final'.  This module must not refer to (gnu …)
+  ;; Lazily resolve 'guile-2.2' (not 'guile-final' because this is for
+  ;; programs returned by 'program-file' and we don't want to keep references
+  ;; to several Guile packages).  This module must not refer to (gnu …)
   ;; modules directly, to avoid circular dependencies, hence this hack.
-  (module-ref (resolve-interface '(gnu packages commencement))
-              'guile-final))
+  (module-ref (resolve-interface '(gnu packages guile))
+              'guile-2.2))
 
 (define (load-path-expression modules)
   "Return as a monadic value a gexp that sets '%load-path' and
@@ -1204,13 +1221,30 @@ This yields an 'etc' directory containing these two files."
                                          (ungexp target))))))
                           files))))))
 
-(define (directory-union name things)
+(define* (directory-union name things
+                          #:key (copy? #f) (quiet? #f))
   "Return a directory that is the union of THINGS, where THINGS is a list of
 file-like objects denoting directories.  For example:
 
   (directory-union \"guile+emacs\" (list guile emacs))
 
-yields a directory that is the union of the 'guile' and 'emacs' packages."
+yields a directory that is the union of the 'guile' and 'emacs' packages.
+
+When HARD-LINKS? is true, create hard links instead of symlinks.  When QUIET?
+is true, the derivation will not print anything."
+  (define symlink
+    (if copy?
+        (gexp (lambda (old new)
+                (if (file-is-directory? old)
+                    (symlink old new)
+                    (copy-file old new))))
+        (gexp symlink)))
+
+  (define log-port
+    (if quiet?
+        (gexp (%make-void-port "w"))
+        (gexp (current-error-port))))
+
   (match things
     ((one)
      ;; Only one thing; return it.
@@ -1221,7 +1255,10 @@ yields a directory that is the union of the 'guile' and 'emacs' packages."
                       (gexp (begin
                               (use-modules (guix build union))
                               (union-build (ungexp output)
-                                           '(ungexp things)))))))))
+                                           '(ungexp things)
+
+                                           #:log-port (ungexp log-port)
+                                           #:symlink (ungexp symlink)))))))))
 
 
 ;;;
diff --git a/guix/git.scm b/guix/git.scm
index 7a83b56216..fc41e2ace3 100644
--- a/guix/git.scm
+++ b/guix/git.scm
@@ -80,11 +80,17 @@ of SHA1 string."
    "-" (string-take sha1 7)))
 
 (define* (copy-to-store store cache-directory #:key url repository)
-  "Copy items in cache-directory to store.  URL and REPOSITORY are used
-to forge store directory name."
+  "Copy CACHE-DIRECTORY recursively to STORE.  URL and REPOSITORY are used to
+create the store directory name."
+  (define (dot-git? file stat)
+    (and (string=? (basename file) ".git")
+         (eq? 'directory (stat:type stat))))
+
   (let* ((commit (repository->head-sha1 repository))
          (name   (url+commit->name url commit)))
-    (values (add-to-store store name #t "sha256" cache-directory) commit)))
+    (values (add-to-store store name #t "sha256" cache-directory
+                          #:select? (negate dot-git?))
+            commit)))
 
 (define (switch-to-ref repository ref)
   "Switch to REPOSITORY's branch, commit or tag specified by REF."
diff --git a/guix/gnu-maintenance.scm b/guix/gnu-maintenance.scm
index 0de36f2f71..00e80bc79f 100644
--- a/guix/gnu-maintenance.scm
+++ b/guix/gnu-maintenance.scm
@@ -335,9 +335,6 @@ return the corresponding signature URL, or #f it signatures are unavailable."
     (if (version>? (upstream-source-version a) (upstream-source-version b))
         a b))
 
-  (define contains-digit?
-    (cut string-any char-set:digit <>))
-
   (define patch-directory-name?
     ;; Return #t for patch directory names such as 'bash-4.2-patches'.
     (cut string-suffix? "patches" <>))
@@ -361,8 +358,7 @@ return the corresponding signature URL, or #f it signatures are unavailable."
              (result    #f))
     (let* ((entries (ftp-list conn directory))
 
-           ;; Filter out sub-directories that do not contain digits---e.g.,
-           ;; /gnuzilla/lang and /gnupg/patches.  Filter out "w32"
+           ;; Filter out things like /gnupg/patches.  Filter out "w32"
            ;; directories as found on ftp.gnutls.org.
            (subdirs (filter-map (match-lambda
                                   (((? patch-directory-name? dir)
@@ -370,8 +366,8 @@ return the corresponding signature URL, or #f it signatures are unavailable."
                                    #f)
                                   (("w32" 'directory . _)
                                    #f)
-                                  (((? contains-digit? dir) 'directory . _)
-                                   (and (keep-file? dir) dir))
+                                  ((directory 'directory . _)
+                                   directory)
                                   (_ #f))
                                 entries))
 
diff --git a/guix/packages.scm b/guix/packages.scm
index 35f9b685a3..d3f3cf0fdd 100644
--- a/guix/packages.scm
+++ b/guix/packages.scm
@@ -609,6 +609,7 @@ specifies modules in scope when evaluating SNIPPET."
       (gexp->derivation name build
                         #:graft? #f
                         #:system system
+                        #:deprecation-warnings #t ;to avoid a rebuild
                         #:guile-for-build guile-for-build))))
 
 (define (transitive-inputs inputs)
diff --git a/guix/profiles.scm b/guix/profiles.scm
index 51c330b323..07fe2faa3c 100644
--- a/guix/profiles.scm
+++ b/guix/profiles.scm
@@ -1118,82 +1118,80 @@ the entries in MANIFEST."
     (module-ref (resolve-interface '(gnu packages man)) 'man-db))
 
   (define build
-    #~(begin
-        (use-modules (guix build utils)
-                     (srfi srfi-1)
-                     (srfi srfi-19)
-                     (srfi srfi-26))
-
-        (define entries
-          (filter-map (lambda (directory)
-                        (let ((man (string-append directory "/share/man")))
-                          (and (directory-exists? man)
-                               man)))
-                      '#$(manifest-inputs manifest)))
-
-        (define manpages-collection-dir
-          (string-append (getenv "PWD") "/manpages-collection"))
-
-        (define man-directory
-          (string-append #$output "/share/man"))
-
-        (define (get-manpage-tail-path manpage-path)
-          (let ((index (string-contains manpage-path "/share/man/")))
-            (unless index
-              (error "Manual path doesn't contain \"/share/man/\":"
-                     manpage-path))
-            (string-drop manpage-path (+ index (string-length "/share/man/")))))
-
-        (define (populate-manpages-collection-dir entries)
-          (let ((manpages (append-map (cut find-files <> #:stat stat) entries)))
-            (for-each (lambda (manpage)
-                        (let* ((dest-file (string-append
-                                           manpages-collection-dir "/"
-                                           (get-manpage-tail-path manpage))))
-                          (mkdir-p (dirname dest-file))
-                          (catch 'system-error
-                            (lambda ()
-                              (symlink manpage dest-file))
-                            (lambda args
-                              ;; Different packages may contain the same
-                              ;; manpage.  Simply ignore the symlink error.
-                              #t))))
-                      manpages)))
-
-        (mkdir-p manpages-collection-dir)
-        (populate-manpages-collection-dir entries)
-
-        ;; Create a mandb config file which contains a custom made
-        ;; manpath. The associated catpath is the location where the database
-        ;; gets generated.
-        (copy-file #+(file-append man-db "/etc/man_db.conf")
-                   "man_db.conf")
-        (substitute* "man_db.conf"
-          (("MANDB_MAP	/usr/man		/var/cache/man/fsstnd")
-           (string-append "MANDB_MAP " manpages-collection-dir " "
-                          man-directory)))
-
-        (mkdir-p man-directory)
-        (setenv "MANPATH" (string-join entries ":"))
-
-        (format #t "Creating manual page database for ~a packages... "
-                (length entries))
-        (force-output)
-        (let* ((start-time (current-time))
-               (exit-status (system* #+(file-append man-db "/bin/mandb")
-                                    "--quiet" "--create"
-                                    "-C" "man_db.conf"))
-               (duration (time-difference (current-time) start-time)))
-          (format #t "done in ~,3f s~%"
-                  (+ (time-second duration)
-                     (* (time-nanosecond duration) (expt 10 -9))))
+    (with-imported-modules '((guix build utils))
+      #~(begin
+          (use-modules (guix build utils)
+                       (srfi srfi-1)
+                       (srfi srfi-19)
+                       (srfi srfi-26))
+
+          (define entries
+            (filter-map (lambda (directory)
+                          (let ((man (string-append directory "/share/man")))
+                            (and (directory-exists? man)
+                                 man)))
+                        '#$(manifest-inputs manifest)))
+
+          (define manpages-collection-dir
+            (string-append (getenv "PWD") "/manpages-collection"))
+
+          (define man-directory
+            (string-append #$output "/share/man"))
+
+          (define (get-manpage-tail-path manpage-path)
+            (let ((index (string-contains manpage-path "/share/man/")))
+              (unless index
+                (error "Manual path doesn't contain \"/share/man/\":"
+                       manpage-path))
+              (string-drop manpage-path (+ index (string-length "/share/man/")))))
+
+          (define (populate-manpages-collection-dir entries)
+            (let ((manpages (append-map (cut find-files <> #:stat stat) entries)))
+              (for-each (lambda (manpage)
+                          (let* ((dest-file (string-append
+                                             manpages-collection-dir "/"
+                                             (get-manpage-tail-path manpage))))
+                            (mkdir-p (dirname dest-file))
+                            (catch 'system-error
+                              (lambda ()
+                                (symlink manpage dest-file))
+                              (lambda args
+                                ;; Different packages may contain the same
+                                ;; manpage.  Simply ignore the symlink error.
+                                #t))))
+                        manpages)))
+
+          (mkdir-p manpages-collection-dir)
+          (populate-manpages-collection-dir entries)
+
+          ;; Create a mandb config file which contains a custom made
+          ;; manpath. The associated catpath is the location where the database
+          ;; gets generated.
+          (copy-file #+(file-append man-db "/etc/man_db.conf")
+                     "man_db.conf")
+          (substitute* "man_db.conf"
+            (("MANDB_MAP	/usr/man		/var/cache/man/fsstnd")
+             (string-append "MANDB_MAP " manpages-collection-dir " "
+                            man-directory)))
+
+          (mkdir-p man-directory)
+          (setenv "MANPATH" (string-join entries ":"))
+
+          (format #t "Creating manual page database for ~a packages... "
+                  (length entries))
           (force-output)
-          (zero? exit-status))))
+          (let* ((start-time (current-time))
+                 (exit-status (system* #+(file-append man-db "/bin/mandb")
+                                       "--quiet" "--create"
+                                       "-C" "man_db.conf"))
+                 (duration (time-difference (current-time) start-time)))
+            (format #t "done in ~,3f s~%"
+                    (+ (time-second duration)
+                       (* (time-nanosecond duration) (expt 10 -9))))
+            (force-output)
+            (zero? exit-status)))))
 
   (gexp->derivation "manual-database" build
-                    #:modules '((guix build utils)
-                                (srfi srfi-19)
-                                (srfi srfi-26))
                     #:local-build? #t))
 
 (define %default-profile-hooks
@@ -1294,6 +1292,9 @@ are cross-built for TARGET."
                       #:system system
                       #:target target
 
+                      ;; Don't complain about _IO* on Guile 2.2.
+                      #:env-vars '(("GUILE_WARN_DEPRECATED" . "no"))
+
                       ;; Not worth offloading.
                       #:local-build? #t
 
diff --git a/guix/progress.scm b/guix/progress.scm
index beca2c22a6..0ca5c08782 100644
--- a/guix/progress.scm
+++ b/guix/progress.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2015 Steve Sprang <scs@stevesprang.com>
+;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -30,8 +31,13 @@
             progress-reporter?
             call-with-progress-reporter
 
+            start-progress-reporter!
+            stop-progress-reporter!
+            progress-reporter-report!
+
             progress-reporter/silent
             progress-reporter/file
+            progress-reporter/bar
 
             byte-count->string
             current-terminal-columns
@@ -58,6 +64,24 @@ stopped."
     (($ <progress-reporter> start report stop)
      (dynamic-wind start (lambda () (proc report)) stop))))
 
+(define (start-progress-reporter! reporter)
+  "Low-level procedure to start REPORTER."
+  (match reporter
+    (($ <progress-reporter> start report stop)
+     (start))))
+
+(define (progress-reporter-report! reporter)
+  "Low-level procedure to lead REPORTER to emit a report."
+  (match reporter
+    (($ <progress-reporter> start report stop)
+     (report))))
+
+(define (stop-progress-reporter! reporter)
+  "Low-level procedure to stop REPORTER."
+  (match reporter
+    (($ <progress-reporter> start report stop)
+     (stop))))
+
 (define progress-reporter/silent
   (make-progress-reporter noop noop noop))
 
@@ -146,13 +170,19 @@ INTERVAL (a time-duration object), otherwise does nothing and returns #f."
 (define* (progress-bar % #:optional (bar-width 20))
   "Return % as a string representing an ASCII-art progress bar.  The total
 width of the bar is BAR-WIDTH."
-  (let* ((fraction (/ % 100))
+  (let* ((bar-width (max 3 (- bar-width 2)))
+         (fraction (/ % 100))
          (filled   (inexact->exact (floor (* fraction bar-width))))
          (empty    (- bar-width filled)))
     (format #f "[~a~a]"
             (make-string filled #\#)
             (make-string empty #\space))))
 
+(define (erase-in-line port)
+  "Write an ANSI erase-in-line sequence to PORT to erase the whole line and
+move the cursor to the beginning of the line."
+  (display "\r\x1b[K" port))
+
 (define* (progress-reporter/file file size
                                  #:optional (log-port (current-output-port))
                                  #:key (abbreviation basename))
@@ -176,7 +206,7 @@ ABBREVIATION used to shorten FILE for display."
                                      (byte-count->string throughput)
                                      (seconds->string elapsed)
                                      (progress-bar %) %)))
-            (display "\r\x1b[K" log-port)
+            (erase-in-line log-port)
             (display (string-pad-middle left right
                                         (current-terminal-columns))
                      log-port)
@@ -188,7 +218,7 @@ ABBREVIATION used to shorten FILE for display."
                                      (byte-count->string throughput)
                                      (seconds->string elapsed)
                                      (byte-count->string transferred))))
-            (display "\r\x1b[K" log-port)
+            (erase-in-line log-port)
             (display (string-pad-middle left right
                                         (current-terminal-columns))
                      log-port)
@@ -206,6 +236,39 @@ ABBREVIATION used to shorten FILE for display."
      ;; Don't miss the last report.
      (stop render))))
 
+(define* (progress-reporter/bar total
+                                #:optional
+                                (prefix "")
+                                (port (current-error-port)))
+  "Return a reporter that shows a progress bar every time one of the TOTAL
+tasks is performed.  Write PREFIX at the beginning of the line."
+  (define done 0)
+
+  (define (report-progress)
+    (set! done (+ 1 done))
+    (unless (> done total)
+      (let* ((ratio (* 100. (/ done total))))
+        (erase-in-line port)
+        (if (string-null? prefix)
+            (display (progress-bar ratio (current-terminal-columns)) port)
+            (let ((width (- (current-terminal-columns)
+                            (string-length prefix) 3)))
+              (display prefix port)
+              (display "  " port)
+              (display (progress-bar ratio width) port)))
+        (force-output port))))
+
+  (progress-reporter
+   (start (lambda ()
+            (set! done 0)))
+   (report report-progress)
+   (stop (lambda ()
+           (erase-in-line port)
+           (unless (string-null? prefix)
+             (display prefix port)
+             (newline port))
+           (force-output port)))))
+
 ;; TODO: replace '(@ (guix build utils) dump-port))'.
 (define* (dump-port* in out
                      #:key (buffer-size 16384)
diff --git a/guix/records.scm b/guix/records.scm
index 1f00e16603..c02395f2ae 100644
--- a/guix/records.scm
+++ b/guix/records.scm
@@ -81,7 +81,7 @@ fields, and DELAYED is the list of identifiers of delayed fields."
                (record-error 'name s "extraneous field initializers ~a"
                              unexpected)))
 
-           #`(make-struct type 0
+           #`(make-struct/no-tail type
                           #,@(map (lambda (field index)
                                     (or (field-inherited-value field)
                                         (if (innate-field? field)
diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm
index 0d69218338..e1b7feecfa 100644
--- a/guix/scripts/environment.scm
+++ b/guix/scripts/environment.scm
@@ -586,7 +586,7 @@ message if any test fails."
                          store
                          (if bootstrap?
                              %bootstrap-guile
-                             (canonical-package guile-2.0)))))
+                             (canonical-package guile-2.2)))))
           (run-with-store store
             ;; Containers need a Bourne shell at /bin/sh.
             (mlet* %store-monad ((bash       (environment-bash container?
diff --git a/guix/scripts/lint.scm b/guix/scripts/lint.scm
index 8840b1acb5..1b43b0a63c 100644
--- a/guix/scripts/lint.scm
+++ b/guix/scripts/lint.scm
@@ -587,24 +587,49 @@ from ~a")
                                     (package-home-page package))
                     'home-page)))))
 
+(define %distro-directory
+  (dirname (search-path %load-path "gnu.scm")))
+
 (define (check-patch-file-names package)
   "Emit a warning if the patches requires by PACKAGE are badly named or if the
 patch could not be found."
   (guard (c ((message-condition? c)     ;raised by 'search-patch'
              (emit-warning package (condition-message c)
                            'patch-file-names)))
+    (define patches
+      (or (and=> (package-source package) origin-patches)
+          '()))
+
     (unless (every (match-lambda        ;patch starts with package name?
                      ((? string? patch)
                       (and=> (string-contains (basename patch)
                                               (package-name package))
                              zero?))
                      (_  #f))     ;must be an <origin> or something like that.
-                   (or (and=> (package-source package) origin-patches)
-                       '()))
+                   patches)
       (emit-warning
        package
        (G_ "file names of patches should start with the package name")
-       'patch-file-names))))
+       'patch-file-names))
+
+    ;; Check whether we're reaching tar's maximum file name length.
+    (let ((prefix (string-length %distro-directory))
+          (margin (string-length "guix-0.13.0-10-123456789/"))
+          (max    99))
+      (for-each (match-lambda
+                  ((? string? patch)
+                   (when (> (+ margin (if (string-prefix? %distro-directory
+                                                          patch)
+                                          (- (string-length patch) prefix)
+                                          (string-length patch)))
+                            max)
+                     (emit-warning
+                      package
+                      (format #f (G_ "~a: file name is too long")
+                              (basename patch))
+                      'patch-file-names)))
+                  (_ #f))
+                patches))))
 
 (define (escape-quotes str)
   "Replace any quote character in STR by an escaped quote character."
diff --git a/guix/scripts/offload.scm b/guix/scripts/offload.scm
index 6a2485a007..ebd0bf783d 100644
--- a/guix/scripts/offload.scm
+++ b/guix/scripts/offload.scm
@@ -118,7 +118,7 @@ determined."
   (catch #t
     (lambda ()
       ;; Avoid ABI incompatibility with the <build-machine> record.
-      (set! %fresh-auto-compile #t)
+      ;; (set! %fresh-auto-compile #t)
 
       (save-module-excursion
        (lambda ()
diff --git a/guix/scripts/package.scm b/guix/scripts/package.scm
index f972ca2ef7..0a4a07ae2a 100644
--- a/guix/scripts/package.scm
+++ b/guix/scripts/package.scm
@@ -49,7 +49,7 @@
   #:use-module (srfi srfi-37)
   #:use-module (gnu packages)
   #:autoload   (gnu packages base) (canonical-package)
-  #:autoload   (gnu packages guile) (guile-2.0)
+  #:autoload   (gnu packages guile) (guile-2.2)
   #:autoload   (gnu packages bootstrap) (%bootstrap-guile)
   #:export (build-and-use-profile
             delete-generations
@@ -918,5 +918,5 @@ processed, #f otherwise."
                              (%store)
                              (if (assoc-ref opts 'bootstrap?)
                                  %bootstrap-guile
-                                 (canonical-package guile-2.0)))))
+                                 (canonical-package guile-2.2)))))
               (process-actions (%store) opts)))))))
diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm
index 2400198000..be0c168444 100644
--- a/guix/scripts/pull.scm
+++ b/guix/scripts/pull.scm
@@ -25,7 +25,6 @@
   #:use-module (guix config)
   #:use-module (guix packages)
   #:use-module (guix derivations)
-  #:use-module (guix download)
   #:use-module (guix gexp)
   #:use-module (guix grafts)
   #:use-module (guix monads)
@@ -39,14 +38,9 @@
   #:use-module ((gnu packages bootstrap)
                 #:select (%bootstrap-guile))
   #:use-module ((gnu packages certs) #:select (le-certs))
-  #:use-module (gnu packages compression)
-  #:use-module (gnu packages gnupg)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-11)
-  #:use-module (srfi srfi-34)
-  #:use-module (srfi srfi-35)
   #:use-module (srfi srfi-37)
-  #:use-module (ice-9 ftw)
   #:use-module (ice-9 match)
   #:export (guix-pull))
 
@@ -281,7 +275,7 @@ certificates~%"))
                                 store
                                 (if (assoc-ref opts 'bootstrap?)
                                     %bootstrap-guile
-                                    (canonical-package guile-2.0)))))
+                                    (canonical-package guile-2.2)))))
                  (run-with-store store
                    (build-and-install checkout (config-directory)
                                       #:commit commit
diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm
index e50f1d8ac7..e2ff42693f 100644
--- a/guix/scripts/system.scm
+++ b/guix/scripts/system.scm
@@ -36,6 +36,8 @@
   #:use-module (guix graph)
   #:use-module (guix scripts graph)
   #:use-module (guix build utils)
+  #:use-module (guix progress)
+  #:use-module ((guix build syscalls) #:select (terminal-columns))
   #:use-module (gnu build install)
   #:autoload   (gnu build file-systems)
                  (find-partition-by-label find-partition-by-uuid)
@@ -107,47 +109,54 @@ BODY..., and restore them."
   (store-lift topologically-sorted))
 
 
-(define* (copy-item item target
+(define* (copy-item item references target
                     #:key (log-port (current-error-port)))
-  "Copy ITEM to the store under root directory TARGET and register it."
-  (mlet* %store-monad ((refs (references* item)))
-    (let ((dest  (string-append target item))
-          (state (string-append target "/var/guix")))
-      (format log-port "copying '~a'...~%" item)
-
-      ;; Remove DEST if it exists to make sure that (1) we do not fail badly
-      ;; while trying to overwrite it (see <http://bugs.gnu.org/20722>), and
-      ;; (2) we end up with the right contents.
-      (when (file-exists? dest)
-        (delete-file-recursively dest))
-
-      (copy-recursively item dest
-                        #:log (%make-void-port "w"))
-
-      ;; Register ITEM; as a side-effect, it resets timestamps, etc.
-      ;; Explicitly use "TARGET/var/guix" as the state directory, to avoid
-      ;; reproducing the user's current settings; see
-      ;; <http://bugs.gnu.org/18049>.
-      (unless (register-path item
-                             #:prefix target
-                             #:state-directory state
-                             #:references refs)
-        (leave (G_ "failed to register '~a' under '~a'~%")
-               item target))
-
-      (return #t))))
+  "Copy ITEM to the store under root directory TARGET and register it with
+REFERENCES as its set of references."
+  (let ((dest  (string-append target item))
+        (state (string-append target "/var/guix")))
+    (format log-port "copying '~a'...~%" item)
+
+    ;; Remove DEST if it exists to make sure that (1) we do not fail badly
+    ;; while trying to overwrite it (see <http://bugs.gnu.org/20722>), and
+    ;; (2) we end up with the right contents.
+    (when (file-exists? dest)
+      (delete-file-recursively dest))
+
+    (copy-recursively item dest
+                      #:log (%make-void-port "w"))
+
+    ;; Register ITEM; as a side-effect, it resets timestamps, etc.
+    ;; Explicitly use "TARGET/var/guix" as the state directory, to avoid
+    ;; reproducing the user's current settings; see
+    ;; <http://bugs.gnu.org/18049>.
+    (unless (register-path item
+                           #:prefix target
+                           #:state-directory state
+                           #:references references)
+      (leave (G_ "failed to register '~a' under '~a'~%")
+             item target))))
 
 (define* (copy-closure item target
                        #:key (log-port (current-error-port)))
   "Copy ITEM and all its dependencies to the store under root directory
 TARGET, and register them."
-  (mlet* %store-monad ((refs    (references* item))
-                       (to-copy (topologically-sorted*
-                                 (delete-duplicates (cons item refs)
-                                                    string=?))))
-    (sequence %store-monad
-              (map (cut copy-item <> target #:log-port log-port)
-                   to-copy))))
+  (mlet* %store-monad ((to-copy (topologically-sorted* (list item)))
+                       (refs    (mapm %store-monad references* to-copy)))
+    (define progress-bar
+      (progress-reporter/bar (length to-copy)
+                             (format #f (G_ "copying to '~a'...")
+                                     target)))
+
+    (call-with-progress-reporter progress-bar
+      (lambda (report)
+        (let ((void (%make-void-port "w")))
+          (for-each (lambda (item refs)
+                      (copy-item item refs target #:log-port void)
+                      (report))
+                    to-copy refs))))
+
+    (return *unspecified*)))
 
