summary refs log tree commit diff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-06-04 14:56:31 -0400
committerLeo Famulari <leo@famulari.name>2017-06-04 14:56:31 -0400
commit9f825cec1beb0174a218ee3af603a692e5aea81d (patch)
tree16dd2359f73965bb015a89daa76af4ca1ba2e500
parent8b4186e116434860a93fd1c8163fdeb86c1d63a8 (diff)
parentcc24bf98bd9b57e7f5653858c1a54283a490cbd0 (diff)
downloadguix-9f825cec1beb0174a218ee3af603a692e5aea81d.tar.gz
Merge branch 'master' into core-updates
-rw-r--r--doc/guix.texi30
-rw-r--r--gnu/build/file-systems.scm6
-rw-r--r--gnu/local.mk5
-rw-r--r--gnu/packages/android.scm101
-rw-r--r--gnu/packages/compression.scm77
-rw-r--r--gnu/packages/game-development.scm25
-rw-r--r--gnu/packages/games.scm90
-rw-r--r--gnu/packages/image-processing.scm3
-rw-r--r--gnu/packages/kodi.scm6
-rw-r--r--gnu/packages/mes.scm10
-rw-r--r--gnu/packages/networking.scm52
-rw-r--r--gnu/packages/patches/libgit2-0.25.1-mtime-0.patch14
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-8112.patch41
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-8309.patch46
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-8379.patch98
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-8380.patch53
-rw-r--r--gnu/packages/python.scm374
-rw-r--r--gnu/packages/qemu.scm6
-rw-r--r--gnu/packages/shells.scm105
-rw-r--r--gnu/packages/version-control.scm18
-rw-r--r--gnu/packages/video.scm78
-rw-r--r--gnu/packages/wine.scm5
-rw-r--r--guix/scripts/refresh.scm34
-rw-r--r--nix/nix-daemon/guix-daemon.cc12
-rw-r--r--tests/guix-daemon.sh36
25 files changed, 1278 insertions, 47 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index aabb99039a..e8fba43afe 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -1146,6 +1146,24 @@ Allow at most @var{n} build jobs in parallel.  The default value is
 locally; instead, the daemon will offload builds (@pxref{Daemon Offload
 Setup}), or simply fail.
 
+@item --max-silent-time=@var{seconds}
+When the build or substitution process remains silent for more than
+@var{seconds}, terminate it and report a build failure.
+
+The default value is @code{0}, which disables the timeout.
+
+The value specified here can be overridden by clients (@pxref{Common
+Build Options, @code{--max-silent-time}}).
+
+@item --timeout=@var{seconds}
+Likewise, when the build or substitution process lasts for more than
+@var{seconds}, terminate it and report a build failure.
+
+The default value is @code{0}, which disables the timeout.
+
+The value specified here can be overridden by clients (@pxref{Common
+Build Options, @code{--timeout}}).
+
 @item --rounds=@var{N}
 Build each derivation @var{n} times in a row, and raise an error if
 consecutive build results are not bit-for-bit identical.  Note that this
@@ -4940,12 +4958,15 @@ instead of offloading builds to remote machines.
 When the build or substitution process remains silent for more than
 @var{seconds}, terminate it and report a build failure.
 
+By default, the daemon's setting is honored (@pxref{Invoking
+guix-daemon, @code{--max-silent-time}}).
+
 @item --timeout=@var{seconds}
 Likewise, when the build or substitution process lasts for more than
 @var{seconds}, terminate it and report a build failure.
 
-By default there is no timeout.  This behavior can be restored with
-@code{--timeout=0}.
+By default, the daemon's setting is honored (@pxref{Invoking
+guix-daemon, @code{--timeout}}).
 
 @item --verbosity=@var{level}
 Use the given verbosity level.  @var{level} must be an integer between 0
@@ -5854,6 +5875,11 @@ The @code{non-core} subset refers to the remaining packages.  It is
 typically useful in cases where an update of the core packages would be
 inconvenient.
 
+@item --manifest=@var{file}
+@itemx -m @var{file}
+Select all the packages from the manifest in @var{file}. This is useful to
+check if any packages of the user manifest can be updated.
+
 @item --type=@var{updater}
 @itemx -t @var{updater}
 Select only packages handled by @var{updater} (may be a comma-separated
diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm
index 3e0873377a..10be0dc83c 100644
--- a/gnu/build/file-systems.scm
+++ b/gnu/build/file-systems.scm
@@ -260,7 +260,11 @@ volume descriptor from ~s"
   "Return the raw contents of DEVICE's iso9660 primary volume descriptor
 as a bytevector, or #f if DEVICE does not contain an iso9660 file system."
   ;; Start reading at sector 16.
-  (read-iso9660-primary-volume-descriptor device (* 2048 16)))
+  ;; Since we are not sure that the device contains an ISO9660 filesystem,
+  ;; we have to find that out first.
+  (if (read-superblock device (* 2048 16) 2048 iso9660-superblock?)
+      (read-iso9660-primary-volume-descriptor device (* 2048 16))
+      #f)) ; Device does not contain an iso9660 filesystem.
 
 (define (iso9660-superblock-uuid sblock)
   "Return the modification time of an iso9660 primary volume descriptor
diff --git a/gnu/local.mk b/gnu/local.mk
index 8b73f7e64c..015267f09d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -723,6 +723,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libevent-2.1-dns-tests.patch		\
   %D%/packages/patches/libevent-2.1-skip-failing-test.patch	\
   %D%/packages/patches/libextractor-ffmpeg-3.patch		\
+  %D%/packages/patches/libgit2-0.25.1-mtime-0.patch		\
   %D%/packages/patches/libgit2-use-after-free.patch		\
   %D%/packages/patches/libffi-3.2.1-complex-alpha.patch		\
   %D%/packages/patches/libjxr-fix-function-signature.patch	\
@@ -931,6 +932,10 @@ dist_patch_DATA =						\
   %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch	\
   %D%/packages/patches/python2-subprocess32-disable-input-test.patch	\
   %D%/packages/patches/qemu-CVE-2017-7493.patch			\
+  %D%/packages/patches/qemu-CVE-2017-8112.patch			\
+  %D%/packages/patches/qemu-CVE-2017-8309.patch			\
+  %D%/packages/patches/qemu-CVE-2017-8379.patch			\
+  %D%/packages/patches/qemu-CVE-2017-8380.patch			\
   %D%/packages/patches/qt4-ldflags.patch			\
   %D%/packages/patches/qtscript-disable-tests.patch		\
   %D%/packages/patches/quickswitch-fix-dmenu-check.patch	\
diff --git a/gnu/packages/android.scm b/gnu/packages/android.scm
index e23d0fd910..be3f50add2 100644
--- a/gnu/packages/android.scm
+++ b/gnu/packages/android.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015 Kai-Chung Yan <seamlikok@gmail.com>
 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
+;;; Copyright © 2017 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -23,8 +24,13 @@
   #:use-module (guix packages)
   #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system python)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (gnu packages)
+  #:use-module (gnu packages gnupg)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages ssh)
+  #:use-module (gnu packages version-control)
   #:use-module (gnu packages tls))
 
