summary refs log tree commit diff
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2017-06-20 00:25:59 -0400
committerMark H Weaver <mhw@netris.org>2017-06-20 00:25:59 -0400
commit9815739e9bc5de4a4fbcc710221c2cee377664d4 (patch)
treecbbbc05fff4acdfdb05d9b1e5ae5f5eea6fdefbd
parente46e9573855d5ee4f71db0ce77159bbc636330c1 (diff)
parent16b0f205cf03eb94ef228d763d94718342027117 (diff)
downloadguix-9815739e9bc5de4a4fbcc710221c2cee377664d4.tar.gz
Merge branch 'master' into core-updates
-rw-r--r--gnu/local.mk2
-rw-r--r--gnu/packages/connman.scm5
-rw-r--r--gnu/packages/embedded.scm3
-rw-r--r--gnu/packages/enlightenment.scm65
-rw-r--r--gnu/packages/finance.scm4
-rw-r--r--gnu/packages/gnome.scm6
-rw-r--r--gnu/packages/guile.scm2
-rw-r--r--gnu/packages/linux.scm36
-rw-r--r--gnu/packages/mail.scm5
-rw-r--r--gnu/packages/maths.scm4
-rw-r--r--gnu/packages/networking.scm31
-rw-r--r--gnu/packages/patches/exim-CVE-2017-1000369.patch59
-rw-r--r--gnu/packages/patches/miniupnpc-CVE-2017-8798.patch55
-rw-r--r--gnu/packages/python.scm41
-rw-r--r--gnu/packages/security-token.scm6
-rw-r--r--gnu/packages/shells.scm2
-rw-r--r--gnu/packages/tex.scm12
-rw-r--r--gnu/packages/tls.scm41
-rw-r--r--gnu/packages/upnp.scm5
-rw-r--r--gnu/packages/version-control.scm9
-rw-r--r--gnu/packages/video.scm6
-rw-r--r--gnu/packages/web.scm4
-rw-r--r--guix/build-system/texlive.scm4
-rw-r--r--guix/store.scm63
24 files changed, 335 insertions, 135 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 4acc699753..1ae2a2d264 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -571,6 +571,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/emacs-source-date-epoch.patch		\
   %D%/packages/patches/eudev-rules-directory.patch		\
   %D%/packages/patches/evilwm-lost-focus-bug.patch		\
+  %D%/packages/patches/exim-CVE-2017-1000369.patch		\
   %D%/packages/patches/fabric-tests.patch			\
   %D%/packages/patches/fastcap-mulGlobal.patch			\
   %D%/packages/patches/fastcap-mulSetup.patch			\
@@ -805,7 +806,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/mesa-wayland-egl-symbols-check-mips.patch	\
   %D%/packages/patches/metabat-remove-compilation-date.patch	\
   %D%/packages/patches/mhash-keygen-test-segfault.patch		\
-  %D%/packages/patches/miniupnpc-CVE-2017-8798.patch		\
   %D%/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch		\
   %D%/packages/patches/mpc123-initialize-ao.patch		\
   %D%/packages/patches/module-init-tools-moduledir.patch	\
diff --git a/gnu/packages/connman.scm b/gnu/packages/connman.scm
index 08e725118d..8f567fa61b 100644
--- a/gnu/packages/connman.scm
+++ b/gnu/packages/connman.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
@@ -114,6 +114,9 @@ sharing) to clients via USB, ethernet, WiFi, cellular and Bluetooth.")
      `(#:configure-flags '("--localstatedir=/var")
        #:phases
        (modify-phases %standard-phases
+         (add-after 'unpack 'set-home-directory
+           ;; FATAL: Cannot create run dir '/homeless-shelter/.run' - errno=2
+           (lambda _ (setenv "HOME" "/tmp") #t))
          (add-after 'install 'wrap-binary
            (lambda* (#:key outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
diff --git a/gnu/packages/embedded.scm b/gnu/packages/embedded.scm
index b81eedbd80..e0e1793db1 100644
--- a/gnu/packages/embedded.scm
+++ b/gnu/packages/embedded.scm
@@ -507,7 +507,8 @@ with a layered architecture of JTAG interface and TAP support.")
                 (patches
                  (append
                   (origin-patches (package-source gcc-4.7))
-                  (search-patches "gcc-4.6-gnu-inline.patch")))))
+                  (search-patches "gcc-4.6-gnu-inline.patch"
+                                  "gcc-cross-environment-variables.patch")))))
       (home-page "https://github.com/dbetz/propgcc-gcc"))))
 
 ;; There is no release, so we take the latest version as referenced from here:
diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm
index 6487446336..50da8c8d2f 100644
--- a/gnu/packages/enlightenment.scm
+++ b/gnu/packages/enlightenment.scm
@@ -58,7 +58,7 @@
 (define-public efl
   (package
     (name "efl")
-    (version "1.18.5")
+    (version "1.19.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -66,7 +66,7 @@
                     version ".tar.xz"))
               (sha256
                (base32
-                "0wxz00cijynamm0sx4ss4hp89zyz5y6zliv5zd905jn4nak2mw2n"))))
+                "0fndwraca9rg0bz3al4isdprvyw56szr88qiyvglb4j8ygsylscc"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -109,7 +109,7 @@
        ("xproto" ,xproto)))
     (propagated-inputs
      ;; All these inputs are in package config files in section
-     ;; Require.private.
+     ;; Requires.private.
