summary refs log tree commit diff
path: root/gnu/packages
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2018-08-10 15:32:51 +0200
committerMarius Bakke <mbakke@fastmail.com>2018-08-10 15:32:51 +0200
commit7b38f045c04fe69001ff5c2f04486cc51a69ae82 (patch)
treebd839f1f635dc114c84d67c1db09b74f613ec315 /gnu/packages
parent369d15674c8bb251c45a45466031a2da1640df9f (diff)
parent256d5c6e339d59287284bb83f35c594f13bd08f9 (diff)
downloadguix-7b38f045c04fe69001ff5c2f04486cc51a69ae82.tar.gz
Merge branch 'master' into staging
Diffstat (limited to 'gnu/packages')
-rw-r--r--gnu/packages/admin.scm1
-rw-r--r--gnu/packages/autogen.scm16
-rw-r--r--gnu/packages/backup.scm9
-rw-r--r--gnu/packages/build-tools.scm15
-rw-r--r--gnu/packages/compression.scm12
-rw-r--r--gnu/packages/curl.scm14
-rw-r--r--gnu/packages/dns.scm4
-rw-r--r--gnu/packages/education.scm4
-rw-r--r--gnu/packages/finance.scm17
-rw-r--r--gnu/packages/ftp.scm7
-rw-r--r--gnu/packages/gnome.scm25
-rw-r--r--gnu/packages/gnuzilla.scm68
-rw-r--r--gnu/packages/golang.scm25
-rw-r--r--gnu/packages/libreoffice.scm8
-rw-r--r--gnu/packages/linux.scm31
-rw-r--r--gnu/packages/mail.scm10
-rw-r--r--gnu/packages/mes.scm28
-rw-r--r--gnu/packages/messaging.scm4
-rw-r--r--gnu/packages/mingw.scm4
-rw-r--r--gnu/packages/music.scm18
-rw-r--r--gnu/packages/networking.scm37
-rw-r--r--gnu/packages/package-management.scm8
-rw-r--r--gnu/packages/patches/lxc-CVE-2018-6556.patch116
-rw-r--r--gnu/packages/patches/polkit-drop-test.patch18
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch53
-rw-r--r--gnu/packages/patches/xorg-server-rotate-fb.patch35
-rw-r--r--gnu/packages/patchutils.scm27
-rw-r--r--gnu/packages/polkit.scm14
-rw-r--r--gnu/packages/profiling.scm4
-rw-r--r--gnu/packages/rdf.scm4
-rw-r--r--gnu/packages/rust.scm17
-rw-r--r--gnu/packages/syncthing.scm23
-rw-r--r--gnu/packages/version-control.scm28
-rw-r--r--gnu/packages/video.scm32
-rw-r--r--gnu/packages/virtualization.scm5
-rw-r--r--gnu/packages/vulkan.scm8
-rw-r--r--gnu/packages/web-browsers.scm4
-rw-r--r--gnu/packages/web.scm8
-rw-r--r--gnu/packages/webkit.scm4
-rw-r--r--gnu/packages/wm.scm13
-rw-r--r--gnu/packages/xdisorg.scm4
-rw-r--r--gnu/packages/xorg.scm7
42 files changed, 494 insertions, 295 deletions
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 73772166ab..edc1349c46 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -1048,6 +1048,7 @@ commands and their arguments.")
                     version
                     ".tar.gz"))
               (patches (search-patches "wpa-supplicant-CVE-2017-13082.patch"
+                                       "wpa-supplicant-CVE-2018-14526.patch"
                                        "wpa-supplicant-fix-key-reuse.patch"
                                        "wpa-supplicant-fix-zeroed-keys.patch"
                                        "wpa-supplicant-fix-nonce-reuse.patch"
diff --git a/gnu/packages/autogen.scm b/gnu/packages/autogen.scm
index f3ab30b10a..5fc61fc70e 100644
--- a/gnu/packages/autogen.scm
+++ b/gnu/packages/autogen.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -31,7 +32,7 @@
 (define-public autogen
   (package
     (name "autogen")
-    (version "5.18.12")
+    (version "5.18.14")
     (source
      (origin
       (method url-fetch)
@@ -39,12 +40,12 @@
                           "/autogen-" version ".tar.xz"))
       (sha256
        (base32
-        "1n5zq4872sakvz9c7ncsdcfp0z8rsybsxvbmhkpbd19ii0pacfxy"))))
+        "1r06gam7sicb9ssn02mhv6r0g5vr4k0l0c67shpqa5i172cspizz"))))
     (build-system gnu-build-system)
-    (native-inputs `(("perl" ,perl)     ;for doc generator mdoc
-                     ("pkg-config" ,pkg-config)))
-    (inputs `(("which" ,which)
-              ("guile" ,guile-2.0)))
+    (native-inputs `(("pkg-config" ,pkg-config)
+                     ("which" ,which)))
+    (inputs `(("guile" ,guile-2.0)
+              ("perl" ,perl)))          ; for doc generator mdoc
     (arguments
      '(#:phases
        (modify-phases %standard-phases
@@ -54,8 +55,7 @@
                (substitute*
                  (append (find-files "agen5/test" "\\.test$")
                          (find-files "autoopts/test" "\\.(test|in)$"))
-                 (("/bin/sh") sh)
-                 (("/usr/bin/tr") "tr"))
+                 (("/bin/sh") sh))
                #t))))))
     (home-page "https://www.gnu.org/software/autogen/")
     (synopsis "Automated program generator")
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index f55dd1a139..ca880d6c05 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -875,6 +875,15 @@ is like a time machine for your data. ")
                                         ,version)
                (invoke "go" "run" "build.go"))))
 
+         (replace 'check
+           (lambda _
+             (with-directory-excursion (string-append
+                                        "src/github.com/restic/restic-"
+                                        ,version)
+               ;; unexpected error: fusermount: exit status 1
+               (delete-file "cmd/restic/integration_fuse_test.go")
+               (invoke "go" "run" "build.go" "--test"))))
+
          (replace 'install
            (lambda* (#:key outputs #:allow-other-keys)
              (let ((out (assoc-ref outputs "out"))
diff --git a/gnu/packages/build-tools.scm b/gnu/packages/build-tools.scm
index 24870c82d6..4fc2d5acf7 100644
--- a/gnu/packages/build-tools.scm
+++ b/gnu/packages/build-tools.scm
@@ -25,6 +25,7 @@
   #:use-module (guix utils)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix build-system cmake)
   #:use-module (gnu packages)
   #:use-module (gnu packages compression)
@@ -76,16 +77,16 @@ makes a few sacrifices to acquire fast full and incremental build times.")
 (define-public bear
   (package
     (name "bear")
-    (version "2.3.11")
+    (version "2.3.12")
     (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "https://github.com/rizsotto/Bear/archive/"
-                    version ".tar.gz"))
-              (file-name (string-append name "-" version ".tar.gz"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/rizsotto/Bear")
+                    (commit version)))
+              (file-name (git-file-name name version))
               (sha256
                (base32
-                "1m0w0wqnz983l7fpp5p9pdsqr7n3ybrzp8ywjcvn0rihsrzj65j6"))))
+                "1zzz2yiiny9pm4h6ayb82xzxc2j5djcpf8va2wagcw92m7w6miqw"))))
     (build-system cmake-build-system)
     (inputs
      `(("python" ,python-wrapper)))
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 1c5e00ec95..c6cd416bdd 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -643,13 +643,13 @@ sfArk file format to the uncompressed sf2 format.")
   (package
     (name "libmspack")
     (home-page "https://cabextract.org.uk/libmspack/")
-    (version "0.7")
+    (version "0.7.1")
     (source
      (origin
       (method url-fetch)
       (uri (string-append home-page name "-" version "alpha.tar.gz"))
       (sha256
-       (base32 "0wi7ydq8vjiq0kfnpkj2d6vll2s49x38bywnsdqphqb0vdn53q1n"))))
+       (base32 "0zn4vwzk5ankgd0l88cipan19pzbzv0sm3fba17lvqwka3dp1acp"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags '("--disable-static")))
@@ -1213,7 +1213,7 @@ install: libbitshuffle.so
 (define-public java-snappy
   (package
     (name "java-snappy")
-    (version "1.1.7")
+    (version "1.1.7.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/xerial/snappy-java/archive/"
@@ -1221,7 +1221,7 @@ install: libbitshuffle.so
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0q4kxz2n97czf6g5gzq0d8yz22cgiaj7wp51rzsswh3bi99bpgg5"))))
+                "1p557vdv006ysgxbpp83krmq0066k46108vyiyka69w8i4i8rbbm"))))
     (build-system ant-build-system)
     (arguments
      `(#:jar-name "snappy.jar"
@@ -1295,8 +1295,8 @@ install: libbitshuffle.so
        ("perl" ,perl)))
     (home-page "https://github.com/xerial/snappy-java")
     (synopsis "Compression/decompression algorithm in Java")
-    (description "Snappy-java is a Java port of the snappy, a fast C++
-compresser/decompresser.")
+    (description "Snappy-java is a Java port of snappy, a fast C++
+compressor/decompressor.")
     (license license:asl2.0)))
 
