summary refs log tree commit diff
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2016-12-04 17:41:36 +0100
committerMarius Bakke <mbakke@fastmail.com>2016-12-04 17:41:36 +0100
commita351fc83694f436c3bff7cbdef09bd3cc91c74fc (patch)
tree646145378742a6943d7c4dda995fc0fb67f9db32
parent80b63e670ef4fe1fd40a903bcd4ee47a11415bd9 (diff)
parentd1a5b20081c30da7503201df260cf20b8d0ba633 (diff)
downloadguix-a351fc83694f436c3bff7cbdef09bd3cc91c74fc.tar.gz
Merge branch 'master' into staging
-rw-r--r--doc/guix.texi100
-rw-r--r--gnu/local.mk18
-rw-r--r--gnu/packages/assembly.scm23
-rw-r--r--gnu/packages/audio.scm36
-rw-r--r--gnu/packages/bioinformatics.scm4
-rw-r--r--gnu/packages/bittorrent.scm41
-rw-r--r--gnu/packages/connman.scm36
-rw-r--r--gnu/packages/databases.scm20
-rw-r--r--gnu/packages/dns.scm94
-rw-r--r--gnu/packages/docbook.scm13
-rw-r--r--gnu/packages/ebook.scm3
-rw-r--r--gnu/packages/emacs.scm25
-rw-r--r--gnu/packages/enlightenment.scm31
-rw-r--r--gnu/packages/feh.scm67
-rw-r--r--gnu/packages/flashing-tools.scm36
-rw-r--r--gnu/packages/geeqie.scm108
-rw-r--r--gnu/packages/glib.scm4
-rw-r--r--gnu/packages/gnome.scm1
-rw-r--r--gnu/packages/gnunet.scm1
-rw-r--r--gnu/packages/gnuzilla.scm95
-rw-r--r--gnu/packages/golang.scm6
-rw-r--r--gnu/packages/gps.scm2
-rw-r--r--gnu/packages/gstreamer.scm32
-rw-r--r--gnu/packages/gtk.scm19
-rw-r--r--gnu/packages/image-viewers.scm132
-rw-r--r--gnu/packages/image.scm35
-rw-r--r--gnu/packages/kde.scm56
-rw-r--r--gnu/packages/linux.scm20
-rw-r--r--gnu/packages/mail.scm28
-rw-r--r--gnu/packages/maths.scm7
-rw-r--r--gnu/packages/monitoring.scm122
-rw-r--r--gnu/packages/mp3.scm4
-rw-r--r--gnu/packages/music.scm117
-rw-r--r--gnu/packages/package-management.scm6
-rw-r--r--gnu/packages/patches/fcgi-2.4.0-gcc44-fixes.patch14
-rw-r--r--gnu/packages/patches/fcgi-2.4.0-poll.patch89
-rw-r--r--gnu/packages/patches/gst-plugins-good-fix-crashes.patch1047
-rw-r--r--gnu/packages/patches/gst-plugins-good-fix-invalid-read.patch37
-rw-r--r--gnu/packages/patches/gst-plugins-good-fix-signedness.patch58
-rw-r--r--gnu/packages/patches/gst-plugins-good-flic-bounds-check.patch319
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-9064.patch996
-rw-r--r--gnu/packages/patches/nasm-no-ps-pdf.patch20
-rw-r--r--gnu/packages/patches/netcdf-config-date.patch47
-rw-r--r--gnu/packages/patches/netcdf-date-time.patch11
-rw-r--r--gnu/packages/patches/netcdf-tst_h_par.patch21
-rw-r--r--gnu/packages/patches/vtk-mesa-10.patch36
-rw-r--r--gnu/packages/perl.scm8
-rw-r--r--gnu/packages/pretty-print.scm46
-rw-r--r--gnu/packages/python.scm17
-rw-r--r--gnu/packages/qemu.scm1
-rw-r--r--gnu/packages/qt.scm33
-rw-r--r--gnu/packages/serialization.scm2
-rw-r--r--gnu/packages/sxiv.scm62
-rw-r--r--gnu/packages/sync.scm (renamed from gnu/packages/owncloud.scm)57
-rw-r--r--gnu/packages/tls.scm6
-rw-r--r--gnu/packages/tor.scm4
-rw-r--r--gnu/packages/version-control.scm14
-rw-r--r--gnu/packages/vtk.scm50
-rw-r--r--gnu/packages/web.scm155
-rw-r--r--gnu/packages/xml.scm33
-rw-r--r--gnu/services/base.scm38
-rw-r--r--gnu/services/configuration.scm2
-rw-r--r--gnu/services/cups.scm2
-rw-r--r--gnu/services/kerberos.scm378
-rw-r--r--guix/scripts/offload.scm107
-rw-r--r--guix/store.scm3
-rw-r--r--nix/nix-daemon/nix-daemon.cc7
67 files changed, 1914 insertions, 3148 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 3b4ba487ad..47d0d7169a 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -7142,7 +7142,7 @@ entry (@pxref{Invoking guix system}).
 
 The normal way to change the system configuration is by updating this
 file and re-running @command{guix system reconfigure}.  One should never
-have to touch files in @command{/etc} or to run commands that modify the
+have to touch files in @file{/etc} or to run commands that modify the
 system state such as @command{useradd} or @command{grub-install}.  In
 fact, you must avoid that since that would not only void your warranty
 but also prevent you from rolling back to previous versions of your
@@ -10654,7 +10654,7 @@ Defaults to @samp{""}.
 
 @deftypevr {@code{dovecot-configuration} parameter} string auth-krb5-keytab
 Kerberos keytab to use for the GSSAPI mechanism.  Will use the
-system default (usually /etc/krb5.keytab) if not specified.  You may
+system default (usually @file{/etc/krb5.keytab}) if not specified.  You may
 need to change the auth service to run as root to be able to read this
 file.
 Defaults to @samp{""}.
@@ -11542,6 +11542,99 @@ remote servers.  Run @command{man smtpd.conf} for more information.
 The @code{(gnu services kerberos)} module provides services relating to
 the authentication protocol @dfn{Kerberos}.
 
+@subsubheading Krb5 Service
+
+Programs using a Kerberos client library normally
+expect a configuration file in @file{/etc/krb5.conf}.
+This service generates such a file from a definition provided in the
+operating system declaration.
+It does not cause any daemon to be started.
+
+No ``keytab'' files are provided by this service---you must explicitly create them.
+This service is known to work with the MIT client library, @code{mit-krb5}.
+Other implementations have not been tested.
+
+@defvr {Scheme Variable} krb5-service-type
+A service type for Kerberos 5 clients.
+@end defvr
+
+@noindent
+Here is an example of its use:
+@lisp
+(service krb5-service-type
+         (krb5-configuration
+          (default-realm "EXAMPLE.COM")
+          (allow-weak-crypto? #t)
+          (realms (list
+                   (krb5-realm
+                    (name "EXAMPLE.COM")
+                    (admin-server "groucho.example.com")
+                    (kdc "karl.example.com"))
+                   (krb5-realm
+                    (name "ARGRX.EDU")
+                    (admin-server "kerb-admin.argrx.edu")
+                    (kdc "keys.argrx.edu"))))))
+@end lisp
+
+@noindent
+This example provides a Kerberos@tie{}5 client configuration which:
+@itemize
+@item Recognizes two realms, @i{viz:} ``EXAMPLE.COM'' and ``ARGRX.EDU'', both
+of which have distinct administration servers and key distribution centers;
+@item Will default to the realm ``EXAMPLE.COM'' if the realm is not explicitly
+specified by clients;
+@item Accepts services which only support encryption types known to be weak.
+@end itemize
+
+The @code{krb5-realm} and @code{krb5-configuration} types have many fields.
+Only the most commonly used ones are described here.
+For a full list, and more detailed explanation of each, see the MIT
+@uref{http://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html,,krb5.conf}
+documentation.
+
+
+@deftp {Data Type} krb5-realm
+@cindex realm, kerberos
+@table @asis
+@item @code{name}
+This field is a string identifying the name of the realm.
+A common convention is to use the fully qualified DNS name of your organization,
+converted to upper case.
+
+@item @code{admin-server}
+This field is a string identifying the host where the administration server is
+running.
+
+@item @code{kdc}
+This field is a string identifying the key distribution center
+for the realm.
+@end table
+@end deftp
+
+@deftp {Data Type} krb5-configuration
+
+@table @asis
+@item @code{allow-weak-crypto?} (default: @code{#f})
+If this flag is @code{#t} then services which only offer encryption algorithms
+known to be weak will be accepted.
+
+@item @code{default-realm} (default: @code{#f})
+This field should be a string identifying the default Kerberos
+realm for the client.
+You should set this field to the name of your Kerberos realm.
+If this value is @code{#f}
+then a realm must be specified with every Kerberos principal when invoking programs
+such as @command{kinit}.
+
+@item @code{realms}
+This should be a non-empty list of @code{krb5-realm} objects, which clients may
+access.
+Normally, one of them will have a @code{name} field matching the @code{default-realm}
+field.
+@end table
+@end deftp
+
+
 @subsubheading PAM krb5 Service
 @cindex pam-krb5
 
@@ -12787,8 +12880,7 @@ host.
 @item -net user
 Enable the unprivileged user-mode network stack.  The guest OS can
 access the host but not vice versa.  This is the simplest way to get the
-guest OS online.  If you do not choose a network stack, the boot will
-fail.
+guest OS online.
 
 @item -net nic,model=virtio
 You must create a network interface of a given model.  If you do not
diff --git a/gnu/local.mk b/gnu/local.mk
index 146cdc4490..c635a4792c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -123,7 +123,6 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/entr.scm				\
   %D%/packages/erlang.scm			\
   %D%/packages/fcitx.scm			\
-  %D%/packages/feh.scm                          \
   %D%/packages/figlet.scm			\
   %D%/packages/file.scm				\
   %D%/packages/finance.scm			\
@@ -147,7 +146,6 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/gd.scm				\
   %D%/packages/gdb.scm				\
   %D%/packages/geo.scm				\
-  %D%/packages/geeqie.scm			\
   %D%/packages/gettext.scm			\
   %D%/packages/gforth.scm			\
   %D%/packages/ghostscript.scm			\
@@ -254,6 +252,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/microcom.scm			\
   %D%/packages/mit-krb5.scm			\
   %D%/packages/moe.scm				\
+  %D%/packages/monitoring.scm			\
   %D%/packages/mono.scm				\
   %D%/packages/moreutils.scm			\
   %D%/packages/mpd.scm				\
@@ -285,7 +284,6 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/openstack.scm			\
   %D%/packages/orpheus.scm			\
   %D%/packages/ots.scm				\
-  %D%/packages/owncloud.scm			\
   %D%/packages/package-management.scm		\
   %D%/packages/parallel.scm			\
   %D%/packages/password-utils.scm		\
@@ -349,7 +347,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/statistics.scm			\
   %D%/packages/suckless.scm			\
   %D%/packages/swig.scm				\
-  %D%/packages/sxiv.scm				\
+  %D%/packages/sync.scm			\
   %D%/packages/synergy.scm			\
   %D%/packages/syndication.scm			\
   %D%/packages/task-management.scm		\
@@ -539,6 +537,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/fasthenry-spUtils.patch			\
   %D%/packages/patches/fasthenry-spSolve.patch			\
   %D%/packages/patches/fasthenry-spFactor.patch			\
+  %D%/packages/patches/fcgi-2.4.0-gcc44-fixes.patch		\
+  %D%/packages/patches/fcgi-2.4.0-poll.patch			\
   %D%/packages/patches/findutils-localstatedir.patch		\
   %D%/packages/patches/findutils-test-xargs.patch		\
   %D%/packages/patches/flex-CVE-2016-6354.patch			\
@@ -592,10 +592,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/grub-gets-undeclared.patch		\
   %D%/packages/patches/grub-freetype.patch			\
   %D%/packages/patches/gsl-test-i686.patch			\
-  %D%/packages/patches/gst-plugins-good-fix-crashes.patch	\
-  %D%/packages/patches/gst-plugins-good-fix-invalid-read.patch	\
-  %D%/packages/patches/gst-plugins-good-fix-signedness.patch	\
-  %D%/packages/patches/gst-plugins-good-flic-bounds-check.patch	\
   %D%/packages/patches/guile-1.8-cpp-4.5.patch			\
   %D%/packages/patches/guile-arm-fixes.patch			\
   %D%/packages/patches/guile-default-utf8.patch			\
@@ -629,7 +625,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/hypre-ldflags.patch			\
   %D%/packages/patches/icecat-avoid-bundled-libraries.patch	\
   %D%/packages/patches/icecat-binutils.patch			\
-  %D%/packages/patches/icecat-CVE-2016-9064.patch		\
   %D%/packages/patches/icu4c-CVE-2014-6585.patch		\
   %D%/packages/patches/icu4c-CVE-2015-1270.patch		\
   %D%/packages/patches/icu4c-CVE-2015-4760.patch		\
@@ -737,9 +732,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/mupen64plus-ui-console-notice.patch	\
   %D%/packages/patches/musl-CVE-2016-8859.patch			\
   %D%/packages/patches/mutt-store-references.patch		\
-  %D%/packages/patches/nasm-no-ps-pdf.patch			\
   %D%/packages/patches/net-tools-bitrot.patch			\
-  %D%/packages/patches/netcdf-config-date.patch			\
+  %D%/packages/patches/netcdf-date-time.patch			\
+  %D%/packages/patches/netcdf-tst_h_par.patch			\
   %D%/packages/patches/netsurf-about.patch			\
   %D%/packages/patches/ngircd-handle-zombies.patch		\
   %D%/packages/patches/ngircd-no-dns-in-tests.patch		\
@@ -904,7 +899,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/vpnc-script.patch			\
   %D%/packages/patches/vte-CVE-2012-2738-pt1.patch			\
   %D%/packages/patches/vte-CVE-2012-2738-pt2.patch			\
-  %D%/packages/patches/vtk-mesa-10.patch			\
   %D%/packages/patches/weechat-python.patch			\
   %D%/packages/patches/wicd-bitrate-none-fix.patch		\
   %D%/packages/patches/wicd-get-selected-profile-fix.patch	\
diff --git a/gnu/packages/assembly.scm b/gnu/packages/assembly.scm
index 29ccf1f08a..fbc5cdd16f 100644
--- a/gnu/packages/assembly.scm
+++ b/gnu/packages/assembly.scm
@@ -34,24 +34,32 @@
 (define-public nasm
   (package
     (name "nasm")
-    (version "2.12.01")
+    (version "2.12.02")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://www.nasm.us/pub/nasm/releasebuilds/"
                                   version "/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "12bl6vc5sjp9nnhf0iwy6l27vq783y0rxrjpp8sy84h5cb7a3fwx"))
-              (patches (search-patches "nasm-no-ps-pdf.patch"))))
+                "08a3ah791cl7xdyrlz33mwv4xzs08rxh0p902p3ypi5iq1h6p1jc"))))
     (build-system gnu-build-system)
     (native-inputs `(("perl" ,perl)  ;for doc and test target
                      ("texinfo" ,texinfo)))
     (arguments
      `(#:test-target "test"
-       #:phases (modify-phases %standard-phases
-                  (add-after 'install 'install-info
-                    (lambda _
-                      (zero? (system* "make" "install_doc")))))))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'dont-build-ps-pdf-outputs
+           (lambda _
+             (substitute* "doc/Makefile.in"
+               (("info html nasmdoc.txt nasmdoc.ps nasmdoc.pdf")
+                "info html nasmdoc.txt")
+               (("nasmdoc.ps nasmdoc.pdf nasmdoc.txt \\$\\(INSTALLROOT\\)\\$\\(docdir\\)")
+                "nasmdoc.txt $(INSTALLROOT)$(docdir)"))
+             #t))
+         (add-after 'install 'install-info
+           (lambda _
+             (zero? (system* "make" "install_doc")))))))
     (home-page "http://www.nasm.us/")
     (synopsis "80x86 and x86-64 assembler")
     (description
@@ -62,7 +70,6 @@ Windows32 and Windows64.  It will also output plain binary files.  Its syntax
 is designed to be simple and easy to understand, similar to Intel's but less
 complex.  It supports all currently known x86 architectural extensions, and
 has strong support for macros.")
-    (supported-systems '("x86_64-linux" "i686-linux"))
     (license license:bsd-3)))
 
 (define-public yasm
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index 2012053141..641d44cea7 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -186,7 +186,7 @@ streams from live audio.")
 (define-public ardour
   (package
     (name "ardour")
-    (version "5.4")
+    (version "5.5")
     (source (origin
               (method git-fetch)
               (uri (git-reference
@@ -196,14 +196,14 @@ streams from live audio.")
                ;; Ardour expects this file to exist at build time.  The revision
                ;; is the output of
                ;;    git describe HEAD | sed 's/^[A-Za-z]*+//'
-               '(call-with-output-file
+               `(call-with-output-file
                     "libs/ardour/revision.cc"
                   (lambda (port)
-                    (format port "#include \"ardour/revision.h\"
-namespace ARDOUR { const char* revision = \"5.4\" ; }"))))
+                    (format port ,(string-append "#include \"ardour/revision.h\"
+namespace ARDOUR { const char* revision = \"" version "\" ; }")))))
               (sha256
                (base32
-                "1yrg0d86k9fqw7lmzjglilbadb4cjqxqkf6ii4bjs6rihj6b0qrf"))
+                "1a3whv2dhl073pkd803hcp53rdmm31adjwn40qi06lkjb7rgwrlh"))
               (file-name (string-append name "-" version))))
     (build-system waf-build-system)
     (arguments
@@ -1653,9 +1653,16 @@ software.")
                      (setenv "LDFLAGS"
                              (string-append
                               "-L" (assoc-ref inputs "boost") "/lib "
-                              "-lboost_system")))))))
+                              "-lboost_system"))
+                     ;; Needed for gtkmm
+                     (substitute* '("src/wscript_build"
+                                    "examples/wscript_build")
+                       (("cxxflags.*= \\[" line)
+                        (string-append line "\"-std=c++11\", ")))
+                     #t)))))
     (inputs
      `(("boost" ,boost)
+       ("gtkmm" ,gtkmm-2)
        ("lv2" ,lv2)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -1798,6 +1805,23 @@ and ALSA.")
 aimed at audio/musical applications.")
     (license license:gpl2+)))
 
+(define-public raul-devel
+  (let ((commit "f8bf77d3c3b77830aedafb9ebb5cdadfea7ed07a")
+        (revision "1"))
+    (package (inherit raul)
+      (name "raul")
+      (version (string-append "0.8.4-" revision "."
+                              (string-take commit 9)))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "http://git.drobilla.net/raul.git")
+                      (commit commit)))
+                (file-name (string-append name "-" version "-checkout"))
+                (sha256
+                 (base32
+                  "1lby508fb0n8ks6iz959sh18fc37br39d6pbapwvbcw5nckdrxwj")))))))
+
 (define-public rubberband
   (package
     (name "rubberband")
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 415024fadc..4fac8e16c0 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -97,7 +97,7 @@
 (define-public aragorn
   (package
     (name "aragorn")
-    (version "1.2.37")
+    (version "1.2.38")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -105,7 +105,7 @@
                     version ".tgz"))
               (sha256
                (base32
-                "1c7zxk0h8wsjbix82fmmfyywcq6zn3q9h5y67kcl5y3qal2bv2xr"))))
+                "09i1rg716smlbnixfm7q1ml2mfpaa2fpn3hwjg625ysmfwwy712b"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; there are no tests
diff --git a/gnu/packages/bittorrent.scm b/gnu/packages/bittorrent.scm
index eff1b5a1c4..4d2fd99744 100644
--- a/gnu/packages/bittorrent.scm
+++ b/gnu/packages/bittorrent.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016 Tomáš Čech <sleep_walker@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -29,11 +30,15 @@
   #:use-module (gnu packages adns)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages crypto)
   #:use-module (gnu packages curl)
   #:use-module (gnu packages cyrus-sasl)
   #:use-module (gnu packages databases)
   #:use-module (gnu packages file)
   #:use-module (gnu packages glib)
+  #:use-module (gnu packages gnome)
+  #:use-module (gnu packages gnupg)
+  #:use-module (gnu packages gstreamer)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages libevent)
   #:use-module (gnu packages linux)
@@ -251,3 +256,39 @@ interface, for the Transmission BitTorrent daemon.")
 download utility.  It supports HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink.
 Aria2 can be manipulated via built-in JSON-RPC and XML-RPC interfaces.")
     (license l:gpl2+)))
+
+
+(define-public uget
+  (package
+    (name "uget")
+    (version "2.0.8")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://sourceforge/urlget/"
+                                  "uget%20%28stable%29/" version "/uget-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "0919cf7lfk1djdl003cahqjvafdliv7v2l8r5wg95n4isqggdk75"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("intltool" ,intltool)))
+    (inputs
+     `(("curl" ,curl)
+       ("gtk+" ,gtk+)
+       ("glib" ,glib)
+       ("gnutls" ,gnutls)
+       ("gstreamer" ,gstreamer)
+       ("libgcrypt" ,libgcrypt)
+       ("libnotify" ,libnotify)
+       ("openssl" ,openssl)))
+    (native-inputs
+     `(("intltool" ,intltool)
+       ("pkg-config" ,pkg-config)))
+    (home-page "http://ugetdm.com/")
+    (synopsis "Universal download manager with GTK+ interface")
+    (description
+     "uGet is portable download manager with GTK+ interface supporting
+HTTP, HTTPS, BitTorrent and Metalink, supporting multi-connection
+downloads, download scheduling, download rate limiting.")
+    (license l:lgpl2.1+)))
diff --git a/gnu/packages/connman.scm b/gnu/packages/connman.scm
index 65214271b5..6b061db58a 100644
--- a/gnu/packages/connman.scm
+++ b/gnu/packages/connman.scm
@@ -24,6 +24,7 @@
   #:use-module (guix utils)
   #:use-module (gnu packages)
   #:use-module (gnu packages admin)
+  #:use-module (gnu packages enlightenment)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages pkg-config)
@@ -90,3 +91,38 @@ cases.  Connman implements DNS resolving and caching, DHCP clients for both
 IPv4 and IPv6, link-local IPv4 address handling and tethering (IP connection
 sharing) to clients via USB, ethernet, WiFi, cellular and Bluetooth.")
     (license gpl2)))
+
+(define-public econnman
+  (package
+    (name "econnman")
+    (version "1.1")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://download.enlightenment.org/rel/apps/"
+                            "econnman/econnman-" version ".tar.gz"))
+        (sha256
+         (base32
+          "057pwwavlvrrq26bncqnfrf449zzaim0zq717xv86av4n940gwv0"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags '("--localstatedir=/var")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'wrap-binary
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin/econnman-bin")))
+               (wrap-program bin
+                 `("PYTHONPATH" ":" prefix (,(getenv "PYTHONPATH"))))
+               #t))))))
+    (native-inputs `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("efl" ,efl)
+       ("python-2" ,python-2)
+       ("python2-efl" ,python2-efl)))
+    (home-page "https://www.enlightenment.org")
+    (synopsis "Connman User Interface written using the EFL")
+    (description
+     "An EFL user interface for the @code{connman} connection manager.")
+    (license lgpl3)))
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index bd60e4cc66..7ae1f6b390 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -636,7 +636,7 @@ extremely small.")
 (define-public perl-dbix-class
   (package
     (name "perl-dbix-class")
-    (version "0.082810")
+    (version "0.082840")
     (source
      (origin
        (method url-fetch)
@@ -644,7 +644,7 @@ extremely small.")
                            "DBIx-Class-" version ".tar.gz"))
        (sha256
         (base32
-         "1zlsswk8j2k024gwhdhia8ksrmb8065n98dahkk8c0r69wv85n04"))))
+         "1vw1f756g8m5hq11nqf5dk2cw2y4mqq91ca5p75fn5g3fp8syja0"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-dbd-sqlite" ,perl-dbd-sqlite)
@@ -690,7 +690,7 @@ single query, \"JOIN\", \"LEFT JOIN\", \"COUNT\", \"DISTINCT\", \"GROUP BY\",
 (define-public perl-dbix-class-cursor-cached
   (package
     (name "perl-dbix-class-cursor-cached")
-    (version "1.001002")
+    (version "1.001004")
     (source
      (origin
        (method url-fetch)
@@ -698,7 +698,7 @@ single query, \"JOIN\", \"LEFT JOIN\", \"COUNT\", \"DISTINCT\", \"GROUP BY\",
                            "DBIx-Class-Cursor-Cached-" version ".tar.gz"))
        (sha256
         (base32
-         "19r7jr6pknxiirrybq0cd0lnr76xiw05arnfqgk9nrhp6c7vvil0"))))
+         "09b2jahn2x12qm4f7qm1jzsxbz7qn1czp6a3fnl5l2i3l4r5421p"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-cache-cache" ,perl-cache-cache)
@@ -715,7 +715,7 @@ built-in caching support.")
 (define-public perl-dbix-class-introspectablem2m
   (package
     (name "perl-dbix-class-introspectablem2m")
-    (version "0.001001")
+    (version "0.001002")
     (source
      (origin
        (method url-fetch)
@@ -723,7 +723,7 @@ built-in caching support.")
                            "DBIx-Class-IntrospectableM2M-" version ".tar.gz"))
        (sha256
         (base32
-         "0p9zx1yc1f6jg583l206wilsni2v8mlngc2vf2q8yn10pmy4y6wm"))))
+         "1w47rh2241iy5x3a9bqsyd5kdp9sk43dksr99frzv4qn4jsazfn6"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-dbix-class" ,perl-dbix-class)))
@@ -740,7 +740,7 @@ introspected and examined.")
 (define-public perl-dbix-class-schema-loader
   (package
     (name "perl-dbix-class-schema-loader")
-    (version "0.07042")
+    (version "0.07046")
     (source
      (origin
        (method url-fetch)
@@ -748,7 +748,7 @@ introspected and examined.")
                            "DBIx-Class-Schema-Loader-" version ".tar.gz"))
        (sha256
         (base32
-         "0sb48as7azmj6s4acxh98wcvcik7lxm7dcjz1c3wdrkrbmbbz0jf"))))
+         "08cgn0dx42y9xsxas9np7s55a7qmy4kf6sfmx0jmk4hryvbapml3"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-config-any" ,perl-config-any)
@@ -843,7 +843,7 @@ columns, primary keys, unique constraints and relationships.")
 (define-public perl-dbd-sqlite
   (package
     (name "perl-dbd-sqlite")
-    (version "1.42")
+    (version "1.52")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -851,7 +851,7 @@ columns, primary keys, unique constraints and relationships.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "14x9cjsc8dz8ad1nad0bqiq9cbk1rjfb8h5y0rpk3pdl38y6afxb"))))
+                "0kimb2qr1rh07yylbbfybwcizpmy61ck667amypn4clmkfg0knm6"))))
     (build-system perl-build-system)
     (inputs `(("sqlite" ,sqlite)))
     (propagated-inputs `(("perl-dbi" ,perl-dbi)))
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index b49a0b7392..16e2220c90 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,7 +27,9 @@
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages base)
   #:use-module (gnu packages databases)
+  #:use-module (gnu packages crypto)
   #:use-module (gnu packages groff)
+  #:use-module (gnu packages libevent)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
@@ -134,6 +137,97 @@ high-volume and high-reliability applications. The name BIND stands for
     (home-page "https://www.isc.org/downloads/bind")
     (license (list license:isc))))
 
