summary refs log tree commit diff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-05-24 18:02:27 -0400
committerLeo Famulari <leo@famulari.name>2017-05-24 18:02:27 -0400
commit38f1163c955945e92ba4d48c6f7c233c7a2aac1f (patch)
tree19c19ef24df71475d89b648fd3a34dacfe78fdcb
parent9269ce492576a9fbb5aa39548f03dab9207fb8e9 (diff)
parentff51a87cae360334ed42c79c3e4e46fb7c121eb2 (diff)
downloadguix-38f1163c955945e92ba4d48c6f7c233c7a2aac1f.tar.gz
Merge branch 'master' into core-updates
-rw-r--r--gnu/local.mk3
-rw-r--r--gnu/packages/audio.scm7
-rw-r--r--gnu/packages/gnome.scm39
-rw-r--r--gnu/packages/logging.scm12
-rw-r--r--gnu/packages/music.scm10
-rw-r--r--gnu/packages/patches/libtasn1-CVE-2017-6891.patch51
-rw-r--r--gnu/packages/python.scm20
-rw-r--r--gnu/packages/samba.scm4
-rw-r--r--gnu/packages/scanner.scm51
-rw-r--r--gnu/packages/tls.scm14
-rw-r--r--gnu/packages/xdisorg.scm8
-rw-r--r--guix/scripts/publish.scm12
12 files changed, 151 insertions, 80 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 5ffd9779f9..416bf9e716 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -746,7 +746,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch	\
   %D%/packages/patches/libsndfile-CVE-2017-8362.patch		\
   %D%/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch	\
-  %D%/packages/patches/libtar-CVE-2013-4420.patch \
+  %D%/packages/patches/libtar-CVE-2013-4420.patch 		\
+  %D%/packages/patches/libtasn1-CVE-2017-6891.patch 		\
   %D%/packages/patches/libtheora-config-guess.patch		\
   %D%/packages/patches/libtiff-CVE-2016-10092.patch		\
   %D%/packages/patches/libtiff-CVE-2016-10093.patch		\
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index 497f20538d..dc668ce131 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -2054,11 +2054,14 @@ the Turtle syntax.")
               (base32
                "1kji3lhha26qr6xm9j8ic5c40zbrrb5qnwm2qxzmsfxgmrz29wkf"))))
     (build-system waf-build-system)
-    (arguments `(#:tests? #f)) ; no check target
+    (arguments
+     `(#:tests? #f ; no check target
+       #:configure-flags
+       '("CXXFLAGS=-std=gnu++11")))
     (inputs
      `(("lv2" ,lv2)
        ("gtk+-2" ,gtk+-2)
-       ("qt-4" ,qt-4)))
+       ("qt" ,qtbase)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (home-page "http://drobilla.net/software/suil/")
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 6990ab564a..45aa80176c 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -1745,7 +1745,7 @@ engineering.")
 (define-public gnome-themes-standard
   (package
     (name "gnome-themes-standard")
-    (version "3.22.2")
+    (version "3.22.3")
     (source
      (origin
        (method url-fetch)
@@ -1754,7 +1754,7 @@ engineering.")
                            version ".tar.xz"))
        (sha256
         (base32
-         "19bxw69ms46px5xgvwbjlhq2vkmrqfx2az49q63w2wxqb76icidk"))))
+         "0smmiamrgcgf5sa88bsn8hwmvsyx4gczzs359nwxbkv14b2qgp31"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags
@@ -2973,7 +2973,7 @@ without stepping on each others toes.")
 (define-public clutter
   (package
     (name "clutter")
-    (version "1.26.0")
+    (version "1.26.2")
     (source
      (origin
        (method url-fetch)
@@ -2982,7 +2982,7 @@ without stepping on each others toes.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "01nfjd4k7j2n3agpx2d9ncff86nfsqv4n23465rb9zmk4iw4wlb7"))))
+         "0mif1qnrpkgxi43h7pimim6w6zwywa16ixcliw0yjm9hk0a368z7"))))
     ;; NOTE: mutter exports a bundled fork of clutter, so when making changes
     ;; to clutter, corresponding changes may be appropriate in mutter as well.
