summary refs log tree commit diff
path: root/gnu/packages
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2018-03-17 01:18:37 -0400
committerMark H Weaver <mhw@netris.org>2018-03-17 01:18:37 -0400
commit9f388b1ee1733d84edff7f473cbcbc4ab42b7128 (patch)
tree27bd5e908f732a1cddca4b9ef93ee1981d3b0095 /gnu/packages
parent2857e527de058d9e7f4efea50d381a449a1b6641 (diff)
parent9f375a4c0f55238614e047448c8e878b9829f918 (diff)
downloadguix-9f388b1ee1733d84edff7f473cbcbc4ab42b7128.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages')
-rw-r--r--gnu/packages/ada.scm40
-rw-r--r--gnu/packages/admin.scm13
-rw-r--r--gnu/packages/autotools.scm4
-rw-r--r--gnu/packages/bioinformatics.scm152
-rw-r--r--gnu/packages/cdrom.scm14
-rw-r--r--gnu/packages/compression.scm44
-rw-r--r--gnu/packages/cran.scm4
-rw-r--r--gnu/packages/databases.scm120
-rw-r--r--gnu/packages/dns.scm7
-rw-r--r--gnu/packages/emacs.scm45
-rw-r--r--gnu/packages/freedesktop.scm4
-rw-r--r--gnu/packages/geo.scm121
-rw-r--r--gnu/packages/gnuzilla.scm30
-rw-r--r--gnu/packages/graph.scm35
-rw-r--r--gnu/packages/gtk.scm4
-rw-r--r--gnu/packages/idris.scm64
-rw-r--r--gnu/packages/image.scm21
-rw-r--r--gnu/packages/inkscape.scm1
-rw-r--r--gnu/packages/java.scm44
-rw-r--r--gnu/packages/language.scm8
-rw-r--r--gnu/packages/linux.scm11
-rw-r--r--gnu/packages/maths.scm56
-rw-r--r--gnu/packages/messaging.scm12
-rw-r--r--gnu/packages/networking.scm21
-rw-r--r--gnu/packages/patches/shadow-CVE-2018-7169.patch191
-rw-r--r--gnu/packages/patches/util-linux-CVE-2018-7738.patch49
-rw-r--r--gnu/packages/python-web.scm4
-rw-r--r--gnu/packages/python.scm1
-rw-r--r--gnu/packages/samba.scm4
-rw-r--r--gnu/packages/serialization.scm78
-rw-r--r--gnu/packages/suckless.scm4
-rw-r--r--gnu/packages/tex.scm82
-rw-r--r--gnu/packages/tls.scm6
-rw-r--r--gnu/packages/video.scm4
-rw-r--r--gnu/packages/webkit.scm14
-rw-r--r--gnu/packages/xiph.scm15
36 files changed, 1208 insertions, 119 deletions
diff --git a/gnu/packages/ada.scm b/gnu/packages/ada.scm
index d6cd1e9787..d60723edfa 100644
--- a/gnu/packages/ada.scm
+++ b/gnu/packages/ada.scm
@@ -59,3 +59,43 @@ specification in our Python DSL and Langkit will generate for you an
 Ada library with bindings for the C and Python programming languages.")
       (home-page "https://github.com/AdaCore/langkit/")
       (license license:gpl3+))))   ; and gcc runtime library exception
+
+(define-public python2-libadalang
+  (let ((commit "9b205e9bacdd50a68117727332e16fbef5f6ac49")
+        (revision "0"))
+    (package
+      (name "python2-libadalang")
+      (version (git-version "0.0.0" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/AdaCore/libadalang.git")
+                      (commit commit)))
+                (sha256
+                 (base32
+                  "06hsnzj2syqpq2yhg1bb0zil7ydbyqkdmkjbf8j9b5sdgkyh5xrp"))
+                (file-name (string-append name "-" version "-checkout"))))
+      (build-system python-build-system)
+      (native-inputs
+       `(("python2-langkit" ,python2-langkit)
+         ("python2-quex" ,python2-quex-0.67.3)))
+      (arguments
+       `(#:python ,python-2
+         #:phases
+         (modify-phases %standard-phases
+           (replace 'build
+             (lambda _
+               (invoke "python2" "ada/manage.py" "generate")
+               (invoke "python2" "ada/manage.py" "build")))
+           (replace 'check
+             (lambda _
+               (invoke "python2" "ada/manage.py" "test")))
+           (replace 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out")))
+                 (invoke "python2" "ada/manage.py" "install" out)))))))
+      (synopsis "Semantic Analysis for Ada in Python")
+      (description "@code{libadalang} provides a high-performance semantic
+engine for the Ada programming language.")
+      (home-page "https://github.com/AdaCore/libadalang")
+      (license license:gpl3)))) ; and gcc runtime gcc lib exception
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 33bf6cd3f8..4755b3d7b7 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -360,6 +360,7 @@ hostname.")
               (uri (string-append
                     "https://github.com/shadow-maint/shadow/releases/"
                     "download/" version "/shadow-" version ".tar.xz"))
+              (patches (search-patches "shadow-CVE-2018-7169.patch"))
               (sha256
                (base32
                 "0hdpai78n63l3v3fgr3kkiqzhd0awrpfnnzz4mf7lmxdh61qb37w"))))
@@ -1209,7 +1210,7 @@ module slots, and the list of I/O ports (e.g. serial, parallel, USB).")
 (define-public acpica
   (package
     (name "acpica")
-    (version "20180209")
+    (version "20180313")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1217,7 +1218,7 @@ module slots, and the list of I/O ports (e.g. serial, parallel, USB).")
                     version ".tar.gz"))
               (sha256
                (base32
-                "04hyc5s9iiyiznvspx7q73r6ns98d51wrv8zfvqbqv52gqq8hzdh"))))
+                "16galaadmr37q2pvk2gyxrm8d1xldzk31djfxfq9v1c9yq4i425h"))))
     (build-system gnu-build-system)
     (native-inputs `(("flex" ,flex)
                      ("bison" ,bison)))
@@ -2208,7 +2209,7 @@ buffers.")
 (define-public intel-gpu-tools
   (package
     (name "intel-gpu-tools")
-    (version "1.21")
+    (version "1.22")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://cgit.freedesktop.org/xorg/app/"
@@ -2216,7 +2217,7 @@ buffers.")
                                   "intel-gpu-tools-" version ".tar.gz"))
               (sha256
                (base32
-                "1xfy4cgimyyn5qixlrfkadgnl9qwbk30vw8k80g8vjnrcc4hx986"))))
+                "1jx5w5fr6jp67rcrlp5v79cn8kp9n0wgd5pbfgzamlah5cx6j3yd"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; many of the tests try to load kernel modules
@@ -2228,7 +2229,8 @@ buffers.")
              (setenv "NOCONFIGURE" "1")
              (invoke "sh" "autogen.sh"))))))
     (inputs
-     `(("util-macros" ,util-macros)
+     `(("eudev" ,eudev)
+       ("util-macros" ,util-macros)
        ("libdrm" ,libdrm)
        ("libpciaccess" ,libpciaccess)
        ("kmod" ,kmod)
@@ -2252,6 +2254,7 @@ changes, and many require complicated build procedures or specific testing
 environments to get useful results.  Therefore, Intel GPU Tools includes
 low-level tools and tests specifically for development and testing of the
 Intel DRM Driver.")
+    (supported-systems '("i686-linux" "x86_64-linux"))
     (license license:expat)))
 
 (define-public fabric
diff --git a/gnu/packages/autotools.scm b/gnu/packages/autotools.scm
index de636cf9a0..b86c1c835a 100644
--- a/gnu/packages/autotools.scm
+++ b/gnu/packages/autotools.scm
@@ -205,7 +205,7 @@ exec ~a --no-auto-compile \"$0\" \"$@\"
 (define-public autoconf-archive
   (package
     (name "autoconf-archive")
-    (version "2017.09.28")
+    (version "2018.03.13")
     (source
      (origin
       (method url-fetch)
@@ -213,7 +213,7 @@ exec ~a --no-auto-compile \"$0\" \"$@\"
                           version ".tar.xz"))
       (sha256
        (base32
-        "00gsh9hkrgg291my98plkrwlcpxkfrpq64pglf18kciqbf2bb7sw"))))
+        "0ng1lvpijf3kv7w7nb1shqs23vp0398yicyvkf9lsk56kw6zjxb1"))))
     (build-system gnu-build-system)
     (home-page "https://www.gnu.org/software/autoconf-archive/")
     (synopsis "Collection of freely reusable Autoconf macros")
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 6fea723fd8..426618147f 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -9,6 +9,7 @@
 ;;; Copyright © 2016, 2018 Raoul Bonnal <ilpuccio.febo@gmail.com>
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2018 Joshua Sierles, Nextjournal <joshua@nextjournal.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -12685,6 +12686,13 @@ once.  This package provides tools to perform Drop-seq analyses.")
      `(#:parallel-tests? #f             ; not supported
        #:phases
        (modify-phases %standard-phases
+         ;; "test.sh" runs STAR, which requires excessive amounts of memory.
+         (add-after 'unpack 'disable-resource-intensive-test
+           (lambda _
+             (substitute* "Makefile.in"
+               (("(^  tests/test_trim_galore/test.sh).*" _ m) m)
+               (("^  test.sh") ""))
+             #t))
          (add-after 'install 'wrap-executable
            ;; Make sure the executable finds all R modules.
            (lambda* (#:key inputs outputs #:allow-other-keys)
@@ -12864,3 +12872,147 @@ data of bisulfite experiments; it produces reports on aggregate methylation
 and coverage and can be used to produce information on differential
 methylation and segmentation.")
     (license license:gpl3+)))
+
+(define-public pigx-scrnaseq
+  (package
+    (name "pigx-scrnaseq")
+    (version "0.0.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/BIMSBbioinfo/pigx_scrnaseq/"
+                                  "releases/download/v" version
+                                  "/pigx_scrnaseq-" version ".tar.gz"))
+              (sha256
+               (base32
+                "03gwp83823ji59y6nvyz89i4yd3faaqpc3791qia71i91470vfsg"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags
+       (list (string-append "PICARDJAR=" (assoc-ref %build-inputs "java-picard")
+			    "/share/java/picard.jar")
+	     (string-append "DROPSEQJAR=" (assoc-ref %build-inputs "dropseq-tools")
+			    "/share/java/dropseq.jar"))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'wrap-executable
+           ;; Make sure the executable finds all R modules.
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (wrap-program (string-append out "/bin/pigx-scrnaseq")
+                 `("R_LIBS_SITE" ":" = (,(getenv "R_LIBS_SITE")))
+                 `("PYTHONPATH"  ":" = (,(getenv "PYTHONPATH")))))
+             #t)))))
+    (inputs
+     `(("dropseq-tools" ,dropseq-tools)
+       ("fastqc" ,fastqc)
+       ("java-picard" ,java-picard)
+       ("java" ,icedtea-8)
+       ("python-wrapper" ,python-wrapper)
+       ("python-pyyaml" ,python-pyyaml)
+       ("python-pandas" ,python-pandas)
+       ("python-numpy" ,python-numpy)
+       ("python-loompy" ,python-loompy)
+       ("ghc-pandoc" ,ghc-pandoc)
+       ("ghc-pandoc-citeproc" ,ghc-pandoc-citeproc)
+       ("snakemake" ,snakemake)
+       ("star" ,star)
+       ("r-minimal" ,r-minimal)
+       ("r-argparser" ,r-argparser)
+       ("r-cowplot" ,r-cowplot)
+       ("r-data-table" ,r-data-table)
+       ("r-delayedarray" ,r-delayedarray)
+       ("r-delayedmatrixstats" ,r-delayedmatrixstats)
+       ("r-dplyr" ,r-dplyr)
+       ("r-dropbead" ,r-dropbead)
+       ("r-dt" ,r-dt)
+       ("r-genomicalignments" ,r-genomicalignments)
+       ("r-genomicfiles" ,r-genomicfiles)
+       ("r-genomicranges" ,r-genomicranges)
+       ("r-ggplot2" ,r-ggplot2)
+       ("r-hdf5array" ,r-hdf5array)
+       ("r-pheatmap" ,r-pheatmap)
+       ("r-rmarkdown" ,r-rmarkdown)
+       ("r-rsamtools" ,r-rsamtools)
+       ("r-rtracklayer" ,r-rtracklayer)
+       ("r-rtsne" ,r-rtsne)
+       ("r-scater" ,r-scater)
+       ("r-scran" ,r-scran)
+       ("r-singlecellexperiment" ,r-singlecellexperiment)
+       ("r-stringr" ,r-stringr)
+       ("r-yaml" ,r-yaml)))
+    (home-page "http://bioinformatics.mdc-berlin.de/pigx/")
+    (synopsis "Analysis pipeline for single-cell RNA sequencing experiments")
+    (description "PiGX scRNAseq is an analysis pipeline for preprocessing and
+quality control for single cell RNA sequencing experiments.  The inputs are
+read files from the sequencing experiment, and a configuration file which
+describes the experiment.  It produces processed files for downstream analysis
+and interactive quality reports.  The pipeline is designed to work with UMI
+based methods.")