 ;; The Makefiles that we add are largely based on the Debian
@@ -298,3 +304,98 @@ with an emulator instance or connected Android device.  It facilitates a variety
 of device actions, such as installing and debugging apps, and it provides access
 to a Unix shell that can run commands on the connected device or emulator.")
     (license license:asl2.0)))
+
+(define-public git-repo
+  (package
+    (name "git-repo")
+    (version "1.12.37")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://gerrit.googlesource.com/git-repo")
+             (commit (string-append "v" version))))
+       (file-name (string-append "git-repo-" version "-checkout"))
+       (sha256
+        (base32 "0qp7jqhblv7xblfgpcq4n18dyjdv8shz7r60c3vnjxx2fngkj2jd"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:python ,python-2 ; code says: "Python 3 support is … experimental."
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'set-executable-paths
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (git (assoc-ref inputs "git"))
+                    (gpg (assoc-ref inputs "gnupg"))
+                    (ssh (assoc-ref inputs "ssh")))
+               (substitute* '("repo" "git_command.py")
+                 (("^GIT = 'git' ")
+                  (string-append "GIT = '" git "/bin/git' ")))
+               (substitute* "repo"
+                 ((" cmd = \\['gpg',")
+                  (string-append " cmd = ['" gpg "/bin/gpg',")))
+               (substitute* "git_config.py"
+                 ((" command_base = \\['ssh',")
+                  (string-append " command_base = ['" ssh "/bin/ssh',")))
+               #t)))
+         (add-before 'build 'do-not-clone-this-source
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (repo-dir (string-append out "/share/" ,name)))
+               (substitute* "repo"
+                 (("^def _FindRepo\\(\\):.*")
+                  (format #f "
+def _FindRepo():
+  '''Look for a repo installation, starting at the current directory.'''
+  # Use the installed version of git-repo.
+  repo_main = '~a/main.py'
+  curdir = os.getcwd()
+  olddir = None
+  while curdir != '/' and curdir != olddir:
+    dot_repo = os.path.join(curdir, repodir)
+    if os.path.isdir(dot_repo):
+      return (repo_main, dot_repo)
+    else:
+      olddir = curdir
+      curdir = os.path.dirname(curdir)
+  return None, ''
+
+  # The remaining of this function is dead code.  It was used to
+  # find a git-checked-out version in the local project.\n" repo-dir))
+                 ;; Neither clone, check out, nor verify the git repository
+                 (("(^\\s+)_Clone\\(.*\\)") "")
+                 (("(^\\s+)_Checkout\\(.*\\)") "")
+                 ((" rev = _Verify\\(.*\\)") " rev = None"))
+               #t)))
+         (delete 'build) ; nothing to build
+         (replace 'check
+           (lambda _
+             (zero? (system* "python" "-m" "nose"))))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin-dir (string-append out "/bin"))
+                    (repo-dir (string-append out "/share/" ,name)))
+               (mkdir-p bin-dir)
+               (mkdir-p repo-dir)
+               (copy-recursively "." repo-dir)
+               (delete-file-recursively (string-append repo-dir "/tests"))
+               (symlink (string-append repo-dir "/repo")
+                        (string-append bin-dir "/repo"))
+               #t))))))
+    (inputs
+     ;; TODO: Add git-remote-persistent-https once it is available in guix
+     `(("git" ,git)
+       ("gnupg" ,gnupg)
+       ("ssh", openssh)))
+    (native-inputs
+     `(("nose" ,python2-nose)))
+    (home-page "https://code.google.com/p/git-repo/")
+    (synopsis "Helps to manage many Git repositories.")
+    (description "Repo is a tool built on top of Git.  Repo helps manage many
+Git repositories, does the uploads to revision control systems, and automates
+parts of the development workflow.  Repo is not meant to replace Git, only to
+make it easier to work with Git.  The repo command is an executable Python
+script that you can put anywhere in your path.")
+    (license license:asl2.0)))
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 2b576743d6..c7b6ccc8ab 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -15,6 +15,7 @@
 ;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
+;;; Copyright © 2017 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -37,6 +38,7 @@
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix git-download)
+  #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system perl)
   #:use-module (guix build-system python)
@@ -46,10 +48,13 @@
   #:use-module (gnu packages backup)
   #:use-module (gnu packages base)
   #:use-module (gnu packages check)
+  #:use-module (gnu packages curl)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
+  #:use-module (gnu packages tls)
   #:use-module (gnu packages valgrind)
+  #:use-module (gnu packages zip)
   #:use-module (ice-9 match)
   #:use-module ((srfi srfi-1) #:select (last)))
 
@@ -1153,6 +1158,78 @@ or junctions, and always follows hard links.")
                    ;; expat-licenced (or ‘MIT’) code.
                    license:expat))))
 
+(define-public unshield
+  (package
+    (name "unshield")
+    (version "1.4.2")
+    (source
+     (origin (method url-fetch)
+             (uri (string-append "http://github.com/twogood/unshield/archive/"
+                                 version ".tar.gz"))
+             (sha256
+              (base32
+               "0x7ps644yp5dka2zhb8w0ifqmw3d255jafpzfwv8xbcpgq6fmm2x"))))
+    (build-system cmake-build-system)
+    (inputs
+     `(("zlib" ,zlib)
+       ("openssl" ,openssl)
+       ;; test data that is otherwise downloaded with curl
+       ("unshield-avigomanager11b22.zip"
+        ,(origin
+           (method url-fetch)
+           (uri (string-append "https://www.dropbox.com/s/8r4b6752swe3nhu/\"
+unshield-avigomanager11b22.zip?dl=1"))
+           (sha256
+            (base32 "0fwq7lih04if68wpwpsk5wjqyvh32db76a41sq6gbx4dn1lc3ddn"))
+           (file-name "unshield-avigomanager11b22.zip")))
+       ("unshield-the-feeble-files-spanish.zip"
+        ,(origin
+           (method url-fetch)
+           (uri (string-append "https://www.dropbox.com/s/1ng0z9kfxc7eb1e/\"
+unshield-the-feeble-files-spanish.zip?dl=1"))
+           (sha256
+            (base32 "1k5cw6vnpja8yjlnhx5124xrw9i8s1l539hfdqqrqz3l5gn0bnyd"))
+           (file-name "unshield-the-feeble-files-spanish.zip")))))
+    (native-inputs
+     `(("unzip" ,unzip)))
+    (arguments
+     `(#:out-of-source? #f
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'check 'pre-check
+           (lambda* (#:key inputs #:allow-other-keys)
+             (for-each (lambda (i)
+                         (copy-file (assoc-ref inputs i)
+                                    (string-append "test/v0/" i)))
+                       '("unshield-avigomanager11b22.zip"
+                         "unshield-the-feeble-files-spanish.zip"))
+             (substitute* (find-files "test/" "/*\\.sh")
+               ;; Tests expect the unshield binary in a specific
+               ;; location.
+               (("/var/tmp/unshield/bin/unshield")
+                (string-append (getcwd) "/src/unshield"))
+               ;; We no longer need to download the data.
+               ((".?URL=.*$") "")
+               (("curl -(|f)sSL -o test.zip .*") ""))
+             (substitute* "test/v0/avigomanager.sh"
+               (("test.zip")
+                (string-append (getcwd)
+                  "/test/v0/unshield-avigomanager11b22.zip")))
+             (substitute* "test/v0/the-feeble-files-spanish.sh"
+               (("test.zip")
+                (string-append (getcwd)
+                               "/test/v0/unshield-the-feeble-files-spanish.zip")))
+             #t))
+         (replace 'check
+           (lambda _
+            (zero? (system* "./run-tests.sh")))))))
+    (home-page "https://github.com/twogood/unshield")
+    (synopsis "Extract CAB files from InstallShield installers")
+    (description
+     "@command{unshield} is a tool and library for extracting @file{.cab}
+ archives from InstallShield installers.")
+    (license license:expat)))
+
 (define-public unrar
   (package
     (name "unrar")
diff --git a/gnu/packages/game-development.scm b/gnu/packages/game-development.scm
index d7f9d2456c..6d9e4061d1 100644
--- a/gnu/packages/game-development.scm
+++ b/gnu/packages/game-development.scm
@@ -483,8 +483,9 @@ programming language.")
     (version "4.4.2")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://download.gna.org/allegro/allegro/"
-                                  version "/allegro-" version ".tar.gz"))
+              (uri (string-append "https://github.com/liballeg/allegro5/"
+                                  "releases/download/" version "/allegro-"
+                                  version ".tar.gz"))
               (sha256
                (base32
                 "1p0ghkmpc4kwij1z9rzxfv7adnpy4ayi0ifahlns1bdzgmbyf88v"))))
@@ -518,14 +519,18 @@ etc.")
 (define-public allegro
   (package
     (name "allegro")
-    (version "5.2.0")
+    (version "5.2.2.0")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://download.gna.org/allegro/allegro/"
-                                  version "/allegro-" version ".tar.gz"))
+              (uri (string-append "https://github.com/liballeg/allegro5/releases"
+                                  "/download/" version "/allegro-"
+                                  (if (equal? "0" (string-take-right version 1))
+                                    (string-drop-right version 2)
+                                    version)
+                                  ".tar.gz"))
               (sha256
                (base32
-                "1mwzgzc4nb5k5zkbq7yrc6hg63yxq3wk69lmjag1h19x8b6njnmg"))))
+                "1z4lrrlmn471wb7vzbd9iw7g379vj0k964vy1s64hcvv5bhvk1g2"))))
     (build-system cmake-build-system)
     (arguments `(#:tests? #f)) ; there are no tests
     (inputs
@@ -561,8 +566,12 @@ etc.")
     (version "5.0.11")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://download.gna.org/allegro/allegro/"
-                                  version "/allegro-" version ".tar.gz"))
+              (uri (string-append "https://github.com/liballeg/allegro5/releases"
+                                  "/download/" version "/allegro-"
+                                  (if (equal? "0" (string-take-right version 1))
+                                    (string-drop-right version 2)
+                                    version)
+                                  ".tar.gz"))
               (sha256
                (base32
                 "0cd51qrh97jrr0xdmnivqgwljpmizg8pixsgvc4blqqlaz4i9zj9"))))))
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index c1993485bc..9153a2b5cf 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -136,6 +136,82 @@
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system trivial))
 