     (build-system gnu-build-system)
@@ -3057,7 +3057,7 @@ presentations, kiosk style applications and so on.")
 (define-public clutter-gst
   (package
     (name "clutter-gst")
-    (version "3.0.22")
+    (version "3.0.24")
     (source
      (origin
        (method url-fetch)
@@ -3066,7 +3066,7 @@ presentations, kiosk style applications and so on.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "1m6zwc7xr7lmbwiqav961g7jhc7gp5gb73dm6j93szpa6bxmgz7i"))))
+         "0v6cg0syh4vx7y7ni47jsvr2r57q0j3h1f1gjlp0ciscixywiwg9"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin")     ; for glib-mkenums
@@ -3088,7 +3088,7 @@ GL based interactive canvas library.")
 (define-public libchamplain
   (package
     (name "libchamplain")
-    (version "0.12.14")
+    (version "0.12.15")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -3096,7 +3096,7 @@ GL based interactive canvas library.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "13snnka1jqc5qrgij8bm22xy02pncf3dn5ij3jh4rrpzq7g1sqpi"))))
+                "0x5qa1aw1y59lzkmf4j4szspn49341a87vcja4ydgxny1chilwjl"))))
     (build-system gnu-build-system)
     (arguments '(#:configure-flags '("--enable-vala")))
     (native-inputs
@@ -3935,7 +3935,7 @@ wraps things up in a developer-friendly way.")
 (define-public libgee
   (package
     (name "libgee")
-    (version "0.18.1")
+    (version "0.20.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3943,7 +3943,7 @@ wraps things up in a developer-friendly way.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "18ir5264bhdg76kcjn8i5bfs1vz89qqn2py20aavm2cwbaz6ns4r"))))
+                "1fy24dr8imrjlmsqj1syn0gi139gba6hwk3j5vd6sr3pxniqnc11"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -4860,7 +4860,7 @@ providing graphical log-ins and managing local and remote displays.")
 (define-public libgtop
   (package
     (name "libgtop")
-    (version "2.34.1")
+    (version "2.36.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4868,7 +4868,7 @@ providing graphical log-ins and managing local and remote displays.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1qh9srg8pqmrsl12mwnclncs7agmjjvx3q6v5qwqvcb2cskpi6f8"))))
+                "0ax17c7nplghxgsf8zl92nmhkbnggj62wwzl7nq00aqb2m6f7gqk"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("gobject-introspection" ,gobject-introspection)
@@ -5112,7 +5112,7 @@ as SASL, TLS and VeNCrypt.  Additionally it supports encoding extensions.")
 (define-public gnome-autoar
   (package
     (name "gnome-autoar")
-    (version "0.1.1")
+    (version "0.2.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -5120,7 +5120,7 @@ as SASL, TLS and VeNCrypt.  Additionally it supports encoding extensions.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1jcs6jgysg9n3zi3d1l4iqddzmczfdcvz7vkxn607p32nl8bhp7n"))))
+                "0qnafiwgajsaryh669lfclb4f6z5n1r9r4zhig1ha0ykxq32rzp1"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("gnome-common" ,gnome-common)
@@ -5141,7 +5141,7 @@ easy, safe, and automatic.")
 (define-public tracker
   (package
     (name "tracker")
-    (version "1.10.3")
+    (version "1.12.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -5149,7 +5149,7 @@ easy, safe, and automatic.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "03ch3ndmxghfr9wnw9hfmpkjfa7k5v5cwwf3y1ja6ihk3c5avgbb"))))
+                "0vsrzzkcfvmylhpk1ww6xdx8z9sgjs0gn74gz82qngjyq3c3s6c3"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("gnome-common" ,gnome-common)
@@ -5176,13 +5176,14 @@ easy, safe, and automatic.")