+    (license license:gpl3+)))
+
+(define-public pigx
+  (package
+    (name "pigx")
+    (version "0.0.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/BIMSBbioinfo/pigx/"
+                                  "releases/download/v" version
+                                  "/pigx-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1nxb2hbp40yg3j7n56k4dhsd2fl1j8g0wpiiln56prqzljwnlgmf"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("python" ,python)
+       ("pigx-bsseq" ,pigx-bsseq)
+       ("pigx-chipseq" ,pigx-chipseq)
+       ("pigx-rnaseq" ,pigx-rnaseq)
+       ("pigx-scrnaseq" ,pigx-scrnaseq)))
+    (home-page "http://bioinformatics.mdc-berlin.de/pigx/")
+    (synopsis "Analysis pipelines for genomics")
+    (description "PiGx is a collection of genomics pipelines.  It includes the
+following pipelines:
+
+@itemize
+@item PiGx BSseq for raw fastq read data of bisulfite experiments
+@item PiGx RNAseq for RNAseq samples
+@item PiGx scRNAseq for single cell dropseq analysis
+@item PiGx ChIPseq for reads from ChIPseq experiments
+@end itemize
+
+All pipelines are easily configured with a simple sample sheet and a
+descriptive settings file.  The result is a set of comprehensive, interactive
+HTML reports with interesting findings about your samples.")
+    (license license:gpl3+)))
+
+(define-public r-diversitree
+  (package
+    (name "r-diversitree")
+    (version "0.9-10")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (cran-uri "diversitree" version))
+        (sha256
+         (base32
+          "0gh4rcrp0an3jh8915i1fsxlgyfk7njywgbd5ln5r2jhr085kpz7"))))
+    (build-system r-build-system)
+    (native-inputs
+     `(("gfortran" ,gfortran)))
+    (inputs `(("fftw" ,fftw) ("gsl" ,gsl)))
+    (propagated-inputs
+     `(("r-ape" ,r-ape)
+       ("r-desolve" ,r-desolve)
+       ("r-rcpp" ,r-rcpp)
+       ("r-suplex" ,r-subplex)))
+    (home-page "https://www.zoology.ubc.ca/prog/diversitree")
+    (synopsis "Comparative 'phylogenetic' analyses of diversification")
+    (description "This package contains a number of comparative \"phylogenetic\"
+methods, mostly focusing on analysing diversification and character evolution.
+Contains implementations of \"BiSSE\" (Binary State Speciation and Extinction)
+and its unresolved tree extensions, \"MuSSE\" (Multiple State Speciation and
+Extinction), \"QuaSSE\", \"GeoSSE\", and \"BiSSE-ness\" Other included methods
+include Markov models of discrete and continuous trait evolution and constant
+rate speciation and extinction.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/cdrom.scm b/gnu/packages/cdrom.scm
index 21b8371f31..6d33b917e1 100644
--- a/gnu/packages/cdrom.scm
+++ b/gnu/packages/cdrom.scm
@@ -704,14 +704,14 @@ laid out on the image.")
 (define-public libburn
   (package
     (name "libburn")
-    (version "1.4.6")
+    (version "1.4.8")
     (source (origin
              (method url-fetch)
              (uri (string-append "http://files.libburnia-project.org/releases/"
                                  "libburn-" version ".tar.gz"))
              (sha256
               (base32
-               "0wbh49s3az3sfpai09z1zdgynq7wnwrk31v5589033274nmzldlx"))))
+               "19lxnzn8bz70glrrrn2hs43gf5g7gfbcka9rcbckhv1pb7is509y"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -726,14 +726,14 @@ DVD-RW, DVD-R, DVD-R/DL, BD-R, and BD-RE.")
 (define-public libisofs
   (package
     (name "libisofs")
-    (version "1.4.6")
+    (version "1.4.8")
     (source (origin
              (method url-fetch)
              (uri (string-append "http://files.libburnia-project.org/releases/"
                                  "libisofs-" version ".tar.gz"))
              (sha256
               (base32
-               "02m5g6lbmmkh2xc5xzq5zaf3ma6v31gls66aj886b3cq9qw0paql"))))
+               "0scvqb72qq24wcg814p1iw1dknldl21hr1hxsc1wy9vc6vgyk7fw"))))
     (build-system gnu-build-system)
     (inputs
      `(("zlib" ,zlib)
@@ -743,11 +743,11 @@ DVD-RW, DVD-R, DVD-R/DL, BD-R, and BD-RE.")
     (home-page "https://dev.lovelyhq.com/libburnia/libisofs")
     (synopsis "Library to create ISO 9660 images")
     (description
-     "Libisofs creates ISO 9660 (also known as ECMA-119) filesystem images
+     "Libisofs creates ISO 9660 (also known as ECMA-119) file system images
 which can either be written to POSIX file objects or handed over to
 libburn for being written directly to optical media.
 It can read metadata of ISO 9660 filesystems, manipulate them, and use them
-to produce new complete filesystem images or add-on images to be appended
-to the read filesystem image.
+to produce new complete file system images or add-on images to be appended
+to the read file system image.
 Supported extensions to ISO 9660 are Rock Ridge, Joliet, AAIP, zisofs.")
     (license gpl2+)))
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 15a12d03c2..3f486d38c1 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -21,6 +21,7 @@
 ;;; Copyright © 2017 Petter <petter@mykolab.ch>
 ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2018 Rutger Helling <rhelling@mykolab.com>
+;;; Copyright © 2018 Joshua Sierles, Nextjournal <joshua@nextjournal.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -2112,3 +2113,46 @@ single-member files which can't be decompressed in parallel.")
    (description "innoextract allows extracting Inno Setup installers under
 non-Windows systems without running the actual installer using wine.")
    (license license:zlib)))
+
+(define-public google-brotli
+  (package
+    (name "google-brotli")
+    (version "1.0.2")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "https://github.com/google/brotli/archive/v"
+                                 version ".tar.gz"))
+             (sha256
+              (base32
+               "08kl9gww2058p1p7j9xqmcmrabcfihhj3fq984d7fi3bchb2mky2"))))
+    (build-system cmake-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'install 'rename-static-libraries
+           ;; The build tools put a 'static' suffix on the static libraries, but
+           ;; other applications don't know how to find these.
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((lib (string-append (assoc-ref %outputs "out") "/lib/")))
+               (rename-file (string-append lib "libbrotlicommon-static.a")
+                            (string-append lib "libbrotlicommon.a"))
+               (rename-file (string-append lib "libbrotlidec-static.a")
+                            (string-append lib "libbrotlidec.a"))
+               (rename-file (string-append lib "libbrotlienc-static.a")
+                            (string-append lib "libbrotlienc.a"))
+               #t))))
+       #:configure-flags
+       (list ;; Defaults to "lib64" on 64-bit archs.
+             (string-append "-DCMAKE_INSTALL_LIBDIR="
+                            (assoc-ref %outputs "out") "/lib"))))
+    (home-page "https://github.com/google/brotli")
+    (synopsis "General-purpose lossless compression")
+    (description "This package provides the reference implementation of Brotli,
+a generic-purpose lossless compression algorithm that compresses data using a
+combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd
+order context modeling, with a compression ratio comparable to the best
+currently available general-purpose compression methods.  It is similar in speed
+with @code{deflate} but offers more dense compression.
+
+The specification of the Brotli Compressed Data Format is defined in RFC 7932.")
+    (license license:expat)))
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
index b7126518c1..9b045c122f 100644
--- a/gnu/packages/cran.scm
+++ b/gnu/packages/cran.scm
@@ -1809,14 +1809,14 @@ statistics, etc.")
 (define-public r-scatterplot3d
   (package
     (name "r-scatterplot3d")
-    (version "0.3-40")
+    (version "0.3-41")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "scatterplot3d" version))
        (sha256
         (base32
-         "0ababcj87kx7860mica9y2ydlhskxmgj9n46crx036cila512jc2"))))
+         "152xqz9c70qab86mpgng049gxsg5f4fpf1m8dh93fb9v1avjd0sc"))))
     (build-system r-build-system)
     (home-page "https://cran.r-project.org/web/packages/scatterplot3d/")
     (synopsis "3D scatter plot")
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index f48474026b..a54013b818 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -31,6 +31,7 @@
 ;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Kristofer Buffington <kristoferbuffington@gmail.com>
 ;;; Copyright © 2018 Amirouche Boubekki <amirouche@hypermove.net>
+;;; Copyright © 2018 Joshua Sierles, Nextjournal <joshua@nextjournal.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -58,6 +59,7 @@
   #:use-module (gnu packages bison)
   #:use-module (gnu packages boost)
   #:use-module (gnu packages check)
+  #:use-module (gnu packages cmake)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages crypto)
   #:use-module (gnu packages curl)
@@ -92,6 +94,7 @@
   #:use-module (gnu packages textutils)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages valgrind)
+  #:use-module (gnu packages web)
   #:use-module (gnu packages xml)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
@@ -2736,3 +2739,120 @@ Replay oplog entries between MongoDB servers
 Monitor read/write activity on a mongo server
 @end table")
     (license license:asl2.0)))
+
+(define-public apache-arrow
+  (package
+    (name "apache-arrow")
+    (version "0.7.0")
+    (source
+      (origin
+        (method git-fetch)
+        (uri (git-reference
+               (url "https://github.com/apache/arrow")
+               (commit (string-append "apache-arrow-" version))))
+        (file-name (git-file-name name version))
+        (sha256
+          (base32
+            "1x7sdd8lbs3nfqjql1pcgbkjc19bls56zmgjayshkmablvlc4dy3"))))
+    (build-system cmake-build-system)
+    (arguments
+     `(#:tests? #f
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'enter-source-directory
+           (lambda _ (chdir "cpp") #t))
+         (add-after 'unpack 'set-env
+           (lambda _
+             (setenv "BOOST_ROOT" (assoc-ref %build-inputs "boost"))
+             (setenv "BROTLI_HOME" (assoc-ref %build-inputs "brotli"))
+             (setenv "FLATBUFFERS_HOME" (assoc-ref %build-inputs "flatbuffers"))
+             (setenv "JEMALLOC_HOME" (assoc-ref %build-inputs "jemalloc"))
+             (setenv "RAPIDJSON_HOME" (assoc-ref %build-inputs "rapidjson"))
+             #t)))
+       #:configure-flags
+       (list "-DCMAKE_BUILD_TYPE=Release"
+             "-DARROW_PYTHON=ON"
+
+             ;; Install to PREFIX/lib (the default is
+             ;; PREFIX/lib64).
+             (string-append "-DCMAKE_INSTALL_LIBDIR="
+                            (assoc-ref %outputs "out")
+                            "/lib")
+
+             ;; XXX These Guix package offer static
+             ;; libraries that are not position independent,
+             ;; and ld fails to link them into the arrow .so
+             "-DARROW_WITH_SNAPPY=OFF"
+             "-DARROW_WITH_ZLIB=OFF"
+             "-DARROW_WITH_ZSTD=OFF"
+             "-DARROW_WITH_LZ4=OFF"
+
+             ;; Building the tests forces on all the
+             ;; optional features and the use of static
+             ;; libraries.
+             "-DARROW_BUILD_TESTS=OFF"
+             "-DARROW_BUILD_STATIC=OFF")))
+    (inputs
+     `(("boost" ,boost)
+       ("rapidjson" ,rapidjson)
+       ("brotli" ,google-brotli)
+       ("flatbuffers" ,flatbuffers)
+       ;; Arrow is not yet compatible with jemalloc >= 5:
+       ;; https://issues.apache.org/jira/browse/ARROW-1141
+       ("jemalloc" ,jemalloc-4.5.0)
+       ("python-3" ,python)
+       ("python-numpy" ,python-numpy)))
+    (home-page "https://arrow.apache.org/")
+    (synopsis "Columnar in-memory analytics")
+    (description "Apache Arrow is a columnar in-memory analytics layer
+designed to accelerate big data. It houses a set of canonical in-memory
+representations of flat and hierarchical data along with multiple
+language-bindings for structure manipulation. It also provides IPC and common
+algorithm implementations.")
+    (license license:asl2.0)))
+
+(define-public python-pyarrow
+  (package
+    (name "python-pyarrow")
+    (version "0.7.0")
+    (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/apache/arrow")
+             (commit (string-append "apache-arrow-" version))))
+       (file-name (git-file-name name version))
+       (sha256
+         (base32
+           "1x7sdd8lbs3nfqjql1pcgbkjc19bls56zmgjayshkmablvlc4dy3"))))
+    (build-system python-build-system)
+    (arguments
+     '(#:tests? #f ; XXX Test failures related to missing libhdfs, libhdfs3,
+                   ; and "Unsupported numpy type 22".
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'enter-source-directory
+           (lambda _ (chdir "python") #t))
+         (add-after 'unpack 'set-env
+           (lambda _
+             (setenv "ARROW_HOME" (assoc-ref %build-inputs "apache-arrow"))
+             #t)))))
+    (propagated-inputs
+     `(("apache-arrow" ,apache-arrow)
+       ("python-numpy" ,python-numpy)
+       ("python-pandas" ,python-pandas)
+       ("python-six" ,python-six)))
+    (native-inputs
+     `(("cmake" ,cmake)
+       ("python-cython" ,python-cython)
+       ("python-pytest" ,python-pytest)
+       ("python-setuptools-scm" ,python-setuptools-scm)))
+    (home-page "https://arrow.apache.org/docs/python/")
+    (synopsis "Python bindings for Apache Arrow")
+    (description "This library provides a Pythonic API wrapper for the reference
+Arrow C++ implementation, along with tools for interoperability with pandas,
+NumPy, and other traditional Python scientific computing packages.")