+(define-public dnscrypt-proxy
+  (package
+    (name "dnscrypt-proxy")
+    (version "1.7.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://download.dnscrypt.org/dnscrypt-proxy/"
+                    "dnscrypt-proxy-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "1qw2nib0d5ia8581lbdnjxgn9c7pf2qw8vhpnnh1wjcjj3gpgbqx"))
+              (modules '((guix build utils)))
+              (snippet
+               ;; Delete bundled libltdl. XXX: This package also bundles
+               ;; a modified libevent that cannot currently be removed.
+               '(delete-file-recursively "libltdl"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'autoreconf
+           (lambda _
+             ;; Re-generate build files due to unbundling ltdl.
+             ;; TODO: Prevent generating new libltdl and building it.
+             ;; The system version is still favored and referenced.
+             (zero? (system* "autoreconf" "-vif")))))))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("automake" ,automake)
+       ("autoconf" ,autoconf)
+       ("libtool" ,libtool)))
+    (inputs
+     `(("libltdl" ,libltdl)
+       ("libsodium" ,libsodium)))
+    (home-page "https://www.dnscrypt.org/")
+    (synopsis "Securely send DNS requests to a remote server")
+    (description
+     "@command{dnscrypt-proxy} is a tool for securing communications
+between a client and a DNS resolver.  It verifies that responses you get
+from a DNS provider was actually sent by that provider, and haven't been
+tampered with.  For optimal performance it is recommended to use this as
+a forwarder for a caching DNS resolver such as @command{dnsmasq}, but it
+can also be used as a normal DNS \"server\".  A list of public dnscrypt
+servers is included, and an up-to-date version is available at
+@url{https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv}.")
+    (license (list license:isc
+                   ;; Libevent and src/ext/queue.h is 3-clause BSD.
+                   license:bsd-3))))
+
+(define-public dnscrypt-wrapper
+  (package
+    (name "dnscrypt-wrapper")
+    (version "0.2.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/cofyc/dnscrypt-wrapper/releases"
+                    "/download/v" version "/" name "-v" version ".tar.bz2"))
+              (sha256
+               (base32
+                "1vhg4g0r687f51wcdn7z9w1hxapazx6vyh5rsr8wa48sljzd583g"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags '("CC=gcc")
+       ;; TODO: Tests require ruby-cucumber and ruby-aruba.
+       #:tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'create-configure
+           (lambda _
+             (zero? (system* "make" "configure")))))))
+    (native-inputs
+     `(("autoconf" ,autoconf)))
+    (inputs
+     `(("libevent" ,libevent)
+       ("libsodium" ,libsodium)))
+    (home-page "https://github.com/Cofyc/dnscrypt-wrapper")
+    (synopsis "Server-side dnscrypt proxy")
+    (description
+     "@command{dnscrypt-wrapper} is a tool to expose a name server over
+the @code{dnscrypt} protocol.  It can be used as an endpoint for the
+@command{dnscrypt-proxy} client to securely tunnel DNS requests between
+the two.")
+    (license (list license:isc
+                   ;; Bundled argparse is MIT. TODO: package and unbundle.
+                   license:expat
+                   ;; dns-protocol.h and rfc1035.{c,h} is gpl2 or gpl3 (either).
+                   license:gpl2
+                   license:gpl3))))
+
 (define-public libasr
   (package
     (name "libasr")
diff --git a/gnu/packages/docbook.scm b/gnu/packages/docbook.scm
index 4ea586c80a..067ad1c3b0 100644
--- a/gnu/packages/docbook.scm
+++ b/gnu/packages/docbook.scm
@@ -173,7 +173,7 @@ by no means limited to these applications.)  This package provides XML DTDs.")
 (define-public dblatex
   (package
     (name "dblatex")
-    (version "0.3.5")
+    (version "0.3.9")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/dblatex/dblatex/"
@@ -181,7 +181,7 @@ by no means limited to these applications.)  This package provides XML DTDs.")
                                   version ".tar.bz2"))
               (sha256
                (base32
-                "0h3472n33pabrn8qwggsahkrjx8lybpwlc3zprby3w3w3x5i830f"))))
+                "0pdizc5rjywwzxa1qqhdmba5zr35pbmdwbysalsid7xw87w3kq06"))))
     (build-system python-build-system)
     ;; TODO: Add xfig/transfig for fig2dev utility
     (inputs
@@ -192,6 +192,15 @@ by no means limited to these applications.)  This package provides XML DTDs.")
        ("libxslt" ,libxslt)))           ;for xsltproc
     (arguments
      `(#:python ,python-2               ;'print' syntax
+       ;; Using setuptools causes an invalid "package_base" path in
+       ;; out/bin/.dblatex-real due to a missing leading '/'.  This is caused
+       ;; by dblatex's setup.py stripping the root path when creating the
+       ;; script.  (dblatex's setup.py still uses distutils and thus has to
+       ;; create the script by itself. The feature for creating scripts is one
+       ;; of setuptools' features.)
+       ;; See this thread for details:
+       ;; https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00030.html
+       #:use-setuptools? #f
        #:tests? #f                      ;no 'test' command
        #:phases
        (alist-cons-after
diff --git a/gnu/packages/ebook.scm b/gnu/packages/ebook.scm
index ad1871688e..3843fb2092 100644
--- a/gnu/packages/ebook.scm
+++ b/gnu/packages/ebook.scm
@@ -126,6 +126,9 @@
      `(#:python ,python-2
        #:test-target "check"
        #:tests? #f ; FIXME: enable once flake8 is packaged
+       ;; Calibre is using setuptools by itself, but the setup.py is not
+       ;; compatible with the shim wrapper (taken from pip) we are using.
+       #:use-setuptools? #f
        #:phases
        (modify-phases %standard-phases
          (add-before 'build 'configure
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index c1f12667a3..4afe67a7f5 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -426,7 +426,7 @@ configuration files, such as .gitattributes, .gitignore, and .git/config.")
 (define-public emacs-with-editor
   (package
     (name "emacs-with-editor")
-    (version "2.5.6")
+    (version "2.5.8")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -435,7 +435,7 @@ configuration files, such as .gitattributes, .gitignore, and .git/config.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "14vypqj3wqym5yd0nggfm1xdgq5hv1kwxkg6i8ymlpxcdfxj45w7"))))
+                "1dghd0m5zwayv553g4cr990s4ig5lyh0b52qfdv5rbqnndpj3cjn"))))
     (build-system emacs-build-system)
     (propagated-inputs
      `(("emacs-dash" ,emacs-dash)))
@@ -897,14 +897,14 @@ provides an optional IDE-like error list.")
 (define-public emms
   (package
     (name "emacs-emms")
-    (version "4.1")
+    (version "4.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/emms/emms-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0ay6631p3dr6xnhkm7skwn0gp317r1mxbip28m126w4zqf05cbh3"))
+                "1xa9y64g5z8gfnxk1c2rf3plfjhqn4r6j8dpiygnfs6w4giysn22"))
               (modules '((guix build utils)))
               (snippet
                '(substitute* "Makefile"
@@ -974,22 +974,19 @@ provides an optional IDE-like error list.")
                     (string-append "\"" mp3info "/bin/mp3info\"")))))))
          (add-before 'install 'pre-install
            (lambda* (#:key outputs #:allow-other-keys)
-             ;; The 'install' rule expects the target directory to exist.
+             ;; The 'install' rule expects the target directories to exist.
              (let* ((out  (assoc-ref outputs "out"))
+                    (bin  (string-append out "/bin"))
                     (man1 (string-append out "/share/man/man1")))
+               (mkdir-p bin)
                (mkdir-p man1)
                #t)))
          (add-after 'install 'post-install
            (lambda* (#:key outputs #:allow-other-keys)
-             (let* ((out    (assoc-ref outputs "out"))
-                    (target (string-append
-                             out "/bin/emms-print-metadata")))
+             (let ((out (assoc-ref outputs "out")))
                (symlink "emms-auto.el"
                         (string-append out "/share/emacs/site-lisp/"
-                                       "emms-autoloads.el"))
-               (mkdir-p (dirname target))
-               (copy-file "src/emms-print-metadata" target)
-               (chmod target #o555)))))
+                                       "emms-autoloads.el"))))))
        #:tests? #f))
     (native-inputs `(("emacs" ,emacs-minimal)    ;for (guix build emacs-utils)
                      ("texinfo" ,texinfo)))
@@ -2286,7 +2283,7 @@ well as completely new features.")
 (define-public emacs-hl-todo
   (package
     (name "emacs-hl-todo")
-    (version "1.7.1")
+    (version "1.7.4")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2295,7 +2292,7 @@ well as completely new features.")
               (file-name (string-append "hl-todo-" version ".el"))
               (sha256
                (base32
-                "0flhz9vy8w1vvwwji92pi5k4659hl368bakj2qf2zfd26z8x583h"))))
+                "016ivl4s0ysrm1xbfi86j5xcs759fcb0mkspxw81x8mpi3yb46ya"))))
     (build-system emacs-build-system)
     (home-page "https://github.com/tarsius/hl-todo")
     (synopsis "Emacs mode to highlight TODO and similar keywords")
diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm
index ae0f553a36..6f081cf19b 100644
--- a/gnu/packages/enlightenment.scm
+++ b/gnu/packages/enlightenment.scm
@@ -31,6 +31,7 @@
   #:use-module (gnu packages compression)
   #:use-module (gnu packages curl)
   #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages freedesktop)
   #:use-module (gnu packages fribidi)
   #:use-module (gnu packages game-development)
   #:use-module (gnu packages gettext)
@@ -298,3 +299,33 @@ that tries to lower the barrier to getting involved in Enlightenment development
 and in creating applications based on the Enlightenment Foundation Library suite.")
     (license (list license:public-domain ; data/extra/skeleton
                    license:gpl2))))      ; edi
+
+(define-public lekha
+  (package
+    (name "lekha")
+    (version "0.2.1")
+    (source (origin
+              (method url-fetch)
+              (uri (pypi-uri "Lekha" version))
+              (sha256
+               (base32
+                "0zr6i74ik58pbzrd7r9l7sawqbdv0r2c1a9927qkqzwga27x8j15"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:tests? #f ; no test target
+       #:python ,python-2
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'fix-data-location
+           (lambda _ (substitute* "setup.py"
+                       (("'/usr/")"'"))
+             #t)))))
+    (propagated-inputs
+     `(("python2-efl" ,python2-efl)
+       ("python2-pypdf2" ,python2-pypdf2)
+       ("python2-pyxdg" ,python2-pyxdg)))
+    (synopsis "Simple PDF viewer")
+    (description
+     "Simple PDF viewer based on the Enlightenment Foundation Libraries.")
+    (home-page "https://github.com/kaihu/lekha")
+    (license license:gpl3+)))
diff --git a/gnu/packages/feh.scm b/gnu/packages/feh.scm
deleted file mode 100644
index 6b998aa983..0000000000
--- a/gnu/packages/feh.scm
+++ /dev/null
@@ -1,67 +0,0 @@
-;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
-;;;
-;;; This file is part of GNU Guix.
-;;;
-;;; GNU Guix is free software; you can redistribute it and/or modify it
-;;; under the terms of the GNU General Public License as published by
-;;; the Free Software Foundation; either version 3 of the License, or (at
-;;; your option) any later version.
-;;;
-;;; GNU Guix is distributed in the hope that it will be useful, but
-;;; WITHOUT ANY WARRANTY; without even the implied warranty of
-;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-;;; GNU General Public License for more details.
-;;;
-;;; You should have received a copy of the GNU General Public License
-;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
-
-(define-module (gnu packages feh)
-  #:use-module (gnu packages)
-  #:use-module (gnu packages image)
-  #:use-module (gnu packages curl)
-  #:use-module (gnu packages xorg)
-  #:use-module (guix packages)
-  #:use-module (guix download)
-  #:use-module (guix build-system gnu)
-  #:use-module ((guix licenses) #:prefix license:))
-
-(define-public feh
-  (package
-    (name "feh")
-    (version "2.14.1")
-    (home-page "https://feh.finalrewind.org/")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append home-page
-                                  name "-" version ".tar.bz2"))
-              (sha256
-               (base32
-                "1hlzgr0masgbm1vdn085vz81s9kpnah8kjkb1w1xfsxr1b99x8f0"))))
-    (build-system gnu-build-system)
-    (arguments
-      '(#:phases (alist-delete 'configure %standard-phases)
-        #:tests? #f
-        #:make-flags
-          (list "CC=gcc" (string-append "PREFIX=" (assoc-ref %outputs "out")))))
-    (inputs `(("imlib2" ,imlib2)
-              ("curl" ,curl)
-              ("libpng" ,libpng)
-              ("libxt" ,libxt)
-              ("libx11" ,libx11)
-              ("libxinerama" ,libxinerama)))
-    (synopsis "Fast and light imlib2-based image viewer")
-    (description
-      "feh is an X11 image viewer aimed mostly at console users.
-Unlike most other viewers, it does not have a fancy GUI, but simply
-displays images.  It can also be used to set the desktop wallpaper.
-It is controlled via commandline arguments and configurable key/mouse
-actions.")
-
-    ;; The license is really the Expat license, with additional wording in the
-    ;; 2nd paragraph: "acknowledgment shall be given in the documentation and
-    ;; software packages that this Software was used."
-    (license (license:x11-style
-              "file://COPYING"
-              "See 'COPYING' in the distribution."))))
diff --git a/gnu/packages/flashing-tools.scm b/gnu/packages/flashing-tools.scm
index a55ed96edd..f25c25fbfb 100644
--- a/gnu/packages/flashing-tools.scm
+++ b/gnu/packages/flashing-tools.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2014 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -22,6 +23,7 @@
 (define-module (gnu packages flashing-tools)
   #:use-module (guix licenses)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix packages)
   #:use-module (gnu packages)
   #:use-module (guix build-system gnu)
@@ -211,3 +213,37 @@ You need to add the udev rules to make the Teensy update available for
 non-root users.")
       (home-page "https://www.pjrc.com/teensy/loader_cli.html")
       (license gpl3))))
+
+(define-public rkflashtool
+  (let ((commit "094bd6410cb016e487e2ccb1050c59eeac2e6dd1")
+        (revision "1"))
+    (package
+      (name "rkflashtool")
+      (version (string-append "0.0.0-" revision "." (string-take commit 7)))
+      (source
+        (origin
+          (method git-fetch)
+          (uri (git-reference
+                (url "https://github.com/linux-rockchip/rkflashtool.git")
+                (commit commit)))
+          (file-name (string-append name "-" version "-checkout"))
+          (sha256
+           (base32
+            "1zkd8zxir3rfg3sy9r20bcnxclnplryn583gqpcr3iad0k3xbah7"))))
+      (build-system gnu-build-system)
+      (arguments
+       '(#:phases
+         (modify-phases %standard-phases
+           (delete 'configure)) ; no configure
+         #:make-flags (list (string-append "PREFIX=" %output))
+         #:tests? #f)) ; no tests
+      (native-inputs
+       `(("pkg-config" ,pkg-config)))
+      (inputs
+       `(("libusb" ,libusb)))
+      (home-page "https://github.com/linux-rockchip/rkflashtool")
+      (synopsis "Tools for flashing Rockchip devices")
+      (description "Allows flashing of Rockchip based embedded linux devices.
+The list of currently supported devices is: RK2818, RK2918, RK2928, RK3026,
+RK3036, RK3066, RK312X, RK3168, RK3188, RK3288, RK3368.")
+      (license bsd-2))))
diff --git a/gnu/packages/geeqie.scm b/gnu/packages/geeqie.scm
deleted file mode 100644
index 509819e780..0000000000
--- a/gnu/packages/geeqie.scm
+++ /dev/null
@@ -1,108 +0,0 @@
-;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
-;;;
-;;; This file is part of GNU Guix.
-;;;
-;;; GNU Guix is free software; you can redistribute it and/or modify it
-;;; under the terms of the GNU General Public License as published by
-;;; the Free Software Foundation; either version 3 of the License, or (at
-;;; your option) any later version.
-;;;
-;;; GNU Guix is distributed in the hope that it will be useful, but
-;;; WITHOUT ANY WARRANTY; without even the implied warranty of
-;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-;;; GNU General Public License for more details.
-;;;
-;;; You should have received a copy of the GNU General Public License
-;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
-
-(define-module (gnu packages geeqie)
-  #:use-module (guix packages)
-  #:use-module (guix download)
-  #:use-module ((guix licenses) #:prefix l:)
-  #:use-module (guix build-system gnu)
-  #:use-module (gnu packages autotools)
-  #:use-module (gnu packages compression)
-  #:use-module (gnu packages ghostscript)
-  #:use-module (gnu packages glib)
-  #:use-module (gnu packages gtk)
-  #:use-module (gnu packages image)
-  #:use-module (gnu packages pkg-config)
-  #:use-module (gnu packages xml))
-
-(define-public exiv2                              ; XXX: move elsewhere?
-  (package
-    (name "exiv2")
-    (version "0.25")
-    (source (origin
-             (method url-fetch)
-             (uri (list (string-append "http://www.exiv2.org/exiv2-"
-                                       version ".tar.gz")
-                        (string-append "https://fossies.org/linux/misc/exiv2-"
-                                       version ".tar.gz")))
-             (sha256
-              (base32
-               "197g6vgcpyf9p2cwn5p5hb1r714xsk1v4p96f5pv1z8mi9vzq2y8"))))
-    (build-system gnu-build-system)
-    (arguments '(#:tests? #f))                    ; no `check' target
-    (propagated-inputs
-     `(("expat" ,expat)
-       ("zlib" ,zlib)))
-    (native-inputs
-     `(("intltool" ,intltool)))
-    (home-page "http://www.exiv2.org/")
-    (synopsis "Library and command-line utility to manage image metadata")
-    (description
-     "Exiv2 is a C++ library and a command line utility to manage image
-metadata.  It provides fast and easy read and write access to the Exif, IPTC
-and XMP metadata of images in various formats.")
-
-    ;; Files under `xmpsdk' are a copy of Adobe's XMP SDK, licensed under the
-    ;; 3-clause BSD license: <http://www.adobe.com/devnet/xmp/sdk/eula.html>.
-    ;; The core is GPLv2+:
-    ;;   <https://launchpad.net/ubuntu/precise/+source/exiv2/+copyright>.
-    (license l:gpl2+)))
-
-(define-public geeqie
-  (package
-    (name "geeqie")
-    (version "1.3")
-    (source (origin
-             (method url-fetch)
-             (uri (string-append "https://github.com/BestImageViewer/geeqie/"
-                                 "releases/download/v" version "/geeqie-"
-                                 version ".tar.xz"))
-             (sha256
-              (base32
-               "0gzc82sy66pbsmq7lnmq4y37zqad1zfwfls3ik3dmfm8s5nmcvsb"))))
-    (build-system gnu-build-system)
-    (arguments
-     `(#:phases
-       (modify-phases %standard-phases
-         (add-after 'unpack 'autogen
-           (lambda _
-             (setenv "NOCONFIGURE" "true")
-             (zero? (system* "sh" "autogen.sh")))))))
-    (inputs
-     `(;; ("libchamplain" ,libchamplain)
-       ("lcms" ,lcms)
-       ("exiv2" ,exiv2)
-       ("libpng" ,libpng)
-       ("gtk+" ,gtk+-2)))
-    (native-inputs
-     `(("autoconf" ,autoconf)
-       ("automake" ,automake)
-       ("glib" ,glib "bin") ; glib-gettextize
-       ("intltool" ,intltool)
-       ("pkg-config" ,pkg-config)))
-    (home-page "http://www.geeqie.org/")
-    (synopsis "Lightweight GTK+ based image viewer")
-    (description
-     "Geeqie is a lightweight GTK+ based image viewer for Unix like operating
-systems.  It features: EXIF, IPTC and XMP metadata browsing and editing
-interoperability; easy integration with other software; geeqie works on files
-and directories, there is no need to import images; fast preview for many raw
-image formats; tools for image comparison, sorting and managing photo
-collection.  Geeqie was initially based on GQview.")
-    (license l:gpl2+)))
diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index 3683068dc4..a78b188af0 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -455,7 +455,7 @@ by GDBus included in Glib.")
 (define libsigc++
   (package
     (name "libsigc++")
-    (version "2.8.0")
+    (version "2.10.0")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/libsigc++/"
@@ -463,7 +463,7 @@ by GDBus included in Glib.")
                                  name "-" version ".tar.xz"))
              (sha256
               (base32
-               "0lcnzzdq6718znfshs1hflpwqq6awbzwdyp4kv5lfaf54z880jbp"))))
+               "10cd54l4zihss9qxfhd2iip2k7mr292k37i54r2cpgv0c8sdchzq"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)
                      ("m4" ,m4)))
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 8b94105ec2..6f2a98b5b3 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -97,7 +97,6 @@
   #:use-module (gnu packages scanner)
   #:use-module (gnu packages ssh)
   #:use-module (gnu packages xml)
-  #:use-module (gnu packages geeqie)
   #:use-module (gnu packages gl)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages tex)
diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 1eb2670743..5d1baa834e 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -29,7 +29,6 @@
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages curl)
-  #:use-module (gnu packages geeqie)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnome)
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index f7a8c7db51..f63e950f29 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -303,71 +303,41 @@ standards.")
 (define-public icecat
   (package
     (name "icecat")
-    (version "45.3.0-gnu1-beta")
+    (version "45.5.1-gnu1")
     (source
      (origin
       (method url-fetch)
-      (uri (list (string-append "mirror://gnu/gnuzilla/" version "/"
-                                name "-" version ".tar.bz2")
-                 ;; XXX Temporary URI for 45.3 beta release.
-                 ;;     Remove when no longer needed.
-                 (string-append "http://jenkins.trisquel.info/icecat/binaries/"
-                                "icecat-45.3.0-gnu1.tar.bz2")))
+      (uri (string-append "mirror://gnu/gnuzilla/"
+                          (first (string-split version #\-))
+                          "/" name "-" version ".tar.bz2"))
       (sha256
        (base32
-        "1hk5lwaqm8nkfm43sq521mzyrx0x3iiwvlcy62m7cq7grz9wixp6"))
+        "1sbfgsibmb8wfmb2g40gmqwq3nikmrgzksf51ydrz7gnafyfaqw1"))
       (patches
-       `(,(search-patch "icecat-avoid-bundled-libraries.patch")
-         ,(search-patch "icecat-binutils.patch")
-         ,(mozilla-patch "icecat-CVE-2016-5250.patch"     "6711ccb0184e" "1p0s91rw1j7ib6hy9gh5p0l33rja32rfgygh29jw4wq1hxfql8rk")
-         ,(mozilla-patch "icecat-CVE-2016-5257-pt1.patch" "b08f28db372e" "0fmifimavawbff700rzjibsnr16am6902gp965scvi1iy78754ia")
-         ,(mozilla-patch "icecat-CVE-2016-5257-pt2.patch" "a49fd7eb57ba" "1dyh0pjdmf64sjbj1x0mdjwfispacx9yny1kx9nzpf85myryr640")
-         ,(mozilla-patch "icecat-CVE-2016-5257-pt3.patch" "9707c3423a1e" "12nn8av0akza4ml1is9mfy8f7368mrkxsl32ly97r4irzh0iryh1")
-         ,(mozilla-patch "icecat-CVE-2016-5257-pt4.patch" "9d632865560a" "1msp1wqv0c317wqkm82hd9ajbg4a5mcr8pld5j8cx37ccv7f21g3")
-         ,(mozilla-patch "icecat-CVE-2016-5257-pt5.patch" "90697781ec9f" "1h6gcrw5ykf7r59phxqkhpfs7jsgzqn509qm43sj7mbpcvqvk5mg")
-         ,(mozilla-patch "icecat-CVE-2016-5257-pt6.patch" "dd9eb81853b9" "1lyqnn40sayziych8gqd5aj7il3zajf318y8ddj8dzz3c8id5dzc")
-         ,(mozilla-patch "icecat-CVE-2016-5257-pt7.patch" "d91fc76079e0" "022lhixa8dxa6ny9a4bh2di282i0lhyq0glqr9n4q3r8msfmf0ba")
-         ,(mozilla-patch "icecat-CVE-2016-5257-pt8.patch" "3e37ba5e0867" "1w8lncxaayq4xndhyp1hwlv00zggbayljq6rlypb8kdwgzfpi77w")
-         ,(mozilla-patch "icecat-CVE-2016-5257-pt9.patch" "3c4958a98908" "16bc6ai5qddnpm3yw24lry5s7i05xs0ycixzxiir4wmcgwcaayiy")
-         ,(mozilla-patch "icecat-CVE-2016-5261.patch"     "bc2f5467b33d" "0i4b8ydmqg4blx541f56g9qrlm7gp6ih4cs7ixbds724cwk83b9f")
-         ,(mozilla-patch "icecat-CVE-2016-5270.patch"     "7cd50d56bb61" "15nbp5axr59mczxgf37nli37jbw0jdknmxz7z71772pzjd2z07r9")
-         ,(mozilla-patch "icecat-CVE-2016-5272.patch"     "6e43a01fee3c" "025xp1wdnz1gc5l2rsgbrwsh1pbysjiyfgz0g6rvr390r7ag1n74")
-         ,(mozilla-patch "icecat-CVE-2016-5274.patch"     "10c9453407de" "1wqh6hj0dpa7r3hhlyrflcv3r3cg0xq4rb0zvhysi6l7lwb8q51r")
-         ,(mozilla-patch "icecat-CVE-2016-5276.patch"     "fc818ab03f15" "1q64ipl172dcmyy9p8p3l3ljpdh1q1jg48lai0qn2xgknl7sdpks")
-         ,(mozilla-patch "icecat-CVE-2016-5277.patch"     "7b668c5cec92" "1qmchn6qifgjakzac6i4hgnivy062pzgz9p1l11c1m3an1rh0isg")
-         ,(mozilla-patch "icecat-CVE-2016-5278.patch"     "fd5052e343df" "1nzmzlnsz61w9aw4mjvgmlkz88aqv1w858rr0mbv07hwyrljfi84")
-         ,(mozilla-patch "icecat-CVE-2016-5280.patch"     "30673bc9730b" "1qz1684v1rp86ngadcaqd68iqf472flnrnk971ryg4fbsyy8g1za")
-         ,(mozilla-patch "icecat-CVE-2016-5281-pt1.patch" "61405f1fd1df" "1fgmq67arwsl1nrl133fcb5cz6jbbcfjvbv8cd8cadhapin971a7")
-         ,(mozilla-patch "icecat-CVE-2016-5281-pt2.patch" "7776b6ec7b92" "1f7k8f4lk7nyghwajsxf6nb7yvzsaw3jwpa3316znsva12m548mn")
-         ,(mozilla-patch "icecat-CVE-2016-5284-pt1.patch" "55e768767416" "1gg7m12njbkn1jqf2gp2y7zd9ik3xhqkjb7znczna4l438h7ki83")
-         ,(mozilla-patch "icecat-CVE-2016-5284-pt2.patch" "3c42249975a5" "0gnanndkmhsp49rldv4kh0smkdcs7616v46hn567kfw8yfwqvnli")
-         ,(mozilla-patch "icecat-CVE-2016-5284-pt3.patch" "126e5d574811" "13gr08bzqy23adz0ciihb7cy9wdnkcn71i77a3y5b5apm6k54mwi")
-         ,(mozilla-patch "icecat-CVE-2016-5284-pt4.patch" "7b8bd7aae1a8" "0mq5gpq6ni8czfcs1rif4is0igh0054aw41ga0jqkq58g7lavkrf")
-         ,(mozilla-patch "icecat-CVE-2016-5284-pt5.patch" "0799490f4e6f" "1ypv6i48nabbhcqbach8fbgz9bmnhm7q5z9dnfid44z8g54l3f33")
-         ,(mozilla-patch "icecat-CVE-2016-5284-pt6.patch" "fc990e4ae8bc" "1s2cj505ajwwiy4xvn5zlmyzqpgahxmqqvis0a6xm6mjbjh02gm4")
-         ,(mozilla-patch "icecat-bug-1251088.patch"       "5ffa912ed83e" "0v5lpv3c89c2d4y5acn0kyijv096axdnrvaj5ya5yypzfcaqxv24")
-         ,(mozilla-patch "icecat-CVE-2016-5290-pt1.patch" "d4b5b8f3e373" "0w8cxn6ryhgxryy8k8i06yw4mknv509ns9ff1avd0hmgxa83mcdp")
-         ,(mozilla-patch "icecat-CVE-2016-5290-pt2.patch" "adce603ae36d" "0mgs85cwx61bk17r7npl311l4m8yn4667wyhgjmm2ajiys6nn0yl")
-         ,(mozilla-patch "icecat-CVE-2016-5290-pt3.patch" "97268426bb6f" "1z7hg796cgag025gm9pp2szz7w870s7naagdri1dlsilj797v8hr")
-         ,(mozilla-patch "icecat-CVE-2016-5290-pt4.patch" "fc055950b6b8" "05iml5k3rzc653jk4imd111sh18625jxfxkcj12kjdihl0gdr4x4")
-         ,(mozilla-patch "icecat-CVE-2016-5290-pt5.patch" "6f845c23565b" "01dlbnmpsnwr448fajs276y62gl03r74k1hxnwsg6ihwhnfdvn5a")
-         ,(mozilla-patch "icecat-CVE-2016-5290-pt6.patch" "e5d51ca7a3c0" "0hshcz24hc6pkz5pcqxhajm17ibwrlfn1s00frfnpjjy56vacfz0")
-         ,(mozilla-patch "icecat-CVE-2016-5290-pt7.patch" "61d1463acd04" "1iig4a79dxmfcr6w82mdhyl88wy7d36g5n4p24632kbabgl9j9sz")
-         ,(mozilla-patch "icecat-CVE-2016-5290-pt8.patch" "8e0bab4216de" "1knq8h5ni8crfndi3p78b2pyj5lzchqw67vk0yx061r76mq4wp4r")
-         ,(mozilla-patch "icecat-CVE-2016-5290-pt9.patch" "bb10104dc89e" "1flvagckrzfk7hs2xzb5j3s5i0ck57ygyskh5494xmpa2a1nnsqj")
-         ,(mozilla-patch "icecat-CVE-2016-5290-pt10.patch" "7006b275b829" "0sqagm247wx94mf51fyhdkn0vf1a1qy9i829shjnhssd79srxmnn")
-         ,(mozilla-patch "icecat-CVE-2016-5290-pt11.patch" "32ce7be98543" "1y2r9i4p1qpqi75mlwmibr51whz5h1vj28c6mh6ik57dxkqxbclb")
-         ,(mozilla-patch "icecat-CVE-2016-5291.patch"     "3ff0c89f3b26" "1prn74aglshaj27jfrpd2s2i4slpljw4rbzjxc1qgwjvkq4m6j6f")
-         ,(mozilla-patch "icecat-CVE-2016-5297.patch"     "46b07bdbf8b2" "1n8y1c5l0ms81dra7jsx8mp633ak5qvx105drvlg9hn3m0fwv1lj")
-         ,(search-patch  "icecat-CVE-2016-9064.patch") ; adapted for icecat based on:
-                                        ;                 "00c2b7baaa0b" "0y02yb7r62656nq9dji9dnwils2lxqasjz5byv62j1xa87r7f9hp"
-         ,(mozilla-patch "icecat-CVE-2016-9066.patch"     "576f1725a57e" "1lic9d3r8r1vcniw1g3ca71390lw3dmwjsw55dp6z96hyjbcq3fd")
-         ,(mozilla-patch "icecat-bug-1212939.patch"       "4a0e851f83e4" "182vx1qxrr7r2175jjf0bcixwwm1khdj4sq0c8wnsyry7p9waq5q")
-         ,(mozilla-patch "icecat-bug-1168743.patch"       "a1e06af61ab3" "07llk1ba6axjasiv30vicz96k55ff4mybxy21vjxk6j0asgyjz23")
-         ,(mozilla-patch "icecat-bug-1287176.patch"       "0569d5dce9db" "1d41sqbq6jc3af73dz9w19win7v7c12kw1mp7j7b1gkadq46c4y7")
-         ,(mozilla-patch "icecat-bug-1263665.patch"       "a79cafee93f4" "0bn7hpm8mh8qmkpz5wiridr792irrs5sjxyvryazy2i0p4pjh62p")
-         ,(mozilla-patch "icecat-bug-1304962.patch"       "f61049d5f373" "04d1na31qqq7yq4jjvhq6vzqq3f23rwac8c6fw4h5fx1pdb3l997")
-         ,(mozilla-patch "icecat-bug-1314574.patch"       "46b2558ca469" "00q8676xg4wb7p371wgi04nl05j7idkb2kna9a0l08k6lks9wdhh")))
+       (list
+        (search-patch "icecat-avoid-bundled-libraries.patch")
+        (search-patch "icecat-binutils.patch")
+        (mozilla-patch "icecat-bug-1301381.patch"       "2e5438a92617" "0pyjbzyy04759ldpcar8q8cccv67j1jkxsg46rkq7a3rbhmwmw4p")
+        (mozilla-patch "icecat-bug-1317409.patch"       "7391f60fb790" "1hydggpmmm2cs9lb15micnkxn4wl4cda9g74hkn3zmks805vjz3h")
+        (mozilla-patch "icecat-bug-1309834.patch"       "744e01001e6e" "0z2fq765kap3ll9as5rvjpnbj3pw26074alw7df0zi215qz47nxr")
+        (mozilla-patch "icecat-bug-1317936-pt1.patch"   "8ae673f34a5b" "1rlbihckl9afa0y91lqs7gpnv6a7zxzrmxjv95y3yrl03kibqp76")
+        (mozilla-patch "icecat-bug-1317936-pt2.patch"   "409c23c144fe" "05kgs16y8s5pxmg2dxp93247zagnj6zgj3209qpm5hz3an7gr13h")
+        (mozilla-patch "icecat-bug-1319122.patch"       "994d9bd0e28d" "007wifyx3b2ln4fwv1i8n24yz5ngjf4mkzd7sqr5bpd3q88ff293")
+        (mozilla-patch "icecat-bug-1312609.patch"       "0fc43af8982e" "0pc8q9knzq2knj723mwkay1lnzbzysb07ygxnc16mcb6f7vl2mw8")
+        (mozilla-patch "icecat-bug-1319524.patch"       "19f9a4643d77" "0w5yxj1l0hvs66q9agjp4m5sfby7fj05lx33gaqf899bw4hn4vcf")
+        (mozilla-patch "icecat-bug-1312548.patch"       "c58442c414f5" "1z1w1v8xagkhrwgp51ij1k2gx0ripslia09vm78812n7gcwddaas")
+        (mozilla-patch "icecat-bug-1314442.patch"       "5054047b7328" "0xlw8irymfp3bcaa5jpf7clf7bq6qxp3i8zapp8jya8lzr1nf868")
+        (mozilla-patch "icecat-bug-881832-pt1.patch"    "1123263318a3" "1qkxwva3zrcs1zhga8ncmndq03988dx75i896g53gbvpskj06915")
+        (mozilla-patch "icecat-bug-881832-pt2.patch"    "dc87c0a39adf" "01rapf14f3r2wk0cjd16dn1rll4ipgs33cnjmjck48nvk67ikz6h")
+        (mozilla-patch "icecat-bug-881832-pt3.patch"    "f20e5f488368" "15ql9ywifb3gm2g1057k63f821dbs3wqsh3zhndprzf3dn6aha4i")
+        (mozilla-patch "icecat-bug-881832-pt4.patch"    "7950c4d5bd7c" "0jhkg5hq5yfy7rh21k1mpbsbr81ql85aazym30zy3n2cf28xxhd7")
+        (mozilla-patch "icecat-bug-881832-pt5.patch"    "972734ec21b6" "073i4v1f1ydy49i57pvzscz95sjr5bbk9s5sajxvmmcsmwhpjdfy")
+        (mozilla-patch "icecat-bug-1293985-pt1.patch"   "aebd3687e05e" "1qz6hdgflcrqyg7fv66cbg23v4b7q5bc2yxzrgjxs4j1d7jy1s0s")
+        (mozilla-patch "icecat-bug-1293985-pt2.patch"   "63d8e5cd27cb" "11fsgyngy7v59ma30xdbmycwf4izwikzvaljngm3ks4534inpl4a")
+        (mozilla-patch "icecat-bug-1279202.patch"       "e560997291af" "1hn35slasfcj3ryka4fsarx4l9r99z0iwj67fmbv6zxz4z133kks")
+        (mozilla-patch "icecat-bug-1320039.patch"       "21c615b65048" "0ibgsxa36x9ajn2jqbhxxvrfvj6x6iyspsmzzn4brdz11n93skhr")
+        (mozilla-patch "icecat-bug-1320057.patch"       "c15e5afc0430" "17gj32agqs94548z8lvz0l6zz3kbwajn8as0y4iw5nb6jsll4c66")
+        (mozilla-patch "icecat-bug-1163212.patch"       "46163fb1cb34" "1yikayczfgfla3aka0159apq3149d52sgvlca0sivx4myd0lvjm7")))
       (modules '((guix build utils)))
       (snippet
        '(begin
@@ -411,7 +381,7 @@ standards.")
                       "db/sqlite3"))
           ;; Delete .pyc files, typically present in icecat source tarballs
           (for-each delete-file (find-files "." "\\.pyc$"))
-          ;; Delete obj-* directories, found in icecat-45.3.0-gnu1-beta
+          ;; Delete obj-* directories, sometimes present in icecat tarballs
           (for-each delete-file-recursively
                     (scandir "." (lambda (name)
                                    (string-prefix? "obj-" name))))
@@ -491,9 +461,8 @@ standards.")
                            "--disable-debug"
                            "--disable-debug-symbols"
 
-                           ;; Temporary hack to work around missing
-                           ;; "unofficial" branding in
-                           ;; icecat-45.3.0-gnu1-beta.
+                           ;; Hack to work around missing
+                           ;; "unofficial" branding in icecat.
                            "--enable-official-branding"
 
                            ;; Avoid bundled libraries.
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index c38270afcb..9d8dcda545 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2016 Petter <petter@mykolab.ch>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;;
-;;; This file is an addendum GNU Guix.
+;;; This file is part of GNU Guix.
 ;;;
 ;;; GNU Guix is free software; you can redistribute it and/or modify it
 ;;; under the terms of the GNU General Public License as published by
@@ -200,7 +200,7 @@ sequential processes (CSP) concurrent programming features added.")
   (package
     (inherit go-1.4)
     (name "go")
-    (version "1.7.3")
+    (version "1.7.4")
     (source
      (origin
        (method url-fetch)
@@ -208,7 +208,7 @@ sequential processes (CSP) concurrent programming features added.")
                            name version ".src.tar.gz"))
        (sha256
         (base32
-         "0i7gy5d8j6186a6x07cnj3r7mpfg3964q8byslx0p6x04w00lhvr"))))
+         "1k0lnsk5i9swi209wh535lpnpczsh6l8m1pfncmilrdsx48r262c"))))
     (arguments
      (substitute-keyword-arguments (package-arguments go-1.4)
        ((#:phases phases)
diff --git a/gnu/packages/gps.scm b/gnu/packages/gps.scm
index da5485e6ee..bc0f3ed115 100644
--- a/gnu/packages/gps.scm
+++ b/gnu/packages/gps.scm
@@ -27,7 +27,7 @@
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages docbook)
-  #:use-module (gnu packages geeqie)              ;exiv2
+  #:use-module (gnu packages image)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages qt))
diff --git a/gnu/packages/gstreamer.scm b/gnu/packages/gstreamer.scm
index 86ea690e8b..54f1529de4 100644
--- a/gnu/packages/gstreamer.scm
+++ b/gnu/packages/gstreamer.scm
@@ -98,7 +98,7 @@ arrays of data.")
 (define-public gstreamer
   (package
     (name "gstreamer")
-    (version "1.10.1")
+    (version "1.10.2")
     (source
      (origin
       (method url-fetch)
@@ -107,7 +107,7 @@ arrays of data.")
             version ".tar.xz"))
       (sha256
        (base32
-        "1npnpyrw8603ivi5g3ziglvh3hq2shypid2vjcmki6g6w2bgk3gn"))))
+        "0rcd4ya4k99x6ngm9v78as7ql0rqibkwshc13lb4rjdszs0qw3hm"))))
     (build-system gnu-build-system)
     (outputs '("out" "doc"))
     (arguments
@@ -146,7 +146,7 @@ This package provides the core library and elements.")
 (define-public gst-plugins-base
   (package
     (name "gst-plugins-base")
-    (version "1.10.1")
+    (version "1.10.2")
     (source
      (origin
       (method url-fetch)
@@ -154,7 +154,7 @@ This package provides the core library and elements.")
                           name "-" version ".tar.xz"))
       (sha256
        (base32
-        "1jbnr6vbklzli493xdd8y5sflm32r90lifpacxw9vbvs9hlyxkv6"))))
+        "086yjwmp4fykcqkj6zqhwrk2z49981kl8x545vz2wvblrc7x9h7v"))))
     (build-system gnu-build-system)
     (outputs '("out" "doc"))
     (propagated-inputs
@@ -201,20 +201,16 @@ for the GStreamer multimedia library.")
 (define-public gst-plugins-good
   (package
     (name "gst-plugins-good")
-    (version "1.10.1")
+    (version "1.10.2")
     (source
      (origin
       (method url-fetch)
       (uri (string-append
             "https://gstreamer.freedesktop.org/src/" name "/"
             name "-" version ".tar.xz"))
-      (patches (search-patches "gst-plugins-good-flic-bounds-check.patch"
-                               "gst-plugins-good-fix-signedness.patch"
-                               "gst-plugins-good-fix-invalid-read.patch"
-                               "gst-plugins-good-fix-crashes.patch"))
       (sha256
        (base32
-        "1hkcap9l2603266gyi6jgvx7frbvfmb7xhfhjizbczy1wykjwr57"))))
+        "04rksbhjj2yz32g523cfabwqn2s3byd94dpbxghxr0p9ridk53qr"))))
     (build-system gnu-build-system)
     (inputs
      `(("aalib" ,aalib)
@@ -270,14 +266,14 @@ developers consider to have good quality code and correct functionality.")
 (define-public gst-plugins-bad
   (package
     (name "gst-plugins-bad")
-    (version "1.10.1")
+    (version "1.10.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://gstreamer.freedesktop.org/src/"
                                   name "/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "07cjra4fclrk6lpdm5hrsgp79aqpklx3v3l9scain091zvchwghk"))))
+                "0fisnnfpp3s8pbm6hjrfi4wjpq2da8c6w3ns9pjcg7590f9wm587"))))
     (outputs '("out" "doc"))
     (build-system gnu-build-system)
     (arguments
@@ -347,7 +343,7 @@ par compared to the rest.")
 (define-public gst-plugins-ugly
   (package
     (name "gst-plugins-ugly")
-    (version "1.10.1")
+    (version "1.10.2")
     (source
      (origin
        (method url-fetch)
@@ -355,7 +351,7 @@ par compared to the rest.")
                            name "/" name "-" version ".tar.xz"))
        (sha256
         (base32
-         "1hl385fys7hfx5ffipavvhciq6hwm731rs4d6r9fn7h9qagxbv55"))))
+         "17gc2zd3v6spmm2d6912sqfcyyv5f2ghdhq31f5kx5mw5r6ds0zk"))))
     (build-system gnu-build-system)
     (inputs
      `(("gst-plugins-base" ,gst-plugins-base)
@@ -386,7 +382,7 @@ distribution problems in some jurisdictions, e.g. due to patent threats.")
 (define-public gst-libav
   (package
     (name "gst-libav")
-    (version "1.10.1")
+    (version "1.10.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -394,7 +390,7 @@ distribution problems in some jurisdictions, e.g. due to patent threats.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1ivjbh5g0l5ykfpc16kq5x2jz8d4ignyha14jpiz3pz6w26qpci7"))))
+                "0g778j7w4vpbhwjzyrzpajvr26nxm6vqby84v8g1w1hz44v71pd3"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--with-system-libav")
@@ -424,7 +420,7 @@ compression formats through the use of the libav library.")
 (define-public python-gst
   (package
     (name "python-gst")
-    (version "1.10.1")
+    (version "1.10.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -432,7 +428,7 @@ compression formats through the use of the libav library.")
                     "gst-python-" version ".tar.xz"))
               (sha256
                (base32
-                "04xhh0z0c0s6aq7kvmfs4r6yl1pjnqz0krp05pbjy62ayx5b61ak"))))
+                "1sljnqkxf2ix6yzghrapw5irl0rbp8aa8w2hggk7i6d9js10ls71"))))
     (build-system gnu-build-system)
     (arguments
      ;; XXX: Factorize python-sitedir with python-build-system.
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index b1a8e272db..fc4677c247 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -8,6 +8,7 @@
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com>
 ;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com>
+;;; Coypright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Fabian Harfert <fhmgufs@web.de>
 ;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
@@ -34,6 +35,7 @@
   #:use-module (guix utils)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system python)
   #:use-module (guix build-system waf)
@@ -299,6 +301,23 @@ graph-like environments, e.g. modular synths or finite state machine
 diagrams.")
     (license license:gpl3+)))
 