+(define-public cataclysm-dda
+  (package
+    (name "cataclysm-dda")
+    (version "0.C")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/CleverRaven/Cataclysm-DDA/"
+                                  "archive/" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1xlajmgl9cviqyjpp5g5q4rbljy9gqc49v54bi8gpzr68s14gsb9"))
+              (modules '((guix build utils)))
+              (snippet
+               ;; Import cmath header for the std::pow function.
+               '(for-each (lambda (file)
+                            (substitute* file
+                              (("#include <math.h>")
+                               "#include <cmath>")))
+                          (find-files "src")))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
+                          "USE_HOME_DIR=1" "DYNAMIC_LINKING=1" "RELEASE=1")
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda _
+             (substitute* "Makefile"
+               (("ncursesw5-config") "ncursesw6-config")
+               (("RELEASE_FLAGS = -Werror") "RELEASE_FLAGS ="))
+             #t))
+         (add-after 'build 'build-tiles
+           (lambda* (#:key make-flags outputs #:allow-other-keys)
+             ;; Change prefix directory and enable tile graphics and sound.
+             (zero?
+              (apply system* "make" "TILES=1" "SOUND=1"
+                     (string-append "PREFIX="
+                                    (assoc-ref outputs "tiles"))
+                     (cdr make-flags)))))
+         (add-after 'install 'install-tiles
+           (lambda* (#:key make-flags outputs #:allow-other-keys)
+             (zero?
+              (apply system* "make" "install" "TILES=1" "SOUND=1"
+                     (string-append "PREFIX="
+                                    (assoc-ref outputs "tiles"))
+                     (cdr make-flags))))))
+       ;; TODO: Add libtap++ from https://github.com/cbab/libtappp as a native
+       ;;       input in order to support tests.
+       #:tests? #f))
+    (outputs '("out"
+               "tiles")) ; For tile graphics and sound support.
+    (native-inputs
+     `(("gettext" ,gettext-minimal)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("freetype" ,freetype)
+       ("libogg" ,libogg)
+       ("libvorbis" ,libvorbis)
+       ("ncurses" ,ncurses)
+       ("sdl2" ,sdl2)
+       ("sdl2-image", sdl2-image)
+       ("sdl2-ttf" ,sdl2-ttf)
+       ("sdl2-mixer" ,sdl2-mixer)))
+    (home-page "http://en.cataclysmdda.com/")
+    (synopsis "Survival horror roguelike video game")
+    (description
+     "Cataclysm: Dark Days Ahead is a roguelike set in a post-apocalyptic world.
+Struggle to survive in a harsh, persistent, procedurally generated world.
+Scavenge the remnants of a dead civilization for food, equipment, or, if you are
+lucky, a vehicle with a full tank of gas to get you out of Dodge.  Fight to
+defeat or escape from a wide variety of powerful monstrosities, from zombies to
+giant insects to killer robots and things far stranger and deadlier, and against
+the others like yourself, that want what you have.")
+    (license license:cc-by-sa3.0)))
+
 (define-public freedoom
   (package
    (name "freedoom")
@@ -3405,16 +3481,20 @@ for Un*x systems with X11.")
 (define-public freeciv
   (package
    (name "freeciv")
-   (version "2.5.6")
+   (version "2.5.7")
    (source
     (origin
      (method url-fetch)
-     (uri (string-append
-           "http://download.gna.org/freeciv/"
-           "stable/freeciv-" version ".tar.bz2"))
+     (uri (list (string-append
+                  "http://files.freeciv.org/stable/freeciv-"
+                  version ".tar.bz2")
+                (string-append
+                  "mirror://sourceforge/freeciv/Freeciv%20"
+                  (version-major+minor version) "/" version
+                  "/freeciv-" version ".tar.bz2")))
      (sha256
       (base32
-       "16wrnsx5rmbz6rjs03bhy0vn20i6n6g73lx7fjpai98ixhzc5bfg"))))
+       "1lmydnnqraa947l7gdz6xgm0bgks1ywsivp9h4v8jr3avcv6gqzz"))))
    (build-system gnu-build-system)
    (inputs
     `(("curl" ,curl)
diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-processing.scm
index 3d34eb2c34..0037fdb26c 100644
--- a/gnu/packages/image-processing.scm
+++ b/gnu/packages/image-processing.scm
@@ -45,8 +45,7 @@
   #:use-module (gnu packages serialization)
   #:use-module (gnu packages xiph)
   #:use-module (gnu packages xml)
-  #:use-module (gnu packages xorg)
-  #:use-module (gnu packages vtk))
+  #:use-module (gnu packages xorg))
 
 ;; We use the latest snapshot of this package because the latest release is
 ;; from 2011 and has known vulnerabilities that cannot easily be fixed by
diff --git a/gnu/packages/kodi.scm b/gnu/packages/kodi.scm
index cdab7eca03..061d5f1b2e 100644
--- a/gnu/packages/kodi.scm
+++ b/gnu/packages/kodi.scm
@@ -239,8 +239,8 @@ generator library for C++.")
 (define-public kodi
   ;; We package the git version because the current released
   ;; version was cut while the cmake transition was in turmoil.
-  (let ((commit "1a38948ad068870671042bff2d8ac615dca9e5d8")
-        (revision "5"))
+  (let ((commit "f22d62dc3f6e811a538dda9c434e1804abb8b95f")
+        (revision "6"))
   (package
     (name "kodi")
     (version (string-append "18.0_alpha-" revision "-" (string-take commit 7)))
@@ -252,7 +252,7 @@ generator library for C++.")
               (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
-                "1apkiicmxb6ncqhznflb8wc4n770jx89asw1drmch7lq7j9m6sns"))
+                "0x8fqvid8b8qra327z615r2ygfkdca2p7wccdj5nfb4i5gy0sr09"))
               (snippet
                '(begin
                   (use-modules (guix build utils))
diff --git a/gnu/packages/mes.scm b/gnu/packages/mes.scm
index 1e233a852d..e711148c7c 100644
--- a/gnu/packages/mes.scm
+++ b/gnu/packages/mes.scm
@@ -34,14 +34,14 @@
 (define-public nyacc
   (package
     (name "nyacc")
-    (version "0.78.3")
+    (version "0.79.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://savannah/nyacc/"
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0xrnl2hl9rpl50n8cihvclcd951zj640fj5kpi3d6ihwcqjcdi0a"))))
+                "14rhr9nv1022r7m94agb3299y0k093aq1ps22zgii3aa7cf9h1w4"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("guile" ,guile-2.2)))
@@ -54,10 +54,10 @@ extensive examples, including parsers for the Javascript and C99 languages.")
     (license (list gpl3+ lgpl3+))))
 