+    (license license:asl2.0)))
+
+(define-public python2-pyarrow
+  (package-with-python2 python-pyarrow))
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index a9b183c231..735b2af9b4 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -99,7 +99,7 @@ and BOOTP/TFTP for network booting of diskless machines.")
 (define-public isc-bind
   (package
     (name "bind")
-    (version "9.12.0")
+    (version "9.12.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -107,7 +107,7 @@ and BOOTP/TFTP for network booting of diskless machines.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "10iwkghl5g50b7wc17bsb9wa0dh2gd57bjlk6ynixhywz6dhx1r9"))))
+                "043mjcw405qa0ghm5dkhfsq35gsy279724fz3mjqpr1mbi14dr0n"))))
     (build-system gnu-build-system)
     (outputs `("out" "utils"))
     (inputs
@@ -149,7 +149,8 @@ and BOOTP/TFTP for network booting of diskless machines.")
          ;;          (system "bin/tests/system/ifconfig.sh up")))
          (replace 'check
            (lambda _
-             (zero? (system* "make" "force-test")))))))
+             (invoke "make" "force-test")
+             #t)))))
     (synopsis "An implementation of the Domain Name System")
     (description "BIND is an implementation of the @dfn{Domain Name System}
 (DNS) protocols for the Internet.  It is a reference implementation of those
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index 7a3e3cc257..b6fa661f0e 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -7369,3 +7369,48 @@ highlighting and indentation support.")
 @uref{https://www.terraform.io/, Terraform} configuration files.  Most of the
 functionality is inherited from @code{hcl-mode}.")
     (license license:gpl3+)))
+
+(define-public emacs-exec-path-from-shell
+  (package
+    (name "emacs-exec-path-from-shell")
+    (version "1.11")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://stable.melpa.org/packages/exec-path-from-shell-"
+             version ".el"))
+       (sha256
+        (base32
+         "03qjgb81cq1l3j54lvlf98r75vmmgd06mj6qh5wa6mz4xzp4w26r"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/purcell/exec-path-from-shell")
+    (synopsis "Get environment variables such as @var{PATH} from the shell")
+    (description
+     "This library allows the user to set Emacs @var{exec-path} and @var{PATH}
+from the shell @var{PATH}, so that @code{shell-command}, @code{compile} and
+the like work as expected on systems on which Emacs is not guaranteed to
+inherit a login shell's environment variables.  It also allows other
+environment variables to be retrieved from the shell, so that Emacs will see
+the same values you get in a terminal.")
+    (license license:gpl3+)))
+
+(define-public emacs-deft
+  (package
+    (name "emacs-deft")
+    (version "0.8")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://stable.melpa.org/packages/deft-"
+                           version ".el"))
+       (sha256
+        (base32
+         "1vb9cjxskc7c0yyf9pvxy1fzypg1vrcgwnjz0m3hslinsgdyig58"))))
+    (build-system emacs-build-system)
+    (home-page "https://jblevins.org/projects/deft/")
+    (synopsis "Quickly browse, filter, and edit plain text notes")
+    (description
+     "Deft is an Emacs mode for quickly browsing, filtering, and editing
+directories of plain text notes, inspired by Notational Velocity.")
+    (license license:bsd-3)))
diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index 36ff49a573..d2b456153e 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -1088,13 +1088,13 @@ update-desktop-database: updates the database containing a cache of MIME types
 (define-public xdg-user-dirs
   (package
     (name "xdg-user-dirs")
-    (version "0.16")
+    (version "0.17")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://user-dirs.freedesktop.org/releases/"
                                     name "-" version ".tar.gz"))
               (sha256
-               (base32 "1rp3c94hxjlfsryvwajklynfnrcvxplhwnjqc7395l89i0nb83vp"))))
+               (base32 "13216b8rfkzak5k6bvpx6jvqv3cnbgpijnjwj8a8d3kq4cl0a1ra"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("gettext" ,gettext-minimal)
diff --git a/gnu/packages/geo.scm b/gnu/packages/geo.scm
index 2c15fd5a59..9f31d90619 100644
--- a/gnu/packages/geo.scm
+++ b/gnu/packages/geo.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2018 Joshua Sierles, Nextjournal <joshua@nextjournal.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,6 +27,7 @@
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system python)
   #:use-module (guix build-system scons)
+  #:use-module (guix build-system r)
   #:use-module (guix download)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
@@ -35,6 +37,7 @@
   #:use-module (gnu packages compression)
   #:use-module (gnu packages databases)
   #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages cran)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages gtk)
@@ -42,6 +45,8 @@
   #:use-module (gnu packages icu4c)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
+  #:use-module (gnu packages statistics)
+  #:use-module (gnu packages web)
   #:use-module (gnu packages webkit)
   #:use-module (gnu packages wxwidgets)
   #:use-module (gnu packages xml))
@@ -491,3 +496,119 @@ development.")
  construct common SQL queries, or craft your own SQL queries.")
     (home-page "https://www.gaia-gis.it/fossil/spatialite_gui/index")
     (license license:gpl3+)))
+
+(define-public r-maps
+  (package
+   (name "r-maps")
+   (version "3.2.0")
+   (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "maps" version))
+       (sha256
+        (base32
+         "0577f3b5d3a7djl7r0miy9mzr6xq6jb32p8nyrma7m2azasbwyj3"))))
+   (build-system r-build-system)
+   (home-page "https://cran.r-project.org/web/packages/maps")
+   (synopsis "Draw geographical maps")
+   (description "This package provies an R module for display of maps.
+Projection code and larger maps are in separate packages ('mapproj' and
+'mapdata').")
+   (license license:gpl2)))
+
+(define-public r-mapproj
+  (package
+   (name "r-mapproj")
+   (version "1.2-5")
+   (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "mapproj" version))
+       (sha256
+        (base32
+         "0rjz37r4rizk2c6jaf54f0kfb60dqv6b262cnhiwjl55d4x6l0pk"))))
+   (build-system r-build-system)
+   (propagated-inputs `(("r-maps" ,r-maps)))
+   (home-page "https://cran.r-project.org/web/packages/mapproj")
+   (synopsis "Map projection in R")
+   (description "This package converts latitude/longitude into projected
+coordinates.")
+   (license (list license:gpl2 ; The R interface
+                  (license:non-copyleft ; The C code
+                    "https://www.gnu.org/licenses/license-list.en.html#lucent102"
+                    "Lucent Public License Version 1.02")))))
+
+(define-public r-rgooglemaps
+  (package
+   (name "r-rgooglemaps")
+   (version "1.4.1")
+   (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "RgoogleMaps" version))
+       (sha256
+        (base32
+         "0fsmlnhl4kw2j4972kfanzw9njhnzk695gsyw8g6yppsmz2clcaq"))))
+   (properties `((upstream-name . "RgoogleMaps")))
+   (build-system r-build-system)
+   (propagated-inputs `(("r-png" ,r-png)))
+   (home-page "https://cran.r-project.org/web/packages/RgoogleMaps")
+   (synopsis "Use Google Maps in R")
+   (description "This package serves two purposes: (i) Provide a comfortable R
+interface to query the Google server for static maps, and (ii) Use the map as a
+background image to overlay plots within R.  This requires proper coordinate
+scaling.")
+   (license license:gpl2+)))
+
+(define-public r-geosphere
+  (package
+   (name "r-geosphere")
+   (version "1.5-7")
+   (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "geosphere" version))
+       (sha256
+        (base32
+         "186qdm5niq7v3d4w4rngx71znsgi44hnam7698bsx9ar5mg5b6wx"))))
+   (build-system r-build-system)
+   (propagated-inputs `(("r-sp" ,r-sp)))
+   (home-page "https://cran.r-project.org/web/packages/geosphere")
+   (synopsis "Spherical trigonometry")
+   (description "This package computes spherical trigonometry for geographic
+applications.  That is, compute distances and related measures for angular
+(longitude/latitude) locations.")
+   (license license:gpl3+)))
+
+(define-public r-ggmap
+  (package
+   (name "r-ggmap")
+   (version "2.6.1")
+   (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "ggmap" version))
+       (sha256
+        (base32
+         "0mssb09w818jv58h7mly9y181pzv22sgcd4a079cfpq04bs0wigw"))))
+   (build-system r-build-system)
+   (propagated-inputs
+    `(("r-digest" ,r-digest)
+      ("r-geosphere" ,r-geosphere)
+      ("r-ggplot2" ,r-ggplot2)
+      ("r-jpeg" ,r-jpeg)
+      ("r-mapproj" ,r-mapproj)
+      ("r-plyr" ,r-plyr)
+      ("r-png" ,r-png)
+      ("r-proto" ,r-proto)
+      ("r-reshape2" ,r-reshape2)
+      ("r-rgooglemaps" ,r-rgooglemaps)
+      ("r-rjson" ,r-rjson)
+      ("r-scales" ,r-scales)))
+   (home-page "https://github.com/dkahle/ggmap")
+   (synopsis "Spatial visualization with ggplot2")
+   (description "This package provides a collection of functions to visualize
+spatial data and models on top of static maps from various online sources (e.g
+Google Maps and Stamen Maps).  It includes tools common to those tasks,
+including functions for geolocation and routing.")
+   (license license:gpl2)))
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index ebdb749824..cac6f42918 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -424,24 +424,32 @@ security standards.")