        ("exempi" ,exempi)
        ("libxml2" ,libxml2)
        ("upower" ,upower)
-       ("libgee" ,libgee)
        ("libunistring" ,libunistring)
        ("giflib" ,giflib)
+       ("json-glib" ,json-glib)
        ("openjpeg" ,openjpeg-1)
        ("libosinfo" ,libosinfo)
        ("libcue" ,libcue)
        ("libseccomp" ,libseccomp)
+       ("libsoup" ,libsoup)
        ("libuuid" ,util-linux)))
     (arguments `(#:tests? #f))  ; XXX FIXME enable tests (some fail)
     (synopsis "Metadata database, indexer and search tool")
@@ -5812,7 +5813,7 @@ GLib/GObject code.")
 (define-public libgnomekbd
   (package
     (name "libgnomekbd")
-    (version "3.22.0")
+    (version "3.22.0.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -5820,7 +5821,7 @@ GLib/GObject code.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1pvpbljvxc0riamraiflnm05dpb6i4vlmqqgdh74xggbpzd302rl"))))
+                "1plkkack6s8b21gcmmly0lapgcjz53dmw2vixnn4rw4jxjwbdzaf"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
diff --git a/gnu/packages/logging.scm b/gnu/packages/logging.scm
index 7501f1e5db..b2b0582aee 100644
--- a/gnu/packages/logging.scm
+++ b/gnu/packages/logging.scm
@@ -55,17 +55,15 @@ staying as close to their API as is reasonable.")
 (define-public glog
   (package
     (name "glog")
-    (version "0.3.4")
+    (version "0.3.5")
     (home-page "https://github.com/google/glog")
     (source (origin
-              (method git-fetch)
-              (uri (git-reference
-                    (url home-page)
-                    (commit (string-append "v" version))))
+              (method url-fetch)
+              (uri (string-append home-page "/archive/v" version ".tar.gz"))
               (sha256
                (base32
-                "0ym5g15m7c8kjfr2c3zq6bz08ghin2d1r1nb6v2vnkfh1vn945x1"))
-              (file-name (string-append name "-" version "-checkout"))
+                "1q6ihk2asbx95a56kmyqwysq1x3grrw9jwqllafaidf0l84f903m"))
+              (file-name (string-append name "-" version ".tar.gz"))
               (patches (search-patches "glog-gcc-5-demangling.patch"))))
     (build-system gnu-build-system)
     (native-inputs
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index 5c0be39c27..186dc276be 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -1883,18 +1883,19 @@ computer's keyboard.")
 (define-public qtractor
   (package
     (name "qtractor")
-    (version "0.8.1")
+    (version "0.8.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://downloads.sourceforge.net/qtractor/"
                                   "qtractor-" version ".tar.gz"))
               (sha256
                (base32
-                "1pvs9r5ykfaci900p0kz2xc5xsrswnwwbcl2chsvd98f1ns4vwds"))))
+                "0sp7r9n926ggdn285l4xzvw558jz1440n7kn2f1qs6w6h6l0f1q3"))))
     (build-system gnu-build-system)
     (arguments `(#:tests? #f)) ; no "check" target
     (inputs
-     `(("qt" ,qt)
+     `(("qt" ,qtbase)
+       ("qtx11extras" ,qtx11extras)
        ("alsa-lib" ,alsa-lib)
        ("jack" ,jack-1)
        ("libsndfile" ,libsndfile)
@@ -1909,7 +1910,8 @@ computer's keyboard.")
        ("liblo" ,liblo)
        ("zlib" ,zlib)))
     (native-inputs
-     `(("pkg-config" ,pkg-config)))
+     `(("pkg-config" ,pkg-config)
+       ("qttools" ,qttools)))
     (home-page "http://qtractor.org/")
     (synopsis "Audio/MIDI multi-track sequencer")
     (description
diff --git a/gnu/packages/patches/libtasn1-CVE-2017-6891.patch b/gnu/packages/patches/libtasn1-CVE-2017-6891.patch
new file mode 100644
index 0000000000..1f847ed025
--- /dev/null
+++ b/gnu/packages/patches/libtasn1-CVE-2017-6891.patch
@@ -0,0 +1,51 @@
+Fix CVE-2017-6891:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891
+
+Patch copied from upstream source repository:
+
+https://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=5520704d075802df25ce4ffccc010ba1641bd484
+
+From 5520704d075802df25ce4ffccc010ba1641bd484 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Thu, 18 May 2017 18:03:34 +0200
+Subject: [PATCH] asn1_find_node: added safety check on asn1_find_node()
+
+This prevents a stack overflow in asn1_find_node() which
+is triggered by too long variable names in the definitions
+files. That means that applications have to deliberately
+pass a too long 'name' constant to asn1_write_value()
+and friends.  Reported by Jakub Jirasek.