 (define* (install-bootloader installer-drv
                              #:key
@@ -667,7 +676,8 @@ and TARGET arguments."
     (gexp->file "bootloader-installer"
                 (with-imported-modules '((guix build utils))
                   #~(begin
-                      (use-modules (guix build utils))
+                      (use-modules (guix build utils)
+                                   (ice-9 binary-ports))
                       (#$installer #$bootloader #$device #$target))))))
 
 (define* (perform-action action os
@@ -1095,7 +1105,8 @@ argument list and OPTS is the option alist."
                                          parse-sub-command))
            (args     (option-arguments opts))
            (command  (assoc-ref opts 'action)))
-      (parameterize ((%graft? (assoc-ref opts 'graft?)))
+      (parameterize ((%graft? (assoc-ref opts 'graft?))
+                     (current-terminal-columns (terminal-columns)))
         (process-command command args opts)))))
 
 ;;; Local Variables:
diff --git a/guix/scripts/weather.scm b/guix/scripts/weather.scm
index 0d4a7fa26b..2e782e36ce 100644
--- a/guix/scripts/weather.scm
+++ b/guix/scripts/weather.scm
@@ -23,10 +23,11 @@
   #:use-module (guix packages)
   #:use-module (guix profiles)
   #:use-module (guix derivations)
+  #:use-module (guix progress)
   #:use-module (guix monads)
   #:use-module (guix store)
   #:use-module (guix grafts)
-  #:use-module (guix build syscalls)
+  #:use-module ((guix build syscalls) #:select (terminal-columns))
   #:use-module (guix scripts substitute)
   #:use-module (gnu packages)
   #:use-module (web uri)
@@ -48,42 +49,38 @@
                       (cons package result))))
                  '()))
 
+(define (call-with-progress-reporter reporter proc)
+  "This is a variant of 'call-with-progress-reporter' that works with monadic
+scope."
+  ;; TODO: Move to a more appropriate place.
+  (with-monad %store-monad
+    (start-progress-reporter! reporter)
+    (mlet* %store-monad ((report -> (lambda ()
+                                      (progress-reporter-report! reporter)))
+                         (result (proc report)))
+      (stop-progress-reporter! reporter)
+      (return result))))
+
 (define* (package-outputs packages
                           #:optional (system (%current-system)))
   "Return the list of outputs of all of PACKAGES for the given SYSTEM."
   (let ((packages (filter (cut supported-package? <> system) packages)))
-
-    (define update-progress!
-      (let ((total (length packages))
-            (done  0)
-            (width (max 10 (- (terminal-columns) 10))))
-        (lambda ()
-          (set! done (+ 1 done))
-          (let* ((ratio (/ done total 1.))
-                 (done  (inexact->exact (round (* width ratio))))
-                 (left  (- width done)))
-            (format (current-error-port) "~5,1f% [~a~a]\r"
-                    (* ratio 100.)
-                    (make-string done #\#)
-                    (make-string left #\space))
-            (when (>= done total)
-              (newline (current-error-port)))
-            (force-output (current-error-port))))))
-
     (format (current-error-port)
             (G_ "computing ~h package derivations for ~a...~%")
             (length packages) system)
 
-    (foldm %store-monad
-           (lambda (package result)
-             (mlet %store-monad ((drv (package->derivation package system
-                                                           #:graft? #f)))
-               (update-progress!)
-               (match (derivation->output-paths drv)
-                 (((names . items) ...)
-                  (return (append items result))))))
-           '()
-           packages)))
+    (call-with-progress-reporter (progress-reporter/bar (length packages))
+      (lambda (report)
+        (foldm %store-monad
+               (lambda (package result)
+                 (mlet %store-monad ((drv (package->derivation package system
+                                                               #:graft? #f)))
+                   (report)
+                   (match (derivation->output-paths drv)
+                     (((names . items) ...)
+                      (return (append items result))))))
+               '()
+               packages)))))
 
 (cond-expand
   (guile-2.2
@@ -204,31 +201,32 @@ Report the availability of substitutes.\n"))
 
 (define (guix-weather . args)
   (with-error-handling
-    (let* ((opts     (parse-command-line args %options
-                                         (list %default-options)
-                                         #:build-options? #f))
-           (urls     (assoc-ref opts 'substitute-urls))
-           (systems  (match (filter-map (match-lambda
-                                          (('system . system) system)
-                                          (_ #f))
-                                        opts)
-                       (() (list (%current-system)))
-                       (systems systems)))
-           (packages (let ((file (assoc-ref opts 'manifest)))
-                       (if file
-                           (load-manifest file)
-                           (all-packages))))
-           (items    (with-store store
-                       (parameterize ((%graft? #f))
-                         (concatenate
-                          (run-with-store store
-                            (mapm %store-monad
-                                  (lambda (system)
-                                    (package-outputs packages system))
-                                  systems)))))))
-      (for-each (lambda (server)
-                  (report-server-coverage server items))
-                urls))))
+    (parameterize ((current-terminal-columns (terminal-columns)))
+      (let* ((opts     (parse-command-line args %options
+                                           (list %default-options)
+                                           #:build-options? #f))
+             (urls     (assoc-ref opts 'substitute-urls))
+             (systems  (match (filter-map (match-lambda
+                                            (('system . system) system)
+                                            (_ #f))
+                                          opts)
+                         (() (list (%current-system)))
+                         (systems systems)))
+             (packages (let ((file (assoc-ref opts 'manifest)))
+                         (if file
+                             (load-manifest file)
+                             (all-packages))))
+             (items    (with-store store
+                         (parameterize ((%graft? #f))
+                           (concatenate
+                            (run-with-store store
+                              (mapm %store-monad
+                                    (lambda (system)
+                                      (package-outputs packages system))
+                                    systems)))))))
+        (for-each (lambda (server)
+                    (report-server-coverage server items))
+                  urls)))))
 
 ;;; Local Variables:
 ;;; eval: (put 'let/time 'scheme-indent-function 1)
diff --git a/guix/ssh.scm b/guix/ssh.scm
index 32cf6e464b..7b33ef5a3b 100644
--- a/guix/ssh.scm
+++ b/guix/ssh.scm
@@ -18,7 +18,7 @@
 
 (define-module (guix ssh)
   #:use-module (guix store)
-  #:use-module ((guix ui) #:select (G_ N_))
+  #:use-module (guix i18n)
   #:use-module (ssh session)
   #:use-module (ssh auth)
   #:use-module (ssh key)
diff --git a/guix/ui.scm b/guix/ui.scm
index 0fc5ab63ad..e40fe576ba 100644
--- a/guix/ui.scm
+++ b/guix/ui.scm
@@ -28,6 +28,7 @@
 (define-module (guix ui)
   #:use-module (guix i18n)
   #:use-module (guix gexp)
+  #:use-module (guix sets)
   #:use-module (guix utils)
   #:use-module (guix store)
   #:use-module (guix config)
@@ -194,7 +195,7 @@ messages."
   (catch #t
     (lambda ()
       ;; XXX: Force a recompilation to avoid ABI issues.
-      (set! %fresh-auto-compile #t)
+      ;; (set! %fresh-auto-compile #t)
       (set! %load-should-auto-compile #t)
 
       (save-module-excursion
@@ -253,8 +254,9 @@ VARIABLE and return it, or #f if none was found."
          (_ #t)))
       (_ #f)))
 
-  (let loop ((modules (list (resolve-module '() #f #f #:ensure #f)))
-             (suggestions '()))
+  (let loop ((modules     (list (resolve-module '() #f #f #:ensure #f)))
+             (suggestions '())
+             (visited     (setq)))
     (match modules
       (()
        ;; Pick the "best" suggestion.
@@ -262,16 +264,19 @@ VARIABLE and return it, or #f if none was found."
          (() #f)
          ((first _ ...) first)))
       ((head tail ...)
-       (let ((next (append tail
-                           (hash-map->list (lambda (name module)
-                                             module)
-                                           (module-submodules head)))))
-         (match (module-local-variable head variable)
-           (#f (loop next suggestions))
-           (_
-            (match (module-name head)
-              (('gnu _ ...) head)                 ;must be that one
-              (_ (loop next (cons head suggestions)))))))))))
+       (if (set-contains? visited head)
+           (loop tail suggestions visited)
+           (let ((visited (set-insert head visited))
+                 (next    (append tail
+                                  (hash-map->list (lambda (name module)
+                                                    module)
+                                                  (module-submodules head)))))
+             (match (module-local-variable head variable)
+               (#f (loop next suggestions visited))
+               (_
+                (match (module-name head)
+                  (('gnu _ ...) head)             ;must be that one
+                  (_ (loop next (cons head suggestions) visited)))))))))))
 
 (define* (display-hint message #:optional (port (current-error-port)))
   "Display MESSAGE, a l10n message possibly containing Texinfo markup, to
@@ -308,7 +313,7 @@ ARGS is the list of arguments received by the 'throw' handler."
        (#f
         (display-hint (G_ "Did you forget a @code{use-modules} form?")))
        (module
-        (display-hint (format #f (G_ "Try adding @code{(use-modules ~a)}.")
+        (display-hint (format #f (G_ "Did you forget @code{(use-modules ~a)}?")
                               (module-name module))))))
     (('srfi-34 obj)
      (if (message-condition? obj)
@@ -545,19 +550,24 @@ interpreted."
                                    (manifest-entry-version parent))
                      (report-parent-entries parent))))
 
-               (report-error (G_ "profile contains conflicting entries for ~a:~a~%")
+               (define (manifest-entry-output* entry)
+                 (match (manifest-entry-output entry)
+                   ("out"   "")
+                   (output (string-append ":" output))))
+
+               (report-error (G_ "profile contains conflicting entries for ~a~a~%")
                              (manifest-entry-name entry)
-                             (manifest-entry-output entry))
-               (report-error (G_ "  first entry: ~a@~a:~a ~a~%")
+                             (manifest-entry-output* entry))
+               (report-error (G_ "  first entry: ~a@~a~a ~a~%")
                              (manifest-entry-name entry)
                              (manifest-entry-version entry)
-                             (manifest-entry-output entry)
+                             (manifest-entry-output* entry)
                              (manifest-entry-item entry))
                (report-parent-entries entry)
-               (report-error (G_ "  second entry: ~a@~a:~a ~a~%")
+               (report-error (G_ "  second entry: ~a@~a~a ~a~%")
                              (manifest-entry-name conflict)
                              (manifest-entry-version conflict)
-                             (manifest-entry-output conflict)
+                             (manifest-entry-output* conflict)
                              (manifest-entry-item conflict))
                (report-parent-entries conflict)
                (exit 1)))
diff --git a/guix/utils.scm b/guix/utils.scm
index c0ffed172a..fed31f4ca4 100644
--- a/guix/utils.scm
+++ b/guix/utils.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -75,6 +76,7 @@
             %current-target-system
             package-name->name+version
             target-mingw?
+            target-arm32?
             version-compare
             version>?
             version>=?
@@ -467,6 +469,9 @@ a character other than '@'."
   (and target
        (string-suffix? "-mingw32" target)))
 
+(define (target-arm32?)
+  (string-prefix? "arm" (or (%current-target-system) (%current-system))))
+
 (define version-compare
   (let ((strverscmp
          (let ((sym (or (dynamic-func "strverscmp" (dynamic-link))
diff --git a/guix/zlib.scm b/guix/zlib.scm
index 955589ab48..3bd0ad86c9 100644
--- a/guix/zlib.scm
+++ b/guix/zlib.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -149,31 +149,6 @@ the number of uncompressed bytes written, a strictly positive integer."
   ;; Z_DEFAULT_COMPRESSION.
   -1)
 
-(define (close-procedure gzfile port)
-  "Return a procedure that closes GZFILE, ensuring its underlying PORT is
-closed even if closing GZFILE triggers an exception."
-  (let-syntax ((ignore-EBADF
-                (syntax-rules ()
-                  ((_ exp)
-                   (catch 'system-error
-                     (lambda ()
-                       exp)
-                     (lambda args
-                       (unless (= EBADF (system-error-errno args))
-                         (apply throw args))))))))
-
-    (lambda ()
-      (catch 'zlib-error
-        (lambda ()
-          ;; 'gzclose' closes the underlying file descriptor.  'close-port'
-          ;; calls close(2) and gets EBADF, which we swallow.
-          (gzclose gzfile)
-          (ignore-EBADF (close-port port)))
-        (lambda args
-          ;; Make sure PORT is closed despite the zlib error.
-          (ignore-EBADF (close-port port))
-          (apply throw args))))))
-
 (define* (make-gzip-input-port port #:key (buffer-size %default-buffer-size))
   "Return an input port that decompresses data read from PORT, a file port.
 PORT is automatically closed when the resulting port is closed.  BUFFER-SIZE
@@ -183,7 +158,14 @@ buffered input, which would be lost (and is lost anyway)."
   (define gzfile
     (match (drain-input port)
       (""                                         ;PORT's buffer is empty
-       (gzdopen (fileno port) "r"))
+       ;; 'gzclose' will eventually close the file descriptor beneath PORT.
+       ;; 'close-port' on PORT would get EBADF if 'gzclose' already closed it,
+       ;; so that's no good; revealed ports are no good either because they
+       ;; leak (see <https://bugs.gnu.org/28784>); calling 'close-port' after
+       ;; 'gzclose' doesn't work either because it leads to a race condition
+       ;; (see <https://bugs.gnu.org/29335>).  So we dup and close PORT right
+       ;; away.
+       (gzdopen (dup (fileno port)) "r"))
       (_
        ;; This is unrecoverable but it's better than having the buffered input
        ;; be lost, leading to unclear end-of-file or corrupt-data errors down
@@ -197,8 +179,10 @@ buffered input, which would be lost (and is lost anyway)."
   (unless (= buffer-size %default-buffer-size)
     (gzbuffer! gzfile buffer-size))
 
+  (close-port port)                               ;we no longer need it
   (make-custom-binary-input-port "gzip-input" read! #f #f
-                                 (close-procedure gzfile port)))
+                                 (lambda ()
+                                   (gzclose gzfile))))
 
 (define* (make-gzip-output-port port
                                 #:key
@@ -210,7 +194,7 @@ port is closed."
   (define gzfile
     (begin
       (force-output port)                         ;empty PORT's buffer
-      (gzdopen (fileno port)
+      (gzdopen (dup (fileno port))
                (string-append "w" (number->string level)))))
 
   (define (write! bv start count)
@@ -219,8 +203,10 @@ port is closed."
   (unless (= buffer-size %default-buffer-size)
     (gzbuffer! gzfile buffer-size))
 
+  (close-port port)
   (make-custom-binary-output-port "gzip-output" write! #f #f
-                                  (close-procedure gzfile port)))
+                                  (lambda ()
+                                    (gzclose gzfile))))
 
 (define* (call-with-gzip-input-port port proc
                                     #:key (buffer-size %default-buffer-size))
diff --git a/nix/scripts/list-runtime-roots.in b/nix/scripts/list-runtime-roots.in
index 511789a539..48a07edf5f 100644
--- a/nix/scripts/list-runtime-roots.in
+++ b/nix/scripts/list-runtime-roots.in
@@ -121,6 +121,7 @@ or the empty list."
                     (lambda args
                       (let ((err (system-error-errno args)))
                         (if (or (= ENOENT err)    ;TOCTTOU race
+                                (= ESRCH err)     ;ditto
                                 (= EACCES err))   ;not running as root
                             '()
                             (apply throw args)))))))
diff --git a/po/guix/fr.po b/po/guix/fr.po
index b566d58c0b..f9ae7d288e 100644
--- a/po/guix/fr.po
+++ b/po/guix/fr.po
@@ -3,6 +3,7 @@
 # This file is distributed under the same license as the guix package.
 # Rémy Chevalier <remychevalier@laposte.net>, 2013, 2014.
 # Frédéric Marchal <fmarchal@perso.be>, 2017
+# Julien Lepiller <julien@lepiller.eu>, 2017
 #
 # Note de Frédéric Marchal: Le nom « shepherd » est le nom d'un démon (voir
 # https://www.gnu.org/software/shepherd/). Je ne l'ai pas traduit dans les
@@ -10,11 +11,11 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: guix 0.13.0\n"
+"Project-Id-Version: guix 0.14.0\n"
 "Report-Msgid-Bugs-To: ludo@gnu.org\n"
-"POT-Creation-Date: 2017-05-10 23:29+0200\n"
-"PO-Revision-Date: 2017-05-11 19:11+0200\n"
-"Last-Translator: Frédéric Marchal <fmarchal@perso.be>\n"
+"POT-Creation-Date: 2017-11-28 08:56+0100\n"
+"PO-Revision-Date: 2017-11-30 13:46+0100\n"
+"Last-Translator: Julien Lepiller <julien@lepiller.eu>\n"
 "Language-Team: French <traduc@traduc.org>\n"
 "Language: fr\n"
 "MIME-Version: 1.0\n"
@@ -22,86 +23,127 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "X-Bugs: Report translation errors to the Language-Team address.\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"X-Generator: Poedit 2.0.3\n"
 
-#: gnu/packages.scm:90
+#: gnu.scm:82
+#, scheme-format
+msgid "module ~a not found"
+msgstr "module « ~a » introuvable"
+
+#: gnu.scm:100
+msgid ""
+"You may use @command{guix package --show=foo | grep location} to search\n"
+"for the location of package @code{foo}.\n"
+"If you get the line @code{location: gnu/packages/bar.scm:174:2},\n"
+"add @code{bar} to the @code{use-package-modules} form."
+msgstr ""
+"Vous pouvez utiliser @command{guix package --show=foo | grep location} pour\n"
+"chercher l'emplacement du paquet @code{foo}.\n"
+"Si vous voyez la ligne @code{location: gnu/packages/bar.scm:174:2},\n"
+"ajoutez @code{bar} dans @code{use-package-modules}."
+
+#: gnu.scm:108
+#, scheme-format
+msgid "Try adding @code{(use-package-modules ~a)}."
+msgstr "Essayez d'ajouter @code{(use-package-modules ~a)}."
+
+#: gnu.scm:123
+#, scheme-format
+msgid ""
+"You may use @command{guix system search ~a} to search for a service\n"
+"matching @code{~a}.\n"
+"If you get the line @code{location: gnu/services/foo.scm:188:2},\n"
+"add @code{foo} to the @code{use-service-modules} form."
+msgstr ""
+"Vous pouvez utiliser @commande{guix system search ~a} pour chercher un\n"
+"service qui correspond à @code{~a}.\n"
+"Si vous voyez la ligne @code{location: gnu/services/foo.scm:188:2},\n"
+"ajoutez @code{foo} dans @code{use-service-modules}."
+
+#: gnu.scm:132
+#, scheme-format
+msgid "Try adding @code{(use-service-modules ~a)}."
+msgstr "Essayez d'ajouter @code{(use-service-modules ~a)}."
+
+#: gnu/packages.scm:92
 #, scheme-format
 msgid "~a: patch not found"
-msgstr "~a: correctif introuvable"
+msgstr "~a : correctif introuvable"
 
-#: gnu/packages.scm:106
+#: gnu/packages.scm:108
 #, scheme-format
 msgid "could not find bootstrap binary '~a' for system '~a'"
 msgstr "impossible de trouver le binaire d'initialisation « ~a » pour le système « ~a »"
 
-#: gnu/packages.scm:236
+#: gnu/packages.scm:240
 #, scheme-format
 msgid "ambiguous package specification `~a'~%"
 msgstr "spécification du paquet « ~a » ambiguë~%"
 
-#: gnu/packages.scm:237
+#: gnu/packages.scm:241
 #, scheme-format
 msgid "choosing ~a@~a from ~a~%"
 msgstr "choix de ~a@~a parmi ~a~%"
 
-#: gnu/packages.scm:242 guix/scripts/package.scm:272
+#: gnu/packages.scm:246 guix/scripts/package.scm:271
 #, scheme-format
 msgid "package '~a' has been superseded by '~a'~%"
 msgstr "le paquet « ~a » a été remplacé par « ~a »~%"
 
-#: gnu/packages.scm:249
+#: gnu/packages.scm:253
 #, scheme-format
 msgid "~A: package not found for version ~a~%"
-msgstr "~A: paquet introuvable pour la version ~a~%"
+msgstr "~A : paquet introuvable pour la version ~a~%"
 
-#: gnu/packages.scm:250
+#: gnu/packages.scm:254
 #, scheme-format
 msgid "~A: unknown package~%"
-msgstr "~A: paquet inconnu~%"
+msgstr "~A : paquet inconnu~%"
 
-#: gnu/packages.scm:278
+#: gnu/packages.scm:282
 #, scheme-format
 msgid "package `~a' lacks output `~a'~%"
 msgstr "le paquet « ~a » requiert la sortie « ~a »~%"
 
-#: gnu/services.scm:186
+#: gnu/services.scm:235
 #, scheme-format
 msgid "~a: no value specified for service of type '~a'"
-msgstr "~a: aucune valeur spécifiée pour le service de type « ~a »"
+msgstr "~a : aucune valeur spécifiée pour le service de type « ~a »"
 
-#: gnu/services.scm:627
+#: gnu/services.scm:650
 #, scheme-format
-msgid "no target of type '~a' for service ~s"
-msgstr "pas de cible de type « ~a » pour le service ~s"
+msgid "no target of type '~a' for service '~a'"
+msgstr "pas de cible de type « ~a » pour le service « ~a »"
 
-#: gnu/services.scm:638 gnu/services.scm:699
+#: gnu/services.scm:662 gnu/services.scm:723
 #, scheme-format
 msgid "more than one target service of type '~a'"
 msgstr "plus d'un service cible de type « ~a »"
 
-#: gnu/services.scm:689
+#: gnu/services.scm:713
 #, scheme-format
 msgid "service of type '~a' not found"
 msgstr "service de type « ~a » pas trouvé"
 
-#: gnu/system.scm:270
+#: gnu/system.scm:305
 #, scheme-format
 msgid "unrecognized boot parameters for '~a'~%"
 msgstr "paramètres de démarrage non reconnus pour « ~a »~%"
 
-#: gnu/system.scm:633
+#: gnu/system.scm:695
 #, scheme-format
 msgid "using a string for file '~a' is deprecated; use 'plain-file' instead~%"
-msgstr "l'utilisation d'une chaîne pour le fichier « ~a » est dépréciée. Utilisez plutôt « plain-file »~%"
+msgstr "l'utilisation d'une chaîne pour le fichier « ~a » est obsolète. Utilisez plutôt « plain-file »~%"
 
-#: gnu/system.scm:649
+#: gnu/system.scm:711
 #, scheme-format
 msgid "using a monadic value for '~a' is deprecated; use 'plain-file' instead~%"
-msgstr "l'utilisation d'une valeur monadic pour « ~a » est dépréciée. Utilisez plutôt « plain-file »~%"
+msgstr "l'utilisation d'une valeur monadic pour « ~a » est obsolète. Utilisez plutôt « plain-file »~%"
 
-#: gnu/system.scm:791
+#: gnu/system.scm:856
 #, scheme-format
 msgid "~a: invalid locale name"
-msgstr "~a: nom d'environnement linguistique non valide"
+msgstr "~a : nom d'environnement linguistique non valide"
 
 #: gnu/services/shepherd.scm:166
 #, scheme-format
@@ -113,12 +155,12 @@ msgstr "service « ~a » fourni plus d'une fois"
 msgid "service '~a' requires '~a', which is not provided by any service"
 msgstr "le service « ~a » requiert « ~a » qui n'est fourni pas aucun service"
 
-#: gnu/system/shadow.scm:223
+#: gnu/system/shadow.scm:231
 #, scheme-format
 msgid "supplementary group '~a' of user '~a' is undeclared"
 msgstr "le groupe supplémentaire « ~a » de l'utilisateur « ~a » n'est pas déclaré"
 
-#: gnu/system/shadow.scm:233
+#: gnu/system/shadow.scm:241
 #, scheme-format
 msgid "primary group '~a' of user '~a' is undeclared"
 msgstr "le groupe primaire « ~a » de l'utilisateur « ~a » n'est pas déclaré"
@@ -126,24 +168,23 @@ msgstr "le groupe primaire « ~a » de l'utilisateur « ~a » n'est pas déc
 #: guix/scripts.scm:56
 #, scheme-format
 msgid "invalid argument: ~a~%"
-msgstr "argument non valide: ~a~%"
+msgstr "argument non valide : ~a~%"
 
-#: guix/scripts.scm:82 guix/scripts/download.scm:133 guix/scripts/gc.scm:164
+#: guix/scripts.scm:84 guix/scripts/download.scm:135
 #: guix/scripts/import/cran.scm:82 guix/scripts/import/elpa.scm:77
-#: guix/scripts/lint.scm:1061 guix/scripts/publish.scm:811
-#: guix/scripts/edit.scm:81 guix/scripts/graph.scm:456
+#: guix/scripts/publish.scm:844 guix/scripts/edit.scm:81
 #, scheme-format
 msgid "~A: unrecognized option~%"
-msgstr "~A: option non reconnue~%"
+msgstr "~A : option non reconnue~%"
 