         (mozilla-patch "icecat-bug-1350152.patch"        "f822bda79c28" "1wf56169ca874shr6r7qx40s17h2gwj7ngmpyylrpmd1c6hipvsj")
         (mozilla-patch "icecat-bug-1411708.patch"        "34c968767eb7" "0l2jy201ikj3m3h66mvlsj4y0ki7cpm7x7nnfygbwnfxg42s1sip")
         (mozilla-patch "icecat-bug-1375217.patch"        "00fc630c9a46" "17pcprp452nslk6sac6sili0p74zh8w3g0v1wsdn0ikm9xmnphhv")
-        (mozilla-patch "icecat-bug-1261175.patch"        "f0ec180993d2" "0jiazxcwki83wr00fyh2g518ynsd33p7nk65zk4d1682gn22lc8v")
-        (mozilla-patch "icecat-bug-1433005.patch"        "a6a9e26688c1" "0cvizvilb4k422j2gzqcbakznvsffmk6n6xn1ayj5rgxfaizkkqk")
-        (mozilla-patch "icecat-bug-1434580.patch"        "198ad052621e" "1721zx8hifdlflrhvw6hmkdgjbvsmxl9n84iji5qywhlp2krdk9r")
+        (mozilla-patch "icecat-CVE-2018-5145.patch"      "f0ec180993d2" "0jiazxcwki83wr00fyh2g518ynsd33p7nk65zk4d1682gn22lc8v")
+        (mozilla-patch "icecat-CVE-2018-5130.patch"      "a6a9e26688c1" "0cvizvilb4k422j2gzqcbakznvsffmk6n6xn1ayj5rgxfaizkkqk")
+        (mozilla-patch "icecat-CVE-2018-5125-pt1.patch"  "198ad052621e" "1721zx8hifdlflrhvw6hmkdgjbvsmxl9n84iji5qywhlp2krdk9r")
         (mozilla-patch "icecat-bug-1426087.patch"        "391ea77ebfdb" "1fhkvd0z6mvdkj7m0d3jlj42rsdw5r4x122c1wb1i428228ifw6n")
         (mozilla-patch "icecat-bug-1416307.patch"        "54f2f7f93b30" "1ncjir16mqya37wgf6fy2rqki3vl433c4grjr3fypmlig6xfgg1l")
-        (mozilla-patch "icecat-bug-1430557.patch"        "2c4d7a59041b" "178c6gid89cvw52yqs43i6x6s5w0hslj0rfa2r8b4762ij3civ92")
-        (mozilla-patch "icecat-bug-1416529.patch"        "f87ef3774d5e" "0payf3az2w93nzl5qknqx290jbxk8v39rwhdgq7wyd5f245dywxk")
-        (mozilla-patch "icecat-bug-1324042.patch"        "ac743923f81d" "0msyr45xr1j5q4x6ah4r907pwjngyi0k6pp9y8ixk21cnwbzrdwx")
-        (mozilla-patch "icecat-bug-1428947.patch"        "456913d7e8b5" "0fx0s06kxxj7g4hllinaskgh41z3k48zml6yqqzxx485qk3hdh9x")
+        (mozilla-patch "icecat-CVE-2018-5127.patch"      "2c4d7a59041b" "178c6gid89cvw52yqs43i6x6s5w0hslj0rfa2r8b4762ij3civ92")
+        (mozilla-patch "icecat-CVE-2018-5125-pt2.patch"  "f87ef3774d5e" "0payf3az2w93nzl5qknqx290jbxk8v39rwhdgq7wyd5f245dywxk")
+        (mozilla-patch "icecat-CVE-2018-5125-pt3.patch"  "ac743923f81d" "0msyr45xr1j5q4x6ah4r907pwjngyi0k6pp9y8ixk21cnwbzrdwx")
+        (mozilla-patch "icecat-CVE-2018-5129.patch"      "456913d7e8b5" "0fx0s06kxxj7g4hllinaskgh41z3k48zml6yqqzxx485qk3hdh9x")
         (mozilla-patch "icecat-bug-1334465-pt1.patch"    "f95c5b881442" "0iaddhf65jd9cycj4bw0b207n2jiqkr4q84jifzyqn4ygs75wdqd")
         (mozilla-patch "icecat-bug-1334465-pt2.patch"    "8a4265c8fb41" "1d9zfdbrlw9wzr84b7pj7lxgy487lsx0kfd89287hjk0al8m6vrw")
         (mozilla-patch "icecat-bug-1398021.patch"        "28855df568d8" "1kmq836gniplxpjnvq8lhbcc1aqi56al628r1mzdy94b5yb0lis3")
         (mozilla-patch "icecat-bug-1388020.patch"        "e8ab2736499b" "0n28vcd65rxsyq3z22rfcfksryfndhm1i3g6ah3akg11jnagqf5v")
-        (mozilla-patch "icecat-bug-1437087.patch"        "014877bf17ea" "0hk90pnf7h7kvidji6ydvva1zpyraipn03pjhvprdqr7k2fqzmsz")
-        (mozilla-patch "icecat-bug-1437507.patch"        "5b3a5de48912" "1ifya05rcd34ryp9zawdacihhkkf2m0xn2q8m8c6v78bvxj0mgig")
-        (mozilla-patch "icecat-bug-1440926.patch"        "1df9b4404acd" "1sd59vsarfsbh3vlrzrqv6n1ni7vxdzm83j6s6g0fygl1h8kwijg")
+        (mozilla-patch "icecat-CVE-2018-5125-pt4.patch"  "014877bf17ea" "0hk90pnf7h7kvidji6ydvva1zpyraipn03pjhvprdqr7k2fqzmsz")
+        (mozilla-patch "icecat-CVE-2018-5125-pt5.patch"  "5b3a5de48912" "1ifya05rcd34ryp9zawdacihhkkf2m0xn2q8m8c6v78bvxj0mgig")
+        (mozilla-patch "icecat-CVE-2018-5144.patch"      "1df9b4404acd" "1sd59vsarfsbh3vlrzrqv6n1ni7vxdzm83j6s6g0fygl1h8kwijg")
         (mozilla-patch "icecat-bug-1430173-pt1.patch"    "9124c3972e2b" "13ns5yy39yzfx7lrkv4rgwdz6s6q0z4i09wkbxdvnkfsz17cd17i")
-        (mozilla-patch "icecat-bug-1430173-pt2.patch"    "9f6dc031be51" "0bv2p98z5ahp3x9wxnhwxn87g21djvzzp7jy55ik90hqixsbhwdl")))
+        (mozilla-patch "icecat-bug-1430173-pt2.patch"    "9f6dc031be51" "0bv2p98z5ahp3x9wxnhwxn87g21djvzzp7jy55ik90hqixsbhwdl")
+        (mozilla-patch "icecat-CVE-2018-5131.patch"      "3102fbb97b32" "0kg0183v92gxjb9255xjwhxyd6gl77l9c0civx3040k975fybwlp")
+        (mozilla-patch "icecat-CVE-2018-5125-pt6.patch"  "4904c0f4a645" "0lsq62ynksy1fbw0m87f1d741fyvrrp1vrznx5hx0l2p4g4frhv3")
+        (mozilla-patch "icecat-CVE-2018-5125-pt7.patch"  "16b8073d5c30" "1dv94qqah1wjd3bxjvrkmjbb2f95d3d11zpm8mggdk52il575bwl")
+        (mozilla-patch "icecat-bug-1442127-pt1.patch"    "f931f85b09da" "02s380w8a73g4w2wm810lbigh4z4rrlfy10ywwhv4lpkbk8xg7pr")
+        (mozilla-patch "icecat-bug-1442127-pt2.patch"    "da5792b70f30" "116k9qja5ir9b3laazasp43f5jx59qq72nknmq5bn5v1ixya9r4l")
+        (mozilla-patch "icecat-CVE-2018-5125-pt8.patch"  "62b831df8269" "109pn0hqn7s27580glv4z7qv1pmjzii9szvf3wkn97k5wybrzgkx")
+        (mozilla-patch "icecat-bug-1442504.patch"        "8954ce68a364" "0bl65zw82bwqg0mmcri94pxqq6ibff7y5rclkzapb081p6yvf73q")
+        (mozilla-patch "icecat-CVE-2018-5125-pt9.patch"  "8a16f439117c" "108iarql6z7h1r4rlzac6n6lrzs78x7kcdbfa0b5dbr5xc66jmgb")))
       (modules '((guix build utils)))
       (snippet
        '(begin
diff --git a/gnu/packages/graph.scm b/gnu/packages/graph.scm
index 19c9b2269b..6a5e0e753f 100644
--- a/gnu/packages/graph.scm
+++ b/gnu/packages/graph.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017, 2018 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2018 Joshua Sierles, Nextjournal <joshua@nextjournal.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -33,7 +34,10 @@
   #:use-module (gnu packages maths)
   #:use-module (gnu packages multiprecision)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages python-web)
   #:use-module (gnu packages statistics)
+  #:use-module (gnu packages time)
   #:use-module (gnu packages xml))
 
 (define-public igraph
@@ -199,3 +203,34 @@ objects from the @code{graph} package.")
 represented by horizontal lines, and edges are represented by vertical
 lines.")
       (license license:expat))))
+
+(define-public python-plotly
+  (package
+    (name "python-plotly")
+    (version "2.4.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (pypi-uri "plotly" version))
+        (sha256
+         (base32
+          "0n18116jz6bl5n9cq23vabv1gcbh1x3yficdnfq55v0z4cwy0zlf"))))
+    (build-system python-build-system)
+    (arguments
+     '(#:tests? #f)) ; The tests are not distributed in the release
+    (propagated-inputs
+     `(("python-decorator" ,python-decorator)
+       ("python-nbformat" ,python-nbformat)
+       ("python-pytz" ,python-pytz)
+       ("python-requests" ,python-requests)
+       ("python-six" ,python-six)))
+    (home-page "https://plot.ly/python/")
+    (synopsis "Interactive plotting library for Python")
+    (description "Plotly's Python graphing library makes interactive,
+publication-quality graphs online.  Examples of how to make line plots, scatter
+plots, area charts, bar charts, error bars, box plots, histograms, heatmaps,
+subplots, multiple-axes, polar charts, and bubble charts. ")
+    (license license:expat)))
+
+(define-public python2-plotly
+  (package-with-python2 python-plotly))
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index 6d3a4d5210..501ab1b860 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -392,7 +392,7 @@ printing and other features typical of a source code editor.")
 (define-public gtksourceview
  (package
    (name "gtksourceview")
-   (version "3.24.6")
+   (version "3.24.7")
    (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/" name "/"
@@ -400,7 +400,7 @@ printing and other features typical of a source code editor.")
                                  name "-" version ".tar.xz"))
              (sha256
               (base32
-               "1261fwjpwn3qizmvjns9z3k3a264j3ql5anyvmisfwywpkzbv9ks"))))
+               "1rp8zspwyw3mmdgccsas3pa6v7s0hqjaaglg6n4kcls7ccx0vhm5"))))
    (build-system gnu-build-system)
    (arguments
     '(#:phases
diff --git a/gnu/packages/idris.scm b/gnu/packages/idris.scm
index 6eb940c9d5..79f89d6f54 100644
--- a/gnu/packages/idris.scm
+++ b/gnu/packages/idris.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
 ;;; Copyright © 2016, 2017 David Craven <david@craven.ch>
+;;; Copyright © 2018 Alex ter Weele <alex.ter.weele@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -30,6 +31,52 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages))
 
+(define ghc-aeson-1.1.2.0
+  (package (inherit ghc-aeson)
+    (version "1.1.2.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://hackage.haskell.org/package/aeson/aeson-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "1zy5z8pzvh53qkjm0nm3f4rwqfqg3867ck8ncd6mrxpcyvxqqj1p"))))))
+
+(define ghc-trifecta-1.6.2.1
+  (package (inherit ghc-trifecta)
+    (version "1.6.2.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://hackage.haskell.org/package/trifecta/"
+             "trifecta-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1rgv62dlmm4vkdymx5rw5jg3w8ifpzg1745rvs1m4kzdx16p5cxs"))))))
+
+;; ghc-cheapskate appeared too new. This follows LTS Haskell.
+(define ghc-cheapskate-0.1.0.5
+  (package
+    (inherit ghc-cheapskate)
+    (version "0.1.0.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://hackage.haskell.org/package/cheapskate/cheapskate-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "0cpsmfx5z2xykg71sv8j7pl8ga6pzyjnjdb9bxn00vcpqkzvfqvs"))))
+    (arguments
+     ;; LTS Haskell says data-default >=0.5 && <0.8
+     `(#:configure-flags (list "--allow-newer=data-default")))))
+
 (define-public idris
   (package
     (name "idris")
@@ -46,15 +93,15 @@
     (inputs
      `(("gmp" ,gmp)
        ("ncurses" ,ncurses)
-       ("ghc-aeson" ,ghc-aeson)
-       ("ghc-async" ,ghc-async)
+       ("ghc-aeson" ,ghc-aeson-1.1.2.0)
        ("ghc-annotated-wl-pprint" ,ghc-annotated-wl-pprint)
        ("ghc-ansi-terminal" ,ghc-ansi-terminal)
        ("ghc-ansi-wl-pprint" ,ghc-ansi-wl-pprint)
+       ("ghc-async" ,ghc-async)
        ("ghc-base64-bytestring" ,ghc-base64-bytestring)
        ("ghc-blaze-html" ,ghc-blaze-html)
        ("ghc-blaze-markup" ,ghc-blaze-markup)
-       ("ghc-cheapskate" ,ghc-cheapskate)
+       ("ghc-cheapskate" ,ghc-cheapskate-0.1.0.5)
        ("ghc-code-page" ,ghc-code-page)
        ("ghc-fingertree" ,ghc-fingertree)
        ("ghc-fsnotify" ,ghc-fsnotify)
@@ -62,23 +109,18 @@
        ("ghc-mtl" ,ghc-mtl)
        ("ghc-network" ,ghc-network)
        ("ghc-optparse-applicative" ,ghc-optparse-applicative)
-       ("ghc-parsers" ,ghc-parsers)
        ("ghc-regex-tdfa" ,ghc-regex-tdfa)
        ("ghc-safe" ,ghc-safe)
        ("ghc-split" ,ghc-split)
-       ("ghc-tasty" ,ghc-tasty)
-       ("ghc-tasty-golden" ,ghc-tasty-golden)
-       ("ghc-tasty-rerun" ,ghc-tasty-rerun)
        ("ghc-terminal-size" ,ghc-terminal-size)
        ("ghc-text" ,ghc-text)
-       ("ghc-trifecta" ,ghc-trifecta)
+       ("ghc-trifecta" ,ghc-trifecta-1.6.2.1)
        ("ghc-uniplate" ,ghc-uniplate)
        ("ghc-unordered-containers" ,ghc-unordered-containers)
        ("ghc-utf8-string" ,ghc-utf8-string)
-       ("ghc-vector-binary-instances" ,ghc-vector-binary-instances)
        ("ghc-vector" ,ghc-vector)
-       ("ghc-zip-archive" ,ghc-zip-archive)
-       ("ghc-zlib" ,ghc-zlib)))
+       ("ghc-vector-binary-instances" ,ghc-vector-binary-instances)
+       ("ghc-zip-archive" ,ghc-zip-archive)))
     (arguments
      `(#:tests? #f ; FIXME: Test suite doesn't run in a sandbox.
        #:configure-flags
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index b576c508ec..caafb2ea70 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -16,6 +16,7 @@
 ;;; Copyright © 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2017 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
+;;; Copyright © 2018 Joshua Sierles, Nextjournal <joshua@nextjournal.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1293,3 +1294,23 @@ Features:
 @item Upload to Imgur.
 @end itemize\n")
     (license license:gpl3+)))
+
+(define-public r-jpeg
+  (package
+   (name "r-jpeg")
+   (version "0.1-8")
+   (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "jpeg" version))
+       (sha256
+        (base32
+         "05hawv5qcb82ljc1l2nchx1wah8mq2k2kfkhpzyww554ngzbwcnh"))))
+   (build-system r-build-system)
+   (inputs `(("libjpeg" ,libjpeg)))
+   (home-page "http://www.rforge.net/jpeg/")
+   (synopsis "Read and write JPEG images with R")
+   (description "This package provides a way to read, write and display bitmap
+images stored in the JPEG format with R.  It can read and write both files and
+in-memory raw vectors.")