 (define-public java-snappy-1
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index e724fd147b..1907d2dc3d 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -157,19 +157,19 @@ tunneling, and so on.")
 (define-public kurly
   (package
     (name "kurly")
-    (version "1.2.1")
+    (version "1.2.2")
     (source (origin
               (method git-fetch)
               (uri (git-reference
-                     (url "https://github.com/davidjpeacock/kurly.git")
+                     (url "https://gitlab.com/davidjpeacock/kurly.git")
                      (commit (string-append "v" version))))
               (file-name (git-file-name name version))
               (sha256
                (base32
-                "01kp33gvzxmk6ipz7323wqwmbc90q2mwzsjig8rzpqsm4kji5hi6"))))
+                "003jv2k45hg2svhjpy5253ccd250vi2r17x2zhm51iw54kgwxipm"))))
     (build-system go-build-system)
     (arguments
-     `(#:import-path "github.com/davidjpeacock/kurly"
+     `(#:import-path "gitlab.com/davidjpeacock/kurly"
        #:install-source? #f
        #:phases
        (modify-phases %standard-phases
@@ -182,20 +182,20 @@ tunneling, and so on.")
                (with-directory-excursion source
                  (install-file "README.md" doc)
                  (mkdir-p man)
-                 (copy-file "meta/kurly.man"
+                 (copy-file "doc/kurly.man"
                             (string-append man "/kurly.1")))
                #t))))))
     (inputs
      `(("go-github-com-alsm-ioprogress" ,go-github-com-alsm-ioprogress)
        ("go-github-com-aki237-nscjar" ,go-github-com-aki237-nscjar)
-       ("go-github-com-davidjpeacock-cli" ,go-github-com-davidjpeacock-cli)))
+       ("go-github-com-urfave-cli" ,go-github-com-urfave-cli)))
     (synopsis "Command-line HTTP client")
     (description "kurly is an alternative to the @code{curl} program written in
 Go.  kurly is designed to operate in a similar manner to curl, with select
 features.  Notably, kurly is not aiming for feature parity, but common flags and
 mechanisms particularly within the HTTP(S) realm are to be expected.  kurly does
 not offer a replacement for libcurl.")
-    (home-page "https://github.com/davidjpeacock/kurly")
+    (home-page "https://gitlab.com/davidjpeacock/kurly")
     (license license:asl2.0)))
 
 (define-public guile-curl
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index ffa442f4d6..a8ac3feaa7 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -103,7 +103,7 @@ and BOOTP/TFTP for network booting of diskless machines.")
 (define-public isc-bind
   (package
     (name "bind")
-    (version "9.12.2")
+    (version "9.12.2-P1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -111,7 +111,7 @@ and BOOTP/TFTP for network booting of diskless machines.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "0ll46igs9xfq2qclc5wzqsnj3zv7ssga0544gm24s1m7765lqslz"))))
+                "192ld6w8f4n46hvdmmzzrfkd28apf4dwmbpbi3j2q1d2p315ajww"))))
     (build-system gnu-build-system)
     (outputs `("out" "utils"))
     (inputs
diff --git a/gnu/packages/education.scm b/gnu/packages/education.scm
index 15b893c30d..52dde26f44 100644
--- a/gnu/packages/education.scm
+++ b/gnu/packages/education.scm
@@ -243,7 +243,7 @@ easy.")
 (define-public snap
   (package
     (name "snap")
-    (version "4.1.2.7")
+    (version "4.2.1.3")
     (source
      (origin
        (method git-fetch)
@@ -253,7 +253,7 @@ easy.")
        (file-name (git-file-name name version))
        (sha256
         (base32
-         "0cy3jhqqpmivqnfm9kmlnh3fhf3m3y4xqhikblk8vfjprh6vmcvd"))))
+         "0n32hg8rx6alk5j58l76gzmicrg1bp7jagz5mh1zrg7591aicjal"))))
     (build-system trivial-build-system)
     (arguments
      `(#:modules ((guix build utils))
diff --git a/gnu/packages/finance.scm b/gnu/packages/finance.scm
index fd2a5af0cb..2cbd4854ec 100644
--- a/gnu/packages/finance.scm
+++ b/gnu/packages/finance.scm
@@ -825,28 +825,19 @@ Luhn and family of ISO/IEC 7064 check digit algorithms. ")
 (define-public python-duniterpy
   (package
     (name "python-duniterpy")
-    (version "0.43.2")
+    (version "0.43.7")
     (source
      (origin
        (method git-fetch)
        ;; Pypi's default URI is missing "requirements.txt" file.
        (uri (git-reference
-             (url "https://github.com/duniter/duniter-python-api.git")
+             (url "https://git.duniter.org/clients/python/duniterpy.git")
              (commit version)))
        (file-name (git-file-name name version))
        (sha256
         (base32
-         "1ch4f150k1p1l876pp08p5rxqhpv5xfbxdw6njcmr06hspv8v8x4"))))
+         "19m36z98361bqxjdb65597j2kxbly491927c6p9z47s1vxc3raaq"))))
     (build-system python-build-system)
-    (arguments
-     `(#:phases
-       (modify-phases %standard-phases
-         ;; Among 108 tests, a single one is failing: FAIL:
-         ;; test_from_pubkey.  Remove it.
-         (add-after 'unpack 'remove-failing-test
-           (lambda _
-             (delete-file "tests/documents/test_crc_pubkey.py")
-             #t)))))
     (propagated-inputs
      `(("python-aiohttp" ,python-aiohttp)
        ("python-base58" ,python-base58)
@@ -854,7 +845,7 @@ Luhn and family of ISO/IEC 7064 check digit algorithms. ")
        ("python-libnacl" ,python-libnacl)
        ("python-pylibscrypt" ,python-pylibscrypt)
        ("python-pypeg2" ,python-pypeg2)))
-    (home-page "https://github.com/duniter/duniter-python-api")
+    (home-page "https://git.duniter.org/clients/python/duniterpy")
     (synopsis "Python implementation of Duniter API")
     (description "@code{duniterpy} is an implementation of
 @uref{https://github.com/duniter/duniter/, duniter} API. Its
diff --git a/gnu/packages/ftp.scm b/gnu/packages/ftp.scm
index f3211d9031..f687b9814d 100644
--- a/gnu/packages/ftp.scm
+++ b/gnu/packages/ftp.scm
@@ -46,7 +46,7 @@
 (define-public lftp
   (package
     (name "lftp")
-    (version "4.8.3")
+    (version "4.8.4")
     (source (origin
               (method url-fetch)
               ;; See https://lftp.tech/get.html for mirrors.
@@ -58,7 +58,7 @@
                                         "ftp/lftp/lftp-" version ".tar.xz")))
               (sha256
                (base32
-                "12y77jlfs4x4zvcah92mw2h2sb4j0bvbaxkh3wwsm8gs392ywyny"))))
+                "0qks22357xv9y6ripmf5j2n5svh8j5z0yniphfk89sjwkqg2gg2f"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -74,7 +74,8 @@
                      (lambda _
                        (substitute* "tests/Makefile"
                          (("(ftp-cls-l|ftp-list|http-get)\\$\\(EXEEXT\\)") "")
-                         (("lftp-https-get ") "")))))
+                         (("lftp-https-get ") ""))
+                       #t)))
        #:configure-flags
        (list (string-append "--with-readline="
                             (assoc-ref %build-inputs "readline")))))
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 6fcd3ceb9c..311083395a 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -4002,39 +4002,26 @@ DAV, and others.")
 (define-public gusb
   (package
     (name "gusb")
-    (version "0.2.9")
+    (version "0.3.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/hughsie/libgusb/archive/"
-                                  "gusb_"
-                                  (string-join (string-split version #\.)
-                                               "_")
-                                  ".tar.gz"))
+                                  version ".tar.gz"))
               (sha256
                (base32
-                "1500mgpidmnjfkcz1fzqkbqv547iy1cvr8bwf3k9vqgqcjx3844n"))))
-    (build-system gnu-build-system)
+                "1wa9787ww7s1kl9jml6kiyrjgimlgagq4jmgdj7xcpsx83w10qxk"))))
+    (build-system meson-build-system)
     (native-inputs
-     `(("glib:bin" ,glib "bin")         ; for glib-genmarshal, etc.
-       ("gobject-introspection" ,gobject-introspection)
+     `(("gobject-introspection" ,gobject-introspection)
        ("pkg-config" ,pkg-config)
        ("vala" ,vala)
-       ("autoconf" ,autoconf)
-       ("automake" ,automake)
-       ("libtool" ,libtool)
        ("gtk-doc" ,gtk-doc)))
     (propagated-inputs
      ;; Both of these are required by gusb.pc.
      `(("glib" ,glib)
        ("libusb" ,libusb)))
     (arguments
-     `(#:tests? #f  ; libusb fails to initialize.  Wonder what that is.
-       #:phases
-       (modify-phases %standard-phases
-         (add-after 'unpack 'autogen
-                    (lambda _
-                      (and (zero? (system* "gtkdocize"))
-                           (zero? (system* "autoreconf" "-vif"))))))))
+     `(#:tests? #f)) ;libusb fails to initialize.  Wonder what that is.
     (home-page "https://github.com/hughsie/libgusb")
     (synopsis "GLib binding for libusb1")
     (description
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index ba60d1372a..b6bf89a75b 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -8,6 +8,7 @@
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2017 Nils Gillmann <ng0@n0.is>
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -31,6 +32,7 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix utils)
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages autotools)
@@ -252,6 +254,72 @@ in C/C++.")
        ("icu4c" ,icu4c)
        ("zlib" ,zlib)))))
 