      `(("bullet" ,bullet) ; ephysics.pc
        ("dbus" ,dbus) ; eldbus.pc, elementary.pc, elocation.pc, ethumb_client.pc
        ("eudev" ,eudev) ; eeze.pc
@@ -123,17 +123,23 @@
        ("libsndfile" ,libsndfile) ; ecore-audio.pc, ecore-audio-cxx.pc
        ("openssl" ,openssl) ; ecore-con.pc, eet.pc, eet-cxx.pc, emile.pc
        ("pulseaudio" ,pulseaudio) ; ecore-audio.pc, ecore-audio-cxx.pc
-       ("util-linux" ,util-linux) ; eeze.pc
+       ("util-linux" ,util-linux) ; mount: eeze.pc
        ("zlib" ,zlib))) ; eet.pc, eet-cxx.pc, emile.pc
     (arguments
      `(#:configure-flags '("--disable-silent-rules"
+                           "--disable-systemd"
                            "--enable-liblz4"
                            "--enable-xinput22"
                            "--enable-image-loader-webp"
                            "--enable-multisense"
                            "--with-opengl=es"
                            "--enable-egl"
-                           "--enable-harfbuzz")))
+                           "--enable-harfbuzz")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'set-home-directory
+           ;; FATAL: Cannot create run dir '/homeless-shelter/.run' - errno=2
+           (lambda _ (setenv "HOME" "/tmp") #t)))))
     (home-page "https://www.enlightenment.org/about-efl")
     (synopsis "Enlightenment Foundation Libraries")
     (description
@@ -157,6 +163,12 @@ removable devices or support for multimedia.")
                (base32
                 "1x4j2q4qqj10ckbka0zaq2r2zm66ff1x791kp8slv1ff7fw45vdz"))))
     (build-system gnu-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'set-home-directory
+           ;; FATAL: Cannot create run dir '/homeless-shelter/.run' - errno=2
+           (lambda _ (setenv "HOME" "/tmp") #t)))))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (inputs
@@ -184,6 +196,12 @@ contents and more.")
                (base32
                 "06kbgcnbhl9clhdl7k983m4d0n6ggsl4qvizzi1nrp8c7np87fix"))))
     (build-system gnu-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'set-home-directory
+           ;; FATAL: Cannot create run dir '/homeless-shelter/.run' - errno=2
+           (lambda _ (setenv "HOME" "/tmp") #t)))))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (inputs
@@ -198,7 +216,7 @@ Libraries with some extra bells and whistles.")
 (define-public enlightenment
   (package
     (name "enlightenment")
-    (version "0.21.7")
+    (version "0.21.8")
     (source (origin
               (method url-fetch)
               (uri
@@ -206,25 +224,34 @@ Libraries with some extra bells and whistles.")
                               name "/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1xvngjdsa0p901vfhrh2qpa50k32hwwhc8bgi16a9b5d9byzfhvn"))))
+                "0cjjiip12hd8bfjl9ccl3vzl81pxh1wpymxk2yvrzf6ap5girhps"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags '("--enable-mount-eeze")
        #:phases
        (modify-phases %standard-phases
-         (add-before 'configure 'fix-keyboard
-           (lambda _
-             (let ((xkeyboard (assoc-ref %build-inputs "xkeyboard-config")))
+         (add-before 'configure 'set-system-actions
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((xkeyboard (assoc-ref inputs "xkeyboard-config"))
+                   (utils     (assoc-ref inputs "util-linux")))
                ;; We need to patch the path to 'base.lst' to be able
                ;; to switch the keyboard layout in E.
                (substitute* "src/modules/xkbswitch/e_mod_parse.c"
                  (("/usr/share/X11/xkb/rules/xorg.lst")
                   (string-append xkeyboard
                                  "/share/X11/xkb/rules/base.lst")))
+               (substitute* "configure"
+                 (("/bin/mount") (string-append utils "/bin/mount"))
+                 (("/bin/umount") (string-append utils "/bin/umount"))
+                 (("/usr/bin/eject") (string-append utils "/bin/eject"))
+                 ; TODO: Replace suspend and hibernate also.
+                 (("/sbin/shutdown -h now") "/run/current-system/profile/sbin/halt")
+                 (("/sbin/shutdown -r now") "/run/current-system/profile/sbin/reboot"))
                #t))))))
     (native-inputs
      `(("gettext" ,gettext-minimal)
-       ("pkg-config" ,pkg-config)))
+       ("pkg-config" ,pkg-config)
+       ("util-linux" ,util-linux)))
     (inputs
      `(("alsa-lib" ,alsa-lib)
        ("dbus" ,dbus)
@@ -247,14 +274,14 @@ embedded systems.")
 (define-public python-efl
   (package
     (name "python-efl")
-    (version "1.18.0")
+    (version "1.19.0")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "python-efl" version))
         (sha256
          (base32
-          "0x49rb7mx7ysjp23m919r2rx8qnl4xackhl9s9x2697m7cs77n1r"))))
+          "0l0f9bv1134qh5376p5asycncidrhp8hdb6qwd8ybr1a61q9zq67"))))
     (build-system python-build-system)
     (arguments
      '(#:phases
@@ -297,7 +324,7 @@ Libraries stack (eo, evas, ecore, edje, emotion, ethumb and elementary).")