-#: guix/scripts.scm:174
+#: guix/scripts.scm:179
 #, scheme-format
 msgid "Your Guix installation is ~a day old.\n"
 msgid_plural "Your Guix installation is ~a days old.\n"
 msgstr[0] "Votre installation Guix est vieille de ~a jour.\n"
 msgstr[1] "Votre installation Guix est vieille de ~a jours.\n"
 
-#: guix/scripts.scm:179
+#: guix/scripts.scm:184
 #, scheme-format
 msgid ""
 "Consider running 'guix pull' followed by\n"
@@ -155,12 +196,12 @@ msgstr ""
 #: guix/scripts/build.scm:124
 #, scheme-format
 msgid "failed to create GC root `~a': ~a~%"
-msgstr "impossible de créer la racine du GC « ~a »: ~a~%"
+msgstr "impossible de créer la racine du GC « ~a » : ~a~%"
 
 #: guix/scripts/build.scm:206
 #, scheme-format
 msgid "invalid replacement specification: ~s~%"
-msgstr "spécification de remplacement invalide: ~s~%"
+msgstr "spécification de remplacement invalide : ~s~%"
 
 #: guix/scripts/build.scm:263
 msgid ""
@@ -203,7 +244,7 @@ msgid ""
 "  -L, --load-path=DIR    prepend DIR to the package module search path"
 msgstr ""
 "\n"
-"  -L, --load-path=REP    préfixer le chemin de recherche par REP "
+"  -L, --load-path=REP    préfixer le chemin de recherche par REP"
 
 #: guix/scripts/build.scm:314
 msgid ""
@@ -245,7 +286,7 @@ msgstr ""
 "\n"
 "      --no-substitutes   compiler plutôt que recourir à des substituts pré-compilés"
 
-#: guix/scripts/build.scm:324 guix/scripts/size.scm:222
+#: guix/scripts/build.scm:324 guix/scripts/size.scm:232
 msgid ""
 "\n"
 "      --substitute-urls=URLS\n"
@@ -324,7 +365,7 @@ msgstr ""
 #: guix/scripts/build.scm:448 guix/scripts/build.scm:455
 #, scheme-format
 msgid "not a number: '~a' option argument: ~a~%"
-msgstr "pas un nombre: argument d'option « ~a »: ~a~%"
+msgstr "pas un nombre: argument d'option « ~a » : ~a~%"
 
 #: guix/scripts/build.scm:474
 msgid ""
@@ -332,7 +373,7 @@ msgid ""
 "Build the given PACKAGE-OR-DERIVATION and return their output paths.\n"
 msgstr ""
 "Usage: guix build [OPTION]... PAQUET-OU-DERIVATION...\n"
-"Compiler le PAQUET-OU-DERIVATION donné et retourner leur chemin de sortie.\n"
+"Compiler le PAQUET-OU-DERIVATION donné et retourner leurs chemins de sortie.\n"
 
 #: guix/scripts/build.scm:476
 msgid ""
@@ -370,7 +411,7 @@ msgstr ""
 "      --sources[=TYPE]   compiler les dérivations sources. TYPE peut optionnellement\n"
 "                         être « package », « all » (défaut) ou « transitive »"
 
-#: guix/scripts/build.scm:486 guix/scripts/pack.scm:330
+#: guix/scripts/build.scm:486 guix/scripts/pack.scm:338
 msgid ""
 "\n"
 "  -s, --system=SYSTEM    attempt to build for SYSTEM--e.g., \"i686-linux\""
@@ -378,7 +419,7 @@ msgstr ""
 "\n"
 "  -s, --system=SYSTÈME   essayer de compiler pour le SYSTÈME donné, par exemple « i686-linux »"
 
-#: guix/scripts/build.scm:488 guix/scripts/pack.scm:332
+#: guix/scripts/build.scm:488 guix/scripts/pack.scm:340
 msgid ""
 "\n"
 "      --target=TRIPLET   cross-build for TRIPLET--e.g., \"armel-linux-gnu\""
@@ -436,16 +477,17 @@ msgstr ""
 "\n"
 "      --log-file         retourner les fichiers de journalisation pour les dérivations données"
 
-#: guix/scripts/build.scm:508 guix/scripts/download.scm:81
-#: guix/scripts/package.scm:419 guix/scripts/gc.scm:74
+#: guix/scripts/build.scm:508 guix/scripts/download.scm:83
+#: guix/scripts/package.scm:425 guix/scripts/gc.scm:74
 #: guix/scripts/hash.scm:59 guix/scripts/import.scm:92
-#: guix/scripts/import/cran.scm:47 guix/scripts/pull.scm:94
-#: guix/scripts/substitute.scm:810 guix/scripts/system.scm:742
-#: guix/scripts/lint.scm:1010 guix/scripts/publish.scm:93
-#: guix/scripts/edit.scm:44 guix/scripts/size.scm:230
-#: guix/scripts/graph.scm:436 guix/scripts/challenge.scm:227
-#: guix/scripts/copy.scm:121 guix/scripts/pack.scm:341
-#: guix/scripts/container.scm:33 guix/scripts/container/exec.scm:43
+#: guix/scripts/import/cran.scm:47 guix/scripts/pull.scm:110
+#: guix/scripts/substitute.scm:889 guix/scripts/system.scm:870
+#: guix/scripts/lint.scm:1090 guix/scripts/publish.scm:94
+#: guix/scripts/edit.scm:44 guix/scripts/size.scm:243
+#: guix/scripts/graph.scm:432 guix/scripts/challenge.scm:241
+#: guix/scripts/copy.scm:122 guix/scripts/pack.scm:349
+#: guix/scripts/weather.scm:156 guix/scripts/container.scm:33
+#: guix/scripts/container/exec.scm:43
 msgid ""
 "\n"
 "  -h, --help             display this help and exit"
@@ -453,16 +495,17 @@ msgstr ""
 "\n"
 "  -h, --help             afficher cette aide et quitter"
 
-#: guix/scripts/build.scm:510 guix/scripts/download.scm:83
-#: guix/scripts/package.scm:421 guix/scripts/gc.scm:76
+#: guix/scripts/build.scm:510 guix/scripts/download.scm:85
+#: guix/scripts/package.scm:427 guix/scripts/gc.scm:76
 #: guix/scripts/hash.scm:61 guix/scripts/import.scm:94
-#: guix/scripts/import/cran.scm:49 guix/scripts/pull.scm:96
-#: guix/scripts/substitute.scm:812 guix/scripts/system.scm:744
-#: guix/scripts/lint.scm:1014 guix/scripts/publish.scm:95
-#: guix/scripts/edit.scm:46 guix/scripts/size.scm:232
-#: guix/scripts/graph.scm:438 guix/scripts/challenge.scm:229
-#: guix/scripts/copy.scm:123 guix/scripts/pack.scm:343
-#: guix/scripts/container.scm:35 guix/scripts/container/exec.scm:45
+#: guix/scripts/import/cran.scm:49 guix/scripts/pull.scm:112
+#: guix/scripts/substitute.scm:891 guix/scripts/system.scm:872
+#: guix/scripts/lint.scm:1094 guix/scripts/publish.scm:96
+#: guix/scripts/edit.scm:46 guix/scripts/size.scm:245
+#: guix/scripts/graph.scm:434 guix/scripts/challenge.scm:243
+#: guix/scripts/copy.scm:124 guix/scripts/pack.scm:351
+#: guix/scripts/weather.scm:158 guix/scripts/container.scm:35
+#: guix/scripts/container/exec.scm:45
 msgid ""
 "\n"
 "  -V, --version          display version information and exit"
@@ -476,30 +519,30 @@ msgid ""
 "invalid argument: '~a' option argument: ~a, ~\n"
 "must be one of 'package', 'all', or 'transitive'~%"
 msgstr ""
-"argument invalide: argument en option « ~a »: ~a, ~\n"
+"argument invalide: argument en option « ~a » : ~a, ~\n"
 "doit être « package », « all » ou « transitive »~%"
 
 #: guix/scripts/build.scm:590
 #, scheme-format
 msgid "~s: not something we can build~%"
-msgstr "~s: pas quelque chose qu'on sait compiler~%"
+msgstr "~s : pas quelque chose qu'on sait compiler~%"
 
 #: guix/scripts/build.scm:644
 #, scheme-format
 msgid "~a: warning: package '~a' has no source~%"
-msgstr "~a: attention: le paquet « ~a » n'a pas de source~%"
+msgstr "~a : attention : le paquet « ~a » n'a pas de source~%"
 
 #: guix/scripts/build.scm:678
 #, scheme-format
 msgid "no build log for '~a'~%"
 msgstr "aucun journal de compilation pour « ~a »~%"
 
-#: guix/discovery.scm:56
+#: guix/discovery.scm:88
 #, scheme-format
 msgid "cannot access `~a': ~a~%"
-msgstr "impossible d'accéder à « ~a »: ~a~%"
+msgstr "impossible d'accéder à « ~a » : ~a~%"
 
-#: guix/scripts/download.scm:67
+#: guix/scripts/download.scm:69
 msgid ""
 "Usage: guix download [OPTION] URL\n"
 "Download the file at URL to the store or to the given file, and print its\n"
@@ -513,10 +556,10 @@ msgstr ""
 "au fichier spécifié puis afficher son nom de fichier et l'empreinte de son\n"
 "contenu.\n"
 "\n"
-"Formats supportés: 'nix-base32' (défaut), 'base32', et 'base16'\n"
-"('hex' et 'hexadecimal' peuvent aussi être utilisés).\n"
+"Formats supportés : « nix-base32 » (par défaut), « base32 », et « base16 »\n"
+"(« hex » et « hexadecimal » peuvent aussi être utilisés).\n"
 
-#: guix/scripts/download.scm:73 guix/scripts/hash.scm:54
+#: guix/scripts/download.scm:75 guix/scripts/hash.scm:54
 msgid ""
 "\n"
 "  -f, --format=FMT       write the hash in the given format"
@@ -524,7 +567,7 @@ msgstr ""
 "\n"
 "  -f, --format=FORMAT    écrire l'empreinte dans le FORMAT donné"
 
-#: guix/scripts/download.scm:75
+#: guix/scripts/download.scm:77
 msgid ""
 "\n"
 "      --no-check-certificate\n"
@@ -532,9 +575,9 @@ msgid ""
 msgstr ""
 "\n"
 "      --no-check-certificate\n"
-"                         ne valide pas les certificats des serveurs HTTPS "
+"                         ne pas valider les certificats des serveurs HTTPS "
 
-#: guix/scripts/download.scm:78
+#: guix/scripts/download.scm:80
 msgid ""
 "\n"
 "  -o, --output=FILE      download to FILE"
@@ -542,99 +585,104 @@ msgstr ""
 "\n"
 "  -o, --output=FICHIER   télécharge dans le FICHIER"
 
-#: guix/scripts/download.scm:101 guix/scripts/hash.scm:82
+#: guix/scripts/download.scm:103 guix/scripts/hash.scm:82
 #, scheme-format
 msgid "unsupported hash format: ~a~%"
-msgstr "format d'empreinte non supporté: ~a~%"
+msgstr "format d'empreinte non supporté : ~a~%"
 
-#: guix/scripts/download.scm:136 guix/scripts/package.scm:882
-#: guix/scripts/publish.scm:813
+#: guix/scripts/download.scm:138 guix/scripts/package.scm:906
+#: guix/scripts/publish.scm:846
 #, scheme-format
 msgid "~A: extraneous argument~%"
-msgstr "~A: argument superflu~%"
+msgstr "~A : argument superflu~%"
 
-#: guix/scripts/download.scm:144
+#: guix/scripts/download.scm:146
 #, scheme-format
 msgid "no download URI was specified~%"
 msgstr "aucune URI de téléchargement spécifiée~%"
 
-#: guix/scripts/download.scm:146
+#: guix/scripts/download.scm:151
 #, scheme-format
 msgid "~a: failed to parse URI~%"
-msgstr "~a: impossible d'évaluer l'URI~%"
+msgstr "~a : impossible d'évaluer l'URI~%"
 
-#: guix/scripts/download.scm:156
+#: guix/scripts/download.scm:161
 #, scheme-format
 msgid "~a: download failed~%"
-msgstr "~a: le téléchargement a échoué~%"
+msgstr "~a : le téléchargement a échoué~%"
 
-#: guix/scripts/package.scm:107
+#: guix/scripts/package.scm:112
 #, scheme-format
 msgid "Try \"info '(guix) Invoking guix package'\" for more information.~%"
 msgstr "Essayez « info '(guix) Invoking guix package' » pour plus d'information.~%"
 
-#: guix/scripts/package.scm:129
+#: guix/scripts/package.scm:134
 #, scheme-format
 msgid "error: while creating directory `~a': ~a~%"
-msgstr "erreur: pendant la création du répertoire « ~a »: ~a~%"
+msgstr "erreur : pendant la création du répertoire « ~a » : ~a~%"
 
-#: guix/scripts/package.scm:133
+#: guix/scripts/package.scm:138
 #, scheme-format
 msgid "Please create the `~a' directory, with you as the owner.~%"
 msgstr "Veuillez créer le répertoire « ~a » dont vous êtes le propriétaire.~%"
 
-#: guix/scripts/package.scm:140
+#: guix/scripts/package.scm:145
 #, scheme-format
 msgid "error: directory `~a' is not owned by you~%"
-msgstr "erreur: vous ne possédez pas le répertoire « ~a »"
+msgstr "erreur : vous ne possédez pas le répertoire « ~a »~%"
 
-#: guix/scripts/package.scm:143
+#: guix/scripts/package.scm:148
 #, scheme-format
 msgid "Please change the owner of `~a' to user ~s.~%"
 msgstr "Veuillez définir ~s comme propriétaire de « ~a ».~%"
 
-#: guix/scripts/package.scm:178
+#: guix/scripts/package.scm:183
 #, scheme-format
 msgid "not removing generation ~a, which is current~%"
 msgstr "la génération ~a n'est pas supprimée car elle est actuelle~%"
 
-#: guix/scripts/package.scm:185
+#: guix/scripts/package.scm:190
 #, scheme-format
 msgid "no matching generation~%"
 msgstr "aucune génération correspondante~%"
 
-#: guix/scripts/package.scm:188 guix/scripts/package.scm:700
-#: guix/scripts/system.scm:530
+#: guix/scripts/package.scm:193 guix/scripts/package.scm:716
+#: guix/scripts/system.scm:558
 #, scheme-format
 msgid "invalid syntax: ~a~%"
-msgstr "syntaxe non valide: ~a~%"
+msgstr "syntaxe non valide : ~a~%"
 
-#: guix/scripts/package.scm:214
+#: guix/scripts/package.scm:219
 #, scheme-format
 msgid "nothing to be done~%"
 msgstr "aucune action à faire~%"
 
-#: guix/scripts/package.scm:228
+#: guix/scripts/package.scm:233
 #, scheme-format
 msgid "~a package in profile~%"
 msgid_plural "~a packages in profile~%"
 msgstr[0] "~a paquet dans le profile~%"
 msgstr[1] "~a paquets dans le profile~%"
 
-#: guix/scripts/package.scm:344
+#: guix/scripts/package.scm:313
+#, scheme-format
+msgid "package '~a' no longer exists~%"
+msgstr "le paquet « ~a » n'existe plus~%"
+
+#: guix/scripts/package.scm:351
 #, scheme-format
 msgid "The following environment variable definitions may be needed:~%"
-msgstr "Il pourrait être nécessaire de définir les variables d'environnement suivantes:~%"
+msgstr "Il pourrait être nécessaire de définir les variables d'environnement suivantes :~%"
 
-#: guix/scripts/package.scm:360
+#: guix/scripts/package.scm:366
 msgid ""
 "Usage: guix package [OPTION]...\n"
 "Install, remove, or upgrade packages in a single transaction.\n"
 msgstr ""
-"Usage: guix package [OPTION]...\n"
+"Usage : guix package [OPTION]...\n"
 "Installer, supprimer ou mettre à jour les paquets en une seule transaction.\n"
 
-#: guix/scripts/package.scm:362
+#: guix/scripts/package.scm:368
 msgid ""
 "\n"
 "  -i, --install PACKAGE ...\n"
@@ -642,9 +690,9 @@ msgid ""
 msgstr ""
 "\n"
 "  -i, --install=PAQUET ...\n"
-"                         installer PAQUETs"
+"                         installer les PAQUETs"
 
-#: guix/scripts/package.scm:365
+#: guix/scripts/package.scm:371
 msgid ""
 "\n"
 "  -e, --install-from-expression=EXP\n"
@@ -654,7 +702,7 @@ msgstr ""
 "  -e, --install-from-expression=EXP\n"
 "                         installer le paquet évalué par EXP"
 
-#: guix/scripts/package.scm:368
+#: guix/scripts/package.scm:374
 msgid ""
 "\n"
 "  -f, --install-from-file=FILE\n"
@@ -666,7 +714,7 @@ msgstr ""
 "                         installer le paquet évalué par le code dans\n"
 "                         FICHIER"
 
-#: guix/scripts/package.scm:372
+#: guix/scripts/package.scm:378
 msgid ""
 "\n"
 "  -r, --remove PACKAGE ...\n"
@@ -674,9 +722,9 @@ msgid ""
 msgstr ""
 "\n"
 "  -r, --remove=PAQUET ...\n"
-"                         supprimer PAQUETs"
+"                         supprimer les PAQUETs"
 
-#: guix/scripts/package.scm:375
+#: guix/scripts/package.scm:381
 msgid ""
 "\n"
 "  -u, --upgrade[=REGEXP] upgrade all the installed packages matching REGEXP"
@@ -684,7 +732,7 @@ msgstr ""
 "\n"
 "  -u, --upgrade[=REGEXP] mettre à jour tous les paquets installés correspondant à REGEXP"
 
-#: guix/scripts/package.scm:377
+#: guix/scripts/package.scm:383
 msgid ""
 "\n"
 "  -m, --manifest=FILE    create a new profile generation with the manifest\n"
@@ -694,7 +742,7 @@ msgstr ""
 "  -m, --manifest=FICHIER créer une nouvelle génération de profil avec le\n"
 "                         manifeste dans FICHIER"
 
-#: guix/scripts/package.scm:380
+#: guix/scripts/package.scm:386
 msgid ""
 "\n"
 "      --do-not-upgrade[=REGEXP] do not upgrade any packages matching REGEXP"
@@ -702,7 +750,7 @@ msgstr ""
 "\n"
 "      --do-not-upgrade[=REGEXP] ne pas mettre à jour les paquets correspondant à REGEXP"
 
-#: guix/scripts/package.scm:382
+#: guix/scripts/package.scm:388
 msgid ""
 "\n"
 "      --roll-back        roll back to the previous generation"
@@ -710,7 +758,7 @@ msgstr ""
 "\n"
 "      --roll-back        revenir à la génération antérieure"
 
-#: guix/scripts/package.scm:384
+#: guix/scripts/package.scm:390
 msgid ""
 "\n"
 "      --search-paths[=KIND]\n"
@@ -720,7 +768,7 @@ msgstr ""
 "      --search-paths=[GENRE]\n"
 "                         afficher les définitions de variables d'environnement requises"
 
-#: guix/scripts/package.scm:387
+#: guix/scripts/package.scm:393
 msgid ""
 "\n"
 "  -l, --list-generations[=PATTERN]\n"
@@ -730,7 +778,7 @@ msgstr ""
 "  -l, --list-generations[=MOTIF]\n"
 "                         lister les générations correspondant à MOTIF"
 
-#: guix/scripts/package.scm:390
+#: guix/scripts/package.scm:396
 msgid ""
 "\n"
 "  -d, --delete-generations[=PATTERN]\n"
@@ -740,7 +788,7 @@ msgstr ""
 "  -d, --delete-generations[=MOTIF]\n"
 "                         supprimer les générations correspondant à MOTIF"
 
-#: guix/scripts/package.scm:393
+#: guix/scripts/package.scm:399
 msgid ""
 "\n"
 "  -S, --switch-generation=PATTERN\n"
@@ -750,7 +798,7 @@ msgstr ""
 "  -S, --switch-generation=MOTIF\n"
 "                         basculer vers une génération correspondant à MOTIF"
 
-#: guix/scripts/package.scm:396
+#: guix/scripts/package.scm:402
 msgid ""
 "\n"
 "  -p, --profile=PROFILE  use PROFILE instead of the user's default profile"
@@ -758,7 +806,7 @@ msgstr ""
 "\n"
 "  -p, --profile=PROFIL   utiliser PROFIL au lieu du profil par défaut de l'utilisateur"
 
-#: guix/scripts/package.scm:399
+#: guix/scripts/package.scm:405
 msgid ""
 "\n"
 "      --bootstrap        use the bootstrap Guile to build the profile"
@@ -766,7 +814,7 @@ msgstr ""
 "\n"
 "      --bootstrap        utiliser le programme d'amorçage Guile pour compiler le profil"
 
-#: guix/scripts/package.scm:401 guix/scripts/pull.scm:86
+#: guix/scripts/package.scm:407 guix/scripts/pull.scm:98
 msgid ""
 "\n"
 "      --verbose          produce verbose output"
@@ -774,7 +822,7 @@ msgstr ""
 "\n"
 "      --verbose          produire une sortie verbeuse"
 
-#: guix/scripts/package.scm:404
+#: guix/scripts/package.scm:410
 msgid ""
 "\n"
 "  -s, --search=REGEXP    search in synopsis and description using REGEXP"
@@ -782,7 +830,7 @@ msgstr ""
 "\n"
 "  -s, --search=REGEXP    chercher dans le synopsis et la description en utilisant REGEXP"
 
-#: guix/scripts/package.scm:406
+#: guix/scripts/package.scm:412
 msgid ""
 "\n"
 "  -I, --list-installed[=REGEXP]\n"
@@ -792,7 +840,7 @@ msgstr ""
 "  -I, --list-installed[=REGEXP]\n"
 "                         lister les paquets installés correspondant à REGEXP"
 
-#: guix/scripts/package.scm:409
+#: guix/scripts/package.scm:415
 msgid ""
 "\n"
 "  -A, --list-available[=REGEXP]\n"
@@ -802,7 +850,7 @@ msgstr ""
 "  -A, --list-available[=REGEXP]\n"
 "                         lister les paquets disponibles correspondant à REGEXP"
 
-#: guix/scripts/package.scm:412
+#: guix/scripts/package.scm:418
 msgid ""
 "\n"
 "      --show=PACKAGE     show details about PACKAGE"
@@ -810,22 +858,32 @@ msgstr ""
 "\n"
 "      --show=PAQUET      montrer des détails du PAQUET"
 
-#: guix/scripts/package.scm:507
+#: guix/scripts/package.scm:470
+#, scheme-format
+msgid "upgrade regexp '~a' looks like a command-line option~%"
+msgstr "l'expression régulière « ~a » ressemble à une option de la ligne de commande~%"
+
+#: guix/scripts/package.scm:473
+#, scheme-format
+msgid "is this intended?~%"
+msgstr "est-ce intentionnel ?~%"
+
+#: guix/scripts/package.scm:518
 #, scheme-format
 msgid "~a: unsupported kind of search path~%"
-msgstr "~a: type de chemin de recherche non supporté~%"
+msgstr "~a : type de chemin de recherche non supporté~%"
 
-#: guix/scripts/package.scm:791
+#: guix/scripts/package.scm:815
 #, scheme-format
 msgid "cannot switch to generation '~a'~%"
 msgstr "impossible de passer à la génération « ~a »~%"
 
-#: guix/scripts/package.scm:807
+#: guix/scripts/package.scm:831
 #, scheme-format
 msgid "would install new manifest from '~a' with ~d entries~%"
 msgstr "installerait le nouveau manifeste depuis « ~a » avec ~d entrées~%"
 
-#: guix/scripts/package.scm:809
+#: guix/scripts/package.scm:833
 #, scheme-format
 msgid "installing new manifest from '~a' with ~d entries~%"
 msgstr "installation du nouveau manifeste depuis « ~a » avec ~d entrées~%"
@@ -835,8 +893,8 @@ msgid ""
 "Usage: guix gc [OPTION]... PATHS...\n"
 "Invoke the garbage collector.\n"
 msgstr ""
-"Usage: guix gc [OPTION]... CHEMINS...\n"
-"Appeler le garbage collector.\n"
+"Usage : guix gc [OPTION]... CHEMINS...\n"
+"Appeler le ramasse-miettes (GC).\n"
 
 #: guix/scripts/gc.scm:44
 msgid ""
@@ -846,7 +904,7 @@ msgid ""
 msgstr ""
 "\n"
 "  -C, --collect-garbage[=MIN]\n"
-"                         collecter au moins MIN octets dans le garbage-collector"
+"                         collecter au moins MIN octets dans le ramasse-miettes"
 