+(define-public ganv-devel
+  (let ((commit "31685d283e9b811b61014f820c42807f4effa071")
+        (revision "1"))
+    (package
+      (inherit ganv)
+      (name "ganv")
+      (version (string-append "1.4.2-" revision "."
+                              (string-take commit 9)))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "http://git.drobilla.net/ganv.git")
+                      (commit commit)))
+                (sha256
+                 (base32
+                  "0xmbykdl42jn9cgzrqrys5lng67d26nk5xq10wkkvjqldiwdck56")))))))
+
 (define-public gtksourceview-2
   (package
     (name "gtksourceview")
diff --git a/gnu/packages/image-viewers.scm b/gnu/packages/image-viewers.scm
index 4be0ebbc2d..11cead6b36 100644
--- a/gnu/packages/image-viewers.scm
+++ b/gnu/packages/image-viewers.scm
@@ -1,5 +1,11 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
+;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;;
+;;; This file is part of GNU Guix.
+;;;
 ;;; GNU Guix is free software; you can redistribute it and/or modify it
 ;;; under the terms of the GNU General Public License as published by
 ;;; the Free Software Foundation; either version 3 of the License, or (at
@@ -20,11 +26,133 @@
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages base)
-  #:use-module (gnu packages geeqie)
+  #:use-module (gnu packages curl)
+  #:use-module (gnu packages ghostscript)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages gtk)
-  #:use-module (gnu packages pkg-config))
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages photo)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages xorg))
+
+(define-public feh
+  (package
+    (name "feh")
+    (version "2.14.1")
+    (home-page "https://feh.finalrewind.org/")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append home-page
+                                  name "-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "1hlzgr0masgbm1vdn085vz81s9kpnah8kjkb1w1xfsxr1b99x8f0"))))
+    (build-system gnu-build-system)
+    (arguments
+      '(#:phases (alist-delete 'configure %standard-phases)
+        #:tests? #f
+        #:make-flags
+          (list "CC=gcc" (string-append "PREFIX=" (assoc-ref %outputs "out")))))
+    (inputs `(("imlib2" ,imlib2)
+              ("curl" ,curl)
+              ("libpng" ,libpng)
+              ("libxt" ,libxt)
+              ("libx11" ,libx11)
+              ("libxinerama" ,libxinerama)))
+    (synopsis "Fast and light imlib2-based image viewer")
+    (description
+      "feh is an X11 image viewer aimed mostly at console users.
+Unlike most other viewers, it does not have a fancy GUI, but simply
+displays images.  It can also be used to set the desktop wallpaper.
+It is controlled via commandline arguments and configurable key/mouse
+actions.")
+
+    ;; The license is really the Expat license, with additional wording in the
+    ;; 2nd paragraph: "acknowledgment shall be given in the documentation and
+    ;; software packages that this Software was used."
+    (license (license:x11-style
+              "file://COPYING"
+              "See 'COPYING' in the distribution."))))
+
+(define-public geeqie
+  (package
+    (name "geeqie")
+    (version "1.3")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "https://github.com/BestImageViewer/geeqie/"
+                                 "releases/download/v" version "/geeqie-"
+                                 version ".tar.xz"))
+             (sha256
+              (base32
+               "0gzc82sy66pbsmq7lnmq4y37zqad1zfwfls3ik3dmfm8s5nmcvsb"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'autogen
+           (lambda _
+             (setenv "NOCONFIGURE" "true")
+             (zero? (system* "sh" "autogen.sh")))))))
+    (inputs
+     `(;; ("libchamplain" ,libchamplain)
+       ("lcms" ,lcms)
+       ("exiv2" ,exiv2)
+       ("libpng" ,libpng)
+       ("gtk+" ,gtk+-2)))
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("glib" ,glib "bin") ; glib-gettextize
+       ("intltool" ,intltool)
+       ("pkg-config" ,pkg-config)))
+    (home-page "http://www.geeqie.org/")
+    (synopsis "Lightweight GTK+ based image viewer")
+    (description
+     "Geeqie is a lightweight GTK+ based image viewer for Unix like operating
+systems.  It features: EXIF, IPTC and XMP metadata browsing and editing
+interoperability; easy integration with other software; geeqie works on files
+and directories, there is no need to import images; fast preview for many raw
+image formats; tools for image comparison, sorting and managing photo
+collection.  Geeqie was initially based on GQview.")
+    (license license:gpl2+)))
+
+(define-public sxiv
+  (package
+    (name "sxiv")
+    (version "1.3.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/muennich/sxiv/archive/v"
+                    version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0lxnd33gaw4drhdwbkk94wzrjyhh64d57jq2ps7ffmqgizg6hlwz"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:tests? #f                      ; no check target
+       #:make-flags (list (string-append "PREFIX=" %output)
+                          "CC=gcc")
+       #:phases (alist-delete
+                 'configure             ; no configure phase
+                 %standard-phases)))
+    (inputs
+     `(("libx11" ,libx11)
+       ("imlib2" ,imlib2)
+       ("giflib" ,giflib)
+       ("libexif" ,libexif)))
+    (home-page "https://github.com/muennich/sxiv")
+    (synopsis "Simple X Image Viewer")
+    (description
+     "sxiv is an alternative to feh and qiv.  Its primary goal is to
+provide the most basic features required for fast image viewing.  It has
+vi key bindings and works nicely with tiling window managers.  Its code
+base should be kept small and clean to make it easy for you to dig into
+it and customize it for your needs.")
+    (license license:gpl2+)))
 
 (define-public viewnior
   (package
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 8aebfc57f1..7bf330be30 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -1,4 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013, 2015, 2016 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014, 2015 Alex Kost <alezost@gmail.com>
@@ -42,6 +43,7 @@
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages ghostscript)
   #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
   #:use-module (gnu packages graphics)
   #:use-module (gnu packages maths)
   #:use-module (gnu packages mcrypt)
@@ -769,6 +771,39 @@ channels.")
      "Libmng is the MNG (Multiple-image Network Graphics) reference library.")
     (license license:bsd-3)))
 
+(define-public exiv2
+  (package
+    (name "exiv2")
+    (version "0.25")
+    (source (origin
+             (method url-fetch)
+             (uri (list (string-append "http://www.exiv2.org/exiv2-"
+                                       version ".tar.gz")
+                        (string-append "https://fossies.org/linux/misc/exiv2-"
+                                       version ".tar.gz")))
+             (sha256
+              (base32
+               "197g6vgcpyf9p2cwn5p5hb1r714xsk1v4p96f5pv1z8mi9vzq2y8"))))
+    (build-system gnu-build-system)
+    (arguments '(#:tests? #f))                    ; no `check' target
+    (propagated-inputs
+     `(("expat" ,expat)
+       ("zlib" ,zlib)))
+    (native-inputs
+     `(("intltool" ,intltool)))
+    (home-page "http://www.exiv2.org/")
+    (synopsis "Library and command-line utility to manage image metadata")
+    (description
+     "Exiv2 is a C++ library and a command line utility to manage image
+metadata.  It provides fast and easy read and write access to the Exif, IPTC
+and XMP metadata of images in various formats.")
+
+    ;; Files under `xmpsdk' are a copy of Adobe's XMP SDK, licensed under the
+    ;; 3-clause BSD license: <http://www.adobe.com/devnet/xmp/sdk/eula.html>.
+    ;; The core is GPLv2+:
+    ;;   <https://launchpad.net/ubuntu/precise/+source/exiv2/+copyright>.
+    (license license:gpl2+)))
+
 (define-public devil
   (package
     (name "devil")
diff --git a/gnu/packages/kde.scm b/gnu/packages/kde.scm
index 82e7ed2cc7..9099c5f84a 100644
--- a/gnu/packages/kde.scm
+++ b/gnu/packages/kde.scm
@@ -23,6 +23,8 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix utils)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages documentation)
   #:use-module (gnu packages kde-frameworks)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages tls)
@@ -85,6 +87,60 @@ used in KDE development tools Kompare and KDevelop.")
     ;; source archive
     (license (list license:gpl2+ license:lgpl2.0+ license:bsd-3))))
 
+(define-public libksysguard
+  (package
+    (name "libksysguard")
+    (version "5.8.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://kde//stable/plasma/" version
+                           "/libksysguard-" version ".tar.xz"))
+       (sha256
+        (base32
+         "158n30wbpsgbw3axhhsc58hnwhwdd02j3zc9hhcybmnbkfl5c96l"))))
+    (native-inputs
+     `(("extra-cmake-modules" ,extra-cmake-modules)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("kconfigwidgets" ,kconfigwidgets)
+       ("kiconthemes" ,kiconthemes)
+       ("kdbusaddons" ,kdbusaddons)
+       ("kdoctools" ,kdoctools)
+       ("kinit" ,kinit)
+       ("knewstuff" ,knewstuff)
+       ("knotifications" ,knotifications)
+       ("kwindowsystem" ,kwindowsystem)
+       ("kio" ,kio)
+       ("ki18n" ,ki18n)
+       ("kservice" ,kservice)
+       ("qtbase" ,qtbase)
+       ("qtscript" ,qtscript)
+       ("qtwebkit" ,qtwebkit)
+       ("qtx11extras" ,qtx11extras)
+       ("plasma" ,plasma-framework)
+       ("zlib" ,zlib)))
+    (build-system cmake-build-system)
+    (arguments
+     `(#:configure-flags
+       `(,(string-append "-DKDE_INSTALL_DATADIR="
+                         (assoc-ref %outputs "out") "/share"))
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'patch-cmakelists
+           (lambda _
+             (substitute* "processcore/CMakeLists.txt"
+               (("KAUTH_HELPER_INSTALL_DIR") "KDE_INSTALL_LIBEXECDIR"))))
+         (replace 'check
+           (lambda _         ;other tests require a display and therefore fail
+             (zero? (system* "ctest" "-R" "chronotest")))))))
+    (home-page "https://www.kde.org/info/plasma-5.8.2.php")
+    (synopsis "Network enabled task and system monitoring")
+    (description "KSysGuard can obtain information on system load and
+manage running processes.  It obtains this information by interacting
+with a ksysguardd daemon, which may also run on a remote system.")
+    (license license:gpl3+)))
+
 (define-public qca
   (package
     (name "qca")
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 853c92e7c6..fca86cf3f6 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -327,26 +327,26 @@ It has been modified to remove all non-free binary blobs.")
 (define %intel-compatible-systems '("x86_64-linux" "i686-linux"))
 
 (define-public linux-libre
-  (make-linux-libre "4.8.10"
-                    "04kwarmpz5adz64wwy0xpwzxsri7jrjkhbmjlwxsac69x9a26bkl"
+  (make-linux-libre "4.8.12"
+                    "1vhqpi5r219a9y1drc3pdzwjif8r974hbc0x9dk4w25c8bsr3cm1"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.4
-  (make-linux-libre "4.4.34"
-                    "04ng40l2av34bcfwjs5vliv15f0m8bl0sfw08imspiplxvajd6ca"
+  (make-linux-libre "4.4.36"
+                    "0cvax02jj9zyk818gi6fjgacxa5z89y03kxwclb8l7cr8mcbwcdf"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.1
-  (make-linux-libre "4.1.35"
-                    "05zvrld1digqwf9kqf5pxx0mxqmwpr5kamhnks6y4yfy7x7jynyk"
+  (make-linux-libre "4.1.36"
+                    "0wy7xpqjwn1aprbzrbqgjskcg8qj2mczkv3rcisxf8gcdifz61qh"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 ;; Avoid rebuilding kernel variants when there is a minor version bump.
-(define %linux-libre-version "4.8.10")
-(define %linux-libre-hash "04kwarmpz5adz64wwy0xpwzxsri7jrjkhbmjlwxsac69x9a26bkl")
+(define %linux-libre-version "4.8.12")
+(define %linux-libre-hash "1vhqpi5r219a9y1drc3pdzwjif8r974hbc0x9dk4w25c8bsr3cm1")
 
 (define-public linux-libre-arm-generic
   (make-linux-libre %linux-libre-version
@@ -2664,7 +2664,7 @@ and copy/paste text in the console and in xterm.")
 (define-public btrfs-progs
   (package
     (name "btrfs-progs")
-    (version "4.8.4")
+    (version "4.8.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://kernel.org/linux/kernel/"
@@ -2672,7 +2672,7 @@ and copy/paste text in the console and in xterm.")
                                   "btrfs-progs-v" version ".tar.xz"))
               (sha256
                (base32
-                "1ib1ybpjhcymcycjiraz1vk01qlyvpwcg7mwfhmacdy3cvbfl9mz"))))
+                "1vq83a8sz8dnshbyaghacqvcwv2n1kh53yjv87rxx9dc4b0b2iyj"))))
     (build-system gnu-build-system)
     (outputs '("out"
                "static"))      ; static versions of binaries in "out" (~16MiB!)
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 15aeb9355b..a8359d572c 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -329,7 +329,7 @@ and corrections.  It is based on a Bayesian filter.")
 (define-public offlineimap
   (package
     (name "offlineimap")
-    (version "7.0.10")
+    (version "7.0.12")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/OfflineIMAP/offlineimap/"
@@ -337,7 +337,7 @@ and corrections.  It is based on a Bayesian filter.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0h8mgmwkvwh8x3yam32ipqkzcz4g1dmkbni3v1755lkm0z132m3j"))))
+                "1m1lp7wxnra8k7lsqc8xlm5giy3i89wvmp35jjb1gf4yslpddnkz"))))
     (build-system python-build-system)
     (native-inputs
      `(("asciidoc" ,asciidoc)
@@ -1031,7 +1031,7 @@ write simple, representation-independent mail handling code.")
 (define-public perl-email-address
   (package
     (name "perl-email-address")
-    (version "1.907")
+    (version "1.908")
     (source
      (origin
        (method url-fetch)
@@ -1039,7 +1039,7 @@ write simple, representation-independent mail handling code.")
                            "Email-Address-" version ".tar.gz"))
        (sha256
         (base32
-         "1ai4r149pzjv9dc2vddir8zylj0z1pii93rm4g591lx7avim71hx"))))
+         "0i6ljdvpy279hpbqf6lgv4figr376rb2sh4yphj86xkdzsyn1y75"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Email-Address")
     (synopsis "Email address parsing and creation")
@@ -1070,7 +1070,7 @@ objects found.  Alternatively you may construct objects manually.")
 (define-public perl-email-messageid
   (package
     (name "perl-email-messageid")
-    (version "1.405")
+    (version "1.406")
     (source
      (origin
        (method url-fetch)
@@ -1078,7 +1078,7 @@ objects found.  Alternatively you may construct objects manually.")
                            "Email-MessageID-" version ".tar.gz"))
        (sha256
         (base32
-         "09216naz21x99ff33wdm3j3zq1zhdbxhrsmx8bvavjrw3gjsvrq3"))))
+         "1f22sdnfq169qw1l0lg7y74pmiam7j9v95bggjnf3q4mygdmshpc"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Email-MessageID")
     (synopsis "Generate world unique message-ids")
@@ -1089,7 +1089,7 @@ identify a message uniquely.")
 (define-public perl-email-mime
   (package
     (name "perl-email-mime")
-    (version "1.929")
+    (version "1.937")
     (source
      (origin
        (method url-fetch)
@@ -1097,7 +1097,7 @@ identify a message uniquely.")
                            "Email-MIME-" version ".tar.gz"))
        (sha256
         (base32
-         "1sf7dldg4dvicyw6dl1vx6s1gjq3fcppi0103ikl0vi6v5xjdjdh"))))
+         "0s50i3nxi9dr81p4rn017nrarc40yrwz0qcw34q8k3pvdf46fr9n"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-email-address" ,perl-email-address)
@@ -1117,7 +1117,7 @@ message.  Headers are decoded from MIME encoding.")
 (define-public perl-email-mime-contenttype
   (package
     (name "perl-email-mime-contenttype")
-    (version "1.017")
+    (version "1.018")
     (source
      (origin
        (method url-fetch)
@@ -1125,7 +1125,7 @@ message.  Headers are decoded from MIME encoding.")
                            "Email-MIME-ContentType-" version ".tar.gz"))
        (sha256
         (base32
-         "1cl1l97lg690dh7i704hqi7yhxalq1chy7ylld5yc5v38jqa6gcn"))))
+         "1y8hpwm7p5a9y2azy0cgvlv2i2d0nj66ajfa0fj51wdq4w9cs23m"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-capture-tiny" ,perl-capture-tiny)))
@@ -1158,7 +1158,7 @@ header.")
 (define-public perl-email-sender
   (package
     (name "perl-email-sender")
-    (version "1.300016")
+    (version "1.300028")
     (source
      (origin
        (method url-fetch)
@@ -1166,7 +1166,7 @@ header.")
                            "Email-Sender-" version ".tar.gz"))
        (sha256
         (base32
-         "18x26fjh399q3s2g8dajb9r10633c46jrnbvycpnpclgnzhjs100"))))
+         "0c5dv1x9856nryj5mcbgb67a4irmadz80g0qnf4van3bd8wbj72a"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-capture-tiny" ,perl-capture-tiny)))
@@ -1190,7 +1190,7 @@ Email::Send library.")
 (define-public perl-email-simple
   (package
     (name "perl-email-simple")
-    (version "2.206")
+    (version "2.211")
     (source
      (origin
        (method url-fetch)
@@ -1198,7 +1198,7 @@ Email::Send library.")
                            "Email-Simple-" version ".tar.gz"))
        (sha256
         (base32
-         "19dpy3j5na2k9qw1jcpc8ia25038068r9j1bn34f9yyrisz7s522"))))
+         "1if4a2wh4iwlcycqrd2fhkx04ngmd75q444gh43w0r9p15ym5f8w"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-email-date-format" ,perl-email-date-format)))
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 0ee573527a..fc98eae4f7 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -714,7 +714,7 @@ HDF5 file is encoded according to the HDF File Format Specification.")
 (define-public netcdf
   (package
     (name "netcdf")
-    (version "4.4.0")
+    (version "4.4.1.1")
     (source
      (origin
        (method url-fetch)
@@ -722,8 +722,9 @@ HDF5 file is encoded according to the HDF File Format Specification.")
                            "netcdf-" version ".tar.gz"))
        (sha256
         (base32
-         "0y6gdcplarwqqnrav2xg1xd6ih732rzzbmdw78v3rl5b8mwcnh0d"))
-       (patches (list (search-patch "netcdf-config-date.patch")))))
+         "1blc7ik5yin7i0ls2kag0a9xjk12m0dzx6v1x88az3ras3scci2d"))
+       (patches (search-patches "netcdf-date-time.patch"
+                                "netcdf-tst_h_par.patch"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("m4" ,m4)
diff --git a/gnu/packages/monitoring.scm b/gnu/packages/monitoring.scm
new file mode 100644
index 0000000000..db2139b0aa
--- /dev/null
+++ b/gnu/packages/monitoring.scm
@@ -0,0 +1,122 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages monitoring)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix build-system perl)
+  #:use-module (guix build-system gnu)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages mail)
+  #:use-module (gnu packages gd)
+  #:use-module (gnu packages image))
+
+(define-public nagios
+  (package
+    (name "nagios")
+    (version "4.0.8")
+    ;; XXX: Newer versions such as 4.2.3 bundle a copy of AngularJS.
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "mirror://sourceforge/nagios/nagios-4.x/nagios-"
+                    version "/nagios-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0jyad39wa318613awlnpczrrakvjcipz8qp1mdsig1cp1hjqs9lb"))
+              (modules '((guix build utils)))
+              (snippet
+               ;; Ensure reproducibility.
+               '(substitute* (find-files "cgi" "\\.c$")
+                  (("__DATE__") "\"1970-01-01\"")
+                  (("__TIME__") "\"00:00:00\"")))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("zlib" ,zlib)
+       ("libpng-apng" ,libpng)
+       ("gd" ,gd)
+       ("perl" ,perl)
+       ("mailutils" ,mailutils)))
+    (arguments
+     '(#:configure-flags (list "--sysconfdir=/etc"
+
+                               ;; 'include/locations.h.in' defines file
+                               ;; locations, and many things go directly under
+                               ;; LOCALSTATEDIR, hence the extra '/nagios'.
+                               "--localstatedir=/var/nagios"
+
+                               (string-append
+                                "--with-mail="
+                                (assoc-ref %build-inputs "mailutils")
+                                "/bin/mail"))
+       #:make-flags '("all")
+       #:phases (modify-phases %standard-phases
+                  (add-before 'build 'do-not-chown-to-nagios
+                    (lambda _
+                      ;; Makefiles do 'install -o nagios -g nagios', which
+                      ;; doesn't work for us.
+                      (substitute* (find-files "." "^Makefile$")
+                        (("-o nagios -g nagios")
+                         ""))
+                      #t))
+                  (add-before 'build 'do-not-create-sysconfdir
+                    (lambda _
+                      ;; Don't try to create /var upon 'make install'.
+                      (substitute* "Makefile"
+                        (("\\$\\(INSTALL\\).*\\$\\(LOGDIR\\).*$" all)
+                         (string-append "# " all))
+                        (("\\$\\(INSTALL\\).*\\$\\(CHECKRESULTDIR\\).*$" all)
+                         (string-append "# " all))
+                        (("chmod g\\+s.*" all)
+                         (string-append "# " all)))
+                      #t))
+                  (add-before 'build 'set-html/php-directory
+                    (lambda _
+                      ;; Install HTML and PHP files under 'share/nagios/html'
+                      ;; instead of just 'share/'.
+                      (substitute* '("html/Makefile" "Makefile")
+                        (("HTMLDIR=.*$")
+                         "HTMLDIR = $(datarootdir)/nagios/html\n"))
+                      #t)))
+       #:tests? #f))                             ;no 'check' target or similar
+    (home-page "https://www.nagios.org/")
+    (synopsis "Host, service, and network monitoring program")
+    (description
+     "Nagios is a host, service, and network monitoring program written in C.
+CGI programs are included to allow you to view the current status, history,
+etc. via a Web interface.  Features include:
+
+@itemize
+@item Monitoring of network services (via SMTP, POP3, HTTP, PING, etc).
+@item Monitoring of host resources (processor load, disk usage, etc.).
+@item A plugin interface to allow for user-developed service monitoring
+  methods.
+@item Ability to define network host hierarchy using \"parent\" hosts,
+  allowing detection of and distinction between hosts that are down
+  and those that are unreachable.
+@item Notifications when problems occur and get resolved (via email,
+  pager, or user-defined method).
+@item Ability to define event handlers for proactive problem resolution.
+@item Automatic log file rotation/archiving.
+@item Optional web interface for viewing current network status,
+  notification and problem history, log file, etc.
+@end itemize\n")
+    (license license:gpl2)))
diff --git a/gnu/packages/mp3.scm b/gnu/packages/mp3.scm
index fa1407f7e4..057c3d72df 100644
--- a/gnu/packages/mp3.scm
+++ b/gnu/packages/mp3.scm
@@ -145,14 +145,14 @@ a highly stable and efficient implementation.")
 (define-public taglib
   (package
     (name "taglib")
-    (version "1.9.1")
+    (version "1.10")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://taglib.github.io/releases/taglib-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "06n7gnbcqa3r6c9gv00y0y1r48dyyazm6yj403i7ma0r2k6p3lvj"))))
+                "1alv6vp72p0x9i9yscmz2a71anjwqy53y9pbcbqxvc1c0i82vhr4"))))
     (build-system cmake-build-system)
     (arguments '(#:tests? #f))                    ;no 'test' target
     (inputs `(("zlib" ,zlib)))
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index febd983023..7a9cb5f6de 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -1697,6 +1697,38 @@ JACK for audio and ALSA sequencer for MIDI as multimedia infrastructures and
 follows a traditional multi-track tape recorder control paradigm.")
     (license license:gpl2+)))
 
+(define-public ams-lv2
+  (package
+    (name "ams-lv2")
+    (version "1.2.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/blablack/ams-lv2/"
+                           "archive/" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1392spswkhfd38fggf584wb3m8aqpg7csfrs9zxnzyvhgmp0fgqk"))))
+    (build-system waf-build-system)
+    (arguments `(#:tests? #f)) ; no tests
+    (inputs
+     `(("lv2" ,lv2)
+       ("lvtk" ,lvtk)
+       ("gtkmm" ,gtkmm-2)
+       ("gtk" ,gtk+-2)
+       ("cairo" ,cairo)
+       ("fftw" ,fftw)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "https://objectivewave.wordpress.com/ams-lv2/")
+    (synopsis "Port of Alsa Modular Synth internal modules into LV2")
+    (description "This set of LV2 plugins is a port of the internal modules
+found in Alsa Modular Synth.  These plugins are used to create modular
+synthesizers and contain: VCO, VCF, VCA, LFO, slew limiter, envelopes, sample
+and hold, etc.")
+    (license license:gpl2)))
+
 (define-public gxtuner
   (package
     (name "gxtuner")
@@ -2449,6 +2481,91 @@ filters, crossovers, simple gain plugins without zipper noise, switch box
 plugins, a switch trigger, a toggle switch, and a peakmeter.")
       (license license:gpl2+))))
 