 (define-public mes
-  (let ((commit "d4420bbcc9f994e2cce430cf156f383dc4092bca")
+  (let ((commit "7fdca75d2188b28df806b34ec92627d57aafa9ae")
         (revision "0")
         (triplet "i686-unknown-linux-gnu")
-        (version "0.6"))
+        (version "0.7"))
     (package
       (name "mes")
       (version (string-append version "-" revision "." (string-take commit 7)))
@@ -68,7 +68,7 @@ extensive examples, including parsers for the Javascript and C99 languages.")
                       (commit commit)))
                 (file-name (string-append name "-" version))
                 (sha256
-                 (base32 "0qqywk3siyhf08v7xac08lqldklrqfndlp495wgy6ii9fn93197k"))))
+                 (base32 "0fvzr1ai2rmi46zdi5b2bdjb6s8ip78mkmsk02yxl46rajmp2pb1"))))
       (build-system gnu-build-system)
       (supported-systems '("i686-linux" "x86_64-linux"))
       (propagated-inputs
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 94152226da..1e22b70329 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -13,6 +13,7 @@
 ;;; Copyright © 2016 Benz Schenk <benz.schenk@uzh.ch>
 ;;; Copyright © 2016, 2017 Pjotr Prins <pjotr.guix@thebird.nl>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1184,3 +1185,54 @@ enabled due to license conflicts between the BSD advertising clause and the GPL.
     ;; others under a 4-clause BSD license. Refer to the files in the source
     ;; distribution for clarification.
     (license (list license:bsd-3 license:bsd-4))))
+
+(define-public spiped
+  (package
+    (name "spiped")
+    (version "1.6.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://www.tarsnap.com/spiped/spiped-"
+                                  version ".tgz"))
+              (sha256
+               (base32
+                "1r51rdcl7nib1yv3yvgd5alwlkkwmr387brqavaklb0p2bwzixz6"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:test-target "test"
+       #:make-flags (let* ((out (assoc-ref %outputs "out"))
+                           (bindir (string-append out "/bin"))
+                           (man1dir (string-append out "/share/man/man1")))
+                      (list "CC=gcc" ; It tries to invoke `c99`.
+                            (string-append "BINDIR=" bindir)
+                            (string-append "MAN1DIR=" man1dir)))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-command-invocations
+           (lambda _
+             (substitute* '("Makefile"
+                            "libcperciva/cpusupport/Build/cpusupport.sh"
+                            "libcperciva/POSIX/posix-cflags.sh"
+                            "libcperciva/POSIX/posix-l.sh")
+               (("command -p") ""))
+             #t))
+         (delete 'configure) ; No ./configure script.
+         (add-after 'install 'install-more-docs
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref %outputs "out"))
+                    (misc (string-append out "/share/doc/spiped")))
+               (install-file "DESIGN.md" misc)
+               #t))))))
+    (native-inputs
+     `(("procps" ,procps))) ; `ps` is used by the test suite.
+    (inputs
+     `(("openssl" ,openssl)))
+    (home-page "https://www.tarsnap.com/spiped.html")
+    (synopsis "Create secure pipes between sockets")
+    (description "Spiped (pronounced \"ess-pipe-dee\") is a utility for creating
+symmetrically encrypted and authenticated pipes between socket addresses, so
+that one may connect to one address (e.g., a UNIX socket on localhost) and
+transparently have a connection established to another address (e.g., a UNIX
+socket on a different system).  This is similar to 'ssh -L' functionality, but
+does not use SSH and requires a pre-shared symmetric key.")
+    (license license:bsd-2)))
diff --git a/gnu/packages/patches/libgit2-0.25.1-mtime-0.patch b/gnu/packages/patches/libgit2-0.25.1-mtime-0.patch
new file mode 100644
index 0000000000..a6fdb50fff
--- /dev/null
+++ b/gnu/packages/patches/libgit2-0.25.1-mtime-0.patch
@@ -0,0 +1,14 @@
+The Clar test framework has a bug whereby it skips the parsing phase
+on files with mtime=0.
+
+Reported upstream at <https://github.com/vmg/clar/pull/78>.
+
+diff --git a/tests/generate.py b/tests/generate.py
+index b639c8f..111ca41 100644
+--- a/tests/generate.py
++++ b/tests/generate.py
+@@ -63,3 +63,3 @@ class Module(object):
+ 
+-        self.mtime = 0
++        self.mtime = None # Guix sets all file mtimes to '0'
+         self.enabled = True
diff --git a/gnu/packages/patches/qemu-CVE-2017-8112.patch b/gnu/packages/patches/qemu-CVE-2017-8112.patch
new file mode 100644
index 0000000000..88b33aa2f0
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-8112.patch
@@ -0,0 +1,41 @@
+Fix CVE-2017-8112:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8112
+
+Patch copied from upstream source repository:
+
+http://git.qemu.org/?p=qemu.git;a=commitdiff;h=f68826989cd4d1217797251339579c57b3c0934e
+
+From f68826989cd4d1217797251339579c57b3c0934e Mon Sep 17 00:00:00 2001
+From: P J P <ppandit@redhat.com>
+Date: Tue, 25 Apr 2017 18:36:23 +0530
+Subject: [PATCH] vmw_pvscsi: check message ring page count at initialisation
+
+A guest could set the message ring page count to zero, resulting in
+infinite loop. Add check to avoid it.
+
+Reported-by: YY Z <bigbird475958471@gmail.com>
+Signed-off-by: P J P <ppandit@redhat.com>
+Message-Id: <20170425130623.3649-1-ppandit@redhat.com>
+Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/scsi/vmw_pvscsi.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
+index 75575461e2..4a106da856 100644
+--- a/hw/scsi/vmw_pvscsi.c
++++ b/hw/scsi/vmw_pvscsi.c
+@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri)
+     uint32_t len_log2;
+     uint32_t ring_size;
+ 
+-    if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
++    if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
+         return -1;
+     }
+     ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
+-- 
+2.13.0
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-8309.patch b/gnu/packages/patches/qemu-CVE-2017-8309.patch
new file mode 100644
index 0000000000..dc4b4006b7
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-8309.patch
@@ -0,0 +1,46 @@
+Fix CVE-2017-8309:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8309
+
+Patch copied from upstream source repository:
+
+http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3268a845f41253fb55852a8429c32b50f36f349a
+
+From 3268a845f41253fb55852a8429c32b50f36f349a Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Fri, 28 Apr 2017 09:56:12 +0200
+Subject: [PATCH] audio: release capture buffers
+
+AUD_add_capture() allocates two buffers which are never released.
+Add the missing calls to AUD_del_capture().
+
+Impact: Allows vnc clients to exhaust host memory by repeatedly
+starting and stopping audio capture.
+
+Fixes: CVE-2017-8309
+Cc: P J P <ppandit@redhat.com>
+Cc: Huawei PSIRT <PSIRT@huawei.com>
+Reported-by: "Jiangxin (hunter, SCC)" <jiangxin1@huawei.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 20170428075612.9997-1-kraxel@redhat.com
+---
+ audio/audio.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/audio/audio.c b/audio/audio.c
+index c8898d8422..beafed209b 100644
+--- a/audio/audio.c
++++ b/audio/audio.c
+@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque)
+                     sw = sw1;
+                 }
+                 QLIST_REMOVE (cap, entries);
++                g_free (cap->hw.mix_buf);
++                g_free (cap->buf);
+                 g_free (cap);
+             }
+             return;
+-- 
+2.13.0
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-8379.patch b/gnu/packages/patches/qemu-CVE-2017-8379.patch
new file mode 100644
index 0000000000..200b133d3e
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-8379.patch
@@ -0,0 +1,98 @@
+Fix CVE-2017-8379:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8379
+
+Patch copied from upstream source repository:
+
+http://git.qemu.org/?p=qemu.git;a=commitdiff;h=fa18f36a461984eae50ab957e47ec78dae3c14fc
+
+From fa18f36a461984eae50ab957e47ec78dae3c14fc Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Fri, 28 Apr 2017 10:42:37 +0200
+Subject: [PATCH] input: limit kbd queue depth
+
+Apply a limit to the number of items we accept into the keyboard queue.
+
+Impact: Without this limit vnc clients can exhaust host memory by
+sending keyboard events faster than qemu feeds them to the guest.
+
+Fixes: CVE-2017-8379
+Cc: P J P <ppandit@redhat.com>
+Cc: Huawei PSIRT <PSIRT@huawei.com>
+Reported-by: jiangxin1@huawei.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-id: 20170428084237.23960-1-kraxel@redhat.com
+---
+ ui/input.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/ui/input.c b/ui/input.c
+index ed88cda6d6..fb1f404095 100644
+--- a/ui/input.c
++++ b/ui/input.c
+@@ -41,6 +41,8 @@ static QTAILQ_HEAD(QemuInputEventQueueHead, QemuInputEventQueue) kbd_queue =
+     QTAILQ_HEAD_INITIALIZER(kbd_queue);
+ static QEMUTimer *kbd_timer;
+ static uint32_t kbd_default_delay_ms = 10;
++static uint32_t queue_count;
++static uint32_t queue_limit = 1024;
+ 
+ QemuInputHandlerState *qemu_input_handler_register(DeviceState *dev,
+                                                    QemuInputHandler *handler)
+@@ -268,6 +270,7 @@ static void qemu_input_queue_process(void *opaque)
+             break;
+         }
+         QTAILQ_REMOVE(queue, item, node);
++        queue_count--;
+         g_free(item);
+     }
+ }
+@@ -282,6 +285,7 @@ static void qemu_input_queue_delay(struct QemuInputEventQueueHead *queue,
+     item->delay_ms = delay_ms;
+     item->timer = timer;
+     QTAILQ_INSERT_TAIL(queue, item, node);
++    queue_count++;
+ 
+     if (start_timer) {
+         timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL)
+@@ -298,6 +302,7 @@ static void qemu_input_queue_event(struct QemuInputEventQueueHead *queue,
+     item->src = src;
+     item->evt = evt;
+     QTAILQ_INSERT_TAIL(queue, item, node);
++    queue_count++;
+ }
+ 
+ static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
+@@ -306,6 +311,7 @@ static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
+ 
+     item->type = QEMU_INPUT_QUEUE_SYNC;
+     QTAILQ_INSERT_TAIL(queue, item, node);
++    queue_count++;
+ }
+ 
+ void qemu_input_event_send_impl(QemuConsole *src, InputEvent *evt)
+@@ -381,7 +387,7 @@ void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down)
+         qemu_input_event_send(src, evt);
+         qemu_input_event_sync();
+         qapi_free_InputEvent(evt);
+-    } else {
++    } else if (queue_count < queue_limit) {
+         qemu_input_queue_event(&kbd_queue, src, evt);
+         qemu_input_queue_sync(&kbd_queue);
+     }
+@@ -409,8 +415,10 @@ void qemu_input_event_send_key_delay(uint32_t delay_ms)
+         kbd_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, qemu_input_queue_process,
+                                  &kbd_queue);
+     }
+-    qemu_input_queue_delay(&kbd_queue, kbd_timer,
+-                           delay_ms ? delay_ms : kbd_default_delay_ms);
++    if (queue_count < queue_limit) {
++        qemu_input_queue_delay(&kbd_queue, kbd_timer,
++                               delay_ms ? delay_ms : kbd_default_delay_ms);
++    }
+ }
+ 
+ InputEvent *qemu_input_event_new_btn(InputButton btn, bool down)
+-- 
+2.13.0
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-8380.patch b/gnu/packages/patches/qemu-CVE-2017-8380.patch
new file mode 100644
index 0000000000..65e49fc885
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-8380.patch
@@ -0,0 +1,53 @@
+Fix CVE-2017-8380:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8380
+
+Patch copied from upstream source repository:
+
+http://git.qemu.org/?p=qemu.git;a=commitdiff;h=24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f
+
+From 24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Mon, 24 Apr 2017 17:36:34 +0530
+Subject: [PATCH] scsi: avoid an off-by-one error in megasas_mmio_write
+
+While reading magic sequence(MFI_SEQ) in megasas_mmio_write,
+an off-by-one error could occur as 's->adp_reset' index is not
+reset after reading the last sequence.
+
+Reported-by: YY Z <bigbird475958471@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-Id: <20170424120634.12268-1-ppandit@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/scsi/megasas.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
+index 84b8caf901..804122ab05 100644
+--- a/hw/scsi/megasas.c
++++ b/hw/scsi/megasas.c
+@@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr addr,
+     case MFI_SEQ:
+         trace_megasas_mmio_writel("MFI_SEQ", val);
+         /* Magic sequence to start ADP reset */
+-        if (adp_reset_seq[s->adp_reset] == val) {
+-            s->adp_reset++;
++        if (adp_reset_seq[s->adp_reset++] == val) {
++            if (s->adp_reset == 6) {
++                s->adp_reset = 0;
++                s->diag = MFI_DIAG_WRITE_ENABLE;
++            }
+         } else {
+             s->adp_reset = 0;
+             s->diag = 0;
+         }
+-        if (s->adp_reset == 6) {
+-            s->diag = MFI_DIAG_WRITE_ENABLE;
+-        }
+         break;
+     case MFI_DIAG:
+         trace_megasas_mmio_writel("MFI_DIAG", val);
+-- 
+2.13.0
+
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 1017c31dad..45fdca211c 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -14922,3 +14922,377 @@ Supported metrics are:
 