 #: guix/scripts/gc.scm:47
 msgid ""
@@ -854,7 +912,7 @@ msgid ""
 "  -F, --free-space=FREE  attempt to reach FREE available space in the store"
 msgstr ""
 "\n"
-"  -F, --free-space=LIBRE essayer d'atteindre LIBRE espace dans le stockage"
+"  -F, --free-space=LIBRE essayer d'atteindre LIBRE espace dans le dépôt"
 
 #: guix/scripts/gc.scm:49
 msgid ""
@@ -870,7 +928,7 @@ msgid ""
 "      --optimize         optimize the store by deduplicating identical files"
 msgstr ""
 "\n"
-"      --optimize         optimise le stockage en supprimant les doublons des fichiers identiques"
+"      --optimize         optimise le dépôt en supprimant les doublons des fichiers identiques"
 
 #: guix/scripts/gc.scm:53
 msgid ""
@@ -943,22 +1001,22 @@ msgstr ""
 #: guix/scripts/gc.scm:100
 #, scheme-format
 msgid "invalid amount of storage: ~a~%"
-msgstr "quantité de stockage non valide: ~a~%"
+msgstr "quantité de stockage non valide : ~a~%"
 
-#: guix/scripts/gc.scm:191
+#: guix/scripts/gc.scm:185
 msgid "already ~h bytes available on ~a, nothing to do~%"
 msgstr "déjà ~h octets disponibles sur ~a, rien à faire~%"
 
-#: guix/scripts/gc.scm:194
+#: guix/scripts/gc.scm:188
 msgid "freeing ~h bytes~%"
 msgstr "libération de ~h octets~%"
 
-#: guix/scripts/gc.scm:206
+#: guix/scripts/gc.scm:200
 #, scheme-format
 msgid "extraneous arguments: ~{~a ~}~%"
-msgstr "arguments superflus: ~{~a ~}~%"
+msgstr "arguments superflus : ~{~a ~}~%"
 
-#: guix/scripts/gc.scm:226 guix/scripts/gc.scm:229
+#: guix/scripts/gc.scm:220 guix/scripts/gc.scm:223
 msgid "freed ~h bytes~%"
 msgstr "~h octets libérés~%"
 
@@ -970,10 +1028,10 @@ msgid ""
 "Supported formats: 'nix-base32' (default), 'base32', and 'base16' ('hex'\n"
 "and 'hexadecimal' can be used as well).\n"
 msgstr ""
-"Usage: guix hash [OPTION] FICHIER\n"
+"Usage : guix hash [OPTION] FICHIER\n"
 "Retourner l'empreinte cryptographique du FICHIER.\n"
 "\n"
-"Formats supportés: « nix-base32 » (défaut), « base32 », et « base16 » (« hex »\n"
+"Formats supportés: « nix-base32 » (par défaut), « base32 », et « base16 » (« hex »\n"
 "et « hexadecimal » peuvent également être utilisés).\n"
 
 #: guix/scripts/hash.scm:52
@@ -992,18 +1050,13 @@ msgstr ""
 "\n"
 "  -r, --recursive        calculer l'empreinte de FICHIER de manière récursive"
 
-#: guix/scripts/hash.scm:109
-#, scheme-format
-msgid "unrecognized option: ~a~%"
-msgstr "option non reconnue: ~a~%"
-
-#: guix/scripts/hash.scm:155 guix/ui.scm:264 guix/ui.scm:498 guix/ui.scm:551
+#: guix/scripts/hash.scm:150 guix/ui.scm:326 guix/ui.scm:601 guix/ui.scm:654
 #, scheme-format
 msgid "~a~%"
 msgstr "~a~%"
 
-#: guix/scripts/hash.scm:158 guix/scripts/system.scm:879
-#: guix/scripts/system.scm:886 guix/scripts/system.scm:893
+#: guix/scripts/hash.scm:153 guix/scripts/system.scm:1022
+#: guix/scripts/system.scm:1031 guix/scripts/system.scm:1038
 #, scheme-format
 msgid "wrong number of arguments~%"
 msgstr "nombre d'arguments incorrect~%"
@@ -1013,7 +1066,7 @@ msgid ""
 "Usage: guix import IMPORTER ARGS ...\n"
 "Run IMPORTER with ARGS.\n"
 msgstr ""
-"Usage: guix import IMPORTEUR ARGS...\n"
+"Usage : guix import IMPORTATEUR ARGS...\n"
 "Lancer IMPORTATEUR avec ARGS.\n"
 
 #: guix/scripts/import.scm:89
@@ -1033,15 +1086,15 @@ msgstr "l'importateur « ~a » a échoué~%"
 #: guix/scripts/import.scm:124
 #, scheme-format
 msgid "~a: invalid importer~%"
-msgstr "~a: importateur non valide~%"
+msgstr "~a : importateur non valide~%"
 
 #: guix/scripts/import/cran.scm:43
 msgid ""
 "Usage: guix import cran PACKAGE-NAME\n"
 "Import and convert the CRAN package for PACKAGE-NAME.\n"
 msgstr ""
-"Usage: guix import cran PAQUET-NOM\n"
-"Importer et convertir le paquet CAN pour PAQUET-NOM.\n"
+"Usage : guix import cran NOM-DU-PAQUET\n"
+"Importer et convertir le paquet CAN pour NOM-DU-PAQUET.\n"
 
 #: guix/scripts/import/cran.scm:45
 msgid ""
@@ -1059,7 +1112,7 @@ msgstr "échec lors du téléchargement de la description du paquet « ~a »~%
 #: guix/scripts/import/cran.scm:112 guix/scripts/import/elpa.scm:95
 #, scheme-format
 msgid "too few arguments~%"
-msgstr "trop peux d'arguments~%"
+msgstr "trop peu d'arguments~%"
 
 #: guix/scripts/import/cran.scm:114 guix/scripts/import/elpa.scm:97
 #, scheme-format
@@ -1071,8 +1124,8 @@ msgid ""
 "Usage: guix import elpa PACKAGE-NAME\n"
 "Import the latest package named PACKAGE-NAME from an ELPA repository.\n"
 msgstr ""
-"Usage: guix import elpa PAQUET-NOM\n"
-"Importer le dernier paquet nommé PAQUET-NOM d'un dépôt ELPA.\n"
+"Usage : guix import elpa NOM-DU-PAQUET\n"
+"Importer le dernier paquet nommé NOM-DU-PAQUET d'un dépôt ELPA.\n"
 
 #: guix/scripts/import/elpa.scm:43
 msgid ""
@@ -1103,190 +1156,223 @@ msgstr ""
 msgid "failed to download package '~a'~%"
 msgstr "échec lors du téléchargement du paquet « ~a »~%"
 
-#: guix/scripts/pull.scm:84
+#: guix/scripts/pull.scm:60
+#, scheme-format
+msgid ""
+"Guile-Git is missing but it is now required by 'guix pull'.\n"
+"Install it by running:\n"
+"\n"
+"  guix package -i ~a\n"
+"  export GUILE_LOAD_PATH=$HOME/.guix-profile/share/guile/site/~a:$GUILE_LOAD_PATH\n"
+"  export GUILE_LOAD_COMPILED_PATH=$HOME/.guix-profile/lib/guile/~a/site-ccache:$GUILE_LOAD_COMPILED_PATH\n"
+"\n"
+msgstr ""
+"Il vous manque Guile-Git qui est désormais requis par « guix pull ».\n"
+"Installez-le en lançant :\n"
+"\n"
+"  guix package -i ~a\n"
+"  export GUILE_LOAD_PATH=$HOME/.guix-profile/share/guile/site/~a:$GUILE_LOAD_PATH\n"
+"  export GUILE_LOAD_COMPILED_PATH=$HOME/.guix-profile/lib/guile/~a/site-ccache:$GUILE_LOAD_COMPILED_PATH\n"
+"\n"
+
+#: guix/scripts/pull.scm:96
 msgid ""
 "Usage: guix pull [OPTION]...\n"
 "Download and deploy the latest version of Guix.\n"
 msgstr ""
-"Usage: guix pull [OPTION]...\n"
+"Usage : guix pull [OPTION]...\n"
 "Télécharger et déployer la dernière version de Guix.\n"
 
-#: guix/scripts/pull.scm:88
+#: guix/scripts/pull.scm:100
 msgid ""
 "\n"
-"      --url=URL          download the Guix tarball from URL"
+"      --url=URL          download from the Git repository at URL"
 msgstr ""
 "\n"
-"      --url=URL          télécharger le tarball de Guix depuis URL"
+"      --url=URL          télécharger le dépôt Git depuis URL"
 
-#: guix/scripts/pull.scm:90
+#: guix/scripts/pull.scm:102
 msgid ""
 "\n"
-"      --bootstrap        use the bootstrap Guile to build the new Guix"
+"      --commit=COMMIT    download the specified COMMIT"
 msgstr ""
 "\n"
-"      --bootstrap        utiliser le programme d'amorçage Guile pour compiler le nouveau Guix"
-
-#: guix/scripts/pull.scm:150
-msgid "tarball did not produce a single source directory"
-msgstr "la tarball n'a produit aucun répertoire source"
+"      --commit=COMMIT    télécharger le COMMIT indiqué"
 
-#: guix/scripts/pull.scm:168
-#, scheme-format
-msgid "unpacking '~a'...~%"
-msgstr "dépaquetage « ~a »...~%"
+#: guix/scripts/pull.scm:104
+msgid ""
+"\n"
+"      --branch=BRANCH    download the tip of the specified BRANCH"
+msgstr ""
+"\n"
+"      --branch=BRANCHE    télécharger le bout de la BRANCHE indiquée"
 
-#: guix/scripts/pull.scm:177
-msgid "failed to unpack source code"
-msgstr "échec du dépaquetage du code source"
+#: guix/scripts/pull.scm:106
+msgid ""
+"\n"
+"      --bootstrap        use the bootstrap Guile to build the new Guix"
+msgstr ""
+"\n"
+"      --bootstrap        utiliser le programme d'amorçage Guile pour compiler le nouveau Guix"
 
-#: guix/scripts/pull.scm:220
+#: guix/scripts/pull.scm:192
 msgid "Guix already up to date\n"
 msgstr "Guix est déjà à jour\n"
 
-#: guix/scripts/pull.scm:225
+#: guix/scripts/pull.scm:197
 #, scheme-format
 msgid "updated ~a successfully deployed under `~a'~%"
 msgstr "~a a été mis à jour et déployé avec succès sous « ~a »~%"
 
-#: guix/scripts/pull.scm:228
+#: guix/scripts/pull.scm:200
 #, scheme-format
 msgid "failed to update Guix, check the build log~%"
-msgstr "échec de la mise à jour de Guix; consultez le journal de compilation~%"
+msgstr "échec de la mise à jour de Guix ; consultez le journal de compilation~%"
 
-#: guix/scripts/pull.scm:255
-msgid "failed to download up-to-date source, exiting\n"
-msgstr "impossible de télécharger une source à jour; fin\n"
+#: guix/scripts/pull.scm:216
+#, scheme-format
+msgid "cannot enforce use of the Let's Encrypt certificates~%"
+msgstr "impossible d'imposer l'utilisation des certificats Let's Encrypt~%"
 
-#: guix/scripts/substitute.scm:114
+#: guix/scripts/pull.scm:218
+#, scheme-format
+msgid "please upgrade Guile-Git~%"
+msgstr "veuillez mettre à jour Guile-Git~%"
+
+#: guix/scripts/pull.scm:226
+#, scheme-format
+msgid "Git error ~a~%"
+msgstr "Erreur Git : ~a~%"
+
+#: guix/scripts/pull.scm:228
+#, scheme-format
+msgid "Git error: ~a~%"
+msgstr "Erreur Git : ~a~%"
+
+#: guix/scripts/pull.scm:262
+#, scheme-format
+msgid "Updating from Git repository at '~a'...~%"
+msgstr "Mise à jour depuis le dépôt Git « ~a »...~%"
+
+#: guix/scripts/pull.scm:271
+#, scheme-format
+msgid "Building from Git commit ~a...~%"
+msgstr "Construction depuis le commit Git « ~a »...~%"
+
+#: guix/scripts/substitute.scm:125
 #, scheme-format
 msgid "authentication and authorization of substitutes disabled!~%"
 msgstr "authentification et autorisation des substituts désactivées !~%"
 
-#: guix/scripts/substitute.scm:189
+#: guix/scripts/substitute.scm:200
 #, scheme-format
 msgid "download from '~a' failed: ~a, ~s~%"
-msgstr "le téléchargement depuis « ~a » a échoué: ~a, ~s~%"
+msgstr "le téléchargement depuis « ~a » a échoué : ~a, ~s~%"
 
-#: guix/scripts/substitute.scm:202
+#: guix/scripts/substitute.scm:213
 #, scheme-format
 msgid "while fetching ~a: server is somewhat slow~%"
-msgstr "pendant la récupération de ~a: le serveur est plutôt lent~%"
+msgstr "pendant la récupération de ~a : le serveur est plutôt lent~%"
 
-#: guix/scripts/substitute.scm:204
+#: guix/scripts/substitute.scm:215
 #, scheme-format
 msgid "try `--no-substitutes' if the problem persists~%"
 msgstr "essayez l'option « --no-substitutes » si le problème persiste~%"
 
-#: guix/scripts/substitute.scm:222
+#: guix/scripts/substitute.scm:233
 #, scheme-format
 msgid "unsupported substitute URI scheme: ~a~%"
-msgstr "schéma de substitution URI non supporté: ~a~%"
+msgstr "schéma de substitution URI non supporté : ~a~%"
 
-#: guix/scripts/substitute.scm:257
+#: guix/scripts/substitute.scm:268
 #, scheme-format
 msgid "while fetching '~a': ~a (~s)~%"
-msgstr "pendant la récupération de « ~a »: ~a (~s)~%"
+msgstr "pendant la récupération de « ~a » : ~a (~s)~%"
 
-#: guix/scripts/substitute.scm:262
+#: guix/scripts/substitute.scm:273
 #, scheme-format
 msgid "ignoring substitute server at '~s'~%"
 msgstr "ignore le serveur de substitution à « ~s »~%"
 
-#: guix/scripts/substitute.scm:312
+#: guix/scripts/substitute.scm:323
 #, scheme-format
 msgid "signature version must be a number: ~s~%"
 msgstr "la version de la signature doit être un nombre: ~s~%"
 
-#: guix/scripts/substitute.scm:316
+#: guix/scripts/substitute.scm:327
 #, scheme-format
 msgid "unsupported signature version: ~a~%"
-msgstr "version de signature non supportée: ~a~%"
+msgstr "version de signature non supportée : ~a~%"
 
-#: guix/scripts/substitute.scm:324
+#: guix/scripts/substitute.scm:335
 #, scheme-format
 msgid "signature is not a valid s-expression: ~s~%"
-msgstr "la signature n'est pas une s-expression valide: ~s~%"
+msgstr "la signature n'est pas une s-expression valide : ~s~%"
 
-#: guix/scripts/substitute.scm:328
+#: guix/scripts/substitute.scm:339
 #, scheme-format
 msgid "invalid format of the signature field: ~a~%"
-msgstr "format invalide du champ de signature: ~a~%"
+msgstr "format invalide du champ de signature : ~a~%"
 
-#: guix/scripts/substitute.scm:363
+#: guix/scripts/substitute.scm:374
 #, scheme-format
 msgid "invalid signature for '~a'~%"
 msgstr "signature non valide pour « ~a »~%"
 
-#: guix/scripts/substitute.scm:365
+#: guix/scripts/substitute.scm:376
 #, scheme-format
 msgid "hash mismatch for '~a'~%"
 msgstr "l'empreinte ne correspond pas pour « ~a »~%"
 
-#: guix/scripts/substitute.scm:367
+#: guix/scripts/substitute.scm:378
 #, scheme-format
 msgid "'~a' is signed with an unauthorized key~%"
 msgstr "« ~a » est signé avec une clé non autorisée~%"
 
-#: guix/scripts/substitute.scm:369
+#: guix/scripts/substitute.scm:380
 #, scheme-format
 msgid "signature on '~a' is corrupt~%"
 msgstr "la signature de « ~a » est corrompue~%"
 
-#: guix/scripts/substitute.scm:407
-#, scheme-format
-msgid "substitute at '~a' lacks a signature~%"
-msgstr "le substitut à « ~a » n'a pas de signature~%"
-
-#: guix/scripts/substitute.scm:414
-#, scheme-format
-msgid "Found valid signature for ~a~%"
-msgstr "Signature valide trouvée pour ~a~%"
-
-#: guix/scripts/substitute.scm:417
-#, scheme-format
-msgid "From ~a~%"
-msgstr "De ~a~%"
-
-#: guix/scripts/substitute.scm:451
+#: guix/scripts/substitute.scm:465
 #, scheme-format
 msgid "'~a' does not name a store item~%"
 msgstr "« ~a » ne nomme pas un élément du stockage~%"
 
-#: guix/scripts/substitute.scm:599
+#: guix/scripts/substitute.scm:629
 #, scheme-format
 msgid "updating list of substitutes from '~a'... ~5,1f%"
 msgstr "mise à jour de la liste des substituts depuis « ~a »... ~5,1f%"
 
-#: guix/scripts/substitute.scm:654
+#: guix/scripts/substitute.scm:693
 #, scheme-format
 msgid "~s: unsupported server URI scheme~%"
-msgstr "~s: schéma de URI serveur non supporté~%"
+msgstr "~s : schéma de URI serveur non supporté~%"
 
-#: guix/scripts/substitute.scm:664
+#: guix/scripts/substitute.scm:703
 #, scheme-format
 msgid "'~a' uses different store '~a'; ignoring it~%"
 msgstr "« ~a » utilise un stockage « ~a » différent. Il est ignoré~%"
 
-#: guix/scripts/substitute.scm:784
+#: guix/scripts/substitute.scm:863
 #, scheme-format
 msgid "host name lookup error: ~a~%"
-msgstr "erreur lors de la consultation du nom d'hôte: ~a~%"
+msgstr "erreur lors de la consultation du nom d'hôte : ~a~%"
 
-#: guix/scripts/substitute.scm:789
+#: guix/scripts/substitute.scm:868
 #, scheme-format
 msgid "TLS error in procedure '~a': ~a~%"
-msgstr "erreur TLS dans la procédure « ~a »: ~a~%"
+msgstr "Erreur TLS dans la procédure « ~a » : ~a~%"
 
-#: guix/scripts/substitute.scm:800
+#: guix/scripts/substitute.scm:879
 msgid ""
 "Usage: guix substitute [OPTION]...\n"
 "Internal tool to substitute a pre-built binary to a local build.\n"
 msgstr ""
-"Usage: guix substitute [OPTION]...\n"
+"Usage : guix substitute [OPTION]...\n"
 "Outil interne pour substituer un binaire pré-compilé à une compilation locale.\n"
 
-#: guix/scripts/substitute.scm:802
+#: guix/scripts/substitute.scm:881
 msgid ""
 "\n"
 "      --query            report on the availability of substitutes for the\n"
@@ -1297,7 +1383,7 @@ msgstr ""
 "                         noms de fichiers de dépôt passés sur l'entrée\n"
 "                         standard"
 
-#: guix/scripts/substitute.scm:805
+#: guix/scripts/substitute.scm:884
 msgid ""
 "\n"
 "      --substitute STORE-FILE DESTINATION\n"
@@ -1309,27 +1395,29 @@ msgstr ""
 "                         télécharger FICHIER-DÉPÔT et l'enregistrer comme un Nar\n"
 "                         dans le fichier DESTINATION"
 
-#. TRANSLATORS: The second part of this message looks like
-#. "(4.1MiB installed)"; it shows the size of the package once
-#. installed.
-#: guix/scripts/substitute.scm:878
+#: guix/scripts/substitute.scm:949
+#, scheme-format
+msgid "no valid substitute for '~a'~%"
+msgstr "pas de substitut valide pour « ~a »~%"
+
+#: guix/scripts/substitute.scm:956
 #, scheme-format
-msgid "Downloading ~a~:[~*~; (~a installed)~]...~%"
-msgstr "Téléchargement de ~a~:[~*~; (~a installé)~]...~%"
+msgid "Downloading ~a...~%"
+msgstr "Téléchargement de « ~a »...~%"
 
-#: guix/scripts/substitute.scm:935
+#: guix/scripts/substitute.scm:1012
 msgid "ACL for archive imports seems to be uninitialized, substitutes may be unavailable\n"
-msgstr "l'ACL pour l'import d'archives ne semble pas initialisée ; les substituts pourraient être indisponibles\n"
+msgstr "L'ACL pour l'import d'archives ne semble pas initialisée ; les substituts pourraient être indisponibles\n"
 
-#: guix/scripts/substitute.scm:985
+#: guix/scripts/substitute.scm:1066
 #, scheme-format
 msgid "~a: invalid URI~%"
-msgstr "~a: URI invalide~%"
+msgstr "~a : URI invalide~%"
 
-#: guix/scripts/substitute.scm:1043
+#: guix/scripts/substitute.scm:1126
 #, scheme-format
 msgid "~a: unrecognized options~%"
-msgstr "~a: options non reconnues~%"
+msgstr "~a : options non reconnues~%"
 
 #: guix/scripts/authenticate.scm:59
 #, scheme-format
@@ -1339,17 +1427,17 @@ msgstr "impossible de trouver la clé publique correspondant à la clé secrète
 #: guix/scripts/authenticate.scm:79
 #, scheme-format
 msgid "error: invalid signature: ~a~%"
-msgstr "erreur: signature non valide: ~a~%"
+msgstr "erreur : signature non valide: ~a~%"
 
 #: guix/scripts/authenticate.scm:81
 #, scheme-format
 msgid "error: unauthorized public key: ~a~%"
-msgstr "erreur: clé publique non autorisée: ~a~%"
+msgstr "erreur : clé publique non autorisée: ~a~%"
 
 #: guix/scripts/authenticate.scm:83
 #, scheme-format
 msgid "error: corrupt signature data: ~a~%"
-msgstr "erreur: signature corrompue: ~a~%"
+msgstr "erreur : signature corrompue : ~a~%"
 
 #: guix/scripts/authenticate.scm:121
 msgid ""
@@ -1357,211 +1445,225 @@ msgid ""
 "Sign or verify the signature on the given file.  This tool is meant to\n"
 "be used internally by 'guix-daemon'.\n"
 msgstr ""
-"Usage: guix authenticate OPTION...\n"
-"Signer ou vérifier la signature du fichier donné.  Cet outil est destiné\n"
+"Usage : guix authenticate OPTION...\n"
+"Signer ou vérifier la signature du fichier donné. Cet outil est destiné\n"
 "à être utilisé en interne par « guix-daemon ».\n"
 
 #: guix/scripts/authenticate.scm:127
 msgid "wrong arguments"
 msgstr "mauvais arguments"
 
-#: guix/scripts/system.scm:133
+#: guix/scripts/system.scm:135
 #, scheme-format
 msgid "failed to register '~a' under '~a'~%"
 msgstr "impossible d'enregistrer « ~a » sous « ~a »~%"
 
-#: guix/scripts/system.scm:166
+#: guix/scripts/system.scm:174
 #, scheme-format
-msgid "failed to install GRUB on device '~a'~%"
-msgstr "échec de l'installation de GRUB sur le périphérique « ~a »~%"
+msgid "failed to install bootloader ~a~%"
+msgstr "impossible d'installer le chargeur de démarrage : ~a~%"
 
-#: guix/scripts/system.scm:184
+#: guix/scripts/system.scm:194
 #, scheme-format
 msgid "initializing the current root file system~%"
 msgstr "initialisation du système de fichier racine courant~%"
 
-#: guix/scripts/system.scm:198
+#: guix/scripts/system.scm:208
 #, scheme-format
 msgid "not running as 'root', so the ownership of '~a' may be incorrect!~%"
 msgstr "n'est pas exécuté en tant que « root » donc le propriétaire de « ~a » pourrait être incorrect !~%"
 
-#: guix/scripts/system.scm:239
+#: guix/scripts/system.scm:253
 #, scheme-format
 msgid "while talking to shepherd: ~a~%"
-msgstr "en parlant à shepherd: ~a~%"
+msgstr "en parlant à shepherd : ~a~%"
 
-#: guix/scripts/system.scm:246
+#: guix/scripts/system.scm:260
 #, scheme-format
 msgid "service '~a' could not be found~%"
 msgstr "service: « ~a » introuvable~%"
 
-#: guix/scripts/system.scm:249
+#: guix/scripts/system.scm:263
 #, scheme-format
 msgid "service '~a' does not have an action '~a'~%"
 msgstr "le service « ~a » n'a pas d'action « ~a »~%"
 
-#: guix/scripts/system.scm:253
+#: guix/scripts/system.scm:267
 #, scheme-format
 msgid "exception caught while executing '~a' on service '~a':~%"
 msgstr "exception interceptée pendant l'exécution de « ~a » sur le service « ~a »:~%"
 
-#: guix/scripts/system.scm:261
+#: guix/scripts/system.scm:275
 #, scheme-format
 msgid "something went wrong: ~s~%"
-msgstr "quelque chose s'est mal passé: ~s~%"
+msgstr "quelque chose s'est mal passé : ~s~%"
 