+   (license license:gpl2+)))
diff --git a/gnu/packages/inkscape.scm b/gnu/packages/inkscape.scm
index 1e98369ea3..ffd5f60b38 100644
--- a/gnu/packages/inkscape.scm
+++ b/gnu/packages/inkscape.scm
@@ -68,6 +68,7 @@
        ("libgc" ,libgc)
        ("freetype" ,freetype)
        ("popt" ,popt)
+       ("potrace" ,potrace)
        ("python" ,python-2)
        ("lcms" ,lcms)
        ("boost" ,boost)))
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index ce9896bf9c..f94c384d7d 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -1077,7 +1077,7 @@ bootstrapping purposes.")
     (license license:gpl2+)))
 
 (define-public icedtea-7
-  (let* ((version "2.6.12")
+  (let* ((version "2.6.13")
          (drop (lambda (name hash)
                  (origin
                    (method url-fetch)
@@ -1095,7 +1095,7 @@ bootstrapping purposes.")
                       version ".tar.xz"))
                 (sha256
                  (base32
-                  "0s0zh0mj1sab99kb516lsgq3859vsc951phc565gwix4l5g9zppk"))
+                  "1w331rdqx1dcx2xb0fmjmrkdc71xqn20fxsgw8by4xhiblh88khh"))
                 (modules '((guix build utils)))
                 (snippet
                  '(begin
@@ -1507,25 +1507,25 @@ bootstrapping purposes.")
       (native-inputs
        `(("openjdk-src"
           ,(drop "openjdk"
-                 "15qf3nfidgnigh2zny6djfp8bhfwjnwk9i06mxs2jbq6na953ql2"))
+                 "0l34ikyf62hbzlf9032alzkkqvf7bpmckz4gvirvph755w7gka8l"))
          ("corba-drop"
           ,(drop "corba"
-                 "1phvn8fyl5mw2n2sn97f17nm442k75xsz2023bfw4h66ywzkqhqy"))
+                 "050gv2jbg1pi6qkn8w18bwpbklfa5b0kymjvan9pncddbj8m84fz"))
          ("jaxp-drop"
           ,(drop "jaxp"
-                 "0j4ms6lmnfa2cwfh9yfqdfg1bnn3fc40ay4x6k8zqa8yvspik5w5"))
+                 "1k6yldwnxfzdg5926r1nlfv8d1r1j7rlp2nkz6gqh05vgyamnfhl"))
          ("jaxws-drop"
           ,(drop "jaxws"
-                 "09sddj73k7n29s39hvdk14r130mvlknbxkpd2w58f34sq5sgpdrg"))
+                 "110j7jlz47x2gg6f7653x12mssan5kvj9l9h1m1c8c92drfxbqyk"))
          ("jdk-drop"
           ,(drop "jdk"
-                 "0q896zz8wyswmksy225q1k27nz3v3l27052dcvvpv20ryykz8yp7"))
+                 "0d1mca38ksxvdskp9im3pp7fdijhj1n3lwq9w13r9s4v3qyskgdd"))
          ("langtools-drop"
           ,(drop "langtools"
-                 "0niicyfccim4a9is4akh87jd7wbl8jrazdaab957mcv9l1x3bnqc"))
+                 "0nq5236fzxn3p6x8cgncl56mzcmsj07q9gymysnws4c8byc6n0qj"))
          ("hotspot-drop"
           ,(drop "hotspot"
-                 "1jw42qhbm3wfavk39304m53lmqipcllrvjqiab2f42mjs10i8gfx"))
+                 "17bdv39n4lh8l5737c96f3xgamx4y305m067p01cywgp7zaddqws"))
          ("ant" ,ant-bootstrap)
          ("attr" ,attr)
          ("coreutils" ,coreutils)
@@ -1575,7 +1575,7 @@ IcedTea build harness.")
       (license license:gpl2+))))
 
 (define-public icedtea-8
-  (let* ((version "3.6.0")
+  (let* ((version "3.7.0")
          (drop (lambda (name hash)
                  (origin
                    (method url-fetch)
@@ -1584,7 +1584,7 @@ IcedTea build harness.")
                          "/icedtea8/" version "/" name ".tar.xz"))
                    (sha256 (base32 hash))))))
     (package (inherit icedtea-7)
-      (version "3.6.0")
+      (version "3.7.0")
       (source (origin
                 (method url-fetch)
                 (uri (string-append
@@ -1592,7 +1592,7 @@ IcedTea build harness.")
                       version ".tar.xz"))
                 (sha256
                  (base32
-                  "0zj192zrrxqh6j1ywc3399gk2ycay9w8pvzcvvr2kvdkb37ak86h"))
+                  "09yqzn8rpccs7cyv89hhy5zlznpgqw5x3jz0w1ccp0cz1vgs8l5w"))
                 (modules '((guix build utils)))
                 (snippet
                  '(begin
@@ -1694,34 +1694,34 @@ new Date();"))
        `(("jdk" ,icedtea-7 "jdk")
          ("openjdk-src"
           ,(drop "openjdk"
-                 "0mqxh81kq05z4wydkik0yrr81ibf84xmwsdcw9n2gfrzs4f5jxnb"))
+                 "1mj6xgmw31i6qd30qi9dmv7160fbcfq5ikz1jwjihdg2793il19p"))
          ("aarch32-drop"
           ,(drop "aarch32"
-                 "0b207g2n6kn510zf5vwh58bsxgqrmkvrna4p20r74v9cwcwx83n2"))
+                 "1wb8k5zm40zld0986dvmlh5xh3gyixbg9h26sl662zy92amhmyyg"))
          ("corba-drop"
           ,(drop "corba"
-                 "0qinc1q4w01nkr9klhfyd8caxvyrrfxjrz32nd7kgyja2bj8x7dd"))
+                 "11ma4zz0599cy70xd219v7a8vin7p96xrhhz3wsaw6cjhkzpagah"))
          ("jaxp-drop"
           ,(drop "jaxp"
-                 "07azrp3g86vk2laybmr5xfn0yrljkxs0rlm1q48385br225bgdxi"))
+                 "14m1y0z0fbm5z5zjw3vnq85py8dma84bi3f9cw8rhdyc6skk8q4i"))
          ("jaxws-drop"
           ,(drop "jaxws"
-                 "018fd2hq57zp3pq06wlxy5pabqcyk36xi8hk0d6xk3a90wsjvyik"))
+                 "09andnm6xaasnp963hgx42yiflifiljp9z7z85jrfyc5z8a5whmf"))
          ("jdk-drop"
           ,(drop "jdk"
-                 "0vs488kq5j2cc6kplc78jbhfxwq4fn06l34xrbq4d6y17777arg8"))
+                 "0s6lcpc0zckz2fnq98aqf28nz9y3wbi41a3kyaqqa2abwbkm1zwl"))
          ("langtools-drop"
           ,(drop "langtools"
-                 "04f6d1wvck5jrpvrcw5gsbzxnihcry9zrf1v85czdm959q21zv9c"))
+                 "15wizy123vhk40chl1b4p552jf2pw2hdww0myf11qab425axz4nw"))
          ("hotspot-drop"
           ,(drop "hotspot"
-                 "1mfgpzyr6zzy9klf8nn3z6d41fydb9ghpfpqzjq3cl95axfbdl1g"))
+                 "1ciz1w9j0kz7s1dxdhyqq71nla9icyz6qvn0b9z2zgkklqa98qmm"))
          ("nashorn-drop"
           ,(drop "nashorn"
-                 "1a26cmzbs50gkh4rmmmxls7zljx62vfp1wq02gsfd5jqs4xvlibj"))
+                 "19pzl3ppaw8j6r5cnyp8qiw3hxijh3hdc46l39g5yfhdl4pr4hpa"))
          ("shenandoah-drop"
           ,(drop "shenandoah"
-                 "11hmn9mwmvryfddcanzx3qffjm8bbiv18nwv3iy9cswrvxjy010f"))
+                 "0k33anxdzw1icn072wynfmmdjhsv50hay0j1sfkfxny12rb3vgdy"))
          ,@(fold alist-delete (package-native-inputs icedtea-7)
                  '("jdk" "openjdk-src" "corba-drop" "jaxp-drop" "jaxws-drop"
                    "jdk-drop" "langtools-drop" "hotspot-drop")))))))
diff --git a/gnu/packages/language.scm b/gnu/packages/language.scm
index 237c4bc18d..cf85c510f1 100644
--- a/gnu/packages/language.scm
+++ b/gnu/packages/language.scm
@@ -98,7 +98,7 @@ converting a word to singular or plural.")
 (define-public perl-lingua-en-inflect-phrase
   (package
     (name "perl-lingua-en-inflect-phrase")
-    (version "0.18")
+    (version "0.20")
     (source
      (origin
        (method url-fetch)
@@ -106,7 +106,7 @@ converting a word to singular or plural.")
                            "Lingua-EN-Inflect-Phrase-" version ".tar.gz"))
        (sha256
         (base32
-         "19prg6pkgnznrc82ymdkdi3l9schg815axjig7adca5yqa7mn2i9"))))
+         "1a6y1l2pjim2242wcpgz066di4pbzfgsjjdl7vg5a5wzm48qj1am"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-nowarnings" ,perl-test-nowarnings)))
@@ -365,7 +365,7 @@ stemmer at http://snowball.sourceforge.net.")
 (define-public perl-string-toidentifier-en
   (package
     (name "perl-string-toidentifier-en")
-    (version "0.11")
+    (version "0.12")
     (source
      (origin
        (method url-fetch)
@@ -373,7 +373,7 @@ stemmer at http://snowball.sourceforge.net.")
                            "String-ToIdentifier-EN-" version ".tar.gz"))
        (sha256
         (base32
-         "1bawghkgkkx7j3avnrj5sg3vix1z5564ks6wf9az3jc2knh8s5nh"))))
+         "12nw7h2yiybhdw0vnnpc7bif8ylhsn6kqf6s39dsrf9h54iq9yrs"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-lingua-en-inflect-phrase" ,perl-lingua-en-inflect-phrase)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 8875e5d28f..d2fc387080 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -383,8 +383,8 @@ It has been modified to remove all non-free binary blobs.")
 ;; supports qemu "virt" machine and possibly a large number of ARM boards.
 ;; See : https://wiki.debian.org/DebianKernel/ARMMP.
 
-(define %linux-libre-version "4.15.9")
-(define %linux-libre-hash "13lcard7i6w2c1cf9rfhvmq79xk4qp2p1c1920mfi69l20yvm572")
+(define %linux-libre-version "4.15.10")
+(define %linux-libre-hash "10fp8jmy0fxq8l01m1nnagpq1hznl9jmhcwknk8izjmdcb5snq6c")
 
 (define-public linux-libre
   (make-linux-libre %linux-libre-version
@@ -392,8 +392,8 @@ It has been modified to remove all non-free binary blobs.")
                     %linux-compatible-systems
                     #:configuration-file kernel-config))
 
-(define %linux-libre-4.14-version "4.14.26")
-(define %linux-libre-4.14-hash "1m2zr17wpasg5riysbaa4g5i492jzr93py2jm088ki818s4a9cm3")
+(define %linux-libre-4.14-version "4.14.27")
+(define %linux-libre-4.14-hash "0mgkka9niyd0lj4qliy4v7jjh9lg1a5jwlv60yw7z0s4k7ajyyrp")
 
 (define-public linux-libre-4.14
   (make-linux-libre %linux-libre-4.14-version
@@ -556,7 +556,8 @@ providing the system administrator with some help in common tasks.")
               (sha256
                (base32
                 "04fzrnrr3pvqskvjn9f81y0knh0jvvqx4lmbz5pd4lfdm5pv2l8s"))
-              (patches (search-patches "util-linux-tests.patch"))
+              (patches (search-patches "util-linux-tests.patch"
+                                       "util-linux-CVE-2018-7738.patch"))
               (modules '((guix build utils)))
               (snippet
                ;; We take the 'logger' program from GNU Inetutils and 'kill'
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 0a2f266a7d..5e7d7b2bd3 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -23,6 +23,7 @@
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Dave Love <me@fx@gnu.org>
 ;;; Copyright © 2018 Jan Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2018 Joshua Sierles, Nextjournal <joshua@nextjournal.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1312,7 +1313,7 @@ can solve two kinds of problems:
 (define-public octave
   (package
     (name "octave")
-    (version "4.2.1")
+    (version "4.2.2")
     (source
      (origin
       (method url-fetch)
@@ -1320,7 +1321,7 @@ can solve two kinds of problems:
                           version ".tar.lz"))
       (sha256
        (base32
-        "09zhhch79jw3ynw39vizx0i2cbd2bjz3sp38pjdzraqrbivpwp92"))))
+        "0pkkz1vazsh7ipffb09q0nc2jgx6q27pkkngygjij6jrpcly5zsp"))))
     (build-system gnu-build-system)
     (inputs
      `(("lapack" ,lapack)
@@ -3769,3 +3770,54 @@ specifications.  Also, state spaces can be manipulated, visualised and
 analysed.")
     (home-page "http://mcrl2.org")
     (license license:boost1.0)))
+
+(define-public r-subplex
+  (package
+    (name "r-subplex")
+    (version "1.5-2")
+    (source
+    (origin
+      (method url-fetch)
+      (uri (cran-uri "subplex" version))
+      (sha256
+       (base32
+        "1v9xrnkapnq7v1jbhlg32ignklzf2vn8rqpayc8pzk8wvz53r33g"))))
+    (build-system r-build-system)
+    (native-inputs
+     `(("gfortran" ,gfortran)))
+    (home-page "https://cran.r-project.org/web/packages/subplex")
+    (synopsis "Unconstrained optimization using the subplex algorithm")
+    (description "This package implements the Subplex optimization algorithm.