 (define-public edi
   (package
     (name "edi")
-    (version "0.4.0")
+    (version "0.5.0")
     (source
       (origin
         (method url-fetch)
@@ -305,9 +332,15 @@ Libraries stack (eo, evas, ecore, edje, emotion, ethumb and elementary).")
                             "download/v" version "/edi-" version ".tar.bz2"))
         (sha256
          (base32
-          "0qczz5psryxasphg5km95845h510237rf0k1dy8f0dad52ii90j1"))))
+          "1l90x1bw82a0df6r11wd55qizhi99gg0qcljwxga606ahy6ycnkn"))))
     (build-system gnu-build-system)
-    (arguments '(#:configure-flags '("--with-tests=coverage")))
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'set-home-directory
+           ;; FATAL: Cannot create run dir '/homeless-shelter/.run' - errno=2
+           (lambda _ (setenv "HOME" "/tmp") #t)))
+       #:configure-flags '("--with-tests=coverage")))
     (native-inputs
      `(("check" ,check)
        ("lcov" ,lcov)
diff --git a/gnu/packages/finance.scm b/gnu/packages/finance.scm
index fb2543bceb..04ae70b07a 100644
--- a/gnu/packages/finance.scm
+++ b/gnu/packages/finance.scm
@@ -49,7 +49,7 @@
 (define-public bitcoin-core
   (package
     (name "bitcoin-core")
-    (version "0.14.1")
+    (version "0.14.2")
     (source (origin
              (method url-fetch)
              (uri
@@ -57,7 +57,7 @@
                              version "/bitcoin-" version ".tar.gz"))
              (sha256
               (base32
-               "18zrsinlwkj4q5bj2hzswbhswkvd0sdfi6skfwqwwk85gzh064pj"))))
+               "1jp8vdc25gs46gj1d9mraqa1xnampffpa7mdy0fw80xca77fbi0s"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 29b8dab7f8..32e3e37562 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -6291,7 +6291,11 @@ text views, and buttons to choose the language.")
      ;; Disable the Python bindings because the Planner program functions
      ;; without them, and (as of 2017-06-13) we have not packaged all of
      ;; packages that are necessary for building the Python bindings.
-     `(#:configure-flags (list "--disable-python")))
+     `(#:configure-flags
+       (list "--disable-python"
+             ,@(if (string=? "aarch64-linux" (%current-system))
+                   '("--build=aarch64-unknown-linux-gnu")
+                   '()))))
     (inputs
      `(("libgnomecanvas" ,libgnomecanvas)
        ("libgnomeui" ,libgnomeui)
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index e4629d90d6..5577ad98e7 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -239,7 +239,7 @@ without requiring the source code to be rewritten.")
               (snippet '(for-each delete-file
                                   (find-files "prebuilt" "\\.go$")))))
     (properties '((timeout . 72000)               ;20 hours
-                  (max-silent-time . 21600)))     ;6 hours (needed on ARM
+                  (max-silent-time . 36000)))     ;10 hours (needed on ARM
                                                   ;  when heavily loaded)
     (native-search-paths
      (list (search-path-specification
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index f7e6853b62..93b29ed781 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -365,19 +365,49 @@ It has been modified to remove all non-free binary blobs.")
   (make-linux-libre %linux-libre-version
                     %linux-libre-hash
                     %intel-compatible-systems
-                    #:configuration-file kernel-config))
+                    #:configuration-file kernel-config
+                    #:patches
+                    (list %boot-logo-patch
+                          (origin
+                            (method url-fetch)
+                            (uri "\
+https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=167ec8235f978d7af78c73e9490dae1af3fee67f")
+                            (file-name "linux-libre-4.11-CVE-2017-1000364.patch")
+                            (sha256
+                             (base32
+                              "0hv3lxjgpssvsldkydg5q7znnzxv5ncpzrk6g11q01k3gkl0q689"))))))
 
 (define-public linux-libre-4.9
   (make-linux-libre "4.9.33"
                     "1dam6vqymhlx1vsl0lzxphamiifgyf97snxg18b2czqq402nz094"
                     %intel-compatible-systems
-                    #:configuration-file kernel-config))
+                    #:configuration-file kernel-config
+                    #:patches
+                    (list %boot-logo-patch
+                          (origin
+                            (method url-fetch)
+                            (uri "\
+https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=37c40b6777f0bc8a63f616479c469b371097f333")
+                            (file-name "linux-libre-4.9-CVE-2017-1000364.patch")
+                            (sha256
+                             (base32
+                              "0zhnh8ysiqldxlnd50bjrxagzx29kc8nlajdrikii2x2ibkbfb4i"))))))
 
 (define-public linux-libre-4.4
   (make-linux-libre "4.4.73"
                     "144ssqw1dr86z4cgl797pq5rggfibsxqk7wmfbl6j92l1cj6yjrz"
                     %intel-compatible-systems
-                    #:configuration-file kernel-config))
+                    #:configuration-file kernel-config
+                    #:patches
+                    (list %boot-logo-patch
+                          (origin
+                            (method url-fetch)
+                            (uri "\
+https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=87422f5b9b4f43efef4eaf37d7d040aed96500cb")
+                            (file-name "linux-libre-4.4-CVE-2017-1000364.patch")
+                            (sha256
+                             (base32
+                              "137p1cpiwlbvw4x12w1l23iy593xmdry60kd7j9kk690r9arfagw"))))))
 
 (define-public linux-libre-4.1
   (make-linux-libre "4.1.41"
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index f4003d7391..4f16853a97 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -996,7 +996,7 @@ delivery.")