-#: guix/scripts/system.scm:264
+#: guix/scripts/system.scm:278
 #, scheme-format
 msgid "shepherd error~%"
 msgstr "erreur de shepherd~%"
 
-#: guix/scripts/system.scm:281
+#: guix/scripts/system.scm:295
 #, scheme-format
 msgid "failed to obtain list of shepherd services~%"
 msgstr "erreur en essayant d'obtenir la liste des services de shepherd~%"
 
-#: guix/scripts/system.scm:301
+#: guix/scripts/system.scm:315
 #, scheme-format
 msgid "unloading service '~a'...~%"
 msgstr "déchargement du service « ~a »...~%"
 
-#: guix/scripts/system.scm:309
+#: guix/scripts/system.scm:323
 #, scheme-format
 msgid "loading new services:~{ ~a~}...~%"
-msgstr "Chargement des nouveaux services:~{ ~a~}...~%"
+msgstr "chargement des nouveaux services :~{ ~a~}...~%"
 
-#: guix/scripts/system.scm:333
+#: guix/scripts/system.scm:347
 #, scheme-format
 msgid "activating system...~%"
 msgstr "activation du système...~%"
 
-#: guix/scripts/system.scm:408
+#: guix/scripts/system.scm:423
 #, scheme-format
 msgid "cannot switch to system generation '~a'~%"
 msgstr "impossible de passer à la génération « ~a » du système~%"
 
-#: guix/scripts/system.scm:441
-#, scheme-format
-msgid "failed to re-install GRUB configuration file: '~a'~%"
-msgstr "échec à la ré-installation du fichier de configuration de GRUB: « ~a »~%"
-
-#: guix/scripts/system.scm:471
+#: guix/scripts/system.scm:494
 msgid "the DAG of services"
 msgstr "le graphe orienté acyclique (DAG) des services"
 
-#: guix/scripts/system.scm:484
+#: guix/scripts/system.scm:507
 msgid "the dependency graph of shepherd services"
 msgstr "le graphique des dépendances des services de shepherd"
 
-#: guix/scripts/system.scm:507
+#: guix/scripts/system.scm:531
 #, scheme-format
 msgid "  file name: ~a~%"
 msgstr "  nom de fichier: ~a~%"
 
-#: guix/scripts/system.scm:508
+#: guix/scripts/system.scm:532
 #, scheme-format
 msgid "  canonical file name: ~a~%"
-msgstr "  nom de fichier canonique: ~a~%"
+msgstr "  nom de fichier canonique : ~a~%"
 
 #. TRANSLATORS: Please preserve the two-space indentation.
-#: guix/scripts/system.scm:510
+#: guix/scripts/system.scm:534
 #, scheme-format
 msgid "  label: ~a~%"
-msgstr "  étiquette: ~a~%"
+msgstr "  étiquette : ~a~%"
 
-#: guix/scripts/system.scm:511
+#: guix/scripts/system.scm:535
+#, scheme-format
+msgid "  bootloader: ~a~%"
+msgstr "  chargeur de démarrage : ~a~%"
+
+#: guix/scripts/system.scm:536
 #, scheme-format
 msgid "  root device: ~a~%"
-msgstr "  périphérique racine: ~a~%"
+msgstr "  périphérique racine : ~a~%"
 
-#: guix/scripts/system.scm:512
+#: guix/scripts/system.scm:540
 #, scheme-format
 msgid "  kernel: ~a~%"
-msgstr "  noyau: ~a~%"
+msgstr "  noyau : ~a~%"
+
+#: guix/scripts/system.scm:600
+#, scheme-format
+msgid "~a: error: file system with label '~a' not found~%"
+msgstr "~a : erreur : le système de fichier étiqueté « ~a » est introuvable~%"
 
-#: guix/scripts/system.scm:569
+#: guix/scripts/system.scm:606
+#, scheme-format
+msgid "~a: error: file system with UUID '~a' not found~%"
+msgstr "~a : erreur : le système de fichier avec l'UUID « ~a » est introuvable~%"
+
+#: guix/scripts/system.scm:658
 #, scheme-format
 msgid "~a not found: 'guix pull' was never run~%"
-msgstr "~a pas trouvé: « guix pull » n'a jamais été exécuté~%"
+msgstr "~a pas trouvé : « guix pull » n'a jamais été exécuté~%"
 
-#: guix/scripts/system.scm:570
+#: guix/scripts/system.scm:659
 #, scheme-format
 msgid "Consider running 'guix pull' before 'reconfigure'.~%"
 msgstr "Envisagez d'exécuter « guix pull » avant « reconfigure ».~%"
 
-#: guix/scripts/system.scm:571
+#: guix/scripts/system.scm:660
 #, scheme-format
 msgid "Failing to do that may downgrade your system!~%"
 msgstr "Si vous ne le faites pas, votre système pourrait être amené à une version inférieure !~%"
 
-#: guix/scripts/system.scm:646
+#: guix/scripts/system.scm:767
 #, scheme-format
 msgid "initializing operating system under '~a'...~%"
 msgstr "initialisation du système d'exploitation sous « ~a »...~%"
 
-#: guix/scripts/system.scm:690
+#: guix/scripts/system.scm:812
 msgid ""
 "Usage: guix system [OPTION ...] ACTION [ARG ...] [FILE]\n"
 "Build the operating system declared in FILE according to ACTION.\n"
 "Some ACTIONS support additional ARGS.\n"
 msgstr ""
-"Usage: guix system [OPTION ...] ACTION [ARG ...] [FICHIER]\n"
+"Usage : guix system [OPTION ...] ACTION [ARG ...] [FICHIER]\n"
 "Compiler le système d'exploitation déclaré dans FICHER en suivant ACTION.\n"
 "Certaines ACTIONS supportent des ARGUMENTS supplémentaires.\n"
 
-#: guix/scripts/system.scm:694 guix/scripts/container.scm:28
+#: guix/scripts/system.scm:816 guix/scripts/container.scm:28
 msgid "The valid values for ACTION are:\n"
-msgstr "Les valeurs possibles pour ACTION sont:\n"
+msgstr "Les valeurs possibles pour ACTION sont :\n"
 
-#: guix/scripts/system.scm:696
+#: guix/scripts/system.scm:818
+msgid "   search           search for existing service types\n"
+msgstr "   search           chercher des types de services existants\n"
+
+#: guix/scripts/system.scm:820
 msgid "   reconfigure      switch to a new operating system configuration\n"
 msgstr "   reconfigure      basculer vers une nouvelle configuration du système d'exploitation\n"
 
-#: guix/scripts/system.scm:698
+#: guix/scripts/system.scm:822
 msgid "   roll-back        switch to the previous operating system configuration\n"
 msgstr "   roll-back        basculer vers la configuration du système d'exploitation précédente\n"
 
-#: guix/scripts/system.scm:700
+#: guix/scripts/system.scm:824
 msgid "   switch-generation switch to an existing operating system configuration\n"
 msgstr "   switch-generation basculer vers une configuration du système d'exploitation existante\n"
 
-#: guix/scripts/system.scm:702
+#: guix/scripts/system.scm:826
 msgid "   list-generations list the system generations\n"
 msgstr "   list-generations lister les générations du système\n"
 
-#: guix/scripts/system.scm:704
+#: guix/scripts/system.scm:828
 msgid "   build            build the operating system without installing anything\n"
 msgstr "   build            compiler le système d'exploitation sans rien installer\n"
 
-#: guix/scripts/system.scm:706
+#: guix/scripts/system.scm:830
 msgid "   container        build a container that shares the host's store\n"
-msgstr "   container        compiler un conteneur qui partage le stockage de l'hôte\n"
+msgstr "   container        compiler un conteneur qui partage le dépôt de l'hôte\n"
 
-#: guix/scripts/system.scm:708
+#: guix/scripts/system.scm:832
 msgid "   vm               build a virtual machine image that shares the host's store\n"
 msgstr "   vm               compiler une machine virtuelle partageant le dépôt de l'hôte\n"
 
-#: guix/scripts/system.scm:710
+#: guix/scripts/system.scm:834
 msgid "   vm-image         build a freestanding virtual machine image\n"
 msgstr "   vm-image         compiler une image autonome de machine virtuelle\n"
 
-#: guix/scripts/system.scm:712
+#: guix/scripts/system.scm:836
 msgid "   disk-image       build a disk image, suitable for a USB stick\n"
 msgstr "   disk-image       compiler une image disque adaptée pour une clé USB\n"
 
-#: guix/scripts/system.scm:714
+#: guix/scripts/system.scm:838
 msgid "   init             initialize a root file system to run GNU\n"
 msgstr "   init             initialiser un système de fichier racine pour lancer GNU.\n"
 
-#: guix/scripts/system.scm:716
+#: guix/scripts/system.scm:840
 msgid "   extension-graph  emit the service extension graph in Dot format\n"
-msgstr "   extension-graph  produire le graphique d'extension de service au format Dot\n"
+msgstr "   extension-graph  produire le graphique des extensions de service au format Dot\n"
 
-#: guix/scripts/system.scm:718
+#: guix/scripts/system.scm:842
 msgid "   shepherd-graph   emit the graph of shepherd services in Dot format\n"
 msgstr "   shepherd-graph   produire le graphique des services de shepherd au format Dot\n"
 
-#: guix/scripts/system.scm:722
+#: guix/scripts/system.scm:846
 msgid ""
 "\n"
 "  -d, --derivation       return the derivation of the given system"
@@ -1569,7 +1671,7 @@ msgstr ""
 "\n"
 "  -d, --derivation       retourner les dérivations pour le système donné"
 
-#: guix/scripts/system.scm:724
+#: guix/scripts/system.scm:848
 msgid ""
 "\n"
 "      --on-error=STRATEGY\n"
@@ -1579,7 +1681,19 @@ msgstr ""
 "      --on-error=STRATÉGIE\n"
 "                         appliquer la STRATÉGIE quand une erreur survient en lisant le FICHIER"
 
-#: guix/scripts/system.scm:727
+#: guix/scripts/system.scm:851
+msgid ""
+"\n"
+"      --file-system-type=TYPE\n"
+"                         for 'disk-image', produce a root file system of TYPE\n"
+"                         (one of 'ext4', 'iso9660')"
+msgstr ""
+"\n"
+"      --file-system-type=TYPE\n"
+"                         avec « disk-image », produit un système de fichiers racine de TYPE\n"
+"                         (parmis « ext4» et « iso9660 »)"
+
+#: guix/scripts/system.scm:855
 msgid ""
 "\n"
 "      --image-size=SIZE  for 'vm-image', produce an image of SIZE"
@@ -1588,7 +1702,7 @@ msgstr ""
 "      --image-size=TAILLE\n"
 "                         pour « vm-image », produire une image de TAILLE"
 
-#: guix/scripts/system.scm:729
+#: guix/scripts/system.scm:857
 msgid ""
 "\n"
 "      --no-bootloader    for 'init', do not install a bootloader"
@@ -1596,7 +1710,7 @@ msgstr ""
 "\n"
 "      --no-bootloader    pour « init », ne pas installer un chargeur de démarrage"
 
-#: guix/scripts/system.scm:731
+#: guix/scripts/system.scm:859
 msgid ""
 "\n"
 "      --share=SPEC       for 'vm', share host file system according to SPEC"
@@ -1605,7 +1719,7 @@ msgstr ""
 "      --share=SPEC       pour « vm », partager le système de fichiers hôte selon\n"
 "                         SPEC"
 
-#: guix/scripts/system.scm:733
+#: guix/scripts/system.scm:861
 msgid ""
 "\n"
 "  -r, --root=FILE        for 'vm', 'vm-image', 'disk-image', 'container',\n"
@@ -1618,7 +1732,7 @@ msgstr ""
 "                         sur le résultat et l'enregistrer en tant que racine du\n"
 "                         ramasse-miettes"
 
-#: guix/scripts/system.scm:737
+#: guix/scripts/system.scm:865
 msgid ""
 "\n"
 "      --expose=SPEC      for 'vm', expose host file system according to SPEC"
@@ -1627,7 +1741,7 @@ msgstr ""
 "      --expose=SPEC      pour « vm », exposer le système de fichiers hôte selon\n"
 "                         SPEC"
 
-#: guix/scripts/system.scm:739
+#: guix/scripts/system.scm:867
 msgid ""
 "\n"
 "      --full-boot        for 'vm', make a full boot sequence"
@@ -1635,45 +1749,49 @@ msgstr ""
 "\n"
 "      --full-boot        pour « vm », accomplir une séquence complète de démarrage"
 
-#: guix/scripts/system.scm:827
+#: guix/scripts/system.scm:959
 #, scheme-format
 msgid "no configuration file specified~%"
 msgstr "aucun fichier de configuration spécifié~%"
 
-#: guix/scripts/system.scm:912
+#: guix/scripts/system.scm:1057
 #, scheme-format
 msgid "~a: unknown action~%"
-msgstr "~a: action inconnue~%"
+msgstr "~a : action inconnue~%"
 
-#: guix/scripts/system.scm:927
+#: guix/scripts/system.scm:1072
 #, scheme-format
 msgid "wrong number of arguments for action '~a'~%"
 msgstr "nombre d'arguments incorrect pour l'action « ~a »~%"
 
-#: guix/scripts/system.scm:932
+#: guix/scripts/system.scm:1077
 #, scheme-format
 msgid "guix system: missing command name~%"
-msgstr "système guix: nom de commande manquant~%"
+msgstr "guix system : nom de commande manquant~%"
 
-#: guix/scripts/system.scm:934
+#: guix/scripts/system.scm:1079
 #, scheme-format
 msgid "Try 'guix system --help' for more information.~%"
 msgstr "Essayez « guix system --help » pour plus d'informations.~%"
 
-#: guix/scripts/lint.scm:135
+#: guix/scripts/system/search.scm:64 guix/ui.scm:1057 guix/ui.scm:1071
+msgid "unknown"
+msgstr "inconnu"
+
+#: guix/scripts/lint.scm:138
 #, scheme-format
 msgid "Available checkers:~%"
-msgstr "Vérificateurs disponibles:~%"
+msgstr "Vérificateurs disponibles :~%"
 
-#: guix/scripts/lint.scm:159
+#: guix/scripts/lint.scm:162
 msgid "description should not be empty"
 msgstr "la description ne devrait pas être vide"
 
-#: guix/scripts/lint.scm:169
+#: guix/scripts/lint.scm:172
 msgid "Texinfo markup in description is invalid"
-msgstr "l'utilisation de balises Texinfo dans la description est invalide"
+msgstr "lL'utilisation de balises Texinfo dans la description est invalide"
 
-#: guix/scripts/lint.scm:179
+#: guix/scripts/lint.scm:182
 #, scheme-format
 msgid ""
 "description should not contain ~\n"
@@ -1684,15 +1802,15 @@ msgstr ""
 
 #. TRANSLATORS: '@code' is Texinfo markup and must be kept
 #. as is.
-#: guix/scripts/lint.scm:192
+#: guix/scripts/lint.scm:195
 msgid "use @code or similar ornament instead of quotes"
 msgstr "utiliser @code ou une décoration similaire au lieu des guillemets"
 
-#: guix/scripts/lint.scm:199
+#: guix/scripts/lint.scm:202
 msgid "description should start with an upper-case letter or digit"
-msgstr "La description devrait commencer par une majuscule ou un chiffre"
+msgstr "la description devrait commencer par une majuscule ou un chiffre"
 
-#: guix/scripts/lint.scm:215
+#: guix/scripts/lint.scm:218
 #, scheme-format
 msgid ""
 "sentences in description should be followed ~\n"
@@ -1701,239 +1819,266 @@ msgstr ""
 "les phrases dans la description devraient être suivies ~\n"
 "par deux espaces. Infraction probable~p à ~{~a~^, ~}"
 
-#: guix/scripts/lint.scm:233
+#: guix/scripts/lint.scm:236
 #, scheme-format
 msgid "invalid description: ~s"
-msgstr "description invalide: ~s"
+msgstr "description invalide : ~s"
 
-#: guix/scripts/lint.scm:277
+#: guix/scripts/lint.scm:281
 #, scheme-format
 msgid "'~a' should probably be a native input"
 msgstr "« ~a » devrait sans doute être une entrée native"
 
-#: guix/scripts/lint.scm:293
+#: guix/scripts/lint.scm:297
 #, scheme-format
 msgid "'~a' should probably not be an input at all"
 msgstr "« ~a » ne devrait probablement pas être une entrée du tout"
 
-#: guix/scripts/lint.scm:310
+#: guix/scripts/lint.scm:314
 msgid "synopsis should not be empty"
 msgstr "le synopsis ne devrait pas être vide"
 
-#: guix/scripts/lint.scm:318
+#: guix/scripts/lint.scm:322
 msgid "no period allowed at the end of the synopsis"
 msgstr "un point n'est pas autorisé à la fin du synopsis"
 
-#: guix/scripts/lint.scm:330
+#: guix/scripts/lint.scm:334
 msgid "no article allowed at the beginning of the synopsis"
 msgstr "les articles ne sont pas permis au début du synopsis"
 
-#: guix/scripts/lint.scm:337
+#: guix/scripts/lint.scm:341
 msgid "synopsis should be less than 80 characters long"
 msgstr "le synopsis devrait être plus court que 80 caractères"
 
-#: guix/scripts/lint.scm:343
+#: guix/scripts/lint.scm:347
 msgid "synopsis should start with an upper-case letter or digit"
 msgstr "le synopsis devrait commencer par une majuscule ou un chiffre"
 
-#: guix/scripts/lint.scm:350
+#: guix/scripts/lint.scm:354
 msgid "synopsis should not start with the package name"
 msgstr "le synopsis ne devrait pas commencer par un nom de paquet"
 
-#: guix/scripts/lint.scm:360
+#: guix/scripts/lint.scm:364
 msgid "Texinfo markup in synopsis is invalid"
-msgstr "la balise Texinfo dans le synopsis est invalide"
+msgstr "La balise Texinfo dans le synopsis est invalide"
 
-#: guix/scripts/lint.scm:379
+#: guix/scripts/lint.scm:383
 #, scheme-format
 msgid "invalid synopsis: ~s"
-msgstr "synopsis non valide: ~s"
+msgstr "synopsis non valide : ~s"
 
-#: guix/scripts/lint.scm:479
+#: guix/scripts/lint.scm:502
 #, scheme-format
 msgid "URI ~a returned suspiciously small file (~a bytes)"
-msgstr "l'URI ~a a renvoyé un fichier étrangement petit (~a octets)"
+msgstr "L'URI ~a a renvoyé un fichier étrangement petit (~a octets)"
+
+#: guix/scripts/lint.scm:512
+#, scheme-format
+msgid "permanent redirect from ~a to ~a"
+msgstr "redirection permanente de ~a vers ~a"
+
+#: guix/scripts/lint.scm:519
+#, scheme-format
+msgid "invalid permanent redirect from ~a"
+msgstr "redirection permanente invalide : ~a"
 
-#: guix/scripts/lint.scm:488 guix/scripts/lint.scm:500
+#: guix/scripts/lint.scm:526 guix/scripts/lint.scm:538
 #, scheme-format
 msgid "URI ~a not reachable: ~a (~s)"
-msgstr "l'URI ~a n'a pu être atteinte: ~a (~s)"
+msgstr "L'URI ~a n'a pu être atteinte : ~a (~s)"
 
-#: guix/scripts/lint.scm:507
+#: guix/scripts/lint.scm:545
 #, scheme-format
 msgid "URI ~a domain not found: ~a"
-msgstr "le domaine de l'URI ~a pas trouvé: ~a"
+msgstr "Le domaine de l'URI ~a n'a pas été trouvé : ~a"
 
-#: guix/scripts/lint.scm:515
+#: guix/scripts/lint.scm:553
 #, scheme-format
 msgid "URI ~a unreachable: ~a"
-msgstr "l'URI ~a n'a pu être atteinte: ~a"
+msgstr "L'URI ~a n'a pu être atteinte : ~a"
 
-#: guix/scripts/lint.scm:524 guix/scripts/lint.scm:780
+#: guix/scripts/lint.scm:562
 #, scheme-format
 msgid "TLS certificate error: ~a"
-msgstr "erreur de certificat TLS: ~a"
+msgstr "Erreur de certificat TLS : ~a"
 
-#: guix/scripts/lint.scm:545
+#: guix/scripts/lint.scm:583
 msgid "invalid value for home page"
 msgstr "valeur invalide pour la page d'accueil"
 
-#: guix/scripts/lint.scm:548
+#: guix/scripts/lint.scm:586
 #, scheme-format
 msgid "invalid home page URL: ~s"
-msgstr "URL de la page d'accueil invalide: ~s"
+msgstr "URL de la page d'accueil invalide : ~s"
 
-#: guix/scripts/lint.scm:568
+#: guix/scripts/lint.scm:606
 msgid "file names of patches should start with the package name"
 msgstr "les noms de fichiers des correctifs devraient commencer par le nom du paquet"
 
-#: guix/scripts/lint.scm:606
+#: guix/scripts/lint.scm:644
 #, scheme-format
 msgid "~a: ~a: proposed synopsis: ~s~%"
-msgstr "~a: ~a: synopsis proposé: ~s~%"
+msgstr "~a : ~a : synopsis proposé : ~s~%"
 
-#: guix/scripts/lint.scm:619
+#: guix/scripts/lint.scm:657
 #, scheme-format
 msgid "~a: ~a: proposed description:~%     \"~a\"~%"
-msgstr "~a: ~a: description proposée:~%     « ~a »~%"
+msgstr "~a : ~a : description proposée :~%     « ~a »~%"
 
-#: guix/scripts/lint.scm:661
+#: guix/scripts/lint.scm:699
 msgid "all the source URIs are unreachable:"
-msgstr "toutes les URI sources sont inatteignables:"
+msgstr "toutes les URI sources sont inatteignables :"
 
-#: guix/scripts/lint.scm:684
+#: guix/scripts/lint.scm:721
 msgid "the source file name should contain the package name"
 msgstr "le nom du fichier source devrait contenir le nom du paquet"
 
-#: guix/scripts/lint.scm:700
+#: guix/scripts/lint.scm:737
 #, scheme-format
 msgid "URL should be 'mirror://~a/~a'"
-msgstr "l'URL devrait être « mirror://~a/~a »"
+msgstr "L'URL devrait être « mirror://~a/~a »"
 
-#: guix/scripts/lint.scm:718 guix/scripts/lint.scm:722
+#: guix/scripts/lint.scm:755 guix/scripts/lint.scm:759
 #, scheme-format
 msgid "failed to create derivation: ~a"
-msgstr "échec à la création de la dérivation: ~a"
+msgstr "échec à la création de la dérivation : ~a"
 
-#: guix/scripts/lint.scm:736
+#: guix/scripts/lint.scm:773
 #, scheme-format
 msgid "failed to create derivation: ~s~%"
-msgstr "échec à la création de la dérivation: ~s~%"
+msgstr "échec à la création de la dérivation : ~s~%"
 
-#: guix/scripts/lint.scm:746
+#: guix/scripts/lint.scm:783
 msgid "invalid license field"
 msgstr "champ de licence invalide"
 
-#: guix/scripts/lint.scm:763
+#: guix/scripts/lint.scm:799
 #, scheme-format
-msgid "failed to retrieve CVE vulnerabilities from ~s: ~a (~s)~%"
-msgstr "échec de récupération des vulnérabilités CVE depuis ~s: ~a (~s)~%"
+msgid "~a: HTTP GET error for ~a: ~a (~s)~%"
+msgstr "~a : erreur HTTP GET pour ~a : ~a (~s)~%"
 
-#: guix/scripts/lint.scm:768 guix/scripts/lint.scm:777
-#: guix/scripts/lint.scm:782
+#: guix/scripts/lint.scm:809
 #, scheme-format
-msgid "assuming no CVE vulnerabilities~%"
-msgstr "on suppose qu'il n'y a pas de vulnérabilités CVE~%"
+msgid "~a: host lookup failure: ~a~%"
+msgstr "~a : erreur lors de la consultation du nom d'hôte : ~a~%"
 
-#: guix/scripts/lint.scm:775
+#: guix/scripts/lint.scm:814
 #, scheme-format
-msgid "failed to lookup NIST host: ~a~%"
-msgstr "impossible de trouver l'hôte NIST: ~a~%"
+msgid "~a: TLS certificate error: ~a"
+msgstr "~a : erreur de certificat TLS : ~a"
+
+#: guix/scripts/lint.scm:829
+msgid "while retrieving CVE vulnerabilities"
+msgstr "pendant la récupération des vulnérabilités CVE"
 
-#: guix/scripts/lint.scm:820
+#: guix/scripts/lint.scm:866
 #, scheme-format
 msgid "probably vulnerable to ~a"
 msgstr "probablement vulnérable à ~a"
 
-#: guix/scripts/lint.scm:835
+#: guix/scripts/lint.scm:873
+#, scheme-format
+msgid "while retrieving upstream info for '~a'"
+msgstr "pendant la récupération des informations en amont de « ~a »"
+
+#: guix/scripts/lint.scm:881
+#, scheme-format
+msgid "can be upgraded to ~a"
+msgstr "peut être mis à jour vers ~a"
+
+#: guix/scripts/lint.scm:896
 #, scheme-format
 msgid "tabulation on line ~a, column ~a"
 msgstr "tabulation à la ligne ~a, colonne ~a"
 