+(define-public ingen
+  (let ((commit "fd147d0b888090bfb897505852c1f25dbdf77e18")
+        (revision "1"))
+    (package
+      (name "ingen")
+      (version (string-append "0.0.0-" revision "."
+                              (string-take commit 9)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "http://git.drobilla.net/ingen.git")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "1qmg79962my82c43vyrv5sxbqci9c7gc2s9bwaaqd0fcf08xcz1z"))))
+      (build-system waf-build-system)
+      (arguments
+       `(#:tests? #f ; no "check" target
+         #:configure-flags (list "--no-webkit")
+         #:phases
+         (modify-phases %standard-phases
+           (add-after 'unpack 'patch-wscript
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let ((out (assoc-ref outputs "out")))
+                 (substitute* "wscript"
+                   ;; FIXME: Our version of lv2specgen.py does not behave as
+                   ;; expected.  Maybe this requires a development version of
+                   ;; LV2.
+                   (("lv2specgen.py") "touch ingen.lv2/ingen.html; echo")
+                   ;; Add libraries to RUNPATH.
+                   (("^(.+)target.*= 'src/ingen/ingen'," line prefix)
+                    (string-append prefix
+                                   "linkflags=[\"-Wl,-rpath="
+                                   out "/lib" "\"]," line)))
+                 (substitute* '("src/wscript"
+                                "src/server/wscript")
+                   ;; Add libraries to RUNPATH.
+                   (("bld.env.PTHREAD_LINKFLAGS" line)
+                    (string-append line
+                                   " + [\"-Wl,-rpath=" out "/lib" "\"]")))
+                 (substitute* "src/client/wscript"
+                   ;; Add libraries to RUNPATH.
+                   (("^(.+)target.*= 'ingen_client'," line prefix)
+                    (string-append prefix
+                                   "linkflags=[\"-Wl,-rpath="
+                                   out "/lib" "\"]," line)))
+                 (substitute* "src/gui/wscript"
+                   ;; Add libraries to RUNPATH.
+                   (("^(.+)target.* = 'ingen_gui.*" line prefix)
+                    (string-append prefix
+                                   "linkflags=[\"-Wl,-rpath="
+                                   out "/lib" "\"]," line))))
+               #t)))))
+      (inputs
+       `(("boost" ,boost)
+         ("python-rdflib" ,python-rdflib)
+         ("python" ,python)
+         ("jack" ,jack-1)
+         ("lv2" ,lv2)
+         ("lilv" ,lilv)
+         ("raul" ,raul-devel)
+         ("ganv" ,ganv-devel)
+         ("suil" ,suil)
+         ("serd" ,serd)
+         ("sord" ,sord)
+         ("sratom" ,sratom)
+         ("gtkmm" ,gtkmm-2)))
+      (native-inputs
+       `(("pkg-config" ,pkg-config)
+         ("python-pygments" ,python-pygments)))
+      (home-page "http://drobilla.net/software/ingen")
+      (synopsis "Modular audio processing system")
+      (description "Ingen is a modular audio processing system for JACK and
+LV2 based systems.  Ingen is built around LV2 technology and a strict
+separation of engine from user interface.  The engine is controlled
+exclusively through a protocol, and can execute as a headless process, with an
+in-process GUI, or as an LV2 plugin.  The GUI can run as a program which
+communicates over a Unix or TCP/IP socket, or as an embeddable LV2 GUI which
+communicates via LV2 ports.  Any saved Ingen graph can be loaded as an LV2
+plugin on any system where Ingen is installed.  This allows users to visually
+develop custom plugins for use in other applications without programming.")
+      (license license:agpl3+))))
+
 (define-public python-discogs-client
   (package
     (name "python-discogs-client")
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 4907a5016e..ac7c26d40c 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -226,9 +226,9 @@ the Nix package manager.")
   ;;
   ;; Note: use a very short commit id; with a longer one, the limit on
   ;; hash-bang lines would be exceeded while running the tests.
-  (let ((commit "1f410017ff91458feda8c5788223d17696b71e36"))
+  (let ((commit "463fb7d0c86fb9957c527272e6cec5ee23585366"))
     (package (inherit guix-0.11.0)
-      (version (string-append "0.11.0-4." (string-take commit 4)))
+      (version (string-append "0.11.0-5." (string-take commit 4)))
       (source (origin
                 (method git-fetch)
                 (uri (git-reference
@@ -238,7 +238,7 @@ the Nix package manager.")
                       (commit commit)))
                 (sha256
                  (base32
-                  "1mgzcbf1mry39wvvjflj76zggsshsip2pngxpaf2479yr3ri6v50"))
+                  "0k74j6m5hy055knirnry75qrgph4zywypxjyaqv6saixb6yx7av3"))
                 (file-name (string-append "guix-" version "-checkout"))))
       (arguments
        (substitute-keyword-arguments (package-arguments guix-0.11.0)
diff --git a/gnu/packages/patches/fcgi-2.4.0-gcc44-fixes.patch b/gnu/packages/patches/fcgi-2.4.0-gcc44-fixes.patch
new file mode 100644
index 0000000000..0f921b120b
--- /dev/null
+++ b/gnu/packages/patches/fcgi-2.4.0-gcc44-fixes.patch
@@ -0,0 +1,14 @@
+Taken from http://pkgs.fedoraproject.org/cgit/rpms/fcgi.git/plain/fcgi-2.4.0-gcc44_fixes.patch.
+Fixes compilation with GCC 4.4 and later.
+
+diff -up fcgi-2.4.0/libfcgi/fcgio.cpp.gcc44_fixes fcgi-2.4.0/libfcgi/fcgio.cpp
+--- fcgi-2.4.0/libfcgi/fcgio.cpp.gcc44_fixes	2002-02-24 21:12:22.000000000 +0100
++++ fcgi-2.4.0/libfcgi/fcgio.cpp	2009-02-15 11:35:18.000000000 +0100
+@@ -23,6 +23,7 @@
+ #endif
+ 
+ #include <limits.h>
++#include <cstdio>
+ #include "fcgio.h"
+ 
+ using std::streambuf;
diff --git a/gnu/packages/patches/fcgi-2.4.0-poll.patch b/gnu/packages/patches/fcgi-2.4.0-poll.patch
new file mode 100644
index 0000000000..73be6a0a08
--- /dev/null
+++ b/gnu/packages/patches/fcgi-2.4.0-poll.patch
@@ -0,0 +1,89 @@
+Taken from http://pkgs.fedoraproject.org/cgit/rpms/fcgi.git/plain/fcgi-2.4.0-poll.patch
+Fixes CVE-2012-6687.
+
+Author: Anton Kortunov <toshic.toshic@gmail.com>
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/933417
+Description: use poll in os_unix.c instead of select to avoid problem with > 1024 connections
+Forwarded: yes, fastcgi-developers@mailman.fastcgi.com
+
+diff --git a/libfcgi/os_unix.c b/libfcgi/os_unix.c
+index 73e6a7f..af35aee 100755
+--- a/libfcgi/os_unix.c
++++ b/libfcgi/os_unix.c
+@@ -42,6 +42,7 @@ static const char rcsid[] = "$Id: os_unix.c,v 1.37 2002/03/05 19:14:49 robs Exp
+ #include <sys/time.h>
+ #include <sys/un.h>
+ #include <signal.h>
++#include <poll.h>
+ 
+ #ifdef HAVE_NETDB_H
+ #include <netdb.h>
+@@ -103,6 +104,9 @@ static int volatile maxFd = -1;
+ static int shutdownPending = FALSE;
+ static int shutdownNow = FALSE;
+ 
++static int libfcgiOsClosePollTimeout = 2000;
++static int libfcgiIsAfUnixKeeperPollTimeout = 2000;
++
+ void OS_ShutdownPending()
+ {
+     shutdownPending = TRUE;
+@@ -168,6 +172,16 @@ int OS_LibInit(int stdioFds[3])
+     if(libInitialized)
+         return 0;
+ 
++    char *libfcgiOsClosePollTimeoutStr = getenv( "LIBFCGI_OS_CLOSE_POLL_TIMEOUT" );
++    if(libfcgiOsClosePollTimeoutStr) {
++        libfcgiOsClosePollTimeout = atoi(libfcgiOsClosePollTimeoutStr);
++    }
++
++    char *libfcgiIsAfUnixKeeperPollTimeoutStr = getenv( "LIBFCGI_IS_AF_UNIX_KEEPER_POLL_TIMEOUT" );
++    if(libfcgiIsAfUnixKeeperPollTimeoutStr) {
++        libfcgiIsAfUnixKeeperPollTimeout = atoi(libfcgiIsAfUnixKeeperPollTimeoutStr);
++    }
++
+     asyncIoTable = (AioInfo *)malloc(asyncIoTableSize * sizeof(AioInfo));
+     if(asyncIoTable == NULL) {
+         errno = ENOMEM;
+@@ -755,19 +769,16 @@ int OS_Close(int fd)
+ 
+     if (shutdown(fd, 1) == 0)
+     {
+-        struct timeval tv;
+-        fd_set rfds;
++        struct pollfd pfd;
+         int rv;
+         char trash[1024];
+ 
+-        FD_ZERO(&rfds);
++        pfd.fd = fd;
++        pfd.events = POLLIN;
+ 
+         do 
+         {
+-            FD_SET(fd, &rfds);
+-            tv.tv_sec = 2;
+-            tv.tv_usec = 0;
+-            rv = select(fd + 1, &rfds, NULL, NULL, &tv);
++            rv = poll(&pfd, 1, libfcgiOsClosePollTimeout);
+         }
+         while (rv > 0 && read(fd, trash, sizeof(trash)) > 0);
+     }
+@@ -1116,13 +1127,11 @@ static int is_reasonable_accept_errno (const int error)
+  */
+ static int is_af_unix_keeper(const int fd)
+ {
+-    struct timeval tval = { READABLE_UNIX_FD_DROP_DEAD_TIMEVAL };
+-    fd_set read_fds;
+-
+-    FD_ZERO(&read_fds);
+-    FD_SET(fd, &read_fds);
++    struct pollfd pfd;
++    pfd.fd = fd;
++    pfd.events = POLLIN;
+ 
+-    return select(fd + 1, &read_fds, NULL, NULL, &tval) >= 0 && FD_ISSET(fd, &read_fds);
++    return poll(&pfd, 1, libfcgiIsAfUnixKeeperPollTimeout) >= 0 && (pfd.revents & POLLIN);
+ }
+ 
+ /*
diff --git a/gnu/packages/patches/gst-plugins-good-fix-crashes.patch b/gnu/packages/patches/gst-plugins-good-fix-crashes.patch
deleted file mode 100644
index c36a595608..0000000000
--- a/gnu/packages/patches/gst-plugins-good-fix-crashes.patch
+++ /dev/null
@@ -1,1047 +0,0 @@
-Fixes upstream bug #774859 (flic decoder: Invalid memory read in
-flx_decode_chunks):
-
-https://bugzilla.gnome.org/show_bug.cgi?id=774859
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=be670f0daf67304fb92c76aa09c30cae0bfd1fe4
-
-From be670f0daf67304fb92c76aa09c30cae0bfd1fe4 Mon Sep 17 00:00:00 2001
-From: Matthew Waters <matthew@centricular.com>
-Date: Wed, 23 Nov 2016 07:09:06 +1100
-Subject: [PATCH] flxdec: rewrite logic based on GstByteReader/Writer
-
-Solves overreading/writing the given arrays and will error out if the
-streams asks to do that.
-
-Also does more error checking that the stream is valid and won't
-overrun any allocated arrays.  Also mitigate integer overflow errors
-calculating allocation sizes.
-
-https://bugzilla.gnome.org/show_bug.cgi?id=774859
----
- gst/flx/flx_color.c |   1 -
- gst/flx/flx_fmt.h   |  72 -------
- gst/flx/gstflxdec.c | 610 ++++++++++++++++++++++++++++++++++++----------------
- gst/flx/gstflxdec.h |   4 +-
- 4 files changed, 427 insertions(+), 260 deletions(-)
-
-diff --git a/gst/flx/flx_color.c b/gst/flx/flx_color.c
-index 047bfdf..3a58135 100644
---- a/gst/flx/flx_color.c
-+++ b/gst/flx/flx_color.c
-@@ -101,7 +101,6 @@ flx_set_palette_vector (FlxColorSpaceConverter * flxpal, guint start, guint num,
-   } else {
-     memcpy (&flxpal->palvec[start * 3], newpal, grab * 3);
-   }
--
- }
- 
- void
-diff --git a/gst/flx/flx_fmt.h b/gst/flx/flx_fmt.h
-index 9ab31ba..abff200 100644
---- a/gst/flx/flx_fmt.h
-+++ b/gst/flx/flx_fmt.h
-@@ -123,78 +123,6 @@ typedef struct _FlxFrameType
- } FlxFrameType;
- #define FlxFrameTypeSize 10
- 
--#if G_BYTE_ORDER == G_BIG_ENDIAN 
--#define LE_TO_BE_16(i16) ((guint16) (((i16) << 8) | ((i16) >> 8)))
--#define LE_TO_BE_32(i32) \
--    (((guint32) (LE_TO_BE_16((guint16) (i32))) << 16) | (LE_TO_BE_16((i32) >> 16)))
--
--#define FLX_FRAME_TYPE_FIX_ENDIANNESS(frm_type_p) \
--    do { \
--     (frm_type_p)->chunks = LE_TO_BE_16((frm_type_p)->chunks); \
--     (frm_type_p)->delay = LE_TO_BE_16((frm_type_p)->delay); \
--    } while(0)
--
--#define FLX_HUFFMAN_TABLE_FIX_ENDIANNESS(hffmn_table_p) \
--    do { \
--     (hffmn_table_p)->codelength = \
--	LE_TO_BE_16((hffmn_table_p)->codelength); \
--     (hffmn_table_p)->numcodes = LE_TO_BE_16((hffmn_table_p)->numcodes); \
--    } while(0)
--
--#define FLX_SEGMENT_TABLE_FIX_ENDIANNESS(sgmnt_table_p) \
--     ((sgmnt_table_p)->segments = LE_TO_BE_16((sgmnt_table_p)->segments))
--
--#define FLX_PREFIX_CHUNK_FIX_ENDIANNESS(prfx_chnk_p) \
--    do { \
--     (prfx_chnk_p)->chunks = LE_TO_BE_16((prfx_chnk_p)->chunks); \
--    } while(0)
--
--#define FLX_FRAME_CHUNK_FIX_ENDIANNESS(frm_chnk_p) \
--    do { \
--     (frm_chnk_p)->size = LE_TO_BE_32((frm_chnk_p)->size); \
--     (frm_chnk_p)->id = LE_TO_BE_16((frm_chnk_p)->id); \
--    } while(0)
--
--#define FLX_HDR_FIX_ENDIANNESS(hdr_p) \
--    do { \
--     (hdr_p)->size = LE_TO_BE_32((hdr_p)->size); \
--     (hdr_p)->type = LE_TO_BE_16((hdr_p)->type); \
--     (hdr_p)->frames = LE_TO_BE_16((hdr_p)->frames); \
--     (hdr_p)->width = LE_TO_BE_16((hdr_p)->width); \
--     (hdr_p)->height = LE_TO_BE_16((hdr_p)->height); \
--     (hdr_p)->depth = LE_TO_BE_16((hdr_p)->depth); \
--     (hdr_p)->flags = LE_TO_BE_16((hdr_p)->flags); \
--     (hdr_p)->speed = LE_TO_BE_32((hdr_p)->speed); \
--     (hdr_p)->reserved1 = LE_TO_BE_16((hdr_p)->reserved1); \
--     (hdr_p)->created = LE_TO_BE_32((hdr_p)->created); \
--     (hdr_p)->creator = LE_TO_BE_32((hdr_p)->creator); \
--     (hdr_p)->updated = LE_TO_BE_32((hdr_p)->updated); \
--     (hdr_p)->updater = LE_TO_BE_32((hdr_p)->updater); \
--     (hdr_p)->aspect_dx = LE_TO_BE_16((hdr_p)->aspect_dx); \
--     (hdr_p)->aspect_dy = LE_TO_BE_16((hdr_p)->aspect_dy); \
--     (hdr_p)->ext_flags = LE_TO_BE_16((hdr_p)->ext_flags); \
--     (hdr_p)->keyframes = LE_TO_BE_16((hdr_p)->keyframes); \
--     (hdr_p)->totalframes = LE_TO_BE_16((hdr_p)->totalframes); \
--     (hdr_p)->req_memory = LE_TO_BE_32((hdr_p)->req_memory); \
--     (hdr_p)->max_regions = LE_TO_BE_16((hdr_p)->max_regions); \
--     (hdr_p)->transp_num = LE_TO_BE_16((hdr_p)->transp_num); \
--     (hdr_p)->oframe1 = LE_TO_BE_32((hdr_p)->oframe1); \
--     (hdr_p)->oframe2 = LE_TO_BE_32((hdr_p)->oframe2); \
--    } while(0)
--#else
--
--#define LE_TO_BE_16(i16) ((i16))
--#define LE_TO_BE_32(i32) ((i32))
--
--#define FLX_FRAME_TYPE_FIX_ENDIANNESS(frm_type_p)
--#define FLX_HUFFMAN_TABLE_FIX_ENDIANNESS(hffmn_table_p)
--#define FLX_SEGMENT_TABLE_FIX_ENDIANNESS(sgmnt_table_p)
--#define FLX_PREFIX_CHUNK_FIX_ENDIANNESS(prfx_chnk_p)
--#define FLX_FRAME_CHUNK_FIX_ENDIANNESS(frm_chnk_p)
--#define FLX_HDR_FIX_ENDIANNESS(hdr_p)
--
--#endif /* G_BYTE_ORDER == G_BIG_ENDIAN */
--
- G_END_DECLS
- 
- #endif /* __GST_FLX_FMT_H__ */
-diff --git a/gst/flx/gstflxdec.c b/gst/flx/gstflxdec.c
-index a237976..aa1bed5 100644
---- a/gst/flx/gstflxdec.c
-+++ b/gst/flx/gstflxdec.c
-@@ -1,5 +1,6 @@
- /* GStreamer
-  * Copyright (C) <1999> Erik Walthinsen <omega@temple-baptist.com>
-+ * Copyright (C) <2016> Matthew Waters <matthew@centricular.com>
-  *
-  * This library is free software; you can redistribute it and/or
-  * modify it under the terms of the GNU Library General Public
-@@ -24,6 +25,7 @@
- /*
-  * http://www.coolutils.com/Formats/FLI
-  * http://woodshole.er.usgs.gov/operations/modeling/flc.html
-+ * http://www.compuphase.com/flic.htm
-  */
- 
- #ifdef HAVE_CONFIG_H
-@@ -73,10 +75,14 @@ static GstStateChangeReturn gst_flxdec_change_state (GstElement * element,
- static gboolean gst_flxdec_src_query_handler (GstPad * pad, GstObject * parent,
-     GstQuery * query);
- 
--static void flx_decode_color (GstFlxDec *, guchar *, guchar *, gint);
--static gboolean flx_decode_brun (GstFlxDec *, guchar *, guchar *);
--static gboolean flx_decode_delta_fli (GstFlxDec *, guchar *, guchar *);
--static gboolean flx_decode_delta_flc (GstFlxDec *, guchar *, guchar *);
-+static gboolean flx_decode_color (GstFlxDec * flxdec, GstByteReader * reader,
-+    GstByteWriter * writer, gint scale);
-+static gboolean flx_decode_brun (GstFlxDec * flxdec,
-+    GstByteReader * reader, GstByteWriter * writer);
-+static gboolean flx_decode_delta_fli (GstFlxDec * flxdec,
-+    GstByteReader * reader, GstByteWriter * writer);
-+static gboolean flx_decode_delta_flc (GstFlxDec * flxdec,
-+    GstByteReader * reader, GstByteWriter * writer);
- 
- #define rndalign(off) ((off) + ((off) & 1))
- 
-@@ -204,57 +210,59 @@ gst_flxdec_sink_event_handler (GstPad * pad, GstObject * parent,
- }
- 
- static gboolean
--flx_decode_chunks (GstFlxDec * flxdec, gulong count, guchar * data,
--    guchar * dest)
-+flx_decode_chunks (GstFlxDec * flxdec, gulong n_chunks, GstByteReader * reader,
-+    GstByteWriter * writer)
- {
--  FlxFrameChunk *hdr;
-   gboolean ret = TRUE;
- 
--  g_return_val_if_fail (data != NULL, FALSE);
--
--  while (count--) {
--    hdr = (FlxFrameChunk *) data;
--    FLX_FRAME_CHUNK_FIX_ENDIANNESS (hdr);
--    data += FlxFrameChunkSize;
-+  while (n_chunks--) {
-+    GstByteReader chunk;
-+    guint32 size;
-+    guint16 type;
-+
-+    if (!gst_byte_reader_get_uint32_le (reader, &size))
-+      goto parse_error;
-+    if (!gst_byte_reader_get_uint16_le (reader, &type))
-+      goto parse_error;
-+    GST_LOG_OBJECT (flxdec, "chunk has type 0x%02x size %d", type, size);
-+
-+    if (!gst_byte_reader_get_sub_reader (reader, &chunk,
-+            size - FlxFrameChunkSize)) {
-+      GST_ERROR_OBJECT (flxdec, "Incorrect size in the chunk header");
-+      goto error;
-+    }
- 
--    switch (hdr->id) {
-+    switch (type) {
-       case FLX_COLOR64:
--        flx_decode_color (flxdec, data, dest, 2);
--        data += rndalign (hdr->size) - FlxFrameChunkSize;
-+        ret = flx_decode_color (flxdec, &chunk, writer, 2);
-         break;
- 
-       case FLX_COLOR256:
--        flx_decode_color (flxdec, data, dest, 0);
--        data += rndalign (hdr->size) - FlxFrameChunkSize;
-+        ret = flx_decode_color (flxdec, &chunk, writer, 0);
-         break;
- 
-       case FLX_BRUN:
--        ret = flx_decode_brun (flxdec, data, dest);
--        data += rndalign (hdr->size) - FlxFrameChunkSize;
-+        ret = flx_decode_brun (flxdec, &chunk, writer);
-         break;
- 
-       case FLX_LC:
--        ret = flx_decode_delta_fli (flxdec, data, dest);
--        data += rndalign (hdr->size) - FlxFrameChunkSize;
-+        ret = flx_decode_delta_fli (flxdec, &chunk, writer);
-         break;
- 
-       case FLX_SS2:
--        ret = flx_decode_delta_flc (flxdec, data, dest);
--        data += rndalign (hdr->size) - FlxFrameChunkSize;
-+        ret = flx_decode_delta_flc (flxdec, &chunk, writer);
-         break;
- 
-       case FLX_BLACK:
--        memset (dest, 0, flxdec->size);
-+        ret = gst_byte_writer_fill (writer, 0, flxdec->size);
-         break;
- 
-       case FLX_MINI:
--        data += rndalign (hdr->size) - FlxFrameChunkSize;
-         break;
- 
-       default:
--        GST_WARNING ("Unimplented chunk type: 0x%02x size: %d - skipping",
--            hdr->id, hdr->size);
--        data += rndalign (hdr->size) - FlxFrameChunkSize;
-+        GST_WARNING ("Unimplemented chunk type: 0x%02x size: %d - skipping",
-+            type, size);
-         break;
-     }
- 
-@@ -263,43 +271,60 @@ flx_decode_chunks (GstFlxDec * flxdec, gulong count, guchar * data,
-   }
- 
-   return ret;
-+
-+parse_error:
-+  GST_ERROR_OBJECT (flxdec, "Failed to decode chunk");
-+error:
-+  return FALSE;
- }
- 
- 
--static void
--flx_decode_color (GstFlxDec * flxdec, guchar * data, guchar * dest, gint scale)
-+static gboolean
-+flx_decode_color (GstFlxDec * flxdec, GstByteReader * reader,
-+    GstByteWriter * writer, gint scale)
- {
--  guint packs, count, indx;
-+  guint8 count, indx;
-+  guint16 packs;
- 
--  g_return_if_fail (flxdec != NULL);
--
--  packs = (data[0] + (data[1] << 8));
--
--  data += 2;
-+  if (!gst_byte_reader_get_uint16_le (reader, &packs))
-+    goto error;
-   indx = 0;
- 
--  GST_LOG ("GstFlxDec: cmap packs: %d", packs);
-+  GST_LOG ("GstFlxDec: cmap packs: %d", (guint) packs);
-   while (packs--) {
-+    const guint8 *data;
-+    guint16 actual_count;
-+
-     /* color map index + skip count */
--    indx += *data++;
-+    if (!gst_byte_reader_get_uint8 (reader, &indx))
-+      goto error;
- 
-     /* number of rgb triplets */
--    count = *data++ & 0xff;
--    if (count == 0)
--      count = 256;
-+    if (!gst_byte_reader_get_uint8 (reader, &count))
-+      goto error;
- 
--    GST_LOG ("GstFlxDec: cmap count: %d (indx: %d)", count, indx);
--    flx_set_palette_vector (flxdec->converter, indx, count, data, scale);
-+    actual_count = count == 0 ? 256 : count;
- 
--    data += (count * 3);
-+    if (!gst_byte_reader_get_data (reader, count * 3, &data))
-+      goto error;
-+
-+    GST_LOG_OBJECT (flxdec, "cmap count: %d (indx: %d)", actual_count, indx);
-+    flx_set_palette_vector (flxdec->converter, indx, actual_count,
-+        (guchar *) data, scale);
-   }
-+
-+  return TRUE;
-+
-+error:
-+  GST_ERROR_OBJECT (flxdec, "Error decoding color palette");
-+  return FALSE;
- }
- 
- static gboolean
--flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest)
-+flx_decode_brun (GstFlxDec * flxdec, GstByteReader * reader,
-+    GstByteWriter * writer)
- {
--  gulong count, lines, row;
--  guchar x;
-+  gulong lines, row;
- 
-   g_return_val_if_fail (flxdec != NULL, FALSE);
- 
-@@ -310,82 +335,125 @@ flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest)
-      * contain more then 255 RLE packets. we use the frame 
-      * width instead. 
-      */
--    data++;
-+    if (!gst_byte_reader_skip (reader, 1))
-+      goto error;
- 
-     row = flxdec->hdr.width;
-     while (row) {
--      count = *data++;
-+      gint8 count;
-+
-+      if (!gst_byte_reader_get_int8 (reader, &count))
-+        goto error;
-+
-+      if (count <= 0) {
-+        const guint8 *data;
- 
--      if (count > 0x7f) {
-         /* literal run */
--        count = 0x100 - count;
--        if ((glong) row - (glong) count < 0) {
--          GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected.");
-+        count = ABS (count);
-+
-+        GST_LOG_OBJECT (flxdec, "have literal run of size %d", count);
-+
-+        if (count > row) {
-+          GST_ERROR_OBJECT (flxdec, "Invalid BRUN line detected. "
-+              "bytes to write exceeds the end of the row");
-           return FALSE;
-         }
-         row -= count;
- 
--        while (count--)
--          *dest++ = *data++;
--
-+        if (!gst_byte_reader_get_data (reader, count, &data))
-+          goto error;
-+        if (!gst_byte_writer_put_data (writer, data, count))
-+          goto error;
-       } else {
--        if ((glong) row - (glong) count < 0) {
--          GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected.");
-+        guint8 x;
-+
-+        GST_LOG_OBJECT (flxdec, "have replicate run of size %d", count);
-+
-+        if (count > row) {
-+          GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected."
-+              "bytes to write exceeds the end of the row");
-           return FALSE;
-         }
- 
-         /* replicate run */
-         row -= count;
--        x = *data++;
- 
--        while (count--)
--          *dest++ = x;
-+        if (!gst_byte_reader_get_uint8 (reader, &x))
-+          goto error;
-+        if (!gst_byte_writer_fill (writer, x, count))
-+          goto error;
-       }
-     }
-   }
- 
-   return TRUE;
-+
-+error:
-+  GST_ERROR_OBJECT (flxdec, "Failed to decode BRUN packet");
-+  return FALSE;
- }
- 
- static gboolean
--flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest)
-+flx_decode_delta_fli (GstFlxDec * flxdec, GstByteReader * reader,
-+    GstByteWriter * writer)
- {
--  gulong count, packets, lines, start_line;
--  guchar *start_p, x;
-+  guint16 start_line, lines;
-+  guint line_start_i;
- 
-   g_return_val_if_fail (flxdec != NULL, FALSE);
-   g_return_val_if_fail (flxdec->delta_data != NULL, FALSE);
- 
-   /* use last frame for delta */
--  memcpy (dest, flxdec->delta_data, flxdec->size);
-+  if (!gst_byte_writer_put_data (writer, flxdec->delta_data, flxdec->size))
-+    goto error;
-+
-+  if (!gst_byte_reader_get_uint16_le (reader, &start_line))
-+    goto error;
-+  if (!gst_byte_reader_get_uint16_le (reader, &lines))
-+    goto error;
-+  GST_LOG_OBJECT (flxdec, "height %d start line %d line count %d",
-+      flxdec->hdr.height, start_line, lines);
- 
--  start_line = (data[0] + (data[1] << 8));
--  lines = (data[2] + (data[3] << 8));
-   if (start_line + lines > flxdec->hdr.height) {
-     GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. too many lines.");
-     return FALSE;
-   }
--  data += 4;
- 
--  /* start position of delta */
--  dest += (flxdec->hdr.width * start_line);
--  start_p = dest;
-+  line_start_i = flxdec->hdr.width * start_line;
-+  if (!gst_byte_writer_set_pos (writer, line_start_i))
-+    goto error;
- 
-   while (lines--) {
-+    guint8 packets;
-+
-     /* packet count */
--    packets = *data++;
-+    if (!gst_byte_reader_get_uint8 (reader, &packets))
-+      goto error;
-+    GST_LOG_OBJECT (flxdec, "have %d packets", packets);
- 
-     while (packets--) {
-       /* skip count */
--      guchar skip = *data++;
--      dest += skip;
-+      guint8 skip;
-+      gint8 count;
-+      if (!gst_byte_reader_get_uint8 (reader, &skip))
-+        goto error;
-+
-+      /* skip bytes */
-+      if (!gst_byte_writer_set_pos (writer,
-+              gst_byte_writer_get_pos (writer) + skip))
-+        goto error;
- 
-       /* RLE count */
--      count = *data++;
-+      if (!gst_byte_reader_get_int8 (reader, &count))
-+        goto error;
-+
-+      if (count < 0) {
-+        guint8 x;
- 
--      if (count > 0x7f) {
-         /* literal run */
--        count = 0x100 - count;
-+        count = ABS (count);
-+        GST_LOG_OBJECT (flxdec, "have literal run of size %d at offset %d",
-+            count, skip);
- 
-         if (skip + count > flxdec->hdr.width) {
-           GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. "
-@@ -393,11 +461,16 @@ flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest)
-           return FALSE;
-         }
- 
--        x = *data++;
--        while (count--)
--          *dest++ = x;
--
-+        if (!gst_byte_reader_get_uint8 (reader, &x))
-+          goto error;
-+        if (!gst_byte_writer_fill (writer, x, count))
-+          goto error;
-       } else {
-+        const guint8 *data;
-+
-+        GST_LOG_OBJECT (flxdec, "have replicate run of size %d at offset %d",
-+            count, skip);
-+
-         if (skip + count > flxdec->hdr.width) {
-           GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. "
-               "line too long.");
-@@ -405,45 +478,60 @@ flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest)
-         }
- 
-         /* replicate run */
--        while (count--)
--          *dest++ = *data++;
-+        if (!gst_byte_reader_get_data (reader, count, &data))
-+          goto error;
-+        if (!gst_byte_writer_put_data (writer, data, count))
-+          goto error;
-       }
-     }
--    start_p += flxdec->hdr.width;
--    dest = start_p;
-+    line_start_i += flxdec->hdr.width;
-+    if (!gst_byte_writer_set_pos (writer, line_start_i))
-+      goto error;
-   }
- 
-   return TRUE;
-+
-+error:
-+  GST_ERROR_OBJECT (flxdec, "Failed to decode FLI packet");
-+  return FALSE;
- }
- 
- static gboolean
--flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest)
-+flx_decode_delta_flc (GstFlxDec * flxdec, GstByteReader * reader,
-+    GstByteWriter * writer)
- {
--  gulong count, lines, start_l, opcode;
--  guchar *start_p;
-+  guint16 lines, start_l;
- 
-   g_return_val_if_fail (flxdec != NULL, FALSE);
-   g_return_val_if_fail (flxdec->delta_data != NULL, FALSE);
- 
-   /* use last frame for delta */
--  memcpy (dest, flxdec->delta_data, flxdec->size);
-+  if (!gst_byte_writer_put_data (writer, flxdec->delta_data, flxdec->size))
-+    goto error;
-+  if (!gst_byte_reader_get_uint16_le (reader, &lines))
-+    goto error;
- 
--  lines = (data[0] + (data[1] << 8));
-   if (lines > flxdec->hdr.height) {
-     GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. too many lines.");
-     return FALSE;
-   }
--  data += 2;
- 
--  start_p = dest;
-   start_l = lines;
- 
-   while (lines) {
--    dest = start_p + (flxdec->hdr.width * (start_l - lines));
-+    guint16 opcode;
-+
-+    if (!gst_byte_writer_set_pos (writer,
-+            flxdec->hdr.width * (start_l - lines)))
-+      goto error;
- 
-     /* process opcode(s) */
--    while ((opcode = (data[0] + (data[1] << 8))) & 0xc000) {
--      data += 2;
-+    while (TRUE) {
-+      if (!gst_byte_reader_get_uint16_le (reader, &opcode))
-+        goto error;
-+      if ((opcode & 0xc000) == 0)
-+        break;
-+
-       if ((opcode & 0xc000) == 0xc000) {
-         /* line skip count */
-         gulong skip = (0x10000 - opcode);
-@@ -453,27 +541,44 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest)
-           return FALSE;
-         }
-         start_l += skip;
--        dest += flxdec->hdr.width * skip;
-+        if (!gst_byte_writer_set_pos (writer,
-+                gst_byte_writer_get_pos (writer) + flxdec->hdr.width * skip))
-+          goto error;
-       } else {
-         /* last pixel */
--        dest += flxdec->hdr.width;
--        *dest++ = (opcode & 0xff);
-+        if (!gst_byte_writer_set_pos (writer,
-+                gst_byte_writer_get_pos (writer) + flxdec->hdr.width))
-+          goto error;
-+        if (!gst_byte_writer_put_uint8 (writer, opcode & 0xff))
-+          goto error;
-       }
-     }
--    data += 2;
- 
-     /* last opcode is the packet count */
-+    GST_LOG_OBJECT (flxdec, "have %d packets", opcode);
-     while (opcode--) {
-       /* skip count */
--      guchar skip = *data++;
--      dest += skip;
-+      guint8 skip;
-+      gint8 count;
-+
-+      if (!gst_byte_reader_get_uint8 (reader, &skip))
-+        goto error;
-+      if (!gst_byte_writer_set_pos (writer,
-+              gst_byte_writer_get_pos (writer) + skip))
-+        goto error;
- 
-       /* RLE count */
--      count = *data++;
-+      if (!gst_byte_reader_get_int8 (reader, &count))
-+        goto error;
-+
-+      if (count < 0) {
-+        guint16 x;
- 
--      if (count > 0x7f) {
-         /* replicate word run */
--        count = 0x100 - count;
-+        count = ABS (count);
-+
-+        GST_LOG_OBJECT (flxdec, "have replicate run of size %d at offset %d",
-+            count, skip);
- 
-         if (skip + count > flxdec->hdr.width) {
-           GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. "
-@@ -481,22 +586,31 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest)
-           return FALSE;
-         }
- 
-+        if (!gst_byte_reader_get_uint16_le (reader, &x))
-+          goto error;
-+
-         while (count--) {
--          *dest++ = data[0];
--          *dest++ = data[1];
-+          if (!gst_byte_writer_put_uint16_le (writer, x)) {
-+            goto error;
-+          }
-         }
--        data += 2;
-       } else {
-+        GST_LOG_OBJECT (flxdec, "have literal run of size %d at offset %d",
-+            count, skip);
-+
-         if (skip + count > flxdec->hdr.width) {
-           GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. "
-               "line too long.");
-           return FALSE;
-         }
- 
--        /* literal word run */
-         while (count--) {
--          *dest++ = *data++;
--          *dest++ = *data++;
-+          guint16 x;
-+
-+          if (!gst_byte_reader_get_uint16_le (reader, &x))
-+            goto error;
-+          if (!gst_byte_writer_put_uint16_le (writer, x))
-+            goto error;
-         }
-       }
-     }
-@@ -504,13 +618,91 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest)
-   }
- 
-   return TRUE;
-+
-+error:
-+  GST_ERROR_OBJECT (flxdec, "Failed to decode FLI packet");
-+  return FALSE;
-+}
-+
-+static gboolean
-+_read_flx_header (GstFlxDec * flxdec, GstByteReader * reader, FlxHeader * flxh)
-+{
-+  memset (flxh, 0, sizeof (*flxh));
-+
-+  if (!gst_byte_reader_get_uint32_le (reader, &flxh->size))
-+    goto error;
-+  if (flxh->size < FlxHeaderSize) {
-+    GST_ERROR_OBJECT (flxdec, "Invalid file size in the header");
-+    return FALSE;
-+  }
-+
-+  if (!gst_byte_reader_get_uint16_le (reader, &flxh->type))
-+    goto error;
-+  if (!gst_byte_reader_get_uint16_le (reader, &flxh->frames))
-+    goto error;
-+  if (!gst_byte_reader_get_uint16_le (reader, &flxh->width))
-+    goto error;
-+  if (!gst_byte_reader_get_uint16_le (reader, &flxh->height))
-+    goto error;
-+  if (!gst_byte_reader_get_uint16_le (reader, &flxh->depth))
-+    goto error;
-+  if (!gst_byte_reader_get_uint16_le (reader, &flxh->flags))
-+    goto error;
-+  if (!gst_byte_reader_get_uint32_le (reader, &flxh->speed))
-+    goto error;
-+  if (!gst_byte_reader_skip (reader, 2))        /* reserved */
-+    goto error;
-+  /* FLC */
-+  if (!gst_byte_reader_get_uint32_le (reader, &flxh->created))
-+    goto error;
-+  if (!gst_byte_reader_get_uint32_le (reader, &flxh->creator))
-+    goto error;
-+  if (!gst_byte_reader_get_uint32_le (reader, &flxh->updated))
-+    goto error;
-+  if (!gst_byte_reader_get_uint32_le (reader, &flxh->updater))
-+    goto error;
-+  if (!gst_byte_reader_get_uint16_le (reader, &flxh->aspect_dx))
-+    goto error;
-+  if (!gst_byte_reader_get_uint16_le (reader, &flxh->aspect_dy))
-+    goto error;
-+  /* EGI */
-+  if (!gst_byte_reader_get_uint16_le (reader, &flxh->ext_flags))
-+    goto error;
-+  if (!gst_byte_reader_get_uint16_le (reader, &flxh->keyframes))
-+    goto error;
-+  if (!gst_byte_reader_get_uint16_le (reader, &flxh->totalframes))
-+    goto error;
-+  if (!gst_byte_reader_get_uint32_le (reader, &flxh->req_memory))
-+    goto error;
-+  if (!gst_byte_reader_get_uint16_le (reader, &flxh->max_regions))
-+    goto error;
-+  if (!gst_byte_reader_get_uint16_le (reader, &flxh->transp_num))
-+    goto error;
-+  if (!gst_byte_reader_skip (reader, 24))       /* reserved */
-+    goto error;
-+  /* FLC */
-+  if (!gst_byte_reader_get_uint32_le (reader, &flxh->oframe1))
-+    goto error;
-+  if (!gst_byte_reader_get_uint32_le (reader, &flxh->oframe2))
-+    goto error;
-+  if (!gst_byte_reader_skip (reader, 40))       /* reserved */
-+    goto error;
-+
-+  return TRUE;
-+
-+error:
-+  GST_ERROR_OBJECT (flxdec, "Error reading file header");
-+  return FALSE;
- }
- 
- static GstFlowReturn
- gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf)
- {
-+  GstByteReader reader;
-+  GstBuffer *input;
-+  GstMapInfo map_info;
-   GstCaps *caps;
--  guint avail;
-+  guint available;
-   GstFlowReturn res = GST_FLOW_OK;
- 
-   GstFlxDec *flxdec;
-@@ -521,31 +713,50 @@ gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf)
-   g_return_val_if_fail (flxdec != NULL, GST_FLOW_ERROR);
- 
-   gst_adapter_push (flxdec->adapter, buf);
--  avail = gst_adapter_available (flxdec->adapter);
-+  available = gst_adapter_available (flxdec->adapter);
-+  input = gst_adapter_get_buffer (flxdec->adapter, available);
-+  if (!gst_buffer_map (input, &map_info, GST_MAP_READ)) {
-+    GST_ELEMENT_ERROR (flxdec, STREAM, DECODE,
-+        ("%s", "Failed to map buffer"), (NULL));
-+    goto error;
-+  }
-+  gst_byte_reader_init (&reader, map_info.data, map_info.size);
- 
-   if (flxdec->state == GST_FLXDEC_READ_HEADER) {
--    if (avail >= FlxHeaderSize) {
--      const guint8 *data = gst_adapter_map (flxdec->adapter, FlxHeaderSize);
-+    if (available >= FlxHeaderSize) {
-+      GstByteReader header;
-       GstCaps *templ;
- 
--      memcpy ((gchar *) & flxdec->hdr, data, FlxHeaderSize);
--      FLX_HDR_FIX_ENDIANNESS (&(flxdec->hdr));
--      gst_adapter_unmap (flxdec->adapter);
-+      if (!gst_byte_reader_get_sub_reader (&reader, &header, FlxHeaderSize)) {
-+        GST_ELEMENT_ERROR (flxdec, STREAM, DECODE,
-+            ("%s", "Could not read header"), (NULL));
-+        goto unmap_input_error;
-+      }
-       gst_adapter_flush (flxdec->adapter, FlxHeaderSize);
-+      available -= FlxHeaderSize;
-+
-+      if (!_read_flx_header (flxdec, &header, &flxdec->hdr)) {
-+        GST_ELEMENT_ERROR (flxdec, STREAM, DECODE,
-+            ("%s", "Failed to parse header"), (NULL));
-+        goto unmap_input_error;
-+      }
- 
-       flxh = &flxdec->hdr;
- 
-       /* check header */
-       if (flxh->type != FLX_MAGICHDR_FLI &&
--          flxh->type != FLX_MAGICHDR_FLC && flxh->type != FLX_MAGICHDR_FLX)
--        goto wrong_type;
-+          flxh->type != FLX_MAGICHDR_FLC && flxh->type != FLX_MAGICHDR_FLX) {
-+        GST_ELEMENT_ERROR (flxdec, STREAM, WRONG_TYPE, (NULL),
-+            ("not a flx file (type %x)", flxh->type));
-+        goto unmap_input_error;
-+      }
- 
--      GST_LOG ("size      :  %d", flxh->size);
--      GST_LOG ("frames    :  %d", flxh->frames);
--      GST_LOG ("width     :  %d", flxh->width);
--      GST_LOG ("height    :  %d", flxh->height);
--      GST_LOG ("depth     :  %d", flxh->depth);
--      GST_LOG ("speed     :  %d", flxh->speed);
-+      GST_INFO_OBJECT (flxdec, "size      :  %d", flxh->size);
-+      GST_INFO_OBJECT (flxdec, "frames    :  %d", flxh->frames);
-+      GST_INFO_OBJECT (flxdec, "width     :  %d", flxh->width);
-+      GST_INFO_OBJECT (flxdec, "height    :  %d", flxh->height);
-+      GST_INFO_OBJECT (flxdec, "depth     :  %d", flxh->depth);
-+      GST_INFO_OBJECT (flxdec, "speed     :  %d", flxh->speed);
- 
-       flxdec->next_time = 0;
- 
-@@ -573,18 +784,32 @@ gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf)
-       gst_pad_set_caps (flxdec->srcpad, caps);
-       gst_caps_unref (caps);
- 
--      if (flxh->depth <= 8)
--        flxdec->converter =
--            flx_colorspace_converter_new (flxh->width, flxh->height);
-+      /* zero means 8 */
-+      if (flxh->depth == 0)
-+        flxh->depth = 8;
-+
-+      if (flxh->depth != 8) {
-+        GST_ELEMENT_ERROR (flxdec, STREAM, WRONG_TYPE,
-+            ("%s", "Don't know how to decode non 8 bit depth streams"), (NULL));
-+        goto unmap_input_error;
-+      }
-+
-+      flxdec->converter =
-+          flx_colorspace_converter_new (flxh->width, flxh->height);
- 
-       if (flxh->type == FLX_MAGICHDR_FLC || flxh->type == FLX_MAGICHDR_FLX) {
--        GST_LOG ("(FLC) aspect_dx :  %d", flxh->aspect_dx);
--        GST_LOG ("(FLC) aspect_dy :  %d", flxh->aspect_dy);
--        GST_LOG ("(FLC) oframe1   :  0x%08x", flxh->oframe1);
--        GST_LOG ("(FLC) oframe2   :  0x%08x", flxh->oframe2);
-+        GST_INFO_OBJECT (flxdec, "(FLC) aspect_dx :  %d", flxh->aspect_dx);
-+        GST_INFO_OBJECT (flxdec, "(FLC) aspect_dy :  %d", flxh->aspect_dy);
-+        GST_INFO_OBJECT (flxdec, "(FLC) oframe1   :  0x%08x", flxh->oframe1);
-+        GST_INFO_OBJECT (flxdec, "(FLC) oframe2   :  0x%08x", flxh->oframe2);
-       }
- 
-       flxdec->size = ((guint) flxh->width * (guint) flxh->height);
-+      if (flxdec->size >= G_MAXSIZE / 4) {
-+        GST_ELEMENT_ERROR (flxdec, STREAM, DECODE,
-+            ("%s", "Cannot allocate required memory"), (NULL));
-+        goto unmap_input_error;
-+      }
- 
-       /* create delta and output frame */
-       flxdec->frame_data = g_malloc (flxdec->size);
-@@ -596,55 +821,66 @@ gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf)
-     GstBuffer *out;
- 
-     /* while we have enough data in the adapter */
--    while (avail >= FlxFrameChunkSize && res == GST_FLOW_OK) {
--      FlxFrameChunk flxfh;
--      guchar *chunk;
--      const guint8 *data;
--      GstMapInfo map;
--
--      chunk = NULL;
--      data = gst_adapter_map (flxdec->adapter, FlxFrameChunkSize);
--      memcpy (&flxfh, data, FlxFrameChunkSize);
--      FLX_FRAME_CHUNK_FIX_ENDIANNESS (&flxfh);
--      gst_adapter_unmap (flxdec->adapter);
--
--      switch (flxfh.id) {
--        case FLX_FRAME_TYPE:
--          /* check if we have the complete frame */
--          if (avail < flxfh.size)
--            goto need_more_data;
--
--          /* flush header */
--          gst_adapter_flush (flxdec->adapter, FlxFrameChunkSize);
--
--          chunk = gst_adapter_take (flxdec->adapter,
--              flxfh.size - FlxFrameChunkSize);
--          FLX_FRAME_TYPE_FIX_ENDIANNESS ((FlxFrameType *) chunk);
--          if (((FlxFrameType *) chunk)->chunks == 0)
--            break;
-+    while (available >= FlxFrameChunkSize && res == GST_FLOW_OK) {
-+      guint32 size;
-+      guint16 type;
- 
--          /* create 32 bits output frame */
--//          res = gst_pad_alloc_buffer_and_set_caps (flxdec->srcpad,
--//              GST_BUFFER_OFFSET_NONE,
--//              flxdec->size * 4, GST_PAD_CAPS (flxdec->srcpad), &out);
--//          if (res != GST_FLOW_OK)
--//            break;
-+      if (!gst_byte_reader_get_uint32_le (&reader, &size))
-+        goto parse_error;
-+      if (available < size)
-+        goto need_more_data;
- 
--          out = gst_buffer_new_and_alloc (flxdec->size * 4);
-+      available -= size;
-+      gst_adapter_flush (flxdec->adapter, size);
-+
-+      if (!gst_byte_reader_get_uint16_le (&reader, &type))
-+        goto parse_error;
-+
-+      switch (type) {
-+        case FLX_FRAME_TYPE:{
-+          GstByteReader chunks;
-+          GstByteWriter writer;
-+          guint16 n_chunks;
-+          GstMapInfo map;
-+
-+          GST_LOG_OBJECT (flxdec, "Have frame type 0x%02x of size %d", type,
-+              size);
-+
-+          if (!gst_byte_reader_get_sub_reader (&reader, &chunks,
-+                  size - FlxFrameChunkSize))
-+            goto parse_error;
-+
-+          if (!gst_byte_reader_get_uint16_le (&chunks, &n_chunks))
-+            goto parse_error;
-+          GST_LOG_OBJECT (flxdec, "Have %d chunks", n_chunks);
-+
-+          if (n_chunks == 0)
-+            break;
-+          if (!gst_byte_reader_skip (&chunks, 8))       /* reserved */
-+            goto parse_error;
-+
-+          gst_byte_writer_init_with_data (&writer, flxdec->frame_data,
-+              flxdec->size, TRUE);
- 
-           /* decode chunks */
--          if (!flx_decode_chunks (flxdec,
--                  ((FlxFrameType *) chunk)->chunks,
--                  chunk + FlxFrameTypeSize, flxdec->frame_data)) {
-+          if (!flx_decode_chunks (flxdec, n_chunks, &chunks, &writer)) {
-             GST_ELEMENT_ERROR (flxdec, STREAM, DECODE,
-                 ("%s", "Could not decode chunk"), NULL);
--            return GST_FLOW_ERROR;
-+            goto unmap_input_error;
-           }
-+          gst_byte_writer_reset (&writer);
- 
-           /* save copy of the current frame for possible delta. */
-           memcpy (flxdec->delta_data, flxdec->frame_data, flxdec->size);
- 
--          gst_buffer_map (out, &map, GST_MAP_WRITE);
-+          out = gst_buffer_new_and_alloc (flxdec->size * 4);
-+          if (!gst_buffer_map (out, &map, GST_MAP_WRITE)) {
-+            GST_ELEMENT_ERROR (flxdec, STREAM, DECODE,
-+                ("%s", "Could not map output buffer"), NULL);
-+            gst_buffer_unref (out);
-+            goto unmap_input_error;
-+          }
-+
-           /* convert current frame. */
-           flx_colorspace_convert (flxdec->converter, flxdec->frame_data,
-               map.data);
-@@ -655,30 +891,32 @@ gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf)
- 
-           res = gst_pad_push (flxdec->srcpad, out);
-           break;
-+        }
-         default:
--          /* check if we have the complete frame */
--          if (avail < flxfh.size)
--            goto need_more_data;
--
--          gst_adapter_flush (flxdec->adapter, flxfh.size);
-+          GST_DEBUG_OBJECT (flxdec, "Unknown frame type 0x%02x, skipping %d",
-+              type, size);
-+          if (!gst_byte_reader_skip (&reader, size - FlxFrameChunkSize))
-+            goto parse_error;
-           break;
-       }
--
--      g_free (chunk);
--
--      avail = gst_adapter_available (flxdec->adapter);
-     }
-   }
-+
-+  gst_buffer_unmap (input, &map_info);
-+  gst_buffer_unref (input);
-+
- need_more_data:
-   return res;
- 
-   /* ERRORS */
--wrong_type:
--  {
--    GST_ELEMENT_ERROR (flxdec, STREAM, WRONG_TYPE, (NULL),
--        ("not a flx file (type %x)", flxh->type));
--    return GST_FLOW_ERROR;
--  }
-+parse_error:
-+  GST_ELEMENT_ERROR (flxdec, STREAM, DECODE,
-+      ("%s", "Failed to parse stream"), (NULL));
-+unmap_input_error:
-+  gst_buffer_unmap (input, &map_info);
-+  gst_buffer_unref (input);
-+error:
-+  return GST_FLOW_ERROR;
- }
- 
- static GstStateChangeReturn
-diff --git a/gst/flx/gstflxdec.h b/gst/flx/gstflxdec.h
-index 3f9a0aa..4fd8dfd 100644
---- a/gst/flx/gstflxdec.h
-+++ b/gst/flx/gstflxdec.h
-@@ -23,6 +23,8 @@
- #include <gst/gst.h>
- 
- #include <gst/base/gstadapter.h>
-+#include <gst/base/gstbytereader.h>
-+#include <gst/base/gstbytewriter.h>
- #include "flx_color.h"
- 
- G_BEGIN_DECLS
-@@ -45,7 +47,7 @@ struct _GstFlxDec {
- 
-   guint8 *delta_data, *frame_data;
-   GstAdapter *adapter;
--  gulong size;
-+  gsize size;
-   GstFlxDecState state;
-   gint64 frame_time;
-   gint64 next_time;
--- 
-2.10.2
-
diff --git a/gnu/packages/patches/gst-plugins-good-fix-invalid-read.patch b/gnu/packages/patches/gst-plugins-good-fix-invalid-read.patch
deleted file mode 100644
index 1daaa2ae15..0000000000
--- a/gnu/packages/patches/gst-plugins-good-fix-invalid-read.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Fixes upstream bug #774897 (flxdec: Unreferences itself one time too many on
-invalid files):
-
-https://bugzilla.gnome.org/show_bug.cgi?id=774897
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=b31c504645a814c59d91d49e4fe218acaf93f4ca
-
-From b31c504645a814c59d91d49e4fe218acaf93f4ca Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
-Date: Wed, 23 Nov 2016 11:20:49 +0200
-Subject: [PATCH] flxdec: Don't unref() parent in the chain function
-
-We don't own the reference here, it is owned by the caller and given to
-us for the scope of this function. Leftover mistake from 0.10 porting.
-
-https://bugzilla.gnome.org/show_bug.cgi?id=774897
----
- gst/flx/gstflxdec.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/gst/flx/gstflxdec.c b/gst/flx/gstflxdec.c
-index e675c99..a237976 100644
---- a/gst/flx/gstflxdec.c
-+++ b/gst/flx/gstflxdec.c
-@@ -677,7 +677,6 @@ wrong_type:
-   {
-     GST_ELEMENT_ERROR (flxdec, STREAM, WRONG_TYPE, (NULL),
-         ("not a flx file (type %x)", flxh->type));
--    gst_object_unref (flxdec);
-     return GST_FLOW_ERROR;
-   }
- }
--- 
-2.10.2
-
diff --git a/gnu/packages/patches/gst-plugins-good-fix-signedness.patch b/gnu/packages/patches/gst-plugins-good-fix-signedness.patch
deleted file mode 100644
index a3e20e19dd..0000000000
--- a/gnu/packages/patches/gst-plugins-good-fix-signedness.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-This is a followup fix for upstream bug #774834 (flic decoder: Buffer overflow
-in flx_decode_delta_fli):
-
-https://bugzilla.gnome.org/show_bug.cgi?id=774834#c2
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=1ab2b26193861b124426e2f8eb62b75b59ec5488
-
-From 1ab2b26193861b124426e2f8eb62b75b59ec5488 Mon Sep 17 00:00:00 2001
-From: Matthew Waters <matthew@centricular.com>
-Date: Tue, 22 Nov 2016 23:46:00 +1100
-Subject: [PATCH] flxdec: fix some warnings comparing unsigned < 0
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-bf43f44fcfada5ec4a3ce60cb374340486fe9fac was comparing an unsigned
-expression to be < 0 which was always false.
-
-gstflxdec.c: In function ‘flx_decode_brun’:
-gstflxdec.c:322:33: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits]
-         if ((glong) row - count < 0) {
-                                 ^
-gstflxdec.c:332:33: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits]
-         if ((glong) row - count < 0) {
-                                 ^
-
-https://bugzilla.gnome.org/show_bug.cgi?id=774834
----
- gst/flx/gstflxdec.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/gst/flx/gstflxdec.c b/gst/flx/gstflxdec.c
-index d51a8e6..e675c99 100644
---- a/gst/flx/gstflxdec.c
-+++ b/gst/flx/gstflxdec.c
-@@ -319,7 +319,7 @@ flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest)
-       if (count > 0x7f) {
-         /* literal run */
-         count = 0x100 - count;
--        if ((glong) row - count < 0) {
-+        if ((glong) row - (glong) count < 0) {
-           GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected.");
-           return FALSE;
-         }
-@@ -329,7 +329,7 @@ flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest)
-           *dest++ = *data++;
- 
-       } else {
--        if ((glong) row - count < 0) {
-+        if ((glong) row - (glong) count < 0) {
-           GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected.");
-           return FALSE;
-         }
--- 
-2.10.2
-
diff --git a/gnu/packages/patches/gst-plugins-good-flic-bounds-check.patch b/gnu/packages/patches/gst-plugins-good-flic-bounds-check.patch
deleted file mode 100644
index f77dca2cd6..0000000000
--- a/gnu/packages/patches/gst-plugins-good-flic-bounds-check.patch
+++ /dev/null
@@ -1,319 +0,0 @@
-Fix CVE-2016-{9634,9635,9636}.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9634
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9635
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9636
-
-This fixes upstream bug #774834 (flic decoder: Buffer overflow in
-flx_decode_delta_fli):
-
-https://bugzilla.gnome.org/show_bug.cgi?id=774834
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=2e203a79b7d9af4029307c1a845b3c148d5f5e62
-
-From 2e203a79b7d9af4029307c1a845b3c148d5f5e62 Mon Sep 17 00:00:00 2001
-From: Matthew Waters <matthew@centricular.com>
-Date: Tue, 22 Nov 2016 19:05:00 +1100
-Subject: [PATCH] flxdec: add some write bounds checking
-
-Without checking the bounds of the frame we are writing into, we can
-write off the end of the destination buffer.
-
-https://scarybeastsecurity.blogspot.dk/2016/11/0day-exploit-advancing-exploitation.html
-
-https://bugzilla.gnome.org/show_bug.cgi?id=774834
----
- gst/flx/gstflxdec.c | 116 +++++++++++++++++++++++++++++++++++++++++-----------
- 1 file changed, 91 insertions(+), 25 deletions(-)
-
-diff --git a/gst/flx/gstflxdec.c b/gst/flx/gstflxdec.c
-index 604be2f..d51a8e6 100644
---- a/gst/flx/gstflxdec.c
-+++ b/gst/flx/gstflxdec.c
-@@ -74,9 +74,9 @@ static gboolean gst_flxdec_src_query_handler (GstPad * pad, GstObject * parent,
-     GstQuery * query);
- 
- static void flx_decode_color (GstFlxDec *, guchar *, guchar *, gint);
--static void flx_decode_brun (GstFlxDec *, guchar *, guchar *);
--static void flx_decode_delta_fli (GstFlxDec *, guchar *, guchar *);
--static void flx_decode_delta_flc (GstFlxDec *, guchar *, guchar *);
-+static gboolean flx_decode_brun (GstFlxDec *, guchar *, guchar *);
-+static gboolean flx_decode_delta_fli (GstFlxDec *, guchar *, guchar *);
-+static gboolean flx_decode_delta_flc (GstFlxDec *, guchar *, guchar *);
- 
- #define rndalign(off) ((off) + ((off) & 1))
- 
-@@ -203,13 +203,14 @@ gst_flxdec_sink_event_handler (GstPad * pad, GstObject * parent,
-   return ret;
- }
- 
--static void
-+static gboolean
- flx_decode_chunks (GstFlxDec * flxdec, gulong count, guchar * data,
-     guchar * dest)
- {
-   FlxFrameChunk *hdr;
-+  gboolean ret = TRUE;
- 
--  g_return_if_fail (data != NULL);
-+  g_return_val_if_fail (data != NULL, FALSE);
- 
-   while (count--) {
-     hdr = (FlxFrameChunk *) data;
-@@ -228,17 +229,17 @@ flx_decode_chunks (GstFlxDec * flxdec, gulong count, guchar * data,
-         break;
- 
-       case FLX_BRUN:
--        flx_decode_brun (flxdec, data, dest);
-+        ret = flx_decode_brun (flxdec, data, dest);
-         data += rndalign (hdr->size) - FlxFrameChunkSize;
-         break;
- 
-       case FLX_LC:
--        flx_decode_delta_fli (flxdec, data, dest);
-+        ret = flx_decode_delta_fli (flxdec, data, dest);
-         data += rndalign (hdr->size) - FlxFrameChunkSize;
-         break;
- 
-       case FLX_SS2:
--        flx_decode_delta_flc (flxdec, data, dest);
-+        ret = flx_decode_delta_flc (flxdec, data, dest);
-         data += rndalign (hdr->size) - FlxFrameChunkSize;
-         break;
- 
-@@ -256,7 +257,12 @@ flx_decode_chunks (GstFlxDec * flxdec, gulong count, guchar * data,
-         data += rndalign (hdr->size) - FlxFrameChunkSize;
-         break;
-     }
-+
-+    if (!ret)
-+      break;
-   }
-+
-+  return ret;
- }
- 
- 
-@@ -289,13 +295,13 @@ flx_decode_color (GstFlxDec * flxdec, guchar * data, guchar * dest, gint scale)
-   }
- }
- 
--static void
-+static gboolean
- flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest)
- {
-   gulong count, lines, row;
-   guchar x;
- 
--  g_return_if_fail (flxdec != NULL);
-+  g_return_val_if_fail (flxdec != NULL, FALSE);
- 
-   lines = flxdec->hdr.height;
-   while (lines--) {
-@@ -313,12 +319,21 @@ flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest)
-       if (count > 0x7f) {
-         /* literal run */
-         count = 0x100 - count;
-+        if ((glong) row - count < 0) {
-+          GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected.");
-+          return FALSE;
-+        }
-         row -= count;
- 
-         while (count--)
-           *dest++ = *data++;
- 
-       } else {
-+        if ((glong) row - count < 0) {
-+          GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected.");
-+          return FALSE;
-+        }
-+
-         /* replicate run */
-         row -= count;
-         x = *data++;
-@@ -328,22 +343,28 @@ flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest)
-       }
-     }
-   }
-+
-+  return TRUE;
- }
- 
--static void
-+static gboolean
- flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest)
- {
-   gulong count, packets, lines, start_line;
-   guchar *start_p, x;
- 
--  g_return_if_fail (flxdec != NULL);
--  g_return_if_fail (flxdec->delta_data != NULL);
-+  g_return_val_if_fail (flxdec != NULL, FALSE);
-+  g_return_val_if_fail (flxdec->delta_data != NULL, FALSE);
- 
-   /* use last frame for delta */
-   memcpy (dest, flxdec->delta_data, flxdec->size);
- 
-   start_line = (data[0] + (data[1] << 8));
-   lines = (data[2] + (data[3] << 8));
-+  if (start_line + lines > flxdec->hdr.height) {
-+    GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. too many lines.");
-+    return FALSE;
-+  }
-   data += 4;
- 
-   /* start position of delta */
-@@ -356,7 +377,8 @@ flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest)
- 
-     while (packets--) {
-       /* skip count */
--      dest += *data++;
-+      guchar skip = *data++;
-+      dest += skip;
- 
-       /* RLE count */
-       count = *data++;
-@@ -364,12 +386,24 @@ flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest)
-       if (count > 0x7f) {
-         /* literal run */
-         count = 0x100 - count;
--        x = *data++;
- 
-+        if (skip + count > flxdec->hdr.width) {
-+          GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. "
-+              "line too long.");
-+          return FALSE;
-+        }
-+
-+        x = *data++;
-         while (count--)
-           *dest++ = x;
- 
-       } else {
-+        if (skip + count > flxdec->hdr.width) {
-+          GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. "
-+              "line too long.");
-+          return FALSE;
-+        }
-+
-         /* replicate run */
-         while (count--)
-           *dest++ = *data++;
-@@ -378,21 +412,27 @@ flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest)
-     start_p += flxdec->hdr.width;
-     dest = start_p;
-   }
-+
-+  return TRUE;
- }
- 
--static void
-+static gboolean
- flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest)
- {
-   gulong count, lines, start_l, opcode;
-   guchar *start_p;
- 
--  g_return_if_fail (flxdec != NULL);
--  g_return_if_fail (flxdec->delta_data != NULL);
-+  g_return_val_if_fail (flxdec != NULL, FALSE);
-+  g_return_val_if_fail (flxdec->delta_data != NULL, FALSE);
- 
-   /* use last frame for delta */
-   memcpy (dest, flxdec->delta_data, flxdec->size);
- 
-   lines = (data[0] + (data[1] << 8));
-+  if (lines > flxdec->hdr.height) {
-+    GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. too many lines.");
-+    return FALSE;
-+  }
-   data += 2;
- 
-   start_p = dest;
-@@ -405,9 +445,15 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest)
-     while ((opcode = (data[0] + (data[1] << 8))) & 0xc000) {
-       data += 2;
-       if ((opcode & 0xc000) == 0xc000) {
--        /* skip count */
--        start_l += (0x10000 - opcode);
--        dest += flxdec->hdr.width * (0x10000 - opcode);
-+        /* line skip count */
-+        gulong skip = (0x10000 - opcode);
-+        if (skip > flxdec->hdr.height) {
-+          GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. "
-+              "skip line count too big.");
-+          return FALSE;
-+        }
-+        start_l += skip;
-+        dest += flxdec->hdr.width * skip;
-       } else {
-         /* last pixel */
-         dest += flxdec->hdr.width;
-@@ -419,7 +465,8 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest)
-     /* last opcode is the packet count */
-     while (opcode--) {
-       /* skip count */
--      dest += *data++;
-+      guchar skip = *data++;
-+      dest += skip;
- 
-       /* RLE count */
-       count = *data++;
-@@ -427,12 +474,25 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest)
-       if (count > 0x7f) {
-         /* replicate word run */
-         count = 0x100 - count;
-+
-+        if (skip + count > flxdec->hdr.width) {
-+          GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. "
-+              "line too long.");
-+          return FALSE;
-+        }
-+
-         while (count--) {
-           *dest++ = data[0];
-           *dest++ = data[1];
-         }
-         data += 2;
-       } else {
-+        if (skip + count > flxdec->hdr.width) {
-+          GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. "
-+              "line too long.");
-+          return FALSE;
-+        }
-+
-         /* literal word run */
-         while (count--) {
-           *dest++ = *data++;
-@@ -442,6 +502,8 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest)
-     }
-     lines--;
-   }
-+
-+  return TRUE;
- }
- 
- static GstFlowReturn
-@@ -571,9 +633,13 @@ gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf)
-           out = gst_buffer_new_and_alloc (flxdec->size * 4);
- 
-           /* decode chunks */
--          flx_decode_chunks (flxdec,
--              ((FlxFrameType *) chunk)->chunks,
--              chunk + FlxFrameTypeSize, flxdec->frame_data);
-+          if (!flx_decode_chunks (flxdec,
-+                  ((FlxFrameType *) chunk)->chunks,
-+                  chunk + FlxFrameTypeSize, flxdec->frame_data)) {
-+            GST_ELEMENT_ERROR (flxdec, STREAM, DECODE,
-+                ("%s", "Could not decode chunk"), NULL);
-+            return GST_FLOW_ERROR;
-+          }
- 
-           /* save copy of the current frame for possible delta. */
-           memcpy (flxdec->delta_data, flxdec->frame_data, flxdec->size);
--- 
-2.10.2
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-9064.patch b/gnu/packages/patches/icecat-CVE-2016-9064.patch
deleted file mode 100644
index a5393815e0..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-9064.patch
+++ /dev/null
@@ -1,996 +0,0 @@
-Copied from
-<https://hg.mozilla.org/releases/mozilla-esr45/raw-rev/00c2b7baaa0b>
-but with one hunk omitted: the git binary patch for
-toolkit/mozapps/extensions/test/addons/test_update_multi2/addon.xpi
-which is not present in the IceCat sources.
-
-# HG changeset patch
-# User Andrew Swan <aswan@mozilla.com>
-# Date 1474063218 25200
-# Node ID 00c2b7baaa0b4bfb7d5f1aac31c094ea6b255e1f
-# Parent  46b07bdbf8b20cf3fdc28104add57ff58a55832b
-Bug 1303418 - Don't allow upgrades that change the addon ID. r=mossop, a=lizzard
-
-MozReview-Commit-ID: JHINo8ShmeI
-
-diff --git a/toolkit/mozapps/extensions/AddonManager.jsm b/toolkit/mozapps/extensions/AddonManager.jsm
---- a/toolkit/mozapps/extensions/AddonManager.jsm
-+++ b/toolkit/mozapps/extensions/AddonManager.jsm
-@@ -2956,16 +2956,18 @@ this.AddonManager = {
-   // The downloaded file seems to be corrupted in some way.
-   ERROR_CORRUPT_FILE: -3,
-   // An error occured trying to write to the filesystem.
-   ERROR_FILE_ACCESS: -4,
-   // The add-on must be signed and isn't.
-   ERROR_SIGNEDSTATE_REQUIRED: -5,
-   // The downloaded add-on had a different type than expected.
-   ERROR_UNEXPECTED_ADDON_TYPE: -6,
-+  // The addon did not have the expected ID
-+  ERROR_INCORRECT_ID: -7,
- 
-   // These must be kept in sync with AddonUpdateChecker.
-   // No error was encountered.
-   UPDATE_STATUS_NO_ERROR: 0,
-   // The update check timed out
-   UPDATE_STATUS_TIMEOUT: -1,
-   // There was an error while downloading the update information.
-   UPDATE_STATUS_DOWNLOAD_ERROR: -2,
-diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
---- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm
-+++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
-@@ -5473,16 +5473,37 @@ AddonInstall.prototype = {
-       // loadManifestFromZipReader performs the certificate verification for us
-       this.addon = yield loadManifestFromZipReader(zipreader, this.installLocation);
-     }
-     catch (e) {
-       zipreader.close();
-       return Promise.reject([AddonManager.ERROR_CORRUPT_FILE, e]);
-     }
- 
-+    if (this.existingAddon) {
-+      // Check various conditions related to upgrades
-+      if (this.addon.id != this.existingAddon.id) {
-+        zipreader.close();
-+        return Promise.reject([AddonManager.ERROR_INCORRECT_ID,
-+                               `Refusing to upgrade addon ${this.existingAddon.id} to different ID ${this.addon.id}`]);
-+      }
-+
-+      if (this.addon.type == "multipackage") {
-+        zipreader.close();
-+        return Promise.reject([AddonManager.ERROR_UNEXPECTED_ADDON_TYPE,
-+                               `Refusing to upgrade addon ${this.existingAddon.id} to a multi-package xpi`]);
-+      }
-+
-+      if (this.existingAddon.type == "webextension" && this.addon.type != "webextension") {
-+        zipreader.close();
-+        return Promise.reject([AddonManager.ERROR_UNEXPECTED_ADDON_TYPE,
-+                               "Webextensions may not be updated to other extension types"]);
-+      }
-+    }
-+
-     if (mustSign(this.addon.type)) {
-       if (this.addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) {
-         // This add-on isn't properly signed by a signature that chains to the
-         // trusted root.
-         let state = this.addon.signedState;
-         this.addon = null;
-         zipreader.close();
- 
-@@ -5510,23 +5531,16 @@ AddonInstall.prototype = {
-         } else {
-           zipreader.close();
-           return Promise.reject([AddonManager.ERROR_CORRUPT_FILE,
-                                  "XPI is incorrectly signed"]);
-         }
-       }
-     }
- 
--    if (this.existingAddon && this.existingAddon.type == "webextension" &&
--        this.addon.type != "webextension") {
--      zipreader.close();
--      return Promise.reject([AddonManager.ERROR_UNEXPECTED_ADDON_TYPE,
--                             "WebExtensions may not be upated to other extension types"]);
--    }
--
-     if (this.addon.type == "multipackage")
-       return this._loadMultipackageManifests(zipreader);
- 
-     zipreader.close();
- 
-     this.updateAddonURIs();
- 
-     this.addon._install = this;
-@@ -5791,16 +5805,17 @@ AddonInstall.prototype = {
-           else {
-             // TODO Should we send some event here (bug 557716)?
-             this.state = AddonManager.STATE_CHECKING;
-             new UpdateChecker(this.addon, {
-               onUpdateFinished: aAddon => this.downloadCompleted(),
-             }, AddonManager.UPDATE_WHEN_ADDON_INSTALLED);
-           }
-         }, ([error, message]) => {
-+          this.removeTemporaryFile();
-           this.downloadFailed(error, message);
-         });
-       }
-       else {
-         if (aRequest instanceof Ci.nsIHttpChannel)
-           this.downloadFailed(AddonManager.ERROR_NETWORK_FAILURE,
-                               aRequest.responseStatus + " " +
-                               aRequest.responseStatusText);
-diff --git a/toolkit/mozapps/extensions/test/addons/test_update_multi1/bootstrap.js b/toolkit/mozapps/extensions/test/addons/test_update_multi1/bootstrap.js
-new file mode 100644
---- /dev/null
-+++ b/toolkit/mozapps/extensions/test/addons/test_update_multi1/bootstrap.js
-@@ -0,0 +1,5 @@
-+
-+function install(data, reason) {}
-+function startup(data, reason) {}
-+function shutdown(data, reason) {}
-+function uninstall(data, reason) {}
-diff --git a/toolkit/mozapps/extensions/test/addons/test_update_multi1/install.rdf b/toolkit/mozapps/extensions/test/addons/test_update_multi1/install.rdf
-new file mode 100644
---- /dev/null
-+++ b/toolkit/mozapps/extensions/test/addons/test_update_multi1/install.rdf
-@@ -0,0 +1,16 @@
-+<?xml version="1.0"?>
-+<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-+     xmlns:em="http://www.mozilla.org/2004/em-rdf#">
-+<Description about="urn:mozilla:install-manifest">
-+  <em:id>updatemulti@tests.mozilla.org</em:id>
-+  <em:version>1.0</em:version>
-+  <em:updateURL>http://localhost:4444/data/test_update_multi.rdf</em:updateURL>
-+  <em:bootstrap>true</em:bootstrap>
-+  <em:name>Test Addon 1</em:name>
-+<em:targetApplication><Description>
-+  <em:id>xpcshell@tests.mozilla.org</em:id>
-+  <em:minVersion>1</em:minVersion>
-+  <em:maxVersion>1</em:maxVersion>
-+</Description></em:targetApplication>
-+</Description>
-+</RDF>
-diff --git a/toolkit/mozapps/extensions/test/addons/test_update_multi2/install.rdf b/toolkit/mozapps/extensions/test/addons/test_update_multi2/install.rdf
-new file mode 100644
---- /dev/null
-+++ b/toolkit/mozapps/extensions/test/addons/test_update_multi2/install.rdf
-@@ -0,0 +1,9 @@
-+<?xml version="1.0"?>
-+<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-+     xmlns:em="http://www.mozilla.org/2004/em-rdf#">
-+<Description about="urn:mozilla:install-manifest">
-+  <em:id>updatemulti@tests.mozilla.org</em:id>
-+  <em:type>32</em:type>
-+  <em:version>2.0</em:version>
-+</Description>
-+</RDF>
-diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid1/bootstrap.js b/toolkit/mozapps/extensions/test/addons/test_updateid1/bootstrap.js
-new file mode 100644
---- /dev/null
-+++ b/toolkit/mozapps/extensions/test/addons/test_updateid1/bootstrap.js
-@@ -0,0 +1,5 @@
-+
-+function install(data, reason) {}
-+function startup(data, reason) {}
-+function shutdown(data, reason) {}
-+function uninstall(data, reason) {}
-diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid1/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid1/install.rdf
-new file mode 100644
---- /dev/null
-+++ b/toolkit/mozapps/extensions/test/addons/test_updateid1/install.rdf
-@@ -0,0 +1,16 @@
-+<?xml version="1.0"?>
-+<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-+     xmlns:em="http://www.mozilla.org/2004/em-rdf#">
-+<Description about="urn:mozilla:install-manifest">
-+  <em:id>addon1@tests.mozilla.org</em:id>
-+  <em:version>1.0</em:version>
-+  <em:updateURL>http://localhost:4444/data/test_updateid.rdf</em:updateURL>
-+  <em:bootstrap>true</em:bootstrap>
-+  <em:name>Test Addon 1</em:name>
-+<em:targetApplication><Description>
-+  <em:id>xpcshell@tests.mozilla.org</em:id>
-+  <em:minVersion>1</em:minVersion>
-+  <em:maxVersion>1</em:maxVersion>
-+</Description></em:targetApplication>
-+</Description>
-+</RDF>
-diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid2/bootstrap.js b/toolkit/mozapps/extensions/test/addons/test_updateid2/bootstrap.js
-new file mode 100644
---- /dev/null
-+++ b/toolkit/mozapps/extensions/test/addons/test_updateid2/bootstrap.js
-@@ -0,0 +1,5 @@
-+
-+function install(data, reason) {}
-+function startup(data, reason) {}
-+function shutdown(data, reason) {}
-+function uninstall(data, reason) {}
-diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid2/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid2/install.rdf
-new file mode 100644
---- /dev/null
-+++ b/toolkit/mozapps/extensions/test/addons/test_updateid2/install.rdf
-@@ -0,0 +1,16 @@
-+<?xml version="1.0"?>
-+<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-+     xmlns:em="http://www.mozilla.org/2004/em-rdf#">
-+<Description about="urn:mozilla:install-manifest">
-+  <em:id>addon1.changed@tests.mozilla.org</em:id>
-+  <em:version>2.0</em:version>
-+  <em:updateURL>http://localhost:4444/data/test_updateid.rdf</em:updateURL>
-+  <em:bootstrap>true</em:bootstrap>
-+  <em:name>Test Addon 1</em:name>
-+<em:targetApplication><Description>
-+  <em:id>xpcshell@tests.mozilla.org</em:id>
-+  <em:minVersion>1</em:minVersion>
-+  <em:maxVersion>1</em:maxVersion>
-+</Description></em:targetApplication>
-+</Description>
-+</RDF>
-diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid2_2/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid2_2/install.rdf
-deleted file mode 100644
---- a/toolkit/mozapps/extensions/test/addons/test_updateid2_2/install.rdf
-+++ /dev/null
-@@ -1,24 +0,0 @@
--<?xml version="1.0"?>
--
--<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
--     xmlns:em="http://www.mozilla.org/2004/em-rdf#">
--
--  <Description about="urn:mozilla:install-manifest">
--    <em:id>addon2@tests.mozilla.org</em:id>
--    <em:version>2.0</em:version>
--    <em:updateURL>http://localhost:4444/data/test_updateid.rdf</em:updateURL>
--
--    <!-- Front End MetaData -->
--    <em:name>Test 2</em:name>
--    <em:description>Test Description</em:description>
--
--    <em:targetApplication>
--      <Description>
--        <em:id>xpcshell@tests.mozilla.org</em:id>
--        <em:minVersion>1</em:minVersion>
--        <em:maxVersion>1</em:maxVersion>
--      </Description>
--    </em:targetApplication>
--
--  </Description>
--</RDF>
-diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid2_5/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid2_5/install.rdf
-deleted file mode 100644
---- a/toolkit/mozapps/extensions/test/addons/test_updateid2_5/install.rdf
-+++ /dev/null
-@@ -1,24 +0,0 @@
--<?xml version="1.0"?>
--
--<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
--     xmlns:em="http://www.mozilla.org/2004/em-rdf#">
--
--  <Description about="urn:mozilla:install-manifest">
--    <em:id>addon2@tests.mozilla.org</em:id>
--    <em:version>5.0</em:version>
--    <em:updateURL>http://localhost:4444/data/test_updateid.rdf</em:updateURL>
--
--    <!-- Front End MetaData -->
--    <em:name>Test 2</em:name>
--    <em:description>Test Description</em:description>
--
--    <em:targetApplication>
--      <Description>
--        <em:id>xpcshell@tests.mozilla.org</em:id>
--        <em:minVersion>1</em:minVersion>
--        <em:maxVersion>1</em:maxVersion>
--      </Description>
--    </em:targetApplication>
--
--  </Description>
--</RDF>
-diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid3_3/bootstrap.js b/toolkit/mozapps/extensions/test/addons/test_updateid3_3/bootstrap.js
-deleted file mode 100644
---- a/toolkit/mozapps/extensions/test/addons/test_updateid3_3/bootstrap.js
-+++ /dev/null
-@@ -1,21 +0,0 @@
--Components.utils.import("resource://gre/modules/Services.jsm");
--
--function install(data, reason) {
--  Services.prefs.setIntPref("bootstraptest.installed_version", 3);
--  Services.prefs.setIntPref("bootstraptest.install_reason", reason);
--}
--
--function startup(data, reason) {
--  Services.prefs.setIntPref("bootstraptest.active_version", 3);
--  Services.prefs.setIntPref("bootstraptest.startup_reason", reason);
--}
--
--function shutdown(data, reason) {
--  Services.prefs.setIntPref("bootstraptest.active_version", 0);
--  Services.prefs.setIntPref("bootstraptest.shutdown_reason", reason);
--}
--
--function uninstall(data, reason) {
--  Services.prefs.setIntPref("bootstraptest.installed_version", 0);
--  Services.prefs.setIntPref("bootstraptest.uninstall_reason", reason);
--}
-diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid3_3/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid3_3/install.rdf
-deleted file mode 100644
---- a/toolkit/mozapps/extensions/test/addons/test_updateid3_3/install.rdf
-+++ /dev/null
-@@ -1,25 +0,0 @@
--<?xml version="1.0"?>
--
--<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
--     xmlns:em="http://www.mozilla.org/2004/em-rdf#">
--
--  <Description about="urn:mozilla:install-manifest">
--    <em:id>addon3@tests.mozilla.org</em:id>
--    <em:version>3.0</em:version>
--    <em:updateURL>http://localhost:4444/data/test_updateid.rdf</em:updateURL>
--    <em:bootstrap>true</em:bootstrap>
--
--    <!-- Front End MetaData -->
--    <em:name>Test 3</em:name>
--    <em:description>Test Description</em:description>
--
--    <em:targetApplication>
--      <Description>
--        <em:id>xpcshell@tests.mozilla.org</em:id>
--        <em:minVersion>1</em:minVersion>
--        <em:maxVersion>1</em:maxVersion>
--      </Description>
--    </em:targetApplication>
--
--  </Description>
--</RDF>
-diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid4_4/bootstrap.js b/toolkit/mozapps/extensions/test/addons/test_updateid4_4/bootstrap.js
-deleted file mode 100644
---- a/toolkit/mozapps/extensions/test/addons/test_updateid4_4/bootstrap.js
-+++ /dev/null
-@@ -1,21 +0,0 @@
--Components.utils.import("resource://gre/modules/Services.jsm");
--
--function install(data, reason) {
--  Services.prefs.setIntPref("bootstraptest.installed_version", 4);
--  Services.prefs.setIntPref("bootstraptest.install_reason", reason);
--}
--
--function startup(data, reason) {
--  Services.prefs.setIntPref("bootstraptest.active_version", 4);
--  Services.prefs.setIntPref("bootstraptest.startup_reason", reason);
--}
--
--function shutdown(data, reason) {
--  Services.prefs.setIntPref("bootstraptest.active_version", 0);
--  Services.prefs.setIntPref("bootstraptest.shutdown_reason", reason);
--}
--
--function uninstall(data, reason) {
--  Services.prefs.setIntPref("bootstraptest.installed_version", 0);
--  Services.prefs.setIntPref("bootstraptest.uninstall_reason", reason);
--}
-diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid4_4/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid4_4/install.rdf
-deleted file mode 100644
---- a/toolkit/mozapps/extensions/test/addons/test_updateid4_4/install.rdf
-+++ /dev/null
-@@ -1,25 +0,0 @@
--<?xml version="1.0"?>
--
--<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
--     xmlns:em="http://www.mozilla.org/2004/em-rdf#">
--
--  <Description about="urn:mozilla:install-manifest">
--    <em:id>addon4@tests.mozilla.org</em:id>
--    <em:version>4.0</em:version>
--    <em:updateURL>http://localhost:4444/data/test_updateid.rdf</em:updateURL>
--    <em:bootstrap>true</em:bootstrap>
--
--    <!-- Front End MetaData -->
--    <em:name>Test 4</em:name>
--    <em:description>Test Description</em:description>
--
--    <em:targetApplication>
--      <Description>
--        <em:id>xpcshell@tests.mozilla.org</em:id>
--        <em:minVersion>1</em:minVersion>
--        <em:maxVersion>1</em:maxVersion>
--      </Description>
--    </em:targetApplication>
--
--  </Description>
--</RDF>
-diff --git a/toolkit/mozapps/extensions/test/xpcshell/data/test_update_multi.rdf b/toolkit/mozapps/extensions/test/xpcshell/data/test_update_multi.rdf
-new file mode 100644
---- /dev/null
-+++ b/toolkit/mozapps/extensions/test/xpcshell/data/test_update_multi.rdf
-@@ -0,0 +1,26 @@
-+<?xml version="1.0" encoding="UTF-8"?>
-+
-+<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-+     xmlns:em="http://www.mozilla.org/2004/em-rdf#">
-+
-+  <Description about="urn:mozilla:extension:updatemulti@tests.mozilla.org">
-+    <em:updates>
-+      <Seq>
-+        <li>
-+          <Description>
-+            <em:version>2.0</em:version>
-+            <em:targetApplication>
-+              <Description>
-+                <em:id>xpcshell@tests.mozilla.org</em:id>
-+                <em:minVersion>1</em:minVersion>
-+                <em:maxVersion>1</em:maxVersion>
-+                <em:updateLink>http://localhost:4444/addons/test_update_multi2.xpi</em:updateLink>
-+              </Description>
-+            </em:targetApplication>
-+          </Description>
-+        </li>
-+      </Seq>
-+    </em:updates>
-+  </Description>
-+
-+</RDF>
-diff --git a/toolkit/mozapps/extensions/test/xpcshell/data/test_updateid.rdf b/toolkit/mozapps/extensions/test/xpcshell/data/test_updateid.rdf
---- a/toolkit/mozapps/extensions/test/xpcshell/data/test_updateid.rdf
-+++ b/toolkit/mozapps/extensions/test/xpcshell/data/test_updateid.rdf
-@@ -9,77 +9,17 @@
-         <li>
-           <Description>
-             <em:version>2.0</em:version>
-             <em:targetApplication>
-               <Description>
-                 <em:id>xpcshell@tests.mozilla.org</em:id>
-                 <em:minVersion>1</em:minVersion>
-                 <em:maxVersion>1</em:maxVersion>
--                <em:updateLink>http://localhost:4444/addons/test_updateid2_2.xpi</em:updateLink>
--              </Description>
--            </em:targetApplication>
--          </Description>
--        </li>
--      </Seq>
--    </em:updates>
--  </Description>
--
--  <Description about="urn:mozilla:extension:addon2@tests.mozilla.org">
--    <em:updates>
--      <Seq>
--        <li>
--          <Description>
--            <em:version>3.0</em:version>
--            <em:targetApplication>
--              <Description>
--                <em:id>xpcshell@tests.mozilla.org</em:id>
--                <em:minVersion>1</em:minVersion>
--                <em:maxVersion>1</em:maxVersion>
--                <em:updateLink>http://localhost:4444/addons/test_updateid3_3.xpi</em:updateLink>
--              </Description>
--            </em:targetApplication>
--          </Description>
--        </li>
--      </Seq>
--    </em:updates>
--  </Description>
--
--  <Description about="urn:mozilla:extension:addon3@tests.mozilla.org">
--    <em:updates>
--      <Seq>
--        <li>
--          <Description>
--            <em:version>4.0</em:version>
--            <em:targetApplication>
--              <Description>
--                <em:id>xpcshell@tests.mozilla.org</em:id>
--                <em:minVersion>1</em:minVersion>
--                <em:maxVersion>1</em:maxVersion>
--                <em:updateLink>http://localhost:4444/addons/test_updateid4_4.xpi</em:updateLink>
--              </Description>
--            </em:targetApplication>
--          </Description>
--        </li>
--      </Seq>
--    </em:updates>
--  </Description>
--
--  <Description about="urn:mozilla:extension:addon4@tests.mozilla.org">
--    <em:updates>
--      <Seq>
--        <li>
--          <Description>
--            <em:version>5.0</em:version>
--            <em:targetApplication>
--              <Description>
--                <em:id>xpcshell@tests.mozilla.org</em:id>
--                <em:minVersion>1</em:minVersion>
--                <em:maxVersion>1</em:maxVersion>
--                <em:updateLink>http://localhost:4444/addons/test_updateid2_5.xpi</em:updateLink>
-+                <em:updateLink>http://localhost:4444/addons/test_updateid2.xpi</em:updateLink>
-               </Description>
-             </em:targetApplication>
-           </Description>
-         </li>
-       </Seq>
-     </em:updates>
-   </Description>
- 
-diff --git a/toolkit/mozapps/extensions/test/xpcshell/test_updateid.js b/toolkit/mozapps/extensions/test/xpcshell/test_updateid.js
---- a/toolkit/mozapps/extensions/test/xpcshell/test_updateid.js
-+++ b/toolkit/mozapps/extensions/test/xpcshell/test_updateid.js
-@@ -2,421 +2,85 @@
-  * http://creativecommons.org/publicdomain/zero/1.0/
-  */
- 
- // This verifies that updating an add-on to a new ID works
- 
- // The test extension uses an insecure update url.
- Services.prefs.setBoolPref("extensions.checkUpdateSecurity", false);
- 
--Components.utils.import("resource://testing-common/httpd.js");
--var testserver;
- const profileDir = gProfD.clone();
- profileDir.append("extensions");
- 
--function resetPrefs() {
--  Services.prefs.setIntPref("bootstraptest.active_version", -1);
--  Services.prefs.setIntPref("bootstraptest.installed_version", -1);
--  Services.prefs.setIntPref("bootstraptest.startup_reason", -1);
--  Services.prefs.setIntPref("bootstraptest.shutdown_reason", -1);
--  Services.prefs.setIntPref("bootstraptest.install_reason", -1);
--  Services.prefs.setIntPref("bootstraptest.uninstall_reason", -1);
--}
--
--function getActiveVersion() {
--  return Services.prefs.getIntPref("bootstraptest.active_version");
--}
--
--function getInstalledVersion() {
--  return Services.prefs.getIntPref("bootstraptest.installed_version");
--}
--
--function run_test() {
--  createAppInfo("xpcshell@tests.mozilla.org", "XPCShell", "1", "1.9.2");
--
--  // Create and configure the HTTP server.
--  testserver = new HttpServer();
--  testserver.registerDirectory("/data/", do_get_file("data"));
--  testserver.registerDirectory("/addons/", do_get_file("addons"));
--  testserver.start(4444);
--
--  do_test_pending();
--  run_test_1();
--}
--
--function end_test() {
--  testserver.stop(do_test_finished);
--}
--
--function installUpdate(aInstall, aCallback) {
--  aInstall.addListener({
--    onInstallEnded: function(aInstall) {
--      // give the startup time to run
--      do_execute_soon(function() {
--        aCallback(aInstall);
--      });
--    }
--  });
--
--  aInstall.install();
--}
--
--// Verify that an update to an add-on with a new ID uninstalls the old add-on
--function run_test_1() {
--  writeInstallRDFForExtension({
--    id: "addon1@tests.mozilla.org",
--    version: "1.0",
--    updateURL: "http://localhost:4444/data/test_updateid.rdf",
--    targetApplications: [{
--      id: "xpcshell@tests.mozilla.org",
--      minVersion: "1",
--      maxVersion: "1"
--    }],
--    name: "Test Addon 1",
--  }, profileDir);
--
--  startupManager();
--
--  AddonManager.getAddonByID("addon1@tests.mozilla.org", function(a1) {
--    do_check_neq(a1, null);
--    do_check_eq(a1.version, "1.0");
-+function promiseInstallUpdate(install) {
-+  return new Promise((resolve, reject) => {
-+    install.addListener({
-+      onDownloadFailed: () => {
-+        let err = new Error("download error");
-+        err.code = install.error;
-+        reject(err);
-+      },
-+      onInstallFailed: () => {
-+        let err = new Error("install error");
-+        err.code = install.error;
-+        reject(err);
-+      },
-+      onInstallEnded: resolve,
-+    });
- 
--    a1.findUpdates({
--      onUpdateAvailable: function(addon, install) {
--        do_check_eq(install.name, addon.name);
--        do_check_eq(install.version, "2.0");
--        do_check_eq(install.state, AddonManager.STATE_AVAILABLE);
--        do_check_eq(install.existingAddon, a1);
--
--        installUpdate(install, check_test_1);
--      }
--    }, AddonManager.UPDATE_WHEN_USER_REQUESTED);
--  });
--}
--
--function check_test_1(install) {
--  AddonManager.getAddonByID("addon1@tests.mozilla.org", callback_soon(function(a1) {
--    // Existing add-on should have a pending upgrade
--    do_check_neq(a1.pendingUpgrade, null);
--    do_check_eq(a1.pendingUpgrade.id, "addon2@tests.mozilla.org");
--    do_check_eq(a1.pendingUpgrade.install.existingAddon, a1);
--    do_check_neq(a1.syncGUID);
--
--    let a1SyncGUID = a1.syncGUID;
--
--    restartManager();
--
--    AddonManager.getAddonsByIDs(["addon1@tests.mozilla.org",
--                                 "addon2@tests.mozilla.org"], function([a1, a2]) {
--      // Should have uninstalled the old and installed the new
--      do_check_eq(a1, null);
--      do_check_neq(a2, null);
--      do_check_neq(a2.syncGUID, null);
--
--      // The Sync GUID should change when the ID changes
--      do_check_neq(a1SyncGUID, a2.syncGUID);
--
--      a2.uninstall();
--
--      do_execute_soon(run_test_2);
--    });
--  }));
--}
--
--// Test that when the new add-on already exists we just upgrade that
--function run_test_2() {
--  restartManager();
--  shutdownManager();
--
--  writeInstallRDFForExtension({
--    id: "addon1@tests.mozilla.org",
--    version: "1.0",
--    updateURL: "http://localhost:4444/data/test_updateid.rdf",
--    targetApplications: [{
--      id: "xpcshell@tests.mozilla.org",
--      minVersion: "1",
--      maxVersion: "1"
--    }],
--    name: "Test Addon 1",
--  }, profileDir);
--  writeInstallRDFForExtension({
--    id: "addon2@tests.mozilla.org",
--    version: "1.0",
--    targetApplications: [{
--      id: "xpcshell@tests.mozilla.org",
--      minVersion: "1",
--      maxVersion: "1"
--    }],
--    name: "Test Addon 2",
--  }, profileDir);
--
--  startupManager();
--
--  AddonManager.getAddonByID("addon1@tests.mozilla.org", function(a1) {
--    do_check_neq(a1, null);
--    do_check_eq(a1.version, "1.0");
--
--    a1.findUpdates({
--      onUpdateAvailable: function(addon, install) {
--        installUpdate(install, check_test_2);
--      }
--    }, AddonManager.UPDATE_WHEN_USER_REQUESTED);
-+    install.install();
-   });
- }
- 
--function check_test_2(install) {
--  AddonManager.getAddonsByIDs(["addon1@tests.mozilla.org",
--                               "addon2@tests.mozilla.org"],
--                               callback_soon(function([a1, a2]) {
--    do_check_eq(a1.pendingUpgrade, null);
--    // Existing add-on should have a pending upgrade
--    do_check_neq(a2.pendingUpgrade, null);
--    do_check_eq(a2.pendingUpgrade.id, "addon2@tests.mozilla.org");
--    do_check_eq(a2.pendingUpgrade.install.existingAddon, a2);
--
--    restartManager();
--
--    AddonManager.getAddonsByIDs(["addon1@tests.mozilla.org",
--                                 "addon2@tests.mozilla.org"], function([a1, a2]) {
--      // Should have uninstalled the old and installed the new
--      do_check_neq(a1, null);
--      do_check_neq(a2, null);
--
--      a1.uninstall();
--      a2.uninstall();
--
--      do_execute_soon(run_test_3);
--    });
--  }));
--}
--
--// Test that we rollback correctly when removing the old add-on fails
--function run_test_3() {
--  restartManager();
--  shutdownManager();
--
--  // This test only works on Windows
--  if (!("nsIWindowsRegKey" in AM_Ci)) {
--    run_test_4();
--    return;
--  }
--
--  writeInstallRDFForExtension({
--    id: "addon1@tests.mozilla.org",
--    version: "1.0",
--    updateURL: "http://localhost:4444/data/test_updateid.rdf",
--    targetApplications: [{
--      id: "xpcshell@tests.mozilla.org",
--      minVersion: "1",
--      maxVersion: "1"
--    }],
--    name: "Test Addon 1",
--  }, profileDir);
--
--  startupManager();
-+// Create and configure the HTTP server.
-+let testserver = createHttpServer(4444);
-+testserver.registerDirectory("/data/", do_get_file("data"));
-+testserver.registerDirectory("/addons/", do_get_file("addons"));
- 
--  AddonManager.getAddonByID("addon1@tests.mozilla.org", function(a1) {
--    do_check_neq(a1, null);
--    do_check_eq(a1.version, "1.0");
--
--    a1.findUpdates({
--      onUpdateAvailable: function(addon, install) {
--        installUpdate(install, check_test_3);
--      }
--    }, AddonManager.UPDATE_WHEN_USER_REQUESTED);
--  });
--}
--
--function check_test_3(install) {
--  AddonManager.getAddonByID("addon1@tests.mozilla.org", callback_soon(function(a1) {
--    // Existing add-on should have a pending upgrade
--    do_check_neq(a1.pendingUpgrade, null);
--    do_check_eq(a1.pendingUpgrade.id, "addon2@tests.mozilla.org");
--    do_check_eq(a1.pendingUpgrade.install.existingAddon, a1);
--
--    // Lock the old add-on open so it can't be uninstalled
--    var file = profileDir.clone();
--    file.append("addon1@tests.mozilla.org");
--    if (!file.exists())
--      file.leafName += ".xpi";
--    else
--      file.append("install.rdf");
--
--    var fstream = AM_Cc["@mozilla.org/network/file-output-stream;1"].
--                  createInstance(AM_Ci.nsIFileOutputStream);
--    fstream.init(file, FileUtils.MODE_APPEND | FileUtils.MODE_WRONLY, FileUtils.PERMS_FILE, 0);
--
--    restartManager();
--
--    fstream.close();
--
--    AddonManager.getAddonsByIDs(["addon1@tests.mozilla.org",
--                                 "addon2@tests.mozilla.org"],
--                                 callback_soon(function([a1, a2]) {
--      // Should not have installed the new add-on but it should still be
--      // pending install
--      do_check_neq(a1, null);
--      do_check_eq(a2, null);
--
--      restartManager();
--
--      AddonManager.getAddonsByIDs(["addon1@tests.mozilla.org",
--                                   "addon2@tests.mozilla.org"], function([a1, a2]) {
--        // Should have installed the new add-on
--        do_check_eq(a1, null);
--        do_check_neq(a2, null);
--
--        a2.uninstall();
--
--        do_execute_soon(run_test_4);
--      });
--    }));
--  }));
-+function run_test() {
-+  createAppInfo("xpcshell@tests.mozilla.org", "XPCShell", "1", "1.9.2");
-+  startupManager();
-+  run_next_test();
- }
- 
--// Tests that upgrading to a bootstrapped add-on works but requires a restart
--function run_test_4() {
--  restartManager();
--  shutdownManager();
--
--  writeInstallRDFForExtension({
--    id: "addon2@tests.mozilla.org",
--    version: "2.0",
--    updateURL: "http://localhost:4444/data/test_updateid.rdf",
--    targetApplications: [{
--      id: "xpcshell@tests.mozilla.org",
--      minVersion: "1",
--      maxVersion: "1"
--    }],
--    name: "Test Addon 2",
--  }, profileDir);
--
--  startupManager();
--
--  resetPrefs();
--
--  AddonManager.getAddonByID("addon2@tests.mozilla.org", function(a2) {
--    do_check_neq(a2, null);
--    do_check_neq(a2.syncGUID, null);
--    do_check_eq(a2.version, "2.0");
--
--    a2.findUpdates({
--      onUpdateAvailable: function(addon, install) {
--        installUpdate(install, check_test_4);
--      }
--    }, AddonManager.UPDATE_WHEN_USER_REQUESTED);
--  });
--}
--
--function check_test_4() {
--  AddonManager.getAddonsByIDs(["addon2@tests.mozilla.org",
--                               "addon3@tests.mozilla.org"],
--                               callback_soon(function([a2, a3]) {
--    // Should still be pending install even though the new add-on is restartless
--    do_check_neq(a2, null);
--    do_check_eq(a3, null);
--
--    do_check_neq(a2.pendingUpgrade, null);
--    do_check_eq(a2.pendingUpgrade.id, "addon3@tests.mozilla.org");
--
--    do_check_eq(getInstalledVersion(), -1);
--    do_check_eq(getActiveVersion(), -1);
--
--    restartManager();
--
--    AddonManager.getAddonsByIDs(["addon2@tests.mozilla.org",
--                                 "addon3@tests.mozilla.org"], function([a2, a3]) {
--      // Should have updated
--      do_check_eq(a2, null);
--      do_check_neq(a3, null);
--
--      do_check_eq(getInstalledVersion(), 3);
--      do_check_eq(getActiveVersion(), 3);
--
--      do_execute_soon(run_test_5);
--    });
--  }));
--}
--
--// Tests that upgrading to another bootstrapped add-on works without a restart
--function run_test_5() {
--  AddonManager.getAddonByID("addon3@tests.mozilla.org", function(a3) {
--    do_check_neq(a3, null);
--    do_check_eq(a3.version, "3.0");
-+// Verify that an update to an add-on with a new ID fails
-+add_task(function* test_update_new_id() {
-+  yield promiseInstallAllFiles([do_get_addon("test_updateid1")]);
- 
--    a3.findUpdates({
--      onUpdateAvailable: function(addon, install) {
--        installUpdate(install, check_test_5);
--      }
--    }, AddonManager.UPDATE_WHEN_USER_REQUESTED);
--  });
--}
--
--function check_test_5() {
--  AddonManager.getAddonsByIDs(["addon3@tests.mozilla.org",
--                               "addon4@tests.mozilla.org"],
--                               callback_soon(function([a3, a4]) {
--    // Should have updated
--    do_check_eq(a3, null);
--    do_check_neq(a4, null);
--
--    do_check_eq(getInstalledVersion(), 4);
--    do_check_eq(getActiveVersion(), 4);
--
--    restartManager();
--
--    AddonManager.getAddonsByIDs(["addon3@tests.mozilla.org",
--                                 "addon4@tests.mozilla.org"], function([a3, a4]) {
--      // Should still be gone
--      do_check_eq(a3, null);
--      do_check_neq(a4, null);
--
--      do_check_eq(getInstalledVersion(), 4);
--      do_check_eq(getActiveVersion(), 4);
--
--      run_test_6();
--    });
--  }));
--}
-+  let addon = yield promiseAddonByID("addon1@tests.mozilla.org");
-+  do_check_neq(addon, null);
-+  do_check_eq(addon.version, "1.0");
- 
--// Tests that upgrading to a non-bootstrapped add-on works but requires a restart
--function run_test_6() {
--  AddonManager.getAddonByID("addon4@tests.mozilla.org", function(a4) {
--    do_check_neq(a4, null);
--    do_check_eq(a4.version, "4.0");
--
--    a4.findUpdates({
--      onUpdateAvailable: function(addon, install) {
--        installUpdate(install, check_test_6);
--      }
--    }, AddonManager.UPDATE_WHEN_USER_REQUESTED);
--  });
--}
-+  let update = yield promiseFindAddonUpdates(addon, AddonManager.UPDATE_WHEN_USER_REQUESTED);
-+  let install = update.updateAvailable;
-+  do_check_eq(install.name, addon.name);
-+  do_check_eq(install.version, "2.0");
-+  do_check_eq(install.state, AddonManager.STATE_AVAILABLE);
-+  do_check_eq(install.existingAddon, addon);
- 
--function check_test_6() {
--  AddonManager.getAddonsByIDs(["addon4@tests.mozilla.org",
--                               "addon2@tests.mozilla.org"],
--                               callback_soon(function([a4, a2]) {
--    // Should still be pending install even though the old add-on is restartless
--    do_check_neq(a4, null);
--    do_check_eq(a2, null);
--
--    do_check_neq(a4.pendingUpgrade, null);
--    do_check_eq(a4.pendingUpgrade.id, "addon2@tests.mozilla.org");
--
--    do_check_eq(getInstalledVersion(), 4);
--    do_check_eq(getActiveVersion(), 4);
-+  yield Assert.rejects(promiseInstallUpdate(install),
-+                       function(err) { return err.code == AddonManager.ERROR_INCORRECT_ID },
-+                       "Upgrade to a different ID fails");
- 
--    restartManager();
-+  addon.uninstall();
-+});
- 
--    AddonManager.getAddonsByIDs(["addon4@tests.mozilla.org",
--                                 "addon2@tests.mozilla.org"], function([a4, a2]) {
--      // Should have updated
--      do_check_eq(a4, null);
--      do_check_neq(a2, null);
-+// Verify that an update to a multi-package xpi fails
-+add_task(function* test_update_new_id() {
-+  yield promiseInstallAllFiles([do_get_addon("test_update_multi1")]);
- 
--      do_check_eq(getInstalledVersion(), 0);
--      do_check_eq(getActiveVersion(), 0);
-+  let addon = yield promiseAddonByID("updatemulti@tests.mozilla.org");
-+  do_check_neq(addon, null);
-+  do_check_eq(addon.version, "1.0");
- 
--      end_test();
--    });
--  }));
--}
-+  let update = yield promiseFindAddonUpdates(addon, AddonManager.UPDATE_WHEN_USER_REQUESTED);
-+  let install = update.updateAvailable;
-+  do_check_eq(install.name, addon.name);
-+  do_check_eq(install.version, "2.0");
-+  do_check_eq(install.state, AddonManager.STATE_AVAILABLE);
-+  do_check_eq(install.existingAddon, addon);
-+
-+  yield Assert.rejects(promiseInstallUpdate(install),
-+                       function(err) { return err.code == AddonManager.ERROR_UNEXPECTED_ADDON_TYPE },
-+                       "Upgrade to a multipackage xpi fails");
-+
-+  addon.uninstall();
-+});
-
diff --git a/gnu/packages/patches/nasm-no-ps-pdf.patch b/gnu/packages/patches/nasm-no-ps-pdf.patch
deleted file mode 100644
index b03b57a6ed..0000000000
--- a/gnu/packages/patches/nasm-no-ps-pdf.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Avoid building PS and PDF docs, which do not build bit-reproducible.  NASM
-already installs doc in info and html.
-
---- nasm-2.12.01/doc/Makefile.in.orig	2016-06-21 18:02:59.483484829 +0200
-+++ nasm-2.12.01/doc/Makefile.in	2016-06-21 18:03:46.700151410 +0200
-@@ -27,7 +27,7 @@
- PS2PDF          = @PS2PDF@		# Part of GhostScript
- 
- SRCS		= nasmdoc.src inslist.src changes.src
--OUT		= info html nasmdoc.txt nasmdoc.ps nasmdoc.pdf
-+OUT		= info html nasmdoc.txt
- 
- # exports
- export srcdir
-@@ -100,4 +100,4 @@
- 	$(INSTALL_DATA) info/* $(INSTALLROOT)$(infodir)
- 	mkdir -p $(INSTALLROOT)$(docdir)/html
- 	$(INSTALL_DATA) html/* $(INSTALLROOT)$(docdir)/html
--	$(INSTALL_DATA) nasmdoc.ps nasmdoc.pdf nasmdoc.txt $(INSTALLROOT)$(docdir)
-+	$(INSTALL_DATA) nasmdoc.txt $(INSTALLROOT)$(docdir)
diff --git a/gnu/packages/patches/netcdf-config-date.patch b/gnu/packages/patches/netcdf-config-date.patch
deleted file mode 100644
index 5054612e95..0000000000
--- a/gnu/packages/patches/netcdf-config-date.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Honor SOURCE_DATE_EPOCH when exporting configuration date.
-Autoconf-level patch submitted upstream on Fri Apr 15 23:07:42 UTC 2016
-
---- a/configure
-+++ b/configure
-@@ -2866,7 +2866,17 @@
- 
- 
- # Configuration Date
-- CONFIG_DATE="`date`"
-+ CONFIG_DATE="`date -u`"
-+if test -n "$SOURCE_DATE_EPOCH"; then
-+  CONFIG_DATE=`date -u -d "@$SOURCE_DATE_EPOCH" 2>/dev/null \
-+               || date -u -r "$SOURCE_DATE_EPOCH" 2>/dev/null`
-+  if test -z "$CONFIG_DATE"; then
-+    as_fn_error $? "malformed SOURCE_DATE_EPOCH" "$LINENO" 5
-+  fi
-+fi
-+cat >>confdefs.h <<_ACEOF
-+#define CONFIG_DATE "$CONFIG_DATE"
-+_ACEOF
- 
- # Find out about the host we're building on.
- ac_aux_dir=
---- a/libdispatch/derror.c
-+++ b/libdispatch/derror.c
-@@ -13,7 +13,7 @@
- #endif
- 
- /* Tell the user the version of netCDF. */
--static const char nc_libvers[] = PACKAGE_VERSION " of "__DATE__" "__TIME__" $";
-+static const char nc_libvers[] = PACKAGE_VERSION " of "CONFIG_DATE" $";
- 
- /**
- \defgroup lib_version Library Version
---- a/config.h.in
-+++ b/config.h.in
-@@ -393,6 +393,9 @@
- /* Define to the version of this package. */
- #undef PACKAGE_VERSION
- 
-+/* Define to the configuration date */
-+#undef CONFIG_DATE
-+
- /* The size of `double', as computed by sizeof. */
- #undef SIZEOF_DOUBLE
- 
diff --git a/gnu/packages/patches/netcdf-date-time.patch b/gnu/packages/patches/netcdf-date-time.patch
new file mode 100644
index 0000000000..a4e7925aa1
--- /dev/null
+++ b/gnu/packages/patches/netcdf-date-time.patch
@@ -0,0 +1,11 @@
+--- a/libdispatch/derror.c
++++ b/libdispatch/derror.c
+@@ -13,7 +13,7 @@
+ #endif
+ 
+ /* Tell the user the version of netCDF. */
+-static const char nc_libvers[] = PACKAGE_VERSION " of "__DATE__" "__TIME__" $";
++static const char nc_libvers[] = PACKAGE_VERSION" $";
+ 
+ /**
+ \defgroup lib_version Library Version
diff --git a/gnu/packages/patches/netcdf-tst_h_par.patch b/gnu/packages/patches/netcdf-tst_h_par.patch
new file mode 100644
index 0000000000..ac14a4c0a2
--- /dev/null
+++ b/gnu/packages/patches/netcdf-tst_h_par.patch
@@ -0,0 +1,21 @@
+From a83702834938b23cc2e843589aa223e2024a7e6f Mon Sep 17 00:00:00 2001
+From: Orion Poplawski <orion@cora.nwra.com>
+Date: Tue, 29 Nov 2016 11:48:01 -0700
+Subject: [PATCH] Add missing #include "err_macros.h" to tst_h_par.c
+
+---
+ h5_test/tst_h_par.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/h5_test/tst_h_par.c b/h5_test/tst_h_par.c
+index c3da7f4..a419d55 100644
+--- a/h5_test/tst_h_par.c
++++ b/h5_test/tst_h_par.c
+@@ -11,6 +11,7 @@
+    $Id: tst_h_par.c,v 1.15 2010/05/25 13:53:04 ed Exp $
+ */
+ #include <nc_tests.h>
++#include "err_macros.h"
+ #include <hdf5.h>
+ 
+ /* Defining USE_MPE causes the MPE trace library to be used (and you
diff --git a/gnu/packages/patches/vtk-mesa-10.patch b/gnu/packages/patches/vtk-mesa-10.patch
deleted file mode 100644
index bc60af68c4..0000000000
--- a/gnu/packages/patches/vtk-mesa-10.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix build against new mesa.  See:
-
-  https://bugs.freedesktop.org/show_bug.cgi?id=83631
-  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765938
-
-Description: fixes FTBFS against new libjpeg-turbo
-Author: Ondřej Surý <ondrej@debian.org>
-Bug-Debian: https://bugs.debian.org/765938
-Reviewed-By: Anton Gladky <gladk@debian.org>
-Last-Update: 2014-10-22
-
-Index: vtk6-6.1.0+dfsg2/Rendering/OpenGL/vtkOpenGL.h
-===================================================================
---- vtk6-6.1.0+dfsg2.orig/Rendering/OpenGL/vtkOpenGL.h
-+++ vtk6-6.1.0+dfsg2/Rendering/OpenGL/vtkOpenGL.h
-@@ -20,6 +20,7 @@
- 
- // To prevent gl.h to include glext.h provided by the system
- #define GL_GLEXT_LEGACY
-+#define GLX_GLEXT_LEGACY
- #if defined(__APPLE__) && (defined(VTK_USE_CARBON) || defined(VTK_USE_COCOA))
- # include <OpenGL/gl.h> // Include OpenGL API.
- #else
-Index: vtk6-6.1.0+dfsg2/Rendering/OpenGL/vtkXOpenGLRenderWindow.cxx
-===================================================================
---- vtk6-6.1.0+dfsg2.orig/Rendering/OpenGL/vtkXOpenGLRenderWindow.cxx
-+++ vtk6-6.1.0+dfsg2/Rendering/OpenGL/vtkXOpenGLRenderWindow.cxx
-@@ -27,7 +27,7 @@
- 
- // define GLX_GLXEXT_LEGACY to prevent glx.h to include glxext.h provided by
- // the system
--//#define GLX_GLXEXT_LEGACY
-+#define GLX_GLXEXT_LEGACY
- #include "GL/glx.h"
- 
- #include "vtkgl.h"
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index d54b2bcb2f..6b4370dbf2 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -946,7 +946,7 @@ write accessor methods for your objects that perform standard tasks.")
 (define-public perl-class-method-modifiers
   (package
     (name "perl-class-method-modifiers")
-    (version "2.11")
+    (version "2.12")
     (source
      (origin
        (method url-fetch)
@@ -954,7 +954,7 @@ write accessor methods for your objects that perform standard tasks.")
                            "Class-Method-Modifiers-" version ".tar.gz"))
        (sha256
         (base32
-         "14nk2gin9cjwpysakli7f0gs4q1w220sn73xzv35rhlspngrggyy"))))
+         "1j3swa212wh14dq5r6zjarm2lzpx6mrdfplpjy65px8b09ri0k74"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-fatal" ,perl-test-fatal)
@@ -4756,7 +4756,7 @@ Perl (back to 5.6.0).")
 (define-public perl-namespace-autoclean
   (package
     (name "perl-namespace-autoclean")
-    (version "0.24")
+    (version "0.28")
     (source
      (origin
        (method url-fetch)
@@ -4764,7 +4764,7 @@ Perl (back to 5.6.0).")
                            "namespace-autoclean-" version ".tar.gz"))
        (sha256
         (base32
-         "0msggbg2zbixxjq1fda19h0yygavxndfzc4j4pq11nfghmawjsb0"))))
+         "0fbcq99yaix1aa99jl3v811dbw24il9jxnh5i2i23mddh4b0lhfd"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-module-build" ,perl-module-build)
diff --git a/gnu/packages/pretty-print.scm b/gnu/packages/pretty-print.scm
index 8ba9780685..8819b8adaf 100644
--- a/gnu/packages/pretty-print.scm
+++ b/gnu/packages/pretty-print.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -31,7 +32,9 @@
   #:use-module (gnu packages bison)
   #:use-module (gnu packages flex)
   #:use-module (gnu packages gperf)
-  #:use-module (gnu packages perl))
+  #:use-module (gnu packages lua)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages pkg-config))
 