 (define-public exim
   (package
     (name "exim")
-    (version "4.87.1")
+    (version "4.89")
     (source
      (origin
        (method url-fetch)
@@ -1004,9 +1004,10 @@ delivery.")
                                  version ".tar.bz2")
                   (string-append "ftp://ftp.exim.org/pub/exim/exim4/old/exim-"
                                  version ".tar.bz2")))
+       (patches (search-patches "exim-CVE-2017-1000369.patch"))
        (sha256
         (base32
-         "050m2gjzpc6vyik458h1j0vi8bxplkzjsyndkyd2y394i569kdyl"))))
+         "1c0syp7yxngmq7y8vqsrvijinzin5m941vn0ljihdfld7kh2wbwi"))))
     (build-system gnu-build-system)
     (inputs
      `(("bdb" ,bdb)
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 94109b559a..014ad5d7d5 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -317,7 +317,7 @@ the OCaml language.")
 (define-public glpk
   (package
     (name "glpk")
-    (version "4.61")
+    (version "4.62")
     (source
      (origin
       (method url-fetch)
@@ -325,7 +325,7 @@ the OCaml language.")
                           version ".tar.gz"))
       (sha256
        (base32
-        "1adbvwiaqrv9pql9ry3lhn2vfsxnff2vh4fs477d90kpfx0xwrlq"))))
+        "0w7s3869ybwyq9a4490dikpib1qp3jnn5nqz1vvwqy1qz3ilnvh9"))))
     (build-system gnu-build-system)
     (inputs
      `(("gmp" ,gmp)))
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 5d1c432da3..ed0420b422 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2014, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2015, 2016 Stefan Reichör <stefan@xsteve.at>
+;;; Copyright © 2015, 2016, 2017 Stefan Reichör <stefan@xsteve.at>
 ;;; Copyright © 2016 Raimon Grau <raimonster@gmail.com>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
@@ -474,7 +474,7 @@ which can be used to encrypt a password with @code{crypt(3)}.")
 (define-public wireshark
   (package
     (name "wireshark")
-    (version "2.2.6")
+    (version "2.2.7")
     (synopsis "Network traffic analyzer")
     (source
      (origin
@@ -483,7 +483,7 @@ which can be used to encrypt a password with @code{crypt(3)}.")
                            version ".tar.bz2"))
        (sha256
         (base32
-         "0jd89i9si43lyv3hsl6p1lkjmz4zagvc37wcbigsxxc5v8gda9zn"))))
+         "1dfvhra5v6xhzbp097qsxi0zvirw0srbasl4v1wjf58v49idz7b8"))))
     (build-system glib-or-gtk-build-system)
     (inputs `(("bison" ,bison)
               ("c-ares" ,c-ares)
@@ -522,6 +522,31 @@ network frames.")
     (license license:gpl2+)
     (home-page "https://www.wireshark.org/")))
 
+(define-public fping
+  (package
+    (name "fping")
+    (version "4.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://fping.org/dist/fping-"
+                           version ".tar.gz"))
+       (sha256
+        (base32
+         "1kp81wchi79l8z8rrj602fpjrd8bi84y3i7fsaclzlwap5943sv7"))))
+    (build-system gnu-build-system)
+    (home-page "http://fping.org/")
+    (synopsis "Send ICMP ECHO_REQUEST packets to network hosts")
+    (description
+     "fping is a ping like program which uses the Internet Control Message
+Protocol (ICMP) echo request to determine if a target host is responding.
+fping differs from ping in that you can specify any number of targets on the
+command line, or specify a file containing the lists of targets to ping.
+Instead of sending to one target until it times out or replies, fping will
+send out a ping packet and move on to the next target in a round-robin
+fashion.")
+    (license license:expat)))
+
 (define-public httping
   (package
     (name "httping")
diff --git a/gnu/packages/patches/exim-CVE-2017-1000369.patch b/gnu/packages/patches/exim-CVE-2017-1000369.patch
new file mode 100644
index 0000000000..a67a8afb0e
--- /dev/null
+++ b/gnu/packages/patches/exim-CVE-2017-1000369.patch
@@ -0,0 +1,59 @@
+Fix CVE-2017-1000369:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000369
+https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
+
+Patch adapted from upstream source repository:
+
+https://git.exim.org/exim.git/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21
+
+From 65e061b76867a9ea7aeeb535341b790b90ae6c21 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
+Date: Wed, 31 May 2017 23:08:56 +0200
+Subject: [PATCH] Cleanup (prevent repeated use of -p/-oMr to avoid mem leak)
+
+---
+ doc/doc-docbook/spec.xfpt |  3 ++-
+ src/src/exim.c            | 19 +++++++++++++++++--
+ 2 files changed, 19 insertions(+), 3 deletions(-)
+
+diff --git a/src/src/exim.c b/src/src/exim.c
+index 67583e58..88e11977 100644
+--- a/src/exim.c
++++ b/src/exim.c
+@@ -3106,7 +3106,14 @@ for (i = 1; i < argc; i++)
+ 
+       /* -oMr: Received protocol */
+ 
+-      else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i];
++      else if (Ustrcmp(argrest, "Mr") == 0)
++
++        if (received_protocol)
++          {
++          fprintf(stderr, "received_protocol is set already\n");
++          exit(EXIT_FAILURE);
++          }
++        else received_protocol = argv[++i];
+ 