-#: guix/scripts/lint.scm:844
+#: guix/scripts/lint.scm:905
 #, scheme-format
 msgid "trailing white space on line ~a"
 msgstr "espace à la fin de la ligne ~a"
 
-#: guix/scripts/lint.scm:854
+#: guix/scripts/lint.scm:915
 #, scheme-format
 msgid "line ~a is way too long (~a characters)"
 msgstr "la ligne ~a est beaucoup trop longue (~a caractères)"
 
-#: guix/scripts/lint.scm:865
+#: guix/scripts/lint.scm:926
 #, scheme-format
 msgid "line ~a: parentheses feel lonely, move to the previous or next line"
-msgstr "ligne ~a: des parenthèses se sentent seules. À déplacer à la ligne suivante ou précédente"
+msgstr "ligne ~a : des parenthèses se sentent seules. À déplacer à la ligne suivante ou précédente"
 
-#: guix/scripts/lint.scm:920
+#: guix/scripts/lint.scm:996
 msgid "Validate package descriptions"
 msgstr "Valider des descriptions de paquets"
 
-#: guix/scripts/lint.scm:924
+#: guix/scripts/lint.scm:1000
 msgid "Validate synopsis & description of GNU packages"
 msgstr "Valider le synopsis et la description de paquets GNU"
 
-#: guix/scripts/lint.scm:928
+#: guix/scripts/lint.scm:1004
 msgid "Identify inputs that should be native inputs"
 msgstr "Identifier les entrées qui devraient être natives"
 
-#: guix/scripts/lint.scm:932
+#: guix/scripts/lint.scm:1008
 msgid "Identify inputs that should be inputs at all"
 msgstr "Identifier les entrées qui devraient être des entrées"
 
-#: guix/scripts/lint.scm:936
+#: guix/scripts/lint.scm:1012
 msgid "Validate file names and availability of patches"
 msgstr "Valider les noms de fichiers et la disponibilité de correctifs"
 
-#: guix/scripts/lint.scm:940
+#: guix/scripts/lint.scm:1016
 msgid "Validate home-page URLs"
 msgstr "Valider les URL des pages d'accueil"
 
 #. TRANSLATORS: <license> is the name of a data type and must not be
 #. translated.
-#: guix/scripts/lint.scm:946
+#: guix/scripts/lint.scm:1022
 msgid "Make sure the 'license' field is a <license> or a list thereof"
 msgstr "Assurez vous que le champ « licence » est une <licence> ou une telle liste"
 
-#: guix/scripts/lint.scm:951
+#: guix/scripts/lint.scm:1027
 msgid "Validate source URLs"
 msgstr "Valider les URL sources"
 
-#: guix/scripts/lint.scm:955
+#: guix/scripts/lint.scm:1031
 msgid "Suggest 'mirror://' URLs"
 msgstr "Suggérer les URLs « mirror:// »"
 
-#: guix/scripts/lint.scm:959
+#: guix/scripts/lint.scm:1035
 msgid "Validate file names of sources"
 msgstr "Valider les noms des fichiers des sources"
 
-#: guix/scripts/lint.scm:963
+#: guix/scripts/lint.scm:1039
 msgid "Report failure to compile a package to a derivation"
 msgstr "Signaler l'échec de la compilation d'un paquet d'une dérivation"
 
-#: guix/scripts/lint.scm:967
+#: guix/scripts/lint.scm:1043
 msgid "Validate package synopses"
 msgstr "Valider les synopsis des paquets"
 
-#: guix/scripts/lint.scm:971
+#: guix/scripts/lint.scm:1047
 msgid "Check the Common Vulnerabilities and Exposures (CVE) database"
 msgstr "Vérifier la base de données des vulnérabilités et failles connues (CVE)"
 
-#: guix/scripts/lint.scm:976
+#: guix/scripts/lint.scm:1052
+msgid "Check the package for new upstream releases"
+msgstr "Vérifier s'il y a une nouvelle version en amont pour le paquet"
+
+#: guix/scripts/lint.scm:1056
 msgid "Look for formatting issues in the source"
 msgstr "Rechercher des problèmes de format dans la source"
 
-#: guix/scripts/lint.scm:1004
+#: guix/scripts/lint.scm:1084
 msgid ""
 "Usage: guix lint [OPTION]... [PACKAGE]...\n"
 "Run a set of checkers on the specified package; if none is specified,\n"
 "run the checkers on all packages.\n"
 msgstr ""
-"Usage: guix lint [OPTION]... [PAQUET]...\n"
-"Lancer un ensemble de vérificateurs sur le paquet spécifié; si aucun n'est spécifié,\n"
+"Usage : guix lint [OPTION]... [PAQUET]...\n"
+"Lancer un ensemble de vérificateurs sur le paquet spécifié ; si aucun n'est spécifié,\n"
 "lancer les vérificateurs sur tous les paquets.\n"
 
-#: guix/scripts/lint.scm:1007
+#: guix/scripts/lint.scm:1087
 msgid ""
 "\n"
 "  -c, --checkers=CHECKER1,CHECKER2...\n"
@@ -1943,7 +2088,7 @@ msgstr ""
 "  -c, --checkers=CHECKER1,CHECKER2...\n"
 "                         lancer uniquement les vérificateurs spécifiés"
 
-#: guix/scripts/lint.scm:1012
+#: guix/scripts/lint.scm:1092
 msgid ""
 "\n"
 "  -l, --list-checkers    display the list of available lint checkers"
@@ -1951,21 +2096,21 @@ msgstr ""
 "\n"
 "  -l, --list-checkers    afficher la liste des vérificateurs disponibles"
 
-#: guix/scripts/lint.scm:1032
+#: guix/scripts/lint.scm:1112
 #, scheme-format
 msgid "~a: invalid checker~%"
-msgstr "~a: vérificateur non valide~%"
+msgstr "~a : vérificateur non valide~%"
 
-#: guix/scripts/publish.scm:67
+#: guix/scripts/publish.scm:68
 #, scheme-format
 msgid ""
 "Usage: guix publish [OPTION]...\n"
 "Publish ~a over HTTP.\n"
 msgstr ""
-"Usage: guix publish [OPTION]...\n"
+"Usage : guix publish [OPTION]...\n"
 "Diffuser ~a via HTTP.\n"
 
-#: guix/scripts/publish.scm:69
+#: guix/scripts/publish.scm:70
 msgid ""
 "\n"
 "  -p, --port=PORT        listen on PORT"
@@ -1973,7 +2118,7 @@ msgstr ""
 "\n"
 "  -p, --port=PORT        écouter sur le PORT"
 
-#: guix/scripts/publish.scm:71
+#: guix/scripts/publish.scm:72
 msgid ""
 "\n"
 "      --listen=HOST      listen on the network interface for HOST"
@@ -1981,7 +2126,7 @@ msgstr ""
 "\n"
 "      --listen=HÔTE      écouter sur l'interface réseau HÔTE"
 
-#: guix/scripts/publish.scm:73
+#: guix/scripts/publish.scm:74
 msgid ""
 "\n"
 "  -u, --user=USER        change privileges to USER as soon as possible"
@@ -1991,7 +2136,7 @@ msgstr ""
 "                         changer les privilèges de UTILISATEUR aussi vite\n"
 "                         que possible"
 
-#: guix/scripts/publish.scm:75
+#: guix/scripts/publish.scm:76
 msgid ""
 "\n"
 "  -C, --compression[=LEVEL]\n"
@@ -2001,7 +2146,7 @@ msgstr ""
 "  -C, --compression[=NIVEAU]\n"
 "                         compresser les archives au NIVEAU"
 
-#: guix/scripts/publish.scm:78
+#: guix/scripts/publish.scm:79
 msgid ""
 "\n"
 "  -c, --cache=DIRECTORY  cache published items to DIRECTORY"
@@ -2009,7 +2154,7 @@ msgstr ""
 "\n"
 "  -c, --cache=RÉPERTOIRE mettre les éléments publiés en cache dans le RÉPERTOIRE"
 
-#: guix/scripts/publish.scm:80
+#: guix/scripts/publish.scm:81
 msgid ""
 "\n"
 "      --workers=N        use N workers to bake items"
@@ -2017,7 +2162,7 @@ msgstr ""
 "\n"
 "      --workers=N        utiliser N travailleurs pour préparer les éléments"
 
-#: guix/scripts/publish.scm:82
+#: guix/scripts/publish.scm:83
 msgid ""
 "\n"
 "      --ttl=TTL          announce narinfos can be cached for TTL seconds"
@@ -2026,7 +2171,7 @@ msgstr ""
 "      --ttl=TTL          les annonces narinfos peuvent être mises en cache\n"
 "                         pendant TTL secondes"
 
-#: guix/scripts/publish.scm:84
+#: guix/scripts/publish.scm:85
 msgid ""
 "\n"
 "      --nar-path=PATH    use PATH as the prefix for nar URLs"
@@ -2034,7 +2179,7 @@ msgstr ""
 "\n"
 "      --nar-path=CHEMIN  utiliser le CHEMIN comme préfixe pour les URL nar"
 
-#: guix/scripts/publish.scm:86
+#: guix/scripts/publish.scm:87
 msgid ""
 "\n"
 "      --public-key=FILE  use FILE as the public key for signatures"
@@ -2042,7 +2187,7 @@ msgstr ""
 "\n"
 "      --public-key=FICHIER utiliser le FICHIER comme clé publique pour les signatures"
 
-#: guix/scripts/publish.scm:88
+#: guix/scripts/publish.scm:89
 msgid ""
 "\n"
 "      --private-key=FILE use FILE as the private key for signatures"
@@ -2050,7 +2195,7 @@ msgstr ""
 "\n"
 "      --private-key=FICHIER utiliser le FICHIER comme clé privée pour les signatures"
 
-#: guix/scripts/publish.scm:90
+#: guix/scripts/publish.scm:91
 msgid ""
 "\n"
 "  -r, --repl[=PORT]      spawn REPL server on PORT"
@@ -2058,37 +2203,37 @@ msgstr ""
 "\n"
 "  -r, --repl[=PORT]      créer le serveur REPL sur le PORT"
 
-#: guix/scripts/publish.scm:106
+#: guix/scripts/publish.scm:107
 #, scheme-format
 msgid "lookup of host '~a' failed: ~a~%"
-msgstr "la recherche de l'hôte « ~a » a échoué: ~a~%"
+msgstr "la recherche de l'hôte « ~a » a échoué : ~a~%"
 
-#: guix/scripts/publish.scm:151
+#: guix/scripts/publish.scm:152
 #, scheme-format
 msgid "lookup of host '~a' returned nothing"
 msgstr "la recherche de l'hôte « ~a » n'a rien retourné"
 
-#: guix/scripts/publish.scm:164
+#: guix/scripts/publish.scm:165
 #, scheme-format
 msgid "zlib support is missing; compression disabled~%"
 msgstr "le support zlib est manquant. La compression est désactivée~%"
 
-#: guix/scripts/publish.scm:178
+#: guix/scripts/publish.scm:179
 #, scheme-format
 msgid "~a: invalid duration~%"
-msgstr "~a: durée non valide~%"
+msgstr "~a : durée non valide~%"
 
-#: guix/scripts/publish.scm:799
+#: guix/scripts/publish.scm:832
 #, scheme-format
 msgid "user '~a' not found: ~a~%"
-msgstr "utilisateur « ~a » pas trouvé: ~a~%"
+msgstr "utilisateur « ~a » non trouvé : ~a~%"
 
-#: guix/scripts/publish.scm:840
+#: guix/scripts/publish.scm:873
 #, scheme-format
 msgid "server running as root; consider using the '--user' option!~%"
 msgstr "le serveur tourne en tant que root. Envisagez d'utiliser l'option « --user » !~%"
 
-#: guix/scripts/publish.scm:845
+#: guix/scripts/publish.scm:878
 #, scheme-format
 msgid "publishing ~a on ~a, port ~d~%"
 msgstr "diffusion de ~a sur ~a, port ~d~%"
@@ -2098,7 +2243,7 @@ msgid ""
 "Usage: guix edit PACKAGE...\n"
 "Start $VISUAL or $EDITOR to edit the definitions of PACKAGE...\n"
 msgstr ""
-"Usage: guix edit PAQUET...\n"
+"Usage : guix edit PAQUET...\n"
 "Démarrer $VISUAL ou $EDITOR pour éditer la définition de PAQUET...\n"
 
 #: guix/scripts/edit.scm:62
@@ -2114,46 +2259,46 @@ msgstr "l'emplacement source du paquet « ~a » est inconnue~%"
 #: guix/scripts/edit.scm:103
 #, scheme-format
 msgid "failed to launch '~a': ~a~%"
-msgstr "impossible de démarrer « ~a »: ~a~%"
+msgstr "impossible de démarrer « ~a » : ~a~%"
 
 #: guix/scripts/size.scm:77
 #, scheme-format
 msgid "no available substitute information for '~a'~%"
 msgstr "pas d'information de substitution disponible pour « ~a »~%"
 
-#: guix/scripts/size.scm:85
+#: guix/scripts/size.scm:99
 msgid "store item"
 msgstr "élément stockage"
 
-#: guix/scripts/size.scm:85
+#: guix/scripts/size.scm:99
 msgid "total"
 msgstr "total"
 
-#: guix/scripts/size.scm:85
+#: guix/scripts/size.scm:99
 msgid "self"
 msgstr "lui-même"
 
-#: guix/scripts/size.scm:97
+#: guix/scripts/size.scm:107
 #, scheme-format
 msgid "total: ~,1f MiB~%"
-msgstr "total: ~,1f MiB~%"
+msgstr "total : ~,1f MiB~%"
 
 #. TRANSLATORS: This is the title of a graph, meaning that the graph
 #. represents a profile of the store (the "store" being the place where
 #. packages are stored.)
-#: guix/scripts/size.scm:211
+#: guix/scripts/size.scm:221
 msgid "store profile"
-msgstr "profil stockage"
+msgstr "profil du dépôt"
 
-#: guix/scripts/size.scm:220
+#: guix/scripts/size.scm:230
 msgid ""
 "Usage: guix size [OPTION]... PACKAGE\n"
 "Report the size of PACKAGE and its dependencies.\n"
 msgstr ""
-"Usage: guix size [OPTION]... PAQUET\n"
+"Usage : guix size [OPTION]... PAQUET\n"
 "Rapporter la taille du PAQUET et de ses dépendances.\n"
 
-#: guix/scripts/size.scm:225
+#: guix/scripts/size.scm:235
 msgid ""
 "\n"
 "  -s, --system=SYSTEM    consider packages for SYSTEM--e.g., \"i686-linux\""
@@ -2161,7 +2306,16 @@ msgstr ""
 "\n"
 "  -s, --system=SYSTÈME   prend en compte les paquets pour le SYSTÈME, par exemple « i686-linux »"
 
-#: guix/scripts/size.scm:227
+#. TRANSLATORS: "closure" and "self" must not be translated.
+#: guix/scripts/size.scm:238
+msgid ""
+"\n"
+"      --sort=KEY         sort according to KEY--\"closure\" or \"self\""
+msgstr ""
+"\n"
+"      --sort=CLEF        tri en fonction de la CLEF : « closure » ou « self »"
+
+#: guix/scripts/size.scm:240
 msgid ""
 "\n"
 "  -m, --map-file=FILE    write to FILE a graphical map of disk usage"
@@ -2169,14 +2323,19 @@ msgstr ""
 "\n"
 "  -m, --map-file=FICHIER écrit dans le FICHIER une carte graphique de l'utilisation du disque"
 
-#: guix/scripts/size.scm:281
+#: guix/scripts/size.scm:271
+#, scheme-format
+msgid "~a: invalid sorting key~%"
+msgstr "~a : clef de tri invalide~%"
+
+#: guix/scripts/size.scm:306
 msgid "missing store item argument\n"
 msgstr "argument d'élément de stockage manquant\n"
 
 #: guix/scripts/graph.scm:84
 #, scheme-format
 msgid "~a: invalid argument (package name expected)"
-msgstr "~a: argument invalide (nom de paquet attendu)"
+msgstr "~a : argument invalide (nom de paquet attendu)"
 
 #: guix/scripts/graph.scm:95
 msgid "the DAG of packages, excluding implicit inputs"
@@ -2198,60 +2357,60 @@ msgstr "le DAG des paquets et origines en incluant les entrées implicites"
 msgid "same as 'bag', but without the bootstrap nodes"
 msgstr "comme « bag » mais sans les nœuds d'amorçage"
 
-#: guix/scripts/graph.scm:257
+#: guix/scripts/graph.scm:253
 msgid "the DAG of derivations"
 msgstr "le DAG des dérivations"
 
-#: guix/scripts/graph.scm:269
+#: guix/scripts/graph.scm:265
 msgid "unsupported argument for derivation graph"
 msgstr "argument non supporté pour le graphe de dérivation"
 
-#: guix/scripts/graph.scm:295
+#: guix/scripts/graph.scm:291
 msgid "unsupported argument for this type of graph"
 msgstr "argument non supporté pour ce type de graphe"
 
-#: guix/scripts/graph.scm:308
+#: guix/scripts/graph.scm:304
 #, scheme-format
 msgid "references for '~a' are not known~%"
 msgstr "les références pour « ~a » sont inconnues~%"
 
-#: guix/scripts/graph.scm:315
+#: guix/scripts/graph.scm:311
 msgid "the DAG of run-time dependencies (store references)"
 msgstr "le DAG des dépendances à l'exécution (stockage des références)"
 
-#: guix/scripts/graph.scm:331
+#: guix/scripts/graph.scm:327
 msgid "the DAG of referrers in the store"
 msgstr "le graphe orienté acyclique (DAG) des référents dans le stockage"
 
-#: guix/scripts/graph.scm:358
+#: guix/scripts/graph.scm:354
 #, scheme-format
 msgid "~a: unknown node type~%"
-msgstr "~a: type de nœud inconnu~%"
+msgstr "~a : type de nœud inconnu~%"
 
-#: guix/scripts/graph.scm:365
+#: guix/scripts/graph.scm:361
 #, scheme-format
 msgid "~a: unknown backend~%"
-msgstr "~a: moteur de graphe inconnu~%"
+msgstr "~a : moteur de graphe inconnu~%"
 
-#: guix/scripts/graph.scm:369
+#: guix/scripts/graph.scm:365
 msgid "The available node types are:\n"
-msgstr "Les types de nœuds disponibles sont:\n"
+msgstr "Les types de nœuds disponibles sont :\n"
 
-#: guix/scripts/graph.scm:379
+#: guix/scripts/graph.scm:375
 msgid "The available backend types are:\n"
-msgstr "Les types de moteurs de graphes disponibles sont:\n"
+msgstr "Les types de moteurs de graphes disponibles sont :\n"
 
 #. TRANSLATORS: Here 'dot' is the name of a program; it must not be
 #. translated.
-#: guix/scripts/graph.scm:423
+#: guix/scripts/graph.scm:419
 msgid ""
 "Usage: guix graph PACKAGE...\n"
-"Emit a Graphviz (dot) representation of the dependencies of PACKAGE...\n"
+"Emit a representation of the dependency graph of PACKAGE...\n"
 msgstr ""
-"Usage: guix graph PAQUET...\n"
-"Produit une représentation Graphviz (dot) des dépendances de PAQUET...\n"
+"Usage : guix graph PAQUET...\n"
+"Produit une représentation du graphe des dépendances de PAQUET...\n"
 
-#: guix/scripts/graph.scm:425
+#: guix/scripts/graph.scm:421
 msgid ""
 "\n"
 "  -b, --backend=TYPE     produce a graph with the given backend TYPE"
@@ -2259,7 +2418,7 @@ msgstr ""
 "\n"
 "  -t, --backend=TYPE     produire un graphe avec le TYPE de moteur donné"
 
-#: guix/scripts/graph.scm:427
+#: guix/scripts/graph.scm:423
 msgid ""
 "\n"
 "      --list-backends    list the available graph backends"
@@ -2267,7 +2426,7 @@ msgstr ""
 "\n"
 "      --list-backends    lister les types de moteurs de graphes disponibles"
 
-#: guix/scripts/graph.scm:429
+#: guix/scripts/graph.scm:425
 msgid ""
 "\n"
 "  -t, --type=TYPE        represent nodes of the given TYPE"
@@ -2275,7 +2434,7 @@ msgstr ""
 "\n"
 "  -t, --type=TYPE        représenter les nœuds du TYPE donné"
 
-#: guix/scripts/graph.scm:431
+#: guix/scripts/graph.scm:427
 msgid ""
 "\n"
 "      --list-types       list the available graph types"
@@ -2283,7 +2442,7 @@ msgstr ""
 "\n"
 "      --list-types       lister les types de graphes disponibles"
 
-#: guix/scripts/graph.scm:433 guix/scripts/pack.scm:328
+#: guix/scripts/graph.scm:429 guix/scripts/pack.scm:336
 msgid ""
 "\n"
 "  -e, --expression=EXPR  consider the package EXPR evaluates to"
@@ -2294,7 +2453,7 @@ msgstr ""
 #: guix/scripts/challenge.scm:191
 #, scheme-format
 msgid "  local hash: ~a~%"
-msgstr "  hachage local: ~a~%"
+msgstr "  empreinte locale : ~a~%"
 
 #: guix/scripts/challenge.scm:192
 #, scheme-format
@@ -2304,22 +2463,22 @@ msgstr "  aucune compilation locale pour « ~a »~%"
 #: guix/scripts/challenge.scm:194
 #, scheme-format
 msgid "  ~50a: ~a~%"
-msgstr "  ~50a: ~a~%"
+msgstr "  ~50a : ~a~%"
 
 #: guix/scripts/challenge.scm:202
 #, scheme-format
 msgid "~a contents differ:~%"
-msgstr "le contenu de ~a diffère:~%"
+msgstr "le contenu de ~a diffère :~%"
 
 #: guix/scripts/challenge.scm:205
 #, scheme-format
 msgid "could not challenge '~a': no local build~%"
-msgstr "impossible de mettre « ~a » au défi: aucune construction locale~%"
+msgstr "impossible de mettre « ~a » au défi : aucune construction locale~%"
 
 #: guix/scripts/challenge.scm:207
 #, scheme-format
 msgid "could not challenge '~a': no substitutes~%"
-msgstr "impossible de mettre « ~a » au défi: aucune substitution~%"
+msgstr "impossible de mettre « ~a » au défi : aucune substitution~%"
 
 #: guix/scripts/challenge.scm:210
 #, scheme-format
@@ -2327,14 +2486,30 @@ msgid "~a contents match:~%"
 msgstr "le contenu de ~a correspond:~%"
 
 #: guix/scripts/challenge.scm:219
+msgid "~h store items were analyzed:~%"
+msgstr "~h éléments du dépôt ont été analysés :~%"
+
+#: guix/scripts/challenge.scm:220
+msgid "  - ~h (~,1f%) were identical~%"
+msgstr "  - ~h (~,1f%) étaient identiques~%"
+
+#: guix/scripts/challenge.scm:222
+msgid "  - ~h (~,1f%) differed~%"
+msgstr "  - ~h (~,1f%) étaient différents~%"
+
+#: guix/scripts/challenge.scm:224
+msgid "  - ~h (~,1f%) were inconclusive~%"
+msgstr "  - ~h (~,1f%) étaient impossibles à évaluer~%"
+
+#: guix/scripts/challenge.scm:233
 msgid ""
 "Usage: guix challenge [PACKAGE...]\n"
 "Challenge the substitutes for PACKAGE... provided by one or more servers.\n"
 msgstr ""
-"Usage: guix challenge [PAQUET...]\n"
+"Usage : guix challenge [PAQUET...]\n"
 "Contrôle les substituts du PAQUET... fourni par un ou plusieurs serveurs.\n"
 
-#: guix/scripts/challenge.scm:221
+#: guix/scripts/challenge.scm:235
 msgid ""
 "\n"
 "      --substitute-urls=URLS\n"
@@ -2344,7 +2519,7 @@ msgstr ""
 "      --substitute-urls=URLS\n"
 "                         comparer les résultats de compilation avec ceux aux URLS"
 
-#: guix/scripts/challenge.scm:224
+#: guix/scripts/challenge.scm:238
 msgid ""
 "\n"
 "      -v, --verbose      show details about successful comparisons"
@@ -2355,14 +2530,14 @@ msgstr ""
 #: guix/scripts/copy.scm:59
 #, scheme-format
 msgid "~a: invalid TCP port number~%"
-msgstr "~a: numéro de port TCP invalide~%"
+msgstr "~a : numéro de port TCP invalide~%"
 
 #: guix/scripts/copy.scm:61
 #, scheme-format
 msgid "~a: invalid SSH specification~%"
-msgstr "~a: spécification SSH invalide~%"
+msgstr "~a : spécification SSH invalide~%"
 