 (define-public python2-radon
   (package-with-python2 python-radon))
+
+(define-public python-sure
+  (package
+    (name "python-sure")
+    (version "1.4.6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "sure" version))
+       (sha256
+        (base32
+         "1iyqsy2d6radi88g1qf0lziy5b39h5cpb3g5jiqyb4xi46ig3x1z"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-mock" ,python-mock)
+       ("python-six" ,python-six)))
+    (native-inputs
+     `(("python-nose" ,python-nose)))
+    (home-page "https://github.com/gabrielfalcao/sure")
+    (synopsis "Automated testing library in python for python")
+    (description
+     "Sure is a python library that leverages a DSL for writing assertions.
+Sure is heavily inspired by @code{RSpec Expectations} and @code{should.js}.")
+    (license license:gpl3+)))
+
+(define-public python2-sure
+  (package-with-python2 python-sure))
+
+(define-public python2-couleur
+  ;; This package does not seem to support python3 at all, hence,
+  ;; only the python2 variant definition is provided.
+  (package
+    (name "python2-couleur")
+    (version "0.6.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "couleur" version))
+       (sha256
+        (base32
+         "1qqaxyqz74wvid0cr119dhcwz0h0if5b5by44zl49pd5z65v58k1"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:python ,python-2))
+    (home-page "https://github.com/gabrielfalcao/couleur")
+    (synopsis
+     "ANSI terminal tool for python, colored shell and other handy fancy features")
+    (description
+     "@code{Couleur} provides python programs a way to use the ANSI features in a unix
+terminal such as coloured output in the shell, overwriting output, indentation, etc.")
+    ;; README.md says ASL2.0, but all source code headers are LGPL3+.
+    ;; https://github.com/gabrielfalcao/couleur/issues/11
+    (license license:lgpl3+)))
+
+(define-public python-misaka
+  (package
+    (name "python-misaka")
+    (version "2.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "misaka" version))
+       (sha256
+        (base32
+         "1yqrq3a5rracirmvk52n28nn6ckdaz897gnigv89a9gmyn87sqw7"))))
+    (build-system python-build-system)
+    (arguments
+     `(;; Line 37 of setup.py calls self.run_command('develop')
+       ;; in the 'check' phase. This command seems to be trying
+       ;; to write to
+       ;; /gnu/store/...-python-<version>/lib/python<version>/site-packages/
+       ;; for which it does not have the permission to write.
+       #:tests? #f))
+    (propagated-inputs
+     `(("python-cffi" ,python-cffi)))
+    (home-page "https://github.com/FSX/misaka")
+    (synopsis "Python binding for Hoedown")
+    (description
+     "@code{Misaka} is a CFFI-based binding for @code{Hoedown}, a fast markdown processing
+library written in C.  It features a fast HTML renderer and functionality to make custom
+renderers (e.g. man pages or LaTeX).")
+    (license license:expat)))
+
+(define-public python2-misaka
+  (package-with-python2 python-misaka))
+
+(define-public python2-steadymark
+  ;; This is forced into being a python2 only variant
+  ;; due to its dependence on couleur that has no support
+  ;; for python3
+  (package
+    (name "python2-steadymark")
+    (version "0.7.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "steadymark" version))
+       (sha256
+        (base32
+         "1640i9g8dycql3cc8j0bky0jkzj0q39blfbp4lsgpkprkfgcdk8v"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-couleur" ,python2-couleur)
+       ("python-sure" ,python2-sure)
+       ("python-misaka" ,python2-misaka)))
+    (arguments
+     `(#:python ,python-2
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'patch-setup-py
+           (lambda _
+             ;; Update requirements from dependency==version
+             ;; to dependency>=version
+             (substitute* "setup.py"
+               (("==") ">="))
+             #t)))))
+    (home-page "https://github.com/gabrielfalcao/steadymark")
+    (synopsis "Markdown-based test runner for python")
+    (description
+     "@code{Steadymark} allows documentation to be written in github-flavoured
+markdown.  The documentation may contain snippets of code surrounded by python
+code blocks and @code{Steadymark} will find these snippets and run them, making
+sure that there are no old malfunctional examples in the documentation examples.")
+    (license license:expat)))
+
+(define-public python-nose-randomly
+  (package
+    (name "python-nose-randomly")
+    (version "1.2.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "nose-randomly" version))
+       (sha256
+        (base32
+         "1cw9dlr1zh3w4i438kin7z0rm8092ki52hayisyc43h9pcplq7rn"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-nose" ,python-nose)
+       ("python-numpy" ,python-numpy)))
+    (home-page "https://github.com/adamchainz/nose-randomly")
+    (synopsis
+     "Nose plugin to randomly order tests and control random.seed")
+    (description
+     "This is a @code{Nose} plugin to randomly order tests which can be quite
+powerful in discovering hidden flaws in the tests themselves, while helping to
+reduce inter-test dependencies.  It also helps in controlling @code{random.seed},
+by resetting it to a repeatable number for each test, enabling the tests to
+create data based on random numbers and yet remain repeatable.")
+    (license license:bsd-3)))
+
+(define-public python2-nose-randomly
+  (package-with-python2 python-nose-randomly))
+
+(define-public python-jsonpointer
+  (package
+    (name "python-jsonpointer")
+    (version "1.10")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "jsonpointer" version))
+       (sha256
+        (base32
+         "1cg0gvgqjysydv6p45v4jywg1jb3v48c7m3cbpi57zgf6nndr9cz"))))
+  (build-system python-build-system)
+  (home-page "https://github.com/stefankoegl/python-json-pointer")
+  (synopsis "Identify specific nodes in a JSON document")
+  (description "@code{jsonpointer} allows you to access specific nodes
+by path in a JSON document (see RFC 6901).")
+  (license license:bsd-3)))
+
+(define-public python2-jsonpointer
+  (package-with-python2 python-jsonpointer))
+
+(define-public python-rfc3987
+  (package
+    (name "python-rfc3987")
+    (version "1.3.7")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (pypi-uri "rfc3987" version))
+      (sha256
+       (base32
+        "192pclzs2y0yaywqkrlvd0x73740q310kvqvm6jldhi619mq59wi"))))
+    (build-system python-build-system)
+    (home-page "http://pypi.python.org/pypi/rfc3987")
+    (synopsis "Parsing and validation of URIs (RFC 3986) and IRIs (RFC 3987)")
+    (description "@code{rfc3987} provides routines for parsing and
+validation of URIs (see RFC 3986) and IRIs (see RFC 3987).")
+    (license license:gpl3+)))
+
+(define-public python2-rfc3987
+  (package-with-python2 python-rfc3987))
+
+(define-public python-validate-email
+  (package
+    (name "python-validate-email")
+    (version "1.3")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (pypi-uri "validate_email" version))
+      (sha256
+       (base32
+        "1bxffaf5yz2cph8ki55vdvdypbwkvn2xr1firlcy62vqbzf1jivq"))))
+    (build-system python-build-system)
+    (home-page "http://github.com/syrusakbary/validate_email")
+    (synopsis "Verifies if an email address is valid and really exists")
+    (description "@code{validate_email} can be used to verify if an email
+address is valid and really exists.")
+    (license license:lgpl3+)))
+
+(define-public python2-validate-email
+  (package-with-python2 python-validate-email))
+
+(define-public python-flex
+  (package
+    (name "python-flex")
+    (version "6.10.0")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (pypi-uri "flex" version))
+      (sha256
+       (base32
+        "00pamnwla3khk8nyla7y28dq9jnh69swd7f4jfsl7sn1izs8n8zk"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-click" ,python-click)
+       ("python-iso8601" ,python-iso8601)
+       ("python-jsonpointer" ,python-jsonpointer)
+       ("python-pyyaml" ,python-pyyaml)
+       ("python-requests" ,python-requests)
+       ("python-rfc3987" ,python-rfc3987)
+       ("python-six" ,python-six)
+       ("python-validate-email" ,python-validate-email)))
+    (home-page "https://github.com/pipermerriam/flex")
+    (synopsis "Validates Swagger schemata")
+    (description "@code{flex} can be used to validate Swagger schemata.")
+    (license license:bsd-3)))
+
+(define-public python2-flex
+  (package-with-python2 python-flex))
+
+(define-public python-marshmallow
+  (package
+    (name "python-marshmallow")
+    (version "3.0.0b2")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (pypi-uri "marshmallow" version))
+      (sha256
+       (base32
+        "11bnpvfdbczr74177p295zbkdrax2cahvbj5bqhhlprgz2xxi5d9"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-dateutil" ,python-dateutil)
+       ("python-simplejson" ,python-simplejson)))
+    (native-inputs
+     `(("python-pytest-3.0" ,python-pytest-3.0)
+       ("python-pytz" ,python-pytz)))
+    (home-page "https://github.com/marshmallow-code/marshmallow")
+    (synopsis "Convert complex datatypes to and from native
+Python datatypes.")
+    (description "@code{marshmallow} provides a library for converting
+complex datatypes to and from native Python datatypes.")
+    (license license:expat)))
+
+(define-public python2-marshmallow
+  (package-with-python2 python-marshmallow))
+
+(define-public python-bottle
+  (package
+    (name "python-bottle")
+    (version "0.12.13")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (pypi-uri "bottle" version))
+      (sha256
+        (base32
+          "0m9k2a7yxvggc4kw8fsvj381vgsvfcdshg5nzy6vwrxiw2p53drr"))))
+    (build-system python-build-system)
+    (home-page "http://bottlepy.org/")
+    (synopsis "WSGI framework for small web-applications.")
+    (description "@code{python-bottle} is a WSGI framework for small web-applications.")
+    (license license:expat)))
+
+(define-public python2-bottle
+  (package-with-python2 python-bottle))
+
+(define-public python-apispec
+  (package
+    (name "python-apispec")
+    (version "0.22.0")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (pypi-uri "apispec" version))
+      (sha256
+        (base32
+          "0y3jxmgp2d24am3hxl40f5rw9abb0r8037sagax3dv64h4n1azwq"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-pyyaml" ,python-pyyaml)))
+    (native-inputs
+     `(("python-pytest-3.0" ,python-pytest-3.0)
+       ("python-flask" ,python-flask)
+       ("python-marshmallow" ,python-marshmallow)
+       ("python-tornado" ,python-tornado)
+       ("python-bottle" ,python-bottle)
+       ("python-mock" ,python-mock)))
+    (home-page "https://github.com/marshmallow-code/apispec")
+    (synopsis "Swagger 2.0 API specification generator")
+    (description "@code{python-apispec} is a pluggable API specification
+generator. Currently supports the OpenAPI specification (f.k.a.
+Swagger 2.0).")
+    (license license:expat)))
+
+(define-public python2-apispec
+  (package-with-python2 python-apispec))
+
+(define-public python-flasgger
+  (package
+    (name "python-flasgger")
+    (version "0.6.3")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://github.com/rochacbruno/flasgger/archive/"
+                            version ".tar.gz"))
+        (file-name (string-append name "-" version ".tar.gz"))
+        (sha256
+          (base32
+            "1gqzlm0rb55fdpsy5ipkganlx9cnpi454fqyycr03jm22zql14ay"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (replace 'check
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (substitute* "Makefile"
+               (("flake8 flasgger --ignore=F403")
+                "flake8 flasgger --ignore=E731,F403"))
+             (setenv "PYTHONPATH" (string-append (getcwd)
+                                                 ":"
+                                                 (getenv "PYTHONPATH")))
+             (zero? (system* "py.test")))))))
+    (propagated-inputs
+     `(("python-flask" ,python-flask)
+       ("python-pyyaml" ,python-pyyaml)
+       ("python-jsonschema" ,python-jsonschema)
+       ("python-mistune" ,python-mistune)
+       ("python-six" ,python-six)))
+    (native-inputs
+     `(("python-decorator" ,python-decorator)
+       ("python-flake8" ,python-flake8)
+       ("python-flask-restful" ,python-flask-restful)
+       ("python-flex" ,python-flex)
+       ("python-pytest-3.0" ,python-pytest-3.0)
+       ("python-pytest-cov" ,python-pytest-cov)
+       ("python-marshmallow" ,python-marshmallow)
+       ("python-apispec" ,python-apispec)))
+    (home-page "https://github.com/rochacbruno/flasgger/")
+    (synopsis "Extract Swagger specs from your Flask project")
+    (description "@code{python-flasgger} allows extracting Swagger specs
+from your Flask project.  It is a fork of Flask-Swagger.")
+    (license license:expat)))
+
+(define-public python2-flasgger
+  (package-with-python2 python-flasgger))
diff --git a/gnu/packages/qemu.scm b/gnu/packages/qemu.scm
index 0734b6d0f7..31354b25d7 100644
--- a/gnu/packages/qemu.scm
+++ b/gnu/packages/qemu.scm
@@ -74,7 +74,11 @@
              (method url-fetch)
              (uri (string-append "http://wiki.qemu-project.org/download/qemu-"
                                  version ".tar.xz"))
-             (patches (search-patches "qemu-CVE-2017-7493.patch"))
+             (patches (search-patches "qemu-CVE-2017-7493.patch"
+                                      "qemu-CVE-2017-8112.patch"
+                                      "qemu-CVE-2017-8309.patch"
+                                      "qemu-CVE-2017-8379.patch"
+                                      "qemu-CVE-2017-8380.patch"))
              (sha256
               (base32
                "08mhfs0ndbkyqgw7fjaa9vjxf4dinrly656f6hjzvmaz7hzc677h"))))
diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm
index 47d3a46148..5e04e86539 100644
--- a/gnu/packages/shells.scm
+++ b/gnu/packages/shells.scm
@@ -459,6 +459,111 @@ and redirections, and a complete syscall library for low-level access to the
 operating system.")
       (license bsd-3))))
 