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/parser_aux.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/lib/parser_aux.c b/lib/parser_aux.c
+index b4a7370..976ab38 100644
+--- a/lib/parser_aux.c
++++ b/lib/parser_aux.c
+@@ -120,6 +120,9 @@ asn1_find_node (asn1_node pointer, const char *name)
+       if (n_end)
+ 	{
+ 	  nsize = n_end - n_start;
++	  if (nsize >= sizeof(n))
++		return NULL;
++
+ 	  memcpy (n, n_start, nsize);
+ 	  n[nsize] = 0;
+ 	  n_start = n_end;
+@@ -158,6 +161,9 @@ asn1_find_node (asn1_node pointer, const char *name)
+       if (n_end)
+ 	{
+ 	  nsize = n_end - n_start;
++	  if (nsize >= sizeof(n))
++		return NULL;
++
+ 	  memcpy (n, n_start, nsize);
+ 	  n[nsize] = 0;
+ 	  n_start = n_end;
+-- 
+2.13.0
+
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 54dc493904..dc1efd62a4 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -39,6 +39,7 @@
 ;;; Copyright © 2017 Adriano Peluso <catonano@gmail.com>
 ;;; Copyright © 2017 Ben Sturmfels <ben@sturm.com.au>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2017 José Miguel Sánchez García <jmi2k@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -4767,17 +4768,17 @@ support for Python 3 and PyPy.  It is based on cffi.")
 (define-public python-cairocffi
   (package
     (name "python-cairocffi")
-    (version "0.6")
+    (version "0.8.0")
     (source
      (origin
       (method url-fetch)
       ;; The archive on pypi is missing the 'utils' directory!
-      (uri (string-append "https://github.com/SimonSapin/cairocffi/archive/v"
+      (uri (string-append "https://github.com/Kozea/cairocffi/archive/v"
                           version ".tar.gz"))
       (file-name (string-append name "-" version ".tar.gz"))
       (sha256
        (base32
-        "03w5p62sp3nqiccx864sbq0jvh7946277jqx3rcc3dch5xwfvv51"))))
+        "1rk2dvy3fxrga6bvvxc2fi5lbaynm5h4a0w0aaxyn3bc77rszjg9"))))
     (build-system python-build-system)
     (outputs '("out" "doc"))
     (inputs
@@ -4811,7 +4812,7 @@ support for Python 3 and PyPy.  It is based on cffi.")
                (system* "python" "setup.py" "build_sphinx")
                (copy-recursively "docs/_build/html" html)
                #t))))))
-    (home-page "https://github.com/SimonSapin/cairocffi")
+    (home-page "https://github.com/Kozea/cairocffi")
     (synopsis "Python bindings and object-oriented API for Cairo")
     (description
      "Cairocffi is a CFFI-based drop-in replacement for Pycairo, a set of
@@ -7154,14 +7155,14 @@ designed to efficiently cope with extremely large amounts of data.")
 (define-public python-pyasn1
   (package
     (name "python-pyasn1")
-    (version "0.1.9")
+    (version "0.2.3")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "pyasn1" version))
        (sha256
         (base32
-         "0zraxni14bqi20kr4bi6nwsh32aibz0fq0xaczfisw0zdpcsqg45"))))
+         "1b86yx23c1x74clai05a5ma8c8nfmhlx3j1mxq0ff657i2ylx33k"))))
     (build-system python-build-system)
     (home-page "http://pyasn1.sourceforge.net/")
     (synopsis "ASN.1 types and codecs")
@@ -7252,15 +7253,14 @@ versions of Python.")