+(define-public mozjs-52
+  ;; No releases yet at <https://archive.mozilla.org/pub/spidermonkey/releases/>.
+  ;; While we could take a snapshot of the complete mozilla-esr52 repository at
+  ;; <https://treeherder.mozilla.org/#/jobs?repo=mozilla-esr52&filter-searchStr=sm-tc>,
+  ;; we take the Debian version instead, because it is easier to work with.
+  (let ((commit "6507e63cc416fd7a3269e390efe712f8b56f374a")
+        (revision "1"))
+    (package (inherit mozjs-38)
+      (version (git-version "52.0" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://salsa.debian.org/gnome-team/mozjs52.git")
+                      (commit commit)))
+                (file-name (git-file-name "mozjs" version))
+                (sha256
+                 (base32
+                  "1ny0s53r8wn4byys87h784xrq1xg767akmfm6gqrbvrz57mlm3q2"))))
+      (arguments
+       `(#:tests? #f ; depends on repository metadata
+         #:configure-flags
+         '("--enable-ctypes"
+           "--enable-optimize"
+           "--enable-pie"
+           "--enable-readline"
+           "--enable-shared-js"
+           "--enable-system-ffi"
+           "--with-system-icu"
+           "--with-system-nspr"
+           "--with-system-zlib"
+
+           ;; Intl API requires bundled ICU.
+           "--without-intl-api")
+         #:phases
+         (modify-phases %standard-phases
+           (add-after 'unpack 'patch-and-chdir
+             (lambda* (#:key inputs #:allow-other-keys)
+               ;; This patch prevents a segfault when executing JS_Init().
+               ;; The build does not fail without this patch, but the
+               ;; configure phase of the gjs package would fail.
+               ;; See https://bugzilla.mozilla.org/show_bug.cgi?id=1176787
+               (make-file-writable "js/src/old-configure.in")
+               (make-file-writable "js/src/old-configure")
+               (make-file-writable "mozglue/build/moz.build")
+               (invoke "patch" "-p1" "--force"
+                       "--input" "debian/patches/disable-mozglue.patch")
+               (invoke "touch" "js/src/configure")
+               (chdir "js/src")
+               #t))
+           (replace 'configure
+             (lambda* (#:key inputs outputs configure-flags #:allow-other-keys)
+               ;; The configure script does not accept environment variables
+               ;; as arguments.
+               (let ((out (assoc-ref outputs "out")))
+                 (setenv "SHELL" (which "sh"))
+                 (setenv "CONFIG_SHELL" (which "sh"))
+                 (setenv "AUTOCONF" (string-append (assoc-ref inputs "autoconf")
+                                                   "/bin/autoconf"))
+                 (apply invoke "./configure"
+                        (cons (string-append "--prefix=" out)
+                              configure-flags))))))))
+      (native-inputs
+       `(("autoconf" ,autoconf-2.13)
+         ("automake" ,automake)
+         ,@(package-native-inputs mozjs-38))))))
+
 (define-public nspr
   (package
     (name "nspr")
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 445533b0c2..20b203aa6f 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -552,31 +552,6 @@ jar struct to manage the cookies added to the cookie jar.")
       (home-page "https://github.com/aki237/nscjar")
       (license license:expat))))
 
-(define-public go-github-com-davidjpeacock-cli
-  (let ((commit "8ba6f23b6e36d03666a14bd9421f5e3efcb59aca")
-        (revision "0"))
-    (package
-      (name "go-github-com-davidjpeacock-cli")
-      (version (git-version "1.19.1" revision commit))
-      (source (origin
-                (method git-fetch)
-                (uri (git-reference
-                       (url "https://github.com/davidjpeacock/cli.git")
-                       (commit commit)))
-                (file-name (git-file-name name version))
-                (sha256
-                 (base32
-                  "01s53ny3p0fdx64rnwcnmjj4xpc5adihnh6islsfq5z1ph2phhnj"))))
-      (build-system go-build-system)
-      (arguments
-       '(#:import-path "github.com/davidjpeacock/cli"))
-      (synopsis "Build command-line interfaces in Go")
-      (description "@code{cli} is a package for building command line
-interfaces in Go.  The goal is to enable developers to write fast and
-distributable command line applications in an expressive way.")
-      (home-page "https://github.com/davidjpeacock/cli")
-      (license license:expat))))
-
 (define-public go-github.com-jessevdk-go-flags
   (package
     (name "go-github.com-jessevdk-go-flags")
diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm
index 25c99f1c73..3dc7a4bbf2 100644
--- a/gnu/packages/libreoffice.scm
+++ b/gnu/packages/libreoffice.scm
@@ -584,14 +584,14 @@ Microsoft Visio documents of all versions.")
 (define-public libodfgen
   (package
     (name "libodfgen")
-    (version "0.1.6")
+    (version "0.1.7")
     (source
      (origin
       (method url-fetch)
-      (uri (string-append "http://dev-www.libreoffice.org/src/"
-                          name "-" version ".tar.bz2"))
+      (uri (string-append "mirror://sourceforge/libwpd/" name "/"
+                          name "-" version "/" name "-" version ".tar.xz"))
       (sha256 (base32
-               "1hn91bm6dni7n3frh7lpbj3mjqmdrpn12ipq8rswd9445y4j2yrc"))))
+               "0cdq48wlpp8m0qmndybv64r0m4vh0qsqx69cn6ms533cjlgljgij"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("doxygen" ,doxygen)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index f13c3f8986..1ad86a7895 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -404,8 +404,8 @@ It has been modified to remove all non-free binary blobs.")
 ;; supports qemu "virt" machine and possibly a large number of ARM boards.
 ;; See : https://wiki.debian.org/DebianKernel/ARMMP.
 
-(define %linux-libre-version "4.17.12")
-(define %linux-libre-hash "1zpyrw55pg3rg9rjhasx7n070c81frnaab44f4g9gyh08wbapz7k")
+(define %linux-libre-version "4.17.13")
+(define %linux-libre-hash "07z4yisl4krz1ja6123xp32g00nx6ajsc9x1lywmmpvvjilsz4ax")
 
 (define-public linux-libre
   (make-linux-libre %linux-libre-version
@@ -413,8 +413,8 @@ It has been modified to remove all non-free binary blobs.")
                     %linux-compatible-systems
                     #:configuration-file kernel-config))
 
-(define %linux-libre-4.14-version "4.14.60")
-(define %linux-libre-4.14-hash "0550cynydwgnfd1wsl8gqmjsp4qhsimanl7h5sdi297qrz4d93pa")
+(define %linux-libre-4.14-version "4.14.61")
+(define %linux-libre-4.14-hash "0jr0qi3473fn32cyisp3baf68sfr6vir5ydaphmqmz379ymxxm0z")
 