+It solves unconstrained optimization problems using a simplex method on
+subspaces.  The method is well suited for optimizing objective functions that
+are noisy or are discontinuous at the solution.")
+    (license license:gpl3+)))
+
+(define-public r-desolve
+  (package
+    (name "r-desolve")
+    (version "1.20")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (cran-uri "deSolve" version))
+        (sha256
+         (base32
+          "18nx3maww979a8p8ly4hv63y65mnjx8vbj2fpipd6rhcbf1lbsan"))))
+    (properties `((upstream-name . "deSolve")))
+    (build-system r-build-system)
+    (native-inputs
+     `(("gfortran" ,gfortran)))
+    (home-page "https://desolve.r-forge.r-project.org/")
+    (synopsis "Solvers for initial value problems of differential equations")
+    (description "This package provides functions that solve initial
+value problems of a system of first-order ordinary differential equations (ODE),
+of partial differential equations (PDE), of differential algebraic equations
+(DAE), and of delay differential equations.  The functions provide an interface
+to the FORTRAN functions lsoda, lsodar, lsode, lsodes of the ODEPACK collection,
+to the FORTRAN functions dvode and daspk and a C-implementation of solvers of
+the Runge-Kutta family with fixed or variable time steps.  The package contains
+routines designed for solving ODEs resulting from 1-D, 2-D and 3-D partial
+differential equations (PDE) that have been converted to ODEs by numerical
+differencing.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index 9ed93cfd6d..6df889e315 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -875,10 +875,18 @@ instant messenger with audio and video chat capabilities.")
                (("__DATE__") "\"\"")
                (("__TIME__") "\"\"")
                (("TIMESTAMP") "\"\""))
-             #t)))))
+             #t))
+         ;; Ensure that icons are found at runtime.
+         (add-after 'install 'wrap-executable
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (wrap-program (string-append out "/bin/qtox")
+                 `("QT_PLUGIN_PATH" prefix
+                   ,(list (string-append (assoc-ref inputs "qtsvg")
+                                         "/lib/qt5/plugins/"))))))))))
     (inputs
      `(("ffmpeg" ,ffmpeg)
-       ("filteraudio", filteraudio)
+       ("filteraudio" ,filteraudio)
        ("glib" ,glib)
        ("gtk+" ,gtk+-2)
        ("libsodium" ,libsodium)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index d7e78cb630..c962a8d821 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -87,17 +87,22 @@
   #:use-module (gnu packages xml)
   #:use-module (ice-9 match))
 
+;; The gnu.org ‘home’ for this GNU project is a directory listing with 1.6.0 as
+;; the latest version.  The author's git repository, mentioned in the 1.6.0
+;; README and otherwise legit-looking, contains a proper 1.7.0 release tarball
+;; with many OUI updates.  Use it, even though it's also several years old now.
 (define-public macchanger
   (package
     (name "macchanger")
-    (version "1.6.0")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "mirror://gnu/"
-                                  name "/" name "-" version ".tar.gz"))
-              (sha256
-               (base32
-                "1xsiivjjyhqcs6dyjcshrnxlgypvyfzacjz7gcjgl88xiw9lylri"))))
+    (version "1.7.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/alobbs/macchanger/"
+                           "releases/download/" version "/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1gs5m0jxyprdp00w2qkbnaqm3ilkjz0q1gqdg4nzdm8g4xy73qns"))))
     (build-system gnu-build-system)
     (home-page "https://www.gnu.org/software/macchanger/")
     (synopsis "Viewing and manipulating MAC addresses of network interfaces")
diff --git a/gnu/packages/patches/shadow-CVE-2018-7169.patch b/gnu/packages/patches/shadow-CVE-2018-7169.patch
new file mode 100644
index 0000000000..eeae5b9b71
--- /dev/null
+++ b/gnu/packages/patches/shadow-CVE-2018-7169.patch
@@ -0,0 +1,191 @@
+Fix CVE-2018-7169:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169
+
+Patch copied from upstream source repository:
+
+https://github.com/shadow-maint/shadow/commit/fb28c99b8a66ff2605c5cb96abc0a4d975f92de0
+
+From fb28c99b8a66ff2605c5cb96abc0a4d975f92de0 Mon Sep 17 00:00:00 2001
+From: Aleksa Sarai <asarai@suse.de>
+Date: Thu, 15 Feb 2018 23:49:40 +1100
+Subject: [PATCH] newgidmap: enforce setgroups=deny if self-mapping a group
+
+This is necessary to match the kernel-side policy of "self-mapping in a
+user namespace is fine, but you cannot drop groups" -- a policy that was
+created in order to stop user namespaces from allowing trivial privilege
+escalation by dropping supplementary groups that were "blacklisted" from
+certain paths.
+
+This is the simplest fix for the underlying issue, and effectively makes
+it so that unless a user has a valid mapping set in /etc/subgid (which
+only administrators can modify) -- and they are currently trying to use
+that mapping -- then /proc/$pid/setgroups will be set to deny. This
+workaround is only partial, because ideally it should be possible to set
+an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow
+administrators to further restrict newgidmap(1).
+
+We also don't write anything in the "allow" case because "allow" is the
+default, and users may have already written "deny" even if they
+technically are allowed to use setgroups. And we don't write anything if
+the setgroups policy is already "deny".
+
+Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
+Fixes: CVE-2018-7169
+Reported-by: Craig Furman <craig.furman89@gmail.com>
+Signed-off-by: Aleksa Sarai <asarai@suse.de>
+---
+ src/newgidmap.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++------
+ 1 file changed, 80 insertions(+), 9 deletions(-)
+
+diff --git a/src/newgidmap.c b/src/newgidmap.c
+index b1e33513..59a2e75c 100644
+--- a/src/newgidmap.c
++++ b/src/newgidmap.c
+@@ -46,32 +46,37 @@
+  */
+ const char *Prog;
+ 
+-static bool verify_range(struct passwd *pw, struct map_range *range)
++
++static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups)
+ {
+ 	/* An empty range is invalid */
+ 	if (range->count == 0)
+ 		return false;
+ 
+-	/* Test /etc/subgid */
+-	if (have_sub_gids(pw->pw_name, range->lower, range->count))
++	/* Test /etc/subgid. If the mapping is valid then we allow setgroups. */
++	if (have_sub_gids(pw->pw_name, range->lower, range->count)) {
++		*allow_setgroups = true;
+ 		return true;
++	}
+ 
+-	/* Allow a process to map its own gid */
+-	if ((range->count == 1) && (pw->pw_gid == range->lower))
++	/* Allow a process to map its own gid. */
++	if ((range->count == 1) && (pw->pw_gid == range->lower)) {
++		/* noop -- if setgroups is enabled already we won't disable it. */
+ 		return true;
++	}
+ 
+ 	return false;
+ }
+ 
+ static void verify_ranges(struct passwd *pw, int ranges,
+-	struct map_range *mappings)
++	struct map_range *mappings, bool *allow_setgroups)
+ {
+ 	struct map_range *mapping;
+ 	int idx;
+ 
+ 	mapping = mappings;
+ 	for (idx = 0; idx < ranges; idx++, mapping++) {
+-		if (!verify_range(pw, mapping)) {
++		if (!verify_range(pw, mapping, allow_setgroups)) {
+ 			fprintf(stderr, _( "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"),
+ 				Prog,
+ 				mapping->upper,
+@@ -89,6 +94,70 @@ static void usage(void)
+ 	exit(EXIT_FAILURE);
+ }
+ 
++void write_setgroups(int proc_dir_fd, bool allow_setgroups)
++{
++	int setgroups_fd;
++	char *policy, policy_buffer[4096];
++
++	/*
++	 * Default is "deny", and any "allow" will out-rank a "deny". We don't
++	 * forcefully write an "allow" here because the process we are writing
++	 * mappings for may have already set themselves to "deny" (and "allow"
++	 * is the default anyway). So allow_setgroups == true is a noop.
++	 */
++	policy = "deny\n";
++	if (allow_setgroups)
++		return;
++
++	setgroups_fd = openat(proc_dir_fd, "setgroups", O_RDWR|O_CLOEXEC);
++	if (setgroups_fd < 0) {
++		/*
++		 * If it's an ENOENT then we are on too old a kernel for the setgroups
++		 * code to exist. Emit a warning and bail on this.
++		 */
++		if (ENOENT == errno) {
++			fprintf(stderr, _("%s: kernel doesn't support setgroups restrictions\n"), Prog);
++			goto out;
++		}
++		fprintf(stderr, _("%s: couldn't open process setgroups: %s\n"),
++			Prog,
++			strerror(errno));
++		exit(EXIT_FAILURE);
++	}
++
++	/*
++	 * Check whether the policy is already what we want. /proc/self/setgroups
++	 * is write-once, so attempting to write after it's already written to will
++	 * fail.
++	 */
++	if (read(setgroups_fd, policy_buffer, sizeof(policy_buffer)) < 0) {
++		fprintf(stderr, _("%s: failed to read setgroups: %s\n"),
++			Prog,
++			strerror(errno));
++		exit(EXIT_FAILURE);
++	}
++	if (!strncmp(policy_buffer, policy, strlen(policy)))
++		goto out;
++
++	/* Write the policy. */
++	if (lseek(setgroups_fd, 0, SEEK_SET) < 0) {
++		fprintf(stderr, _("%s: failed to seek setgroups: %s\n"),
++			Prog,
++			strerror(errno));
++		exit(EXIT_FAILURE);
++	}
++	if (dprintf(setgroups_fd, "%s", policy) < 0) {
++		fprintf(stderr, _("%s: failed to setgroups %s policy: %s\n"),
++			Prog,
++			policy,
++			strerror(errno));
++		exit(EXIT_FAILURE);
++	}
++
++out:
++	close(setgroups_fd);
++}
++
+ /*
+  * newgidmap - Set the gid_map for the specified process
+  */
+@@ -103,6 +172,7 @@ int main(int argc, char **argv)
+ 	struct stat st;
+ 	struct passwd *pw;
+ 	int written;
++	bool allow_setgroups = false;
+ 
+ 	Prog = Basename (argv[0]);
+ 
+@@ -145,7 +215,7 @@ int main(int argc, char **argv)
+ 				(unsigned long) getuid ()));
+ 		return EXIT_FAILURE;
+ 	}
+-	
++
+ 	/* Get the effective uid and effective gid of the target process */
+ 	if (fstat(proc_dir_fd, &st) < 0) {
+ 		fprintf(stderr, _("%s: Could not stat directory for target %u\n"),
+@@ -177,8 +247,9 @@ int main(int argc, char **argv)
+ 	if (!mappings)
+ 		usage();
+ 
+-	verify_ranges(pw, ranges, mappings);
++	verify_ranges(pw, ranges, mappings, &allow_setgroups);
+ 
++	write_setgroups(proc_dir_fd, allow_setgroups);
+ 	write_mapping(proc_dir_fd, ranges, mappings, "gid_map");
+ 	sub_gid_close();
+ 
+-- 
+2.16.2
+
diff --git a/gnu/packages/patches/util-linux-CVE-2018-7738.patch b/gnu/packages/patches/util-linux-CVE-2018-7738.patch
new file mode 100644
index 0000000000..080e2f56ba
--- /dev/null
+++ b/gnu/packages/patches/util-linux-CVE-2018-7738.patch
@@ -0,0 +1,49 @@
+Fix CVE-2018-7738:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738
+
+Patch copied from upstream source repository:
+
+https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55
+
+From 75f03badd7ed9f1dd951863d75e756883d3acc55 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 16 Nov 2017 16:27:32 +0100
+Subject: [PATCH] bash-completion: (umount) use findmnt, escape a space in
+ paths
+
+ # mount /dev/sdc1 /mnt/test/foo\ bar
+ # umount <tab>
+
+has to return "/mnt/test/foo\ bar".
+
+Changes:
+
+ * don't use mount | awk output, we have findmnt
+ * force compgen use \n as entries separator
+
+Addresses: https://github.com/karelzak/util-linux/issues/539
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ bash-completion/umount | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/bash-completion/umount b/bash-completion/umount
+index d76cb9fff..98c90d61a 100644
+--- a/bash-completion/umount
++++ b/bash-completion/umount
+@@ -40,9 +40,10 @@ _umount_module()
+ 			return 0
+ 			;;
+ 	esac
+-	local DEVS_MPOINTS
+-	DEVS_MPOINTS="$(mount | awk '{print $1, $3}')"
+-	COMPREPLY=( $(compgen -W "$DEVS_MPOINTS" -- $cur) )
+-	return 0
++
++	local oldifs=$IFS
++	IFS=$'\n'
++	COMPREPLY=( $( compgen -W '$(findmnt -lno TARGET | sed "s/\([[:blank:]]\)/\\\\\1/g")' -- "$cur" ) )
++	IFS=$oldifs
+ }
+ complete -F _umount_module umount
diff --git a/gnu/packages/python-web.scm b/gnu/packages/python-web.scm
index dce651246c..3b907cafcf 100644
--- a/gnu/packages/python-web.scm
+++ b/gnu/packages/python-web.scm
@@ -1693,14 +1693,14 @@ provide an easy-to-use Python interface for building OAuth1 and OAuth2 clients."