-#: guix/scripts/copy.scm:112
+#: guix/scripts/copy.scm:113
 msgid ""
 "Usage: guix copy [OPTION]... ITEMS...\n"
 "Copy ITEMS to or from the specified host over SSH.\n"
@@ -2370,7 +2545,7 @@ msgstr ""
 "Usage: guix copy [OPTION]... ÉLÉMENTS...\n"
 "Copier les ÉLÉMENTS vers ou depuis l'hôte spécifié en SSH.\n"
 
-#: guix/scripts/copy.scm:114
+#: guix/scripts/copy.scm:115
 msgid ""
 "\n"
 "      --to=HOST          send ITEMS to HOST"
@@ -2378,7 +2553,7 @@ msgstr ""
 "\n"
 "      --to=HÔTE          envoyer les ÉLÉMENTS vers l'HÔTE"
 
-#: guix/scripts/copy.scm:116
+#: guix/scripts/copy.scm:117
 msgid ""
 "\n"
 "      --from=HOST        receive ITEMS from HOST"
@@ -2391,17 +2566,17 @@ msgstr ""
 msgid "use '--to' or '--from'~%"
 msgstr "utilisez « --to » ou « --from »~%"
 
-#: guix/scripts/pack.scm:74
+#: guix/scripts/pack.scm:76
 #, scheme-format
 msgid "~a: compressor not found~%"
-msgstr "~a: compresseur introuvable~%"
+msgstr "~a : compresseur introuvable~%"
 
-#: guix/scripts/pack.scm:310
+#: guix/scripts/pack.scm:318
 #, scheme-format
 msgid "~a: invalid symlink specification~%"
-msgstr "~a: spécification de lien symbolique invalide~%"
+msgstr "~a : spécification de lien symbolique invalide~%"
 
-#: guix/scripts/pack.scm:320
+#: guix/scripts/pack.scm:328
 msgid ""
 "Usage: guix pack [OPTION]... PACKAGE...\n"
 "Create a bundle of PACKAGE.\n"
@@ -2409,7 +2584,7 @@ msgstr ""
 "Usage: guix pack [OPTION]... PAQUET...\n"
 "Créer un paquet de PAQUET.\n"
 
-#: guix/scripts/pack.scm:326
+#: guix/scripts/pack.scm:334
 msgid ""
 "\n"
 "  -f, --format=FORMAT    build a pack in the given FORMAT"
@@ -2417,7 +2592,7 @@ msgstr ""
 "\n"
 "  -f, --format=FORMAT    créer un paquet dans le FORMAT donné"
 
-#: guix/scripts/pack.scm:334
+#: guix/scripts/pack.scm:342
 msgid ""
 "\n"
 "  -C, --compression=TOOL compress using TOOL--e.g., \"lzip\""
@@ -2425,7 +2600,7 @@ msgstr ""
 "\n"
 "  -C, --compression=OUTIL compresser en utilisant l'OUTIL, par ex, « lzip »"
 
-#: guix/scripts/pack.scm:336
+#: guix/scripts/pack.scm:344
 msgid ""
 "\n"
 "  -S, --symlink=SPEC     create symlinks to the profile according to SPEC"
@@ -2433,7 +2608,7 @@ msgstr ""
 "\n"
 "  -S, --symlink=SPEC     créer des liens symboliques vers le profil selon la SPEC"
 
-#: guix/scripts/pack.scm:338
+#: guix/scripts/pack.scm:346
 msgid ""
 "\n"
 "      --localstatedir    include /var/guix in the resulting pack"
@@ -2441,28 +2616,106 @@ msgstr ""
 "\n"
 "      --localstatedir    inclure /var/guix dans le paquet résultant"
 
-#: guix/scripts/pack.scm:382
+#: guix/scripts/pack.scm:390
 #, scheme-format
 msgid "~a: unknown pack format"
-msgstr "~a: format de paquet inconnu"
+msgstr "~a : format de paquet inconnu"
+
+#: guix/scripts/weather.scm:74
+msgid "computing ~h package derivations for ~a...~%"
+msgstr "calcul de ~h dérivations de paquets pour ~a…~%"
+
+#: guix/scripts/weather.scm:110
+msgid "looking for ~h store items on ~a...~%"
+msgstr "recherche de ~h éléments du dépôt sur ~a...~%"
+
+#: guix/scripts/weather.scm:120
+msgid "  ~2,1f% substitutes available (~h out of ~h)~%"
+msgstr "  ~2,1f% substituts disponibles (~h sur ~h)~%"
+
+#: guix/scripts/weather.scm:126
+#, scheme-format
+msgid "  unknown substitute sizes~%"
+msgstr "  taille des substituts inconnue~%"
+
+#: guix/scripts/weather.scm:129
+msgid "  ~,1h MiB of nars (compressed)~%"
+msgstr "  ~,1h Mo de fichiers nar (compressés)~%"
+
+#: guix/scripts/weather.scm:130
+msgid "  at least ~,1h MiB of nars (compressed)~%"
+msgstr "  au moins ~,1h Mo de fichiers nar (compressés)~%"
+
+#: guix/scripts/weather.scm:132
+msgid "  ~,1h MiB on disk (uncompressed)~%"
+msgstr "  ~,1h Mo sur le disque (décompressé)~%"
+
+#: guix/scripts/weather.scm:134
+msgid "  ~,3h seconds per request (~,1h seconds in total)~%"
+msgstr "  ~,3h secondes par requête (~,1h secondesen tout)~%"
+
+#: guix/scripts/weather.scm:136
+msgid "  ~,1h requests per second~%"
+msgstr "  ~,1h requêtes par seconde~%"
 
-#: guix/gnu-maintenance.scm:562
+#: guix/scripts/weather.scm:145
+msgid ""
+"Usage: guix weather [OPTIONS]\n"
+"Report the availability of substitutes.\n"
+msgstr ""
+"Usage : guix weather [OPTIONS]\n"
+"Rapporte la disponibilité des substituts.\n"
+
+#: guix/scripts/weather.scm:147
+msgid ""
+"\n"
+"      --substitute-urls=URLS\n"
+"                         check for available substitutes at URLS"
+msgstr ""
+"\n"
+"      --substitute-urls=URLS\n"
+"                         vérifie la disponibilité des substituts aux URLS"
+
+#: guix/scripts/weather.scm:150
+msgid ""
+"\n"
+"  -m, --manifest=MANIFEST\n"
+"                         look up substitutes for packages specified in MANIFEST"
+msgstr ""
+"\n"
+"  -m, --manifest=MANIFESTE\n"
+"                         recherche les substituts des paquets du MANIFESTE"
+
+#: guix/scripts/weather.scm:153
+msgid ""
+"\n"
+"  -s, --system=SYSTEM    consider substitutes for SYSTEM--e.g., \"i686-linux\""
+msgstr ""
+"\n"
+"  -s, --system=SYSTÈME   prend en compte les substituts pour le SYSTÈME, par exemple « i686-linux »"
+
+#: guix/scripts/weather.scm:177
+#, scheme-format
+msgid "~a: invalid URL~%"
+msgstr "~a : URL invalide~%"
+
+#: guix/gnu-maintenance.scm:567
 msgid "Updater for GNU packages"
 msgstr "Logiciel de mise à jour des paquets GNU"
 
-#: guix/gnu-maintenance.scm:569
-msgid "Updater for GNOME packages"
-msgstr "Logiciel de mise à jour des paquets GNOME"
-
 #: guix/gnu-maintenance.scm:576
+msgid "Updater for GNU packages only available via FTP"
+msgstr "Logiciel de mise à jour des paquets GNU disponibles uniquement par FTP"
+
+#: guix/gnu-maintenance.scm:585
 msgid "Updater for KDE packages"
 msgstr "Logiciel de mise à jour des paquets KDE"
 
-#: guix/gnu-maintenance.scm:583
+#: guix/gnu-maintenance.scm:592
 msgid "Updater for X.org packages"
 msgstr "Logiciel de mise à jour des paquets X.org"
 
-#: guix/gnu-maintenance.scm:590
+#: guix/gnu-maintenance.scm:599
 msgid "Updater for packages hosted on kernel.org"
 msgstr "Logiciel de mise à jour des paquets hébergés sur kernel.org"
 
@@ -2471,7 +2724,7 @@ msgid ""
 "Usage: guix container ACTION ARGS...\n"
 "Build and manipulate Linux containers.\n"
 msgstr ""
-"Usage: guix container ACTION ARGS...\n"
+"Usage : guix container ACTION ARGS...\n"
 "Compile et manipule des containers Linux.\n"
 
 #: guix/scripts/container.scm:30
@@ -2481,25 +2734,25 @@ msgstr "   exec            exécuter une commande dans un container existant\n"
 #: guix/scripts/container.scm:53
 #, scheme-format
 msgid "guix container: missing action~%"
-msgstr "guix container: action manquante~%"
+msgstr "guix container : action manquante~%"
 
 #: guix/scripts/container.scm:63
 #, scheme-format
 msgid "guix container: invalid action~%"
-msgstr "guix container: action invalide~%"
+msgstr "guix container : action invalide~%"
 
 #: guix/scripts/container/exec.scm:40
 msgid ""
 "Usage: guix container exec PID COMMAND [ARGS...]\n"
 "Execute COMMMAND within the container process PID.\n"
 msgstr ""
-"Usage: guix container exec PID COMMANDE [ARGS...]\n"
+"Usage : guix container exec PID COMMANDE [ARGS...]\n"
 "Exécuter la COMMANDE dans le container du processus PID.\n"
 
 #: guix/scripts/container/exec.scm:69
 #, scheme-format
 msgid "~a: extraneous argument~%"
-msgstr "~a: argument superflu~%"
+msgstr "~a : argument superflu~%"
 
 #: guix/scripts/container/exec.scm:87
 #, scheme-format
@@ -2521,91 +2774,115 @@ msgstr "aucun processus ~d~%"
 msgid "exec failed with status ~d~%"
 msgstr "exec a échoué avec le statut ~d~%"
 
-#: guix/upstream.scm:212
+#: guix/upstream.scm:249
 #, scheme-format
 msgid "signature verification failed for `~a'~%"
 msgstr "la vérification de la signature a échoué pour « ~a »~%"
 
-#: guix/upstream.scm:214
+#: guix/upstream.scm:251
 #, scheme-format
 msgid "(could be because the public key is not in your keyring)~%"
 msgstr "(il est possible que la clé publique ne soit pas dans dans votre trousseau)~%"
 
-#: guix/upstream.scm:293
+#: guix/upstream.scm:330
 #, scheme-format
 msgid "~a: could not locate source file"
-msgstr "~a: le fichier source est introuvable"
+msgstr "~a : le fichier source est introuvable"
 
-#: guix/upstream.scm:298
+#: guix/upstream.scm:335
 #, scheme-format
 msgid "~a: ~a: no `version' field in source; skipping~%"
-msgstr "~a: ~a: aucun champ « version » dans la source; ignoré~%"
+msgstr "~a : ~a : aucun champ « version » dans la source ; ignoré~%"
+
+#: guix/ui.scm:159
+#, scheme-format
+msgid "~a: unbound variable"
+msgstr "~a : variable non liée"
 
-#: guix/ui.scm:241
+#: guix/ui.scm:235
 msgid "entering debugger; type ',bt' for a backtrace\n"
-msgstr "entrée dans le débogueur; tapez « ,bt » pour la trace inverse\n"
+msgstr "entrée dans le débogueur; tapez « ,bt » pour la trace d'exécution\n"
 
-#: guix/ui.scm:257 guix/ui.scm:278 guix/ui.scm:285
+#: guix/ui.scm:284
+#, scheme-format
+msgid "hint: ~a~%"
+msgstr "conseil : ~a~%"
+
+#: guix/ui.scm:294 guix/ui.scm:342 guix/ui.scm:349
 #, scheme-format
 msgid "failed to load '~a': ~a~%"
-msgstr "impossible de charger « ~a »: ~a~%"
+msgstr "impossible de charger « ~a » : ~a~%"
+
+#: guix/ui.scm:301
+#, scheme-format
+msgid "~amissing closing parenthesis~%"
+msgstr "~a parenthèses fermantes manquantes~%"
 
-#: guix/ui.scm:260
+#: guix/ui.scm:306 guix/ui.scm:322 guix/ui.scm:596
 #, scheme-format
 msgid "~a: error: ~a~%"
-msgstr "~a: erreur: ~a~%"
+msgstr "~a : erreur: ~a~%"
 
-#: guix/ui.scm:267 guix/ui.scm:554
+#: guix/ui.scm:314
+msgid "Did you forget a @code{use-modules} form?"
+msgstr "Auriez-vous oublié un @code{use-modules} ?"
+
+#: guix/ui.scm:316
+#, scheme-format
+msgid "Try adding @code{(use-modules ~a)}."
+msgstr "Essayez d'ajouter @code{(use-modules ~a)}."
+
+#: guix/ui.scm:329 guix/ui.scm:657
 #, scheme-format
 msgid "exception thrown: ~s~%"
-msgstr "exception générée: ~s~%"
+msgstr "exception générée : ~s~%"
 
-#: guix/ui.scm:269 guix/ui.scm:291
+#: guix/ui.scm:333 guix/ui.scm:355
 #, scheme-format
 msgid "failed to load '~a':~%"
-msgstr "échec lors du chargement de « ~a »:~%"
+msgstr "échec lors du chargement de « ~a » :~%"
 
-#: guix/ui.scm:281
+#: guix/ui.scm:345
 #, scheme-format
 msgid "~a: warning: ~a~%"
-msgstr "~a: avertissement: ~a~%"
+msgstr "~a : avertissement : ~a~%"
 
-#: guix/ui.scm:288
+#: guix/ui.scm:352
 #, scheme-format
 msgid "failed to load '~a': exception thrown: ~s~%"
-msgstr "échec lors du chargement de « ~a »: exception générée: ~s~%"
+msgstr "échec lors du chargement de « ~a » : exception générée : ~s~%"
 
-#: guix/ui.scm:300
+#: guix/ui.scm:364
 #, scheme-format
 msgid "failed to install locale: ~a~%"
-msgstr "impossible d'installer l'environnement linguistique: ~a~%"
+msgstr "impossible d'installer l'environnement linguistique : ~a~%"
 
 #. TRANSLATORS: Translate "(C)" to the copyright symbol
 #. (C-in-a-circle), if this symbol is available in the user's
 #. locale.  Otherwise, do not translate "(C)"; leave it as-is.  */
-#: guix/ui.scm:323
+#: guix/ui.scm:394
 msgid "(C)"
 msgstr "©"
 
-#: guix/ui.scm:324
+#: guix/ui.scm:395
 msgid "the Guix authors\n"
 msgstr "les auteurs de Guix\n"
 
-#: guix/ui.scm:325
+#: guix/ui.scm:396
 msgid ""
 "License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>\n"
 "This is free software: you are free to change and redistribute it.\n"
 "There is NO WARRANTY, to the extent permitted by law.\n"
 msgstr ""
-"Licence GPLv3+: GNU GPL version 3 ou ultérieure <http://www.gnu.org/licenses/gpl.fr.html>\n"
-"Ceci est un logiciel libre: vous êtes libre de le modifier et de le redistribuer.\n"
+"Licence GPLv3+ : GNU GPL version 3 ou ultérieure <http://www.gnu.org/licenses/gpl.fr.html>\n"
+"Ceci est un logiciel libre : vous êtes libre de le modifier et de le redistribuer.\n"
 "Il n'y a AUCUNE GARANTIE, dans les limites permises par la loi.\n"
 
 #. TRANSLATORS: The placeholder indicates the bug-reporting address for this
 #. package.  Please add another line saying "Report translation bugs to
 #. ...\n" with the address for translation bugs (typically your translation
 #. team's web or email address).
-#: guix/ui.scm:337
+#: guix/ui.scm:408
 #, scheme-format
 msgid ""
 "\n"
@@ -2615,221 +2892,248 @@ msgstr ""
 "Signalez toute anomalie à : ~a.\n"
 "Signalez toute erreur de traduction à : traduc@traduc.org"
 
-#: guix/ui.scm:339
+#: guix/ui.scm:410
 #, scheme-format
 msgid ""
 "\n"
 "~a home page: <~a>"
 msgstr ""
 "\n"
-"~a page d'accueil: <~a>"
+"~a page d'accueil : <~a>"
 
-#: guix/ui.scm:341
+#: guix/ui.scm:412
 msgid ""
 "\n"
 "General help using GNU software: <http://www.gnu.org/gethelp/>"
 msgstr ""
 "\n"
-"Aide générale sur l'utilisation des logiciels GNU: <http://www.gnu.org/gethelp/>"
+"Aide générale sur l'utilisation des logiciels GNU : <http://www.gnu.org/gethelp/>"
 
-#: guix/ui.scm:386
+#: guix/ui.scm:457
 #, scheme-format
 msgid "'~a' is not a valid regular expression: ~a~%"
-msgstr "« ~a » n'est pas une expression rationnelle valide: ~a~%"
+msgstr "« ~a » n'est pas une expression rationnelle valide : ~a~%"
 
-#: guix/ui.scm:392
+#: guix/ui.scm:463
 #, scheme-format
 msgid "~a: invalid number~%"
-msgstr "~a: nombre non valide~%"
+msgstr "~a : nombre non valide~%"
 
-#: guix/ui.scm:409
+#: guix/ui.scm:480
 #, scheme-format
 msgid "invalid number: ~a~%"
-msgstr "nombre non valide: ~a~%"
+msgstr "nombre non valide : ~a~%"
 
-#: guix/ui.scm:432
+#: guix/ui.scm:503
 #, scheme-format
 msgid "unknown unit: ~a~%"
-msgstr "unité inconnue: ~a~%"
+msgstr "unité inconnue : ~a~%"
 
-#: guix/ui.scm:449
+#: guix/ui.scm:520
 #, scheme-format
 msgid "~a:~a:~a: package `~a' has an invalid input: ~s~%"
-msgstr "~a:~a:~a: le paquet « ~a » a une entrée non valide: ~s~%"
+msgstr "~a :~a :~a : le paquet « ~a » a une entrée non valide : ~s~%"
 
-#: guix/ui.scm:456
+#: guix/ui.scm:527
 #, scheme-format
 msgid "~a: ~a: build system `~a' does not support cross builds~%"
-msgstr "~a: ~a: le système de compilation « ~a » ne supporte pas la compilation croisée~%"
+msgstr "~a : ~a : le système de compilation « ~a » ne supporte pas la compilation croisée~%"
 
-#: guix/ui.scm:462
+#: guix/ui.scm:533
 #, scheme-format
 msgid "~s: invalid G-expression input~%"
-msgstr "~s: entrée G-expression invalide~%"
+msgstr "~s : entrée G-expression invalide~%"
 
-#: guix/ui.scm:465
+#: guix/ui.scm:536
 #, scheme-format
 msgid "profile '~a' does not exist~%"
 msgstr "le profile « ~a » n'existe pas~%"
 
-#: guix/ui.scm:468
+#: guix/ui.scm:539
 #, scheme-format
 msgid "generation ~a of profile '~a' does not exist~%"
 msgstr "la génération ~a du profile « ~a » n'existe pas~%"
 
-#: guix/ui.scm:475
+#: guix/ui.scm:548
+#, scheme-format
+msgid "   ... propagated from ~a@~a~%"
+msgstr "   ... propagé depuis ~a@~a~%"
+
+#: guix/ui.scm:553
+#, scheme-format
+msgid "profile contains conflicting entries for ~a:~a~%"
+msgstr "le profil contient des entrées en conflit pour ~a :~a~%"
+
+#: guix/ui.scm:556
+#, scheme-format
+msgid "  first entry: ~a@~a:~a ~a~%"
+msgstr "  première entrée : ~a@~a:~a ~a~%"
+
+#: guix/ui.scm:562
+#, scheme-format
+msgid "  second entry: ~a@~a:~a ~a~%"
+msgstr "  deuxième entrée : ~a@~a:~a ~a~%"
+
+#: guix/ui.scm:573
 #, scheme-format
 msgid "corrupt input while restoring '~a' from ~s~%"
 msgstr "entrée corrompue en restaurant « ~a » depuis ~s~%"
 
-#: guix/ui.scm:477
+#: guix/ui.scm:575
 #, scheme-format
 msgid "corrupt input while restoring archive from ~s~%"
 msgstr "entrée corrompue en restaurant l'archive depuis ~s~%"
 
-#: guix/ui.scm:480
+#: guix/ui.scm:578
 #, scheme-format
 msgid "failed to connect to `~a': ~a~%"
-msgstr "impossible de se connecter à « ~a »: ~a~%"
+msgstr "impossible de se connecter à « ~a » : ~a~%"
 
-#: guix/ui.scm:485
+#: guix/ui.scm:583
 #, scheme-format
 msgid "build failed: ~a~%"
-msgstr "la compilation a échoué: ~a~%"
+msgstr "la compilation a échoué : ~a~%"
 
-#: guix/ui.scm:488
+#: guix/ui.scm:586
 #, scheme-format
 msgid "reference to invalid output '~a' of derivation '~a'~%"
 msgstr "référence à la sortie invalide « ~a » de la dérivation « ~a »~%"
 
-#: guix/ui.scm:492
+#: guix/ui.scm:590
 #, scheme-format
 msgid "file '~a' could not be found in these directories:~{ ~a~}~%"
-msgstr "le fichier « ~a » n'a pas été trouvé dans ces répertoires:~{ ~a~}~%"
+msgstr "le fichier « ~a » n'a pas été trouvé dans ces répertoires :~{ ~a~}~%"
 
-#: guix/ui.scm:504
+#: guix/ui.scm:607
 #, scheme-format
 msgid "~a: ~a~%"
 msgstr "~a: ~a~%"
 
-#: guix/ui.scm:539
+#: guix/ui.scm:642
 #, scheme-format
 msgid "failed to read expression ~s: ~s~%"
-msgstr "impossible de lire l'expression ~s: ~s~%"
+msgstr "impossible de lire l'expression ~s : ~s~%"
 
-#: guix/ui.scm:545
+#: guix/ui.scm:648
 #, scheme-format
 msgid "failed to evaluate expression '~a':~%"
-msgstr "impossible d'évaluer l'expression « ~a »:~%"
+msgstr "impossible d'évaluer l'expression « ~a » :~%"
 
-#: guix/ui.scm:548
+#: guix/ui.scm:651
 #, scheme-format
 msgid "syntax error: ~a~%"
-msgstr "erreur de syntaxe: ~a~%"
+msgstr "erreur de syntaxe : ~a~%"
 
-#: guix/ui.scm:566
+#: guix/ui.scm:669
 #, scheme-format
 msgid "expression ~s does not evaluate to a package~%"
 msgstr "l'expression ~s ne correspond à aucun paquet~%"
 
-#: guix/ui.scm:628
+#: guix/ui.scm:688
+msgid "at least ~,1h MB needed but only ~,1h MB available in ~a~%"
+msgstr "au moins ~,1h Mo sont nécessaires mais seulement ~,1h Mo sont disponibles dans ~a~%"
+
+#: guix/ui.scm:756
 #, scheme-format
 msgid "~:[The following derivation would be built:~%~{   ~a~%~}~;~]"
 msgid_plural "~:[The following derivations would be built:~%~{   ~a~%~}~;~]"
-msgstr[0] "~:[La dérivation suivante serait compilée:~%~{   ~a~%~}~;~]"
-msgstr[1] "~:[Les dérivations suivantes seraient compilées:~%~{   ~a~%~}~;~]"
+msgstr[0] "~:[La dérivation suivante serait compilée :~%~{   ~a~%~}~;~]"
+msgstr[1] "~:[Les dérivations suivantes seraient compilées :~%~{   ~a~%~}~;~]"
 
-#: guix/ui.scm:633
+#. TRANSLATORS: "MB" is for "megabyte"; it should be
+#. translated to the corresponding abbreviation.
+#: guix/ui.scm:764
+msgid "~:[~,1h MB would be downloaded:~%~{   ~a~%~}~;~]"
+msgstr "~:[~,1h Mo seraient téléchargés :~%~{   ~a~%~}~;~]"
+
+#: guix/ui.scm:769
 #, scheme-format
 msgid "~:[The following file would be downloaded:~%~{   ~a~%~}~;~]"
 msgid_plural "~:[The following files would be downloaded:~%~{   ~a~%~}~;~]"
-msgstr[0] "~:[Le fichier suivant serait téléchargé:~%~{   ~a~%~}~;~]"
-msgstr[1] "~:[Les fichiers suivants seraient téléchargés:~%~{   ~a~%~}~;~]"
+msgstr[0] "~:[Le fichier suivant serait téléchargé :~%~{   ~a~%~}~;~]"
+msgstr[1] "~:[Les fichiers suivants seraient téléchargés :~%~{   ~a~%~}~;~]"
 