 (define-public a2ps
   (package
@@ -197,6 +200,47 @@ seen in a terminal.")
     (license gpl3+)
     (properties '((ftp-directory . "/gnu/src-highlite")))))
 
+(define-public highlight
+  (package
+    (name "highlight")
+    (version "3.33")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://www.andre-simon.de/zip/highlight-"
+                           version ".tar.bz2"))
+       (sha256
+        (base32
+         "0g2whi6pxl640795vymikm82a1my841jmh7fiqzbrjpc9wsk1db4"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; no tests
+       #:make-flags
+       (let ((confdir (string-append %output "/share/highlight/config/")))
+         (list (string-append "PREFIX=" %output)
+               (string-append "HL_CONFIG_DIR=" confdir)
+               (string-append "conf_dir=" confdir)))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (add-after 'unpack 'fix-search-for-lua
+           (lambda _
+             (substitute* "src/makefile"
+               (("(pkg-config.*)lua" _ prefix)
+                (string-append prefix "lua-5.3")))
+             #t)))))
+    (inputs
+     `(("lua" ,lua)
+       ("boost" ,boost)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "http://www.andre-simon.de/doku/highlight/en/highlight.php")
+    (synopsis "Convert code to documents with syntax highlighting")
+    (description "Highlight converts source code to HTML, XHTML, RTF, LaTeX,
+TeX, SVG, BBCode and terminal escape sequences with colored syntax
+highlighting.  Language definitions and color themes are customizable.")
+    (license gpl3+)))
+
 (define-public astyle
   (package
     (name "astyle")
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index ea94f44230..8f8b0de721 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -3261,11 +3261,12 @@ association studies (GWAS) on extremely large data sets.")
     (name "python-numpy")
     (outputs '("out" "doc"))
     (inputs
-     `(("which" ,which)))
+     `(("which" ,which)
+       ,@(package-inputs python-numpy-bootstrap)))
     (propagated-inputs
      `(("python-matplotlib" ,python-matplotlib)
        ("python-pyparsing" ,python-pyparsing)
-       ,@(package-inputs python-numpy-bootstrap)))
+       ,@(package-propagated-inputs python-numpy-bootstrap)))
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("python-sphinx" ,python-sphinx)
@@ -3390,7 +3391,7 @@ that client code uses to construct the grammar directly in Python code.")
            (substitute* "numpydoc/tests/test_plot_directive.py"
              (("3") "2"))))))
     (build-system python-build-system)
-    (native-inputs
+    (propagated-inputs
      `(("python-sphinx" ,python-sphinx)))
     (native-inputs
      `(("python-nose" ,python-nose)))
@@ -4814,7 +4815,7 @@ computing.")
       ;; FIXME: add pyreadline once available.
       (native-inputs
        `(("python2-mock" ,python2-mock)
-         ,@(package-inputs ipython))))))
+         ,@(package-native-inputs ipython))))))
 