 (define-public python-betamax
   (package
     (name "python-betamax")
-    (version "0.8.0")
+    (version "0.8.1")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "betamax" version))
         (sha256
          (base32
-          "18f8v5gng3j773jlbbzx4rg1i4y2zw3m2l1zpmbvp8bh5a2q1i42"))))
+          "1hki1c2vs7adq7zr56wi6i5bhrkia4s2ywpv2c98ibnczz709w2v"))))
     (build-system python-build-system)
     (arguments
      '(;; Many tests fail because they require networking.
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index a8e266e90c..b57a861988 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -3873,6 +3873,7 @@ Python's distutils.")
        (uri (git-reference
              (url "https://github.com/dieterv/elib.intl.git")
              (commit "d09997cfef")))
+       (file-name (string-append name "-" version "-checkout"))
        (sha256
         (base32
          "0y7vzff9xgbnaay7m0va1arl6g68ncwrvbgwl7jqlclsahzzb09d"))))
diff --git a/gnu/packages/samba.scm b/gnu/packages/samba.scm
index d7ae5715ff..3b1c2d4885 100644
--- a/gnu/packages/samba.scm
+++ b/gnu/packages/samba.scm
@@ -50,14 +50,14 @@
 (define-public cifs-utils
   (package
     (name "cifs-utils")
-    (version "6.7")
+    (version "6.8")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://download.samba.org/pub/linux-cifs/"
                            name "/" name "-" version ".tar.bz2"))
        (sha256 (base32
-                "1ayghnkryy1n1zm5dyvyyr7n3807nsm6glfcbbki5c2a8w91dwmj"))))
+                "0ygz3pagjpaj5ky11hzh4byyymb7fpmqiqkprn11zwj31h2zdlg7"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("autoconf" ,autoconf)
diff --git a/gnu/packages/serialization.scm b/gnu/packages/serialization.scm
index dd6a13a4e3..8e6f5d94d9 100644
--- a/gnu/packages/serialization.scm
+++ b/gnu/packages/serialization.scm
@@ -9,6 +9,7 @@
 ;;; Copyright © 2017 Frederick M. Muriithi <fredmanglis@gmail.com>
 ;;; Copyright © 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Joshua Sierles, Nextjournal <joshua@nextjournal.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -32,17 +33,21 @@
   #:use-module (guix utils)
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system python)
+  #:use-module (guix build-system r)
   #:use-module (gnu packages)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages boost)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages cran)
+  #:use-module (gnu packages databases)
   #:use-module (gnu packages documentation)
   #:use-module (gnu packages lua)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
   #:use-module (gnu packages perl)
-  #:use-module (guix build-system python))
+  #:use-module (gnu packages statistics))
 
 (define-public cereal
   (package
@@ -411,3 +416,74 @@ JSON's ability, but serializes to a binary format which is smaller and faster
 to generate and parse.  The two primary functions are @code{cbor.loads} and
 @code{cbor.dumps}.")
     (license license:asl2.0)))
+
+(define-public flatbuffers
+  (package
+    (name "flatbuffers")
+    (version "1.8.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://github.com/google/flatbuffers/archive/v"
+                            version ".tar.gz"))
+        (sha256
+         (base32
+          "0blc978wc5h91662vai24xj92c3bx56y6hzid90qva7il302jl64"))))
+    (build-system cmake-build-system)
+    (arguments
+     '(#:configure-flags
+       (list (string-append "-DCMAKE_INSTALL_LIBDIR="
+                            (assoc-ref %outputs "out") "/lib")
+             "-DCMAKE_BUILD_TYPE=Release")))
+    (home-page "https://google.github.io/flatbuffers/")
+    (synopsis "Memory-efficient serialization library")
+    (description "FlatBuffers is a cross platform serialization library for C++,
+C#, C, Go, Java, JavaScript, PHP, and Python.  It was originally created for
+game development and other performance-critical applications.")
+    (license license:asl2.0)))
+
+(define-public r-feather
+  (package
+    (name "r-feather")
+    (version "0.3.1")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (cran-uri "feather" version))
+        (sha256
+         (base32
+          "1q6dbkfnkpnabq8lb6bm9ma44cfcghx2lm23pyk3vg7943wrn1pi"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-hms" ,r-hms)
+       ("r-rcpp" ,r-rcpp)
+       ("r-tibble" ,r-tibble)))
+    (home-page "https://github.com/wesm/feather")
+    (synopsis "R Bindings to the Feather API")
+    (description "Read and write feather files, a lightweight binary columnar
+daa store designed for maximum speed.")
+    (license license:asl2.0)))
+
+(define-public python-feather-format
+  (package
+    (name "python-feather-format")
+    (version "0.4.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (pypi-uri "feather-format" version))
+        (sha256
+         (base32
+          "1adivm5w5ji4qv7hq7942vqlk8l2wgw87bdlsia771z14z3zp857"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-pandas" ,python-pandas)
+       ("python-pyarrow" ,python-pyarrow)))
+    (home-page "https://github.com/wesm/feather")
+    (synopsis "Python wrapper to the Feather file format")
+    (description "This package provides a Python wrapper library to the
+Apache Arrow-based Feather binary columnar serialization data frame format.")
+    (license license:asl2.0)))
+
+(define-public python2-feather-format
+  (package-with-python2 python-feather-format))
diff --git a/gnu/packages/suckless.scm b/gnu/packages/suckless.scm
index c343b42274..eadc8409c2 100644
--- a/gnu/packages/suckless.scm
+++ b/gnu/packages/suckless.scm
@@ -138,14 +138,14 @@ optimising the environment for the application in use and the task performed.")
 (define-public dmenu
   (package
     (name "dmenu")
-    (version "4.7")
+    (version "4.8")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://dl.suckless.org/tools/dmenu-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1fgph549i0yw62x02jhfc8qmqk2rnzcnm46bxq6jig1cvkw3amm7"))))
+                "0qfvfrj10xlwd9hkvb57wshryan65bl6423h0qhiw1h76rf5lqgy"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f ; no tests
diff --git a/gnu/packages/tex.scm b/gnu/packages/tex.scm
index 05a7cd834b..30033e1041 100644
--- a/gnu/packages/tex.scm
+++ b/gnu/packages/tex.scm
@@ -1037,6 +1037,7 @@ contain.")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "filecontents"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "0swkbxv8vg0yizadfnvrwjb4cj0pn34v9wm6v7wqq903fdav7k7q"))))
@@ -1061,6 +1062,7 @@ overwrite existing files and letting you use @code{filecontents} /
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "generic" "ifxetex"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "0w2xj7n0szavj329kds09q626szkc378p3w0sk022q0ln4ksz86d"))))
@@ -1089,6 +1091,7 @@ requires the e-TeX extensions to the TeX primitive set.")
                                         %texlive-tag "/Master/texmf-dist/"
                                         "/tex/generic/epsf"))
                     (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "14w3j81ympyvg8hkk9i1xgr8a0gfnfsb2ki8qqsk5pa051za1xcy"))))
@@ -1121,6 +1124,7 @@ users, via its Plain TeX version.)")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "fancyvrb"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "03l7140y031rr14h02i4z9zqsfvrbn7wzwxbjsrjcgrk6sdr71wv"))))
@@ -1148,6 +1152,7 @@ verbatim source).")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "graphics"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "07azyn0b1s49vbdlr6dmygrminxp72ndl24j1091hiiccvrjq3xc"))))
@@ -1180,6 +1185,9 @@ verbatim source).")
            (uri (git-reference
                  (url "https://github.com/latex3/graphics-cfg.git")
                  (commit "19d1238af17df376cd46333b229579b0f7f3a41f")))
+           (file-name (string-append "graphics-cfg-"
+                                     (number->string %texlive-revision)
+                                     "-checkout"))
            (sha256
             (base32
              "12kbgbm52gmmgn8zajb74s8n5rvnxcfdvs3iyj8vcw5vrsw5i6mh"))))
@@ -1191,6 +1199,9 @@ verbatim source).")
                                      %texlive-tag "/Master/texmf-dist/"
                                      "/tex/latex/graphics-def"))
                  (revision %texlive-revision)))
+           (file-name (string-append "graphics-def-"
+                                     (number->string %texlive-revision)
+                                     "-checkout"))
            (sha256
             (base32
              "0gi4qv6378nl84s8n1yx3hjqvv7r4lza7hpbymbl5rzwgw8qrnyb"))))))
@@ -1212,6 +1223,7 @@ keyval, and lscape.")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "xcolor"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "01n613s7bcrd2n4jfawm0k4nn2ny3aaifp2jjfif3lz4sbv31494"))))
@@ -1265,6 +1277,7 @@ pdf and HTML backends.  The package is distributed with the @code{backref} and
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "oberdiek"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "0aswvsxgsn709xmvpcg50d2xl7vcy1ckdxb9c1cligqqfjjvviqf"))))
@@ -1295,6 +1308,7 @@ arrows; record information about document class(es) used; and many more.")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "tools"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "052a0pch2k5zls5jlay9xxcf93rw3i60a2x28y3ip3rhbsv3xgiz"))))
@@ -1324,6 +1338,7 @@ xr, and xspace.")
                                         %texlive-tag "/Master/texmf-dist/"
                                         "/tex/latex/url"))
                     (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "184s2543cwia5l7iibhlkl1ffbncfhjpv5p56zq0c15by5sghlac"))))
@@ -1359,6 +1374,7 @@ of file names.")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "l3kernel"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "0r0wfk594j8wkdqhh21haimwsfq8x5jch4ldm21hkzk5dnmvpbg6"))))
@@ -1382,6 +1398,7 @@ that the LaTeX3 conventions can be used with regular LaTeX 2e packages.")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "l3packages"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "16jplkvzdysfssijq9l051nsks65c2nrarsl17k8gjhc28yznj8y"))))
@@ -1429,6 +1446,7 @@ programming tools and kernel sup­port.  Packages provided in this release are:
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "fontspec"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "1rx43y5xmjqvc27pjdnmqwp4pcw3czcfd6nfpmzc1gnqfl1hlc0q"))))
@@ -1459,6 +1477,7 @@ the l3kernel and xparse bundles from the LaTeX 3 development team.")
               (uri (string-append "https://github.com/lualatex/lualibs/"
                                   "releases/download/v"
                                   version "/lualibs.zip"))
+              (file-name (string-append name "-" version ".zip"))
               (sha256
                (base32
                 "1xx9blvrmx9hyhrl345lpai9m6xxnw997261a1ahn1bm5r2j5fqy"))))
@@ -1491,6 +1510,7 @@ this bundle for use independent of ConTeXt.")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "amsmath"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "178ywjpdlv78qmfzqdyn6gy14620zjsn2q9wap76fbr9s4hw6dba"))))
@@ -1519,6 +1539,7 @@ definitions.")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "amscls"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "0jmcr37mcdi7drczppvr6lmz5d5yd9m67ii79gp2nglg1xpw934j"))))
@@ -1542,6 +1563,7 @@ distribution.")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "babel"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "1n3i5adsyy7jw0imnzrm2i8wkf73i3mjk9h3ic8cb9cd19i4r9r3"))))
@@ -1598,6 +1620,7 @@ for Canadian and USA text.")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "cyrillic"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "1mdhl35hwas68ki56qqngzar37dwv4mm64l2canihr255bz34lbv"))))
@@ -1620,6 +1643,7 @@ language that is written in a Cyrillic alphabet.")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "psnfss"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "1920dcq8613yzprasbg80fh4fcjcidvvl54wkx438nimyxcri7qz"))))
@@ -1963,6 +1987,7 @@ without affecting the structure of the list (this works for @code{itemize} and
                                         %texlive-tag "/Master/texmf-dist/"
                                         "/tex/latex/filemod"))
                     (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "0vpxilfw69xv78f03g0j0zw0bw4qcn36whqp8phcq48qk1ax2kr2"))))
@@ -2022,6 +2047,7 @@ classes of systems.")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "natbib"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "0aqliq0nwblxyrzhwhv77pnmk7qh2y3prgq7z7qhwcbgz5kisld7"))))
@@ -2109,6 +2135,7 @@ re-processing.")
                                         %texlive-tag "/Master/texmf-dist/"
                                         "/tex/latex/seminar"))
                     (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "0y4i651b75y6006n03x8n86bsqvjsailvvz9bhzy51dzsznqidq0"))))
@@ -2132,6 +2159,7 @@ recent classes such as powerdot or beamer, both of which are tuned to
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "trimspaces"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "0da00lb32am4g63mn96625wg48p3pj3spx79lajrk17d549apwqa"))))
@@ -2479,6 +2507,7 @@ situations where longtable has problems.")
                                         %texlive-tag "/Master/texmf-dist/"
                                         "/tex/texinfo"))
                     (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "09zj2w3lx0y6i2syfjjgizahf86z301dw8p37ln6syfhqhzqdz46"))))
@@ -2542,6 +2571,7 @@ does not affect @code{\\tt}, @code{\\texttt}, etc.")