-#: guix/ui.scm:639
+#: guix/ui.scm:776
 #, scheme-format
 msgid "~:[The following derivation will be built:~%~{   ~a~%~}~;~]"
 msgid_plural "~:[The following derivations will be built:~%~{   ~a~%~}~;~]"
-msgstr[0] "~:[La dérivation suivante sera compilée:~%~{   ~a~%~}~;~]"
-msgstr[1] "~:[Les dérivations suivantes seront compilées:~%~{   ~a~%~}~;~]"
+msgstr[0] "~:[La dérivation suivante sera compilée :~%~{   ~a~%~}~;~]"
+msgstr[1] "~:[Les dérivations suivantes seront compilées :~%~{   ~a~%~}~;~]"
+
+#. TRANSLATORS: "MB" is for "megabyte"; it should be
+#. translated to the corresponding abbreviation.
+#: guix/ui.scm:784
+msgid "~:[~,1h MB will be downloaded:~%~{   ~a~%~}~;~]"
+msgstr "~:[~,1h Mo seront téléchargés :~%~{   ~a~%~}~;~]"
 
-#: guix/ui.scm:644
+#: guix/ui.scm:789
 #, scheme-format
 msgid "~:[The following file will be downloaded:~%~{   ~a~%~}~;~]"
 msgid_plural "~:[The following files will be downloaded:~%~{   ~a~%~}~;~]"
-msgstr[0] "~:[Le fichier suivant sera téléchargé:~%~{   ~a~%~}~;~]"
-msgstr[1] "~:[Les fichiers suivants seront téléchargés:~%~{   ~a~%~}~;~]"
+msgstr[0] "~:[Le fichier suivant sera téléchargé :~%~{   ~a~%~}~;~]"
+msgstr[1] "~:[Les fichiers suivants seront téléchargés :~%~{   ~a~%~}~;~]"
 
-#: guix/ui.scm:700
+#: guix/ui.scm:849
 #, scheme-format
 msgid "The following package would be removed:~%~{~a~%~}~%"
 msgid_plural "The following packages would be removed:~%~{~a~%~}~%"
-msgstr[0] "Le paquet suivant serait supprimé:~%~{~a~%~}~%"
-msgstr[1] "Les paquets suivants seraient supprimés:~%~{~a~%~}~%"
+msgstr[0] "Le paquet suivant serait supprimé :~%~{~a~%~}~%"
+msgstr[1] "Les paquets suivants seraient supprimés :~%~{~a~%~}~%"
 
-#: guix/ui.scm:705
+#: guix/ui.scm:854
 #, scheme-format
 msgid "The following package will be removed:~%~{~a~%~}~%"
 msgid_plural "The following packages will be removed:~%~{~a~%~}~%"
-msgstr[0] "Le paquet suivant sera supprimé:~%~{~a~%~}~%"
-msgstr[1] "Les paquets suivants seront supprimés:~%~{~a~%~}~%"
+msgstr[0] "Le paquet suivant sera supprimé :~%~{~a~%~}~%"
+msgstr[1] "Les paquets suivants seront supprimés :~%~{~a~%~}~%"
 
-#: guix/ui.scm:718
+#: guix/ui.scm:867
 #, scheme-format
 msgid "The following package would be downgraded:~%~{~a~%~}~%"
 msgid_plural "The following packages would be downgraded:~%~{~a~%~}~%"
-msgstr[0] "Le paquet suivant serait mis à une version inférieure:~%~{~a~%~}~%"
-msgstr[1] "Les paquets suivants seraient mis à des versions inférieures:~%~{~a~%~}~%"
+msgstr[0] "Le paquet suivant serait mis à une version inférieure :~%~{~a~%~}~%"
+msgstr[1] "Les paquets suivants seraient mis à des versions inférieures :~%~{~a~%~}~%"
 
-#: guix/ui.scm:723
+#: guix/ui.scm:872
 #, scheme-format
 msgid "The following package will be downgraded:~%~{~a~%~}~%"
 msgid_plural "The following packages will be downgraded:~%~{~a~%~}~%"
-msgstr[0] "Le paquet suivant sera mis à une version inférieure:~%~{~a~%~}~%"
-msgstr[1] "Les paquets suivants seront mis à des versions inférieures:~%~{~a~%~}~%"
+msgstr[0] "Le paquet suivant sera mis à une version inférieure :~%~{~a~%~}~%"
+msgstr[1] "Les paquets suivants seront mis à des versions inférieures :~%~{~a~%~}~%"
 
-#: guix/ui.scm:736
+#: guix/ui.scm:885
 #, scheme-format
 msgid "The following package would be upgraded:~%~{~a~%~}~%"
 msgid_plural "The following packages would be upgraded:~%~{~a~%~}~%"
-msgstr[0] "Le paquet suivant serait mis à jour:~%~{~a~%~}~%"
-msgstr[1] "Les paquets suivants seraient mis à jour:~%~{~a~%~}~%"
+msgstr[0] "Le paquet suivant serait mis à jour :~%~{~a~%~}~%"
+msgstr[1] "Les paquets suivants seraient mis à jour :~%~{~a~%~}~%"
 
-#: guix/ui.scm:741
+#: guix/ui.scm:890
 #, scheme-format
 msgid "The following package will be upgraded:~%~{~a~%~}~%"
 msgid_plural "The following packages will be upgraded:~%~{~a~%~}~%"
-msgstr[0] "Le paquet suivant sera mis à jour:~%~{~a~%~}~%"
-msgstr[1] "Les paquets suivants seront mis à jour:~%~{~a~%~}~%"
+msgstr[0] "Le paquet suivant sera mis à jour :~%~{~a~%~}~%"
+msgstr[1] "Les paquets suivants seront mis à jour :~%~{~a~%~}~%"
 
-#: guix/ui.scm:752
+#: guix/ui.scm:901
 #, scheme-format
 msgid "The following package would be installed:~%~{~a~%~}~%"
 msgid_plural "The following packages would be installed:~%~{~a~%~}~%"
-msgstr[0] "Le paquet suivant serait installé:~%~{~a~%~}~%"
-msgstr[1] "Les paquets suivants seraient installés:~%~{~a~%~}~%"
+msgstr[0] "Le paquet suivant serait installé :~%~{~a~%~}~%"
+msgstr[1] "Les paquets suivants seraient installés :~%~{~a~%~}~%"
 
-#: guix/ui.scm:757
+#: guix/ui.scm:906
 #, scheme-format
 msgid "The following package will be installed:~%~{~a~%~}~%"
 msgid_plural "The following packages will be installed:~%~{~a~%~}~%"
-msgstr[0] "Le paquet suivant sera installé:~%~{~a~%~}~%"
-msgstr[1] "Les paquets suivants seront installés:~%~{~a~%~}~%"
+msgstr[0] "Le paquet suivant sera installé :~%~{~a~%~}~%"
+msgstr[1] "Les paquets suivants seront installés :~%~{~a~%~}~%"
 
-#: guix/ui.scm:774
+#: guix/ui.scm:923
 msgid "<unknown location>"
 msgstr "<emplacement inconnu>"
 
-#: guix/ui.scm:793
-#, scheme-format
-msgid "failed to create configuration directory `~a': ~a~%"
-msgstr "impossible de créer le répertoire de configuration « ~a »: ~a~%"
-
-#: guix/ui.scm:924 guix/ui.scm:938
-msgid "unknown"
-msgstr "inconnu"
-
-#: guix/ui.scm:1097
+#: guix/ui.scm:1285
 #, scheme-format
 msgid "Generation ~a\t~a"
 msgstr "Génération ~a\t~a"
@@ -2837,62 +3141,62 @@ msgstr "Génération ~a\t~a"
 #. TRANSLATORS: The word "current" here is an adjective for
 #. "Generation", as in "current generation".  Use the appropriate
 #. gender where applicable.
-#: guix/ui.scm:1107
+#: guix/ui.scm:1295
 #, scheme-format
 msgid "~a\t(current)~%"
 msgstr "~a\t(actuel)~%"
 
-#: guix/ui.scm:1150
+#: guix/ui.scm:1338
 #, scheme-format
 msgid "switched from generation ~a to ~a~%"
 msgstr "passé de la génération ~a à ~a~%"
 
-#: guix/ui.scm:1166
+#: guix/ui.scm:1354
 #, scheme-format
 msgid "deleting ~a~%"
 msgstr "suppression de ~a~%"
 
-#: guix/ui.scm:1197
+#: guix/ui.scm:1385
 #, scheme-format
 msgid "Try `guix --help' for more information.~%"
 msgstr "Essayez « guix --help » pour plus d'informations.~%"
 
-#: guix/ui.scm:1225
+#: guix/ui.scm:1413
 msgid ""
 "Usage: guix COMMAND ARGS...\n"
 "Run COMMAND with ARGS.\n"
 msgstr ""
-"Usage: guix COMMANDE ARGS...\n"
+"Usage : guix COMMANDE ARGS...\n"
 "Lance la COMMANDE avec les arguments ARGS.\n"
 
-#: guix/ui.scm:1228
+#: guix/ui.scm:1416
 msgid "COMMAND must be one of the sub-commands listed below:\n"
-msgstr "COMMANDE doit être une des sous-commandes listées ci-dessous:\n"
+msgstr "COMMANDE doit être une des sous-commandes listées ci-dessous :\n"
 
-#: guix/ui.scm:1248
+#: guix/ui.scm:1436
 #, scheme-format
 msgid "guix: ~a: command not found~%"
-msgstr "guix: ~a: commande introuvable~%"
+msgstr "guix : ~a : commande introuvable~%"
 
-#: guix/ui.scm:1267
+#: guix/ui.scm:1466
 #, scheme-format
 msgid "guix: missing command name~%"
-msgstr "guix: nom de commande manquant~%"
+msgstr "guix : nom de commande manquant~%"
 
-#: guix/ui.scm:1275
+#: guix/ui.scm:1474
 #, scheme-format
 msgid "guix: unrecognized option '~a'~%"
-msgstr "guix: option « ~a » non reconnue ~%"
+msgstr "guix : option « ~a » non reconnue ~%"
 
-#: guix/http-client.scm:265
+#: guix/http-client.scm:269
 #, scheme-format
 msgid "following redirection to `~a'...~%"
 msgstr "redirection vers « ~a »...~%"
 
-#: guix/http-client.scm:277
+#: guix/http-client.scm:281
 #, scheme-format
 msgid "~a: HTTP download failed: ~a (~s)"
-msgstr "~a: le téléchargement HTTP a échoué: ~a (~s)"
+msgstr "~a : le téléchargement HTTP a échoué : ~a (~s)"
 
 #: guix/nar.scm:155
 msgid "signature is not a valid s-expression"
@@ -2936,114 +3240,171 @@ msgstr "les fichiers importés requièrent une signature"
 msgid "invalid inter-file archive mark"
 msgstr "marque d'archive inter-fichier non valide"
 
-#: nix/nix-daemon/guix-daemon.cc:61
+#: nix/nix-daemon/guix-daemon.cc:66
 msgid "guix-daemon -- perform derivation builds and store accesses"
 msgstr "guix-daemon -- réalise les compilations des dérivations et les accès au stockage"
 
-#: nix/nix-daemon/guix-daemon.cc:63
+#: nix/nix-daemon/guix-daemon.cc:68
 msgid "This program is a daemon meant to run in the background.  It serves requests sent over a Unix-domain socket.  It accesses the store, and builds derivations on behalf of its clients."
 msgstr "Ce programme est un démon qui tourne en tâche de fond. Il répond aux requêtes envoyées via des socket de type Unix-domain. Il accède au stockage et compile les dérivations pour le compte de ses clients."
 
-#: nix/nix-daemon/guix-daemon.cc:87
+#: nix/nix-daemon/guix-daemon.cc:94
 msgid "SYSTEM"
 msgstr "SYSTÈME"
 
-#: nix/nix-daemon/guix-daemon.cc:88
+#: nix/nix-daemon/guix-daemon.cc:95
 msgid "assume SYSTEM as the current system type"
 msgstr "suppose que SYSTÈME est le type de système actuel"
 
-#: nix/nix-daemon/guix-daemon.cc:89 nix/nix-daemon/guix-daemon.cc:92
+#: nix/nix-daemon/guix-daemon.cc:96 nix/nix-daemon/guix-daemon.cc:99
 msgid "N"
 msgstr "N"
 
-#: nix/nix-daemon/guix-daemon.cc:90
+#: nix/nix-daemon/guix-daemon.cc:97
 msgid "use N CPU cores to build each derivation; 0 means as many as available"
-msgstr "utilise N cœurs CPU pour compiler chaque dérivation; 0 signifie autant que disponible"
+msgstr "utilise N cœurs CPU pour compiler chaque dérivation ; 0 signifie autant que disponible"
 
-#: nix/nix-daemon/guix-daemon.cc:93
+#: nix/nix-daemon/guix-daemon.cc:100
 msgid "allow at most N build jobs"
 msgstr "autorise au plus N tâches de compilation"
 
-#: nix/nix-daemon/guix-daemon.cc:95
+#: nix/nix-daemon/guix-daemon.cc:101 nix/nix-daemon/guix-daemon.cc:103
+msgid "SECONDS"
+msgstr "SECONDES"
+
+#: nix/nix-daemon/guix-daemon.cc:102
+msgid "mark builds as failed after SECONDS of activity"
+msgstr "marque les constructions comme ayant échoué après SECONDES d'activité"
+
+#: nix/nix-daemon/guix-daemon.cc:104
+msgid "mark builds as failed after SECONDS of silence"
+msgstr "marque les constructions comme ayant échoué après SECONDES de silence"
+
+#: nix/nix-daemon/guix-daemon.cc:106
 msgid "disable chroot builds"
 msgstr "désactive les compilations chroot"
 
-#: nix/nix-daemon/guix-daemon.cc:96
+#: nix/nix-daemon/guix-daemon.cc:107
 msgid "DIR"
 msgstr "RÉP"
 
-#: nix/nix-daemon/guix-daemon.cc:97
+#: nix/nix-daemon/guix-daemon.cc:108
 msgid "add DIR to the build chroot"
 msgstr "ajoute RÉP au chroot de compilation"
 
-#: nix/nix-daemon/guix-daemon.cc:98
+#: nix/nix-daemon/guix-daemon.cc:109
 msgid "GROUP"
 msgstr "GROUPE"
 
-#: nix/nix-daemon/guix-daemon.cc:99
+#: nix/nix-daemon/guix-daemon.cc:110
 msgid "perform builds as a user of GROUP"
 msgstr "réalise les compilations en tant qu'un utilisateur du GROUPE"
 
-#: nix/nix-daemon/guix-daemon.cc:101
+#: nix/nix-daemon/guix-daemon.cc:112
 msgid "do not use substitutes"
 msgstr "ne pas utiliser de substituts"
 
-#: nix/nix-daemon/guix-daemon.cc:102
+#: nix/nix-daemon/guix-daemon.cc:113
 msgid "URLS"
 msgstr "URLS"
 
-#: nix/nix-daemon/guix-daemon.cc:103
+#: nix/nix-daemon/guix-daemon.cc:114
 msgid "use URLS as the default list of substitute providers"
 msgstr "utilise URLS comme liste par défaut de fournisseurs de substituts"
 
-#: nix/nix-daemon/guix-daemon.cc:105
+#: nix/nix-daemon/guix-daemon.cc:116
 msgid "do not use the 'build hook'"
 msgstr "n'utilise pas le « build hook »"
 
-#: nix/nix-daemon/guix-daemon.cc:107
+#: nix/nix-daemon/guix-daemon.cc:118
 msgid "cache build failures"
 msgstr "garde les fonctionnalités de compilation en cache"
 
-#: nix/nix-daemon/guix-daemon.cc:109
+#: nix/nix-daemon/guix-daemon.cc:120
 msgid "build each derivation N times in a row"
 msgstr "compile chaque dérivation N fois de suite"
 
-#: nix/nix-daemon/guix-daemon.cc:111
+#: nix/nix-daemon/guix-daemon.cc:122
 msgid "do not keep build logs"
 msgstr "ne conserve pas les journaux de compilation"
 
-#: nix/nix-daemon/guix-daemon.cc:113
+#: nix/nix-daemon/guix-daemon.cc:124
 msgid "disable compression of the build logs"
 msgstr "désactive la compression des journaux de compilation"
 
-#: nix/nix-daemon/guix-daemon.cc:118
+#: nix/nix-daemon/guix-daemon.cc:129
 msgid "disable automatic file \"deduplication\" in the store"
 msgstr "désactive la « déduplication » automatique des fichiers dans le stockage"
 
-#: nix/nix-daemon/guix-daemon.cc:128
+#: nix/nix-daemon/guix-daemon.cc:139
 msgid "impersonate Linux 2.6"
 msgstr "se faire passer pour Linux 2.6"
 
-#: nix/nix-daemon/guix-daemon.cc:132
+#: nix/nix-daemon/guix-daemon.cc:143
 msgid "tell whether the GC must keep outputs of live derivations"
 msgstr "indique si le GC doit garder les sorties des dérivations en temps réel"
 
-#: nix/nix-daemon/guix-daemon.cc:135
+#: nix/nix-daemon/guix-daemon.cc:146
 msgid "tell whether the GC must keep derivations corresponding to live outputs"
 msgstr "indique si le GC doit garder les dérivations correspondant aux sorties en temps réel"
 
-#: nix/nix-daemon/guix-daemon.cc:138
+#: nix/nix-daemon/guix-daemon.cc:149
 msgid "SOCKET"
 msgstr "SOCKET"
 
-#: nix/nix-daemon/guix-daemon.cc:139
+#: nix/nix-daemon/guix-daemon.cc:150
 msgid "listen for connections on SOCKET"
 msgstr "écoute sur SOCKET pour des connexions"
 
-#: nix/nix-daemon/guix-daemon.cc:141
+#: nix/nix-daemon/guix-daemon.cc:152
 msgid "produce debugging output"
 msgstr "produit une sortie de déboguage"
 
+#~ msgid "unrecognized option: ~a~%"
+#~ msgstr "option non reconnue: ~a~%"
+
+#~ msgid "tarball did not produce a single source directory"
+#~ msgstr "la tarball n'a produit aucun répertoire source"
+
+#~ msgid "unpacking '~a'...~%"
+#~ msgstr "dépaquetage « ~a »...~%"
+
+#~ msgid "failed to unpack source code"
+#~ msgstr "échec du dépaquetage du code source"
+
+#~ msgid "failed to download up-to-date source, exiting\n"
+#~ msgstr "impossible de télécharger une source à jour; fin\n"
+
+#~ msgid "substitute at '~a' lacks a signature~%"
+#~ msgstr "le substitut à « ~a » n'a pas de signature~%"
+
+#~ msgid "Found valid signature for ~a~%"
+#~ msgstr "Signature valide trouvée pour ~a~%"
+
+#~ msgid "From ~a~%"
+#~ msgstr "De ~a~%"
+
+#~ msgid "Downloading ~a~:[~*~; (~a installed)~]...~%"
+#~ msgstr "Téléchargement de ~a~:[~*~; (~a installé)~]...~%"
+
+#~ msgid "failed to install GRUB on device '~a'~%"
+#~ msgstr "échec de l'installation de GRUB sur le périphérique « ~a »~%"
+
+#~ msgid "failed to re-install GRUB configuration file: '~a'~%"
+#~ msgstr "échec à la ré-installation du fichier de configuration de GRUB: « ~a »~%"
+
+#~ msgid "assuming no CVE vulnerabilities~%"
+#~ msgstr "on suppose qu'il n'y a pas de vulnérabilités CVE~%"
+
+#~ msgid "failed to lookup NIST host: ~a~%"
+#~ msgstr "impossible de trouver l'hôte NIST: ~a~%"
+
+#~ msgid "Updater for GNOME packages"
+#~ msgstr "Logiciel de mise à jour des paquets GNOME"
+
+#~ msgid "failed to create configuration directory `~a': ~a~%"
+#~ msgstr "impossible de créer le répertoire de configuration « ~a »: ~a~%"
+
 #~ msgid "deprecated NAME-VERSION syntax; use NAME@VERSION instead~%"
 #~ msgstr "syntaxe NOM-VERSION dépréciée. Utilisez plutôt NOM@VERSION~%"
 
@@ -3056,12 +3417,6 @@ msgstr "produit une sortie de déboguage"
 #~ msgid "~a: no substitute at '~a'~%"
 #~ msgstr "~a: pas de substitut à « ~a »~%"
 
-#~ msgid "no substitutes for '~a'~%"
-#~ msgstr "pas de substitut pour « ~a »~%"
-
-#~ msgid "  ~50a: unavailable~%"
-#~ msgstr "  ~50a: non disponible~%"
-
 #~ msgid "gz"
 #~ msgstr "gz"
 
@@ -3083,9 +3438,6 @@ msgstr "produit une sortie de déboguage"
 #~ msgid "unsupported argument for reference graph"
 #~ msgstr "argument non supporté pour le graphe de référence"
 
-#~ msgid "looking for the latest release of GNU ~a..."
-#~ msgstr "recherche de la dernière version de GNU ~a..."
-
 #~ msgid "~a: note: using ~a but ~a is available upstream~%"
 #~ msgstr "~a: note: utilisation de ~a mais ~a est disponible en amont"
 
diff --git a/po/packages/POTFILES.in b/po/packages/POTFILES.in
index cfc542f50e..9a178edfa6 100644
--- a/po/packages/POTFILES.in
+++ b/po/packages/POTFILES.in
@@ -58,4 +58,6 @@ gnu/packages/web.scm
 gnu/packages/wordnet.scm
 gnu/packages/xiph.scm
 gnu/services/base.scm
+gnu/services/certbot.scm
 gnu/services/networking.scm
+gnu/services/version-control.scm
diff --git a/tests/guix-system.sh b/tests/guix-system.sh
index 4bb866adfa..213864833a 100644
--- a/tests/guix-system.sh
+++ b/tests/guix-system.sh
@@ -123,9 +123,9 @@ else
     then
 	# FIXME: With Guile 2.2.0 the error is reported on line 4.
 	# See <http://bugs.gnu.org/26107>.
-	grep "$tmpfile:[49]:[0-9]: GRUB-config.*[Uu]nbound variable" "$errorfile"
+	grep "$tmpfile:[49]:[0-9]\+: GRUB-config.*[Uu]nbound variable" "$errorfile"
     else
-	grep "$tmpfile:9:[0-9]: GRUB-config.*[Uu]nbound variable" "$errorfile"
+	grep "$tmpfile:9:[0-9]\+: GRUB-config.*[Uu]nbound variable" "$errorfile"
     fi
 fi
 
diff --git a/tests/lint.scm b/tests/lint.scm
index 1d0fc4708c..064f3d177e 100644
--- a/tests/lint.scm
+++ b/tests/lint.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013 Cyril Roelandt <tipecaml@gmail.com>
 ;;; Copyright © 2014, 2015, 2016 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016 Mathieu Lirzin <mthl@gnu.org>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Alex Kost <alezost@gmail.com>
@@ -331,6 +331,19 @@
          (check-patch-file-names pkg)))
      "file names of patches should start with the package name")))
 
+(test-assert "patches: file name too long"
+  (->bool
+   (string-contains
+     (with-warnings
+       (let ((pkg (dummy-package "x"
+                    (source
+                     (dummy-origin
+                      (patches (list (string-append "x-"
+                                                    (make-string 100 #\a)
+                                                    ".patch"))))))))
+         (check-patch-file-names pkg)))
+     "file name is too long")))
+
 (test-assert "patches: not found"
   (->bool
    (string-contains
diff --git a/tests/publish.scm b/tests/publish.scm
index f33898fd58..352caf5325 100644
--- a/tests/publish.scm
+++ b/tests/publish.scm
@@ -352,7 +352,7 @@ FileSize: ~a~%"
        (let* ((base     "http://localhost:6797/")
               (part     (store-path-hash-part %item))
               (url      (string-append base part ".narinfo"))
-              (nar-url  (string-append base "/nar/gzip/" (basename %item)))
+              (nar-url  (string-append base "nar/gzip/" (basename %item)))
               (cached   (string-append cache "/gzip/" (basename %item)
                                        ".narinfo"))
               (nar      (string-append cache "/gzip/"
diff --git a/tests/store.scm b/tests/store.scm
index 45aeb329b0..fdf3be33f6 100644
--- a/tests/store.scm
+++ b/tests/store.scm
@@ -180,7 +180,9 @@
                               (random-text) '())))
     (let-values (((paths freed) (delete-paths %store (list p))))
       (and (equal? paths (list p))
-           (> freed 0)
+           ;; XXX: On some file systems (notably Btrfs), freed
+           ;; may return 0.  See <https://bugs.gnu.org/29363>.
+           ;;(> freed 0)
            (not (file-exists? p))))))
 
 (test-assert "add-text-to-store vs. delete-paths"
diff --git a/tests/syscalls.scm b/tests/syscalls.scm
index 2b5c4c3be1..22ca2a05d4 100644
--- a/tests/syscalls.scm
+++ b/tests/syscalls.scm
@@ -525,7 +525,12 @@
      (every (lambda (entry)
               (match (utmpx-user entry)
                 ((? string?)
-                 (or (eqv? (login-type BOOT_TIME) (utmpx-login-type entry))
+                 ;; Ensure we have a valid PID for those entries where it
+                 ;; makes sense.
+                 (or (not (memv (utmpx-login-type entry)
+                                (list (login-type INIT_PROCESS)
+                                      (login-type LOGIN_PROCESS)
+                                      (login-type USER_PROCESS))))
                      (> (utmpx-pid entry) 0)))
                 (#f                               ;might be DEAD_PROCESS
                  #t)))