 (define-public linux-libre-4.14
   (make-linux-libre %linux-libre-4.14-version
@@ -423,14 +423,14 @@ It has been modified to remove all non-free binary blobs.")
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.9
-  (make-linux-libre "4.9.117"
-                    "0lvy6psiw1vkc3ax4fmz07fx635qm9f46p84ds30paw7nhwm115x"
+  (make-linux-libre "4.9.118"
+                    "0zh9l0r828jjbmmqp0hwkjm34ly8kqhfddlyigmliz0j39dg0137"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.4
-  (make-linux-libre "4.4.145"
-                    "1c8lcibc6f8194ix3paip30jb9cqvn4lni6jjskyrmavcfy4rlbp"
+  (make-linux-libre "4.4.146"
+                    "1gpshdkn2rfg8kkf2qb2z30yk1lgzndk0fn1bvnrmfmx7swc45w8"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
@@ -1807,16 +1807,15 @@ compressed, transparent to other programs, without decompressing them.")
 (define-public numactl
   (package
     (name "numactl")
-    (version "2.0.11")
+    (version "2.0.12")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                    "ftp://oss.sgi.com/www/projects/libnuma/download/numactl-"
-                    version
-                    ".tar.gz"))
+                    "https://github.com/numactl/numactl/releases/download/v"
+                    version "/" name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0qbqa9gac2vlahrngi553hws2mqgqdwv2lc69a3yx4gq6l90j325"))))
+                "0ad7mpi3vacbfnx3aqxnvgsj64yp3mav9yxnaz8ancjv7wvdmfsm"))))
     (build-system gnu-build-system)
     (arguments
      '(;; There's a 'test' target, but it requires NUMA support in the kernel
@@ -1826,7 +1825,7 @@ compressed, transparent to other programs, without decompressing them.")
     ;; NUMA is apparently not supported on armhf, see
     ;; http://www.spinics.net/lists/linux-numa/msg01157.html
     (supported-systems (delete "armhf-linux" %supported-systems))
-    (home-page "http://oss.sgi.com/projects/libnuma/")
+    (home-page "https://github.com/numactl/numactl")
     (synopsis "Tools for non-uniform memory access (NUMA) machines")
     (description
      "NUMA stands for Non-Uniform Memory Access, in other words a system whose
@@ -4287,7 +4286,7 @@ re-use code and to avoid re-inventing the wheel.")
 (define-public libnftnl
   (package
     (name "libnftnl")
-    (version "1.1.0")
+    (version "1.1.1")
     (source
       (origin
         (method url-fetch)
@@ -4295,7 +4294,7 @@ re-use code and to avoid re-inventing the wheel.")
                             "libnftnl-" version ".tar.bz2"))
         (sha256
          (base32
-          "0v4gywcjvv2vg4zk632al1zv3ad0lx87nshynv110l8n3fhsq3pc"))))
+          "1wmgjfcb35mscb2srzia5931srygywrs1aznxmg67v177x0nasjx"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 2a6a17c804..5e5933932b 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -1206,7 +1206,7 @@ facilities for checking incoming mail.")
 (define-public dovecot
   (package
     (name "dovecot")
-    (version "2.3.1")
+    (version "2.3.2.1")
     (source
      (origin
        (method url-fetch)
@@ -1214,7 +1214,7 @@ facilities for checking incoming mail.")
                            (version-major+minor version) "/"
                            name "-" version ".tar.gz"))
        (sha256 (base32
-                "14zva4f8k64x86sm9n21cp2yvrpph6k6k52bm22a00pxjwdq50q8"))))
+                "0d2ffbicgl3wswbnyjbw6qigz7r1aqzprpchbwp5cynw122i2raa"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -2364,7 +2364,7 @@ operators and scripters.")
 (define-public alpine
   (package
     (name "alpine")
-    (version "2.21.999")
+    (version "2.21.9999")
     (source
      (origin
        (method url-fetch)
@@ -2373,11 +2373,11 @@ operators and scripters.")
        ;; the patched version, and so do we to not break expectations.
        ;; http://alpine.freeiz.com/alpine/readme/README.patches
        (uri (string-append "http://repo.or.cz/alpine.git/snapshot/"
-                           "349642a84039a4b026513c32a3b4f8594acd50df.tar.gz"))
+                           "d3e6f3932f2af9deca8eed09e30a55e9bd524362.tar.gz"))
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1rkvlfk3q7h9jcvaj91pk7l087bq4b38j30060jaw21zz94b90np"))))
+         "0w4qyybfdxi29r2z3giq0by6aa6v6nrgibh1xgv4d1vwwq4hw35w"))))
     (build-system gnu-build-system)
     (arguments
      `(#:make-flags (list "CC=gcc")
diff --git a/gnu/packages/mes.scm b/gnu/packages/mes.scm
index 8bde7b1525..a108e3405b 100644
--- a/gnu/packages/mes.scm
+++ b/gnu/packages/mes.scm
@@ -24,6 +24,7 @@
   #:use-module (gnu packages commencement)
   #:use-module (gnu packages cross-base)
   #:use-module (gnu packages gcc)
+  #:use-module (gnu packages graphviz)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages man)
   #:use-module (gnu packages package-management)
@@ -75,15 +76,14 @@ extensive examples, including parsers for the Javascript and C99 languages.")
   (let ((triplet "i686-unknown-linux-gnu"))
     (package
       (name "mes")
-      (version "0.16.1")
+      (version "0.17")
       (source (origin
                 (method url-fetch)
-                (uri (string-append "https://gitlab.com/janneke/mes"
-                                    "/-/archive/v" version
-                                    "/mes-" version ".tar.gz"))
+                (uri (string-append "http://alpha.gnu.org/gnu/mes/"
+                                    "mes-" version ".tar.gz"))
                 (sha256
                  (base32
-                  "0qghlbx2qn674q8vckxpzsd0p845kclg457bw6r25jpmslgm0bz2"))))
+                  "1j32x4zqy2cqjlg9m35f2411mwac2b0p5ch4hm99gddmfbxzgyhg"))))
       (build-system gnu-build-system)
       (supported-systems '("i686-linux" "x86_64-linux"))
       (propagated-inputs
@@ -98,27 +98,19 @@ extensive examples, including parsers for the Javascript and C99 languages.")
                `(("i686-linux-binutils" ,(cross-binutils triplet))
                  ("i686-linux-gcc" ,(cross-gcc triplet)))
                '())
+         ("graphviz" ,graphviz)
          ("help2man" ,help2man)
-         ("perl" ,perl)                 ;build-aux/gitlog-to-changelog
+         ("perl" ,perl)                 ; build-aux/gitlog-to-changelog
          ("texinfo" ,texinfo)))
       (arguments
-       `(#:phases
-         (modify-phases %standard-phases
-           (add-before 'install 'generate-changelog
-             (lambda _
-               (with-output-to-file "ChangeLog"
-                 (lambda ()
-                   (display "Please run
-    build-aux/gitlog-to-changelog --srcdir=<git-checkout> > ChangeLog\n")))
-               #t))
-           (delete 'strip)))) ; binutil's strip b0rkes MesCC/M1/hex2 binaries
+       `(#:strip-binaries? #f))  ; binutil's strip b0rkes MesCC/M1/hex2 binaries
       (synopsis "Scheme interpreter and C compiler for full source bootstrapping")
       (description
-       "Mes [Maxwell Equations of Software] aims to create full source
+       "GNU Mes [Maxwell Equations of Software] aims to create full source
 bootstrapping for GuixSD.  It consists of a mutual self-hosting [close to
 Guile-] Scheme interpreter prototype in C and a Nyacc-based C compiler in
 [Guile] Scheme.")
-      (home-page "https://gitlab.com/janneke/mes")
+      (home-page "https://gnu.org/software/mes")
       (license gpl3+))))
 