 (define-public python-idna
   (package
     (name "python-idna")
-    (version "2.0")
+    (version "2.5")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "https://pypi.python.org/packages/source/i/"
-                           "idna/idna-" version ".tar.gz"))
+       (uri (pypi-uri "idna" version))
        (sha256
         (base32
-         "0frxgmgi234lr9hylg62j69j4ik5zhg0wz05w5dhyacbjfnrl68n"))))
+         "1ara12a7k2zc69msa0arrvw00gn61a6i6by01xb3lkkc0h4cxd9w"))))
     (build-system python-build-system)
     (home-page "https://github.com/kjd/idna")
     (synopsis "Internationalized domain names in applications")
diff --git a/gnu/packages/samba.scm b/gnu/packages/samba.scm
index 623ef93a4e..b7f298d2be 100644
--- a/gnu/packages/samba.scm
+++ b/gnu/packages/samba.scm
@@ -147,14 +147,14 @@ anywhere.")
 (define-public samba
   (package
     (name "samba")
-    (version "4.5.8")
+    (version "4.6.4")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.samba.org/pub/samba/stable/"
                                  "samba-" version ".tar.gz"))
              (sha256
               (base32
-               "1w41pxszv5z6gjclg6zymn47mk8n51lnpgcx1k2q18i3i1nnafzn"))))
+               "0qcsinhcq3frlqp7bfav5mdc9xn1h4xy4l6vfpf8cmcfs4lp7ija"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
diff --git a/gnu/packages/scanner.scm b/gnu/packages/scanner.scm
index 7bdbf35f05..f44f037efb 100644
--- a/gnu/packages/scanner.scm
+++ b/gnu/packages/scanner.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2014 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com>
 ;;; Copyright © 2016 Andy Patterson <ajpatter@uwaterloo.ca>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -31,15 +32,15 @@
 (define-public sane-backends-minimal
   (package
     (name "sane-backends-minimal")
-    (version "1.0.25")
+    (version "1.0.27")
     (source (origin
              (method url-fetch)
              (uri (string-append
-                   "https://alioth.debian.org/frs/download.php/file/4146/"
+                   "https://alioth.debian.org/frs/download.php/latestfile/176/"
                    "sane-backends-" version ".tar.gz"))
              (sha256
               (base32
-               "0b3fvhrxl4l82bf3v0j47ypjv6a0k5lqbgknrq1agpmjca6vmmx4"))
+               "1j9nbqspaj0rlgalafb5z6r606k0i22kz0rcpd744p176yzlfdr9"))
              (modules '((guix build utils)))
              (snippet
               ;; Generated HTML files and udev rules normally embed a
@@ -53,32 +54,34 @@
     (inputs
      `(("libusb-compat" ,libusb-compat)))
     (arguments
-     `(#:tests? #f
-       #:phases
+     `(#:phases
        (modify-phases %standard-phases
          (add-before 'configure 'disable-backends
            (lambda _
              (setenv "BACKENDS" " ")
              #t))
-         (add-after
-          'install 'install-udev-rules
-          (lambda* (#:key outputs #:allow-other-keys)
-            (let ((out (assoc-ref outputs "out")))
-              (mkdir-p (string-append out "/lib/udev/rules.d"))
-              (copy-file "tools/udev/libsane.rules"
-                         (string-append out
-                                        "/lib/udev/rules.d/"
-                                        "60-libsane.rules"))))))))
-    ;; It would seem that tests are not maintained - fails with
-    ;; the following:
-    ;;
-    ;; < This page was last updated on Wed Jul 31 07:52:48 2013
-    ;; <  by sane-desc 3.5 from sane-backends 1.0.24git
-    ;; ---
-    ;; > This page was last updated on Sun Oct 19 15:41:39 2014
-    ;; >  by sane-desc 3.5 from sane-backends 1.0.24
-    ;; **** File generated for html-backends-split mode is different from reference
-    ;; Makefile:501: recipe for target 'check.local' failed
+         ;; Disable unmaintained tests that that fail with errors resembling:
+         ;;
+         ;; < # by sane-desc 3.5 from sane-backends 1.0.24git on Jul 31 2013
+         ;; ---
+         ;; > # by sane-desc 3.5 from sane-backends 1.0.27 on 1970-01-01#
+         ;; FAIL: sane-desc -m usermap -s ./data
+         (add-before 'configure 'disable-failing-tests