+       /* -oMs: Set sender host name */
+ 
+@@ -3202,7 +3209,15 @@ for (i = 1; i < argc; i++)
+ 
+     if (*argrest != 0)
+       {
+-      uschar *hn = Ustrchr(argrest, ':');
++      uschar *hn;
++
++      if (received_protocol)
++        {
++        fprintf(stderr, "received_protocol is set already\n");
++        exit(EXIT_FAILURE);
++        }
++
++      hn = Ustrchr(argrest, ':');
+       if (hn == NULL)
+         {
+         received_protocol = argrest;
+-- 
+2.13.1
+
diff --git a/gnu/packages/patches/miniupnpc-CVE-2017-8798.patch b/gnu/packages/patches/miniupnpc-CVE-2017-8798.patch
deleted file mode 100644
index 24eed60af9..0000000000
--- a/gnu/packages/patches/miniupnpc-CVE-2017-8798.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-Fix CVE-2017-8798.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8798
-http://seclists.org/oss-sec/2017/q2/247
-
-Patch copied from upstream source repository, with Changelog entry removed:
-
-https://github.com/miniupnp/miniupnp/commit/f0f1f4b22d6a98536377a1bb07e7c20e4703d229
-
-diff --git a/miniwget.c b/miniwget.c
-index 37cb47b..1eda57c 100644
---- a/miniwget.c
-+++ b/miniwget.c
-@@ -284,11 +284,12 @@ getHTTPResponse(int s, int * size, int * status_code)
- 							goto end_of_stream;
- 						}
- 					}
--					bytestocopy = ((int)chunksize < (n - i))?chunksize:(unsigned int)(n - i);
-+					/* it is guaranteed that (n >= i) */
-+					bytestocopy = (chunksize < (unsigned int)(n - i))?chunksize:(unsigned int)(n - i);
- 					if((content_buf_used + bytestocopy) > content_buf_len)
- 					{
- 						char * tmp;
--						if(content_length >= (int)(content_buf_used + bytestocopy)) {
-+						if((content_length >= 0) && ((unsigned int)content_length >= (content_buf_used + bytestocopy))) {
- 							content_buf_len = content_length;
- 						} else {
- 							content_buf_len = content_buf_used + bytestocopy;
-@@ -313,14 +314,15 @@ getHTTPResponse(int s, int * size, int * status_code)
- 			{
- 				/* not chunked */
- 				if(content_length > 0
--				   && (int)(content_buf_used + n) > content_length) {
-+				   && (content_buf_used + n) > (unsigned int)content_length) {
- 					/* skipping additional bytes */
- 					n = content_length - content_buf_used;
- 				}
- 				if(content_buf_used + n > content_buf_len)
- 				{
- 					char * tmp;
--					if(content_length >= (int)(content_buf_used + n)) {
-+					if(content_length >= 0
-+					   && (unsigned int)content_length >= (content_buf_used + n)) {
- 						content_buf_len = content_length;
- 					} else {
- 						content_buf_len = content_buf_used + n;
-@@ -340,7 +342,7 @@ getHTTPResponse(int s, int * size, int * status_code)
- 			}
- 		}
- 		/* use the Content-Length header value if available */
--		if(content_length > 0 && (int)content_buf_used >= content_length)
-+		if(content_length > 0 && content_buf_used >= (unsigned int)content_length)
- 		{
- #ifdef DEBUG
- 			printf("End of HTTP content\n");
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 505e4a813b..911cf2dc12 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -925,6 +925,24 @@ have been used.")
 (define-public python2-mock
   (package-with-python2 python-mock))
 
+;;; Some packages (notably, certbot and python-acme) rely on this newer version
+;;; of python-mock. However, a large number of packages fail to build with
+;;; mock@2, so we add a new variable for now. Also, there may be a dependency
+;;; cycle between mock and six, so we avoid creating python2-mock@2 for now.
+(define-public python-mock-2
+  (package
+    (inherit python-mock)
+    (version "2.0.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (pypi-uri "mock" version))
+        (sha256
+         (base32
+          "1flbpksir5sqrvq2z0dp8sl4bzbadg21sj4d42w3klpdfvgvcn5i"))))
+    (propagated-inputs
+     `(("python-pbr" ,python-pbr-minimal)
+       ,@(package-propagated-inputs python-mock)))))
 
 (define-public python-setuptools
   (package
@@ -15382,3 +15400,26 @@ many of the popular cloud service providers using a unified API.")
 
 (define-public python2-apache-libcloud
   (package-with-python2 python-apache-libcloud))
+
+(define-public python-smmap2
+  (package
+    (name "python-smmap2")
+    (version "2.0.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "smmap2" version))
+       (sha256
+        (base32
+         "1hvn28p3zvxa98sbi9lrqvv2ps4q284j4jq9a619zw0m7yv0sly7"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-nosexcover" ,python-nosexcover)))
+    (home-page "https://github.com/Byron/smmap")
+    (synopsis "Python sliding window memory map manager")
+    (description "@code{smmap2} is a pure Python implementation of a sliding
+window memory map manager.")
+    (license license:bsd-3)))
+
+(define-public python2-smmap2
+  (package-with-python2 python-smmap2))
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 5873d85b55..8ae2dda1c3 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -93,15 +93,15 @@ the low-level development kit for the Yubico YubiKey authentication device.")