+(define-public linenoise
+  (package
+    (name "linenoise")
+    (version "1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/antirez/linenoise/"
+                           "archive/" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "05006hd56xcvxjdpll4x720bpfan7vwqmxbw8a2kvm10w57ll1gm"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ;No tests are included
+       #:make-flags (list "CC=gcc")
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             ;; At the moment there is no 'make install' in upstream.
+             (let* ((out (assoc-ref outputs "out")))
+               (install-file "linenoise.h"
+                             (string-append out "/include/linenoise"))
+               (install-file "linenoise.c"
+                             (string-append out "/include/linenoise"))
+               #t))))))
+    (home-page "https://github.com/antirez/linenoise")
+    (synopsis "Minimal zero-config readline replacement")
+    (description
+     "Linenoise is a minimal, zero-config, readline replacement.
+Its features include:
+
+@enumerate
+@item Single and multi line editing mode with the usual key bindings
+@item History handling
+@item Completion
+@item Hints (suggestions at the right of the prompt as you type)
+@item A subset of VT100 escapes, ANSI.SYS compatible
+@end enumerate\n")
+    (license bsd-2)))
+
+(define-public s
+  (let ((commit "6604341edb3a775ff94415762af3ee9bd86bfb3c")
+        (revision "1"))
+    (package
+      (name "s")
+      (version (string-append "0.0.0-" revision "." (string-take commit 7)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/rain-1/s")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "1075cml6dl15d770j3m12yz90cjacsdslbv3gank1nxd76vmpdcr"))))
+      (build-system gnu-build-system)
+      (inputs
+       `(("linenoise" ,linenoise)))
+      (arguments
+       `(#:tests? #f
+         #:make-flags (list "CC=gcc")
+         #:phases
+         (modify-phases %standard-phases
+           (add-after 'unpack 'install-directory-fix
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (bin (string-append out "/bin")))
+                 (substitute* "Makefile"
+                   (("out") bin))
+                 #t)))
+           (add-after 'install 'manpage
+             (lambda* (#:key outputs #:allow-other-keys)
+               (install-file "s.1" (string-append (assoc-ref outputs "out")
+                                                  "/share/man/man1"))))
+           (replace 'configure
+             (lambda* (#:key inputs outputs #:allow-other-keys)
+               ;; At this point linenoise is meant to be included,
+               ;; so we have to really copy it into the working directory
+               ;; of s.
+               (let* ((linenoise (assoc-ref inputs "linenoise"))
+                      (noisepath (string-append linenoise "/include/linenoise"))
+                      (out (assoc-ref outputs "out")))
+                 (copy-recursively noisepath "linenoise")
+                 (substitute* "s.c"
+                   (("/bin/s") (string-append out "/bin/s")))
+                 #t))))))
+      (home-page "https://github.com/rain-1/s")
+      (synopsis "Extremely minimal shell with the simplest syntax possible")
+      (description
+       "S is a new shell that aims to be extremely simple.
+S does not implemnt the POSIX shell standard.
+There are no globs or \"splatting\" where a variable $FOO turns into multiple
+command line arguments.  One token stays one token forever.
+This is a \"no surprises\" straightforward approach.
+
+There are no redirection operators > in the shell language, they are added as
+extra programs.  > is just another unix command, < is essentially cat(1).
+A @code{andglob} program is also provided along with s.")
+      (license bsd-3))))
+
 (define-public loksh
   (package
     (name "loksh")
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 12fc2c6cc3..32c9a132a6 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -336,7 +336,9 @@ everything from small to very large projects with speed and efficiency.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1cdwcw38frc1wf28x5ppddazv9hywc718j92f3xa3ybzzycyds3s"))))
+                "1cdwcw38frc1wf28x5ppddazv9hywc718j92f3xa3ybzzycyds3s"))
+              (patches (search-patches "libgit2-use-after-free.patch"
+                                       "libgit2-0.25.1-mtime-0.patch"))))
     (build-system cmake-build-system)
     (arguments
      `(#:phases
@@ -349,25 +351,13 @@ everything from small to very large projects with speed and efficiency.")
                (("/bin/cp") (which "cp"))
                (("/bin/rm") (which "rm")))
              #t))
-         (add-after 'unpack 'apply-patch
-           (lambda* (#:key inputs #:allow-other-keys)
-             ;; XXX: For some reason adding the patch in 'patches', which
-             ;; leads to a new tarball with all timestamps reset and ordering
-             ;; by name (slightly different file order compared to the
-             ;; original tarball) leads to an obscure Python error while
-             ;; running 'generate.py':
-             ;;   'Module' object has no attribute 'callbacks'
-             ;; Thus, apply the patch here, which minimizes disruption.
-             (let ((patch (assoc-ref inputs "patch")))
-               (zero? (system* "patch" "-p1" "--force" "--input" patch)))))
          ;; Run checks more verbosely.
          (replace 'check
            (lambda _ (zero? (system* "./libgit2_clar" "-v" "-Q")))))))
     (inputs
      `(("libssh2" ,libssh2)
        ("libcurl" ,curl)
-       ("python" ,python-wrapper)
-       ("patch" ,(search-patch "libgit2-use-after-free.patch"))))
+       ("python" ,python-wrapper)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (propagated-inputs
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index ac2eec5f94..909d23ad2e 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -19,6 +19,7 @@
 ;;; Copyright © 2017 Chris Marusich <cmmarusich@gmail.com>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2017 Ethan R. Jones <doubleplusgood23@gmail.com>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -659,7 +660,10 @@ audio/video codec library.")
                "1a22b913p2227ljz89c4fgjlyln5gcz8z58w32r0wh4srnnd60y4"))))
     (build-system gnu-build-system)
     (native-inputs
-     `(("git" ,git) ; needed for a test
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("git" ,git) ; needed for a test
+       ("libtool" ,libtool)
        ("pkg-config" ,pkg-config)))
     ;; FIXME: Add optional inputs once available.
     (inputs
@@ -673,6 +677,7 @@ audio/video codec library.")
        ("gnutls" ,gnutls)
        ("liba52" ,liba52)
        ("libcddb" ,libcddb)
+       ("libdvbpsi" ,libdvbpsi)
        ("libgcrypt" ,libgcrypt)
        ("libkate" ,libkate)
        ("libmad" ,libmad)
@@ -687,6 +692,7 @@ audio/video codec library.")
        ("libxinerama" ,libxinerama)
        ("libxml2" ,libxml2)
        ("libxpm" ,libxpm)
+       ("livemedia-utils" ,livemedia-utils)
        ("lua" ,lua-5.1)
        ("mesa" ,mesa)
        ("opus" ,opus)
@@ -714,6 +720,15 @@ audio/video codec library.")
 