 (define-public mescc-tools
diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index 98a65dcd3d..a76bf4f235 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -873,7 +873,7 @@ protocols.")
 (define-public c-toxcore
   (package
     (name "c-toxcore")
-    (version "0.2.4")
+    (version "0.2.5")
     (source
      (origin
        (method url-fetch)
@@ -882,7 +882,7 @@ protocols.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "0sdszy079f82ncrgq1wsjpk2374n5hm4las75gj3lrdhljl15izl"))))
+         "1n6j3brfz7kp9a7dd1xnwsa29whrb24zglbz1130l3n8vars7n4s"))))
     (arguments
      `(#:tests? #f)) ; FIXME: Testsuite seems to stay stuck on test 3. Disable
                      ; for now.
diff --git a/gnu/packages/mingw.scm b/gnu/packages/mingw.scm
index f7f34e9dc3..3e96f2c475 100644
--- a/gnu/packages/mingw.scm
+++ b/gnu/packages/mingw.scm
@@ -37,14 +37,14 @@
 (define-public mingw-w64
   (package
     (name "mingw-w64")
-    (version "5.0.3")
+    (version "5.0.4")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "https://sourceforge.net/projects/mingw-w64/files/mingw-w64/"
                     "mingw-w64-release/mingw-w64-v" version ".tar.bz2"))
               (sha256
-               (base32 "1d4wrjfdlq5xqpv9zg6ssw4lm8jnv6522xf7d6zbjygmkswisq1a"))
+               (base32 "00zq3z1hbzd5yzmskskjg79xrzwsqx7ihyprfaxy4hb897vf29sm"))
               (patches (search-patches "mingw-w64-5.0rc2-gcc-4.9.3.patch"))))
     (native-inputs `(("xgcc-core" ,(cross-gcc %mingw-triplet))
                      ("xbinutils" ,(cross-binutils %mingw-triplet))))
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index f705566df9..c5ee4293ba 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -1472,16 +1472,16 @@ reverb effects.")
 (define-public setbfree
   (package
     (name "setbfree")
-    (version "0.8.5")
+    (version "0.8.7")
     (source (origin
-              (method url-fetch)
-              (uri
-               (string-append "https://github.com/pantherb/setBfree/archive/v"
-                              version ".tar.gz"))
-              (file-name (string-append name "-" version ".tar.gz"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/pantherb/setBfree")
+                    (commit (string-append "v" version))))
+              (file-name (git-file-name name version))
               (sha256
                (base32
-                "0qfccny0hh9lq54272mzmxvfz2jmzcgigjkjwn6v9h6n00gi5bw4"))))
+                "0r2i8cp0gfzqp6scrxwwf7pn7lk2j9kmf8cx7bqjvgfyn251dw3j"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; no "check" target
@@ -1996,7 +1996,7 @@ capabilities, custom envelopes, effects, etc.")
 (define-public yoshimi
   (package
     (name "yoshimi")
-    (version "1.5.8")
+    (version "1.5.8.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/yoshimi/"
@@ -2004,7 +2004,7 @@ capabilities, custom envelopes, effects, etc.")
                                   "/yoshimi-" version ".tar.bz2"))
               (sha256
                (base32
-                "0gwsr5srzy28hwqhfzrc8pswysmyra8kbww3bxfx8bq4mdjifdj6"))))
+                "1kg7d6mnzdwzsqhrf7pmrf1hzgfpbpm5lv8xkaz32wiv391qrnxc"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f ; there are no tests
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 5055f030af..937d6f75ba 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -2042,3 +2042,40 @@ SNMP v3 using both IPv4 and IPv6.")
                    (license:non-copyleft
                     "http://www.net-snmp.org/about/license.html"
                     "CMU/UCD copyright notice")))))
+
+(define-public ubridge
+  (package
+    (name "ubridge")
+    (version "0.9.14")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/GNS3/ubridge/archive/v"
+                                  version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1hivb8wqkk5047bdl2vbsbcvkmam1107hx1ahy4virq2bkqki1fj"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ;no tests
+       #:make-flags '("CC=gcc")
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (add-before 'install 'set-bindir
+           (lambda* (#:key  inputs outputs #:allow-other-keys)
+             (let ((bin (string-append (assoc-ref outputs "out")
+                                       "/bin")))
+               (mkdir-p bin)
+               (substitute* "Makefile"
+                 (("\\$\\(BINDIR\\)") bin)
+                 (("\tsetcap cap_net.*$") "")))
+             #t)))))
+    (inputs
+     `(("libpcap" ,libpcap)))
+    (home-page "https://github.com/GNS3/ubridge/")
+    (synopsis "Bridge for UDP tunnels, Ethernet, TAP and VMnet interfaces")
+    (description "uBridge is a simple program to create user-land bridges
+between various technologies.  Currently, bridging between UDP tunnels,
+Ethernet and TAP interfaces is supported.  Packet capture is also supported.")
+    (license license:gpl3+)))
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index b7e3b320f6..78db0abfa8 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -895,14 +895,14 @@ Microsoft cabinet (.@dfn{CAB}) files.")
 (define-public msitools
   (package
     (name "msitools")
-    (version "0.97")
+    (version "0.98")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
                                   version "/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0pn6izlgwi4ngpk9jk2n38gcjjpk29nm15aad89bg9z3k9n2hnrs"))))
+                "19wb3n3nwkpc6bjr0q3f1znaxsfaqgjbdxxnbx8ic8bb5b49hwac"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -923,7 +923,7 @@ for packaging and deployment of cross-compiled Windows applications.")
 (define-public libostree
   (package
     (name "libostree")
-    (version "2018.5")
+    (version "2018.7")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -931,7 +931,7 @@ for packaging and deployment of cross-compiled Windows applications.")
                     version "/libostree-" version ".tar.xz"))
               (sha256
                (base32
-                "0q82d6rvp119nx7ck7j63a591kz8vg7v465kf9ygh8kzg875l3xd"))))
+                "1nc310lv36psxn5yslkxlgi9gjxwqpwqzkg2pldgpwrlv6gkagj8"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
diff --git a/gnu/packages/patches/lxc-CVE-2018-6556.patch b/gnu/packages/patches/lxc-CVE-2018-6556.patch
new file mode 100644
index 0000000000..7eab7101f1
--- /dev/null
+++ b/gnu/packages/patches/lxc-CVE-2018-6556.patch
@@ -0,0 +1,116 @@
+Fix CVE-2018-6556:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6556
+https://bugzilla.suse.com/show_bug.cgi?id=988348#c8
+
+Patch copied from upstream source repository:
+
+https://github.com/lxc/lxc/commit/c1cf54ebf251fdbad1e971679614e81649f1c032
+
+From c1cf54ebf251fdbad1e971679614e81649f1c032 Mon Sep 17 00:00:00 2001
+From: Christian Brauner <christian.brauner@ubuntu.com>
+Date: Wed, 25 Jul 2018 19:56:54 +0200
+Subject: [PATCH] CVE 2018-6556: verify netns fd in lxc-user-nic
+
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+---
+ src/lxc/cmd/lxc_user_nic.c | 35 ++++++++++++++++++++++++++++++++---
+ src/lxc/utils.c            | 12 ++++++++++++
+ src/lxc/utils.h            |  5 +++++
+ 3 files changed, 49 insertions(+), 3 deletions(-)
+
+diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c
+index ec9cd97e0..c5beb6c8d 100644
+--- a/src/lxc/cmd/lxc_user_nic.c
++++ b/src/lxc/cmd/lxc_user_nic.c
+@@ -1179,12 +1179,41 @@ int main(int argc, char *argv[])
+ 			exit(EXIT_FAILURE);
+ 		}
+ 	} else if (request == LXC_USERNIC_DELETE) {
+-		netns_fd = open(args.pid, O_RDONLY);
++		char opath[LXC_PROC_PID_FD_LEN];
++
++		/* Open the path with O_PATH which will not trigger an actual
++		 * open(). Don't report an errno to the caller to not leak
++		 * information whether the path exists or not.
++		 * When stracing setuid is stripped so this is not a concern
++		 * either.
++		 */
++		netns_fd = open(args.pid, O_PATH | O_CLOEXEC);
+ 		if (netns_fd < 0) {
+-			usernic_error("Could not open \"%s\": %s\n", args.pid,
+-				      strerror(errno));
++			usernic_error("Failed to open \"%s\"\n", args.pid);
++			exit(EXIT_FAILURE);
++		}
++
++		if (!fhas_fs_type(netns_fd, NSFS_MAGIC)) {
++			usernic_error("Path \"%s\" does not refer to a network namespace path\n", args.pid);
++			close(netns_fd);
++			exit(EXIT_FAILURE);
++		}
++
++		ret = snprintf(opath, sizeof(opath), "/proc/self/fd/%d", netns_fd);
++		if (ret < 0 || (size_t)ret >= sizeof(opath)) {
++			close(netns_fd);
++			exit(EXIT_FAILURE);
++		}
++
++		/* Now get an fd that we can use in setns() calls. */
++		ret = open(opath, O_RDONLY | O_CLOEXEC);
++		if (ret < 0) {
++			usernic_error("Failed to open \"%s\": %s\n", args.pid, strerror(errno));
++			close(netns_fd);
+ 			exit(EXIT_FAILURE);
+ 		}
++		close(netns_fd);
++		netns_fd = ret;
+ 	}
+ 
+ 	if (!create_db_dir(LXC_USERNIC_DB)) {
+diff --git a/src/lxc/utils.c b/src/lxc/utils.c
+index 530b1f81a..3b854e35b 100644
+--- a/src/lxc/utils.c
++++ b/src/lxc/utils.c
+@@ -2544,6 +2544,18 @@ bool has_fs_type(const char *path, fs_type_magic magic_val)
+ 	return has_type;
+ }
+ 
++bool fhas_fs_type(int fd, fs_type_magic magic_val)
++{
++	int ret;
++	struct statfs sb;
++
++	ret = fstatfs(fd, &sb);
++	if (ret < 0)
++		return false;
++
++	return is_fs_type(&sb, magic_val);
++}
++
+ bool lxc_nic_exists(char *nic)
+ {
+ #define __LXC_SYS_CLASS_NET_LEN 15 + IFNAMSIZ + 1
+diff --git a/src/lxc/utils.h b/src/lxc/utils.h
+index 6a0bebded..0805f5d0d 100644
+--- a/src/lxc/utils.h
++++ b/src/lxc/utils.h
+@@ -95,6 +95,10 @@
+ #define CGROUP2_SUPER_MAGIC 0x63677270
+ #endif
+ 
++#ifndef NSFS_MAGIC
++#define NSFS_MAGIC 0x6e736673
++#endif
++
+ /* Useful macros */
+ /* Maximum number for 64 bit integer is a string with 21 digits: 2^64 - 1 = 21 */
+ #define LXC_NUMSTRLEN64 21
+@@ -580,6 +584,7 @@ extern void *must_realloc(void *orig, size_t sz);
+ /* __typeof__ should be safe to use with all compilers. */
+ typedef __typeof__(((struct statfs *)NULL)->f_type) fs_type_magic;
+ extern bool has_fs_type(const char *path, fs_type_magic magic_val);
++extern bool fhas_fs_type(int fd, fs_type_magic magic_val);
+ extern bool is_fs_type(const struct statfs *fs, fs_type_magic magic_val);
+ extern bool lxc_nic_exists(char *nic);
+ extern int lxc_make_tmpfile(char *template, bool rm);
diff --git a/gnu/packages/patches/polkit-drop-test.patch b/gnu/packages/patches/polkit-drop-test.patch
deleted file mode 100644
index 2fd0c8bdf6..0000000000
--- a/gnu/packages/patches/polkit-drop-test.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Drop test failing with the following message:
-FAIL: polkitbackendjsauthoritytest
-==================================
-/PolkitBackendJsAuthority/get_admin_identities: Error getting system bus: Could not connect: No such file or directoryError loading /var/run/ConsoleKit/database: Error statting file /var/run/ConsoleKit/database: No such file or directory
-
-
-diff -ru polkit-0.112.old/test/Makefile.in polkit-0.112/test/Makefile.in
---- polkit-0.112.old/test/Makefile.in	2013-07-08 22:52:13.000000000 +0200
-+++ polkit-0.112/test/Makefile.in	2014-11-09 18:43:47.000000000 +0100
-@@ -388,7 +388,7 @@
- top_build_prefix = @top_build_prefix@
- top_builddir = @top_builddir@
- top_srcdir = @top_srcdir@
--SUBDIRS = mocklibc . polkit polkitbackend
-+SUBDIRS = mocklibc . polkit
- AM_CFLAGS = $(GLIB_CFLAGS)
- noinst_LTLIBRARIES = libpolkit-test-helper.la
- libpolkit_test_helper_la_SOURCES = polkittesthelper.c polkittesthelper.h
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch b/gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch
new file mode 100644
index 0000000000..d3d5cbc46a
--- /dev/null
+++ b/gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch
@@ -0,0 +1,53 @@
+Fix CVE-2018-14526:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14526
+https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
+
+Patch downloaded from upstream:
+
+https://w1.fi/security/2018-1/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
+
+From 3e34cfdff6b192fe337c6fb3f487f73e96582961 Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Sun, 15 Jul 2018 01:25:53 +0200
+Subject: [PATCH] WPA: Ignore unauthenticated encrypted EAPOL-Key data
+
+Ignore unauthenticated encrypted EAPOL-Key data in supplicant
+processing. When using WPA2, these are frames that have the Encrypted
+flag set, but not the MIC flag.
+
+When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
+not the MIC flag, had their data field decrypted without first verifying
+the MIC. In case the data field was encrypted using RC4 (i.e., when
+negotiating TKIP as the pairwise cipher), this meant that
+unauthenticated but decrypted data would then be processed. An adversary
+could abuse this as a decryption oracle to recover sensitive information
+in the data field of EAPOL-Key messages (e.g., the group key).
+(CVE-2018-14526)
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/rsn_supp/wpa.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff -upr wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c wpa_supplicant-2.6/src/rsn_supp/wpa.c
+--- wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c	2016-10-02 21:51:11.000000000 +0300
++++ wpa_supplicant-2.6/src/rsn_supp/wpa.c	2018-08-08 16:55:11.506831029 +0300
+@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, c
+ 
+ 	if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
+ 	    (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
++		/*
++		 * Only decrypt the Key Data field if the frame's authenticity
++		 * was verified. When using AES-SIV (FILS), the MIC flag is not
++		 * set, so this check should only be performed if mic_len != 0
++		 * which is the case in this code branch.
++		 */
++		if (!(key_info & WPA_KEY_INFO_MIC)) {
++			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++				"WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
++			goto out;
++		}
+ 		if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
+ 						    &key_data_len))
+ 			goto out;
diff --git a/gnu/packages/patches/xorg-server-rotate-fb.patch b/gnu/packages/patches/xorg-server-rotate-fb.patch
deleted file mode 100644
index f47036b2a7..0000000000
--- a/gnu/packages/patches/xorg-server-rotate-fb.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-commit a85e94a50c94b07574c8701a3ff3c1243f4257f4
-Author: Olivier Fourdan <ofourdan@redhat.com>
-Date:   Fri Jun 15 08:57:12 2018 +0200
-
-    modesetting: use drmmode_bo_import() for rotate_fb
-    
-    drmmode_shadow_allocate() still uses drmModeAddFB() which may fail if
-    the format is not as expected, preventing from using a rotated output.
-    
-    Change it to use the new function drmmode_bo_import() which takes care
-    of calling the drmModeAddFB2() API.
-    
-    Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=106715
-    Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
-    Tested-by: Tomas Pelka <tpelka@redhat.com>
-    Reviewed-by: Lyude Paul <lyude@redhat.com>
-
-diff --git a/hw/xfree86/drivers/modesetting/drmmode_display.c b/hw/xfree86/drivers/modesetting/drmmode_display.c
-index 859a21a9d..ec11b3f56 100644
---- a/hw/xfree86/drivers/modesetting/drmmode_display.c
-+++ b/hw/xfree86/drivers/modesetting/drmmode_display.c
-@@ -1794,11 +1794,8 @@ drmmode_shadow_allocate(xf86CrtcPtr crtc, int width, int height)
-         return NULL;
-     }
- 
--    ret = drmModeAddFB(drmmode->fd, width, height, crtc->scrn->depth,
--                       drmmode->kbpp,
--                       drmmode_bo_get_pitch(&drmmode_crtc->rotate_bo),
--                       drmmode_bo_get_handle(&drmmode_crtc->rotate_bo),
--                       &drmmode_crtc->rotate_fb_id);
-+    ret = drmmode_bo_import(drmmode, &drmmode_crtc->rotate_bo,
-+                            &drmmode_crtc->rotate_fb_id);
- 
-     if (ret) {
-         ErrorF("failed to add rotate fb\n");
diff --git a/gnu/packages/patchutils.scm b/gnu/packages/patchutils.scm
index 224b0e8d64..a68e369912 100644
--- a/gnu/packages/patchutils.scm
+++ b/gnu/packages/patchutils.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2018 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -32,9 +32,10 @@
   #:use-module (gnu packages file)
   #:use-module (gnu packages gawk)
   #:use-module (gnu packages less)
+  #:use-module (gnu packages mail)
+  #:use-module (gnu packages ncurses)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages python)
-  #:use-module (gnu packages mail)
   #:use-module (gnu packages xml))
 