 (define-public python-isodate
   (package
@@ -6371,14 +6372,14 @@ responses, rather than doing any computation.")
 (define-public python-cryptography-vectors
   (package
     (name "python-cryptography-vectors")
-    (version "1.5.3")
+    (version "1.6")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "cryptography_vectors" version))
        (sha256
         (base32
-         "1bnd1bricyhxa27rhr0ljk0kacxzvysd3ar2j2hlv13a2k6zw4z5"))))
+         "0xgn3yvlmv5rs92wgjj39qscr6s7mwbbsx7j683sfa6ijmyb1k01"))))
     (build-system python-build-system)
     (home-page "https://github.com/pyca/cryptography")
     (synopsis "Test vectors for the cryptography package")
@@ -6393,14 +6394,14 @@ responses, rather than doing any computation.")
 (define-public python-cryptography
   (package
     (name "python-cryptography")
-    (version "1.5.3")
+    (version "1.6")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "cryptography" version))
        (sha256
         (base32
-         "1raanvkdfw5ai56ymlij6ghc4k126fs7jx948ig7yn4vj6ndv0ng"))))
+         "0gwvmz6w5ml0bjbgmdiscsv5i948lrjd381z7h9qkz6kr398c3ad"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/qemu.scm b/gnu/packages/qemu.scm
index 51c579a0ce..f06b52fdff 100644
--- a/gnu/packages/qemu.scm
+++ b/gnu/packages/qemu.scm
@@ -424,6 +424,7 @@ virtualization library.")
     (build-system python-build-system)
     (arguments
      `(#:python ,python-2
+       #:use-setuptools? #f ; Uses custom distutils 'install' command.
        ;; Some of the tests seem to require network access to install virtual
        ;; machines.
        #:tests? #f
diff --git a/gnu/packages/qt.scm b/gnu/packages/qt.scm
index b442356530..ae951aad5f 100644
--- a/gnu/packages/qt.scm
+++ b/gnu/packages/qt.scm
@@ -35,6 +35,7 @@
   #:use-module (gnu packages compression)
   #:use-module (gnu packages cups)
   #:use-module (gnu packages databases)
+  #:use-module (gnu packages documentation)
   #:use-module (gnu packages fontutils)
   #:use-module (gnu packages flex)
   #:use-module (gnu packages freedesktop)
@@ -59,6 +60,38 @@
   #:use-module (gnu packages xorg)
   #:use-module (gnu packages xml))
 
+(define-public grantlee
+  (package
+    (name "grantlee")
+    (version "5.1.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://github.com/steveire/grantlee/archive/v"
+                            version ".tar.gz"))
+        (file-name (string-append name "-" version ".tar.gz"))
+        (sha256
+         (base32 "1lf9rkv0i0kd7fvpgg5l8jb87zw8dzcwd1liv6hji7g4wlpmfdiq"))))
+    (native-inputs
+     `(("doxygen" ,doxygen)))
+    (inputs
+     `(("qtbase" ,qtbase)
+       ("qtscript" ,qtscript)))
+    (build-system cmake-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (replace 'check
+                  (lambda _
+                    (zero? (system* "ctest" ;; exclude 2 tests which require a display
+                                    "-E" "htmlbuildertest|plainmarkupbuildertest")))))))
+    (home-page "https://github.com/steveire/grantlee")
+    (synopsis "Libraries for text templating with Qt")
+    (description "Grantlee Templates can be used for theming and generation of
+other text such as code.  The syntax uses the syntax of the Django template
+system, and the core design of Django is reused in Grantlee.")
+    (license license:lgpl2.0+)))
+
 (define-public qt
   (package
     (name "qt")
diff --git a/gnu/packages/serialization.scm b/gnu/packages/serialization.scm
index 31444509f1..3f20a3525c 100644
--- a/gnu/packages/serialization.scm
+++ b/gnu/packages/serialization.scm
@@ -166,6 +166,8 @@ serialization.")
                 "15wg14480lrbrhc2myk9rwpwb2gzix9bk80p4y7gxg3zrzml0xh8"))))
     (build-system cmake-build-system)
     (home-page "https://github.com/open-source-parsers/jsoncpp")
+    (arguments
+     `(#:configure-flags '("-DBUILD_SHARED_LIBS:BOOL=YES")))
     (synopsis "C++ library for interacting with JSON")
     (description "JsonCpp is a C++ library that allows manipulating JSON values,
 including serialization and deserialization to and from strings.  It can also
diff --git a/gnu/packages/sxiv.scm b/gnu/packages/sxiv.scm
deleted file mode 100644
index 8a81d48f3e..0000000000
--- a/gnu/packages/sxiv.scm
+++ /dev/null
@@ -1,62 +0,0 @@
-;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com>
-;;;
-;;; This file is part of GNU Guix.
-;;;
-;;; GNU Guix is free software; you can redistribute it and/or modify it
-;;; under the terms of the GNU General Public License as published by
-;;; the Free Software Foundation; either version 3 of the License, or (at
-;;; your option) any later version.
-;;;
-;;; GNU Guix is distributed in the hope that it will be useful, but
-;;; WITHOUT ANY WARRANTY; without even the implied warranty of
-;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-;;; GNU General Public License for more details.
-;;;
-;;; You should have received a copy of the GNU General Public License
-;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
-
-(define-module (gnu packages sxiv)
-  #:use-module (guix packages)
-  #:use-module (guix download)
-  #:use-module (guix build-system gnu)
-  #:use-module ((guix licenses) #:prefix license:)
-  #:use-module (gnu packages xorg)
-  #:use-module (gnu packages image)
-  #:use-module (gnu packages photo))
-
-(define-public sxiv
-  (package
-    (name "sxiv")
-    (version "1.3.2")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "https://github.com/muennich/sxiv/archive/v"
-                    version ".tar.gz"))
-              (file-name (string-append name "-" version ".tar.gz"))
-              (sha256
-               (base32
-                "0lxnd33gaw4drhdwbkk94wzrjyhh64d57jq2ps7ffmqgizg6hlwz"))))
-    (build-system gnu-build-system)
-    (arguments
-     '(#:tests? #f                      ; no check target
-       #:make-flags (list (string-append "PREFIX=" %output)
-                          "CC=gcc")
-       #:phases (alist-delete
-                 'configure             ; no configure phase
-                 %standard-phases)))
-    (inputs
-     `(("libx11" ,libx11)
-       ("imlib2" ,imlib2)
-       ("giflib" ,giflib)
-       ("libexif" ,libexif)))
-    (home-page "https://github.com/muennich/sxiv")
-    (synopsis "Simple X Image Viewer")
-    (description
-     "sxiv is an alternative to feh and qiv.  Its primary goal is to
-provide the most basic features required for fast image viewing.  It has
-vi key bindings and works nicely with tiling window managers.  Its code
-base should be kept small and clean to make it easy for you to dig into
-it and customize it for your needs.")
-    (license license:gpl2+)))
diff --git a/gnu/packages/owncloud.scm b/gnu/packages/sync.scm
index 6b40bd3ada..a4fdfd303e 100644
--- a/gnu/packages/owncloud.scm
+++ b/gnu/packages/sync.scm
@@ -16,7 +16,7 @@
 ;;; You should have received a copy of the GNU General Public License
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
-(define-module (gnu packages owncloud)
+(define-module (gnu packages sync)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix build-system cmake)
   #:use-module (guix download)
@@ -103,3 +103,58 @@ to and a server to synchronize to.  You can configure more computers to
 synchronize to the same server and any change to the files on one computer will
 silently and reliably flow across to every other.")
     (license license:gpl2+)))
+
+(define-public qsyncthingtray
+  (package
+    (name "qsyncthingtray")
+    (version "0.5.6")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append
+               "https://github.com/sieren/QSyncthingTray/archive/"
+               version ".tar.gz"))
+        (file-name (string-append name "-" version ".tar.gz"))
+        (sha256
+         (base32
+          "0py3593pv3iz0vds82wzbjy1ykc96qaaji1ldd9dlr50kb1840c3"))))
+    (build-system cmake-build-system)
+    (arguments
+     `(#:configure-flags '("-DQST_BUILD_WEBKIT=1")
+       #:phases
+       (modify-phases %standard-phases
+         ;; The program is meant to be run from the git repo or source tarball.
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin")))
+               (install-file "QSyncthingTray" bin)
+               (install-file (string-append
+                               "../QSyncthingTray-"
+                               ,(package-version qsyncthingtray)
+                               "/resources/images/Icon1024.png")
+                             (string-append
+                               out "/share/pixmaps/QSyncthingTray.png"))
+               #t))))
+       #:tests? #f)) ; no test target
+    (inputs
+     `(("qtbase" ,qtbase)
+       ("qtwebkit" ,qtwebkit)))
+    (home-page "https://github.com/sieren/QSyncthingTray")
+    (synopsis "Traybar Application for Syncthing")
+    (description
+     "A traybar application for syncthing.
+@enumerate
+@item Shows number of connections at a glance.
+@item Traffic statistics about incoming, outgoing and total throughput.
+@item Launches Syncthing and Syncthing-iNotifier if specified.
+@item Quickly pause Syncthing with one click.
+@item Last Synced Files - Quickly see the recently synchronised files and open
+their folder.
+@item Quick Access to all shared folders.
+@item Presents Syncthing UI in a separate view instead of using the browser.
+@item Supports authenticated HTTPS connections.
+@item Uses System Notifications about current connection status.
+@item Toggle for monochrome icon.
+@end enumerate\n")
+    (license license:lgpl3+)))
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 607fa33b27..854ba1cb47 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -671,7 +671,7 @@ number generator")
 (define-public acme-client
   (package
     (name "acme-client")
-    (version "0.1.14")
+    (version "0.1.15")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://kristaps.bsd.lv/" name "/"
@@ -679,7 +679,7 @@ number generator")
                                   version ".tgz"))
               (sha256
                (base32
-                "1qq4xk41pn65m3v7nnvkmxg96pr06vz6hzdrm0vcmlp3clzpbahl"))))
+                "07p723391whrswl4rir0l1k03l457sjscnj0cfaxr8mfnkx4y3wi"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f ; no test suite
@@ -689,6 +689,8 @@ number generator")
        #:phases
        (modify-phases %standard-phases
          (delete 'configure)))) ; no './configure' script
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
     (inputs
      `(("libbsd" ,libbsd)
        ("libressl" ,libressl)))
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index fe079fb104..9b461aa170 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -39,14 +39,14 @@
 (define-public tor
   (package
     (name "tor")
-    (version "0.2.8.9")
+    (version "0.2.8.10")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://dist.torproject.org/tor-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "05jkvhbgyq81fcmk1xpl3yw97ljj5sg9pngl27zlmgl7p0xjfp1z"))))
+               "0kcw9hq4xz8p91xwyhjfry5p1dmn7vvnhpfz66vl9gsfndbqr2y8"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("python" ,python-2)))  ; for tests
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 03d7bbead3..edd2d3a4dd 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -141,6 +141,9 @@ as well as the classic centralized workflow.")
       ("python" ,python-2) ; CAVEAT: incompatible with python-3 according to INSTALL
       ("zlib" ,zlib)
 
+      ;; For 'gitweb.cgi'
+      ("perl-cgi" ,perl-cgi)
+
       ;; For 'git-svn'.
       ("subversion" ,subversion)
       ("perl-term-readkey" ,perl-term-readkey)
@@ -257,6 +260,17 @@ as well as the classic centralized workflow.")
                                    "perl-net-smtp-ssl"
                                    "perl-io-socket-ssl")))))))
 
+              ;; Tell 'gitweb.cgi' where perl modules are.
+              (wrap-program (string-append out "/share/gitweb/gitweb.cgi")
+                `("PERL5LIB" ":" prefix
+                  ,(map (lambda (o) (string-append o "/lib/perl5/site_perl"))
+                        (list
+                         ,@(transitive-input-references
+                            'inputs
+                            (map (lambda (l)
+                                   (assoc l (inputs)))
+                                 '("perl-cgi")))))))
+
               ;; Tell 'git-submodule' where Perl is.
               (wrap-program git-sm
                 `("PATH" ":" prefix
diff --git a/gnu/packages/vtk.scm b/gnu/packages/vtk.scm
index 13ce2e2ac0..5a5c941270 100644
--- a/gnu/packages/vtk.scm
+++ b/gnu/packages/vtk.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -20,37 +21,64 @@
 (define-module (gnu packages vtk)
   #:use-module (guix packages)
   #:use-module (guix download)
-  #:use-module (guix licenses)
+  #:use-module ((guix licenses) #:select (bsd-3))
+  #:use-module (guix utils)
   #:use-module (guix build-system cmake)
   #:use-module (gnu packages)
-  #:use-module (gnu packages xorg)
-  #:use-module (gnu packages gl))
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages maths)
+  #:use-module (gnu packages serialization)
+  #:use-module (gnu packages xiph)
+  #:use-module (gnu packages xml)
+  #:use-module (gnu packages xorg))
 
 (define-public vtk
   (package
     (name "vtk")
-    (version "6.1.0")
+    (version "7.1.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://www.vtk.org/files/release/"
-                                  (substring version 0
-                                             (string-rindex version #\.))
+                                  (version-major+minor version)
                                   "/VTK-" version ".tar.gz"))
               (sha256
                (base32
-                "0d7shccdkyj4mbh2riilslgx3gd28in4c7xpm0lxa1ln8w5g2zdx"))
-              (patches (search-patches "vtk-mesa-10.patch"))))
+                "0yj96z58haan77gzilnqp7xpf8hg5jk11a3jx55p2ksd400s0gjz"))))
     (build-system cmake-build-system)
     (arguments
-     ;; Build without '-g' to save space.
-     '(#:configure-flags '("-DCMAKE_BUILD_TYPE=Release")
+     '(#:build-type "Release"           ;Build without '-g' to save space.
+       ;; -DVTK_USE_SYSTEM_NETCDF:BOOL=TRUE requires netcdf_cxx
+       #:configure-flags '("-DVTK_USE_SYSTEM_EXPAT:BOOL=TRUE"
+                           "-DVTK_USE_SYSTEM_FREETYPE:BOOL=TRUE"
+                           "-DVTK_USE_SYSTEM_HDF5:BOOL=TRUE"
+                           "-DVTK_USE_SYSTEM_JPEG:BOOL=TRUE"
+                           "-DVTK_USE_SYSTEM_JSONCPP:BOOL=TRUE"
+                           "-DVTK_USE_SYSTEM_LIBXML2:BOOL=TRUE"
+                           "-DVTK_USE_SYSTEM_OGGTHEORA:BOOL=TRUE"
+                           "-DVTK_USE_SYSTEM_PNG:BOOL=TRUE"
+                           "-DVTK_USE_SYSTEM_TIFF:BOOL=TRUE"
+                           "-DVTK_USE_SYSTEM_ZLIB:BOOL=TRUE")
        #:tests? #f))                              ;XXX: no "test" target
     (inputs
      `(("libXt" ,libxt)
        ("xproto" ,xproto)
        ("libX11" ,libx11)
+       ("libxml2" ,libxml2)
        ("mesa" ,mesa)
-       ("glu" ,glu)))
+       ("glu" ,glu)
+       ("expat" ,expat)
+       ("freetype" ,freetype)
+       ("hdf5" ,hdf5)
+       ("jpeg" ,libjpeg)
+       ("jsoncpp" ,jsoncpp)
+       ("libogg" ,libogg)
+       ("libtheora" ,libtheora)
+       ("png" ,libpng)
+       ("tiff" ,libtiff)
+       ("zlib" ,zlib)))
     (home-page "http://www.vtk.org/")
     (synopsis "Libraries for 3D computer graphics")
     (description
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index de949b60e3..697bab8e56 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -201,6 +201,66 @@ and as a proxy to reduce the load on back-end HTTP or mail servers.")
     ;;     except for two source files which are bsd-4 licensed.
     (license (list l:bsd-2 l:expat l:bsd-3 l:bsd-4))))
 
+(define-public fcgi
+  (package
+    (name "fcgi")
+    (version "2.4.0")
+    (source
+     (origin
+       (method url-fetch)
+       ;; Upstream has disappeared
+       (uri (string-append "https://sources.archlinux.org/other/packages/fcgi/"
+                           "fcgi-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1f857wnl1d6jfrgfgfpz3zdaj8fch3vr13mnpcpvy8bang34bz36"))
+       (patches (search-patches "fcgi-2.4.0-poll.patch"
+                                "fcgi-2.4.0-gcc44-fixes.patch"))))
+    (build-system gnu-build-system)
+    (home-page "http://www.fastcgi.com")
+    (synopsis "Language-independent, high-performant extension to CGI")
+    (description "FastCGI is a language independent, scalable extension to CGI
+that provides high performance without the limitations of server specific
+APIs.")
+    ;; This package is released under the Open Market License, a variant of
+    ;; the Expat license, incompatible with the GPL.
+    (license (l:non-copyleft "file://LICENSE.TERMS"))))
+
+(define-public fcgiwrap
+  (package
+    (name "fcgiwrap")
+    (version "1.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/gnosek/fcgiwrap/"
+                           "archive/" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "07y6s4mm86cv7p1ljz94sxnqa89y9amn3vzwsnbq5hrl4vdy0zac"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; no tests included
+       #:make-flags (list "CC=gcc")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'bootstrap
+           (lambda _
+             (zero? (system* "autoreconf" "-vif")))))))
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("fcgi" ,fcgi)))
+    (home-page "https://nginx.localdomain.pl/wiki/FcgiWrap")
+    (synopsis "Simple server for running CGI applications over FastCGI")
+    (description "Fcgiwrap is a simple server for running CGI applications
+over FastCGI.  It hopes to provide clean CGI support to Nginx (and other web
+servers that may need it).")
+    (license l:expat)))
+
 (define-public starman
   (package
     (name "starman")
@@ -827,7 +887,7 @@ language known as SASS.")
 (define-public perl-apache-logformat-compiler
   (package
     (name "perl-apache-logformat-compiler")
-    (version "0.32")
+    (version "0.33")
     (source
      (origin
        (method url-fetch)
@@ -835,7 +895,7 @@ language known as SASS.")
                            "Apache-LogFormat-Compiler-" version ".tar.gz"))
        (sha256
         (base32
-         "0zyx4r2bxc6d48m70fhcq80nw0q9wnfz6qgn1g0r6bigqgdjq4dw"))))
+         "17blk3zhp05azgypn25ydxf3d7fyfgr9bxyiv7xkchhqma96vwqv"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-http-message" ,perl-http-message)
@@ -902,26 +962,29 @@ action, which will forward to the first available view.")
 (define-public perl-catalyst-action-rest
   (package
     (name "perl-catalyst-action-rest")
-    (version "1.17")
+    (version "1.20")
     (source (origin
               (method url-fetch)
-              (uri (string-append "mirror://cpan/authors/id/F/FR/FREW/"
+              (uri (string-append "mirror://cpan/authors/id/J/JJ/JJNAPIORK/"
                                   "Catalyst-Action-REST-" version ".tar.gz"))
               (sha256
                (base32
-                "1rnxmsd9dsqz4xc0g9ynafxi934jwp0nixbg92q3bc2h46xcccy8"))))
+                "1mpa64p61f3dp24xnhdraswch4sqj5vyv1iivcvvh5h0xi0haiy0"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-requires" ,perl-test-requires)))
     (propagated-inputs
      `(("perl-catalyst-runtime" ,perl-catalyst-runtime)
        ("perl-class-inspector" ,perl-class-inspector)
+       ("perl-config-general" ,perl-config-general)
+       ("perl-cpanel-json-xs" ,perl-cpanel-json-xs)
        ("perl-libwww" ,perl-libwww)
        ("perl-moose" ,perl-moose)
        ("perl-mro-compat" ,perl-mro-compat)
        ("perl-namespace-autoclean" ,perl-namespace-autoclean)
        ("perl-params-validate" ,perl-params-validate)
-       ("perl-uri-find" ,perl-uri-find)))
+       ("perl-uri-find" ,perl-uri-find)
+       ("perl-xml-simple" ,perl-xml-simple)))
     (home-page "http://search.cpan.org/dist/Catalyst-Action-REST")
     (synopsis "Automated REST Method Dispatching")
     (description "This Action handles doing automatic method dispatching for
@@ -1110,7 +1173,7 @@ Models.")
 (define-public perl-catalyst-plugin-accesslog
   (package
     (name "perl-catalyst-plugin-accesslog")
-    (version "1.05")
+    (version "1.10")
     (source
      (origin
        (method url-fetch)
@@ -1118,14 +1181,13 @@ Models.")
                            "Catalyst-Plugin-AccessLog-" version ".tar.gz"))
        (sha256
         (base32
-         "0hqvckaw91q5yc25a33bp0d4qqxlgkp7rxlvi8n8svxd1406r55s"))))
+         "0811rj45q4v2y8wka3wb9d5m4vbyhcmkvddf2wz4x69awzjbhgc7"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-catalyst-runtime" ,perl-catalyst-runtime)
        ("perl-datetime" ,perl-datetime)
        ("perl-moose" ,perl-moose)
        ("perl-namespace-autoclean" ,perl-namespace-autoclean)))
-    (arguments `(#:tests? #f))          ;Unexpected http responses
     (home-page "http://search.cpan.org/dist/Catalyst-Plugin-AccessLog")
     (synopsis "Request logging from within Catalyst")
     (description "This Catalyst plugin enables you to create \"access logs\"
@@ -1251,7 +1313,7 @@ formats.")
 (define-public perl-catalyst-plugin-session
   (package
     (name "perl-catalyst-plugin-session")
-    (version "0.39")
+    (version "0.40")
     (source
      (origin
        (method url-fetch)
@@ -1259,7 +1321,7 @@ formats.")
                            "Catalyst-Plugin-Session-" version ".tar.gz"))
        (sha256
         (base32
-         "0m4a003qgz7848iyckwbigg2vw3kmfxggh1razrnzxrbz3n6x5gi"))))
+         "171vi9xcl775scjaw4fcfdmqvz0rb1nr0xxg2gb3ng6bjzpslhgv"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-deep" ,perl-test-deep)
@@ -1269,6 +1331,7 @@ formats.")
        ("perl-moose" ,perl-moose)
        ("perl-moosex-emulate-class-accessor-fast"
         ,perl-moosex-emulate-class-accessor-fast)
+       ("perl-mro-compat" ,perl-mro-compat)
        ("perl-namespace-clean" ,perl-namespace-clean)
        ("perl-object-signature" ,perl-object-signature)
        ("perl-test-www-mechanize-psgi" ,perl-test-www-mechanize-psgi)))
@@ -1517,7 +1580,7 @@ table based report in a variety of formats (CSV, HTML, etc.).")
 (define-public perl-catalyst-view-json
   (package
     (name "perl-catalyst-view-json")
-    (version "0.35")
+    (version "0.36")
     (source
      (origin
        (method url-fetch)
@@ -1525,7 +1588,7 @@ table based report in a variety of formats (CSV, HTML, etc.).")
                            "Catalyst-View-JSON-" version ".tar.gz"))
        (sha256
         (base32
-         "184pyghlrkl7p387bnyvswi2d9myvdg4v3lax6xrd59shskvpmkm"))))
+         "0x943j1n2r0zqanyzdrs1xsnn8ayn2wqskn7h144xcqa6v6gcisl"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-yaml" ,perl-yaml)))
@@ -1542,19 +1605,20 @@ stash data in JSON format.")
 (define-public perl-catalyst-view-tt
   (package
     (name "perl-catalyst-view-tt")
-    (version "0.42")
+    (version "0.44")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/J/JJ/JJNAPIORK/"
+       (uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/"
                            "Catalyst-View-TT-" version ".tar.gz"))
      (sha256
       (base32
-       "18ciik9fqaqjfasa9wicbjrsl3gjhjc15xzaj3rif57an25cl178"))))
+       "06d1zg4nbb6kcyjbnyxrkf8z4zlscxr8650d94f7187jygfl8rvh"))))
   (build-system perl-build-system)
   (propagated-inputs
    `(("perl-catalyst-runtime" ,perl-catalyst-runtime)
      ("perl-class-accessor" ,perl-class-accessor)
+     ("perl-data-dump" ,perl-data-dump)
      ("perl-mro-compat" ,perl-mro-compat)
      ("perl-path-class" ,perl-path-class)
      ("perl-template-timer" ,perl-template-timer)
@@ -1651,7 +1715,7 @@ development server with Starman.")
 (define-public perl-cgi
   (package
     (name "perl-cgi")
-    (version "4.25")
+    (version "4.35")
     (source
      (origin
        (method url-fetch)
@@ -1659,7 +1723,7 @@ development server with Starman.")
                            "CGI-" version ".tar.gz"))
        (sha256
         (base32
-         "06hk9zzvlix1yi95wlkb1ykdxgl6lscm7452gkwr2snsb8iybczg"))))
+         "07gwnlc7vq58fjwmfsrv0hfyirqqdrpjhf89caq34rjrkz2wsd0b"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-deep" ,perl-test-deep)
@@ -1768,7 +1832,7 @@ for files and urls.")
 (define-public perl-encode-locale
   (package
     (name "perl-encode-locale")
-    (version "1.03")
+    (version "1.05")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -1776,7 +1840,7 @@ for files and urls.")
                    version ".tar.gz"))
              (sha256
               (base32
-               "0m9d1vdphlyzybgmdanipwd9ndfvyjgk3hzw250r299jjgh3fqzp"))))
+               "1h8fvcdg3n20c2yp7107yhdkkx78534s9hnvn7ps8hpmf4ks0vqp"))))
     (build-system perl-build-system)
     (license (package-license perl))
     (synopsis "Perl locale encoding determination")
@@ -1843,7 +1907,7 @@ which can be used to parse directory listings.")
 (define-public perl-finance-quote
   (package
    (name "perl-finance-quote")
-   (version "1.37")
+   (version "1.38")
    (source
     (origin
       (method url-fetch)
@@ -1851,7 +1915,7 @@ which can be used to parse directory listings.")
                           "Finance-Quote-" version ".tar.gz"))
       (sha256
        (base32
-        "1b6pbh7f76fb5sa4f0lhx085xy55pprz5v7z7li7pqiyw7i4f4bf"))
+        "0zhqb27y4vdxn476s2kwm9zl2f970yjcyyybnjm9b406krr2fm59"))
       (patches (search-patches
                 "perl-finance-quote-unuse-mozilla-ca.patch"))))
    (build-system perl-build-system)
@@ -2019,7 +2083,7 @@ representing, creating, and extracting information from HTML syntax trees.")
 (define-public perl-html-parser
   (package
     (name "perl-html-parser")
-    (version "3.71")
+    (version "3.72")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -2027,10 +2091,11 @@ representing, creating, and extracting information from HTML syntax trees.")
                    version ".tar.gz"))
              (sha256
               (base32
-               "00nqzdgl7c3jilx7mil19k5jwcw3as14pvkjgxi97zyk94vqp4dy"))))
+               "12v05ywlnsi9lc17z32k9jxx3sj1viy7y1wpl7n4az76v7hwfa7c"))))
     (build-system perl-build-system)
     (inputs
-     `(("perl-html-tagset" ,perl-html-tagset)))
+     `(("perl-html-tagset" ,perl-html-tagset)
+       ("perl-http-message" ,perl-http-message)))
     (license (package-license perl))
     (synopsis "Perl HTML parser class")
     (description
@@ -2089,7 +2154,7 @@ you to separate design from the data.")
 (define-public perl-http-body
   (package
     (name "perl-http-body")
-    (version "1.19")
+    (version "1.22")
     (source
      (origin
        (method url-fetch)
@@ -2097,7 +2162,7 @@ you to separate design from the data.")
                            "HTTP-Body-" version ".tar.gz"))
        (sha256
         (base32
-         "0ahhksj0zg6wq6glpjkxdr3byd5riwvq2f5aw21n1jcsl71nll01"))))
+         "15vj488i62mdp4ps9k77h39prj70i7anb6b0j8nm7l9vbdc2q3gw"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-deep" ,perl-test-deep)))
@@ -2114,7 +2179,7 @@ and multipart/form-data.")
 (define-public perl-http-cookiejar
   (package
     (name "perl-http-cookiejar")
-    (version "0.006")
+    (version "0.008")
     (source
      (origin
        (method url-fetch)
@@ -2122,12 +2187,13 @@ and multipart/form-data.")
                            "HTTP-CookieJar-" version ".tar.gz"))
        (sha256
         (base32
-         "0c7l29ak6ba2j006ca00vnkxpyc1fvpikydjvsb24s50zf1mv7b2"))))
+         "0rfw6avcralggs7bf7n86flvhaahxjnqzvpwszp0sk4z4wwy01wm"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-deep" ,perl-test-deep)
        ("perl-test-requires" ,perl-test-requires)
-       ("perl-time-mock" ,perl-time-mock)))
+       ("perl-time-mock" ,perl-time-mock)
+       ("perl-uri" ,perl-uri)))
     (inputs
      `(("perl-time-local" ,perl-time-local)
        ("perl-http-date" ,perl-http-date)))
@@ -2207,18 +2273,19 @@ used by the HTTP protocol (and then some more).")
 (define-public perl-http-message
   (package
     (name "perl-http-message")
-    (version "6.06")
+    (version "6.11")
     (source (origin
              (method url-fetch)
              (uri (string-append
-                   "mirror://cpan/authors/id/G/GA/GAAS/HTTP-Message-"
+                   "mirror://cpan/authors/id/E/ET/ETHER/HTTP-Message-"
                    version ".tar.gz"))
              (sha256
               (base32
-               "0qxdrcak97azjvqyx1anpb2ky6vp6vc37x0wcfjdqfajkh09fzh8"))))
+               "06yq6cjx4vzl4if4ykap77xsrrd8aa7ish90k7cqi8g6g83nicz7"))))
     (build-system perl-build-system)
     (propagated-inputs
-     `(("perl-http-date" ,perl-http-date)
+     `(("perl-encode-locale" ,perl-encode-locale)
+       ("perl-http-date" ,perl-http-date)
        ("perl-io-html" ,perl-io-html)
        ("perl-lwp-mediatypes" ,perl-lwp-mediatypes)
        ("perl-uri" ,perl-uri)))
@@ -2226,7 +2293,7 @@ used by the HTTP protocol (and then some more).")
     (synopsis "Perl HTTP style message")
     (description
      "An HTTP::Message object contains some headers and a content body.")
-    (home-page "http://search.cpan.org/~gaas/HTTP-Message/")))
+    (home-page "http://search.cpan.org/~ether/HTTP-Message/")))
 