+           (lambda _
+             (for-each
+              (lambda (pattern)
+                (substitute* "testsuite/tools/Makefile.in"
+                  (((string-append " " pattern " ")) " ")))
+              (list "usermap" "db" "udev" "udev\\+acl" "udev\\+hwdb" "hwdb"))
+             #t))
+         (add-after 'install 'install-udev-rules
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (mkdir-p (string-append out "/lib/udev/rules.d"))
+               (copy-file "tools/udev/libsane.rules"
+                          (string-append out
+                                         "/lib/udev/rules.d/"
+                                         "60-libsane.rules"))))))))
     (home-page "http://www.sane-project.org")
     (synopsis
      "Raster image scanner library and drivers, without scanner support")
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 144d8962f2..2cbb5c0183 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -52,6 +52,7 @@
 (define-public libtasn1
   (package
     (name "libtasn1")
+    (replacement libtasn1/fixed)
     (version "4.10")
     (source
      (origin
@@ -72,17 +73,26 @@ networking, allowing for formal validation of data according to some
 specifications.")
     (license license:lgpl2.0+)))
 
+(define libtasn1/fixed
+  (package
+    (inherit libtasn1)
+    (source
+      (origin
+        (inherit (package-source libtasn1))
+        (patches
+          (search-patches "libtasn1-CVE-2017-6891.patch"))))))
+
 (define-public asn1c
   (package
     (name "asn1c")
-    (version "0.9.27")
+    (version "0.9.28")
     (source (origin
       (method url-fetch)
       (uri (string-append "https://lionet.info/soft/asn1c-"
                           version ".tar.gz"))
       (sha256
        (base32
-        "17nvn2kzvlryasr9dzqg6gs27b9lvqpval0k31pb64bjqbhn8pq2"))))
+        "1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("perl" ,perl)))
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 8d7f2195c2..980b6e8022 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -441,7 +441,7 @@ of the screen selected by mouse.")
 (define-public slop
   (package
     (name "slop")
-    (version "5.3.37")
+    (version "5.3.38")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -450,7 +450,7 @@ of the screen selected by mouse.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1p2ih123zkj8rxz8acsxpaim1kq57f4rbq7zqsibafn5rkw5c5is"))))
+                "1gvsxzl4y4l7d5gvx24i0yxk3jxc1gnb48bjwvqmrh34gx974wn7"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f)) ; no "check" target
@@ -472,7 +472,7 @@ selection's dimensions to stdout.")
 (define-public maim
   (package
     (name "maim")
-    (version "4.4.62")
+    (version "5.4.62")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -481,7 +481,7 @@ selection's dimensions to stdout.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "08lnbsl9ialqik1ris6piz1g0fgq4r3767ycr4nziphw3kz89vr1"))))
+                "084czvwcicl8apjlv729inxx8rpycra76ignfjmcbaq0hhn6ip6w"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f))            ; no "check" target
diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm
index db7f6a957e..c306b809a7 100644
--- a/guix/scripts/publish.scm
+++ b/guix/scripts/publish.scm
@@ -425,11 +425,13 @@ requested using POOL."
            ;; return 404.
            (eventually pool
              (single-baker item
-               ;; (format #t "baking ~s~%" item)
-               (bake-narinfo+nar cache item
-                                 #:ttl ttl
-                                 #:compression compression
-                                 #:nar-path nar-path))
+               ;; Check whether CACHED has been produced in the meantime.
+               (unless (file-exists? cached)
+                 ;; (format #t "baking ~s~%" item)
+                 (bake-narinfo+nar cache item
+                                   #:ttl ttl
+                                   #:compression compression
+                                   #:nar-path nar-path)))
 
              (when ttl
                (single-baker 'cache-cleanup