        #:phases
        (modify-phases %standard-phases
+         (add-before 'configure 'bootstrap
+           (lambda _ (zero? (system* "sh" "bootstrap"))))
+         (add-before 'bootstrap 'fix-livemedia-utils-prefix
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((livemedia-utils (assoc-ref inputs "livemedia-utils")))
+               (substitute* "configure.ac"
+                 (("LIVE555_PREFIX=\\$\\{LIVE555_PREFIX-\"/usr\"\\}")
+                  (string-append "LIVE555_PREFIX=" livemedia-utils)))
+               #t)))
          (add-before 'configure 'remove-visual-tests
            ;; Some of the tests require using the display to test out VLC,
            ;; which fails in our sandboxed build system
@@ -2153,3 +2168,64 @@ MPEG-2, MPEG-4, DVD (VOB)...
 information and other metadata about audio or video files.  It supports the
 many codecs and formats supported by libmediainfo.")
     (license license:bsd-2)))
+
+(define-public livemedia-utils
+  (package
+    (name "livemedia-utils")
+    (version "2017.05.24")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "http://www.live555.com/liveMedia/public/live."
+                    version ".tar.gz"))
+              (sha256
+               (base32
+                "1ra64j3qa89hf3xika8jz9gd8al8mcaqlk5ivw5pclnd2df5f4im"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:tests? #f ; no tests
+       #:make-flags (list "CC=gcc"
+                          (string-append "LDFLAGS=-Wl,-rpath="
+                                         (assoc-ref %outputs "out") "/lib")
+                          (string-append "PREFIX="
+                                         (assoc-ref %outputs "out")))
+       #:phases (modify-phases %standard-phases
+                  (add-before 'configure 'fix-makefiles-generation
+                    (lambda _
+                      (substitute* "genMakefiles"
+                        (("/bin/rm") "rm"))
+                      #t))
+                  (replace 'configure
+                    (lambda _
+                      (zero? (system* "./genMakefiles"
+                                      "linux-with-shared-libraries")))))))
+    (home-page "http://www.live555.com/liveMedia/")
+    (synopsis "Set of C++ libraries for multimedia streaming")
+    (description "This code forms a set of C++ libraries for multimedia
+streaming, using open standard protocols (RTP/RTCP, RTSP, SIP).  The libraries
+can be used to stream, receive, and process MPEG, H.265, H.264, H.263+, DV or
+JPEG video, and several audio codecs.  They can easily be extended to support
+additional (audio and/or video) codecs, and can also be used to build basic
+RTSP or SIP clients and servers.")
+    (license license:lgpl3+)))
+
+(define-public libdvbpsi
+  (package
+    (name "libdvbpsi")
+    (version "1.3.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://download.videolan.org/pub/libdvbpsi/"
+                    version "/libdvbpsi-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "0824r08kaspbrrg2dd5d46s475zb7j59brqkm2y6x3mdsnpng0yn"))))
+    (build-system gnu-build-system)
+    (home-page "https://www.videolan.org/developers/libdvbpsi.html")
+    (synopsis "Library for decoding and generation of MPEG TS and DVB PSI
+tables")
+    (description "libdvbpsi is a simple library designed for decoding and
+generation of MPEG TS and DVB PSI tables according to standards ISO/IEC 13818s
+and ITU-T H.222.0.")
+    (license license:lgpl2.1)))
diff --git a/gnu/packages/wine.scm b/gnu/packages/wine.scm
index a74cbcf2b4..7d51f899f0 100644
--- a/gnu/packages/wine.scm
+++ b/gnu/packages/wine.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2014, 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -54,14 +55,14 @@
 (define-public wine
   (package
     (name "wine")
-    (version "2.4")
+    (version "2.9")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://dl.winehq.org/wine/source/2.x"
                                   "/wine-" version ".tar.xz"))
               (sha256
                (base32
-                "13klfadvd44zdfrzh38al99s53i02x3mlhcj5z7fq7vqwh3xzdc7"))))
+                "0pslhs3kwjimlz5ad6vzzdw7lgbfpwl8vyg4jmf17p61pfxzfimc"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)
                      ("gettext" ,gettext-minimal)
diff --git a/guix/scripts/refresh.scm b/guix/scripts/refresh.scm
index f85d6e5101..dd93e7d3e7 100644
--- a/guix/scripts/refresh.scm
+++ b/guix/scripts/refresh.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2015 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
+;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -27,6 +28,7 @@
   #:use-module (guix store)
   #:use-module (guix utils)
   #:use-module (guix packages)
+  #:use-module (guix profiles)
   #:use-module (guix upstream)
   #:use-module (guix discovery)
   #:use-module (guix graph)
@@ -79,6 +81,9 @@
         (option '(#\L "list-updaters") #f #f
                 (lambda args
                   (list-updaters-and-exit)))
+        (option '(#\m "manifest") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'manifest arg result)))
         (option '(#\e "expression") #t #f
                 (lambda (opt name arg result)
                   (alist-cons 'expression arg result)))
@@ -125,6 +130,8 @@ specified with `--select'.\n"))
   -s, --select=SUBSET    select all the packages in SUBSET, one of
                          `core' or `non-core'"))
   (display (G_ "
+  -m, --manifest=FILE    select all the packages from the manifest in FILE"))
+  (display (G_ "
   -t, --type=UPDATER,... restrict to updates from the specified updaters
                          (e.g., 'gnu')"))
   (display (G_ "
@@ -308,6 +315,24 @@ dependent packages are rebuilt: ~{~a~^ ~}~%"
 