 (define-public perl-http-negotiate
   (package
@@ -2322,15 +2389,15 @@ environment from an HTTP::Request.")
 (define-public perl-http-server-simple
   (package
     (name "perl-http-server-simple")
-    (version "0.44")
+    (version "0.51")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/J/JE/JESSE/"
+       (uri (string-append "mirror://cpan/authors/id/B/BP/BPS/"
                            "HTTP-Server-Simple-" version ".tar.gz"))
        (sha256
         (base32
-         "05klpfkss2a6i5ihmvcm27fyar0f2v4ispg2f49agab3va1gix6g"))))
+         "1yvd2g57z2kq00q5i3zzfi15k98qgbif3vghjsda6v612agmrp5r"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-cgi" ,perl-cgi)))
@@ -2348,7 +2415,7 @@ http-based UI to your existing tools.")
 (define-public perl-http-tiny
   (package
     (name "perl-http-tiny")
-    (version "0.053")
+    (version "0.070")
     (source
      (origin
        (method url-fetch)
@@ -2356,12 +2423,13 @@ http-based UI to your existing tools.")
                            "HTTP-Tiny-" version ".tar.gz"))
        (sha256
         (base32
-         "1bwy31xrcz5zfx1n3vc50vj1aqvzn5ccr7lgacl8wmi03a6w2af2"))))
+         "0cvp5yqrni6qydpsa8fpkbm82zfwmy9js8jsvyj8gs3dx78qbwvl"))))
     (build-system perl-build-system)
     (inputs
      `(("perl-http-cookiejar" ,perl-http-cookiejar)
        ("perl-io-socket-ip" ,perl-io-socket-ip)
        ("perl-io-socket-ssl" ,perl-io-socket-ssl)
+       ("perl-mozilla-ca" ,perl-mozilla-ca)
        ("perl-net-ssleay" ,perl-net-ssleay)))
     (home-page "http://search.cpan.org/dist/HTTP-Tiny")
     (synopsis "HTTP/1.1 client")
@@ -2442,7 +2510,7 @@ select or poll.")
 (define-public perl-libwww
   (package
     (name "perl-libwww")
-    (version "6.13")
+    (version "6.15")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -2450,7 +2518,7 @@ select or poll.")
                    version ".tar.gz"))
              (sha256
               (base32
-               "1cpqjl59viw50bnbdyn8xzrwzg7g54b2rszw0fifacqrppp17gaz"))))
+               "08l3mpgcvm4ipn1zggymqgk402apf35xyds43i8c07hvq92rsd3g"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-encode-locale" ,perl-encode-locale)
@@ -2458,8 +2526,11 @@ select or poll.")
        ("perl-html-parser" ,perl-html-parser)
        ("perl-http-cookies" ,perl-http-cookies)
        ("perl-http-daemon" ,perl-http-daemon)
+       ("perl-http-date" ,perl-http-date)
+       ("perl-http-message" ,perl-http-message)
        ("perl-http-negotiate" ,perl-http-negotiate)
        ("perl-net-http" ,perl-net-http)
+       ("perl-uri" ,perl-uri)
        ("perl-www-robotrules" ,perl-www-robotrules)))
     (license (package-license perl))
     (synopsis "Perl modules for the WWW")
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 80534d69f2..594a1a471c 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -167,7 +167,7 @@ based on libxml for XML parsing, tree manipulation and XPath support.")
 (define-public perl-graph-readwrite
   (package
     (name "perl-graph-readwrite")
-    (version "2.08")
+    (version "2.09")
     (source
      (origin
        (method url-fetch)
@@ -177,7 +177,7 @@ based on libxml for XML parsing, tree manipulation and XPath support.")
              ".tar.gz"))
        (sha256
         (base32
-         "1wjni212nfz9irp19nx9if1lj3w9cybpdbzhii4g8macpryjj7ci"))))
+         "0jlsg64pmy6ka5q5gy851nnyfgjzvhyxc576bhns3vi2x5ng07mh"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-graph" ,perl-graph)
@@ -310,14 +310,14 @@ XML parser and the high performance DOM implementation.")
 (define-public perl-xml-libxml-simple
   (package
     (name "perl-xml-libxml-simple")
-    (version "0.95")
+    (version "0.97")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/M/MA/MARKOV/"
                                   "XML-LibXML-Simple-" version ".tar.gz"))
               (sha256
                (base32
-                "0qqfqj5bgqmh1j4iv8dwl3g00nsmcvf2b7w1d09k9d77rrb249xi"))))
+                "1g8nlk3zdz2cclxf7azvsb3jfxmvy6ml8wmj774k4qjqcsqmzk0w"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-file-slurp-tiny" ,perl-file-slurp-tiny)
@@ -514,7 +514,7 @@ EntityRef, CharRef, Reference, Name, NmToken, and AttValue.")
 (define-public perl-xml-dom
   (package
     (name "perl-xml-dom")
-    (version "1.44")
+    (version "1.46")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -522,11 +522,12 @@ EntityRef, CharRef, Reference, Name, NmToken, and AttValue.")
                    version ".tar.gz"))
              (sha256
               (base32
-               "1r0ampc88ni3sjpzr583k86076qg399arfm9xirv3cw49k3k5bzn"))))
+               "0phpkc4li43m2g44hdcvyxzy9pymqwlqhh5hwp2xc0cv8l5lp8lb"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-libwww" ,perl-libwww)
        ("perl-libxml" ,perl-libxml)
+       ("perl-xml-parser" ,perl-xml-parser)
        ("perl-xml-regexp" ,perl-xml-regexp)))
     (license (package-license perl))
     (synopsis
@@ -565,14 +566,14 @@ This module provide functions which simplify writing tests for
 (define-public perl-xml-compile
   (package
     (name "perl-xml-compile")
-    (version "1.51")
+    (version "1.54")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/M/MA/MARKOV/"
                                   "XML-Compile-" version ".tar.gz"))
               (sha256
                (base32
-                "06fj4zf0yh4kf3kx4bhwrmrjr6al40nasasbgfhn8f1zxwkmm8f2"))))
+                "1hp41960bpqxvv1samv9hc0ghhmvs3i16r4rfl9yp54lp6jhsr2c"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-log-report" ,perl-log-report)
@@ -590,14 +591,14 @@ a schema.")
 (define-public perl-xml-compile-cache
   (package
     (name "perl-xml-compile-cache")
-    (version "1.04")
+    (version "1.05")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/M/MA/MARKOV/"
                                   "XML-Compile-Cache-" version ".tar.gz"))
               (sha256
                (base32
-                "1689dm54n7wb0n0cl9n77vk0kvg0mcckn2hz9ahigjhvazah8740"))))
+                "0xbwlszhi9hg8sxm5ylglm2qvnb689i595p913awrj2g4mp9yfsw"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-log-report" ,perl-log-report)
@@ -613,14 +614,14 @@ a schema.")
 (define-public perl-xml-compile-soap
   (package
     (name "perl-xml-compile-soap")
-    (version "3.13")
+    (version "3.20")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/M/MA/MARKOV/"
                                   "XML-Compile-SOAP-" version ".tar.gz"))
               (sha256
                (base32
-                "08qw63l78040nh37xzapbqp43g6s5l67bvskf3dyyizlarjx5mi4"))))
+                "0qplb77qr97pc9yis51jmphl9gbq9xyf8abldpxkwvdn6iqlbgx5"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-file-slurp-tiny" ,perl-file-slurp-tiny)
@@ -641,14 +642,14 @@ used.")
 (define-public perl-xml-compile-wsdl11
   (package
     (name "perl-xml-compile-wsdl11")
-    (version "3.04")
+    (version "3.05")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/M/MA/MARKOV/"
                                   "XML-Compile-WSDL11-" version ".tar.gz"))
               (sha256
                (base32
-                "0pyikwnfwpangvnkf5dbdagy4z93ag9824f1ax5qaibc3ghca8kv"))))
+                "1a50in1qrbzx3924wvrhgfm5fcxz5cd95f3z9z2xgln27q1zssc4"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-log-report" ,perl-log-report)
@@ -706,14 +707,14 @@ RSS 0.91, RSS 1.0, RSS 2.0, Atom")
 (define-public perl-xml-xpath
   (package
     (name "perl-xml-xpath")
-    (version "1.37")
+    (version "1.40")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/M/MA/MANWAR/"
                                   "XML-XPath-" version ".tar.gz"))
               (sha256
                (base32
-                "0997l8vjgq8p7d1irvp6amqyrv24x7f8hybjm4l4ayag32b13bmq"))))
+                "07pa0bl42jka8mj7jshjynx8vpfh8b4cdyiv4zlkqvkqz98nzxib"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-path-tiny" ,perl-path-tiny)))
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index afbecdb47e..2b3d3f8548 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -252,6 +252,8 @@ FILE-SYSTEM."
         (device  (file-system-device file-system))
         (type    (file-system-type file-system))
         (title   (file-system-title file-system))
+        (flags   (file-system-flags file-system))
+        (options (file-system-options file-system))
         (check?  (file-system-check? file-system))
         (create? (file-system-create-mount-point? file-system))
         (dependencies (file-system-dependencies file-system)))
@@ -264,34 +266,12 @@ FILE-SYSTEM."
                            ,@(map dependency->shepherd-service-name dependencies)))
             (documentation "Check, mount, and unmount the given file system.")
             (start #~(lambda args
-                       ;; FIXME: Use or factorize with 'mount-file-system'.
-                       (let ((device (canonicalize-device-spec #$device '#$title))
-                             (flags  #$(mount-flags->bit-mask
-                                        (file-system-flags file-system))))
-                         #$(if create?
-                               #~(mkdir-p #$target)
-                               #~#t)
-                         #$(if check?
-                               #~(begin
-                                   ;; Make sure fsck.ext2 & co. can be found.
-                                   (setenv "PATH"
-                                           (string-append
-                                            #$e2fsprogs "/sbin:"
-                                            "/run/current-system/profile/sbin:"
-                                            (getenv "PATH")))
-                                   (check-file-system device #$type))
-                               #~#t)
-
-                         (mount device #$target #$type flags
-                                #$(file-system-options file-system))
-
-                         ;; For read-only bind mounts, an extra remount is
-                         ;; needed, as per <http://lwn.net/Articles/281157/>,
-                         ;; which still applies to Linux 4.0.
-                         (when (and (= MS_BIND (logand flags MS_BIND))
-                                    (= MS_RDONLY (logand flags MS_RDONLY)))
-                           (mount device #$target #$type
-                                  (logior MS_BIND MS_REMOUNT MS_RDONLY))))
+		       #$(if create?
+                             #~(mkdir-p #$target)
+                             #t)
+		       (mount-file-system
+			`(#$device #$title #$target #$type #$flags #$options
+				   #$check?) #:root "/")
                        #t))
             (stop #~(lambda args
                       ;; Normally there are no processes left at this point, so
@@ -305,7 +285,7 @@ FILE-SYSTEM."
 
             ;; We need an additional module.
             (modules `(((gnu build file-systems)
-                        #:select (check-file-system canonicalize-device-spec))
+                        #:select (mount-file-system))
                        ,@%default-modules)))))))
 
 (define file-system-service-type
diff --git a/gnu/services/configuration.scm b/gnu/services/configuration.scm
index 9f28aabc96..94c5f21557 100644
--- a/gnu/services/configuration.scm
+++ b/gnu/services/configuration.scm
@@ -30,6 +30,8 @@
             configuration-field-name
             configuration-missing-field
             configuration-field-error
+            configuration-field-serializer
+            configuration-field-getter
             serialize-configuration
             define-configuration
             validate-configuration
diff --git a/gnu/services/cups.scm b/gnu/services/cups.scm
index 391046a75f..df1843e438 100644
--- a/gnu/services/cups.scm
+++ b/gnu/services/cups.scm
@@ -894,7 +894,7 @@ IPP specifications.")
                     (if (file-exists? dst)
                         (format (current-error-port) "warning: ~a exists\n" dst)
                         (symlink src dst))))
-                (find-files (string-append package path))))
+                (find-files (string-append package path) #:stat stat)))
              (list #$@paths)))
           (list #$@packages))
          #t))))
diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm
index a56f63082c..cb33a7c53d 100644
--- a/gnu/services/kerberos.scm
+++ b/gnu/services/kerberos.scm
@@ -17,14 +17,388 @@
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (gnu services kerberos)
-  #:use-module (gnu packages admin)
   #:use-module (gnu services)
+  #:use-module (gnu services configuration)
   #:use-module (gnu system pam)
   #:use-module (guix gexp)
   #:use-module (guix records)
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-34)
+  #:use-module (srfi srfi-35)
+  #:use-module (ice-9 match)
   #:export (pam-krb5-configuration
             pam-krb5-configuration?
-            pam-krb5-service-type))
+            pam-krb5-service-type
+
+            krb5-realm
+            krb5-realm?
+
+            krb5-configuration
+            krb5-configuration?
+            krb5-service-type))
+
+
+
+(define unset-field (list 'unset-field))
+
+(define (predicate/unset pred)
+  (lambda (x) (or (eq? x unset-field) (pred x))))
+
+(define string/unset? (predicate/unset string?))
+(define boolean/unset? (predicate/unset boolean?))
+(define integer/unset? (predicate/unset integer?))
+
+(define (uglify-field-name field-name)
+  "Return FIELD-NAME with all instances of '-' replaced by '_' and any
+trailing '?' removed."
+  (let ((str (symbol->string field-name)))
+    (string-join (string-split (if (string-suffix? "?" str)
+                                   (substring str 0 (1- (string-length str)))
+                                   str)
+                               #\-)
+                 "_")))
+
+(define (serialize-field* field-name val)
+  (format #t "~a = ~a\n" (uglify-field-name field-name) val))
+
+(define (serialize-string/unset field-name val)
+  (unless (eq? val unset-field)
+      (serialize-field* field-name val)))
+
+(define (serialize-integer/unset field-name val)
+  (unless (eq? val unset-field)
+      (serialize-field* field-name val)))
+
+(define (serialize-boolean/unset field-name val)
+  (unless (eq? val unset-field)
+      (serialize-field* field-name
+                        (if val "true" "false"))))
+
+
+;; An end-point is an address such as "192.168.0.1"
+;; or an address port pair ("foobar.example.com" . 109)
+(define (end-point? val)
+  (match val
+    ((? string?) #t)
+    (((? string?) . (? integer?)) #t)
+    (_ #f)))
+
+(define (serialize-end-point field-name val)
+  (serialize-field* field-name
+                    (match val
+                      ((host . port)
+                       ;; The [] are needed in the case of IPv6 addresses
+                       (format #f "[~a]:~a" host port))
+                      (host
+                       (format #f "~a" host)))))
+
+(define (serialize-space-separated-string-list/unset field-name val)
+  (unless (eq? val unset-field)
+      (serialize-field* field-name (string-join val " "))))
+
+(define space-separated-string-list/unset?
+  (predicate/unset space-separated-string-list?))
+
+(define comma-separated-integer-list/unset?
+  (predicate/unset (lambda (val)
+                     (and (list? val)
+                          (and-map (lambda (x) (integer? x))
+                                   val)))))
+
+(define (serialize-comma-separated-integer-list/unset field-name val)
+  (unless (eq? val unset-field)
+      (serialize-field* field-name
+                       (string-drop ; Drop the leading comma
+                        (fold
+                         (lambda (i prev)
+                           (string-append prev "," (number->string i)))
+                         "" val) 1))))
+
+(define file-name? (predicate/unset
+                    (lambda (val)
+                      (string-prefix? "/" val))))
+
+(define (serialize-file-name field-name val)
+  (unless (eq? val unset-field)
+    (serialize-string field-name val)))
+
+(define (non-negative-integer? val)
+  (and (exact-integer? val) (not (negative? val))))
+
+(define (serialize-non-negative-integer/unset field-name val)
+  (unless (eq? val unset-field)
+    (serialize-field* field-name val)))
+
+(define (free-form-fields? val)
+  (match val
+    (() #t)
+    ((((? symbol?) . (? string)) . val) (free-form-fields? val))
+    (_ #f)))
+
+(define (serialize-free-form-fields field-name val)
+  (for-each (match-lambda ((k . v) (serialize-field* k v))) val))
+
+(define non-negative-integer/unset? (predicate/unset non-negative-integer?))
+
+(define (realm-list? val)
+  (and (list? val)
+       (and-map (lambda (x) (krb5-realm? x)) val)))
+
+(define (serialize-realm-list field-name val)
+  (format #t "\n[~a]\n" field-name)
+  (for-each (lambda (realm)
+              (format #t "\n~a = {\n" (krb5-realm-name realm))
+              (for-each (lambda (field)
+                          (unless (eq? 'name (configuration-field-name field))
+                            ((configuration-field-serializer field)
+                             (configuration-field-name field)
+                             ((configuration-field-getter field)
+                              realm)))) krb5-realm-fields)
+
+              (format #t "}\n")) val))
+
+
+
+;; For a more detailed explanation of these fields see man 5 krb5.conf
+(define-configuration krb5-realm
+  (name
+   (string/unset unset-field)
+   "The name of the realm.")
+
+  (kdc
+   (end-point unset-field)
+   "The host and port on which the realm's Key Distribution Server listens.")
+
+  (admin-server
+   (string/unset unset-field)
+   "The Host running the administration server for the realm.")
+
+  (master-kdc
+   (string/unset unset-field)
+   "If an attempt to get credentials fails because of an invalid password, 
+the client software will attempt to contact the master KDC.")
+
+  (kpasswd-server
+   (string/unset unset-field)
+   "The server where password changes are performed.")
+
+  (auth-to-local
+   (free-form-fields '())
+   "Rules to map between principals and local users.")
+
+  (auth-to-local-names
+   (free-form-fields '())
+   "Explicit mappings between principal names and local user names.")
+
+  (http-anchors
+   (free-form-fields '())
+   "Useful only when http proxy is used to access KDC or KPASSWD.")
+
+  ;; The following are useful only for working with V4 services
+  (default-domain
+    (string/unset unset-field)
+    "The domain used to expand host names when translating Kerberos 4 service
+principals to Kerberos 5 principals")
+
+  (v4-instance-convert
+   (free-form-fields '())
+   "Exceptions to the default-domain mapping rule.")
+
+  (v4-realm
+   (string/unset unset-field)
+   "Used  when the V4 realm name and the V5 realm name are not the same, but
+still share the same principal names and passwords"))
+
+
+
+;; For a more detailed explanation of these fields see man 5 krb5.conf
+(define-configuration krb5-configuration
+  (allow-weak-crypto?
+   (boolean/unset unset-field)
+   "If true, permits access to services which only offer weak encryption.")
+
+  (ap-req-checksum-type
+   (non-negative-integer/unset unset-field)
+   "The type of the AP-REQ checksum.")
+
+  (canonicalize?
+   (boolean/unset unset-field)
+   "Should principals in initial ticket requests be canonicalized?")
+
+  (ccache-type
+   (non-negative-integer/unset unset-field)
+   "The format of the credential cache type.")
+
+  (clockskew
+   (non-negative-integer/unset unset-field)
+   "Maximum allowable clock skew in seconds (default 300).")
+
+  (default-ccache-name
+    (file-name unset-field)
+    "The name of the default credential cache.")
+
+  (default-client-keytab-name
+    (file-name unset-field)
+    "The name of the default keytab for client credentials.")
+
+  (default-keytab-name
+    (file-name unset-field)
+    "The name of the default keytab file.")
+
+  (default-realm
+    (string/unset unset-field)
+    "The realm to be accessed if not explicitly specified by clients.")
+
+  (default-tgs-enctypes
+    (free-form-fields '())
+    "Session key encryption types when making TGS-REQ requests.")
+
+  (default-tkt-enctypes
+    (free-form-fields '())
+    "Session key encryption types when making AS-REQ requests.")
+
+  (dns-canonicalize-hostname?
+   (boolean/unset  unset-field)
+   "Whether name lookups will be used to canonicalize host names for use in 
+service principal names.")
+
+  (dns-lookup-kdc?
+   (boolean/unset unset-field)
+ "Should DNS SRV records should be used to locate the KDCs and other servers 
+not appearing in the realm specification")
+
+  (err-fmt
+   (string/unset unset-field)
+   "Custom error message formatting. If not #f error messages will be formatted 
+by substituting a normal error message for %M and an error code for %C in the 
+value.")
+
+  (forwardable?
+   (boolean/unset unset-field)
+   "Should initial tickets be forwardable by default?")
+
+  (ignore-acceptor-hostname?
+   (boolean/unset unset-field)
+   "When accepting GSSAPI or krb5 security contexts for host-based service 
+principals, ignore any hostname passed by the calling application, and allow 
+clients to authenticate to any service principal in the keytab matching the 
+service name and realm name.")
+
+  (k5login-authoritative?
+   (boolean/unset unset-field)
+   "If this flag is true, principals must be listed in a local user's k5login
+file to be granted login access, if a ~/.k5login file exists.")
+
+  (k5login-directory
+   (string/unset unset-field)
+   "If not #f, the library will look for a local user's @file{k5login} file 
+within the named directory (instead of the user's home directory), with a 
+file name corresponding to the local user name.")
+
+  (kcm-mach-service
+   (string/unset unset-field)
+   "The name of the bootstrap service used to contact the KCM daemon for the 
+KCM credential cache type.")
+
+  (kcm-socket
+   (file-name unset-field)
+ "Path to the Unix domain socket used to access the KCM daemon for the KCM 
+credential cache type.")
+
+  (kdc-default-options
+   (non-negative-integer/unset unset-field)
+   "Default KDC options (logored for multiple values) when requesting initial 
+tickets.")
+
+  (kdc-timesync
+   (non-negative-integer/unset unset-field)
+   "Attempt to compensate for clock skew between the KDC and client.")
+
+  (kdc-req-checksum-type
+   (non-negative-integer/unset unset-field)
+   "The type of checksum to use for the KDC requests. Relevant only for DES 
+keys")
+
+  (noaddresses?
+   (boolean/unset unset-field)
+   "If true, initial ticket requests will not be made with address restrictions.
+This enables their use across NATs.")
+
+  (permitted-enctypes
+   (space-separated-string-list/unset unset-field)
+   "All encryption types that are permitted for use in session key encryption.")
+
+  (plugin-base-dir
+   (file-name unset-field)
+   "The directory where krb5 plugins are located.")
+
+  (preferred-preauth-types
+   (comma-separated-integer-list/unset unset-field)
+   "The preferred pre-authentication types which the client will attempt before 
+others.")
+
+  (proxiable?
+   (boolean/unset unset-field)
+   "Should initial tickets be proxiable by default?")
+
+  (rdns?
+   (boolean/unset unset-field)
+   "Should reverse DNS lookup be used in addition to forward name lookup to 
+canonicalize host names for use in service principal names.")
+
+  (realm-try-domains
+   (integer/unset unset-field)
+   "Should a host's domain components should be used to determine the Kerberos 
+realm of the host.")
+
+  (renew-lifetime
+   (non-negative-integer/unset unset-field)
+   "The default renewable lifetime for initial ticket requests.")
+
+  (safe-checksum-type
+   (non-negative-integer/unset unset-field)
+   "The type of checksum to use for the KRB-SAFE requests.")
+
+  (ticket-lifetime
+   (non-negative-integer/unset unset-field)
+   "The default lifetime for initial ticket requests.")
+
+  (udp-preference-limit
+   (non-negative-integer/unset unset-field)
+   "When sending messages to the KDC, the library will try using TCP
+before UDP if the size of the message greater than this limit.")
+
+  (verify-ap-rereq-nofail?
+   (boolean/unset unset-field)
+ "If true, then attempts to verify initial credentials will fail if the client
+machine does not have a keytab.")
+
+  (realms
+   (realm-list '())
+   "The list of realms which clients may access."))
+
+
+(define (krb5-configuration-file config)
+  "Create a Kerberos 5 configuration file based on CONFIG"
+  (mixed-text-file "krb5.conf"
+                   "[libdefaults]\n\n"
+                   (with-output-to-string
+                     (lambda ()
+                       (serialize-configuration config
+                                                krb5-configuration-fields)))))
+
+(define (krb5-etc-service config)
+  (list `("krb5.conf" ,(krb5-configuration-file config))))
+
+
+(define krb5-service-type
+  (service-type (name 'krb5)
+                (extensions
+                 (list (service-extension etc-service-type
+                                          krb5-etc-service)))))
+
+
+
 
 (define-record-type* <pam-krb5-configuration>
   pam-krb5-configuration  make-pam-krb5-configuration
diff --git a/guix/scripts/offload.scm b/guix/scripts/offload.scm
index bc024a8701..237a9638d3 100644
--- a/guix/scripts/offload.scm
+++ b/guix/scripts/offload.scm
@@ -24,6 +24,7 @@
   #:use-module (ssh popen)
   #:use-module (ssh dist)
   #:use-module (ssh dist node)
+  #:use-module (ssh version)
   #:use-module (guix config)
   #:use-module (guix records)
   #:use-module (guix store)
@@ -176,31 +177,35 @@ private key from '~a': ~a")
                                ;; exchanging full archives.
                                #:compression "zlib"
                                #:compression-level 3)))
-    (connect! session)
-
-    ;; Authenticate the server.  XXX: Guile-SSH 0.10.1 doesn't know about
-    ;; ed25519 keys and 'get-key-type' returns #f in that case.
-    (let-values (((server)   (get-server-public-key session))
-                 ((type key) (host-key->type+key
-                              (build-machine-host-key machine))))
-      (unless (and (or (not (get-key-type server))
-                       (eq? (get-key-type server) type))
-                   (string=? (public-key->string server) key))
-        ;; Key mismatch: something's wrong.  XXX: It could be that the server
-        ;; provided its Ed25519 key when we where expecting its RSA key.
-        (leave (_ "server at '~a' returned host key '~a' of type '~a' \
+    (match (connect! session)
+      ('ok
+       ;; Authenticate the server.  XXX: Guile-SSH 0.10.1 doesn't know about
+       ;; ed25519 keys and 'get-key-type' returns #f in that case.
+       (let-values (((server)   (get-server-public-key session))
+                    ((type key) (host-key->type+key
+                                 (build-machine-host-key machine))))
+         (unless (and (or (not (get-key-type server))
+                          (eq? (get-key-type server) type))
+                      (string=? (public-key->string server) key))
+           ;; Key mismatch: something's wrong.  XXX: It could be that the server
+           ;; provided its Ed25519 key when we where expecting its RSA key.
+           (leave (_ "server at '~a' returned host key '~a' of type '~a' \
 instead of '~a' of type '~a'~%")
-               (build-machine-name machine)
-               (public-key->string server) (get-key-type server)
-               key type)))
-
-    (let ((auth (userauth-public-key! session private)))
-      (unless (eq? 'success auth)
-        (disconnect! session)
-        (leave (_ "SSH public key authentication failed for '~a': ~a~%")
-               (build-machine-name machine) (get-error session))))
-
-    session))
+                  (build-machine-name machine)
+                  (public-key->string server) (get-key-type server)
+                  key type)))
+
+       (let ((auth (userauth-public-key! session private)))
+         (unless (eq? 'success auth)
+           (disconnect! session)
+           (leave (_ "SSH public key authentication failed for '~a': ~a~%")
+                  (build-machine-name machine) (get-error session))))
+
+       session)
+      (x
+       ;; Connection failed or timeout expired.
+       (leave (_ "failed to connect to '~a': ~a~%")
+              (build-machine-name machine) (get-error session))))))
 
 (define* (connect-to-remote-daemon session
                                    #:optional
@@ -429,10 +434,8 @@ be read."
 (define (send-files files remote)
   "Send the subset of FILES that's missing to REMOTE, a remote store."
   (with-store store
-    ;; Compute the subset of FILES missing on SESSION, and send them in
-    ;; topologically sorted order so that they can actually be imported.
-    (let* ((sorted  (topologically-sorted store files))
-           (session (channel-get-session (nix-server-socket remote)))
+    ;; Compute the subset of FILES missing on SESSION and send them.
+    (let* ((session (channel-get-session (nix-server-socket remote)))
            (node    (make-node session))
            (missing (node-eval node
                                `(begin
@@ -441,11 +444,12 @@ be read."
 
                                   (with-store store
                                     (remove (cut valid-path? store <>)
-                                            ',sorted)))))
+                                            ',files)))))
            (port    (store-import-channel session)))
       (format #t (_ "sending ~a store files to '~a'...~%")
               (length missing) (session-get session 'host))
 
+      ;; Send MISSING in topological order.
       (export-paths store missing port)
 
       ;; Tell the remote process that we're done.  (In theory the
@@ -489,27 +493,30 @@ be read."
 
 (define (machine-load machine)
   "Return the load of MACHINE, divided by the number of parallel builds
-allowed on MACHINE."
+allowed on MACHINE.  Return +∞ if MACHINE is unreachable."
   ;; Note: This procedure is costly since it creates a new SSH session.
-  (let* ((session (open-ssh-session machine))
-         (pipe    (open-remote-pipe* session OPEN_READ
+  (match (false-if-exception (open-ssh-session machine))
+    ((? session? session)
+     (let* ((pipe (open-remote-pipe* session OPEN_READ
                                      "cat" "/proc/loadavg"))
-         (line    (read-line pipe)))
-    (close-port pipe)
-
-    (if (eof-object? line)
-        +inf.0    ;MACHINE does not respond, so assume it is infinitely loaded
-        (match (string-tokenize line)
-          ((one five fifteen . _)
-           (let* ((raw        (string->number five))
-                  (jobs       (build-machine-parallel-builds machine))
-                  (normalized (/ raw jobs)))
-             (format (current-error-port) "load on machine '~a' is ~s\
+            (line (read-line pipe)))
+       (close-port pipe)
+
+       (if (eof-object? line)
+           +inf.0 ;MACHINE does not respond, so assume it is infinitely loaded
+           (match (string-tokenize line)
+             ((one five fifteen . _)
+              (let* ((raw        (string->number five))
+                     (jobs       (build-machine-parallel-builds machine))
+                     (normalized (/ raw jobs)))
+                (format (current-error-port) "load on machine '~a' is ~s\
  (normalized: ~s)~%"
-                     (build-machine-name machine) raw normalized)
-             normalized))
-          (_
-           +inf.0)))))           ;something's fishy about MACHINE, so avoid it
+                        (build-machine-name machine) raw normalized)
+                normalized))
+             (_
+              +inf.0)))))        ;something's fishy about MACHINE, so avoid it
+    (_
+     +inf.0)))                      ;failed to connect to MACHINE, so avoid it
 
 (define (machine-lock-file machine hint)
   "Return the name of MACHINE's lock file for HINT."
@@ -635,6 +642,12 @@ allowed on MACHINE."
   (and=> (passwd:dir (getpw (getuid)))
          (cut setenv "HOME" <>))
 
+  ;; We rely on protocol-level compression from libssh to optimize large data
+  ;; transfers.  Warn if it's missing.
+  (unless (zlib-support?)
+    (warning (_ "Guile-SSH lacks zlib support"))
+    (warning (_ "data transfers will *not* be compressed!")))
+
   (match args
     ((system max-silent-time print-build-trace? build-timeout)
      (let ((max-silent-time    (string->number max-silent-time))
diff --git a/guix/store.scm b/guix/store.scm
index 689a94c636..a669011f3a 100644
--- a/guix/store.scm
+++ b/guix/store.scm
@@ -470,7 +470,8 @@ encoding conversion errors."
            ;; Write a byte stream to USER-PORT.
            (let* ((len (read-int p))
                   (m   (modulo len 8)))
-             (dump-port p user-port len)
+             (dump-port p user-port len
+                        #:buffer-size (if (<= len 16384) 16384 65536))
              (unless (zero? m)
                ;; Consume padding, as for strings.
                (get-bytevector-n p (- 8 m))))
diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc
index 9b29b3e91d..682f9a2b5b 100644
--- a/nix/nix-daemon/nix-daemon.cc
+++ b/nix/nix-daemon/nix-daemon.cc
@@ -203,11 +203,11 @@ static void stopWork(bool success = true, const string & msg = "", unsigned int
 }
 
 
-struct TunnelSink : Sink
+struct TunnelSink : BufferedSink
 {
     Sink & to;
-    TunnelSink(Sink & to) : to(to) { }
-    virtual void operator () (const unsigned char * data, size_t len)
+    TunnelSink(Sink & to) : BufferedSink(64 * 1024), to(to) { }
+    virtual void write(const unsigned char * data, size_t len)
     {
         writeInt(STDERR_WRITE, to);
         writeString(data, len, to);
@@ -433,6 +433,7 @@ static void performOp(bool trusted, unsigned int clientVersion,
         startWork();
         TunnelSink sink(to);
         store->exportPath(path, sign, sink);
+        sink.flush();
         stopWork();
         writeInt(1, to);
         break;