 (define-public patchutils
@@ -209,3 +210,25 @@ list, and commands that can search that database.  It allows users to track
 the status of a patch, apply patches, and search for patches---all that from
 the command-line or from Emacs via its Notmuch integration.")
       (license gpl2+))))
+
+(define-public vbindiff
+  (package
+    (name "vbindiff")
+    (version "3.0_beta5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://www.cjmweb.net/vbindiff/vbindiff-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "1f1kj4jki08bnrwpzi663mjfkrx4wnfpzdfwd2qgijlkx5ysjkgh"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("ncurses" ,ncurses)))
+    (home-page "https://www.cjmweb.net/vbindiff/")
+    (synopsis "Console-based tool for comparing binary data")
+    (description "Visual Binary Diff (@command{vbindiff}) displays files in
+hexadecimal and ASCII (or EBCDIC).  It can also display two files at once, and
+highlight the differences between them.  It works well with large files (up to 4
+GiB).")
+    (license gpl2+)))
diff --git a/gnu/packages/polkit.scm b/gnu/packages/polkit.scm
index a3dbc4ff79..7cc5205faa 100644
--- a/gnu/packages/polkit.scm
+++ b/gnu/packages/polkit.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Huang Ying <huang.ying.caritas@gmail.com>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -42,7 +43,7 @@
 (define-public polkit
   (package
     (name "polkit")
-    (version "0.113")
+    (version "0.115")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -50,12 +51,15 @@
                    name "-" version ".tar.gz"))
              (sha256
               (base32
-               "109w86kfqrgz83g9ivggplmgc77rz8kx8646izvm2jb57h4rbh71"))
-             (patches (search-patches "polkit-drop-test.patch"))
+               "0c91y61y4gy6p91cwbzg32dhavw4b7fflg370rimqhdxpzdfr1rg"))
              (modules '((guix build utils)))
              (snippet
               '(begin
                  (use-modules (guix build utils))
+                 ;; Disable broken test.
+                 (substitute* "test/Makefile.in"
+                   (("SUBDIRS = mocklibc . polkit polkitbackend")
+                    "SUBDIRS = mocklibc . polkit"))
                  (substitute* "configure"
                    ;; Replace libsystemd-login with libelogind.
                    (("libsystemd-login") "libelogind")
@@ -66,7 +70,7 @@
                    (("systemd") "elogind"))
                  (substitute* "src/polkitbackend/polkitbackendsessionmonitor-systemd.c"
                    (("systemd") "elogind"))
-                 (substitute* "src/polkitbackend/polkitbackendjsauthority.c"
+                 (substitute* "src/polkitbackend/polkitbackendjsauthority.cpp"
                    (("systemd") "elogind"))
 
                  ;; GuixSD's polkit service stores actions under
@@ -85,7 +89,7 @@
      `(("expat" ,expat)
        ("linux-pam" ,linux-pam)
        ("elogind" ,elogind)
-       ("mozjs" ,mozjs)
+       ("mozjs" ,mozjs-52)
        ("nspr" ,nspr)))
     (propagated-inputs
      `(("glib" ,glib))) ; required by polkit-gobject-1.pc
diff --git a/gnu/packages/profiling.scm b/gnu/packages/profiling.scm
index b2def45ccf..07da23aa15 100644
--- a/gnu/packages/profiling.scm
+++ b/gnu/packages/profiling.scm
@@ -140,13 +140,13 @@ performance measurement opportunites across the hardware and software stack.")
 (define-public otf2
   (package
     (name "otf2")
-    (version "2.1")
+    (version "2.1.1")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "http://www.vi-hps.org/upload/packages/otf2/otf2-"
                            version ".tar.gz"))
-       (sha256 (base32 "1lyaqhdfaqm1kd23yk71g71vkscw83s7m57j017y768h8sh8xlwa"))))
+       (sha256 (base32 "1ls7rz6qwnqbkifpafc95bnfh3m9xbs74in8zxlnhfbgwx11nn81"))))
     (native-inputs `(("python" ,python)))
     (outputs '("doc"                              ; 18MB
                "lib"
diff --git a/gnu/packages/rdf.scm b/gnu/packages/rdf.scm
index 1618b29b06..ff79b90fcd 100644
--- a/gnu/packages/rdf.scm
+++ b/gnu/packages/rdf.scm
@@ -264,14 +264,14 @@ ideal (e.g. in LV2 implementations or embedded applications).")
 (define-public sord
   (package
     (name "sord")
-    (version "0.16.0")
+    (version "0.16.2")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.drobilla.net/sord-"
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "0nh3i867g9z4kdlnk82cg2kcw8r02qgifxvkycvzb4vfjv4v4g4x"))))
+               "13fshxwpipjrvsah1m2jw1kf022z2q5vpw24bzcznglgvms13x89"))))
     (build-system waf-build-system)
     (arguments
      `(#:tests? #f ; no check target
diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm
index 28bffb44bb..0695f8c7d2 100644
--- a/gnu/packages/rust.scm
+++ b/gnu/packages/rust.scm
@@ -303,21 +303,19 @@ safety and thread safety guarantees.")
                                    (package-native-inputs base-rust))))))
 
 (define-public mrustc
-  (let ((commit "b5b70897015ee70d62ddda9711c256ca7c720e0f")
-        (revision "3")
-        (rustc-version "1.19.0"))
+  (let ((rustc-version "1.19.0"))
     (package
       (name "mrustc")
-      (version (git-version "0.0.0" revision commit))
+      (version "0.8.0")
       (source (origin
                 (method git-fetch)
                 (uri (git-reference
                       (url "https://github.com/thepowersgang/mrustc.git")
-                      (commit commit)))
+                      (commit (string-append "v" version))))
                 (file-name (git-file-name name version))
                 (sha256
                  (base32
-                  "1d6jr6agiy598ab8lax0h9dfn9n67wg906y1f46l1c27sz3w82lb"))))
+                  "0a7v8ccyzp1sdkwni8h1698hxpfz2sxhcpx42n6l2pbm0rbjp08i"))))
       (outputs '("out" "cargo"))
       (build-system gnu-build-system)
       (inputs
@@ -335,7 +333,12 @@ safety and thread safety guarantees.")
                                            "/bin/llvm-config"))
          #:phases
          (modify-phases %standard-phases
-           (add-after 'unpack 'unpack-target-compiler
+          (add-after 'unpack 'patch-date
+            (lambda _
+              (substitute* "Makefile"
+               (("shell date") "shell date -d @1"))
+              #t))
+           (add-after 'patch-date 'unpack-target-compiler
              (lambda* (#:key inputs outputs #:allow-other-keys)
                (substitute* "minicargo.mk"
                  ;; Don't try to build LLVM.
diff --git a/gnu/packages/syncthing.scm b/gnu/packages/syncthing.scm
index 58e3f02db8..ffc90472d8 100644
--- a/gnu/packages/syncthing.scm
+++ b/gnu/packages/syncthing.scm
@@ -274,29 +274,6 @@ structs in the Go programming language.")
       (home-page "https://github.com/d4l3k/messagediff")
       (license expat))))
 