 
 ;;;
+;;; Manifest.
+;;;
+
+(define (manifest->packages manifest)
+  "Return the list of packages in MANIFEST."
+  (filter-map (lambda (entry)
+                (let ((item (manifest-entry-item entry)))
+                  (if (package? item) item #f)))
+              (manifest-entries manifest)))
+
+(define (packages-from-manifest manifest)
+  "Return the list of packages in loaded MANIFEST."
+  (let* ((user-module (make-user-module '((guix profiles) (gnu))))
+         (manifest    (load* manifest user-module)))
+    (manifest->packages manifest)))
+
+
+;;;
 ;;; Entry point.
 ;;;
 
@@ -378,8 +403,7 @@ update would trigger a complete rebuild."
          ;; the command line.
          (warn?           (or (assoc-ref opts 'argument)
                               (assoc-ref opts 'expression)))
-
-         (packages
+         (args-packages
           (match (filter-map (match-lambda
                                (('argument . spec)
                                 ;; Take either the specified version or the
@@ -400,7 +424,11 @@ update would trigger a complete rebuild."
                                     result))
                               '())))
             (some                                 ; user-specified packages
-             some))))
+             some)))
+         (packages
+          (match (assoc-ref opts 'manifest)
+            (#f args-packages)
+            ((? string? file) (packages-from-manifest file)))))
     (with-error-handling
       (with-store store
         (run-with-store store
diff --git a/nix/nix-daemon/guix-daemon.cc b/nix/nix-daemon/guix-daemon.cc
index aa47a290d2..0d9c33d1d2 100644
--- a/nix/nix-daemon/guix-daemon.cc
+++ b/nix/nix-daemon/guix-daemon.cc
@@ -81,6 +81,8 @@ builds derivations on behalf of its clients.");
 #define GUIX_OPT_GC_KEEP_OUTPUTS 15
 #define GUIX_OPT_GC_KEEP_DERIVATIONS 16
 #define GUIX_OPT_BUILD_ROUNDS 17
+#define GUIX_OPT_TIMEOUT 18
+#define GUIX_OPT_MAX_SILENT_TIME 19
 
 static const struct argp_option options[] =
   {
@@ -91,6 +93,10 @@ static const struct argp_option options[] =
     },
     { "max-jobs", 'M', n_("N"), 0,
       n_("allow at most N build jobs") },
+    { "timeout", GUIX_OPT_TIMEOUT, n_("SECONDS"), 0,
+      n_("mark builds as failed after SECONDS of activity") },
+    { "max-silent-time", GUIX_OPT_MAX_SILENT_TIME, n_("SECONDS"), 0,
+      n_("mark builds as failed after SECONDS of silence") },
     { "disable-chroot", GUIX_OPT_DISABLE_CHROOT, 0, 0,
       n_("disable chroot builds") },
     { "chroot-directory", GUIX_OPT_CHROOT_DIR, n_("DIR"), 0,
@@ -245,6 +251,12 @@ parse_opt (int key, char *arg, struct argp_state *state)
     case 'M':
       settings.set ("build-max-jobs", arg);
       break;
+    case GUIX_OPT_TIMEOUT:
+      settings.set ("build-timeout", arg);
+      break;
+    case GUIX_OPT_MAX_SILENT_TIME:
+      settings.set ("build-max-silent-time", arg);
+      break;
     case GUIX_OPT_SYSTEM:
       settings.thisSystem = arg;
       break;
diff --git a/tests/guix-daemon.sh b/tests/guix-daemon.sh
index fde49e25a2..9186ffd585 100644
--- a/tests/guix-daemon.sh
+++ b/tests/guix-daemon.sh
@@ -145,3 +145,39 @@ guile -c '
            (exit
             (= 42 (pk (call-with-input-file (derivation->output-path drv)
                         read)))))))'
+
+
+kill "$daemon_pid"
+
+# Make sure the daemon's default 'timeout' and 'max-silent-time' settings are
+# honored.
+
+client_code='
+  (use-modules (guix) (gnu packages) (guix tests) (srfi srfi-34))
+
+  (with-store store
+    (let* ((build  (add-text-to-store store "build.sh"
+                                      "while true ; do : ; done"))
+           (bash   (add-to-store store "bash" #t "sha256"
+                                 (search-bootstrap-binary "bash"
+                                                          (%current-system))))
+           (drv    (derivation store "the-thing" bash
+                               `("-e" ,build)
+                               #:inputs `((,bash) (,build))
+                               #:env-vars `(("x" . ,(random-text))))))
+      (exit (guard (c ((nix-protocol-error? c)
+                       (->bool
+                        (string-contains (pk (nix-protocol-error-message c))
+                                         "failed"))))
+              (build-derivations store (list drv))
+              #f))))'
+
+
+for option in --max-silent-time=1 --timeout=1
+do
+    guix-daemon --listen="$socket" --disable-chroot "$option" &
+    daemon_pid=$!
+
+    GUIX_DAEMON_SOCKET="$socket" guile -c "$client_code"
+    kill "$daemon_pid"
+done