 (define-public pcsc-lite
   (package
     (name "pcsc-lite")
-    (version "1.8.21")
+    (version "1.8.22")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                    "https://alioth.debian.org/frs/download.php/file/4216/"
+                    "https://alioth.debian.org/frs/download.php/file/4225/"
                     "pcsc-lite-" version ".tar.bz2"))
               (sha256
                (base32
-                "1b8kwl81f6s3y7qh68ahr8sp8a0w6m464v9b3s4zxq2cgpmnaczy"))))
+                "01flkdyqs7kr6c63dv2qg8dwir3v9jlr9rzlw7vafrivxmhqydba"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags '("--enable-usbdropdir=/var/lib/pcsc/drivers")))
diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm
index 6b9125e77f..65e0eda50a 100644
--- a/gnu/packages/shells.scm
+++ b/gnu/packages/shells.scm
@@ -172,7 +172,7 @@ highlighting.")
        #:phases
        (modify-phases %standard-phases
          (delete 'configure)))) ; No configure script.
-    (home-page "https://pragmatique.xyz/software/fish-guix.html")
+    (home-page "https://www.infotropique.org/projects/fish-guix/")
     (synopsis "Fish completions for Guix")
     (description
      "Fish-guix provides completions for Guix for users of the fish shell.")
diff --git a/gnu/packages/tex.scm b/gnu/packages/tex.scm
index 71aa5c7f3a..21af9d7df4 100644
--- a/gnu/packages/tex.scm
+++ b/gnu/packages/tex.scm
@@ -195,7 +195,7 @@ This package contains the binaries.")
                     (revision %texlive-revision)))
               (sha256
                (base32
-                "1k11yvz4q95bxyxczwvd4r177h6a2gg03xmf51kmgjgz8an2gq2w"))))
+                "0fcy2hpapbj01ncpjj3v39yhr0jjxb6rm13qaxjjw66s3vydxls1"))))
     (build-system trivial-build-system)
     (arguments
      `(#:modules ((guix build utils))
@@ -650,7 +650,7 @@ symbol fonts.")
                     (revision %texlive-revision)))
               (sha256
                (base32
-                "1ifmbyl3ir8k0v1g25xjb5rcyy5vhj8a3fa2088nczga09hna5vn"))))
+                "0mjgl3gscn3ps29yjambz1j9fg81ynnncb96vpprwx4xsijhsns0"))))
     (build-system trivial-build-system)
     (arguments
      `(#:modules ((guix build utils))
@@ -835,7 +835,7 @@ overwrite existing files and letting you use @code{filecontents} /
 (define-public texlive-generic-ifxetex
   (package
     (name "texlive-generic-ifxetex")
-    (version "0.6")
+    (version (number->string %texlive-revision))
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "generic" "ifxetex"))
@@ -892,7 +892,7 @@ verbatim source).")
               (uri (texlive-ref "latex" "graphics"))
               (sha256
                (base32
-                "17ka701xr9nqsjlhz30hphr8d9j4zzwgv5zl5r2f118yzqh9c34v"))))
+                "07azyn0b1s49vbdlr6dmygrminxp72ndl24j1091hiiccvrjq3xc"))))
     (build-system texlive-build-system)
     (arguments
      '(#:tex-directory "latex/graphics"
@@ -1101,7 +1101,7 @@ of file names.")
               (uri (texlive-ref "latex" "l3kernel"))
               (sha256
                (base32
-                "0ndqw0flhl20f4ny5lssp8rqpnj5kglyg59whbdrxbh2zc7w7j0b"))))
+                "0r0wfk594j8wkdqhh21haimwsfq8x5jch4ldm21hkzk5dnmvpbg6"))))
     (build-system texlive-build-system)
     (arguments
      '(#:tex-directory "latex/l3kernel"))
@@ -1124,7 +1124,7 @@ that the LaTeX3 conventions can be used with regular LaTeX 2e packages.")
               (uri (texlive-ref "latex" "l3packages"))
               (sha256
                (base32
-                "1p1y9my6ccmp2ab91fzqqgih8ifrk4y3wyh397kagiq9f6a6v91f"))))
+                "16jplkvzdysfssijq9l051nsks65c2nrarsl17k8gjhc28yznj8y"))))
     (build-system texlive-build-system)
     (arguments
      '(#:tex-directory "latex/l3packages"
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index f3d7177102..f2c949ad69 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -498,7 +498,7 @@ security, and applying best practice development processes.")
                #t))))))
     ;; TODO: Add optional inputs for testing.
     (native-inputs
-     `(("python-mock" ,python-mock)
+     `(("python-mock" ,python-mock-2)
        ;; For documentation
        ("python-sphinx" ,python-sphinx)
        ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
@@ -534,8 +534,7 @@ security, and applying best practice development processes.")
                 "1srvmjxz75dbafx7xfg1w3n9h3srr9p2ljnfsih9dwwd5cxh9i5q"))))
     (build-system python-build-system)
     (arguments
-     `(#:python ,python-2
-       ,@(substitute-keyword-arguments (package-arguments python-acme)
+     `(,@(substitute-keyword-arguments (package-arguments python-acme)
            ((#:phases phases)
             `(modify-phases ,phases
               (replace 'install-documentation
@@ -550,27 +549,27 @@ security, and applying best practice development processes.")
                     #t))))))))
     ;; TODO: Add optional inputs for testing.