-(define-public go-github-com-edsrzf-mmap-go
-  (let ((commit "0bce6a6887123b67a60366d2c9fe2dfb74289d2e")
-        (revision "0"))
-    (package
-      (name "go-github-com-edsrzf-mmap-go")
-      (version (git-version "0.0.0" revision commit))
-      (source (origin
-                (method git-fetch)
-                (uri (git-reference
-                      (url "https://github.com/edsrzf/mmap-go")
-                      (commit commit)))
-                (file-name (git-file-name name version))
-                (sha256
-                 (base32
-                  "1am4m2k451bksnbiqj6lxknk4lsgmrhv0q3ajqac818vj0cpfgs9"))))
-      (build-system go-build-system)
-      (arguments
-       `(#:import-path "github.com/edsrzf/mmap-go"))
-      (synopsis "Go implementation of mmap")
-      (description "This packages provides a Go implementation of mmap.")
-      (home-page "https://github.com/edsrzf/mmap-go")
-      (license bsd-3))))
-
 (define-public go-github-com-gobwas-glob
   (let ((commit "51eb1ee00b6d931c66d229ceeb7c31b985563420")
         (revision "0"))
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 3db5796b4c..6eaaffba40 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -143,8 +143,8 @@ as well as the classic centralized workflow.")
 (define-public git
   (package
    (name "git")
-   ;; XXX When updating Git, check if the special 'git:src' input to cgit needs
-   ;; to be updated as well.
+   ;; XXX When updating Git, check if the special 'git-source' input to cgit
+   ;; needs to be updated as well.
    (version "2.18.0")
    (source (origin
             (method url-fetch)
@@ -419,7 +419,7 @@ everything from small to very large projects with speed and efficiency.")
 (define-public libgit2
   (package
     (name "libgit2")
-    (version "0.26.5")
+    (version "0.26.6")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/libgit2/libgit2/"
@@ -427,7 +427,7 @@ everything from small to very large projects with speed and efficiency.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1adhq7pk9zdj85i5j4xzimq39qy6wpsi4h9fb8vc8jsncr8qmqjj"))
+                "0qjn1v5q282v8jih8rqjdqxr5v4n4manr0c8i3nnrf6sxd3xssbn"))
               (patches (search-patches "libgit2-mtime-0.patch"))
 