                                         %texlive-tag "/Master/texmf-dist/"
                                         "/tex/latex/anysize"))
                     (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "19khwqjlvznc955sijhww3c4zbb0053rvzwv9nz738qknq7y18vb"))))
@@ -2571,6 +2601,7 @@ considered obsolete; alternatives are the @code{typearea} package from the
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "appendix"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "0rxfpr8vq3brwx5rc7qn91ixlp9zva4zrms8a579fqa1g5yva7vg"))))
@@ -2593,6 +2624,7 @@ command.")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "changebar"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "1ik4m8pzfsn1grlda6fniqqfwmgj7rfxwg63jdw0p0qv002vc7ik"))))
@@ -2649,6 +2681,7 @@ copy-and-paste functions work properly.")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "colortbl"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "190pmq8la2rq07xry8bn8z8yywzxv6fqyqaj7yjfj5rgw6x0mas8"))))
@@ -2672,6 +2705,7 @@ tables to be coloured.")
                                         %texlive-tag "/Master/texmf-dist/"
                                         "/tex/latex/fancybox"))
                     (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "0smmnaad2q8qwicay1frri990lv65l0k8cwzsvdsyp3jk8kp042w"))))
@@ -2706,6 +2740,7 @@ floats, center, flushleft, and flushright, lists, and pages.")
                                         %texlive-tag "/Master/texmf-dist/"
                                         "/tex/latex/fancyhdr"))
                     (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "04h430agf8aj7ziwyb46xpk95c605rjk1wzhr63m6ylipihidlgw"))))
@@ -2735,6 +2770,7 @@ would automatically change the heading style in use).")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "float"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "0nbl7wylkv22fcdv4p8byhhj575fli6jnqjpkhrkbv8dzwah84nq"))))
@@ -2758,6 +2794,7 @@ with @code{\\floatplacement{figure}{H}}.")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "footmisc"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "03x61wwql8nh6zrqiiiq3rb0x7m3pn48c606zapy19y21fybwdxs"))))
@@ -2781,6 +2818,7 @@ footnotes with symbols rather than numbers.")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "listings"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "1nsn9wp3wl12b36c0sqrim33lf33cr5wky0h4ncnw8lvqgm7h8wf"))))
@@ -2808,6 +2846,7 @@ styles.  Support for @code{hyperref} is provided.")
                                         %texlive-tag "/Master/texmf-dist/"
                                         "/tex/latex/jknapltx"))
                     (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "0m034x72f2g07icr50gacyxfb9g1lz2rmqh4kqr1qjb421x2kds9"))))
@@ -2846,6 +2885,7 @@ in SGML; use maths minus in text as appropriate; simple Young tableaux.")
                                         %texlive-tag "/Master/texmf-dist/"
                                         "/fonts/source/jknappen/ec/"))
                     (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "12av65fbz9xiashm09c9m1fj1mijxls5xspd7652ry1n5s0nixy4"))))
@@ -2873,13 +2913,13 @@ in SGML; use maths minus in text as appropriate; simple Young tableaux.")
              (mkdir "build")
              (every (lambda (font)
                       (format #t "building font ~a\n" font)
-                      (zero? (system* "mf" "-progname=mf"
-                                      "-output-directory=build"
-                                      (string-append "\\"
-                                                     "mode:=ljfour; "
-                                                     "mag:=1; "
-                                                     "batchmode; "
-                                                     "input " (basename font ".mf")))))
+                      (invoke "mf" "-progname=mf"
+                              "-output-directory=build"
+                              (string-append "\\"
+                                             "mode:=ljfour; "
+                                             "mag:=1; "
+                                             "batchmode; "
+                                             "input " (basename font ".mf"))))
                     (find-files "." "[0-9]+\\.mf$"))))
          (replace 'install
            (lambda* (#:key outputs #:allow-other-keys)
@@ -2927,6 +2967,7 @@ texlive-2017.1/Master/texmf-dist/doc/fonts/ec/copyrite.txt"))))
                                         %texlive-tag "/Master/texmf-dist/"
                                         "/fonts/source/public/rsfs/"))
                     (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "0r12pn02r4a955prcvq0048nifh86ihlcgvw3pppqqvfngv34l5h"))))
@@ -2954,13 +2995,13 @@ texlive-2017.1/Master/texmf-dist/doc/fonts/ec/copyrite.txt"))))
              (mkdir "build")
              (every (lambda (font)
                       (format #t "building font ~a\n" font)
-                      (zero? (system* "mf" "-progname=mf"
-                                      "-output-directory=build"
-                                      (string-append "\\"
-                                                     "mode:=ljfour; "
-                                                     "mag:=1; "
-                                                     "batchmode; "
-                                                     "input " (basename font ".mf")))))
+                      (invoke "mf" "-progname=mf"
+                              "-output-directory=build"
+                              (string-append "\\"
+                                             "mode:=ljfour; "
+                                             "mag:=1; "
+                                             "batchmode; "
+                                             "input " (basename font ".mf"))))
                     (find-files "." "[0-9]+\\.mf$"))))
          (replace 'install
            (lambda* (#:key outputs #:allow-other-keys)
@@ -2996,6 +3037,7 @@ one of the packages @code{calrsfs} and @code{mathrsfs}.")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "eso-pic"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "1xvmms28mvvfpks9x7lfya2xhh5k8jy3qnlih1mzcnf156xnb89z"))))
@@ -3020,6 +3062,7 @@ routine, which may be used to place the output at fixed positions.  The
                                         %texlive-tag "/Master/texmf-dist/"
                                         "/tex/latex/eepic"))
                     (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "1c68gvh021pvybg07apsd2xhq2ljbg80kq94wh71drdga3c2zqjw"))))
@@ -3088,6 +3131,7 @@ in the form @code{key=value} are available, for example:
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "multirow"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "0qlxy47f1f8plgch3jqfsnrdgpyz20sz46yp33i2jwvf9hvfczf0"))))
@@ -3112,6 +3156,7 @@ entry at the \"natural\" width of its text.")
                                         %texlive-tag "/Master/texmf-dist/"
                                         "/tex/latex/overpic"))
                     (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "0m29q9qdb00558b7g2i7iw6w62n5s46yx81j8m99qkv77magk4fm"))))
@@ -3177,6 +3222,7 @@ designed class) helps alleviate this untidiness.")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "pdfpages"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "06p5smfq66559ppdnmkl3hp8534x84ywbscimsiir4gllpya3i9h"))))
@@ -3200,6 +3246,7 @@ use this package to insert PostScript files, in addition to PDF files.")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "fonts" "stmaryrd"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "08pn4ca3vl6qm9l3wm5h5iyjsrg411kkm1yana329xwg2j14s9n6"))))
@@ -3232,6 +3279,7 @@ the whole font.")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "subfigure"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "15spcl5wb7w269qd6y596vp4yi8sa5ppcx8w4z2i9kyp02r3a0yb"))))
@@ -3287,6 +3335,7 @@ according to the natural width of the widest cell in the column.")
                                         %texlive-tag "/Master/texmf-dist/"
                                         "/tex/latex/threeparttable"))
                     (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "10vy9k150w2lviw8h22s2mcykff38xci653m5823s2vv44pwbmzq"))))
@@ -3494,6 +3543,7 @@ of ink traps which typify the Kurier font.")
                                         %texlive-tag "/Master/texmf-dist/"
                                         "/tex/latex/titlesec"))
                     (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "04nmkhqx6jxcxx9a30zbcd5smxi5fd0cbp132bki7fnvhspnhg21"))))
@@ -3554,6 +3604,7 @@ now contains a package @code{fix-cm},f which performs the task of
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "lh"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "00gdiwh3sfhh1iimjhpja7lm7k4vzqzql2irgwnpz94qvh25zwi5"))))
@@ -3584,6 +3635,7 @@ OT2 encoded fonts, CM bright shaped fonts and Concrete shaped fonts.")
                                         %texlive-tag "/Master/texmf-dist/"
                                         "/metapost"))
                     (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "03nvjddffiz796wll6axzmgfvynyciy2mqamv20qx252w71vwkwd"))))
@@ -3667,6 +3719,7 @@ get a narrower “natural” width.")
     (source (origin
               (method svn-fetch)
               (uri (texlive-ref "latex" "wasysym"))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "1sgwbfwjjf70g54hh93gsd9jp9nm67w6n74x9d72a56n07jbk5hv"))))
@@ -3821,6 +3874,7 @@ e-TeX.")
                                         %texlive-tag "/Master/texmf-dist/"
                                         "/tex/generic/pdftex"))
                     (revision %texlive-revision)))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "0k68zmqzs4qvrqxdwsrawbjb14hxqjfamq649azvai0jjxdpkljd"))))
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 227a71225c..6b1005c2f8 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -500,13 +500,13 @@ netcat implementation that supports TLS.")
   (package
     (name "python-acme")
     ;; Remember to update the hash of certbot when updating python-acme.
-    (version "0.21.1")
+    (version "0.22.0")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "acme" version))
               (sha256
                (base32
-                "02x6f37ddldaxrxzh2wjw8wmzqchxb7gl5i4i4daysas9yzqlvi9"))))
+                "1s2zamyb99zdyga3c75xxgnj0z2hixw8wv24v1l4p49fncnxab2a"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -555,7 +555,7 @@ netcat implementation that supports TLS.")
               (uri (pypi-uri name version))
               (sha256
                (base32
-                "1sn4wqkp6kjj9p8maf4jnjwwvb083hgakm9i10rk9273nnqfkj76"))))
+                "1cyb3lhxrw7ghyhrl2wc95vqhdaxz6n4pai66c573gcly7c7sc7f"))))
     (build-system python-build-system)
     (arguments
      `(,@(substitute-keyword-arguments (package-arguments python-acme)
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index f900eeeb6f..ffc5f33e7b 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -1276,7 +1276,7 @@ other site that youtube-dl supports.")
 (define-public you-get
   (package
     (name "you-get")
-    (version "0.4.1025")
+    (version "0.4.1040")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1285,7 +1285,7 @@ other site that youtube-dl supports.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "10103jw1gzar85jlajzl9wslk08vw21n26hkhfcz5bvkm9lxxs2c"))))
+                "0257p9bn426rv0cjk2j5hsx6cg7dz5gpjwlqq0sy1axa47phis46"))))
     (build-system python-build-system)
     (inputs
      `(("ffmpeg" ,ffmpeg)))             ; for multi-part and >=1080p videos
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index 340221640c..df049e15a3 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015, 2016, 2017, 2018 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -54,14 +55,14 @@
 (define-public webkitgtk
   (package
     (name "webkitgtk")
-    (version "2.18.6")
+    (version "2.20.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.webkitgtk.org/releases/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0g5cpdijjv5hlrbi4i4dh97yrh5apnyvm90wpr9f84hgyk12r4ck"))))
+                "0g0an3pc2yz13gzpaysfgch2yp510gw1qcpk0xr8m6mx43vl1xjp"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f ; no tests
@@ -79,7 +80,12 @@
                           ;; included.  More investigation is needed.  For
                           ;; now, we explicitly disable it to prevent an error
                           ;; at configuration time.
-                          "-DUSE_GSTREAMER_GL=OFF")
+                          "-DUSE_GSTREAMER_GL=OFF"
+
+                          ;; XXX Disable WOFF2 ‘web fonts’.  These were never
+                          ;; supported in our previous builds.  Enabling them
+                          ;; requires building libwoff2 and possibly woff2dec.
+                          "-DUSE_WOFF2=OFF")
        #:phases
        (modify-phases %standard-phases
          (add-after
@@ -130,7 +136,7 @@
        ("libxt" ,libxt)
        ("mesa" ,mesa)
        ("sqlite" ,sqlite)))
-    (home-page "http://www.webkitgtk.org/")
+    (home-page "https://www.webkitgtk.org/")
     (synopsis "Web content engine for GTK+")
     (description
      "WebKitGTK+ is a full-featured port of the WebKit rendering engine,
diff --git a/gnu/packages/xiph.scm b/gnu/packages/xiph.scm
index a8e7833990..2e922d2a95 100644
--- a/gnu/packages/xiph.scm
+++ b/gnu/packages/xiph.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
 ;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -81,6 +81,7 @@ periodic timestamps for seeking.")
   (package
    (name "libvorbis")
    (version "1.3.5")
+   (replacement libvorbis-1.3.6)
    (source (origin
             (method url-fetch)
             (uri (string-append "http://downloads.xiph.org/releases/vorbis/"
@@ -105,6 +106,18 @@ polyphonic) audio and music at fixed and variable bitrates from 16 to
                                "See COPYING in the distribution."))
    (home-page "https://xiph.org/vorbis/")))
 
+;; For CVE-2018-5146.
+(define-public libvorbis-1.3.6
+  (package/inherit libvorbis
+    (version "1.3.6")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://downloads.xiph.org/releases/vorbis/"
+                                  "libvorbis-" version ".tar.xz"))
+              (sha256
+               (base32
+                "05dlzjkdpv46zb837wysxqyn8l636x3dw8v8ymlrwz2fg1dbn05g"))))))
+
 (define libtheora
   (package
     (name "libtheora")