     (native-inputs
-     `(("python2-nose" ,python2-nose)
-       ("python2-mock" ,python2-mock)
+     `(("python-nose" ,python-nose)
+       ("python-mock" ,python-mock-2)
        ;; For documentation
-       ("python2-sphinx" ,python2-sphinx)
-       ("python2-sphinx-rtd-theme" ,python2-sphinx-rtd-theme)
-       ("python2-sphinx-repoze-autointerface" ,python2-sphinx-repoze-autointerface)
-       ("python2-sphinxcontrib-programoutput" ,python2-sphinxcontrib-programoutput)
+       ("python-sphinx" ,python-sphinx)
+       ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
+       ("python-sphinx-repoze-autointerface" ,python-sphinx-repoze-autointerface)
+       ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
        ("texinfo" ,texinfo)))
     (propagated-inputs
-     `(("python2-acme" ,python2-acme)
-       ("python2-zope-interface" ,python2-zope-interface)
-       ("python2-pyrfc3339" ,python2-pyrfc3339)
-       ("python2-pyopenssl" ,python2-pyopenssl)
-       ("python2-configobj" ,python2-configobj)
-       ("python2-configargparse" ,python2-configargparse)
-       ("python2-zope-component" ,python2-zope-component)
-       ("python2-parsedatetime" ,python2-parsedatetime)
-       ("python2-six" ,python2-six)
-       ("python2-psutil" ,python2-psutil)
-       ("python2-requests" ,python2-requests)
-       ("python2-pytz" ,python2-pytz)))
+     `(("python-acme" ,python-acme)
+       ("python-zope-interface" ,python-zope-interface)
+       ("python-pyrfc3339" ,python-pyrfc3339)
+       ("python-pyopenssl" ,python-pyopenssl)
+       ("python-configobj" ,python-configobj)
+       ("python-configargparse" ,python-configargparse)
+       ("python-zope-component" ,python-zope-component)
+       ("python-parsedatetime" ,python-parsedatetime)
+       ("python-six" ,python-six)
+       ("python-psutil" ,python-psutil)
+       ("python-requests" ,python-requests)
+       ("python-pytz" ,python-pytz)))
     (synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
     (description "Certbot automatically receives and installs X.509 certificates
 to enable Transport Layer Security (TLS) on servers.  It interoperates with the
diff --git a/gnu/packages/upnp.scm b/gnu/packages/upnp.scm
index 645e9a6573..3c449937da 100644
--- a/gnu/packages/upnp.scm
+++ b/gnu/packages/upnp.scm
@@ -28,15 +28,14 @@
 (define-public miniupnpc
   (package
     (name "miniupnpc")
-    (version "2.0.20170421")
+    (version "2.0.20170509")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://miniupnp.tuxfamily.org/files/"
                            name "-" version ".tar.gz"))
-       (patches (search-patches "miniupnpc-CVE-2017-8798.patch"))
        (sha256
-        (base32 "0n11m2wq812zms5b21h8ihw1kbyaihj9nqjiida0hskf4dmw4m13"))))
+        (base32 "0spi75q6nafxp3ndnrhrlqagzmjlp8wwlr5x7rnvdpswgxi6ihyk"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("python" ,python-2)))
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 953440a6fd..4b78704537 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -186,12 +186,16 @@ as well as the classic centralized workflow.")
                  ,@%gnu-build-system-modules)
       #:phases
       (modify-phases %standard-phases
-        (add-after 'configure 'patch-makefile-shebangs
+        (add-after 'configure 'patch-makefiles
           (lambda _
             (substitute* "Makefile"
               (("/bin/sh") (which "sh"))
               (("/usr/bin/perl") (which "perl"))
-              (("/usr/bin/python") (which "python")))))
+              (("/usr/bin/python") (which "python")))
+            (substitute* "perl/Makefile"
+              ;; Don't create timestamped 'perllocal.pod'.
+              (("\\$< PREFIX=") "$< NO_PERLLOCAL=1 PREFIX="))
+            #t))
         (add-after 'configure 'add-PM.stamp
           (lambda _
             ;; Add the "PM.stamp" to avoid "no rule to make target".
@@ -816,6 +820,7 @@ following features:
                         "subversion/bindings/swig/perl/native"
                       (and (zero?
                             (system* "perl" "Makefile.PL"
+                                     "NO_PERLLOCAL=1"
                                      (string-append "PREFIX=" out)))
                            (zero?
                             (system* "make" "install"
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index adae0d3d3e..4acfb24220 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -1144,7 +1144,7 @@ audio, images) from the Web.  It can use either mpv or vlc for playback.")
 (define-public libbluray
   (package
     (name "libbluray")
-    (version "1.0.0")
+    (version "1.0.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://download.videolan.org/videolan/"
@@ -1152,10 +1152,10 @@ audio, images) from the Web.  It can use either mpv or vlc for playback.")