               ;; Remove bundled software.
@@ -558,9 +558,7 @@ collaboration using typical untrusted file hosts or services.")
 (define-public cgit
   (package
     (name "cgit")
-    ;; XXX When updating cgit, try removing the special 'git:src' input and
-    ;; using the source of the git package.
-    (version "1.1")
+    (version "1.2.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -568,7 +566,7 @@ collaboration using typical untrusted file hosts or services.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "142qcgs8dwnzhymn0a7xx47p9fc2z5wrb86ah4a9iz0mpqlsz288"))))
+                "1gw2j5xc5qdx2hwiwkr8h6kgya7v9d9ff9j32ga1dys0cca7qm1w"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f ; XXX: fail to build the in-source git.
@@ -580,7 +578,7 @@ collaboration using typical untrusted file hosts or services.")
            (lambda* (#:key inputs #:allow-other-keys)
              ;; Unpack the source of git into the 'git' directory.
              (invoke "tar" "--strip-components=1" "-C" "git" "-xf"
-                     (assoc-ref inputs "git:src"))))
+                     (assoc-ref inputs "git-source"))))
          (add-after 'unpack 'patch-absolute-file-names
            (lambda* (#:key inputs #:allow-other-keys)
              (define (quoted-file-name input path)
@@ -642,16 +640,8 @@ collaboration using typical untrusted file hosts or services.")
        ("bzip2" ,bzip2)
        ("xz" ,xz)))
     (inputs
-     `(;; Cgit directly accesses some internal Git interfaces that changed in
-       ;; Git 2.12.  Try removing this special input and using the source of the
-       ;; Git package for cgit > 1.1.
-       ("git:src"
-        ,(origin
-           (method url-fetch)
-           (uri "mirror://kernel.org/software/scm/git/git-2.10.5.tar.xz")
-           (sha256
-            (base32
-             "1r2aa19gnrvm2y4fqcvpw1g9l72n48axqmpgv18s6d0y2p72vhzj"))))
+     `(;; Building cgit requires a Git source tree.
+       ("git-source" ,(package-source git))
        ("openssl" ,openssl)
        ("groff" ,groff)
        ("python" ,python)
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 9e6dba4175..f81dbe5244 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -650,6 +650,7 @@ standards (MPEG-2, MPEG-4 ASP/H.263, MPEG-4 AVC/H.264, and VC-1/VMW3).")
        ("soxr" ,soxr)
        ("speex" ,speex)
        ("twolame" ,twolame)
+       ("vidstab" ,vidstab)
        ("x265" ,x265)
        ("xvid" ,xvid)
        ("zlib" ,zlib)))
@@ -701,8 +702,6 @@ standards (MPEG-2, MPEG-4 ASP/H.263, MPEG-4 AVC/H.264, and VC-1/VMW3).")
        ;;   --enable-libutvideo      enable Ut Video encoding and decoding via
        ;;                            libutvideo [no]
        ;;   --enable-libv4l2         enable libv4l2/v4l-utils [no]
-       ;;   --enable-libvidstab      enable video stabilization using
-       ;;                            vid.stab [no]
        ;;   --enable-libvo-aacenc    enable AAC encoding via libvo-aacenc [no]
        ;;   --enable-libvo-amrwbenc  enable AMR-WB encoding via
        ;;                            libvo-amrwbenc [no]
@@ -730,6 +729,7 @@ standards (MPEG-2, MPEG-4 ASP/H.263, MPEG-4 AVC/H.264, and VC-1/VMW3).")
          "--enable-libspeex"
          "--enable-libtheora"
          "--enable-libtwolame"
+         "--enable-libvidstab"
          "--enable-libvorbis"
          "--enable-libvpx"
          "--enable-libxvid"
@@ -1257,7 +1257,7 @@ access to mpv's powerful playback capabilities.")
 (define-public youtube-dl
   (package
     (name "youtube-dl")
-    (version "2018.07.29")
+    (version "2018.08.04")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://yt-dl.org/downloads/"
@@ -1265,7 +1265,7 @@ access to mpv's powerful playback capabilities.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "18rszvvpw9zyqfjysydvl24jf0hlpfcd22fgqsijhsq7bznwr9jj"))))
+                "1hcx99qbbyigc8k98c8bcc6a2wnhq6493fmrkl7rysc8krlxr0pm"))))
     (build-system python-build-system)
     (arguments
      ;; The problem here is that the directory for the man page and completion
@@ -3034,3 +3034,27 @@ project, which is released into the public domain, as well as ISO 14496-12:2005
 online.")
     (home-page "https://github.com/danielgtaylor/qtfaststart")
     (license license:expat)))
+
+(define-public vidstab
+  (package
+    (name "vidstab")
+    (version "1.1.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/georgmartius/vid.stab/"
+                                  "archive/v" version ".tar.gz"))
+              (sha256
+               (base32
+                "1fy03n343djfdi19msac81833v5iivpv635yjzrx9nkfwm9s1lhl"))))
+    (build-system cmake-build-system)
+    (arguments
+     '(#:tests? #f)) ; tests are not run as part of standard build process
+    (home-page "http://public.hronopik.de/vid.stab/")
+    (synopsis "Video stabilization library")
+    (description "Vidstab is a video stabilization library which can be used
+with FFmpeg.  A video acquired using a hand-held camera or a camera mounted on a
+vehicle typically suffers from undesirable shakes and jitters.  Activities such
+as surfing, skiing, riding and walking while shooting videos are especially
+prone to erratic camera shakes.  Vidstab targets these video contents to help
+create smoother and stable videos.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index e4120de38f..8e7eded5e1 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -94,7 +94,7 @@
 (define-public qemu
   (package
     (name "qemu")
-    (version "2.12.0")
+    (version "2.12.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.qemu.org/qemu-"
@@ -102,7 +102,7 @@
              (patches (search-patches "qemu-CVE-2018-11806.patch"))
              (sha256
               (base32
-               "1z66spkm1prvhbq7h5mfnp0i6mmamsb938fqmdfvyrgzc7rh34z6"))))
+               "0krnp2wvggpchc7fdlmyasqy7j17baz8asr2g05x0v00w003hn1k"))))
     (build-system gnu-build-system)
     (arguments
      '(;; Running tests in parallel can occasionally lead to failures, like:
@@ -347,6 +347,7 @@ all common programming languages.  Vala bindings are also provided.")
               (uri (string-append
                     "https://linuxcontainers.org/downloads/lxc/lxc-"
                     version ".tar.gz"))
+              (patches (search-patches "lxc-CVE-2018-6556.patch"))
               (sha256
                (base32
                 "1nyml98k28sc5sda0260cmby4irkpnhpwgmx4yhqy10wpr4nr625"))))
diff --git a/gnu/packages/vulkan.scm b/gnu/packages/vulkan.scm
index a8442cb7a6..f256e21187 100644
--- a/gnu/packages/vulkan.scm
+++ b/gnu/packages/vulkan.scm
@@ -163,7 +163,7 @@ interpretation of the specifications for these languages.")
 (define-public vulkan-headers
   (package
     (name "vulkan-headers")
-    (version "1.1.77.0")
+    (version "1.1.82.0")
     (source
      (origin
        (method url-fetch)
@@ -172,7 +172,7 @@ interpretation of the specifications for these languages.")
              "archive/sdk-" version ".tar.gz"))
        (sha256
         (base32
-         "05pgaqyj516lmzdr4clxll5gvr5zb29sfjhs2d7mkryqs6zk5xdj"))))
+         "1rbra47f1dkw5bjzvm0k9s2f89c2x80j904ply4bxks7sl3xlwyz"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f)) ; No tests.
@@ -195,7 +195,7 @@ interpretation of the specifications for these languages.")
              "archive/sdk-" version ".tar.gz"))
        (sha256
         (base32
-         "1zg86b5wba9l14ry3ap7yzgd9hwzxxr0rjgwhnv14n75aqpwv02d"))))
+         "032vfysb8mi19c2lx08vc6k9mbzxmiy17wp7a22vpgwwv69kxkc6"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f ;FIXME: 23/39 tests fail.  Try "tests/run_all_tests.sh".
@@ -251,7 +251,7 @@ and the ICD.")
              "archive/sdk-" version ".tar.gz"))
        (sha256
         (base32
-         "1imbiw8crrkxgsjkgmv5x6s9yx89g6v3r2s5qfm5h31pv6lyzshm"))))
+         "175qhfg9lxxfm5zks6jxaybcxamwd9q5kvjq8ikf2dbmskgybr92"))))
     (build-system cmake-build-system)
     (inputs
      `(("glslang" ,glslang)
diff --git a/gnu/packages/web-browsers.scm b/gnu/packages/web-browsers.scm
index 56bfa6ab28..397f4a3133 100644
--- a/gnu/packages/web-browsers.scm
+++ b/gnu/packages/web-browsers.scm
@@ -199,7 +199,7 @@ and the GTK+ toolkit.")
 (define-public lynx
   (package
     (name "lynx")
-    (version "2.8.9dev.19")
+    (version "2.8.9rel.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -207,7 +207,7 @@ and the GTK+ toolkit.")
                     "/lynx" version ".tar.bz2"))
               (sha256
                (base32
-                "17wfiad2ha4y15pmwv55j0l9z1z1pcgcasrc6hwbgv0hhdpp08q2"))))
+                "15cmyyma2kz1hfaa6mwjgli8zwdzq3jv0q2cl6nwzycjfwyijzrq"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)
                      ("perl" ,perl)))
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index b976d6ea08..1cbc01041c 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -4086,14 +4086,14 @@ a pure C99 library.")
 (define-public uwsgi
   (package
     (name "uwsgi")
-    (version "2.0.17")
+    (version "2.0.17.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://projects.unbit.it/downloads/uwsgi-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1wlbaairsmhp6bx5wv282q9pgh6w7w6yrb8vxjznfaxrinsfkhix"))))
+                "0xxjb9dyivq5531birvxq2gnyxf2x5q7gz54440acra6qwsq4cfj"))))
     (build-system gnu-build-system)
     (outputs '("out" "python"))
     (arguments
@@ -4946,7 +4946,7 @@ tools like SSH (Secure Shell) to reach the outside world.")
 (define-public stunnel
   (package
   (name "stunnel")
-  (version "5.47")
+  (version "5.48")
   (source
     (origin
       (method url-fetch)
@@ -4954,7 +4954,7 @@ tools like SSH (Secure Shell) to reach the outside world.")
                           version ".tar.gz"))
       (sha256
        (base32
-        "02qx0b0dd38rfcl9vfd6zq1pcg5gv0z2mxw5z3p2pfbfk7dpbrn4"))))
+        "1pxqn9ixl80nrhfq12igyi874653jclji56hh9w24snf0aixa48h"))))
   (build-system gnu-build-system)
   (native-inputs
    ;; For tests.
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index 10cd788af2..0eab2df22c 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -55,14 +55,14 @@
 (define-public webkitgtk
   (package
     (name "webkitgtk")
-    (version "2.20.3")
+    (version "2.20.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.webkitgtk.org/releases/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1n0dy94bm7wvxln4jis1gp8plv8n4a01g41724zsf5psg1yk16sp"))))
+                "0cmfjbfxssgrwhgqmk7kqws91k6pha519bnyjrfsgy640max2zfc"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f ; no tests
diff --git a/gnu/packages/wm.scm b/gnu/packages/wm.scm
index a076cbbb1d..e83f07bc54 100644
--- a/gnu/packages/wm.scm
+++ b/gnu/packages/wm.scm
@@ -455,7 +455,7 @@ desktop environment.")
 (define-public xmonad
   (package
     (name "xmonad")
-    (version "0.13")
+    (version "0.14")
     (synopsis "Tiling window manager")
     (source (origin
               (method url-fetch)
@@ -463,12 +463,13 @@ desktop environment.")
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1jh3lcs20qpna36fa5a0r174xqrsxhj10x1rm5vwf64zariipy7r"))))
+                "0lq3k0ap7jxrrswpd954mqa6h8diccbif5srcgbmr39y6y8x0mm4"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-extensible-exceptions" ,ghc-extensible-exceptions)
        ("ghc-mtl"                   ,ghc-mtl)
        ("ghc-quickcheck"            ,ghc-quickcheck)
+       ("ghc-semigroups"            ,ghc-semigroups)
        ("ghc-setlocale"             ,ghc-setlocale)
        ("ghc-utf8-string"           ,ghc-utf8-string)
        ("ghc-x11"                   ,ghc-x11)))
@@ -489,7 +490,7 @@ desktop environment.")
                     Comment=~a~@
                     Exec=~a/bin/xmonad~@
                     Type=Application~%" ,name ,synopsis %output)))))))))
-    (home-page "http://xmonad.org")
+    (home-page "https://xmonad.org")
     (description
      "Xmonad is a tiling window manager for X.  Windows are arranged
 automatically to tile the screen without gaps or overlap, maximising screen
@@ -547,7 +548,7 @@ Haskell, no knowledge of the language is required to install and use it.")
 (define-public ghc-xmonad-contrib
   (package
     (name "ghc-xmonad-contrib")
-    (version "0.13")
+    (version "0.14")
     (source
      (origin
        (method url-fetch)
@@ -555,7 +556,7 @@ Haskell, no knowledge of the language is required to install and use it.")
                            "xmonad-contrib-" version ".tar.gz"))
        (sha256
         (base32
-         "0vj72jhfng6y7hv5frx2v99jvl3jn9rbpk2j7xw9vydiwmzq4q57"))))
+         "1660w3xhbfrlq8b8s1rviq2mcn1vyqpypli4023gqxwry52brk6y"))))
     (build-system haskell-build-system)
     (propagated-inputs
      `(("ghc-mtl" ,ghc-mtl)
@@ -566,7 +567,7 @@ Haskell, no knowledge of the language is required to install and use it.")
        ("ghc-x11" ,ghc-x11)
        ("ghc-x11-xft" ,ghc-x11-xft)
        ("xmonad" ,xmonad)))
-    (home-page "http://xmonad.org")
+    (home-page "https://xmonad.org")
     (synopsis "Third party extensions for xmonad")
     (description
      "Third party tiling algorithms, configurations, and scripts to Xmonad, a
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index d6ca5278f5..a6d9555966 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -640,7 +640,7 @@ to find buttons, etc, on the screen to click on.")
 (define-public xlockmore
   (package
     (name "xlockmore")
-    (version "5.55")
+    (version "5.56")
     (source (origin
              (method url-fetch)
              (uri (list (string-append "http://sillycycle.com/xlock/"
@@ -651,7 +651,7 @@ to find buttons, etc, on the screen to click on.")
                                        name "-" version ".tar.xz")))
              (sha256
               (base32
-               "1y3f76rq2nd10fgi2rx81aj6pijglmm661vjsxi05hpg35dzmwfl"))))
+               "1dg1n79rnswhxqz36mxnl5lp8p37i9fbibnzzyrqknmvf2s8xpd0"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags (list (string-append "--enable-appdefaultdir="
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 57cea3fee5..47a7f11499 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5070,7 +5070,7 @@ over Xlib, including:
 (define-public xorg-server
   (package
     (name "xorg-server")
-    (version "1.20.0")
+    (version "1.20.1")
     (source
       (origin
         (method url-fetch)
@@ -5079,7 +5079,7 @@ over Xlib, including:
               name "-" version ".tar.bz2"))
         (sha256
          (base32
-          "1rnka3sp8yg2bir0bjjhwn33jikj8qd8ckqcxrs94w05bwc7v5lx"))
+          "0679942x1ma2p30vlvqylpjc5v1ak1pgqysnqrj82nz7dzl9zjar"))
         (patches
          (list
           ;; See:
@@ -5093,8 +5093,7 @@ over Xlib, including:
             (sha256
              (base32
               "0mm70y058r8s9y9jiv7q2myv0ycnaw3iqzm7d274410s0ik38w7q"))
-            (file-name "xorg-server-use-intel-only-on-pre-gen4.diff"))
-          (search-patch "xorg-server-rotate-fb.patch")))))
+            (file-name "xorg-server-use-intel-only-on-pre-gen4.diff"))))))
     (build-system gnu-build-system)
     (propagated-inputs
       `(("libpciaccess" ,libpciaccess)