                                   name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "1k3lag4lxi2jjd3zh4wcb5l3hadzm54j5kagh92yzfy76p9svqzp"))))
+                "0fl5cxfj870rwqmmz3s04wh7wnabb7rnynfj1v3sz37ln8frm7qg"))))
     (build-system gnu-build-system)
     (arguments
-     `(#:configure-flags '("--disable-bdjava")
+     `(#:configure-flags '("--disable-bdjava-jar")
        #:phases
        (modify-phases %standard-phases
          (add-before 'build 'fix-dlopen-paths
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 10945d4975..fba0d99f4a 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -94,14 +94,14 @@
 (define-public httpd
   (package
     (name "httpd")
-    (version "2.4.25")
+    (version "2.4.26")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://apache/httpd/httpd-"
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "1cl0bkqg6srb1sypga0cn8dcmdyxldavij73zmmkxvlz3kgw4zpq"))))
+               "11ykcfv7b9zpd7fb93a7yhnyfwrilryjz21iklaf0yf8mwpvazm0"))))
     (build-system gnu-build-system)
     (native-inputs `(("pcre" ,pcre "bin")))       ;for 'pcre-config'
     (inputs `(("apr" ,apr)
diff --git a/guix/build-system/texlive.scm b/guix/build-system/texlive.scm
index d4085ea7e8..0357c47a47 100644
--- a/guix/build-system/texlive.scm
+++ b/guix/build-system/texlive.scm
@@ -40,8 +40,8 @@
 ;; Code:
 
 ;; These variables specify the SVN tag and the matching SVN revision.
-(define %texlive-tag "texlive-2017.0")
-(define %texlive-revision 44445)
+(define %texlive-tag "texlive-2017.1")
+(define %texlive-revision 44591)
 
 (define (texlive-ref component id)
   "Return a <svn-reference> object for the package ID, which is part of the
diff --git a/guix/store.scm b/guix/store.scm
index 2acab6b1a3..b584caa073 100644
--- a/guix/store.scm
+++ b/guix/store.scm
@@ -322,12 +322,16 @@
 
 (define-record-type <nix-server>
   (%make-nix-server socket major minor
+                    buffer flush
                     ats-cache atts-cache)
   nix-server?
   (socket nix-server-socket)
   (major  nix-server-major-version)
   (minor  nix-server-minor-version)
 
+  (buffer nix-server-output-port)                 ;output port
+  (flush  nix-server-flush-output)                ;thunk
+
   ;; Caches.  We keep them per-connection, because store paths build
   ;; during the session are temporary GC roots kept for the duration of
   ;; the session.
@@ -481,7 +485,11 @@ for this connection will be pinned.  Return a server object."
                      (&nix-connection-error (file (or port uri))
                                             (errno EPROTO))
                      (&message (message "build daemon handshake failed"))))))
-    (let ((port (or port (connect-to-daemon uri))))
+    (let*-values (((port)
+                   (or port (connect-to-daemon uri)))
+                  ((output flush)
+                   (buffering-output-port port
+                                          (make-bytevector 8192))))
       (write-int %worker-magic-1 port)
       (let ((r (read-int port)))
         (and (eqv? r %worker-magic-2)
@@ -499,12 +507,18 @@ for this connection will be pinned.  Return a server object."
                       (let ((conn (%make-nix-server port
                                                     (protocol-major v)
                                                     (protocol-minor v)
+                                                    output flush
                                                     (make-hash-table 100)
                                                     (make-hash-table 100))))
                         (let loop ((done? (process-stderr conn)))
                           (or done? (process-stderr conn)))
                         conn)))))))))
 
+(define (write-buffered-output server)
+  "Flush SERVER's output port."
+  (force-output (nix-server-output-port server))
+  ((nix-server-flush-output server)))
+
 (define (close-connection server)
   "Close the connection to SERVER."
   (close (nix-server-socket server)))
@@ -718,6 +732,44 @@ encoding conversion errors."
     (let loop ((done? (process-stderr server)))
       (or done? (process-stderr server)))))
 
+(define (buffering-output-port port buffer)
+  "Return two value: an output port wrapped around PORT that uses BUFFER (a
+bytevector) as its internal buffer, and a thunk to flush this output port."
+  ;; Note: In Guile 2.2.2, custom binary output ports already have their own
+  ;; 4K internal buffer.
+  (define size
+    (bytevector-length buffer))
+
+  (define total 0)
+
+  (define (flush)
+    (put-bytevector port buffer 0 total)
+    (set! total 0))
+
+  (define (write bv offset count)
+    (if (zero? count)                             ;end of file
+        (flush)
+        (let loop ((offset offset)
+                   (count count)
+                   (written 0))
+          (cond ((= total size)
+                 (flush)
+                 (loop offset count written))
+                ((zero? count)
+                 written)
+                (else
+                 (let ((to-copy (min count (- size total))))
+                   (bytevector-copy! bv offset buffer total to-copy)
+                   (set! total (+ total to-copy))
+                   (loop (+ offset to-copy) (- count to-copy)
+                         (+ written to-copy))))))))
+
+  ;; Note: We need to return FLUSH because the custom binary port has no way
+  ;; to be notified of a 'force-output' call on itself.
+  (values (make-custom-binary-output-port "buffering-output-port"
+                                          write #f #f flush)
+          flush))
+
 (define %rpc-calls
   ;; Mapping from RPC names (symbols) to invocation counts.
   (make-hash-table))
@@ -755,11 +807,14 @@ encoding conversion errors."
     ((_ (name (type arg) ...) docstring return ...)
      (lambda (server arg ...)
        docstring
-       (let ((s (nix-server-socket server)))
+       (let* ((s (nix-server-socket server))
+              (buffered (nix-server-output-port server)))
          (record-operation 'name)
-         (write-int (operation-id name) s)
-         (write-arg type arg s)
+         (write-int (operation-id name) buffered)
+         (write-arg type arg buffered)
          ...
+         (write-buffered-output server)
+
          ;; Loop until the server is done sending error output.
          (let loop ((done? (process-stderr server)))
            (or done? (loop (process-stderr server))))